Update to 2022-08-03 16:00

2025-04-16 18:23:40 +02:00 · 2022-08-03 16:00:16 +02:00 · 2022-08-03 16:00:16 +02:00 · 5715cdb046
commit 5715cdb046
parent a11f21e9c6
18 changed files with 198 additions and 11 deletions
--- a/roles/cni_plugins/defaults/main.yml
+++ b/roles/cni_plugins/defaults/main.yml
@ -0,0 +1,11 @@
 ---
 # Version of the CNI plugins to install
 cni_version: 1.1.1
 # Archive where the pre compiled bin archive will be downloaded
 cni_archive_url: https://github.com/containernetworking/plugins/releases/download/v{{ cni_version }}/cni-plugins-linux-amd64-v{{ cni_version }}.tgz
 # Expected checksum of the archive
 cni_archive_sha256: b275772da4026d2161bf8a8b41ed4786754c8a93ebfb6564006d5da7f23831e5
 # Where the plugins will be installed (binaries will be extracted in a /bin sub-directory)
 cni_root_dir: /opt/cni
--- a/roles/cni_plugins/tasks/archive_post.yml
+++ b/roles/cni_plugins/tasks/archive_post.yml
@ -0,0 +1,14 @@
 ---
 - name: Compress previous version
  command: tar cf {{ cni_root_dir }}/archives/{{ cni_current_version }}.tar.zst ./ --use-compress-program=zstd
  args:
    chdir: "{{ cni_root_dir }}/archives/{{ cni_current_version }}"
    warn: False
  environment:
    ZSTD_CLEVEL: 10
  tags: cni
 - name: Remove archive dir
  file: path={{ cni_root_dir }}/archives/{{ cni_current_version }} state=absent
  tags: cni
--- a/roles/cni_plugins/tasks/archive_pre.yml
+++ b/roles/cni_plugins/tasks/archive_pre.yml
@ -0,0 +1,14 @@
 ---
 - name: Create the archive dir
  file: path={{ cni_root_dir }}/archives/{{ cni_current_version }} state=directory
  tags: cni
 - name: Archive current version
  synchronize:
    src: "{{ cni_root_dir }}/bin"
    dest: "{{ cni_root_dir }}/archives/{{ cni_current_version }}/"
    compress: False
    delete: True
  delegate_to: "{{ inventory_hostname }}"
  tags: cni
--- a/roles/cni_plugins/tasks/cleanup.yml
+++ b/roles/cni_plugins/tasks/cleanup.yml
@ -0,0 +1,7 @@
 ---
 - name: Remove tmp and obsolete files
  file: path={{ item }} state=absent
  loop:
    - "{{ cni_root_dir }}/tmp/cni-plugins-linux-amd64-v1.1.1.tgz"
  tags: cni
--- a/roles/cni_plugins/tasks/directories.yml
+++ b/roles/cni_plugins/tasks/directories.yml
@ -0,0 +1,13 @@
 ---
 - name: Create directories
  file: path={{ item.dir }} state=directory mode={{ item.mode | default(omit) }}
  loop:
    - dir: "{{ cni_root_dir }}"
    - dir: "{{ cni_root_dir }}/bin"
    - dir: "{{ cni_root_dir }}/archives"
    - dir: "{{ cni_root_dir }}/meta"
      mode: 700
    - dir: "{{ cni_root_dir }}/tmp"
      mode: 700
  tags: cni
--- a/roles/cni_plugins/tasks/facts.yml
+++ b/roles/cni_plugins/tasks/facts.yml
@ -0,0 +1,12 @@
 ---
 # Detect installed version (if any)
 - block:
    - import_tasks: ../includes/webapps_set_install_mode.yml
      vars:
        - root_dir: "{{ cni_root_dir }}"
        - version: "{{ cni_version }}"
    - set_fact: cni_install_mode={{ install_mode }}
    - set_fact: cni_current_version={{ current_version | default('') }}
  tags: cni
--- a/roles/cni_plugins/tasks/install.yml
+++ b/roles/cni_plugins/tasks/install.yml
@ -0,0 +1,18 @@
 ---
 - when: cni_install_mode != 'none'
  block:
    - name: Download the CNI plugins
      get_url:
        url: "{{ cni_archive_url }}"
        dest: "{{ cni_root_dir }}/tmp"
        checksum: sha256:{{ cni_archive_sha256 }}
