jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-29 18:55:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2023-07-08 16:00

Browse Source
This commit is contained in:
Daniel Berteaud
2023-07-08 16:00:11 +02:00
parent f16dd6e98d
commit d87c1bdc89
60 changed files with 708 additions and 439 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
roles/nomad/defaults/main.yml
View File

@@ -1,12 +1,5 @@
---
# Version of Nomad to install
nomad_version: 1.5.6
# URL of the archive
nomad_archive_url: https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip
# Expected sha256 of the archive
nomad_archive_sha256: 65a7d5a4c6ade01a44292901b05a7c985b4459e0a079b5eb55f5d61474ee98e5
# List of plugins to install
nomad_plugins:
podman:
@@ -27,10 +20,6 @@ nomad_user: "{{ nomad_conf.client.enabled | ternary('root', 'nomad') }}"
# Used for example to grant access to cli cert with ACL
nomad_admin_groups: "{{ system_admin_groups | default([]) }}"
# If ACL are enabled, you need to set a management token for ansible
# to be able to manage Nomad (eg snapshot before upgrades)
# nomad_mgm_token: XXXXXXXXX
# List of nomad servers (not clients !)
nomad_servers: []
@@ -169,7 +158,7 @@ nomad_base_conf:
# Default scheduler config. Only used during cluster bootstrap
# If you want to change it after, you have to use the API
default_scheduler_config:
# can be binpack or spread. SPread makes more sens when running on premise
# can be binpack or spread. Spread makes more sense when running on premise
scheduler_algorithm: spread
memory_oversubscription_enabled: True
preemption_config:
@@ -247,24 +236,3 @@ nomad_extra_services: {}
nomad_host_services: {}
nomad_services: "{{ nomad_base_services | combine(nomad_extra_services, recursive=True) | combine(nomad_host_services, recursive=True) }}"
# When using vault to setup TLS for Nomad
nomad_base_vault_secrets:
vault_address: "{{ nomad_conf.vault.address | default('https://active.vault.service.consul:8200') }}"
# Token to use to issue certificates
# token: XXXXXXXXX
pki:
enabled: False
# The path of the PKI secret where cert will be issued
path: /pki/nomad
role: nomad-{{ nomad_conf.server.enabled | ternary('server', 'client') }}
# ttl: 6h # if not set, will use the default ttl of the role
consul_pki:
enabled: False
path: /pki/consul
root_path: /pki/root # This is used to fetch the top level root CA, as envoy can't validate the chain unless it has it complete up to the auto-signed root
role: nomad-client # Only nomad clients will use this
# ttl: 6h # if not set, will use the default ttl of the role
nomad_extra_vault_secrets: {}
nomad_host_vault_secrets: {}
nomad_vault_secrets: "{{ nomad_base_vault_secrets | combine(nomad_extra_vault_secrets, recursive=True) | combine(nomad_host_vault_secrets, recursive=True) }}"