2022-02-16 17:56:18 +00:00
|
|
|
---
|
|
|
|
- name: Build Consul cluster
|
|
|
|
hosts: consul_instances
|
|
|
|
any_errors_fatal: true
|
|
|
|
|
|
|
|
roles:
|
2022-03-12 18:07:52 +00:00
|
|
|
- role: ansible-consul
|
|
|
|
vars:
|
|
|
|
consul_version: "1.11.3"
|
|
|
|
consul_install_remotely: true
|
|
|
|
consul_install_upgrade: true
|
|
|
|
|
|
|
|
consul_node_role: server
|
|
|
|
consul_bootstrap_expect: true
|
|
|
|
|
|
|
|
consul_user: consul
|
|
|
|
consul_manage_user: true
|
|
|
|
consul_group: bin
|
|
|
|
consul_manage_group: true
|
|
|
|
|
|
|
|
consul_architecture_map:
|
|
|
|
x86_64: amd64
|
|
|
|
armhfv6: arm
|
|
|
|
armv7l: arm
|
|
|
|
|
|
|
|
# consul_tls_enable: true
|
|
|
|
consul_connect_enabled: true
|
|
|
|
consul_ports_grpc: 8502
|
|
|
|
consul_client_address: "0.0.0.0"
|
|
|
|
|
|
|
|
# Enable metrics
|
|
|
|
consul_config_custom:
|
|
|
|
telemetry:
|
|
|
|
prometheus_retention_time: "2h"
|
|
|
|
|
|
|
|
become: true
|
2022-03-03 17:37:49 +00:00
|
|
|
|
|
|
|
|
2022-02-27 22:49:00 +00:00
|
|
|
tasks:
|
|
|
|
- name: Start Consul
|
|
|
|
systemd:
|
|
|
|
state: started
|
|
|
|
name: consul
|
2022-03-12 18:07:52 +00:00
|
|
|
become: true
|
2022-02-27 22:49:00 +00:00
|
|
|
|
|
|
|
- name: Add values
|
|
|
|
block:
|
2022-03-12 18:07:52 +00:00
|
|
|
- name: Install python-consul
|
2022-02-27 22:49:00 +00:00
|
|
|
pip:
|
|
|
|
name: python-consul
|
2022-03-12 18:07:52 +00:00
|
|
|
extra_args: --index-url https://pypi.org/simple
|
2022-02-27 22:49:00 +00:00
|
|
|
|
|
|
|
- name: Add a value to Consul
|
|
|
|
consul_kv:
|
2022-03-12 18:07:52 +00:00
|
|
|
host: "{{ inventory_hostname }}"
|
2022-02-27 22:49:00 +00:00
|
|
|
key: ansible_test
|
|
|
|
value: Hello from Ansible!
|
2022-03-03 17:37:49 +00:00
|
|
|
|
2022-03-12 18:07:52 +00:00
|
|
|
delegate_to: localhost
|
2022-02-27 22:49:00 +00:00
|
|
|
run_once: true
|
2022-02-16 17:56:18 +00:00
|
|
|
|
2022-03-15 18:57:00 +00:00
|
|
|
- name: Setup Vault cluster
|
|
|
|
hosts: vault_instances
|
|
|
|
|
|
|
|
roles:
|
|
|
|
- name: ansible-vault
|
|
|
|
vars:
|
|
|
|
# Doesn't support multi-arch installs
|
|
|
|
vault_install_hashi_repo: true
|
|
|
|
vault_bin_path: /usr/bin
|
|
|
|
vault_harden_file_perms: true
|
|
|
|
vault_address: 0.0.0.0
|
|
|
|
|
|
|
|
vault_backend: consul
|
|
|
|
become: true
|
|
|
|
|
|
|
|
tasks:
|
|
|
|
- name: Unseal vault
|
|
|
|
command:
|
|
|
|
argv:
|
|
|
|
- "vault"
|
|
|
|
- "operator"
|
|
|
|
- "unseal"
|
|
|
|
- "-address=http://127.0.0.1:8200/"
|
|
|
|
- "{{ item }}"
|
|
|
|
loop: "{{ vault_keys }}"
|
2022-03-22 03:13:13 +00:00
|
|
|
no_log: true
|
2022-03-15 18:57:00 +00:00
|
|
|
when: vault_keys is defined
|
|
|
|
|
2022-03-12 18:07:52 +00:00
|
|
|
# Not on Ubuntu 20.04
|
|
|
|
# - name: Install Podman
|
|
|
|
# hosts: nomad_instances
|
|
|
|
# become: true
|
|
|
|
#
|
|
|
|
# tasks:
|
|
|
|
# - name: Install Podman
|
|
|
|
# package:
|
|
|
|
# name: podman
|
|
|
|
# state: present
|
|
|
|
|
2022-02-17 22:03:42 +00:00
|
|
|
- name: Build Nomad cluster
|
2022-02-16 17:56:18 +00:00
|
|
|
hosts: nomad_instances
