From 99b21a541e73349473a93d3b71c40463a8fd1c84 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Sat, 6 Aug 2022 13:00:16 +0200 Subject: [PATCH] Update to 2022-08-06 13:00 --- roles/diagrams/defaults/main.yml | 4 ++-- roles/documize/defaults/main.yml | 4 ++-- roles/matrix_element/defaults/main.yml | 4 ++-- roles/nomad/defaults/main.yml | 12 +++++++++++- roles/nomad/meta/main.yml | 2 ++ roles/nomad/tasks/cleanup.yml | 6 ++++++ roles/nomad/tasks/install.yml | 19 +++++++++++++++++++ roles/nomad/templates/nomad.hcl.j2 | 15 +++++++++++++-- roles/nomad/vars/RedHat-8.yml | 2 ++ 9 files changed, 59 insertions(+), 9 deletions(-) diff --git a/roles/diagrams/defaults/main.yml b/roles/diagrams/defaults/main.yml index ae1795f..a96e8d2 100644 --- a/roles/diagrams/defaults/main.yml +++ b/roles/diagrams/defaults/main.yml @@ -1,11 +1,11 @@ --- # Veresion of diagrams to deploy -diagrams_version: 20.2.1 +diagrams_version: 20.2.3 # URL of the WAR file to deploy diagrams_war_url: https://github.com/jgraph/drawio/releases/download/v{{ diagrams_version }}/draw.war # Expected sha256 of the WAR file -diagrams_war_sha256: 66136e6981cf3a4dbe4327d013c524c1d874d137eca2d6ae7137a4278059d4cb +diagrams_war_sha256: 88189928a58d33ee8ed001cb3259c2f12d128b33d8611e4902644fc8a8524f17 # root directory of the installation diagrams_root_dir: /opt/diagrams # Should ansible manage upgrades, or just initial install ? diff --git a/roles/documize/defaults/main.yml b/roles/documize/defaults/main.yml index 2e34994..1fad2bd 100644 --- a/roles/documize/defaults/main.yml +++ b/roles/documize/defaults/main.yml @@ -1,11 +1,11 @@ --- # Version of cocumize to deploy -documize_version: 5.2.0 +documize_version: 5.2.1 # URL of the binary to install documize_bin_url: https://github.com/documize/community/releases/download/v{{ documize_version }}/documize-community-linux-amd64 # Expected sha1 of the binary -documize_bin_sha256: 22e1c796a2e05cb56aa57ec8df252930ebb795c0a9548bfd8808f97b74e652f9 +documize_bin_sha256: 154fd2c23f8991482b42d2d15e4cb5c8b5c965c1283c0e114b7943276de1be07 # Should documize handle upgrades or only initial install ? documize_manage_upgrade: True diff --git a/roles/matrix_element/defaults/main.yml b/roles/matrix_element/defaults/main.yml index 7781926..5d86b46 100644 --- a/roles/matrix_element/defaults/main.yml +++ b/roles/matrix_element/defaults/main.yml @@ -5,8 +5,8 @@ element_id: element # Version to deploy, and expected sha256 -element_version: 1.11.1 -element_archive_sha256: 673994f739ba01f84b46e95e2af00dbfe3a00c715d14b009d30d96bcd7141c7d +element_version: 1.11.2 +element_archive_sha256: d3a4c497141517af9ac284c19b5647c44bd52a8fb5b8a75b87f260bc13402ce6 # Where to install element element_root_dir: /opt/matrix/element diff --git a/roles/nomad/defaults/main.yml b/roles/nomad/defaults/main.yml index e8eeadd..d785919 100644 --- a/roles/nomad/defaults/main.yml +++ b/roles/nomad/defaults/main.yml @@ -10,9 +10,11 @@ nomad_archive_sha256: d908811cebe2a8373e93c4ad3d09af5c706241878ff3f21ee0f182b4ec # List of plugins to install nomad_plugins: podman: - version: 0.4.0 archive_url: https://releases.hashicorp.com/nomad-driver-podman/0.4.0/nomad-driver-podman_0.4.0_linux_amd64.zip sha256: f905f9c38db8cec1542b92f69233488d5bf94e30fe9a0fae9ac03b30c1e2cfea + containerd: + archive_url: https://github.com/Roblox/nomad-driver-containerd/releases/download/v0.9.3/containerd-driver + sha256: 7bbeda63a5e05724c8f8c6d05790fbc175acc89e4309c13839afc9716d4b39c2 # Root dir where Nomad will be installed nomad_root_dir: /opt/nomad @@ -102,6 +104,10 @@ nomad_base_conf: enabled: False podman: enabled: False # Note on EL8, it cannot be used with docker as there are package conflicts, see https://bugs.centos.org/view.php?id=16892 + containerd-driver: + enabled: False + containerd_runtime: io.containerd.runc.v2 + allow_privileged: True # Server related settings server: @@ -161,6 +167,10 @@ nomad_base_services: proto: [tcp,udp] src_ip: [] # advertise: x.x.x.x + dynamic: + port: 20000:32000 + proto: [tcp,udp] + src_ip: [] nomad_extra_services: {} nomad_host_services: {} nomad_services: "{{ nomad_base_services | combine(nomad_extra_services, recursive=True) | combine(nomad_host_services, recursive=True) }}" diff --git a/roles/nomad/meta/main.yml b/roles/nomad/meta/main.yml index 5b9771d..ecdd4d4 100644 --- a/roles/nomad/meta/main.yml +++ b/roles/nomad/meta/main.yml @@ -1,6 +1,8 @@ --- dependencies: + - role: repo_docker + when: nomad_conf.client.enabled and nomad_conf.client.task_drivers['containerd-driver'].enabled # with containerd, we just configure the repo and install containerd.io - role: docker when: nomad_conf.client.enabled and nomad_conf.client.task_drivers.docker.enabled - role: cni_plugins diff --git a/roles/nomad/tasks/cleanup.yml b/roles/nomad/tasks/cleanup.yml index 3de94b3..947e2e9 100644 --- a/roles/nomad/tasks/cleanup.yml +++ b/roles/nomad/tasks/cleanup.yml @@ -6,3 +6,9 @@ - "{{ nomad_root_dir }}/tmp/nomad_{{ nomad_version }}_linux_amd64.zip" - "{{ nomad_root_dir }}/tmp/nomad" tags: nomad + +- name: Remove temporary plugin files + file: path={{ item.dest }} state=absent + loop: "{{ nomad_plugin_dl.results }}" + when: nomad_plugin_dl is defined and nomad_plugin_dl.results is defined and item.dest is defined + tags: nomad diff --git a/roles/nomad/tasks/install.yml b/roles/nomad/tasks/install.yml index c450729..0ac9800 100644 --- a/roles/nomad/tasks/install.yml +++ b/roles/nomad/tasks/install.yml @@ -62,8 +62,27 @@ dest: "{{ nomad_root_dir }}/plugins/" remote_src: True loop: "{{ nomad_plugin_dl.results }}" + when: item.dest | basename | splitext | last in ['.zip','.tgz', '.txz', '.tar.gz', '.tar.xz'] notify: restart nomad + - name: Copy nomad plugins + copy: + src: "{{ item.dest }}" + dest: "{{ nomad_root_dir }}/plugins/" + remote_src: True + loop: "{{ nomad_plugin_dl.results }}" + when: item.dest | basename | splitext | last not in ['.zip','.tgz', '.txz', '.tar.gz', '.tar.xz'] + notify: restart nomad + + - name: List installed plugins + command: ls {{ nomad_root_dir }}/plugins/ + register: nomad_installed_plugins + changed_when: False + + - name: Set permissions on plugins + file: path={{ nomad_root_dir }}/plugins/{{ item }} owner=root group=root mode=755 + loop: "{{ nomad_installed_plugins.stdout_lines }}" + tags: nomad # Nomad looks for the qemu-system-x86_64 bin in $PATH diff --git a/roles/nomad/templates/nomad.hcl.j2 b/roles/nomad/templates/nomad.hcl.j2 index 9395e28..c26a286 100644 --- a/roles/nomad/templates/nomad.hcl.j2 +++ b/roles/nomad/templates/nomad.hcl.j2 @@ -18,7 +18,7 @@ name = {{ nomad_conf.name }} disable_update_check = true advertise { -{% for service in nomad_services.keys() | list %} +{% for service in ['http', 'rpc', 'serf' ] %} {% if nomad_services[service].advertise is defined %} {{ service }} = {{ nomad_services[service].advertise }} {% endif %} @@ -26,7 +26,7 @@ advertise { } ports { -{% for service in nomad_services.keys() | list %} +{% for service in ['http', 'rpc', 'serf' ] %} {{ service }} = {{ nomad_services[service].port }} {% endfor %} } @@ -118,6 +118,17 @@ plugin "raw_exec" { } } {% endif %} + +{% if 'containerd-driver' in nomad_enabled_task_drivers %} +plugin "containerd-driver" { + config { + enabled = true + containerd_runtime = "{{ nomad_conf.client.task_drivers['containerd-driver'].containerd_runtime }}" + allow_privileged = {{ nomad_conf.client.task_drivers['containerd-driver'].allow_privileged | ternary('true', 'false') }} + } +} +{% endif %} + {% endif %} {% else %} client { diff --git a/roles/nomad/vars/RedHat-8.yml b/roles/nomad/vars/RedHat-8.yml index a609b0f..08396f4 100644 --- a/roles/nomad/vars/RedHat-8.yml +++ b/roles/nomad/vars/RedHat-8.yml @@ -8,3 +8,5 @@ nomad_task_driver_packages: podman: - podman - podman-docker + containerd-driver: + - containerd.io