First commit

2023-07-19 00:32:07 +02:00 · 2023-07-19 00:32:07 +02:00 · 36c861bd27
commit 36c861bd27
10 changed files with 242 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1 @@
+# Nomad Packs
--- a/packs/common/metadata.hcl
+++ b/packs/common/metadata.hcl
@ -0,0 +1,10 @@
+app {
+  url = "https://git.lapiole.org"
+}
+
+pack {
+  name = "common"
+  description = "common variables for Nomad Packs"
+  url = "https://git.lapiole.org/infra/nomad/packs/common"
+  version = "0.0.1"
+}
--- a/packs/common/variables.hcl
+++ b/packs/common/variables.hcl
@ -0,0 +1,9 @@
+variable "vault_prefix" {
+  type = string
+  default = ""
+}
+
+variable "namespace" {
+  type = string
+  default = "default"
+}
--- a/packs/democratic_csi_freenas_api/files/iscsi/controller.yml.tpl
+++ b/packs/democratic_csi_freenas_api/files/iscsi/controller.yml.tpl
@ -0,0 +1,41 @@
+driver: freenas-api-iscsi
+
+instance_id:
+
+httpConnection:
+  protocol: {{ env "TRUENAS_API_SCHEME" }}
+  host: {{ env "TRUENAS_API_HOST" }}
+  port: {{ env "TRUENAS_API_PORT" }}
+  apiKey: {{ with secret (printf "%skv/service/democratic-csi" (env "VAULT_PREFIX")) }}{{ .Data.data.truenas_api_key }}{{ end }}
+  allowInsecure: {{ env "TRUENAS_API_INSECURE" }}
+  apiVersion: 2
+
+zfs:
+  datasetParentName: {{ env "ZFS_PARENT" }}
+  detachedSnapshotsDatasetParentName: {{ env "ZFS_SNAP_PARENT" }}
+  zvolCompression:
+  zvolDedup:
+  zvolEnableReservation: {{ env "ZFS_RESERVATION" }}
+  zvolBlocksize: {{ env "ZFS_BLOCKSIZE" }}
+
+iscsi:
+  targetPortals:
+{{ range $idx, $portal := (env "ISCSI_PORTALS" | split ",") }}
+    - {{ $portal }}{{ end }}
+  interface:
+
+  namePrefix: ""
+  nameSuffix: ""
+
+  targetGroups:
+    - targetGroupPortalGroup: 1
+      targetGroupInitiatorGroup: 1
+      targetGroupAuthType: None
+      targetGroupAuthGroup:
+
+  extentInsecureTpc: true
+  extentXenCompat: false
+  extentDisablePhysicalBlocksize: false
+  extentBlocksize: 512
+  extentRpm: "SSD"
+  extentAvailThreshold: 0
--- a/packs/democratic_csi_freenas_api/metadata.hcl
+++ b/packs/democratic_csi_freenas_api/metadata.hcl
@ -0,0 +1,14 @@
+app {
+  url = "https://github.com/democratic-csi/democratic-csi"
+}
+
+pack {
+  name = "democratic_csi_freenas_api"
+  description = "CSI plugin for Nomad to use storage (NFS and iSCSI) from FreeNAS / TrueNAS"
+  url = "https://git.lapiole.org/infra/nomad/packs/democfratic_csi_freenas_api"
+  version = "0.0.1"
+}
+
+dependency "common" {
+  source = "https://git.lapiole.org/infra/nomad/packs/common"
+}
--- a/packs/democratic_csi_freenas_api/output/democratic_csi_freenas_api/democratic-csi-controller.nomad.hcl
+++ b/packs/democratic_csi_freenas_api/output/democratic_csi_freenas_api/democratic-csi-controller.nomad.hcl
@ -0,0 +1,87 @@
+job "democratic-csi-controller" {
+  datacenters = ["dc1"]
+
+  group "iscsi" {
+    task "iscsi-controller" {
+      driver = "docker"
+
+      config {
+        image = "danielberteaud/democratic-csi:latest"
+
+        args = [
+          "--csi-version=1.5.0",
+          "--csi-name=org.democratic-csi.iscsi",
+          "--driver-config-file=${NOMAD_SECRETS_DIR}/config.yml",
+          "--log-level=info",
+          "--csi-mode=controller",
+          "--server-socket=/csi/csi.sock",
+        ]
+
+        network_mode = "host"
+        privileged   = true
+        userns_mode  = "host"
+      }
+
+      template {
+        data = <<-EOF
+          driver: freenas-api-iscsi
+
+instance_id:
+
+httpConnection:
+  protocol: {{ env "TRUENAS_API_SCHEME" }}
+  host: {{ env "TRUENAS_API_HOST" }}
+  port: {{ env "TRUENAS_API_PORT" }}
+  apiKey: {{ with secret (printf "%skv/service/democratic-csi" (env "VAULT_PREFIX")) }}{{ .Data.data.truenas_api_key }}{{ end }}