    - name: Extract archive
      unarchive:
        src: "{{ cni_root_dir }}/tmp/cni-plugins-linux-amd64-v{{ cni_version }}.tgz"
        dest: "{{ cni_root_dir }}/bin/"
        remote_src: True
  tags: cni
--- a/roles/cni_plugins/tasks/main.yml
+++ b/roles/cni_plugins/tasks/main.yml
@ -0,0 +1,24 @@
 ---
 - include_tasks: directories.yml
  tags: always
 - include_tasks: facts.yml
  tags: always
 - include_tasks: archive_pre.yml
  when: cni_install_mode == 'upgrade'
  tags: always
 - include_tasks: install.yml
  tags: always
 - include_tasks: write_version.yml
  tags: always
 - include_tasks: archive_post.yml
  when: cni_install_mode == 'upgrade'
  tags: always
 - include_tasks: cleanup.yml
  tags: always
--- a/roles/cni_plugins/tasks/write_version.yml
+++ b/roles/cni_plugins/tasks/write_version.yml
@ -0,0 +1,5 @@
 ---
 - name: Write installed version
  copy: content={{ cni_version }} dest={{ cni_root_dir }}/meta/ansible_version
  tags: cni
--- a/roles/nomad/defaults/main.yml
+++ b/roles/nomad/defaults/main.yml
@ -7,6 +7,13 @@ nomad_archive_url: https://releases.hashicorp.com/nomad/{{ nomad_version }}/noma
 # Expected sha256 of the archive
 nomad_archive_sha256: fc6b3800935c621633d98148ea30737ab8ac1f698020f45b28b07ac61fbf4a96
 # List of plugins to install
 nomad_plugins:
  podman:
    version: 0.4.0
    archive_url: https://releases.hashicorp.com/nomad-driver-podman/0.4.0/nomad-driver-podman_0.4.0_linux_amd64.zip
    sha256: f905f9c38db8cec1542b92f69233488d5bf94e30fe9a0fae9ac03b30c1e2cfea
 # Root dir where Nomad will be installed
 nomad_root_dir: /opt/nomad
@ -62,8 +69,7 @@ nomad_base_conf:
    #   cni: macvlan,ipvlan
    meta: {}
-    # List of enabled drivers, and their options. Valid ones are
+    # List of enabled drivers, and their options.
    # exec, raw_exec, docker, java.
    task_drivers:
      exec:
        enabled: True
@ -74,6 +80,10 @@ nomad_base_conf:
        enabled: False
      java:
        enabled: False
      qemu:
        enabled: False
      podman:
        enabled: False # Note on EL8, it cannot be used with docker as there are package conflicts, see https://bugs.centos.org/view.php?id=16892
  # Server related settings
  server:
--- a/roles/nomad/meta/main.yml
+++ b/roles/nomad/meta/main.yml
@ -3,3 +3,5 @@
 dependencies:
  - role: docker
    when: nomad_conf.client.enabled and nomad_conf.client.task_drivers.docker.enabled
  - role: cni_plugins
    when: nomad_conf.client.enabled
--- a/roles/nomad/tasks/archive_pre.yml
+++ b/roles/nomad/tasks/archive_pre.yml
@ -4,7 +4,18 @@
  file: path={{ nomad_root_dir }}/archives/{{ nomad_current_version }} state=directory
  tags: nomad
- name: Backup previous version
+- name: Snapshot nomad data
-  copy: src={{ nomad_root_dir }}/bin/nomad dest={{ nomad_root_dir }}/archives/{{ nomad_current_version }}/ remote_src=True
+  command: "{{ nomad_root_dir }}/bin/nomad operator save {{ nomad_root_dir }}/archives/{{ nomad_current_version }}/nomad.snap"
  tags: nomad
 - name: Backup previous version
  synchronize:
    src: "{{ item }}"
    dest: "{{ nomad_root_dir }}/archives/{{ nomad_current_version }}/"
    compress: False
  delegate_to: "{{ inventory_hostname }}"
  loop:
    - bin
    - plugins
  tags: nomad
--- a/roles/nomad/tasks/directories.yml
+++ b/roles/nomad/tasks/directories.yml
@ -26,6 +26,9 @@
    - dir: data
