Initial commit

templates/nomad.hcl.j2

@@ -0,0 +1,217 @@
+# ----------------------------------------- General Info
+name       = "{{ inventory_hostname }}"
+region     = "global"
+datacenter = "{{ datacenter_name }}"
+
+# ----------------------------------------- Files and Logs
+data_dir              = "{{ nomad_opt_dir_location }}"
+plugin_dir            = "{{ nomad_opt_dir_location }}/plugins"
+log_level             = "warn"
+log_file              = "{{ nomad_opt_dir_location }}/logs/nomad.log"
+log_rotate_max_files  = 5
+enable_syslog         = false
+
+# ----------------------------------------- Networking
+bind_addr   = "0.0.0.0" # the default
+
+advertise {
+{% if 'linode' in group_names %}
+  http    = "{{ linode_private_ip }}:4646"
+  rpc     = "{{ linode_private_ip }}:4647"
+  serf    = "{{ linode_private_ip }}:4648" # non-default ports may be specified
+{% elif 'synology' in group_names %}
+  http    = "{{ synology_second_ip }}:4646"
+  rpc     = "{{ synology_second_ip }}:4647"
+  serf    = "{{ synology_second_ip }}:4648" # non-default ports may be specified
+{% else %}
+  http    = "{{ ansible_host }}:4646"
+  rpc     = "{{ ansible_host }}:4647"
+  serf    = "{{ ansible_host }}:4648" # non-default ports may be specified
+{% endif %}
+}
+
+
+# ----------------------------------------- Consul Integration
+consul {
+{% if 'linode' in group_names %}
+    address             = "{{ linode_private_ip }}:8500"
+{% elif 'synology' in group_names %}
+    address             = "{{ synology_second_ip }}:8500"
+{% else %}
+    address             = "{{ ansible_host }}:8500"
+{% endif %}
+    server_service_name = "nomad-servers"
+    client_service_name = "nomad-clients"
+    auto_advertise      = true
+    server_auto_join    = true
+    client_auto_join    = true
+
+{% if is_nomad_server %}
+    tags  = [
+      "traefik.enable=true",
+      "traefik.http.routers.nomad-server.entryPoints=web,websecure",
+      "traefik.http.routers.nomad-server.service=nomad-server",
+      "traefik.http.routers.nomad-server.rule=Host(`nomad.{{ homelab_domain_name }}`)",
+      "traefik.http.routers.nomad-server.tls=true",
+      "traefik.http.routers.nomad-server.middlewares=authelia@file,redirectScheme@file",
+      "traefik.http.services.nomad-server.loadbalancer.server.port=4646"
+    ]
+{% endif %}
+}
+
+# ----------------------------------------- CLient Config
+client {
+  enabled         = true
+{% if 'pis' in group_names %}
+  node_class      = "rpi"
+{% elif 'macs' in group_names %}
+  node_class      = "mac"
+{% elif 'synology' in group_names %}
+  node_class      = "synology"
+{% endif %}
+  reserved {
+    cpu            = 250
+    memory         = 100
+    reserved_ports = "22"
+  }
+{% if not is_nomad_server %}
+{% if 'linode' in group_names %}
+  server_join {
+    retry_join     = [{% for h in groups['linode'] if hostvars[h].is_nomad_server == true %}"{{ hostvars[h].ansible_host }}"{% if not loop.last %}, {% endif %}{% endfor %}]
+    retry_max      = 3
+    retry_interval = "15s"
+  }
+{% else %}
+  server_join {
+    retry_join     = [{% for h in groups['lan'] if hostvars[h].is_nomad_server == true %}"{{ hostvars[h].ansible_host }}"{% if not loop.last %}, {% endif %}{% endfor %}]
+    retry_max      = 3
+    retry_interval = "15s"
+  }
+{% endif %}
+{% endif %}
+
+  meta {
+      # These are variables that can be used in Nomad job files
+      PUID             = "{{ ansible_user_uid }}"
+      PGID             = "{{ ansible_user_gid }}"
+      nfsStorageRoot   = "{{ interpolated_nfs_service_storage }}"
