m/natelandau_ansible-homelab-config
1
0
Fork 0
mirror of https://github.com/natelandau/ansible-homelab-config.git synced 2025-11-17 09:23:40 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: fix nomad configuration

Browse Source
This commit is contained in:
Nathaniel Landau
2023-12-11 11:22:54 -05:00
parent eff9059bac
commit 846fb2bc31
2 changed files with 146 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
templates/consul.hcl.j2
View File

@@ -5,11 +5,11 @@
{% if is_consul_server %} {% if is_consul_server %}
"server" = true "server" = true
"ui_config" = { "ui_config" = {
"enabled" = true "enabled" = true
} }
{% else %} {% else %}
"ui_config" = { "ui_config" = {
"enabled" = false "enabled" = false
} }
{% endif %} {% endif %}
@@ -28,15 +28,15 @@
# ----------------------------------------- Networking # ----------------------------------------- Networking
"addresses" = { "addresses" = {
"dns" = "0.0.0.0" "dns" = "0.0.0.0"
"grpc" = "0.0.0.0" "grpc" = "0.0.0.0"
"http" = "0.0.0.0" "http" = "0.0.0.0"
"https" = "0.0.0.0" "https" = "0.0.0.0"
} }
"ports" = { "ports" = {
"dns" = 8600 "dns" = 8600
"http" = 8500 "http" = 8500
"server" = 8300 "server" = 8300
} }
{% if 'linode' in group_names %} {% if 'linode' in group_names %}
@@ -57,7 +57,7 @@
{% if 'linode' in group_names %} {% if 'linode' in group_names %}
"retry_join" = [{% for h in groups['linode-cluster'] if hostvars[h].is_consul_server == true %}"{{ hostvars[h].linode_private_ip }}"{% if not loop.last %}, {% endif %}{% endfor %}] "retry_join" = [{% for h in groups['linode-cluster'] if hostvars[h].is_consul_server == true %}"{{ hostvars[h].linode_private_ip }}"{% if not loop.last %}, {% endif %}{% endfor %}]
{% else %} {% else %}
"retry_join" = [{% for h in groups['lan'] if hostvars[h].is_consul_server == true %}"{{ hostvars[h].ansible_host }}"{% if not loop.last %}, {% endif %}{% endfor %}] "retry_join" = ["{{ rpi1_ip_address }}", "{{ rpi2_ip_address }}", "{{ rpi3_ip_address }}"]
{% if is_consul_server %} {% if is_consul_server %}
{% if 'linode' in group_names %} {% if 'linode' in group_names %}
"join_wan" = [{% for h in groups['linode-cluster'] if hostvars[h].is_consul_server == true %}"{{ hostvars[h].ansible_host }}"{% if not loop.last %}, {% endif %}{% endfor %}] "join_wan" = [{% for h in groups['linode-cluster'] if hostvars[h].is_consul_server == true %}"{{ hostvars[h].ansible_host }}"{% if not loop.last %}, {% endif %}{% endfor %}]
@@ -81,7 +81,7 @@
"key_file" = "{{ consul_opt_dir }}/certs/{{ datacenter_name }}-server-consul-0-key.pem" "key_file" = "{{ consul_opt_dir }}/certs/{{ datacenter_name }}-server-consul-0-key.pem"
{% endif %} {% endif %}
"auto_encrypt" = { "auto_encrypt" = {
"allow_tls" = true "allow_tls" = true
} }
{% else %} {# Consul Clients #} {% else %} {# Consul Clients #}
"verify_incoming" = false "verify_incoming" = false
@@ -93,14 +93,14 @@
"ca_file" = "{{ consul_opt_dir }}/certs/consul-agent-ca.pem" "ca_file" = "{{ consul_opt_dir }}/certs/consul-agent-ca.pem"
{% endif %} {% endif %}
"auto_encrypt" = { "auto_encrypt" = {
"tls" = true "tls" = true
} }
{% endif %} {% endif %}
"acl" = { "acl" = {
enabled = false default_policy = "allow"
default_policy = "allow" enable_token_persistence = true
enable_token_persistence = true enabled = false
} }
# ----------------------------------------- Cluster Operations # ----------------------------------------- Cluster Operations

261
templates/nomad.hcl.j2
View File

@@ -5,28 +5,28 @@ datacenter = "{{ datacenter_name }}"
