Update to 2022-08-03 16:00

2022-08-03 16:00:16 +02:00 · 2022-08-03 16:00:16 +02:00 · 5715cdb046
parent a11f21e9c6
commit 5715cdb046
18 changed files with 198 additions and 11 deletions
--- a/roles/cni_plugins/defaults/main.yml
+++ b/roles/cni_plugins/defaults/main.yml
@ -0,0 +1,11 @@
+---
+
+# Version of the CNI plugins to install
+cni_version: 1.1.1
+# Archive where the pre compiled bin archive will be downloaded
+cni_archive_url: https://github.com/containernetworking/plugins/releases/download/v{{ cni_version }}/cni-plugins-linux-amd64-v{{ cni_version }}.tgz
+# Expected checksum of the archive
+cni_archive_sha256: b275772da4026d2161bf8a8b41ed4786754c8a93ebfb6564006d5da7f23831e5
+
+# Where the plugins will be installed (binaries will be extracted in a /bin sub-directory)
+cni_root_dir: /opt/cni
--- a/roles/cni_plugins/tasks/archive_post.yml
+++ b/roles/cni_plugins/tasks/archive_post.yml
@ -0,0 +1,14 @@
+---
+
+- name: Compress previous version
+  command: tar cf {{ cni_root_dir }}/archives/{{ cni_current_version }}.tar.zst ./ --use-compress-program=zstd
+  args:
+    chdir: "{{ cni_root_dir }}/archives/{{ cni_current_version }}"
+    warn: False
+  environment:
+    ZSTD_CLEVEL: 10
+  tags: cni
+
+- name: Remove archive dir
+  file: path={{ cni_root_dir }}/archives/{{ cni_current_version }} state=absent
+  tags: cni
--- a/roles/cni_plugins/tasks/archive_pre.yml
+++ b/roles/cni_plugins/tasks/archive_pre.yml
@ -0,0 +1,14 @@
+---
+
+- name: Create the archive dir
+  file: path={{ cni_root_dir }}/archives/{{ cni_current_version }} state=directory
+  tags: cni
+
+- name: Archive current version
+  synchronize:
+    src: "{{ cni_root_dir }}/bin"
+    dest: "{{ cni_root_dir }}/archives/{{ cni_current_version }}/"
+    compress: False
+    delete: True
+  delegate_to: "{{ inventory_hostname }}"
+  tags: cni
--- a/roles/cni_plugins/tasks/cleanup.yml
+++ b/roles/cni_plugins/tasks/cleanup.yml
@ -0,0 +1,7 @@
+---
+
+- name: Remove tmp and obsolete files
+  file: path={{ item }} state=absent
+  loop:
+    - "{{ cni_root_dir }}/tmp/cni-plugins-linux-amd64-v1.1.1.tgz"
+  tags: cni
--- a/roles/cni_plugins/tasks/directories.yml
+++ b/roles/cni_plugins/tasks/directories.yml
@ -0,0 +1,13 @@
+---
+
+- name: Create directories
+  file: path={{ item.dir }} state=directory mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: "{{ cni_root_dir }}"
+    - dir: "{{ cni_root_dir }}/bin"
+    - dir: "{{ cni_root_dir }}/archives"
+    - dir: "{{ cni_root_dir }}/meta"
+      mode: 700
+    - dir: "{{ cni_root_dir }}/tmp"
+      mode: 700
+  tags: cni
--- a/roles/cni_plugins/tasks/facts.yml
+++ b/roles/cni_plugins/tasks/facts.yml
@ -0,0 +1,12 @@
+---
+
+# Detect installed version (if any)
+- block:
+    - import_tasks: ../includes/webapps_set_install_mode.yml
+      vars:
+        - root_dir: "{{ cni_root_dir }}"
+        - version: "{{ cni_version }}"
+    - set_fact: cni_install_mode={{ install_mode }}
+    - set_fact: cni_current_version={{ current_version | default('') }}
+  tags: cni
+
--- a/roles/cni_plugins/tasks/install.yml
+++ b/roles/cni_plugins/tasks/install.yml
@ -0,0 +1,18 @@
+---
+
+- when: cni_install_mode != 'none'
+  block:
+
+    - name: Download the CNI plugins
+      get_url:
+        url: "{{ cni_archive_url }}"
+        dest: "{{ cni_root_dir }}/tmp"
+        checksum: sha256:{{ cni_archive_sha256 }}
+
+    - name: Extract archive
+      unarchive:
+        src: "{{ cni_root_dir }}/tmp/cni-plugins-linux-amd64-v{{ cni_version }}.tgz"
+        dest: "{{ cni_root_dir }}/bin/"
+        remote_src: True
+
+  tags: cni
--- a/roles/cni_plugins/tasks/main.yml
+++ b/roles/cni_plugins/tasks/main.yml
@ -0,0 +1,24 @@
+---
+
+- include_tasks: directories.yml
+  tags: always
+
+- include_tasks: facts.yml
+  tags: always
+
+- include_tasks: archive_pre.yml
+  when: cni_install_mode == 'upgrade'
+  tags: always
+
+- include_tasks: install.yml
+  tags: always
+
+- include_tasks: write_version.yml
+  tags: always
+
+- include_tasks: archive_post.yml
+  when: cni_install_mode == 'upgrade'
+  tags: always
+
+- include_tasks: cleanup.yml
+  tags: always
--- a/roles/cni_plugins/tasks/write_version.yml
+++ b/roles/cni_plugins/tasks/write_version.yml
@ -0,0 +1,5 @@
+---
+
+- name: Write installed version
+  copy: content={{ cni_version }} dest={{ cni_root_dir }}/meta/ansible_version
+  tags: cni
--- a/roles/nomad/defaults/main.yml
+++ b/roles/nomad/defaults/main.yml
@ -7,6 +7,13 @@ nomad_archive_url: https://releases.hashicorp.com/nomad/{{ nomad_version }}/noma
 # Expected sha256 of the archive
 nomad_archive_sha256: fc6b3800935c621633d98148ea30737ab8ac1f698020f45b28b07ac61fbf4a96

