From 1b48892172f59b5c04e0b10b40eaffdc5d511d79 Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Mon, 23 Oct 2023 12:59:41 -0700 Subject: [PATCH] Add read-only implementation of fixers as scheduled batches --- services/nomad-fixers.nomad | 46 +++++++++++++++++++++++++++++++++++++ services/nomad-fixers.tf | 22 ++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 services/nomad-fixers.nomad create mode 100644 services/nomad-fixers.tf diff --git a/services/nomad-fixers.nomad b/services/nomad-fixers.nomad new file mode 100644 index 0000000..b90ee5a --- /dev/null +++ b/services/nomad-fixers.nomad @@ -0,0 +1,46 @@ +job "fixers" { + + type = "batch" + + periodic { + cron = "*/15 * * * * *" + prohibit_overlap = true + } + + group "main" { + + task "orphaned_services" { + driver = "docker" + + config { + image = "iamthefij/nomad-service-fixers:0.1.0" + command = "/scripts/nomad_orphan_services.py" + } + + env = { + NOMAD_ADDR = "http+unix://%2Fsecrets%2Fapi.sock" + } + + identity { + env = true + } + } + + task "missing_services" { + driver = "docker" + + config { + image = "iamthefij/nomad-service-fixers:0.1.0" + command = "/scripts/nomad_missing_services.py" + } + + env = { + NOMAD_ADDR = "http+unix://%2Fsecrets%2Fapi.sock" + } + + identity { + env = true + } + } + } +} diff --git a/services/nomad-fixers.tf b/services/nomad-fixers.tf new file mode 100644 index 0000000..c09dfc2 --- /dev/null +++ b/services/nomad-fixers.tf @@ -0,0 +1,22 @@ +resource "nomad_job" "nomad-fixers" { + jobspec = file("${path.module}/nomad-fixers.nomad") +} + +resource "nomad_acl_policy" "nomad_fixers_workload" { + name = "nomad-fixers-workload" + description = "Give nomad fixers access to the Nomad api for fixing things" + rules_hcl = <