# ----------------------------------------- Files and Logs # ----------------------------------------- Files and Logs
data_dir = "{{ nomad_opt_dir_location }}" data_dir = "{{ nomad_opt_dir_location }}"
plugin_dir = "{{ nomad_opt_dir_location }}/plugins"
log_level = "warn"
log_file = "{{ nomad_opt_dir_location }}/logs/nomad.log"
log_rotate_max_files = 5
enable_syslog = false enable_syslog = false
log_file = "{{ nomad_opt_dir_location }}/logs/nomad.log"
log_level = "warn"
log_rotate_max_files = 5
plugin_dir = "{{ nomad_opt_dir_location }}/plugins"
# ----------------------------------------- Networking # ----------------------------------------- Networking
bind_addr = "0.0.0.0" # the default bind_addr = "0.0.0.0" # the default
advertise { advertise {
{% if 'linode' in group_names %} {% if 'linode' in group_names %}
http = "{{ linode_private_ip }}:4646" http = "{{ linode_private_ip }}:4646"
rpc = "{{ linode_private_ip }}:4647" rpc = "{{ linode_private_ip }}:4647"
serf = "{{ linode_private_ip }}:4648" # non-default ports may be specified serf = "{{ linode_private_ip }}:4648" # non-default ports may be specified
{% elif 'synology' in group_names %} {% elif 'synology' in group_names %}
http = "{{ synology_second_ip }}:4646" http = "{{ synology_second_ip }}:4646"
rpc = "{{ synology_second_ip }}:4647" rpc = "{{ synology_second_ip }}:4647"
serf = "{{ synology_second_ip }}:4648" # non-default ports may be specified serf = "{{ synology_second_ip }}:4648" # non-default ports may be specified
{% else %} {% else %}
http = "{{ ansible_host }}:4646" http = "{{ ansible_host }}:4646"
rpc = "{{ ansible_host }}:4647" rpc = "{{ ansible_host }}:4647"
serf = "{{ ansible_host }}:4648" # non-default ports may be specified serf = "{{ ansible_host }}:4648" # non-default ports may be specified
{% endif %} {% endif %}
} }
@@ -48,170 +48,171 @@ consul {
{% if is_nomad_server %} {% if is_nomad_server %}
tags = [ tags = [
"traefik.enable=true", "traefik.enable=true",
"traefik.http.routers.nomad-server.entryPoints=web,websecure", "traefik.http.routers.nomad-server.entryPoints=web,websecure",
"traefik.http.routers.nomad-server.service=nomad-server", "traefik.http.routers.nomad-server.service=nomad-server",
"traefik.http.routers.nomad-server.rule=Host(`nomad.{{ homelab_domain_name }}`)", "traefik.http.routers.nomad-server.rule=Host(`nomad.{{ homelab_domain_name }}`)",
"traefik.http.routers.nomad-server.tls=true", "traefik.http.routers.nomad-server.tls=true",
"traefik.http.routers.nomad-server.middlewares=authelia@file,redirectScheme@file", "traefik.http.routers.nomad-server.middlewares=redirectScheme@file",
"traefik.http.services.nomad-server.loadbalancer.server.port=4646" "traefik.http.services.nomad-server.loadbalancer.server.port=4646"
] ]
{% endif %} {% endif %}
} }
# ----------------------------------------- Client Config # ----------------------------------------- Client Config
client { client {
enabled = true enabled = true
{% if 'pis' in group_names %} {% if 'pis' in group_names %}
node_class = "rpi" node_class = "rpi"
{% elif 'macs' in group_names %} {% elif 'macs' in group_names %}
node_class = "mac" node_class = "mac"
{% elif 'synology' in group_names %} {% elif 'synology' in group_names %}
node_class = "synology" node_class = "synology"
{% endif %} {% endif %}
reserved { reserved {
cpu = 250 cpu = 250
memory = 100 memory = 100
reserved_ports = "22" reserved_ports = "22"
} }
{% if not is_nomad_server %} {% if not is_nomad_server %}
{% if 'linode' in group_names %} {% if 'linode' in group_names %}
server_join { server_join {
