DEPRECATED # Vars # name = string* # image = string* # service_port = int # ingress = bool # sticky_disk = bool # args = json(list[str]) # resources = dict(cpu = int, mem = int) # env = json(dict(str: any)) # ingress_middlewares = json(list(str)) # templates = json(list(dict( # data = str, # dest = str, # change_mode = str, # change_signal = str, # left_delimiter = str, # right_delimiter = str, # mount = bool # ))) # host_volumes = json(list(dict( # name = str, # dest = str, # read_only = bool, # ))) # healthcheck = "/" # upstreams = json(list(dict( # destination_name = str, # local_bind_port = int # ))) # mysql = bool # redis = bool # vault = bool # mysql_bootstrap = json(dict( # vault_key = str # db_name = str # db_name_key = str # db_user = str # db_user_key = str # db_pass = str # db_pass_key = str # )) job "[[.name]]" { region = "global" datacenters = ["dc1"] type = "service" group "[[.name]]" { [[ with .count ]]count = [[ . ]][[ end ]] network { mode = "bridge" [[ if not (empty .service_port) -]] port "main" { host_network = "wesher" to = [[ .service_port ]] } [[ end -]] } [[ if default false .sticky_disk ]] ephemeral_disk { migrate = true sticky = true } [[ end ]] [[ with .host_volumes -]] [[ range $v := . | parseJSON -]] volume "[[ $v.name ]]" { type = "host" read_only = [[ $v.read_only ]] source = "[[ $v.name ]]" } [[ end ]] [[ end -]] [[ if not (empty .service_port) ]] service { name = "[[.name | replace "_" "-"]]" provider = "nomad" port = "main" [[ if not (eq .healthcheck "") -]] check { type = "http" path = "[[ or .healthcheck "/" ]]" port = "main" interval = "10s" timeout = "10s" } [[ end -]] tags = [ [[ if default false .ingress -]] "traefik.enable=true", "traefik.http.routers.[[.name]].entryPoints=websecure", [[ if not (empty .ingress_rule) -]] "traefik.http.routers.[[.name]].rule=[[.ingress_rule]]", [[ end -]] [[ with .ingress_middlewares -]][[ range $m := . | parseJSON -]] "traefik.http.routers.[[$.name]].middlewares=[[ $m ]]", [[ end -]][[ end -]] [[ end -]] ] } [[ end -]] task "[[.name]]" { driver = "docker" config { image = "[[.image]]" [[ with .service_port -]] ports = ["main"] [[ end -]] [[ with .args -]] args = [[ . ]] [[ end -]] [[ with .templates -]] [[ range $t := . | parseJSON -]] [[ if and (default true $t.mount) (not (default false $t.env)) -]] mount { type = "bind" target = "[[ $t.dest ]]" source = "[[ default "local/" $t.dest_prefix ]][[ $t.dest ]]" } [[ end -]] [[ end ]] [[ end -]] } [[ with .env -]] env = { [[ range $k, $v := . | parseJSON -]] "[[$k]]" = "[[$v]]" [[ end -]] } [[ end -]] [[ with .host_volumes -]] [[ range $v := . | parseJSON -]] volume_mount { volume = "[[ $v.name ]]" destination = "[[ $v.dest ]]" read_only = [[ $v.read_only ]] } [[ end ]] [[ end -]] [[ with .templates -]] [[ range $t := . | parseJSON -]] template { data = <<EOF [[ $t.data ]] EOF destination = "[[ default "local/" $t.dest_prefix ]][[ $t.dest ]]" [[ with $t.left_delimiter ]]left_delimiter = "[[ . ]]"[[ end -]] [[ with $t.right_delimiter ]]right_delimiter = "[[ . ]]"[[ end -]] [[ with $t.change_mode ]]change_mode = "[[ . ]]"[[ end -]] [[ with $t.change_signal ]]change_signal = "[[ . ]]"[[ end -]] [[ with $t.env ]]env = [[ . ]][[ end ]] } [[ end -]] [[ end -]] [[ with .resources -]] resources { cpu = [[ .cpu ]] memory = [[ .memory ]] } [[ end -]] } [[ with .mysql_bootstrap ]][[ with . | parseJSON ]] task "[[$.name]]-bootstrap" { driver = "docker" lifecycle { hook = "prestart" sidecar = false } config { image = "mariadb:10" args = [ "/bin/bash", "-c", "/usr/bin/mysql --defaults-extra-file=${NOMAD_SECRETS_DIR}/my.cnf < ${NOMAD_SECRETS_DIR}/bootstrap.sql", ] } vault { policies = [ "access-tables", "nomad-task", ] } template { data = <<EOF [client] {{ range nomadService 1 (env "NOMAD_ALLOC_ID") "mysql-server" -}} host={{ .Address }} port={{ .Port }} {{ end -}} user=root # TODO: Use via lesser scoped access {{ with nomadVar "nomad/jobs" -}} password={{ .mysql_root_password }} {{ end -}} EOF destination = "${NOMAD_SECRETS_DIR}/my.cnf" } template { data = <<EOF {{ with nomadVar "[[.vault_key]]" -}} CREATE DATABASE IF NOT EXISTS `{{ .[[ default "db_name" .db_name_key ]] }}` CHARACTER SET = 'utf8mb4' COLLATE = 'utf8mb4_unicode_ci'; CREATE USER IF NOT EXISTS '{{ .[[ default "db_user" .db_user_key ]] }}'@'%' IDENTIFIED BY '{{ .[[ default "db_pass" .db_pass_key ]] }}'; GRANT ALL ON `{{ .[[ default "db_name" .db_name_key ]] }}`.* to '{{ .[[ default "db_user" .db_user_key ]] }}'@'%'; {{ end -}} {{ end -}} EOF destination = "${NOMAD_SECRETS_DIR}/bootstrap.sql" } resources { cpu = 50 memory = 50 } } [[ end -]][[ end -]] } }