X-Git-Url: https://gerrit.fd.io/r/gitweb?p=csit.git;a=blobdiff_plain;f=fdio.infra.ansible%2Froles%2Fnomad%2Fdefaults%2Fmain.yaml;h=535db2bb2c37efc7d74197a9edd5d4d80aab580d;hp=da9a872f83a5e7d3b8f0e3a4e4cb87f37690f625;hb=HEAD;hpb=78a8427cc50c137e5d59ad3448ae128fdda369b2 diff --git a/fdio.infra.ansible/roles/nomad/defaults/main.yaml b/fdio.infra.ansible/roles/nomad/defaults/main.yaml index da9a872f83..535db2bb2c 100644 --- a/fdio.infra.ansible/roles/nomad/defaults/main.yaml +++ b/fdio.infra.ansible/roles/nomad/defaults/main.yaml @@ -1,11 +1,10 @@ --- # file: roles/nomad/defaults/main.yaml -# Inst - Prerequisites. +# Prerequisites packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}" packages_base: - "curl" - - "git" - "unzip" packages_by_distro: ubuntu: @@ -16,7 +15,8 @@ packages_by_arch: x86_64: - [] -# Inst - Nomad Map. +# Package +nomad_version: "1.4.3" nomad_architecture_map: amd64: "amd64" x86_64: "amd64" @@ -25,75 +25,169 @@ nomad_architecture_map: 32-bit: "386" 64-bit: "amd64" nomad_architecture: "{{ nomad_architecture_map[ansible_architecture] }}" -nomad_version: "1.0.4" -nomad_pkg: "nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip" -nomad_zip_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/{{ nomad_pkg }}" +nomad_pkg: "nomad_{{ nomad_version }}_linux_{{nomad_architecture}}.zip" +nomad_zip_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_{{nomad_architecture}}.zip" +nomad_checksum_file_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version}}_SHA256SUMS" +nomad_force_update: false -# Inst - System paths. +# Paths +nomad_inst_dir: "/opt" nomad_bin_dir: "/usr/local/bin" nomad_config_dir: "/etc/nomad.d" nomad_data_dir: "/var/nomad" -nomad_inst_dir: "/opt" +nomad_plugin_dir: "{{ nomad_data_dir }}/plugins" nomad_lockfile: "/var/lock/subsys/nomad" nomad_run_dir: "/var/run/nomad" nomad_ssl_dir: "/etc/nomad.d/ssl" -# Conf - Service. -nomad_node_role: "both" -nomad_restart_handler_state: "restarted" +# Initialization and startup script templates +nomad_service_mgr: "" -# Conf - User and group. +# System user and group nomad_group: "nomad" -nomad_group_state: "present" nomad_user: "nomad" -nomad_user_state: "present" -# Conf - base.hcl -nomad_bind_addr: "0.0.0.0" +# Nomad settings nomad_datacenter: "dc1" -nomad_disable_update_check: true -nomad_enable_debug: false -nomad_log_level: "INFO" -nomad_name: "{{ inventory_hostname }}" nomad_region: "global" +nomad_log_level: "INFO" nomad_syslog_enable: true +nomad_iface: "{{ ansible_default_ipv4.interface }}" +nomad_node_name: "{{ inventory_hostname }}" +nomad_node_role: "server" +nomad_leave_on_terminate: true +nomad_leave_on_interrupt: false +nomad_disable_update_check: true +nomad_enable_debug: false -# Conf - tls.hcl -nomad_ca_file: "{{ nomad_ssl_dir }}/ca.pem" -nomad_cert_file: "{{ nomad_ssl_dir }}/nomad.pem" -nomad_http: false -nomad_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem" -nomad_rpc: false -nomad_verify_https_client: false -nomad_verify_server_hostname: false - -# Conf - client.hcl -nomad_certificates: - - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" - - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" - - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" -nomad_node_class: "" -nomad_no_host_uuid: true -nomad_options: {} -nomad_servers: [] -nomad_volumes: [] - -# Conf - server.hcl +# Server settings nomad_bootstrap_expect: 2 nomad_encrypt: "" nomad_retry_join: true +# Specifies how long a node must be in a terminal state before it is garbage +# collected and purged from the system. +nomad_node_gc_threshold: "24h" +# Specifies the interval between the job garbage collections. Only jobs who have +# been terminal for at least job_gc_threshold will be collected. +nomad_job_gc_interval: "10m" +# Specifies the minimum time a job must be in the terminal state before it is +# eligible for garbage collection. +nomad_job_gc_threshold: "4h" +# Specifies the minimum time an evaluation must be in the terminal state before +# it is eligible for garbage collection. +nomad_eval_gc_threshold: "1h" +# Specifies the minimum time a deployment must be in the terminal state before +# it is eligible for garbage collection. +nomad_deployment_gc_threshold: "1h" +nomad_encrypt_enable: false +nomad_raft_protocol: 2 + +# Client settings +nomad_node_class: "compute" +nomad_no_host_uuid: true +nomad_max_kill_timeout: "30s" +nomad_gc_interval: "1m" +nomad_gc_disk_usage_threshold: 80 +nomad_gc_inode_usage_threshold: 70 +nomad_gc_parallel_destroys: 2 +nomad_reserved: + cpu: "{{ nomad_reserved_cpu | default('0', true) }}" + memory: "{{ nomad_reserved_memory | default('0', true) }}" + disk: "{{ nomad_reserved_disk | default('0', true) }}" + ports: "{{ nomad_reserved_ports | default('22', true) }}" +nomad_volumes: [] +nomad_options: {} +nomad_meta: {} +nomad_chroot_env: false +nomad_plugins: {} + +# Addresses +nomad_bind_address: "{{ hostvars[inventory_hostname]['ansible_'+ nomad_iface ]['ipv4']['address'] }}" +nomad_advertise_address: "{{ hostvars[inventory_hostname]['ansible_' + nomad_iface]['ipv4']['address'] }}" + +# Ports +nomad_ports: + http: "{{ nomad_ports_http | default('4646', true) }}" + rpc: "{{ nomad_ports_rpc | default('4647', true) }}" + serf: "{{ nomad_ports_serf | default('4648', true) }}" + +# Servers +nomad_group_name: "nomad" +nomad_servers: "\ + {% if nomad_use_consul==false %}\ + {% set _nomad_servers = [] %}\ + {% for host in groups[nomad_group_name] %}\ + {% set _nomad_node_role = hostvars[host]['nomad_node_role'] | default('client', true) %}\ + {% if (_nomad_node_role == 'server' or _nomad_node_role == 'both') %}\ + {% if _nomad_servers.append(host) %}{% endif %}\ + {% endif %}\ + {% endfor %}\ + {{ _nomad_servers }}\ + {% else %}\ + []\ + {% endif %}" +nomad_gather_server_facts: false + +# Consul +nomad_use_consul: true +nomad_consul_address: "localhost:8500" +nomad_consul_token: "" +nomad_consul_servers_service_name: "nomad" +nomad_consul_clients_service_name: "nomad-client" +nomad_consul_tags: {} +nomad_consul_use_ssl: false + +# ACLs +nomad_acl_enabled: false +nomad_acl_token_ttl: "30s" +nomad_acl_policy_ttl: "30s" +nomad_acl_replication_token: "" + +# Docker +nomad_docker_enable: false +nomad_docker_dmsetup: true + +# Autopilot +nomad_autopilot_cleanup_dead_servers: true +nomad_autopilot_last_contact_threshold: "200ms" +nomad_autopilot_max_trailing_logs: 250 +nomad_autopilot_server_stabilization_time: "10s" + +# Telemetry. +nomad_use_telemetry: true +nomad_telemetry_disable_hostname: false +nomad_telemetry_collection_interval: "1s" +nomad_telemetry_use_node_name: false +nomad_telemetry_publish_allocation_metrics: true +nomad_telemetry_publish_node_metrics: true +nomad_telemetry_prometheus_metrics: true + +# TLS. +nomad_use_tls: true +nomad_tls_ca_file: "{{ nomad_ssl_dir }}/nomad-ca.pem" +nomad_tls_cert_file: "{{ nomad_ssl_dir }}/nomad.pem" +nomad_tls_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem" +nomad_tls_cli_cert_file: "{{ nomad_ssl_dir }}/nomad-cli.pem" +nomad_tls_cli_key_file: "{{ nomad_ssl_dir }}/nomad-cli-key.pem" +nomad_tls_http: false +nomad_tls_rpc: false +nomad_tls_rpc_upgrade_mode: false +nomad_tls_verify_https_client: false +nomad_tls_verify_server_hostname: false -# Conf - telemetry.hcl -nomad_disable_hostname: false -nomad_collection_interval: 60s -nomad_use_node_name: false -nomad_publish_allocation_metrics: true -nomad_publish_node_metrics: true -nomad_telemetry_provider_parameters: - prometheus_metrics: true - -# Conf - custom.hcl -# empty +# Vault +nomad_use_vault: false +nomad_vault_address: "http://vault.service.consul:8200" +nomad_vault_allow_unauthenticated: true +nomad_vault_enabled: false +nomad_vault_create_from_role: "" +nomad_vault_task_token_ttl: "72h" +nomad_vault_use_ssl: false +nomad_vault_ca_file: "" +nomad_vault_ca_path: "" +nomad_vault_cert_file: "" +nomad_vault_key_file: "" +nomad_vault_namespace: "" +nomad_vault_tls_server_name: "" +nomad_vault_tls_skip_verify: false +nomad_vault_token: ""