retry_join = [{% for h in groups['linode'] if hostvars[h].is_nomad_server == true %}"{{ hostvars[h].ansible_host }}"{% if not loop.last %}, {% endif %}{% endfor %}] retry_join = [{% for h in groups['linode'] if hostvars[h].is_nomad_server == true %}"{{ hostvars[h].ansible_host }}"{% if not loop.last %}, {% endif %}{% endfor %}]
retry_max = 3 retry_max = 3
retry_interval = "15s" retry_interval = "15s"
} }
{% else %} {% else %}
server_join { servers = ["{{ rpi1_ip_address }}", "{{ rpi2_ip_address }}", "{{ rpi3_ip_address }}"]
retry_join = [{% for h in groups['lan'] if hostvars[h].is_nomad_server == true %}"{{ hostvars[h].ansible_host }}"{% if not loop.last %}, {% endif %}{% endfor %}] server_join {
retry_max = 3 retry_join = ["{{ rpi1_ip_address }}", "{{ rpi2_ip_address }}", "{{ rpi3_ip_address }}"]
retry_interval = "15s" retry_max = 3
} retry_interval = "15s"
}
{% endif %} {% endif %}
{% endif %} {% endif %}
meta { meta {
# These are variables that can be used in Nomad job files # These are variables that can be used in Nomad job files
PUID = "{{ ansible_user_uid }}" PUID = "{{ ansible_user_uid }}"
PGID = "{{ ansible_user_gid }}" PGID = "{{ ansible_user_gid }}"
nfsStorageRoot = "{{ interpolated_nfs_service_storage }}" nfsStorageRoot = "{{ interpolated_nfs_service_storage }}"
localStorageRoot = "{{ interpolated_localfs_service_storage }}" localStorageRoot = "{{ interpolated_localfs_service_storage }}"
{% if 'macs' in group_names %} {% if 'macs' in group_names %}
restoreCommand = "/usr/local/bin/service_restore" restoreCommand = "/usr/local/bin/service_restore"
restoreCommand1 = "--verbose" restoreCommand1 = "--verbose"
restoreCommand2 = "--job" restoreCommand2 = "--job"
restoreCommand3 = "" restoreCommand3 = ""
backupCommand = "/usr/local/bin/service_backups" backupCommand = "/usr/local/bin/service_backups"
backupCommandArg1 = "--verbose" backupCommandArg1 = "--verbose"
backupCommandArg2 = "--loglevel=INFO" backupCommandArg2 = "--loglevel=INFO"
backupCommandArg3 = "" backupCommandArg3 = ""
backupAllocArg1 = "--verbose" backupAllocArg1 = "--verbose"
backupAllocArg2 = "--loglevel=INFO" backupAllocArg2 = "--loglevel=INFO"
backupAllocArg3 = "--allocation" backupAllocArg3 = "--allocation"
backupAllocArg4 = "--delete" backupAllocArg4 = "--delete"
backupAllocArg5 = "--job" backupAllocArg5 = "--job"
backupAllocArg6 = "" backupAllocArg6 = ""
{% else %} {% else %}
restoreCommand = "sudo" restoreCommand = "sudo"
restoreCommand1 = "/usr/local/bin/service_restore" restoreCommand1 = "/usr/local/bin/service_restore"
restoreCommand2 = "--job" restoreCommand2 = "--job"
restoreCommand3 = "--verbose" restoreCommand3 = "--verbose"
backupCommand = "sudo" backupCommand = "sudo"
backupCommandArg1 = "/usr/local/bin/service_backups" backupCommandArg1 = "/usr/local/bin/service_backups"
backupCommandArg2 = "--verbose" backupCommandArg2 = "--verbose"
backupCommandArg3 = "--loglevel=INFO" backupCommandArg3 = "--loglevel=INFO"
backupAllocArg1 = "/usr/local/bin/service_backups" backupAllocArg1 = "/usr/local/bin/service_backups"
backupAllocArg2 = "--verbose" backupAllocArg2 = "--verbose"
backupAllocArg3 = "--loglevel=INFO" backupAllocArg3 = "--loglevel=INFO"
backupAllocArg4 = "--allocation" backupAllocArg4 = "--allocation"
backupAllocArg5 = "--job" backupAllocArg5 = "--job"
backupAllocArg6 = "--delete" backupAllocArg6 = "--delete"
{% endif %} {% endif %}
} }
} # /client } # /client
{% if is_nomad_server %} {% if is_nomad_server %}
# ----------------------------------------- Server Config # ----------------------------------------- Server Config
server { server {
enabled = true enabled = true