+# List of plugins to install
+nomad_plugins:
+  podman:
+    version: 0.4.0
+    archive_url: https://releases.hashicorp.com/nomad-driver-podman/0.4.0/nomad-driver-podman_0.4.0_linux_amd64.zip
+    sha256: f905f9c38db8cec1542b92f69233488d5bf94e30fe9a0fae9ac03b30c1e2cfea
+
 # Root dir where Nomad will be installed
 nomad_root_dir: /opt/nomad

@ -62,8 +69,7 @@ nomad_base_conf:
    #   cni: macvlan,ipvlan
    meta: {}

-    # List of enabled drivers, and their options. Valid ones are
-    # exec, raw_exec, docker, java.
+    # List of enabled drivers, and their options.
    task_drivers:
      exec:
        enabled: True
@ -74,6 +80,10 @@ nomad_base_conf:
        enabled: False
      java:
        enabled: False
+      qemu:
+        enabled: False
+      podman:
+        enabled: False # Note on EL8, it cannot be used with docker as there are package conflicts, see https://bugs.centos.org/view.php?id=16892

  # Server related settings
  server:
--- a/roles/nomad/meta/main.yml
+++ b/roles/nomad/meta/main.yml
@ -3,3 +3,5 @@
 dependencies:
  - role: docker
    when: nomad_conf.client.enabled and nomad_conf.client.task_drivers.docker.enabled
+  - role: cni_plugins
+    when: nomad_conf.client.enabled
--- a/roles/nomad/tasks/archive_pre.yml
+++ b/roles/nomad/tasks/archive_pre.yml
@ -4,7 +4,18 @@
  file: path={{ nomad_root_dir }}/archives/{{ nomad_current_version }} state=directory
  tags: nomad

- name: Backup previous version
-  copy: src={{ nomad_root_dir }}/bin/nomad dest={{ nomad_root_dir }}/archives/{{ nomad_current_version }}/ remote_src=True
+- name: Snapshot nomad data
+  command: "{{ nomad_root_dir }}/bin/nomad operator save {{ nomad_root_dir }}/archives/{{ nomad_current_version }}/nomad.snap"
+  tags: nomad
+
+- name: Backup previous version
+  synchronize:
+    src: "{{ item }}"
+    dest: "{{ nomad_root_dir }}/archives/{{ nomad_current_version }}/"
+    compress: False
+  delegate_to: "{{ inventory_hostname }}"
+  loop:
+    - bin
+    - plugins
  tags: nomad