      owner: "{{ nomad_user }}"
      group: "{{ nomad_user }}"
    - dir: plugins
      owner: "{{ nomad_user }}"
      group: "{{ nomad_user }}"
    - dir: etc
      owner: root
      group: "{{ nomad_user }}"
--- a/roles/nomad/tasks/facts.yml
+++ b/roles/nomad/tasks/facts.yml
@ -33,9 +33,8 @@
 - when: nomad_bin.stat.exists and nomad_current_version != nomad_version
  set_fact: nomad_install_mode='upgrade'
 - debug: msg={{ nomad_conf.client.task_drivers | dict2items }}
  tags: nomad
 - name: Build a list of enabled task drivers
  set_fact: nomad_enabled_task_drivers={{ nomad_conf.client.task_drivers | dict2items | selectattr('value.enabled', 'equalto', True) | map(attribute='key') }}
  tags: nomad
--- a/roles/nomad/tasks/install.yml
+++ b/roles/nomad/tasks/install.yml
@ -15,6 +15,14 @@
  notify: restart nomad
  tags: nomad
 - when: nomad_install_mode == 'upgrade'
  name: Clear plugin dir on upgrades
  file: path={{ nomad_root_dir }}/plugins state={{ item }} owner={{ nomad_user }} group={{ nomad_user }}
  loop:
    - absent
    - directory
  tags: nomad
 - when: nomad_install_mode != 'none'
  block:
    - name: Download nomad
@ -35,10 +43,37 @@
        dest: "{{ nomad_root_dir }}/bin/nomad"
        remote_src: True
        mode: 755
      notify: restart nomad
    - name: Link in /usr/local/bin
      file: src={{ nomad_root_dir }}/bin/nomad dest=/usr/local/bin/nomad state=link force=True
    - name: Download plugins
      get_url:
        url: "{{ nomad_plugins[item].archive_url }}"
        dest: "{{ nomad_root_dir }}/tmp"
        checksum: sha256:{{ nomad_plugins[item].sha256 }}
      register: nomad_plugin_dl
      loop: "{{ nomad_plugins.keys() | list }}"
    - name: Extract nomad plugins
      unarchive:
        src: "{{ item.dest }}"
        dest: "{{ nomad_root_dir }}/plugins/"
        remote_src: True
      loop: "{{ nomad_plugin_dl.results }}"
      notify: restart nomad
  tags: nomad
 # Nomad looks for the qemu-system-x86_64 bin in $PATH
 # so it needs to be available for Nomad to detect it
 - name: Link qemu-kvm to qemu-system-x86_64
  file:
    src: /usr/libexec/qemu-kvm
    dest: /usr/local/bin/qemu-system-x86_64
    state: link
  when: nomad_conf.client.enabled and 'qemu' in nomad_enabled_task_drivers
  tags: nomad
 - name: Install bash completion support
--- a/roles/nomad/templates/nomad.hcl.j2
+++ b/roles/nomad/templates/nomad.hcl.j2
@ -1,4 +1,5 @@
 data_dir = "{{ nomad_root_dir }}/data"
 plugin_dir = "{{ nomad_root_dir }}/plugins"
 log_level = "{{ nomad_conf.log_level }}"
 bind_addr = "0.0.0.0"
@ -41,8 +42,9 @@ server {
  }
 }
 {% if nomad_conf.client.enabled %}
 client {
-  enabled = {{ nomad_conf.client.enabled | ternary('true', 'false') }}
+  enabled = true
  servers = [
 {% for server in nomad_servers %}
    "{{ server }}",
@ -96,7 +98,11 @@ plugin "raw_exec" {
 }
 {% endif %}
 {% endif %}
-
+{% else %}
 client {
  enabled = false
 }
 {% endif %}
 ui {
  enabled = {{ nomad_conf.ui.enabled | ternary('true', 'false') }}
 {% if nomad_conf.ui.consul_ui is defined %}
--- a/roles/nomad/vars/RedHat-8.yml
+++ b/roles/nomad/vars/RedHat-8.yml
@ -3,3 +3,8 @@
 nomad_task_driver_packages:
  java:
    - java-17-openjdk-headless
  qemu:
    - qemu-kvm
  podman:
    - podman
    - podman-docker
--- a/roles/nomad/vars/main.yml
+++ b/roles/nomad/vars/main.yml
@ -1,2 +0,0 @@
 ---