--- # file: roles/nomad/defaults/main.yaml # Prerequisites packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}" packages_base: - "curl" - "unzip" packages_by_distro: ubuntu: - [] packages_by_arch: aarch64: - [] x86_64: - [] # Package nomad_version: "1.4.3" nomad_architecture_map: amd64: "amd64" x86_64: "amd64" armv7l: "arm" aarch64: "arm64" 32-bit: "386" 64-bit: "amd64" nomad_architecture: "{{ nomad_architecture_map[ansible_architecture] }}" nomad_pkg: "nomad_{{ nomad_version }}_linux_{{nomad_architecture}}.zip" nomad_zip_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_{{nomad_architecture}}.zip" nomad_checksum_file_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version}}_SHA256SUMS" nomad_force_update: false # Paths nomad_inst_dir: "/opt" nomad_bin_dir: "/usr/local/bin" nomad_config_dir: "/etc/nomad.d" nomad_data_dir: "/var/nomad" nomad_plugin_dir: "{{ nomad_data_dir }}/plugins" nomad_lockfile: "/var/lock/subsys/nomad" nomad_run_dir: "/var/run/nomad" nomad_ssl_dir: "/etc/nomad.d/ssl" # Initialization and startup script templates nomad_service_mgr: "" # System user and group nomad_group: "nomad" nomad_user: "nomad" # Nomad settings nomad_datacenter: "dc1" nomad_region: "global" nomad_log_level: "INFO" nomad_syslog_enable: true nomad_iface: "{{ ansible_default_ipv4.interface }}" nomad_node_name: "{{ inventory_hostname }}" nomad_node_role: "server" nomad_leave_on_terminate: true nomad_leave_on_interrupt: false nomad_disable_update_check: true nomad_enable_debug: false # Server settings nomad_bootstrap_expect: 2 nomad_encrypt: "" nomad_retry_join: true # Specifies how long a node must be in a terminal state before it is garbage # collected and purged from the system. nomad_node_gc_threshold: "24h" # Specifies the interval between the job garbage collections. Only jobs who have # been terminal for at least job_gc_threshold will be collected. nomad_job_gc_interval: "10m" # Specifies the minimum time a job must be in the terminal state before it is # eligible for garbage collection. nomad_job_gc_threshold: "4h" # Specifies the minimum time an evaluation must be in the terminal state before # it is eligible for garbage collection. nomad_eval_gc_threshold: "1h" # Specifies the minimum time a deployment must be in the terminal state before # it is eligible for garbage collection. nomad_deployment_gc_threshold: "1h" nomad_encrypt_enable: false nomad_raft_protocol: 2 # Client settings nomad_node_class: "compute" nomad_no_host_uuid: true nomad_max_kill_timeout: "30s" nomad_gc_interval: "1m" nomad_gc_disk_usage_threshold: 80 nomad_gc_inode_usage_threshold: 70 nomad_gc_parallel_destroys: 2 nomad_reserved: cpu: "{{ nomad_reserved_cpu | default('0', true) }}" memory: "{{ nomad_reserved_memory | default('0', true) }}" disk: "{{ nomad_reserved_disk | default('0', true) }}" ports: "{{ nomad_reserved_ports | default('22', true) }}" nomad_volumes: [] nomad_options: {} nomad_meta: {} nomad_chroot_env: false nomad_plugins: {} # Addresses nomad_bind_address: "{{ hostvars[inventory_hostname]['ansible_'+ nomad_iface ]['ipv4']['address'] }}" nomad_advertise_address: "{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}" # Ports nomad_ports: http: "{{ nomad_ports_http | default('4646', true) }}" rpc: "{{ nomad_ports_rpc | default('4647', true) }}" serf: "{{ nomad_ports_serf | default('4648', true) }}" # Servers nomad_group_name: "nomad" nomad_servers: "\ {% if nomad_use_consul==false %}\ {% set _nomad_servers = [] %}\ {% for host in groups[nomad_group_name] %}\ {% set _nomad_node_role = hostvars[host]['nomad_node_role'] | default('client', true) %}\ {% if (_nomad_node_role == 'server' or _nomad_node_role == 'both') %}\ {% if _nomad_servers.append(host) %}{% endif %}\ {% endif %}\ {% endfor %}\ {{ _nomad_servers }}\ {% else %}\ []\ {% endif %}" nomad_gather_server_facts: false # Consul nomad_use_consul: true nomad_consul_address: "localhost:8500" nomad_consul_token: "" nomad_consul_servers_service_name: "nomad" nomad_consul_clients_service_name: "nomad-client" nomad_consul_tags: {} nomad_consul_use_ssl: false # ACLs nomad_acl_enabled: false nomad_acl_token_ttl: "30s" nomad_acl_policy_ttl: "30s" nomad_acl_replication_token: "" # Docker nomad_docker_enable: false nomad_docker_dmsetup: true # Autopilot nomad_autopilot_cleanup_dead_servers: true nomad_autopilot_last_contact_threshold: "200ms" nomad_autopilot_max_trailing_logs: 250 nomad_autopilot_server_stabilization_time: "10s" # Telemetry. nomad_use_telemetry: true nomad_telemetry_disable_hostname: false nomad_telemetry_collection_interval: "1s" nomad_telemetry_use_node_name: false nomad_telemetry_publish_allocation_metrics: true nomad_telemetry_publish_node_metrics: true nomad_telemetry_prometheus_metrics: true # TLS. nomad_use_tls: true nomad_tls_ca_file: "{{ nomad_ssl_dir }}/nomad-ca.pem" nomad_tls_cert_file: "{{ nomad_ssl_dir }}/nomad.pem" nomad_tls_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem" nomad_tls_cli_cert_file: "{{ nomad_ssl_dir }}/nomad-cli.pem" nomad_tls_cli_key_file: "{{ nomad_ssl_dir }}/nomad-cli-key.pem" nomad_tls_http: false nomad_tls_rpc: false nomad_tls_rpc_upgrade_mode: false nomad_tls_verify_https_client: false nomad_tls_verify_server_hostname: false # Vault nomad_use_vault: false nomad_vault_address: "http://vault.service.consul:8200" nomad_vault_allow_unauthenticated: true nomad_vault_enabled: false nomad_vault_create_from_role: "" nomad_vault_task_token_ttl: "72h" nomad_vault_use_ssl: false nomad_vault_ca_file: "" nomad_vault_ca_path: "" nomad_vault_cert_file: "" nomad_vault_key_file: "" nomad_vault_namespace: "" nomad_vault_tls_server_name: "" nomad_vault_tls_skip_verify: false nomad_vault_token: ""