199 lines
6.8 KiB
YAML
199 lines
6.8 KiB
YAML
---
|
|
|
|
# Version of Nomad to install
|
|
nomad_version: 1.3.3
|
|
# URL of the archive
|
|
nomad_archive_url: https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip
|
|
# Expected sha256 of the archive
|
|
nomad_archive_sha256: d908811cebe2a8373e93c4ad3d09af5c706241878ff3f21ee0f182b4ecb571f2
|
|
|
|
# List of plugins to install
|
|
nomad_plugins:
|
|
podman:
|
|
archive_url: https://releases.hashicorp.com/nomad-driver-podman/0.4.0/nomad-driver-podman_0.4.0_linux_amd64.zip
|
|
sha256: f905f9c38db8cec1542b92f69233488d5bf94e30fe9a0fae9ac03b30c1e2cfea
|
|
containerd:
|
|
archive_url: https://github.com/Roblox/nomad-driver-containerd/releases/download/v0.9.3/containerd-driver
|
|
sha256: 7bbeda63a5e05724c8f8c6d05790fbc175acc89e4309c13839afc9716d4b39c2
|
|
|
|
# Root dir where Nomad will be installed
|
|
nomad_root_dir: /opt/nomad
|
|
|
|
# user under which nomad will run.
|
|
# Servers can run under an unprivileged user, while clients should run as root (or with equivalent privileges)
|
|
nomad_user: "{{ nomad_conf.client.enabled | ternary('root', 'nomad') }}"
|
|
|
|
# If ACL are enabled, you need to set a management token for ansible
|
|
# to be able to manage Nomad (eg snapshot before upgrades)
|
|
# nomad_mgm_token: XXXXXXXXX
|
|
|
|
# List of nomad servers (not clients !)
|
|
nomad_servers: []
|
|
|
|
# Nomad configuration
|
|
nomad_base_conf:
|
|
log_level: INFO
|
|
|
|
# You can define the datacenter in which this agent is running. The default value is dc1
|
|
# datacenter: dc1
|
|
|
|
# You can set the region here
|
|
# region: eu
|
|
|
|
# Node name, which should be uniq in the region. Default is the hostname
|
|
# name: nomad-fr-zone-c
|
|
|
|
# ACL
|
|
acl:
|
|
# Enable ACL
|
|
enabled: False
|
|
|
|
# For server in non authoritative regions, a token must be used to replicated policies
|
|
# replication_token: ...
|
|
|
|
|
|
# Client related settings
|
|
# The default is to act as a client if the hostname is not listed in nomad servers
|
|
client:
|
|
# Should client be enabled
|
|
enabled: "{{ (inventory_hostname in nomad_servers | map('regex_replace', ':\\d+$', '')) | ternary(False, True) }}"
|
|
# host_volumes:
|
|
# - name: mysql
|
|
# path: /data/mysql
|
|
# read_only: False
|
|
host_volumes: []
|
|
|
|
# An arbitrary string which can be used for job placement
|
|
# node_class: prod
|
|
|
|
# Resource reservation for the host to work properly
|
|
reserved:
|
|
# Unit is MHz
|
|
cpu: 200
|
|
# can be expressed as number, in which case it'll be the amount of RAM to reserve in MB
|
|
# or as a percentage, in which case it'll be a percentage of the total RAM
|
|
memory: 15%
|
|
# When memory is expressed as a percentage, you can set a minimum amount (in MB) which will be set
|
|
# if the percentage is less than that
|
|
memory_min: 500
|
|
# Unit is MB
|
|
disk: 500
|
|
# List of reserved ports which won't be allocated on tasks
|
|
reserved_ports: []