encrypt = "{{ nomad_encryption_key }}" encrypt = "{{ nomad_encryption_key }}"
{% if 'linode' in group_names %} {% if 'linode' in group_names %}
bootstrap_expect = 1 bootstrap_expect = 1
{% else %} {% else %}
bootstrap_expect = 3 bootstrap_expect = 3
{% endif %} {% endif %}
node_gc_threshold = "15m" node_gc_threshold = "15m"
job_gc_interval = "15m" job_gc_interval = "15m"
job_gc_threshold = "6h" job_gc_threshold = "6h"
heartbeat_grace = "60s" heartbeat_grace = "60s"
min_heartbeat_ttl = "20s" min_heartbeat_ttl = "20s"
raft_protocol = "3" raft_protocol = "3"
server_join { server_join {
retry_join = [{% for h in groups['lan'] if hostvars[h].is_nomad_server == true %}"{{ hostvars[h].ansible_host }}"{% if not loop.last %}, {% endif %}{% endfor %}] retry_join = ["{{ rpi1_ip_address }}", "{{ rpi2_ip_address }}", "{{ rpi3_ip_address }}"]
retry_max = 3 retry_max = 3
retry_interval = "15s" retry_interval = "15s"
} }
} }
autopilot { autopilot {
cleanup_dead_servers = true cleanup_dead_servers = true
last_contact_threshold = "200ms" disable_upgrade_migration = false
max_trailing_logs = 250 enable_custom_upgrades = false
server_stabilization_time = "10s" enable_redundancy_zones = false
enable_redundancy_zones = false last_contact_threshold = "200ms"
disable_upgrade_migration = false max_trailing_logs = 250
enable_custom_upgrades = false server_stabilization_time = "10s"
} }
{% endif %} {% endif %}
{% if is_nomad_server and is_nomad_client %} {% if is_nomad_server and is_nomad_client %}
client { client {
enabled = true enabled = true
} }
{% endif %} {% endif %}
# ----------------------------------------- Telemety # ----------------------------------------- Telemety
telemetry = { telemetry = {
publish_allocation_metrics = true collection_interval = "10s"
publish_node_metrics = true datadog_address = "localhost:8125"
collection_interval = "10s" filter_default = false
filter_default = false publish_allocation_metrics = true
datadog_address = "localhost:8125" publish_node_metrics = true
prefix_filter = [ prefix_filter = [
"+nomad.client.allocations.running", "+nomad.client.allocations.running",
"+nomad.client.allocations.terminal", "+nomad.client.allocations.terminal",
"+nomad.client.allocs.cpu.allocated", "+nomad.client.allocs.cpu.allocated",
"+nomad.client.allocs.cpu.total_percent", "+nomad.client.allocs.cpu.total_percent",
"+nomad.client.allocs.memory.allocated", "+nomad.client.allocs.memory.allocated",
"+nomad.client.allocs.memory.swap", "+nomad.client.allocs.memory.swap",
"+nomad.client.allocs.memory.usage", "+nomad.client.allocs.memory.usage",
"+nomad.nomad.job_status.dead", "+nomad.nomad.job_status.dead",
"+nomad.nomad.job_status.running", "+nomad.nomad.job_status.running",
"+nomad.nomad.job_status.pending", "+nomad.nomad.job_status.pending",
"+nomad.nomad.job_summary.running", "+nomad.nomad.job_summary.running",
"+nomad.nomad.job_summary.complete", "+nomad.nomad.job_summary.complete",
"+nomad.nomad.job_summary.lost", "+nomad.nomad.job_summary.lost",
"+nomad.nomad.job_summary.failed"] "+nomad.nomad.job_summary.failed"
]
} }
# ----------------------------------------- Plugins # ----------------------------------------- Plugins
plugin "raw_exec" { plugin "raw_exec" {
config { config {
enabled = true enabled = true
} }
} }
plugin "docker" { plugin "docker" {
config { config {
allow_caps = ["all"] allow_caps = ["all"]
allow_privileged = true allow_privileged = true
extra_labels = ["job_name"] extra_labels = ["job_name", "job_id", "task_group_name", "task_name", "namespace", "node_name", "node_id"]
volumes { volumes {
enabled = true enabled = true
} }
} }
} }