Switch to a 3 node cluster for better resiliance

2022-05-24 20:09:16 -07:00 · 2022-05-24 20:09:16 -07:00 · e677259a1d
parent 1352eeb3e8
commit e677259a1d
2 changed files with 14 additions and 11 deletions
--- a/nomad/Makefile
+++ b/nomad/Makefile
@ -62,16 +62,20 @@ venv/bin/ansible:
 ansible-cluster: venv/bin/ansible
 	./venv/bin/ansible-galaxy install -p roles -r roles/requirements.yml
 	env VIRTUAL_ENV=/Users/ifij/workspace/iamthefij/orchestration-tests/nomad/venv ./venv/bin/ansible-playbook -K -vv \
-		-e "@vault-keys.json" \
+		$(shell test -f vault-keys.json && echo '-e "@vault-keys.json"') \
 		-i ansible_hosts.yml -M ./roles ./setup-cluster.yml

 .PHONY: plan
 plan:
-	terraform plan
+	@terraform plan \
+		-var "nomad_secret_id=$(shell jq -r .SecretID nomad_bootstrap.json)" \
+		-var "vault_token=$(shell jq -r .root_token vault-keys.json)"

 .PHONY: apply
 apply:
-	terraform apply
+	@terraform apply \
+		-var "nomad_secret_id=$(shell jq -r .SecretID nomad_bootstrap.json)" \
+		-var "vault_token=$(shell jq -r .root_token vault-keys.json)"

 # Install CNI on hosts?
 # curl -L -o cni-plugins.tgz "https://github.com/containernetworking/plugins/releases/download/v1.0.0/cni-plugins-linux-$( [ $(uname -m) = aarch64 ] && echo arm64 || echo amd64)"-v1.0.0.tgz
--- a/nomad/ansible_hosts.yml
+++ b/nomad/ansible_hosts.yml
@ -3,7 +3,7 @@ all:
  children:
    servers:
      hosts:
-        nomad0.thefij:
+        n1.thefij:
          # consul_node_role: bootstrap
          nomad_node_role: both
          nomad_unique_host_volumes:
@ -13,6 +13,10 @@ all:
              group: "bin"
              mode: "0755"
              read_only: false
+        n2.thefij:
+          nomad_node_class: ingress
+          nomad_node_role: both
+          nomad_unique_host_volumes:
            - name: nextcloud-data
              path: /srv/volumes/nextcloud
              owner: "root"
@ -31,18 +35,13 @@ all:
              group: "bin"
              mode: "0755"
              read_only: false
-          # consul_auto_encrypt:
-          #   enabled: true
-          #   dns_san: ["services.thefij"]
-          #   ip_san: ["192.168.2.41", "127.0.0.1"]
-        # motionpi.thefij: {}
-        nomad1.thefij:
+        n3.thefij:
          nomad_node_class: ingress
          nomad_node_role: both

    consul_instances:
      children:
-        # servers: {}
+        servers: {}
    nomad_instances:
      children:
        servers: {}