ansible-community / ansible-nomad

:watch: Ansible role for Nomad
https://galaxy.ansible.com/brianshumate/nomad
BSD 2-Clause "Simplified" License
299 stars 166 forks source link
ansible ansible-role hacktoberfest hashicorp nomad scheduler

Ansible-Nomad


This role was previously maintained by Brian Shumate and is now curated by @ansible-community/hashicorp-tools.


This Ansible role performs basic Nomad installation, including filesystem structure, and example configuration.

It will also bootstrap a minimal cluster of 3 server nodes, and can do this in a development environment based on Vagrant and VirtualBox. See README_VAGRANT.md for more details about the Vagrant setup.

Requirements

This role requires an Arch Linux, Debian, RHEL, or Ubuntu distribution; the role is tested with the following specific software versions:

Role Variables

The role defines most of its variables in defaults/main.yml:

nomad_debug

nomad_skip_ensure_all_hosts

nomad_allow_purge_config

nomad_version

nomad_architecture_map

nomad_architecture

nomad_pkg

nomad_zip_url

nomad_checksum_file_url

nomad_bin_dir

nomad_config_dir

nomad_data_dir

nomad_lockfile

nomad_run_dir

nomad_manage_user

nomad_user

nomad_manage_group

nomad_group

nomad_region

nomad_datacenter

nomad_log_level

nomad_syslog_enable

nomad_iface

nomad_node_name

nomad_node_role

nomad_leave_on_terminate

nomad_leave_on_interrupt

nomad_disable_update_check

nomad_retry_max

nomad_retry_join

nomad_retry_interval

nomad_rejoin_after_leave

nomad_enabled_schedulers

nomad_num_schedulers

nomad_node_gc_threshold

nomad_job_gc_threshold

nomad_eval_gc_threshold

nomad_deployment_gc_threshold

nomad_encrypt_enable

nomad_encrypt

nomad_raft_multiplier

nomad_raft_protocol

nomad_authoritative_region

nomad_node_class

nomad_node_pool

nomad_no_host_uuid

nomad_max_kill_timeout

nomad_network_interface

nomad_network_speed

nomad_cpu_total_compute

nomad_gc_interval

nomad_gc_max_allocs

nomad_gc_disk_usage_threshold

nomad_gc_inode_usage_threshold

nomad_gc_parallel_destroys

nomad_reserved

nomad_reserved_cpu

nomad_reserved_memory

nomad_reserved_disk

nomad_reserved_ports

nomad_host_volumes

nomad_host_volumes:
  - name: data
    path: /var/data
    owner: root
    group: bin
    mode: 0755
    read_only: false
  - name: config
    path: /etc/conf
    owner: root
    group: bin
    mode: 0644
    read_only: false
  - name: docker socket
    path: /run/docker.sock
    read_only: true
    state: file

nomad_host_networks

nomad_host_networks:
  - name: public
    cidr: 100.101.102.103/24
    reserved_ports: 22,80
  - name: private
    interface: eth0
    reserved_ports: 443

nomad_options

nomad_chroot_env

nomad_meta

nomad_bind_address

nomad_advertise_address

nomad_ports

nomad_ports_http

nomad_ports_rpc

nomad_ports_serf

nomad_podman_enable

nomad_cni_enable

nomad_docker_enable

nomad_template_config

Example:

nomad_template_config:
  vault_retry:
    attempts: 12
    backoff: "750ms"
    max_backoff: "2m"
  wait:
    min: "10s"
    max: "4m"

nomad_plugins

Example:

nomad_plugins:
  nomad-driver-podman:
    config:
      volumes:
        enabled: true
        selinuxlabel: z
      recover_stopped: true

nomad_group_name

nomad_servers

It's typically not necessary to manually alter this list.

nomad_gather_server_facts

This feature makes it possible to gather the nomad_bind_address and nomad_advertise_address from servers that are currently not targeted by the playbook.