--- a/roles/nomad/tasks/directories.yml
+++ b/roles/nomad/tasks/directories.yml
@ -26,6 +26,9 @@
    - dir: data
      owner: "{{ nomad_user }}"
      group: "{{ nomad_user }}"
+    - dir: plugins
+      owner: "{{ nomad_user }}"
+      group: "{{ nomad_user }}"
    - dir: etc
      owner: root
      group: "{{ nomad_user }}"
--- a/roles/nomad/tasks/facts.yml
+++ b/roles/nomad/tasks/facts.yml
@ -33,9 +33,8 @@
 - when: nomad_bin.stat.exists and nomad_current_version != nomad_version
  set_fact: nomad_install_mode='upgrade'

- debug: msg={{ nomad_conf.client.task_drivers | dict2items }}
-  tags: nomad
-
 - name: Build a list of enabled task drivers
  set_fact: nomad_enabled_task_drivers={{ nomad_conf.client.task_drivers | dict2items | selectattr('value.enabled', 'equalto', True) | map(attribute='key') }}
  tags: nomad
+
+
--- a/roles/nomad/tasks/install.yml
+++ b/roles/nomad/tasks/install.yml
@ -15,6 +15,14 @@
  notify: restart nomad
  tags: nomad

+- when: nomad_install_mode == 'upgrade'
+  name: Clear plugin dir on upgrades
+  file: path={{ nomad_root_dir }}/plugins state={{ item }} owner={{ nomad_user }} group={{ nomad_user }}
+  loop:
+    - absent
+    - directory
+  tags: nomad
+
 - when: nomad_install_mode != 'none'
  block:
    - name: Download nomad
@ -35,10 +43,37 @@
        dest: "{{ nomad_root_dir }}/bin/nomad"
        remote_src: True
        mode: 755
+      notify: restart nomad

    - name: Link in /usr/local/bin
      file: src={{ nomad_root_dir }}/bin/nomad dest=/usr/local/bin/nomad state=link force=True

+    - name: Download plugins
+      get_url:
+        url: "{{ nomad_plugins[item].archive_url }}"
+        dest: "{{ nomad_root_dir }}/tmp"
+        checksum: sha256:{{ nomad_plugins[item].sha256 }}
+      register: nomad_plugin_dl
+      loop: "{{ nomad_plugins.keys() | list }}"
+
+    - name: Extract nomad plugins
+      unarchive:
+        src: "{{ item.dest }}"
+        dest: "{{ nomad_root_dir }}/plugins/"
+        remote_src: True
+      loop: "{{ nomad_plugin_dl.results }}"
+      notify: restart nomad
+
+  tags: nomad
+
+# Nomad looks for the qemu-system-x86_64 bin in $PATH
+# so it needs to be available for Nomad to detect it
+- name: Link qemu-kvm to qemu-system-x86_64
+  file:
+    src: /usr/libexec/qemu-kvm
+    dest: /usr/local/bin/qemu-system-x86_64
+    state: link
+  when: nomad_conf.client.enabled and 'qemu' in nomad_enabled_task_drivers
  tags: nomad

 - name: Install bash completion support
--- a/roles/nomad/templates/nomad.hcl.j2
+++ b/roles/nomad/templates/nomad.hcl.j2
@ -1,4 +1,5 @@
 data_dir = "{{ nomad_root_dir }}/data"
+plugin_dir = "{{ nomad_root_dir }}/plugins"
 log_level = "{{ nomad_conf.log_level }}"
 bind_addr = "0.0.0.0"

@ -41,8 +42,9 @@ server {
  }
 }

+{% if nomad_conf.client.enabled %}
 client {
-  enabled = {{ nomad_conf.client.enabled | ternary('true', 'false') }}
+  enabled = true
  servers = [
 {% for server in nomad_servers %}
    "{{ server }}",
@ -96,7 +98,11 @@ plugin "raw_exec" {
 }
 {% endif %}
 {% endif %}
-
+{% else %}
+client {
+  enabled = false
+}
+{% endif %}
 ui {
  enabled = {{ nomad_conf.ui.enabled | ternary('true', 'false') }}
 {% if nomad_conf.ui.consul_ui is defined %}
--- a/roles/nomad/vars/RedHat-8.yml
+++ b/roles/nomad/vars/RedHat-8.yml
@ -3,3 +3,8 @@
 nomad_task_driver_packages:
  java:
    - java-17-openjdk-headless
+  qemu:
+    - qemu-kvm
+  podman:
+    - podman
+    - podman-docker
--- a/roles/nomad/vars/main.yml
+++ b/roles/nomad/vars/main.yml
@ -1,2 +0,0 @@
---
-