From 010a53a58b8239732be3239926f8e19d445a5467 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Fri, 30 Apr 2021 14:50:09 +0900 Subject: [PATCH] Deploy `nomad`. --- cookbooks/consul/install.rb | 2 +- .../{consul.list => hashicorp.list} | 0 cookbooks/nomad/attributes.rb | 9 +++ cookbooks/nomad/default.rb | 7 ++ cookbooks/nomad/files/etc/nomad.d/client.hcl | 13 ++++ cookbooks/nomad/files/etc/nomad.d/datadir.hcl | 4 ++ .../files/etc/nomad.d/docker-registry.hcl | 6 ++ cookbooks/nomad/files/etc/nomad.d/server.hcl | 4 ++ .../nomad/files/etc/sysctl.d/90-nomad.conf | 3 + cookbooks/nomad/install.rb | 20 ++++++ cookbooks/nomad/setup.rb | 65 +++++++++++++++++++ cookbooks/nomad/shared_dir.rb | 19 ++++++ .../etc/apt/sources.list.d/hashicorp.list | 1 + 13 files changed, 152 insertions(+), 1 deletion(-) rename cookbooks/consul/templates/etc/apt/sources.list.d/{consul.list => hashicorp.list} (100%) create mode 100644 cookbooks/nomad/attributes.rb create mode 100644 cookbooks/nomad/default.rb create mode 100644 cookbooks/nomad/files/etc/nomad.d/client.hcl create mode 100644 cookbooks/nomad/files/etc/nomad.d/datadir.hcl create mode 100644 cookbooks/nomad/files/etc/nomad.d/docker-registry.hcl create mode 100644 cookbooks/nomad/files/etc/nomad.d/server.hcl create mode 100644 cookbooks/nomad/files/etc/sysctl.d/90-nomad.conf create mode 100644 cookbooks/nomad/install.rb create mode 100644 cookbooks/nomad/setup.rb create mode 100644 cookbooks/nomad/shared_dir.rb create mode 100644 cookbooks/nomad/templates/etc/apt/sources.list.d/hashicorp.list diff --git a/cookbooks/consul/install.rb b/cookbooks/consul/install.rb index 2c834e4..6e8adec 100644 --- a/cookbooks/consul/install.rb +++ b/cookbooks/consul/install.rb @@ -10,7 +10,7 @@ end DIST = run_command('lsb_release -cs').stdout.chomp # Deploy the `apt` sources: -template '/etc/apt/sources.list.d/consul.list' do +template '/etc/apt/sources.list.d/hashicorp.list' do action :create variables(distribution: DIST) end diff --git a/cookbooks/consul/templates/etc/apt/sources.list.d/consul.list b/cookbooks/consul/templates/etc/apt/sources.list.d/hashicorp.list similarity index 100% rename from cookbooks/consul/templates/etc/apt/sources.list.d/consul.list rename to cookbooks/consul/templates/etc/apt/sources.list.d/hashicorp.list diff --git a/cookbooks/nomad/attributes.rb b/cookbooks/nomad/attributes.rb new file mode 100644 index 0000000..6e0a6ea --- /dev/null +++ b/cookbooks/nomad/attributes.rb @@ -0,0 +1,9 @@ +# ------------------------------------------- +# Specifying the default settings: +# ------------------------------------------- +node.reverse_merge!({ + 'nomad' => { + 'manager' => false, + 'client' => true + } +}) diff --git a/cookbooks/nomad/default.rb b/cookbooks/nomad/default.rb new file mode 100644 index 0000000..6a73243 --- /dev/null +++ b/cookbooks/nomad/default.rb @@ -0,0 +1,7 @@ +include_recipe './attributes.rb' + +include_recipe './install.rb' + +include_recipe './setup.rb' + +include_recipe './shared_dir.rb' diff --git a/cookbooks/nomad/files/etc/nomad.d/client.hcl b/cookbooks/nomad/files/etc/nomad.d/client.hcl new file mode 100644 index 0000000..2bd01ae --- /dev/null +++ b/cookbooks/nomad/files/etc/nomad.d/client.hcl @@ -0,0 +1,13 @@ +# /etc/nomad.d/server.hcl + +client { + enabled = true +} + +plugin "docker" { + config { + volumes { + enabled = true + } + } +} diff --git a/cookbooks/nomad/files/etc/nomad.d/datadir.hcl b/cookbooks/nomad/files/etc/nomad.d/datadir.hcl new file mode 100644 index 0000000..6d9a396 --- /dev/null +++ b/cookbooks/nomad/files/etc/nomad.d/datadir.hcl @@ -0,0 +1,4 @@ +# /etc/nomad.d/server.hcl + +# data_dir tends to be environment specific. +data_dir = "/opt/nomad/data/" diff --git a/cookbooks/nomad/files/etc/nomad.d/docker-registry.hcl b/cookbooks/nomad/files/etc/nomad.d/docker-registry.hcl new file mode 100644 index 