Update to 2023-07-08 16:00

2025-08-07 09:07:03 +02:00 · 2023-07-08 16:00:11 +02:00
parent f16dd6e98d
commit d87c1bdc89
60 changed files with 708 additions and 439 deletions
--- a/roles/nomad/tasks/install.yml
+++ b/roles/nomad/tasks/install.yml
@@ -1,10 +1,5 @@
 ---

- name: Install needed tools
-  package:
-    name: "{{ nomad_packages }}"
-  tags: nomad
-
 - name: Install task driver packages
  package: name={{ nomad_task_driver_packages[item] }}
  loop: "{{ nomad_enabled_task_drivers }}"
@@ -12,43 +7,20 @@
  notify: restart nomad
  tags: nomad

- when: nomad_install_mode == 'upgrade'
-  name: Clear plugin dir on upgrades
-  file: path={{ nomad_root_dir }}/plugins state={{ item }} owner={{ nomad_user }} group={{ nomad_user }}
-  loop:
-    - absent
-    - directory
+- name: Deploy systemd service unit
+  template: src=nomad.service.j2 dest=/etc/systemd/system/nomad.service
+  register: nomad_unit
+  notify: restart nomad
  tags: nomad

- when: nomad_install_mode != 'none'
+- when: nomad_conf.client.enabled and nomad_unit.changed
  block:
-    - name: Download nomad
-      get_url:
-        url: "{{ nomad_archive_url }}"
-        dest: "{{ nomad_root_dir }}/tmp"
-        checksum: sha256:{{ nomad_archive_sha256 }}

-    - name: Extract the archive
-      unarchive:
-        src: "{{ nomad_root_dir }}/tmp/nomad_{{ nomad_version }}_linux_amd64.zip"
-        dest: "{{ nomad_root_dir }}/tmp"
-        remote_src: True
-
-    - name: Install nomad binary
-      copy:
-        src: "{{ nomad_root_dir }}/tmp/nomad"
-        dest: "{{ nomad_root_dir }}/bin/nomad"
-        remote_src: True
-        mode: 755
-      notify: restart nomad
-
-    - name: Link in /usr/local/bin
-      file: src={{ nomad_root_dir }}/bin/nomad dest=/usr/local/bin/nomad state=link force=True
-
-  tags: nomad
-
- when: nomad_install_mode != 'none' and nomad_conf.client.enabled
-  block:
+    - name: Clear plugin dir on upgrades
+      file: path={{ nomad_root_dir }}/plugins state={{ item }} owner={{ nomad_user }} group={{ nomad_user }}
+      loop:
+        - absent
+        - directory

    - name: Download plugins
      get_url:
@@ -100,24 +72,11 @@
 - name: Install bash completion support
  copy:
    content: |
-      complete -C {{ nomad_root_dir }}/bin/nomad nomad
+      complete -C /usr/local/bin/nomad nomad
    dest: /etc/bash_completion.d/nomad
    mode: 0644
  tags: nomad

- name: Deploy systemd service unit
-  template: src=nomad.service.j2 dest=/etc/systemd/system/nomad.service
-  register: nomad_unit
-  notify: restart nomad
-  tags: nomad
-
- name: Install consul-template unit
-  template: src=consul-template-nomad.service.j2 dest=/etc/systemd/system/consul-template-nomad.service
-  register: nomad_consul_tpl_unit
-  notify: restart consul-template-nomad
-  when: nomad_vault_secrets.pki.enabled or nomad_vault_secrets.consul_pki.enabled
-  tags: nomad
-
 - name: Install backup hooks
  template: src={{ item }}-backup.j2 dest=/etc/backup/{{ item }}.d/nomad mode=755
  loop:
@@ -125,14 +84,21 @@
    - post
  tags: nomad

+# A tmpfs will be used to store tokens and other sensitive information
 - name: Create tmpfile fragment
  copy:
    content: |
      d /run/nomad 775 root {{ nomad_user }}
    dest: /etc/tmpfiles.d/nomad.conf
-  notify: systemd-tmpfiles
+  register: nomad_tmpfiles
  tags: nomad

+- name: Create tmpfiles
+  command: systemd-tmpfiles --create
+  when: nomad_tmpfiles.changed
+  tags: nomad
+
+# This script cleanups leftovers in iptables rules on boot
 - name: Install iptables cleanup script
  copy: src=iptables_cleanup.pl dest={{ nomad_root_dir }}/bin/iptables_cleanup.pl mode=755
  tags: nomad
@@ -144,7 +110,7 @@

 - name: Reload systemd
  systemd: daemon_reload=True
-  when: nomad_unit.changed or nomad_ipt_cleanup_unit.changed or (nomad_consul_tpl_unit is defined and nomad_consul_tpl_unit.changed)
+  when: nomad_unit.changed or nomad_ipt_cleanup_unit.changed
  tags: nomad

 # This is needed for containers to be able to reach their own services through the host published port
@@ -152,8 +118,3 @@
  copy: src=50-nomad-promisc dest=/etc/NetworkManager/dispatcher.d/50-nomad-promisc mode=755
  tags: nomad

- name: Create host_volume directories
-  file: path={{ item.path }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
-  loop: "{{ nomad_conf.client.host_volumes | default([]) }}"
-  when: item.create | default(False)
-  tags: nomad