+  allowInsecure: {{ env "TRUENAS_API_INSECURE" }}
+  apiVersion: 2
+
+zfs:
+  datasetParentName: {{ env "ZFS_PARENT" }}
+  detachedSnapshotsDatasetParentName: {{ env "ZFS_SNAP_PARENT" }}
+  zvolCompression:
+  zvolDedup:
+  zvolEnableReservation: {{ env "ZFS_RESERVATION" }}
+  zvolBlocksize: {{ env "ZFS_BLOCKSIZE" }}
+
+iscsi:
+  targetPortals:
+{{ range $idx, $portal := (env "ISCSI_PORTALS" | split ",") }}
+    - {{ $portal }}{{ end }}
+  interface:
+
+  namePrefix: ""
+  nameSuffix: ""
+
+  targetGroups:
+    - targetGroupPortalGroup: 1
+      targetGroupInitiatorGroup: 1
+      targetGroupAuthType: None
+      targetGroupAuthGroup:
+
+  extentInsecureTpc: true
+  extentXenCompat: false
+  extentDisablePhysicalBlocksize: false
+  extentBlocksize: 512
+  extentRpm: "SSD"
+  extentAvailThreshold: 0
+
+        EOF
+
+        destination = "${NOMAD_SECRETS_DIR}/config.yml"
+      }
+
+      csi_plugin {
+        # must match --csi-name arg
+        id        = "org.democratic-csi.iscsi"
+        type      = "controller"
+        mount_dir = "/csi"
+      }
+
+      resources {
+        cpu    = 100
+        memory = 192
+      }
+    }
+  }
+}
--- a/packs/democratic_csi_freenas_api/output/democratic_csi_freenas_api/vault/policies/democratic-csi.hcl
+++ b/packs/democratic_csi_freenas_api/output/democratic_csi_freenas_api/vault/policies/democratic-csi.hcl
@ -0,0 +1,3 @@
+path "kv/service/democratic-csi" {
+  capabilities = ["read"]
+}
--- a/packs/democratic_csi_freenas_api/templates/democratic-csi-controller.nomad.hcl.tpl
+++ b/packs/democratic_csi_freenas_api/templates/democratic-csi-controller.nomad.hcl.tpl
@ -0,0 +1,47 @@
+job "democratic-csi-controller" {
+  datacenters = ["dc1"]
+  
+  group "iscsi" {
+    
+    task "iscsi-controller" {
+      
+      driver = "docker"
+
+      config {
+        image = "[[ .democratic_csi_freenas_api.image ]]"
+        args = [
+          "--csi-version=1.5.0",
+          "--csi-name=org.democratic-csi.iscsi",
+          "--driver-config-file=${NOMAD_SECRETS_DIR}/config.yml",
+          "--log-level=info",
+          "--csi-mode=controller",
+          "--server-socket=/csi/csi.sock"
+        ]
+
+        network_mode = "host"
+        privileged   = true
+        userns_mode  = "host"
+      }
+
+      template {
+        data =<<-EOF
+          [[ fileContents "files/iscsi/controller.yml.tpl" ]]
+        EOF
+        destination = "${NOMAD_SECRETS_DIR}/config.yml"
+      }
+
+      csi_plugin {
+        # must match --csi-name arg
+        id        = "org.democratic-csi.iscsi"
+        type      = "controller"
+        mount_dir = "/csi"
+      }
+
+      resources {
+        cpu    = [[ .democratic_csi_freenas_api.resources.cpu ]]
+        memory = [[ .democratic_csi_freenas_api.resources.memory ]]
+      }
+
+    }
+  }
+}
--- a/packs/democratic_csi_freenas_api/templates/vault/policies/democratic-csi.hcl.tpl
+++ b/packs/democratic_csi_freenas_api/templates/vault/policies/democratic-csi.hcl.tpl
@ -0,0 +1,3 @@
+path "[[ .democratic_csi_freenas_api.vault_prefix ]]kv/service/democratic-csi" {
+  capabilities = ["read"]
+}
--- a/packs/democratic_csi_freenas_api/variables.hcl
+++ b/packs/democratic_csi_freenas_api/variables.hcl
@ -0,0 +1,27 @@
+variable "vault_prefix" {
+  type = string
+  default = ""
+}
+
+variable "namespace" {
+  type = string
+  default = "default"
+}
+
+variable "image" {
+  description = "Docker image to use"
+  type = string
+  default = "danielberteaud/democratic-csi:latest"
+}
+
+variable "resources" {
+  description = "Resources allocation for each instance"
+  type = object({
+    cpu = number
+    memory = number
+  })
+  default = {
+    cpu = 100
+    memory = 192
+  }
+}