diff --git a/kubernetes/tasks/install/server/install_k3s.yml b/kubernetes/tasks/install/server/install_k3s.yml index e060725..fccd387 100644 --- a/kubernetes/tasks/install/server/install_k3s.yml +++ b/kubernetes/tasks/install/server/install_k3s.yml @@ -1,5 +1,5 @@ - name: Install K3s-server for 1st-node - command: /root/k3s_install.sh {{ type }} + command: /root/k3s_install.sh {{ type }} when: "inventory_hostname == groups['kubernetes'][0]" register: command changed_when: "'No change detected' in command.stdout" @@ -26,7 +26,6 @@ port: 6443 state: started when: "inventory_hostname != groups['kubernetes'][0]" - #- name: Add Kubernetes environment-vars to /etc/profile.d/ # blockinfile: # path: /etc/profile.d/k3s-bin.sh diff --git a/nomad/defaults/main.yml b/nomad/defaults/main.yml new file mode 100644 index 0000000..c39e944 --- /dev/null +++ b/nomad/defaults/main.yml @@ -0,0 +1,3 @@ +--- +nomad: + version: 1.4.4 diff --git a/nomad/files/systemd-service b/nomad/files/systemd-service new file mode 100644 index 0000000..7867c55 --- /dev/null +++ b/nomad/files/systemd-service @@ -0,0 +1,48 @@ +[Unit] +Description=Nomad +Documentation=https://www.nomadproject.io/docs/ +Wants=network-online.target +After=network-online.target + +# When using Nomad with Consul it is not necessary to start Consul first. These +# lines start Consul before Nomad as an optimization to avoid Nomad logging +# that Consul is unavailable at startup. +#Wants=consul.service +#After=consul.service + +[Service] + +# Nomad server should be run as the nomad user. Nomad clients +# should be run as root +User=root +Group=root + +ExecReload=/bin/kill -HUP $MAINPID +ExecStart=/usr/local/bin/nomad agent -config /etc/nomad.d +KillMode=process +KillSignal=SIGINT +LimitNOFILE=65536 +LimitNPROC=infinity +Restart=on-failure +RestartSec=2 + +## Configure unit start rate limiting. Units which are started more than +## *burst* times within an *interval* time span are not permitted to start any +## more. Use `StartLimitIntervalSec` or `StartLimitInterval` (depending on +## systemd version) to configure the checking interval and `StartLimitBurst` +## to configure how many starts per interval are allowed. The values in the +## commented lines are defaults. + +# StartLimitBurst = 5 + +## StartLimitIntervalSec is used for systemd versions >= 230 +# StartLimitIntervalSec = 10s + +## StartLimitInterval is used for systemd versions < 230 +# StartLimitInterval = 10s + +TasksMax=infinity +OOMScoreAdjust=-1000 + +[Install] +WantedBy=multi-user.target diff --git a/nomad/meta/main.yml b/nomad/meta/main.yml new file mode 100644 index 0000000..6acbbeb --- /dev/null +++ b/nomad/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + #- role: docker diff --git a/nomad/tasks/install.yml b/nomad/tasks/install.yml new file mode 100644 index 0000000..d760ed7 --- /dev/null +++ b/nomad/tasks/install.yml @@ -0,0 +1,43 @@ +- name: Download binary + ansible.builtin.unarchive: + remote_src: true + src: https://releases.hashicorp.com/nomad/{{ nomad.version }}/nomad_{{ nomad.version }}_{{ ansible_system | lower }}_{{ 'amd64' if ansible_architecture == 'x86_64' else ansible_architecture }}.zip + dest: /usr/local/bin/ + mode: "755" + +- name: Deploy systemd-service file + ansible.builtin.copy: + src: systemd-service + dest: /etc/systemd/system/nomad.service + mode: u=rw,g=r,o=r + +- name: Create nomad user + ansible.builtin.user: + name: nomad + groups: + - docker + append: true + +- name: Create directory for configs + ansible.builtin.file: + path: /etc/nomad.d + state: directory + mode: "0755" + owner: "nomad" + group: "nomad" + +- name: Create nomad.hcl configuration file + ansible.builtin.template: + src: nomad.hcl.j2 + dest: /etc/nomad.d/nomad.hcl + mode: "0644" + owner: "nomad" + group: "nomad" + +- name: Create directory for data + ansible.builtin.file: + path: /opt/nomad + state: directory + mode: "0755" + owner: "nomad" + group: "nomad" diff --git a/nomad/tasks/launch.yml b/nomad/tasks/launch.yml new file mode 100644 index 0000000..e8eb304 --- /dev/null +++ b/nomad/tasks/launch.yml @@ -0,0 +1,8 @@ +- name: Start service + ansible.builtin.service: + name: nomad + state: restarted + +- name: Waiting for service to accept connections + ansible.builtin.wait_for: + port: 4646 diff --git a/nomad/tasks/main.yml b/nomad/tasks/main.yml new file mode 100644 index 0000000..32443ee --- /dev/null +++ b/nomad/tasks/main.yml @@ -0,0 +1,3 @@ +- import_tasks: ./install.yml + +- import_tasks: ./launch.yml diff --git a/nomad/templates/nomad.hcl.j2 b/nomad/templates/nomad.hcl.j2 new file mode 100644 index 0000000..1812646 --- /dev/null +++ b/nomad/templates/nomad.hcl.j2 @@ -0,0 +1,71 @@ +data_dir = "/opt/nomad" +datacenter = "{{ datacenter }}" + + +bind_addr = "0.0.0.0" + +advertise { + # Defaults to the first private IP address. + #http = "1.2.3.4" + #rpc = "1.2.3.4" + #serf = "1.2.3.4:5648" # non-default ports may be specified +} + +{# TODO: Get interface-ip from hosts marked with type=server #} +{% set server_hosts = ansible_play_batch | difference([inventory_hostname]) %} +{% if type is defined and type == "server" %} +server { + enabled = true + bootstrap_expect = {{ server_hosts | length }} + + server_join { + retry_join = [ "{{ server_hosts | join('", "') }}" ] + retry_max = 6 + retry_interval = "15s" + } + + default_scheduler_config { + scheduler_algorithm = "binpack" + memory_oversubscription_enabled = true + reject_job_registration = false + pause_eval_broker = false # New in Nomad 1.3.2 + + preemption_config { + batch_scheduler_enabled = true + system_scheduler_enabled = true + service_scheduler_enabled = true + sysbatch_scheduler_enabled = true # New in Nomad 1.2 + } + } +} +{% endif %} + +client { + enabled = true + + {% if type != "server" %} + servers = [ "{{ server_hosts | join('", "') }}" ] + {% endif %} + + meta { + node_type = "{{ type }}" + {% if storage is defined and storage %} + seaweedfs_volume = "true" + {% endif %} + } +} + + +plugin "raw_exec" { + config { + enabled = true + } +} + +plugin "docker" { + config { + {% if type is defined and type == "server" %} + allow_privileged = true + {% endif %} + } +}