To make this possible the delegate_facts option is used. This option is broken in many Ansible versions, so this feature might not always work.

nomad_use_consul

nomad_consul_address

nomad_consul_ssl

nomad_consul_ca_file

nomad_consul_grpc_ca_file

nomad_consul_cert_file

nomad_consul_key_file

nomad_consul_servers_service_name

nomad_consul_clients_service_name

nomad_consul_token

nomad_bootstrap_expect

nomad_acl_enabled

nomad_acl_token_ttl

nomad_acl_policy_ttl

nomad_acl_replication_token

nomad_vault_enabled

nomad_vault_address

nomad_vault_allow_unauthenticated

nomad_vault_create_from_role

nomad_vault_ca_file

nomad_vault_ca_path

nomad_vault_cert_file

nomad_vault_key_file

nomad_vault_tls_server_name

nomad_vault_tls_skip_verify

nomad_vault_token

nomad_vault_namespace

nomad_docker_enable

nomad_docker_dmsetup

nomad_tls_enable

nomad_tls_copy_keys: false

nomad_tls_files_remote_src

nomad_tls_dir

nomad_ca_file

nomad_cert_file

nomad_key_file

nomad_rpc_upgrade_mode

nomad_verify_server_hostname

nomad_verify_https_client

nomad_telemetry

nomad_telemetry_disable_hostname

nomad_telemetry_collection_interval

nomad_telemetry_use_node_name

nomad_telemetry_publish_allocation_metrics

nomad_telemetry_publish_node_metrics

nomad_telemetry_backwards_compatible_metrics

nomad_telemetry_disable_tagged_metrics

nomad_telemetry_filter_default

nomad_telemetry_prefix_filter

nomad_telemetry_disable_dispatched_job_summary_metrics

nomad_telemetry_statsite_address

nomad_telemetry_statsd_address

nomad_telemetry_datadog_address

nomad_telemetry_datadog_tags

nomad_telemetry_prometheus_metrics

nomad_telemetry_circonus_api_token

nomad_telemetry_circonus_api_app

nomad_telemetry_circonus_api_url

nomad_telemetry_circonus_submission_interval

nomad_telemetry_circonus_submission_url

nomad_telemetry_circonus_check_id

nomad_telemetry_circonus_check_force_metric_activation

nomad_telemetry_circonus_check_instance_id

nomad_telemetry_circonus_check_search_tag

nomad_telemetry_circonus_check_display_name

nomad_telemetry_circonus_check_tags

nomad_telemetry_circonus_broker_id

nomad_telemetry_circonus_broker_select_tag

nomad_autopilot

nomad_autopilot_cleanup_dead_servers

nomad_autopilot_last_contact_threshold

nomad_autopilot_max_trailing_logs

nomad_autopilot_server_stabilization_time

nomad_ui

e.g

nomad_ui: true
nomad_ui_label_text: "Staging Cluster"
nomad_ui_label_background_color: "yellow"
nomad_ui_label_text_color: "#000000"

nomad_ui_label_text

nomad_ui_label_background_color

nomad_ui_label_text_color

nomad_artifact

e.g

nomad_artifact:
  {
    set_environment_variables: "GITLAB_READONLY_TOKEN,GITLAB_KEYCLOAK_THEMES_READONLY_TOKEN",
  }

Custom Configuration Section

As Nomad loads the configuration from files and directories in lexical order, typically merging on top of previously parsed configuration files, you may set custom configurations via nomad_config_custom, which will be expanded into a file named custom.json within your nomad_config_dir which will be loaded after all other configuration by default.

An example usage for enabling vault:

  vars:
    nomad_config_custom:
      vault:
        enabled          : true
        ca_path          : "/etc/certs/ca"
        cert_file        : "/var/certs/vault.crt"
        key_file         : "/var/certs/vault.key"
        address          : "https://vault.service.consul:8200"
        create_from_role : "nomad-cluster"

Dependencies

Ansible requires GNU tar and this role performs some local use of the unarchive module, so ensure that your system has gtar/unzip installed. Jinja2 templates use ipaddr filter that need netaddr python library.

Example Playbook

Basic nomad installation is possible using the included site.yml playbook:

ansible-playbook -i <hosts> site.yml

You can also simply pass variables in using the --extra-vars option to the ansible-playbook command:

ansible-playbook -i hosts site.yml --extra-vars "nomad_datacenter=maui"

Vagrant and VirtualBox

See examples/README_VAGRANT.md for details on quick Vagrant deployments under VirtualBox for testing, etc.

License

BSD

Author Information

Brian Shumate

Contributors

Special thanks to the folks listed in CONTRIBUTORS.md for their contributions to this project.

Contributions are welcome, provided that you can agree to the terms outlined in CONTRIBUTING.md