|
|
|
|
any_errors_fatal: true
|
|
|
|
become: true
|
|
|
|
|
|
|
|
roles:
|
|
|
|
- name: ansible-nomad
|
2022-03-12 18:07:52 +00:00
|
|
|
vars:
|
|
|
|
nomad_version: "1.2.6"
|
|
|
|
nomad_install_remotely: true
|
|
|
|
nomad_install_upgrade: true
|
|
|
|
nomad_allow_purge_config: true
|
|
|
|
|
|
|
|
nomad_user: root
|
|
|
|
nomad_manage_user: true
|
|
|
|
nomad_group: bin
|
|
|
|
nomad_manage_group: true
|
|
|
|
|
|
|
|
# Properly map install arch
|
|
|
|
nomad_architecture_map:
|
|
|
|
x86_64: amd64
|
|
|
|
armhfv6: arm
|
|
|
|
armv7l: arm
|
|
|
|
|
|
|
|
nomad_encrypt_enable: true
|
|
|
|
# nomad_use_consul: true
|
|
|
|
|
|
|
|
# Metrics
|
|
|
|
nomad_telemetry: true
|
|
|
|
nomad_telemetry_prometheus_metrics: true
|
|
|
|
nomad_telemetry_publish_allocation_metrics: true
|
|
|
|
nomad_telemetry_publish_node_metrics: true
|
|
|
|
|
|
|
|
# Enable container plugins
|
|
|
|
nomad_cni_enable: true
|
|
|
|
nomad_cni_version: 1.0.1
|
|
|
|
nomad_docker_enable: true
|
|
|
|
nomad_docker_dmsetup: false
|
|
|
|
# nomad_podman_enable: true
|
|
|
|
|
|
|
|
# Customize docker plugin
|
|
|
|
nomad_plugins:
|
|
|
|
docker:
|
|
|
|
config:
|
|
|
|
volumes:
|
|
|
|
enabled: true
|
|
|
|
selinuxlabel: "z"
|
|
|
|
extra_labels:
|
|
|
|
- "job_name"
|
|
|
|
- "job_id"
|
|
|
|
- "task_group_name"
|
|
|
|
- "task_name"
|
|
|
|
- "namespace"
|
|
|
|
- "node_name"
|
|
|
|
- "node_id"
|
|
|
|
|
|
|
|
# Bind nomad
|
|
|
|
nomad_bind_address: 0.0.0.0
|
|
|
|
|
2022-03-14 22:59:07 +00:00
|
|
|
# Default interface for binding tasks
|
2022-03-22 03:13:13 +00:00
|
|
|
# nomad_network_interface: lo
|
2022-03-14 22:59:07 +00:00
|
|
|
|
2022-03-12 18:07:52 +00:00
|
|
|
# Create networks for binding task ports
|
|
|
|
nomad_host_networks:
|
2022-03-22 03:13:13 +00:00
|
|
|
# - name: public
|
|
|
|
# interface: eth0
|
|
|
|
# reserved_ports: "22"
|
2022-03-12 18:07:52 +00:00
|
|
|
- name: nomad-bridge
|
|
|
|
interface: nomad
|
|
|
|
reserved_ports: "22"
|
|
|
|
- name: loopback
|
|
|
|
interface: lo
|
|
|
|
reserved_ports: "22"
|
|
|
|
|
2022-03-22 03:13:13 +00:00
|
|
|
# Enable ACLs
|
|
|
|
nomad_acl_enabled: true
|
|
|
|
|
2022-03-15 18:57:00 +00:00
|
|
|
# Enable vault integration
|
2022-03-22 03:13:13 +00:00
|
|
|
nomad_vault_enabled: "{{ vault_token is defined }}"
|
|
|
|
nomad_vault_token: "{{ vault_token | default('') }}"
|
2022-03-15 18:57:00 +00:00
|
|
|
|
2022-03-12 18:07:52 +00:00
|
|
|
nomad_config_custom:
|
|
|
|
ui:
|
|
|
|
enabled: true
|
|
|
|
consul:
|
|
|
|
ui_url: "http://{{ ansible_hostname }}:8500/ui"
|
2022-03-15 18:57:00 +00:00
|
|
|
vault:
|
|
|
|
ui_url: "http://{{ ansible_hostname }}:8200/ui"
|
2022-03-15 19:23:37 +00:00
|
|
|
consul:
|
2022-03-22 03:13:13 +00:00
|
|
|
tags:
|
2022-03-15 19:23:37 +00:00
|
|
|
- "traefik.enable=true"
|
|
|
|
- "traefik.consulcatalog.connect=true"
|
|
|
|
- "traefik.http.routers.nomadclient.entrypoints=websecure"
|
2022-03-03 17:37:49 +00:00
|
|
|
|
2022-02-27 22:49:00 +00:00
|
|
|
tasks:
|
|
|
|
- name: Start Nomad
|
|
|
|
systemd:
|
|
|
|
state: started
|
|
|
|
name: nomad
|