commit 36c861bd273a98cafb5ad429efe31a2e45c88e2a Author: Daniel Berteaud Date: Wed Jul 19 00:32:07 2023 +0200 First commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..7d02b18 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# Nomad Packs diff --git a/packs/common/metadata.hcl b/packs/common/metadata.hcl new file mode 100644 index 0000000..15ed703 --- /dev/null +++ b/packs/common/metadata.hcl @@ -0,0 +1,10 @@ +app { + url = "https://git.lapiole.org" +} + +pack { + name = "common" + description = "common variables for Nomad Packs" + url = "https://git.lapiole.org/infra/nomad/packs/common" + version = "0.0.1" +} diff --git a/packs/common/variables.hcl b/packs/common/variables.hcl new file mode 100644 index 0000000..42f5967 --- /dev/null +++ b/packs/common/variables.hcl @@ -0,0 +1,9 @@ +variable "vault_prefix" { + type = string + default = "" +} + +variable "namespace" { + type = string + default = "default" +} diff --git a/packs/democratic_csi_freenas_api/files/iscsi/controller.yml.tpl b/packs/democratic_csi_freenas_api/files/iscsi/controller.yml.tpl new file mode 100644 index 0000000..f6c2d9f --- /dev/null +++ b/packs/democratic_csi_freenas_api/files/iscsi/controller.yml.tpl @@ -0,0 +1,41 @@ +driver: freenas-api-iscsi + +instance_id: + +httpConnection: + protocol: {{ env "TRUENAS_API_SCHEME" }} + host: {{ env "TRUENAS_API_HOST" }} + port: {{ env "TRUENAS_API_PORT" }} + apiKey: {{ with secret (printf "%skv/service/democratic-csi" (env "VAULT_PREFIX")) }}{{ .Data.data.truenas_api_key }}{{ end }} + allowInsecure: {{ env "TRUENAS_API_INSECURE" }} + apiVersion: 2 + +zfs: + datasetParentName: {{ env "ZFS_PARENT" }} + detachedSnapshotsDatasetParentName: {{ env "ZFS_SNAP_PARENT" }} + zvolCompression: + zvolDedup: + zvolEnableReservation: {{ env "ZFS_RESERVATION" }} + zvolBlocksize: {{ env "ZFS_BLOCKSIZE" }} + +iscsi: + targetPortals: +{{ range $idx, $portal := (env "ISCSI_PORTALS" | split ",") }} + - {{ $portal }}{{ end }} + interface: + + namePrefix: "" + nameSuffix: "" + + targetGroups: + - targetGroupPortalGroup: 1 + targetGroupInitiatorGroup: 1 + targetGroupAuthType: None + targetGroupAuthGroup: + + extentInsecureTpc: true + extentXenCompat: false + extentDisablePhysicalBlocksize: false + extentBlocksize: 512 + extentRpm: "SSD" + extentAvailThreshold: 0 diff --git a/packs/democratic_csi_freenas_api/metadata.hcl b/packs/democratic_csi_freenas_api/metadata.hcl new file mode 100644 index 0000000..f6804eb --- /dev/null +++ b/packs/democratic_csi_freenas_api/metadata.hcl @@ -0,0 +1,14 @@ +app { + url = "https://github.com/democratic-csi/democratic-csi" +} + +pack { + name = "democratic_csi_freenas_api" + description = "CSI plugin for Nomad to use storage (NFS and iSCSI) from FreeNAS / TrueNAS" + url = "https://git.lapiole.org/infra/nomad/packs/democfratic_csi_freenas_api" + version = "0.0.1" +} + +dependency "common" { + source = "https://git.lapiole.org/infra/nomad/packs/common" +} diff --git a/packs/democratic_csi_freenas_api/output/democratic_csi_freenas_api/democratic-csi-controller.nomad.hcl b/packs/democratic_csi_freenas_api/output/democratic_csi_freenas_api/democratic-csi-controller.nomad.hcl new file mode 100644 index 0000000..d1f9ab6 --- /dev/null +++ b/packs/democratic_csi_freenas_api/output/democratic_csi_freenas_api/democratic-csi-controller.nomad.hcl @@ -0,0 +1,87 @@ +job "democratic-csi-controller" { + datacenters = ["dc1"] + + group "iscsi" { + task "iscsi-controller" { + driver = "docker" + + config { + image = "danielberteaud/democratic-csi:latest" + + args = [ + "--csi-version=1.5.0", + "--csi-name=org.democratic-csi.iscsi", + "--driver-config-file=${NOMAD_SECRETS_DIR}/config.yml", + "--log-level=info", + "--csi-mode=controller", + "--server-socket=/csi/csi.sock", + ] + + network_mode = "host" + privileged = true + userns_mode = "host" + } + + template { + data = <<-EOF + driver: freenas-api-iscsi + +instance_id: + +httpConnection: + protocol: {{ env "TRUENAS_API_SCHEME" }} + host: {{ env "TRUENAS_API_HOST" }} + port: {{ env "TRUENAS_API_PORT" }} + apiKey: {{ with secret (printf "%skv/service/democratic-csi" (env "VAULT_PREFIX")) }}{{ .Data.data.truenas_api_key }}{{ end }} + allowInsecure: {{ env "TRUENAS_API_INSECURE" }} + apiVersion: 2 + +zfs: + datasetParentName: {{ env "ZFS_PARENT" }} + detachedSnapshotsDatasetParentName: {{ env "ZFS_SNAP_PARENT" }} + zvolCompression: + zvolDedup: + zvolEnableReservation: {{ env "ZFS_RESERVATION" }} + zvolBlocksize: {{ env "ZFS_BLOCKSIZE" }} + +iscsi: + targetPortals: +{{ range $idx, $portal := (env "ISCSI_PORTALS" | split ",") }} + - {{ $portal }}{{ end }} + interface: + + namePrefix: "" + nameSuffix: "" + + targetGroups: + - targetGroupPortalGroup: 1 + targetGroupInitiatorGroup: 1 + targetGroupAuthType: None + targetGroupAuthGroup: + + extentInsecureTpc: true + extentXenCompat: false + extentDisablePhysicalBlocksize: false + extentBlocksize: 512 + extentRpm: "SSD" + extentAvailThreshold: 0 + + EOF + + destination = "${NOMAD_SECRETS_DIR}/config.yml" + } + + csi_plugin { + # must match --csi-name arg + id = "org.democratic-csi.iscsi" + type = "controller" + mount_dir = "/csi" + } + + resources { + cpu = 100 + memory = 192 + } + } + } +} diff --git a/packs/democratic_csi_freenas_api/output/democratic_csi_freenas_api/vault/policies/democratic-csi.hcl b/packs/democratic_csi_freenas_api/output/democratic_csi_freenas_api/vault/policies/democratic-csi.hcl new file mode 100644 index 0000000..5c1bbb9 --- /dev/null +++ b/packs/democratic_csi_freenas_api/output/democratic_csi_freenas_api/vault/policies/democratic-csi.hcl @@ -0,0 +1,3 @@ +path "kv/service/democratic-csi" { + capabilities = ["read"] +} diff --git a/packs/democratic_csi_freenas_api/templates/democratic-csi-controller.nomad.hcl.tpl b/packs/democratic_csi_freenas_api/templates/democratic-csi-controller.nomad.hcl.tpl new file mode 100644 index 0000000..175ba94 --- /dev/null +++ b/packs/democratic_csi_freenas_api/templates/democratic-csi-controller.nomad.hcl.tpl @@ -0,0 +1,47 @@ +job "democratic-csi-controller" { + datacenters = ["dc1"] + + group "iscsi" { + + task "iscsi-controller" { + + driver = "docker" + + config { + image = "[[ .democratic_csi_freenas_api.image ]]" + args = [ + "--csi-version=1.5.0", + "--csi-name=org.democratic-csi.iscsi", + "--driver-config-file=${NOMAD_SECRETS_DIR}/config.yml", + "--log-level=info", + "--csi-mode=controller", + "--server-socket=/csi/csi.sock" + ] + + network_mode = "host" + privileged = true + userns_mode = "host" + } + + template { + data =<<-EOF + [[ fileContents "files/iscsi/controller.yml.tpl" ]] + EOF + destination = "${NOMAD_SECRETS_DIR}/config.yml" + } + + csi_plugin { + # must match --csi-name arg + id = "org.democratic-csi.iscsi" + type = "controller" + mount_dir = "/csi" + } + + resources { + cpu = [[ .democratic_csi_freenas_api.resources.cpu ]] + memory = [[ .democratic_csi_freenas_api.resources.memory ]] + } + + } + } +} diff --git a/packs/democratic_csi_freenas_api/templates/vault/policies/democratic-csi.hcl.tpl b/packs/democratic_csi_freenas_api/templates/vault/policies/democratic-csi.hcl.tpl new file mode 100644 index 0000000..a738ca7 --- /dev/null +++ b/packs/democratic_csi_freenas_api/templates/vault/policies/democratic-csi.hcl.tpl @@ -0,0 +1,3 @@ +path "[[ .democratic_csi_freenas_api.vault_prefix ]]kv/service/democratic-csi" { + capabilities = ["read"] +} diff --git a/packs/democratic_csi_freenas_api/variables.hcl b/packs/democratic_csi_freenas_api/variables.hcl new file mode 100644 index 0000000..6965b67 --- /dev/null +++ b/packs/democratic_csi_freenas_api/variables.hcl @@ -0,0 +1,27 @@ +variable "vault_prefix" { + type = string + default = "" +} + +variable "namespace" { + type = string + default = "default" +} + +variable "image" { + description = "Docker image to use" + type = string + default = "danielberteaud/democratic-csi:latest" +} + +variable "resources" { + description = "Resources allocation for each instance" + type = object({ + cpu = number + memory = number + }) + default = { + cpu = 100 + memory = 192 + } +}