job "[[ .instance ]]-node" { [[ $c := merge .democratic_csi.node .democratic_csi . -]] type = "system" [[- template "common/job_start" $c ]] [[- range $proto := coll.Slice "iscsi" "nfs" ]] group "[[ $proto ]]-node" { [[ template "common/constraints" $c ]] service { name = "[[ $.instance ]]-[[ $proto ]]-node[[ $.consul.suffix ]]" [[ template "common/service_meta" $c ]] } restart { interval = "5m" attempts = 30 delay = "10s" mode = "delay" } [[- if eq $proto "iscsi" ]] [[- template "common/volumes" $.democratic_csi.node.volumes ]] [[- end ]] task "[[ $proto ]]-node" { driver = "[[ $c.nomad.driver ]]" config { image = "[[ $c.image ]]" args = [ "--csi-version=1.5.0", # must match the csi_plugin.id attribute below "--csi-name=[[ $.democratic_csi.plugin_id ]].[[ $proto ]]", "--driver-config-file=/secrets/config.yml", "--log-level=info", "--csi-mode=node", "--server-socket=/csi/csi.sock", ] # node plugins must run as privileged jobs because they # mount disks to the host userns_mode = "host" privileged = true ipc_mode = "host" network_mode = "host" } env { CSI_NODE_ID = "${attr.unique.hostname}" } [[ template "common/file_env" $c ]] template { data =<<_EOF [[ tmpl.Exec (printf "democratic_csi/%s/node.yml.tpl" $proto) $c ]] _EOF destination = "secrets/config.yml" } csi_plugin { # must match --csi-name arg id = "[[ $.democratic_csi.plugin_id ]].[[ $proto ]]" type = "node" mount_dir = "/csi" } [[- if eq $proto "iscsi" ]] volume_mount { volume = "host_root" destination = "/host" propagation_mode = "bidirectional" } volume_mount { volume = "host_run_udev" destination = "/run/udev" } [[- end ]] [[ template "common/resources" $c ]] } } [[- end ]] } # vim: syntax=hcl