Add ability to add actions and schedule them for services

2024-10-02 11:26:57 -07:00 · 2024-10-02 11:26:57 -07:00 · 8641bd50e1
commit 8641bd50e1
parent 9d7a8029c1
4 changed files with 85 additions and 0 deletions
--- a/services/service/main.tf
+++ b/services/service/main.tf
@ -14,6 +14,7 @@ resource "nomad_job" "service" {
    constraints        = var.constraints
    docker_devices     = var.docker_devices
    user               = var.user
+    actions            = var.actions

    service_port        = var.service_port
    service_port_static = var.service_port_static
@ -245,3 +246,33 @@ module "oidc_client" {
    task   = var.name
  }
 }
+
+# Action cron jobs
+resource "nomad_job" "action_cron" {
+  for_each = tomap({ for action in var.actions : action.name => action if action.cron != null })
+  jobspec = templatefile("${path.module}/service_scheduled.nomad", {
+    name        = var.name
+    action_name = each.value.name
+    action_cron = each.value.cron
+  })
+}
+
+resource "nomad_acl_policy" "action_cron_workload_policy" {
+  for_each = resource.nomad_job.action_cron
+
+  name        = "service-action-${each.value.id}"
+  description = "Give custom service cron actions access to execute actions."
+  rules_hcl   = <<EOH
+namespace "default" {
+  capabilities = [
+    "list-jobs",
+    "read-job",
+    "alloc-exec",
+  ]
+}
+  EOH
+
+  job_acl {
+    job_id = each.value.id
+  }
+}
--- a/services/service/service_scheduled.nomad
+++ b/services/service/service_scheduled.nomad
@ -0,0 +1,35 @@
+job "${name}-${action_name}" {
+  region = "global"
+  datacenters = ["dc1"]
+
+  type = "batch"
+
+  periodic {
+    cron = "${action_cron}"
+  }
+
+  group "main" {
+    task "${action_name}" {
+      driver = "docker"
+
+      config {
+        image = "hashicorp/nomad:$${attr.nomad.version}"
+        args = [
+          "job",
+          "action",
+          "-job",
+          "${name}",
+          "-group",
+          "${name}",
+          "-task",
+          "${name}",
+          "${action_name}"
+        ]
+      }
+
+      identity {
+        env = true
+      }
+    }
+  }
+}
--- a/services/service/service_template.nomad
+++ b/services/service/service_template.nomad
@ -185,6 +185,14 @@ job "${name}" {
        %{~ endfor ~}
      }
      %{~ endif ~}
+      %{~ for action in actions }
+      action "${action.name}" {
+        command = "${action.command}"
+        %{~ if length(action.args) > 0 ~}
+        args = ${jsonencode(action.args)}
+        %{~ endif ~}
+      }
+      %{~ endfor ~}
      %{~ for volume in host_volumes }
      volume_mount {
        volume = "${volume.name}"
--- a/services/service/vars.tf
+++ b/services/service/vars.tf
@ -284,6 +284,17 @@ variable "use_wesher" {
  default     = true
 }

+variable "actions" {
+  description = "Nomad actions that should be part of the main task"
+  type = list(object({
+    name    = string
+    command = string
+    args    = optional(list(string))
+    cron    = optional(string)
+  }))
+  default = []
+}
+
 variable "service_check" {
  description = "Health check for main ingress service"
  type = object({