diff --git a/roles/consul/defaults/main.yml b/roles/consul/defaults/main.yml new file mode 100644 index 0000000..10b2c84 --- /dev/null +++ b/roles/consul/defaults/main.yml @@ -0,0 +1,85 @@ +--- + +# Version of consul to deploy +consul_version: 1.12.3 +# URL from where the consul archive will be downloaded +consul_archive_url: https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip +# Expected sha256 of the archive +consul_archive_sha256: 620a47cfba34bdf918b4c3238d22f6318b29403888cfd927c6006a4ac1b1c9f6 + +# user account under which consul will run (will be created if needed) +consul_user: consul + +# Root directory where consul will be installed +consul_root_dir: /opt/consul + +# List of consul servers name or IP +consul_servers: [] + +# List of services exposed by consul, the ports they use, and the list of IP +# for which the service is accessible at the firewall level (if iptables_manage == True) +consul_services: + dns: + port: 8600 + src_ip: [] + proto: [tcp,udp] + http_api: + port: 8500 + src_ip: [] + proto: [tcp] + https_api: + port: 8501 + src_ip: [] + proto: [tcp] + grpc_api: + port: 8502 + src_ip: [] + proto: [tcp] + lan_serf: + port: 8301 + src_ip: [] + proto: [tcp,udp] + wan_serf: + port: 8302 + src_ip: [] + proto: [tcp_udp] + server_rpc: + port: 8300 + src_ip: [] + proto: [tcp] + sidecar_proxy: + port: '21000:21255' + src_ip: [] + proto: [tcp] + +# Consul configuration (which will be converted to JSON) +# The configuration is splited in a base conf and an extra conf, so you can override part of the config easily +consul_base_conf: + node_name: "{{ inventory_hostname }}" + data_dir: "{{ consul_root_dir }}/data" + client_addr: 0.0.0.0 + log_level: INFO + bind_addr: 0.0.0.0 + advertise_addr: "{{ ansible_default_ipv4.address }}" + retry_join: "{{ consul_servers }}" + bootstrap_expect: "{{ consul_servers | length }}" + server: "{{ (inventory_hostname in consul_servers) | ternary(True, False) }}" + ui_config: + enabled: "{{ (inventory_hostname in consul_servers) | ternary(True, False) }}" + connect: + enabled: "{{ (inventory_hostname in consul_servers) | ternary(True, False) }}" + +# For example +# consul_extra_conf: +# datacenter: my-dc +# domain: dev.example.org +# encrypt: WSnGbK30nI6K/xk9w+AAtk0Y3RMXKoAlsj4VEICqi0I= +# ui_config: +# enabled: False + +consul_extra_conf: {} +# Host conf is just another level of configuration override +consul_host_conf: {} + +# Merge all the conf +consul_conf: "{{ consul_base_conf | combine(consul_extra_conf, recursive=True) | combine(consul_host_conf, recursive=True) }}" diff --git a/roles/consul/handlers/main.yml b/roles/consul/handlers/main.yml new file mode 100644 index 0000000..1b5d8a7 --- /dev/null +++ b/roles/consul/handlers/main.yml @@ -0,0 +1,8 @@ +--- + +- name: restart consul + service: name=consul state=restarted + when: consul_service_started is not defined or not consul_service_started.changed + +- name: reload consul + service: name=consul state=reloaded diff --git a/roles/consul/tasks/archive_post.yml b/roles/consul/tasks/archive_post.yml new file mode 100644 index 0000000..db3c3e5 --- /dev/null +++ b/roles/consul/tasks/archive_post.yml @@ -0,0 +1,15 @@ +--- + +- name: Compress previous version + command: tar cf {{ consul_root_dir }}/archives/{{ consul_current_version }}.tar.zst --use-compress-program=zstd ./ + args: + chdir: "{{ consul_root_dir }}/archives/{{ consul_current_version }}" + warn: False + environment: + ZSTD_CLEVEL: 10 + tags: consul + +- name: Remove archive dir + file: path={{ consul_root_dir }}/archives/{{ consul_current_version }} state=absent + tags: consul + diff --git a/roles/consul/tasks/archive_pre.yml b/roles/consul/tasks/archive_pre.yml new file mode 100644 index 0000000..23ca131 --- /dev/null +++ b/roles/consul/tasks/archive_pre.yml @@ -0,0 +1,10 @@ +--- + +- name: Create the archive dir + file: path={{ consul_root_dir }}/archives/{{ consul_current_version }} state=directory + tags: consul + +- name: Backup previous version + copy: src={{ consul_root_dir }}/bin/consul dest={{ consul_root_dir }}/archives/{{ consul_current_version }}/ remote_src=True + tags: consul + diff --git a/roles/consul/tasks/cleanup.yml b/roles/consul/tasks/cleanup.yml new file mode 100644 index 0000000..6bcfd42 --- /dev/null +++ b/roles/consul/tasks/cleanup.yml @@ -0,0 +1,8 @@ +--- + +- name: Remove tmp and obsolete files + file: path={{ item }} state=absent + loop: + - "{{ consul_root_dir }}/tmp/consul_{{ consul_version }}_linux_amd64.zip" + - "{{ consul_root_dir }}/tmp/consul" + tags: consul diff --git a/roles/consul/tasks/conf.yml b/roles/consul/tasks/conf.yml new file mode 100644 index 0000000..5ff56cb --- /dev/null +++ b/roles/consul/tasks/conf.yml @@ -0,0 +1,6 @@ +--- + +- name: Deploy consul configuration + template: src=consul.json.j2 dest={{ consul_root_dir }}/etc/consul.json owner=root group={{ consul_user }} mode=640 + notify: reload consul + tags: consul diff --git a/roles/consul/tasks/directories.yml b/roles/consul/tasks/directories.yml new file mode 100644 index 0000000..0e99029 --- /dev/null +++ b/roles/consul/tasks/directories.yml @@ -0,0 +1,31 @@ +--- + +- name: Create needed directories + file: path={{ consul_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} + loop: + - dir: archives + owner: root + group: root + mode: 700 + - dir: backup + owner: root + group: root + mode: 700 + - dir: meta + owner: root + group: root + mode: 700 + - dir: bin + - dir: tmp + owner: "{{ consul_user }}" + group: "{{ consul_user }}" + mode: 700 + - dir: data + owner: "{{ consul_user }}" + group: "{{ consul_user }}" + mode: 700 + - dir: etc + owner: root + group: "{{ consul_user }}" + mode: 750 + tags: consul diff --git a/roles/consul/tasks/facts.yml b/roles/consul/tasks/facts.yml new file mode 100644 index 0000000..bc8c9b7 --- /dev/null +++ b/roles/consul/tasks/facts.yml @@ -0,0 +1,12 @@ +--- + +- name: Detect installed version + block: + - import_tasks: ../includes/webapps_set_install_mode.yml + vars: + - root_dir: "{{ consul_root_dir }}" + - version: "{{ consul_version }}" + - set_fact: consul_install_mode={{ install_mode | default('none') }} + - set_fact: consul_current_version={{ current_version | default('') }} + tags: consul + diff --git a/roles/consul/tasks/install.yml b/roles/consul/tasks/install.yml new file mode 100644 index 0000000..664edc9 --- /dev/null +++ b/roles/consul/tasks/install.yml @@ -0,0 +1,55 @@ +--- + +- name: Install needed tools + package: + name: + - tar + - zstd + - unzip + tags: consul + +- when: consul_install_mode != 'none' + block: + - name: Download consul + get_url: + url: "{{ consul_archive_url }}" + dest: "{{ consul_root_dir }}/tmp" + checksum: sha256:{{ consul_archive_sha256 }} + + - name: Extract the archive + unarchive: + src: "{{ consul_root_dir }}/tmp/consul_{{ consul_version }}_linux_amd64.zip" + dest: "{{ consul_root_dir }}/tmp" + remote_src: True + + - name: Install consul binary + copy: + src: "{{ consul_root_dir }}/tmp/consul" + dest: "{{ consul_root_dir }}/bin/consul" + remote_src: True + mode: 755 + + - name: Link in /usr/local/bin + file: src={{ consul_root_dir }}/bin/consul dest=/usr/local/bin/consul state=link force=True + + tags: consul + +- name: Install bash completion support + copy: + content: | + complete -C {{ consul_root_dir }}/bin/consul consul + dest: /etc/bash_completion.d/consul + mode: 755 + tags: consul + +- name: Deploy systemd service unit + template: src=consul.service.j2 dest=/etc/systemd/system/consul.service + register: consul_unit + notify: restart consul + tags: consul + +- name: Reload systemd + systemd: daemon_reload=True + when: consul_unit.changed + tags: consul + diff --git a/roles/consul/tasks/iptables.yml b/roles/consul/tasks/iptables.yml new file mode 100644 index 0000000..16711ab --- /dev/null +++ b/roles/consul/tasks/iptables.yml @@ -0,0 +1,15 @@ +--- + +- name: Handle consul ports in the firewall + iptables_raw: + name: consul_port_{{ item }} + state: "{{ (('tcp' in consul_services[item].proto or 'udp' in consul_services[item].proto) and consul_services[item].src_ip | length > 0) | ternary('present', 'absent') }}" + rules: | + {% if 'tcp' in consul_services[item].proto %} + -A INPUT -m state --state NEW -p tcp --dport {{ consul_services[item].port }} -j ACCEPT + {% endif %} + {% if 'udp' in consul_services[item].proto %} + -A INPUT -m state --state NEW -p udp --dport {{ consul_services[item].port }} -j ACCEPT + {% endif %} + loop: "{{ consul_services.keys() | list }}" + tags: firewall,consul diff --git a/roles/consul/tasks/main.yml b/roles/consul/tasks/main.yml new file mode 100644 index 0000000..109fe72 --- /dev/null +++ b/roles/consul/tasks/main.yml @@ -0,0 +1,38 @@ +--- + +- include_tasks: user.yml + tags: always + +- include_tasks: directories.yml + tags: always + +- include_tasks: facts.yml + tags: always + +- include_tasks: archive_pre.yml + when: consul_install_mode | default('none') == 'upgrade' + tags: always + +- include_tasks: install.yml + tags: always + +- include_tasks: conf.yml + tags: always + +- include_tasks: iptables.yml + when: iptables_manage | default(True) + tags: always + +- include_tasks: services.yml + tags: always + +- include_tasks: write_version.yml + tags: always + +- include_tasks: archive_post.yml + when: consul_install_mode | default('none') == 'upgrade' + tags: always + +- include_tasks: cleanup.yml + tags: always + diff --git a/roles/consul/tasks/services.yml b/roles/consul/tasks/services.yml new file mode 100644 index 0000000..679e0cb --- /dev/null +++ b/roles/consul/tasks/services.yml @@ -0,0 +1,6 @@ +--- + +- name: Start and enable consul service + service: name=consul state=started enabled=True + register: consul_service_started + tags: consul diff --git a/roles/consul/tasks/user.yml b/roles/consul/tasks/user.yml new file mode 100644 index 0000000..6ae61a5 --- /dev/null +++ b/roles/consul/tasks/user.yml @@ -0,0 +1,9 @@ +--- + +- name: Create consul user + user: + name: "{{ consul_user }}" + home: "{{ consul_root_dir }}" + system: True + shell: /sbin/nologin + tags: consul diff --git a/roles/consul/tasks/write_version.yml b/roles/consul/tasks/write_version.yml new file mode 100644 index 0000000..31d5bc8 --- /dev/null +++ b/roles/consul/tasks/write_version.yml @@ -0,0 +1,5 @@ +--- + +- name: Write installed version + copy: content={{ consul_version }} dest={{ consul_root_dir }}/meta/ansible_version + tags: consul diff --git a/roles/consul/templates/consul.json.j2 b/roles/consul/templates/consul.json.j2 new file mode 100644 index 0000000..b74fa8b --- /dev/null +++ b/roles/consul/templates/consul.json.j2 @@ -0,0 +1 @@ +{{ consul_conf | to_nice_json(indent=2) }} diff --git a/roles/consul/templates/consul.service.j2 b/roles/consul/templates/consul.service.j2 new file mode 100644 index 0000000..3e69385 --- /dev/null +++ b/roles/consul/templates/consul.service.j2 @@ -0,0 +1,20 @@ +[Unit] +Description="HashiCorp Consul - A service mesh solution" +Documentation=https://www.consul.io/ +Requires=network-online.target +After=network-online.target +ConditionFileNotEmpty={{ consul_root_dir }}/etc/consul.json + +[Service] +EnvironmentFile=-{{ consul_root_dir }}/etc/consul.env +User={{ consul_user }} +Group={{ consul_user }} +ExecStart={{ consul_root_dir }}/bin/consul agent -config-dir={{ consul_root_dir }}/etc/ +ExecReload=/bin/kill --signal HUP $MAINPID +KillMode=process +KillSignal=SIGTERM +Restart=on-failure +LimitNOFILE=65536 + +[Install] +WantedBy=multi-user.target diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml new file mode 100644 index 0000000..c5a39c8 --- /dev/null +++ b/roles/nomad/defaults/main.yml @@ -0,0 +1,69 @@ +--- + +# Version of Nomad to install +nomad_version: 1.3.2 +# URL of the archive +nomad_archive_url: https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip +# Expected sha256 of the archive +nomad_archive_sha256: fc6b3800935c621633d98148ea30737ab8ac1f698020f45b28b07ac61fbf4a96 + +# Root dir where Nomad will be installed +nomad_root_dir: /opt/nomad + +# user under which nomad will run. +# Servers can run under an unprivileged user, while clients should run as root (or with equivalent privileges) +nomad_user: "{{ nomad_conf.client.enabled | ternary('root', 'nomad') }}" + +# List of nomad servers (not clients) +nomad_servers: [] + +# Ports used by Nomad, the protocols, and the list of IP/CIDR for which the ports will be opened in the firewall +nomad_services: + http_api: + port: 4646 + proto: [tcp] + src_ip: [] + rpc: + port: 4647 + proto: [tcp] + src_ip: [] + serf: + port: 4648 + proto: [tcp,udp] + src_ip: [] + +# Nomad configuration (which will be converted to JSON) +# The configuration is splited in a base conf, an extra conf, and a host conf so you can override part of the config easily +nomad_base_conf: + name: "{{ inventory_hostname }}" + data_dir: "{{ nomad_root_dir }}/data" + log_level: INFO + bind_addr: 0.0.0.0 + client: + enabled: "{{ (inventory_hostname in nomad_servers) | ternary(False, True) }}" + servers: "{{ (inventory_hostname in nomad_servers) | ternary([], nomad_servers) }}" + server: + enabled: "{{ (inventory_hostname in nomad_servers) | ternary(True, False) }}" + server_join: + retry_join: "{{ (inventory_hostname in nomad_servers) | ternary(nomad_servers, []) }}" + bootstrap_expect: "{{ nomad_servers | length }}" + ports: + http: "{{ nomad_services.http_api.port }}" + rpc: "{{ nomad_services.rpc.port }}" + serf: "{{ nomad_services.serf.port }}" + +# For example +# nomad_extra_conf: +# datacenter: my-dc +# server: +# encrypt: umizzu2vi9VaYwdRiOjDXgZIjV8AJ2AV+prqaAhElz0= +# ui_config: +# enabled: True +# +nomad_extra_conf: {} +# Host conf is just another level of configuration override +nomad_host_conf: {} + +# Merge all the conf +nomad_conf: "{{ nomad_base_conf | combine(nomad_extra_conf, recursive=True) | combine(nomad_host_conf, recursive=True) }}" + diff --git a/roles/nomad/handlers/main.yml b/roles/nomad/handlers/main.yml new file mode 100644 index 0000000..34f89ac --- /dev/null +++ b/roles/nomad/handlers/main.yml @@ -0,0 +1,8 @@ +--- + +- name: restart nomad + service: name=nomad state=restarted + when: nomad_service_started is not defined or not nomad_service_started.changed + +- name: reload nomad + service: name=nomad state=reloaded diff --git a/roles/nomad/tasks/archive_post.yml b/roles/nomad/tasks/archive_post.yml new file mode 100644 index 0000000..746a948 --- /dev/null +++ b/roles/nomad/tasks/archive_post.yml @@ -0,0 +1,15 @@ +--- + +- name: Compress previous version + command: tar cf {{ nomad_root_dir }}/archives/{{ nomad_current_version }}.tar.zst --use-compress-program=zstd ./ + args: + chdir: "{{ nomad_root_dir }}/archives/{{ nomad_current_version }}" + warn: False + environment: + ZSTD_CLEVEL: 10 + tags: nomad + +- name: Remove archive dir + file: path={{ nomad_root_dir }}/archives/{{ nomad_current_version }} state=absent + tags: nomad + diff --git a/roles/nomad/tasks/archive_pre.yml b/roles/nomad/tasks/archive_pre.yml new file mode 100644 index 0000000..314a1bb --- /dev/null +++ b/roles/nomad/tasks/archive_pre.yml @@ -0,0 +1,10 @@ +--- + +- name: Create the archive dir + file: path={{ nomad_root_dir }}/archives/{{ nomad_current_version }} state=directory + tags: nomad + +- name: Backup previous version + copy: src={{ nomad_root_dir }}/bin/nomad dest={{ nomad_root_dir }}/archives/{{ nomad_current_version }}/ remote_src=True + tags: nomad + diff --git a/roles/nomad/tasks/cleanup.yml b/roles/nomad/tasks/cleanup.yml new file mode 100644 index 0000000..3de94b3 --- /dev/null +++ b/roles/nomad/tasks/cleanup.yml @@ -0,0 +1,8 @@ +--- + +- name: Remove tmp and obsolete files + file: path={{ item }} state=absent + loop: + - "{{ nomad_root_dir }}/tmp/nomad_{{ nomad_version }}_linux_amd64.zip" + - "{{ nomad_root_dir }}/tmp/nomad" + tags: nomad diff --git a/roles/nomad/tasks/conf.yml b/roles/nomad/tasks/conf.yml new file mode 100644 index 0000000..6dba2a5 --- /dev/null +++ b/roles/nomad/tasks/conf.yml @@ -0,0 +1,6 @@ +--- + +- name: Deploy nomad configuration + template: src=nomad.json.j2 dest={{ nomad_root_dir }}/etc/nomad.json owner=root group={{ nomad_user }} mode=640 + notify: restart nomad + tags: nomad diff --git a/roles/nomad/tasks/directories.yml b/roles/nomad/tasks/directories.yml new file mode 100644 index 0000000..bee94c0 --- /dev/null +++ b/roles/nomad/tasks/directories.yml @@ -0,0 +1,37 @@ +--- + +- name: Create needed directories + file: path={{ nomad_root_dir }}/{{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }} recurse={{ item.recurse | default(omit) }} + loop: + - dir: / + owner: root + group: root + mode: 755 + - dir: archives + owner: root + group: root + mode: 700 + - dir: backup + owner: root + group: root + mode: 700 + - dir: meta + owner: root + group: root + mode: 700 + - dir: bin + - dir: tmp + owner: "{{ nomad_user }}" + group: "{{ nomad_user }}" + mode: u=rwX,g=-,o=- + recurse: True + - dir: data + owner: "{{ nomad_user }}" + group: "{{ nomad_user }}" + mode: u=rwX,g=-,o=- + recurse: True + - dir: etc + owner: root + group: "{{ nomad_user }}" + mode: 750 + tags: nomad diff --git a/roles/nomad/tasks/facts.yml b/roles/nomad/tasks/facts.yml new file mode 100644 index 0000000..b4c7d2e --- /dev/null +++ b/roles/nomad/tasks/facts.yml @@ -0,0 +1,12 @@ +--- + +- name: Detect installed version + block: + - import_tasks: ../includes/webapps_set_install_mode.yml + vars: + - root_dir: "{{ nomad_root_dir }}" + - version: "{{ nomad_version }}" + - set_fact: nomad_install_mode={{ install_mode | default('none') }} + - set_fact: nomad_current_version={{ current_version | default('') }} + tags: nomad + diff --git a/roles/nomad/tasks/install.yml b/roles/nomad/tasks/install.yml new file mode 100644 index 0000000..a8df09f --- /dev/null +++ b/roles/nomad/tasks/install.yml @@ -0,0 +1,55 @@ +--- + +- name: Install needed tools + package: + name: + - tar + - zstd + - unzip + tags: nomad + +- when: nomad_install_mode != 'none' + block: + - name: Download nomad + get_url: + url: "{{ nomad_archive_url }}" + dest: "{{ nomad_root_dir }}/tmp" + checksum: sha256:{{ nomad_archive_sha256 }} + + - name: Extract the archive + unarchive: + src: "{{ nomad_root_dir }}/tmp/nomad_{{ nomad_version }}_linux_amd64.zip" + dest: "{{ nomad_root_dir }}/tmp" + remote_src: True + + - name: Install nomad binary + copy: + src: "{{ nomad_root_dir }}/tmp/nomad" + dest: "{{ nomad_root_dir }}/bin/nomad" + remote_src: True + mode: 755 + + - name: Link in /usr/local/bin + file: src={{ nomad_root_dir }}/bin/nomad dest=/usr/local/bin/nomad state=link force=True + + tags: nomad + +- name: Install bash completion support + copy: + content: | + complete -C {{ nomad_root_dir }}/bin/nomad nomad + dest: /etc/bash_completion.d/nomad + mode: 755 + tags: nomad + +- name: Deploy systemd service unit + template: src=nomad.service.j2 dest=/etc/systemd/system/nomad.service + register: nomad_unit + notify: restart nomad + tags: nomad + +- name: Reload systemd + systemd: daemon_reload=True + when: nomad_unit.changed + tags: nomad + diff --git