From 336cfcca3a2cd4c85485e6f33eb17bf9863058ac Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Tue, 11 Oct 2022 13:00:08 +0200 Subject: [PATCH] Update to 2022-10-11 13:00 --- roles/consul_template/defaults/main.yml | 4 ++-- roles/nomad/defaults/main.yml | 12 ++++++++++-- roles/nomad/files/50-nomad-promisc | 11 +++++++++++ roles/nomad/tasks/install.yml | 4 ++++ roles/nomad/templates/nomad.hcl.j2 | 5 +++++ 5 files changed, 32 insertions(+), 4 deletions(-) create mode 100644 roles/nomad/files/50-nomad-promisc diff --git a/roles/consul_template/defaults/main.yml b/roles/consul_template/defaults/main.yml index b55962b..d617759 100644 --- a/roles/consul_template/defaults/main.yml +++ b/roles/consul_template/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version of consul-template to install -consul_tpl_version: 0.29.2 +consul_tpl_version: 0.29.5 # URL of the archive consul_tpl_archive_url: https://releases.hashicorp.com/consul-template/{{ consul_tpl_version }}/consul-template_{{ consul_tpl_version }}_linux_amd64.zip # Expected sha256 of the archive -consul_tpl_archive_sha256: 88d57a227967da2f7c14f702245adcf30d80ec59354ed43c8778eb7296c9d4db +consul_tpl_archive_sha256: 24aa8c67a2ac95c03524d62dd0e1815359e8c9689324b48e9c75ed2b6e25a5c8 # Root dir where consul-template will be installed consul_tpl_root_dir: /opt/consul_template diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml index 79bd37f..9b22fa0 100644 --- a/roles/nomad/defaults/main.yml +++ b/roles/nomad/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version of Nomad to install -nomad_version: 1.3.5 +nomad_version: 1.4.1 # URL of the archive nomad_archive_url: https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip # Expected sha256 of the archive -nomad_archive_sha256: a4bf189e6a84c4bc7d6090529c87b32e6b4b09b47163514d33305aa867d7c4dc +nomad_archive_sha256: f9327818a97fc2f29b6a9283c3175cd13ba6c774c15ee5683035c23b9a3640fa # List of plugins to install nomad_plugins: @@ -114,6 +114,14 @@ nomad_base_conf: enabled: False # You can set a list of caps allowed for containers. The default is the same set of caps than Docker, minus net_raw # allow_caps: ["audit_write", "chown", "dac_override", "fowner", "fsetid", "kill", "mknod", "net_bind_service", "setfcap", "setgid", "setpcap", "setuid", "sys_chroot"] + # List of extra labels to add to containers + extra_labels: + - job_name + - task_group_name + - task_name + - namespace + - node_name + - node_id raw_exec: enabled: False java: diff --git a/roles/nomad/files/50-nomad-promisc b/roles/nomad/files/50-nomad-promisc new file mode 100644 index 0000000..a1478e3 --- /dev/null +++ b/roles/nomad/files/50-nomad-promisc @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +set -eo pipefail + +case "$2" in + up) + if [[ "$1" = "nomad" ]]; then + ip link set dev $1 promisc on + fi + ;; +esac diff --git a/roles/nomad/tasks/install.yml b/roles/nomad/tasks/install.yml index 88e6904..0de2e48 100644 --- a/roles/nomad/tasks/install.yml +++ b/roles/nomad/tasks/install.yml @@ -143,3 +143,7 @@ when: nomad_unit.changed or nomad_ipt_cleanup_unit.changed or (nomad_consul_tpl_unit is defined and nomad_consul_tpl_unit.changed) tags: nomad +# This is needed for containers to be able to reach their own services through the host published port +- name: Install a script to set nomad bridge in promisc mode + copy: src=50-nomad-promisc dest=/etc/NetworkManager/dispatcher.d/50-nomad-promisc mode=755 + tags: nomad diff --git a/roles/nomad/templates/nomad.hcl.j2 b/roles/nomad/templates/nomad.hcl.j2 index fd29791..00ff211 100644 --- a/roles/nomad/templates/nomad.hcl.j2 +++ b/roles/nomad/templates/nomad.hcl.j2 @@ -121,6 +121,11 @@ plugin "docker" { {% endfor %} ] {% endif %} + extra_labels = [ +{% for label in nomad_conf.client.task_drivers.docker.extra_labels %} + "{{ label }}", +{% endfor %} + ] } } {% endif %}