---
# file: roles/nomad/defaults/main.yaml
-# Inst - Prerequisites.
+# Prerequisites
packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
packages_base:
- "curl"
x86_64:
- []
-# Inst - Nomad Map.
+# Package
+nomad_version: "{{ lookup('env','NOMAD_VERSION') | default('1.0.4', true) }}"
nomad_architecture_map:
amd64: "amd64"
x86_64: "amd64"
32-bit: "386"
64-bit: "amd64"
nomad_architecture: "{{ nomad_architecture_map[ansible_architecture] }}"
-nomad_version: "1.0.4"
-nomad_pkg: "nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip"
-nomad_zip_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/{{ nomad_pkg }}"
+nomad_pkg: "nomad_{{ nomad_version }}_linux_{{nomad_architecture}}.zip"
+nomad_zip_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_{{nomad_architecture}}.zip"
+nomad_checksum_file_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version}}_SHA256SUMS"
+nomad_podman_enable: false
+nomad_podman_version: "{{ lookup('env','NOMAD_PODMAN_VERSION') | default('0.1.0', true) }}"
+nomad_podman_pkg: "nomad-driver-podman_{{ nomad_podman_version }}_linux_{{nomad_architecture}}.zip"
+nomad_podman_url: "https://releases.hashicorp.com/nomad-driver-podman/{{ nomad_podman_version }}"
+nomad_podman_zip_url: "{{ nomad_podman_url }}/{{ nomad_podman_pkg }}"
+nomad_podman_checksum_file_url: "{{ nomad_podman_url }}/nomad-driver-podman_{{ nomad_podman_version }}_SHA256SUMS"
-# Inst - System paths.
+# Paths
+nomad_inst_dir: "/opt"
nomad_bin_dir: "/usr/local/bin"
nomad_config_dir: "/etc/nomad.d"
nomad_data_dir: "/var/nomad"
-nomad_inst_dir: "/opt"
+nomad_plugin_dir: "{{ nomad_data_dir }}/plugins"
nomad_lockfile: "/var/lock/subsys/nomad"
nomad_run_dir: "/var/run/nomad"
nomad_ssl_dir: "/etc/nomad.d/ssl"
-# Conf - Service.
-nomad_node_role: "both"
+# Initialization and startup script templates
nomad_restart_handler_state: "restarted"
-# Conf - User and group.
+# System user and group
nomad_group: "nomad"
nomad_group_state: "present"
nomad_user: "nomad"
nomad_user_state: "present"
-# Conf - base.hcl
-nomad_bind_addr: "0.0.0.0"
+# Nomad settings
nomad_datacenter: "dc1"
-nomad_disable_update_check: true
-nomad_enable_debug: false
-nomad_log_level: "INFO"
-nomad_name: "{{ inventory_hostname }}"
nomad_region: "global"
+nomad_log_level: "INFO"
nomad_syslog_enable: true
+nomad_iface: "{{ lookup('env','NOMAD_IFACE') | default(ansible_default_ipv4.interface, true) }}"
+nomad_node_name: "{{ inventory_hostname }}"
+nomad_node_role: "{{ lookup('env','NOMAD_NODE_ROLE') | default('client', true) }}"
+nomad_leave_on_terminate: true
+nomad_leave_on_interrupt: false
+nomad_disable_update_check: true
+nomad_enable_debug: false
-# Conf - tls.hcl
-nomad_ca_file: "{{ nomad_ssl_dir }}/ca.pem"
-nomad_cert_file: "{{ nomad_ssl_dir }}/nomad.pem"
-nomad_http: false
-nomad_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem"
-nomad_rpc: false
-nomad_verify_https_client: false
-nomad_verify_server_hostname: false
-
-# Conf - client.hcl
-nomad_certificates:
- - src: "{{ file_nomad_ca_pem }}"
- dest: "{{ nomad_ca_file }}"
- - src: "{{ file_nomad_client_pem }}"
- dest: "{{ nomad_cert_file }}"
- - src: "{{ file_nomad_client_key_pem }}"
- dest: "{{ nomad_key_file }}"
-nomad_node_class: ""
-nomad_no_host_uuid: true
-nomad_options: {}
-nomad_servers: []
-nomad_volumes: []
-
-# Conf - server.hcl
+# Server settings
nomad_bootstrap_expect: 2
nomad_encrypt: ""
nomad_retry_join: true
nomad_node_gc_threshold: "24h"
# Specifies the interval between the job garbage collections. Only jobs who have
# been terminal for at least job_gc_threshold will be collected.
-nomad_job_gc_interval: "1m"
+nomad_job_gc_interval: "10m"
# Specifies the minimum time a job must be in the terminal state before it is
# eligible for garbage collection.
-nomad_job_gc_threshold: "1m"
+nomad_job_gc_threshold: "4h"
# Specifies the minimum time an evaluation must be in the terminal state before
# it is eligible for garbage collection.
-nomad_eval_gc_threshold: "1m"
+nomad_eval_gc_threshold: "1h"