a/roles/nomad/tasks/iptables.yml b/roles/nomad/tasks/iptables.yml new file mode 100644 index 0000000..42f29fd --- /dev/null +++ b/roles/nomad/tasks/iptables.yml @@ -0,0 +1,15 @@ +--- + +- name: Handle nomad ports in the firewall + iptables_raw: + name: nomad_port_{{ item }} + state: "{{ (('tcp' in nomad_services[item].proto or 'udp' in nomad_services[item].proto) and nomad_services[item].src_ip | length > 0) | ternary('present', 'absent') }}" + rules: | + {% if 'tcp' in nomad_services[item].proto %} + -A INPUT -m state --state NEW -p tcp --dport {{ nomad_services[item].port }} -j ACCEPT + {% endif %} + {% if 'udp' in nomad_services[item].proto %} + -A INPUT -m state --state NEW -p udp --dport {{ nomad_services[item].port }} -j ACCEPT + {% endif %} + loop: "{{ nomad_services.keys() | list }}" + tags: firewall,nomad diff --git a/roles/nomad/tasks/main.yml b/roles/nomad/tasks/main.yml new file mode 100644 index 0000000..356d1e4 --- /dev/null +++ b/roles/nomad/tasks/main.yml @@ -0,0 +1,39 @@ +--- + +- include_tasks: user.yml + when: nomad_user != 'root' + tags: always + +- include_tasks: directories.yml + tags: always + +- include_tasks: facts.yml + tags: always + +- include_tasks: archive_pre.yml + when: nomad_install_mode | default('none') == 'upgrade' + tags: always + +- include_tasks: install.yml + tags: always + +- include_tasks: conf.yml + tags: always + +- include_tasks: iptables.yml + when: iptables_manage | default(True) + tags: always + +- include_tasks: services.yml + tags: always + +- include_tasks: write_version.yml + tags: always + +- include_tasks: archive_post.yml + when: nomad_install_mode | default('none') == 'upgrade' + tags: always + +- include_tasks: cleanup.yml + tags: always + diff --git a/roles/nomad/tasks/services.yml b/roles/nomad/tasks/services.yml new file mode 100644 index 0000000..7b5e6b4 --- /dev/null +++ b/roles/nomad/tasks/services.yml @@ -0,0 +1,6 @@ +--- + +- name: Start and enable nomad service + service: name=nomad state=started enabled=True + register: nomad_service_started + tags: nomad diff --git a/roles/nomad/tasks/user.yml b/roles/nomad/tasks/user.yml new file mode 100644 index 0000000..2e4eb0a --- /dev/null +++ b/roles/nomad/tasks/user.yml @@ -0,0 +1,9 @@ +--- + +- name: Create nomad user + user: + name: "{{ nomad_user }}" + home: "{{ nomad_root_dir }}" + system: True + shell: /sbin/nologin + tags: nomad diff --git a/roles/nomad/tasks/write_version.yml b/roles/nomad/tasks/write_version.yml new file mode 100644 index 0000000..f4b5428 --- /dev/null +++ b/roles/nomad/tasks/write_version.yml @@ -0,0 +1,5 @@ +--- + +- name: Write installed version + copy: content={{ nomad_version }} dest={{ nomad_root_dir }}/meta/ansible_version + tags: nomad diff --git a/roles/nomad/templates/nomad.json.j2 b/roles/nomad/templates/nomad.json.j2 new file mode 100644 index 0000000..6da95b4 --- /dev/null +++ b/roles/nomad/templates/nomad.json.j2 @@ -0,0 +1 @@ +{{ nomad_conf | to_nice_json(indent=2) }} diff --git a/roles/nomad/templates/nomad.service.j2 b/roles/nomad/templates/nomad.service.j2 new file mode 100644 index 0000000..d4993c2 --- /dev/null +++ b/roles/nomad/templates/nomad.service.j2 @@ -0,0 +1,24 @@ +[Unit] +Description=Nomad +Documentation=https://nomadproject.io/docs/ +Wants=network-online.target +After=network-online.target +ConditionFileNotEmpty={{ nomad_root_dir }}/etc/nomad.json + +[Service] +EnvironmentFile=-{{ nomad_root_dir }}/etc/nomad.env +User={{ nomad_user }} +Group={{ nomad_user }} +ExecStart={{ nomad_root_dir }}/bin/nomad agent -config={{ nomad_root_dir }}/etc/ +ExecReload=/bin/kill --signal HUP $MAINPID +KillMode=process +KillSignal=SIGINT +Restart=on-failure +LimitNOFILE=65536 +LimitNPROC=infinity +RestartSec=2 +TasksMax=infinity +OOMScoreAdjust=-1000 + +[Install] +WantedBy=multi-user.target