+      localStorageRoot = "{{ interpolated_localfs_service_storage }}"
+      {% if 'macs' in group_names %}
+      restoreCommand    = "/usr/local/bin/service_restore"
+      restoreCommand1   = "--verbose"
+      restoreCommand2   = "--job"
+      restoreCommand3   = ""
+      backupCommand     = "/usr/local/bin/service_backups"
+      backupCommandArg1 = "--verbose"
+      backupCommandArg2 = "--loglevel=INFO"
+      backupCommandArg3 = ""
+      backupAllocArg1   = "--verbose"
+      backupAllocArg2   = "--loglevel=INFO"
+      backupAllocArg3   = "--allocation"
+      backupAllocArg4   = "--delete"
+      backupAllocArg5   = "--job"
+      backupAllocArg6   = ""
+      {% else %}
+      restoreCommand    = "sudo"
+      restoreCommand1   = "/usr/local/bin/service_restore"
+      restoreCommand2   = "--job"
+      restoreCommand3   = "--verbose"
+      backupCommand     = "sudo"
+      backupCommandArg1 = "/usr/local/bin/service_backups"
+      backupCommandArg2 = "--verbose"
+      backupCommandArg3 = "--loglevel=INFO"
+      backupAllocArg1   = "/usr/local/bin/service_backups"
+      backupAllocArg2   = "--verbose"
+      backupAllocArg3   = "--loglevel=INFO"
+      backupAllocArg4   = "--allocation"
+      backupAllocArg5   = "--job"
+      backupAllocArg6   = "--delete"
+      {% endif %}
+  }
+
+} # /client
+
+{% if is_nomad_server %}
+# ----------------------------------------- Server Config
+server {
+  enabled               = true
+  encrypt               = "{{ nomad_encryption_key }}"
+{% if 'linode' in group_names %}
+  bootstrap_expect      = 1
+{% else %}
+  bootstrap_expect      = 3
+{% endif %}
+  node_gc_threshold     = "15m"
+  job_gc_interval       = "15m"
+  job_gc_threshold      = "6h"
+  heartbeat_grace       = "60s"
+  min_heartbeat_ttl     = "20s"
+  raft_protocol         = "3"
+
+  server_join {
+    retry_join      = [{% for h in groups['lan'] if hostvars[h].is_nomad_server == true %}"{{ hostvars[h].ansible_host }}"{% if not loop.last %}, {% endif %}{% endfor %}]
+    retry_max       = 3
+    retry_interval  = "15s"
+  }
+}
+
+autopilot {
+  cleanup_dead_servers      = true
+  last_contact_threshold    = "200ms"
+  max_trailing_logs         = 250
+  server_stabilization_time = "10s"
+  enable_redundancy_zones   = false
+  disable_upgrade_migration = false
+  enable_custom_upgrades    = false
+}
+
+{% endif %}
+
+{% if is_nomad_server and is_nomad_client %}
+client {
+  enabled = true
+}
+{% endif %}
+
+# ----------------------------------------- Telemety
+telemetry = {
+  publish_allocation_metrics  = true
+  publish_node_metrics        = true
+  collection_interval         = "10s"
+  filter_default              = false
+  datadog_address             = "localhost:8125"
+  prefix_filter               = [
+    "+nomad.client.allocations.running",
+    "+nomad.client.allocations.terminal",
+    "+nomad.client.allocs.cpu.allocated",
+    "+nomad.client.allocs.cpu.total_percent",
+    "+nomad.client.allocs.memory.allocated",
+    "+nomad.client.allocs.memory.swap",
+    "+nomad.client.allocs.memory.usage",
+    "+nomad.nomad.job_status.dead",
+    "+nomad.nomad.job_status.running",
+    "+nomad.nomad.job_status.pending",
+    "+nomad.nomad.job_summary.running",
+    "+nomad.nomad.job_summary.complete",
+    "+nomad.nomad.job_summary.lost",
+    "+nomad.nomad.job_summary.failed"]
+}
+
+# ----------------------------------------- Plugins
+plugin "raw_exec" {
+  config {
+    enabled = true
+  }
+}
+
+plugin "docker" {
+  config {
+    allow_caps       = [ "ALL" ]
+    allow_privileged = true
+
+    volumes {
+      enabled = true
+    }
+
+  }
+}