|
|
|
|
# Custom metadata to add in Nomad's conf
|
|
# meta:
|
|
# rack: 12-1
|
|
# cni: macvlan,ipvlan
|
|
meta: {}
|
|
|
|
# List of enabled drivers, and their options.
|
|
task_drivers:
|
|
exec:
|
|
enabled: True
|
|
docker:
|
|
enabled: True
|
|
allow_privileged: True
|
|
# You can set a list of caps allowed for containers. The default is the same set of caps than Docker, minus net_raw
|
|
# allow_caps: ["audit_write", "chown", "dac_override", "fowner", "fsetid", "kill", "mknod", "net_bind_service", "setfcap", "setgid", "setpcap", "setuid", "sys_chroot"]
|
|
raw_exec:
|
|
enabled: False
|
|
java:
|
|
enabled: False
|
|
qemu:
|
|
enabled: False
|
|
podman:
|
|
enabled: False # Note on EL8, it cannot be used with docker as there are package conflicts, see https://bugs.centos.org/view.php?id=16892
|
|
containerd-driver:
|
|
enabled: False
|
|
containerd_runtime: io.containerd.runc.v2
|
|
allow_privileged: True
|
|
|
|
# Server related settings
|
|
server:
|
|
# Should server be enabled
|
|
# The default is to act as a server if the hostname is listed in nomad_servers
|
|
enabled: "{{ (inventory_hostname in nomad_servers | map('regex_replace', ':\\d+$', '')) | ternary(True, False) }}"
|
|
|
|
# Expected number of servers to bootstrap the cluster. The default is to wait for all the servers
|
|
# listed in nomad_servers to be ready, and then to do the bootstrap
|
|
bootstrap_expect: "{{ nomad_servers | length }}"
|
|
|
|
# Encryption key to use to encrypt inter-server communications
|
|
# You can generate one with nomad operator keygen command. It must be the same
|
|
# on all the servers of the cluster. If not defined (the default), the trafic will
|
|
# not be encrypted
|
|
# encrypt: NVlG6VKgsTbMim041S5nbWmmaQKS7YchV+9G3XxcZDs=
|
|
|
|
# Name of the authoritative region from which policies will be pulled
|
|
# authoritative_region: eu
|
|
|
|
# Default scheduler config. Only used during cluster bootstrap
|
|
# If you want to change it after, you have to use the API
|
|
default_scheduler_config:
|
|
# can be binpack or spread. SPread makes more sens when running on premise
|
|
scheduler_algorithm: spread
|
|
memory_oversubscription_enabled: True
|
|
preemption_config:
|
|
batch_scheduler_enabled: True
|
|
system_scheduler_enabled: True
|
|
service_scheduler_enabled: True
|
|
sysbatch_scheduler_enabled: True
|
|
|
|
|
|
# UI related settings
|
|
ui:
|
|
# Default is to enable the UI on server only
|
|
enabled: "{{ (inventory_hostname in nomad_servers | map('regex_replace', ':\\d+$', '')) | ternary(True, False) }}"
|
|
# Consul and vault optional URL. This is just to add a shortcut in Nomad's UI
|
|
# consul_ui: https://consul.example.org
|
|
# vault_ui: https://vault.example.org
|
|
|
|
# Telemetry settings
|
|
telemetry:
|
|
prometheus_metrics: False
|
|
disable_hostname: True
|
|
publish_allocation_metrics: True
|
|
publish_node_metrics: True
|
|
|
|
# Consul integration
|
|
# See https://www.nomadproject.io/docs/configuration/consul
|
|
consul:
|
|
# address: http://localhost:8500
|
|
# allow_unauthenticated: True
|
|
# tags: []
|
|
|
|
|
|
|
|
# You can override part of the default config without rewriting everything else
|
|
# the dict will get merged
|
|
nomad_extra_conf: {}
|
|
nomad_host_conf: {}
|
|
nomad_conf: "{{ nomad_base_conf | combine(nomad_extra_conf, recursive=True) | combine(nomad_host_conf, recursive=True) }}"
|
|
|
|
# Ports used by Nomad, the protocols, and the list of IP/CIDR for which the ports will be opened in the firewall
|
|
# You can also specify which address/port to advertise (not needed most of the time)
|
|
nomad_base_services:
|
|
http:
|
|
port: 4646
|
|
proto: [tcp]
|
|
src_ip: []
|
|
# advertise: 10.11.12.13:4347
|
|
rpc:
|
|
port: 4647
|
|
proto: [tcp]
|
|
src_ip: []
|
|
# advertise: y.y.y.y
|
|
serf:
|
|
port: 4648
|
|
proto: [tcp,udp]
|
|
src_ip: []
|
|
# advertise: x.x.x.x
|
|
dynamic:
|
|
port: 20000:32000
|
|
proto: [tcp,udp]
|
|
src_ip: []
|
|
nomad_extra_services: {}
|
|
nomad_host_services: {}
|
|
nomad_services: "{{ nomad_base_services | combine(nomad_extra_services, recursive=True) | combine(nomad_host_services, recursive=True) }}"
|