Update to 2022-07-29 15:00

2025-07-27 08:15:54 +02:00 · 2022-07-29 15:00:16 +02:00
parent 2737485b20
commit f44895157e
14 changed files with 83 additions and 50 deletions
--- a/roles/nomad/defaults/main.yml
+++ b/roles/nomad/defaults/main.yml
@@ -12,56 +12,35 @@ nomad_root_dir: /opt/nomad

 # user under which nomad will run.
 # Servers can run under an unprivileged user, while clients should run as root (or with equivalent privileges)
-nomad_user: "{{ nomad_conf.client.enabled | ternary('root', 'nomad') }}"
+nomad_user: "{{ nomad_client_enabled | ternary('root', 'nomad') }}"

-# List of nomad servers (not clients)
+# List of nomad servers (not clients !)
 nomad_servers: []
+# Should client be enabled
+nomad_client_enabled: "{{ (inventory_hostname in nomad_servers) | ternary(False, True) }}"
+# Should server be enabled
+nomad_server_enabled: "{{ (inventory_hostname in nomad_servers) | ternary(True, False) }}"
+# Log level of the daemon
+nomad_log_level: INFO

 # Ports used by Nomad, the protocols, and the list of IP/CIDR for which the ports will be opened in the firewall
+# You can also specify which address/port to advertise (not needed most of the time)
 nomad_base_services:
-  http_api:
-    port: "{{ nomad_conf.ports.http | default(4646) }}"
+  http:
+    port: 4646
    proto: [tcp]
    src_ip: []
+    # advertise: 10.11.12.13:4347
  rpc:
-    port: "{{ nomad_conf.ports.rpc | default(4647) }}"
+    port: 4647
    proto: [tcp]
    src_ip: []
+    # advertise: 
  serf:
-    port: "{{ nomad_conf.ports.serf | default(4648) }}"
+    port: 4648
    proto: [tcp,udp]
    src_ip: []
+    # advertise: x.x.x.x
 nomad_extra_services: {}
 nomad_services: "{{ nomad_base_services | combine(nomad_extra_services, recursive=True) }}"

-# Nomad configuration (which will be converted to JSON)
-# The configuration is splited in a base conf, an extra conf, and a host conf so you can override part of the config easily
-nomad_base_conf:
-  name: "{{ inventory_hostname }}"
-  data_dir: "{{ nomad_root_dir }}/data"
-  log_level: INFO
-  bind_addr: 0.0.0.0
-  client:
-    enabled: "{{ (inventory_hostname in nomad_servers) | ternary(False, True) }}"
-    servers: "{{ (inventory_hostname in nomad_servers) | ternary([], nomad_servers) }}"
-  server:
-    enabled: "{{ (inventory_hostname in nomad_servers) | ternary(True, False) }}"
-    server_join:
-      retry_join: "{{ (inventory_hostname in nomad_servers) | ternary(nomad_servers, []) }}"
-    bootstrap_expect: "{{ nomad_servers | length }}"
-
-# For example
-# nomad_extra_conf:
-#   datacenter: my-dc
-#   server:
-#     encrypt: umizzu2vi9VaYwdRiOjDXgZIjV8AJ2AV+prqaAhElz0=
-#   ui_config:
-#     enabled: True
-#
-nomad_extra_conf: {}
-# Host conf is just another level of configuration override
-nomad_host_conf: {}
-
-# Merge all the conf
-nomad_conf: "{{ nomad_base_conf | combine(nomad_extra_conf, recursive=True) | combine(nomad_host_conf, recursive=True) }}"
-
--- a/roles/nomad/tasks/conf.yml
+++ b/roles/nomad/tasks/conf.yml
@@ -2,11 +2,11 @@

 - name: Deploy nomad configuration
  template:
-    src: nomad.json.j2
-    dest: "{{ nomad_root_dir }}/etc/nomad.json"
+    src: nomad.hcl.j2
+    dest: "{{ nomad_root_dir }}/etc/nomad.hcl"
    owner: root
    group: "{{ nomad_user }}"
-    mode: 640
+    mode: 0640
    validate: nomad config validate %s
  notify: restart nomad
  tags: nomad
--- a/roles/nomad/templates/nomad.hcl.j2
+++ b/roles/nomad/templates/nomad.hcl.j2
@@ -0,0 +1,34 @@
+data_dir = "{{ nomad_root_dir }}/data"
+log_level = "{{ nomad_log_level }}"
+bind_addr = "0.0.0.0"
+advertise {
+{% for service in nomad_services.keys() | list %}
+{% if nomad_services[service].advertise is defined %}
+  {{ service }} = {{ nomad_services[service].advertise }}
+{% endif %}
+{% endfor %}
+}
+ports {
+{% for service in nomad_services.keys() | list %}
+  {{ service }} = {{ nomad_services[service].port }}
+{% endfor %}
+}
+server {
+  enabled = {{ nomad_server_enabled | ternary('true','false') }}
+  bootstrap_expect = {{ nomad_servers | length }}
+  server_join {
+    retry_join = [
+{% for server in consul_servers %}
+      "{{ server }}",
+{% endfor %}
+    ]
+  }
+}
+client {
+  enabled = {{ nomad_client_enabled | ternary('true','false') }}
+  servers = [
+{% for server in consul_servers %}
+    "{{ server }}",
+{% endfor %}
+  ]
+}
--- a/roles/nomad/templates/nomad.service.j2
+++ b/roles/nomad/templates/nomad.service.j2
@@ -3,13 +3,13 @@ Description=Nomad
 Documentation=https://nomadproject.io/docs/
 Wants=network-online.target
 After=network-online.target
-ConditionFileNotEmpty={{ nomad_root_dir }}/etc/nomad.json
+ConditionFileNotEmpty={{ nomad_root_dir }}/etc/nomad.hcl

 [Service]
 EnvironmentFile=-{{ nomad_root_dir }}/etc/nomad.env
 User={{ nomad_user }}
 Group={{ nomad_user }}
-ExecStart={{ nomad_root_dir }}/bin/nomad agent -config={{ nomad_root_dir }}/etc/
+ExecStart={{ nomad_root_dir }}/bin/nomad agent -config={{ nomad_root_dir }}/etc/nomad.hcl
 ExecReload=/bin/kill --signal HUP $MAINPID
 KillMode=process
 KillSignal=SIGINT