# Specifies the minimum time a deployment must be in the terminal state before
# it is eligible for garbage collection.
-nomad_deployment_gc_threshold: "1m"
-
-# Conf - telemetry.hcl
-nomad_disable_hostname: false
-nomad_collection_interval: 60s
-nomad_use_node_name: false
-nomad_publish_allocation_metrics: true
-nomad_publish_node_metrics: true
-nomad_telemetry_provider_parameters:
- prometheus_metrics: true
-
-# Conf - custom.hcl
-# empty
+nomad_deployment_gc_threshold: "1h"
+nomad_encrypt_enable: "{{ lookup('env','NOMAD_ENCRYPT_ENABLE') | default('false', true) }}"
+nomad_raft_protocol: 2
+
+# Client settings
+nomad_certificates:
+ - src: "{{ file_nomad_ca_pem }}"
+ dest: "{{ nomad_ca_file }}"
+ - src: "{{ file_nomad_client_pem }}"
+ dest: "{{ nomad_cert_file }}"
+ - src: "{{ file_nomad_client_key_pem }}"
+ dest: "{{ nomad_key_file }}"
+nomad_node_class: ""
+nomad_no_host_uuid: true
+nomad_max_kill_timeout: "30s"
+nomad_gc_interval: "1m"
+nomad_gc_disk_usage_threshold: 80
+nomad_gc_inode_usage_threshold: 70
+nomad_gc_parallel_destroys: 2
+nomad_reserved:
+ cpu: "{{ nomad_reserved_cpu | default('0', true) }}"
+ memory: "{{ nomad_reserved_memory | default('0', true) }}"
+ disk: "{{ nomad_reserved_disk | default('0', true) }}"
+ ports: "{{ nomad_reserved_ports | default('22', true) }}"
+nomad_volumes: []
+nomad_options: {}
+nomad_meta: {}
+nomad_chroot_env: false
+nomad_plugins: {}
+
+# Addresses
+nomad_bind_address: "{{ hostvars[inventory_hostname]['ansible_'+ nomad_iface ]['ipv4']['address'] }}"
+nomad_advertise_address: "{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}"
+
+# Ports
+nomad_ports:
+ http: "{{ nomad_ports_http | default('4646', true) }}"
+ rpc: "{{ nomad_ports_rpc | default('4647', true) }}"
+ serf: "{{ nomad_ports_serf | default('4648', true) }}"
+
+# Servers
+nomad_group_name: "nomad"
+nomad_servers: "\
+ {% if nomad_use_consul==false %}\
+ {% set _nomad_servers = [] %}\
+ {% for host in groups[nomad_group_name] %}\
+ {% set _nomad_node_role = hostvars[host]['nomad_node_role'] | default('client', true) %}\
+ {% if ( _nomad_node_role == 'server' or _nomad_node_role == 'both') %}\
+ {% if _nomad_servers.append(host) %}{% endif %}\
+ {% endif %}\
+ {% endfor %}\
+ {{ _nomad_servers }}\
+ {% else %}\
+ []\
+ {% endif %}"
+nomad_gather_server_facts: false
+
+# Consul
+nomad_use_consul: true
+nomad_consul_address: "localhost:8500"
+nomad_consul_token: ""
+nomad_consul_servers_service_name: "nomad"
+nomad_consul_clients_service_name: "nomad-client"
+nomad_consul_tags: {}
+
+# ACLs
+nomad_acl_enabled: "{{ lookup('env', 'NOMAD_ACL_ENABLED') | default('no', true) }}"
+nomad_acl_token_ttl: "30s"
+nomad_acl_policy_ttl: "30s"
+nomad_acl_replication_token: ""
+
+# Vault
+nomad_vault_enabled: "{{ lookup('env', 'NOMAD_VAULT_ENABLED') | default('no', true) }}"
+nomad_vault_address: "{{ vault_address | default('0.0.0.0', true) }}"
+nomad_vault_allow_unauthenticated: true
+nomad_vault_create_from_role: ""
+nomad_vault_task_token_ttl: ""
+nomad_vault_ca_file: ""
+nomad_vault_ca_path: ""
+nomad_vault_cert_file: ""
+nomad_vault_key_file: ""
+nomad_vault_tls_server_name: ""
+nomad_vault_tls_skip_verify: false
+nomad_vault_token: ""
+nomad_vault_namespace: ""
+
+# Docker
+nomad_docker_enable: "{{ lookup('env','NOMAD_DOCKER_ENABLE') | default('false', true) }}"
+nomad_docker_dmsetup: true
+
+# TLS
+nomad_tls_enable: true
+nomad_ca_file: "{{ nomad_ssl_dir }}/ca.pem"
+nomad_cert_file: "{{ nomad_ssl_dir }}/nomad.pem"
+nomad_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem"
+nomad_http: false
+nomad_rpc: false
+nomad_rpc_upgrade_mode: false
+nomad_verify_server_hostname: false
+nomad_verify_https_client: false
+
+# Conf - autopilot.hcl
+nomad_autopilot_cleanup_dead_servers: true
+nomad_autopilot_last_contact_threshold: "200ms"
+nomad_autopilot_max_trailing_logs: 250
+nomad_autopilot_server_stabilization_time: "10s"
+
+# Telemetry
+nomad_telemetry: true
+nomad_telemetry_disable_hostname: false
+nomad_telemetry_collection_interval: 60s
+nomad_telemetry_use_node_name: false
+nomad_telemetry_publish_allocation_metrics: true
+nomad_telemetry_publish_node_metrics: true
+nomad_telemetry_prometheus_metrics: true
Code Review / csit.git / blobdiff