0000000..d75173c --- /dev/null +++ b/cookbooks/nomad/files/etc/nomad.d/docker-registry.hcl @@ -0,0 +1,6 @@ +client { + host_volume "docker-registry" { + path = "/mnt/shared/Docker-registry" + read_only = false + } +} diff --git a/cookbooks/nomad/files/etc/nomad.d/server.hcl b/cookbooks/nomad/files/etc/nomad.d/server.hcl new file mode 100644 index 0000000..385e208 --- /dev/null +++ b/cookbooks/nomad/files/etc/nomad.d/server.hcl @@ -0,0 +1,4 @@ +server { + enabled = true + bootstrap_expect = 3 +} diff --git a/cookbooks/nomad/files/etc/sysctl.d/90-nomad.conf b/cookbooks/nomad/files/etc/sysctl.d/90-nomad.conf new file mode 100644 index 0000000..d0ce3b4 --- /dev/null +++ b/cookbooks/nomad/files/etc/sysctl.d/90-nomad.conf @@ -0,0 +1,3 @@ +net.bridge.bridge-nf-call-arptables = 1 +net.bridge.bridge-nf-call-ip6tables = 1 +net.bridge.bridge-nf-call-iptables = 1 diff --git a/cookbooks/nomad/install.rb b/cookbooks/nomad/install.rb new file mode 100644 index 0000000..74adaea --- /dev/null +++ b/cookbooks/nomad/install.rb @@ -0,0 +1,20 @@ +# Install `Consul`: +KEYSRV = "https://apt.releases.hashicorp.com/gpg" +ID = "A3219F7B" + +execute "apt-key adv --keyserver #{KEYSRV} --recv-keys #{ID}" do + not_if 'apt-key list | grep HashiCorp' +end + +# Retrieve the Ubuntu code: +DIST = run_command('lsb_release -cs').stdout.chomp + +# Deploy the `apt` sources: +template '/etc/apt/sources.list.d/hashicorp.list' do + action :create + variables(distribution: DIST) +end + +execute 'apt update' + +package 'nomad' diff --git a/cookbooks/nomad/setup.rb b/cookbooks/nomad/setup.rb new file mode 100644 index 0000000..f03b6ec --- /dev/null +++ b/cookbooks/nomad/setup.rb @@ -0,0 +1,65 @@ +# Kernel parameters: +remote_file '/etc/sysctl.d/90-nomad.conf' do + owner 'root' + group 'root' + mode '0644' +end + +# nomad configuration files: +file '/etc/nomad.d/nomad.hcl' do + action :delete +end + +remote_file '/etc/nomad.d/datadir.hcl' do + owner 'nomad' + group 'nomad' + mode '664' + + notifies :restart, 'service[nomad]' +end + +if node['nomad']['manager'] + remote_file '/etc/nomad.d/server.hcl' do + owner 'nomad' + group 'nomad' + mode '664' + + notifies :restart, 'service[nomad]' + end +end + +if node['nomad']['client'] + %w( /etc/nomad.d/client.hcl /etc/nomad.d/docker-registry.hcl ).each do |conf| + remote_file conf do + owner 'nomad' + group 'nomad' + mode '664' + + notifies :restart, 'service[nomad]' + end + end +end + +# Create directory: +directory '/opt/nomad/data/' do + owner 'nomad' + group 'nomad' + mode '0755' +end + +# iptables settings here: +%w( 80/tcp 4646/tcp 4647/tcp 4648/tcp 8081/tcp 20000:32000/tcp ).each do |port| + execute "ufw allow #{port}" do + user 'root' + + not_if "LANG=c ufw status | grep #{port}" + + notifies :run, 'execute[ufw reload-or-enable]' + end +end + +# Enable and start nomad: +service 'nomad' do + action [:enable, :start] +end + diff --git a/cookbooks/nomad/shared_dir.rb b/cookbooks/nomad/shared_dir.rb new file mode 100644 index 0000000..c40e4d1 --- /dev/null +++ b/cookbooks/nomad/shared_dir.rb @@ -0,0 +1,19 @@ +%w( /mnt/shared ).each do |d| + directory d do + owner 'root' + group 'root' + end +end + +# Add the fstab entry: +file '/etc/fstab' do + action :edit + + block do |content| + content << "//192.168.10.200/Shared/AppData /mnt/shared cifs username=admin,password=Holiday88,uid=root,gid=root,file_mode=0777,dir_mode=0777,vers=3.0,_netdev 0 0\n" + end + + not_if 'grep shared /etc/fstab' +end + +execute 'mount -a || true' diff --git a/cookbooks/nomad/templates/etc/apt/sources.list.d/hashicorp.list b/cookbooks/nomad/templates/etc/apt/sources.list.d/hashicorp.list new file mode 100644 index 0000000..16f9f11 --- /dev/null +++ b/cookbooks/nomad/templates/etc/apt/sources.list.d/hashicorp.list @@ -0,0 +1 @@ +deb [arch=amd64] https://apt.releases.hashicorp.com <%= @distribution %> main