From 64066ab78fe12fc619639d28c17b53bbce84f932 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Sun, 13 Mar 2022 21:55:25 +0900 Subject: [PATCH 1/6] Add `consul` stanza. --- cookbooks/nomad/files/etc/nomad.d/client.hcl | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cookbooks/nomad/files/etc/nomad.d/client.hcl b/cookbooks/nomad/files/etc/nomad.d/client.hcl index f731e19..dd7b407 100644 --- a/cookbooks/nomad/files/etc/nomad.d/client.hcl +++ b/cookbooks/nomad/files/etc/nomad.d/client.hcl @@ -1,3 +1,11 @@ client { enabled = true + + meta { + connect.log_level = "debug" + } } + +# consul { +# token = "11800359-1330-fe54-d858-44e8de9a14f6" +# } From a882f52b3f0ef4ee63dbbfa6742954e4faffc316 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Sun, 13 Mar 2022 21:56:59 +0900 Subject: [PATCH 2/6] Delete `shared_dir.rb`. --- cookbooks/nomad/default.rb | 2 -- cookbooks/nomad/shared_dir.rb | 19 ------------------- 2 files changed, 21 deletions(-) delete mode 100644 cookbooks/nomad/shared_dir.rb diff --git a/cookbooks/nomad/default.rb b/cookbooks/nomad/default.rb index df2a768..6da52cd 100644 --- a/cookbooks/nomad/default.rb +++ b/cookbooks/nomad/default.rb @@ -5,6 +5,4 @@ include_recipe './install.rb' if node['nomad']['manager'] || node['nomad']['client'] include_recipe './setup.rb' include_recipe './csi.rb' - - include_recipe './shared_dir.rb' end diff --git a/cookbooks/nomad/shared_dir.rb b/cookbooks/nomad/shared_dir.rb deleted file mode 100644 index c40e4d1..0000000 --- a/cookbooks/nomad/shared_dir.rb +++ /dev/null @@ -1,19 +0,0 @@ -%w( /mnt/shared ).each do |d| - directory d do - owner 'root' - group 'root' - end -end - -# Add the fstab entry: -file '/etc/fstab' do - action :edit - - block do |content| - content << "//192.168.10.200/Shared/AppData /mnt/shared cifs username=admin,password=Holiday88,uid=root,gid=root,file_mode=0777,dir_mode=0777,vers=3.0,_netdev 0 0\n" - end - - not_if 'grep shared /etc/fstab' -end - -execute 'mount -a || true' From ce7a80db7ad53d85ed139783506ecefae24ff7b3 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Mon, 14 Mar 2022 22:34:47 +0900 Subject: [PATCH 3/6] Create `/etc/nomad.d/policies/` directory. --- cookbooks/nomad/setup.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cookbooks/nomad/setup.rb b/cookbooks/nomad/setup.rb index 43db7e8..e32dd26 100644 --- a/cookbooks/nomad/setup.rb +++ b/cookbooks/nomad/setup.rb @@ -22,6 +22,12 @@ if node['nomad']['manager'] notifies :restart, 'service[nomad]' end end + + directory '/etc/nomad.d/policies' do + owner 'nomad' + group 'nomad' + mode '644' + end end if node['nomad']['client'] From 9a5a78d657e0268f00a8b414651fe15175884040 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Mon, 14 Mar 2022 22:51:46 +0900 Subject: [PATCH 4/6] Deploy `/etc/nomad.d/policies/anonymous.hcl`. --- .../files/etc/nomad.d/policies/anonymous.hcl | 24 +++++++++++++++++++ cookbooks/nomad/setup.rb | 6 +++++ 2 files changed, 30 insertions(+) create mode 100644 cookbooks/nomad/files/etc/nomad.d/policies/anonymous.hcl diff --git a/cookbooks/nomad/files/etc/nomad.d/policies/anonymous.hcl b/cookbooks/nomad/files/etc/nomad.d/policies/anonymous.hcl new file mode 100644 index 0000000..9fe3564 --- /dev/null +++ b/cookbooks/nomad/files/etc/nomad.d/policies/anonymous.hcl @@ -0,0 +1,24 @@ +namespace "*" { + policy = "write" + capabilities = ["alloc-node-exec"] +} + +agent { + policy = "write" +} + +operator { + policy = "write" +} + +quota { + policy = "write" +} + +node { + policy = "write" +} + +host_volume "*" { + policy = "write" +} diff --git a/cookbooks/nomad/setup.rb b/cookbooks/nomad/setup.rb index e32dd26..73c6c3d 100644 --- a/cookbooks/nomad/setup.rb +++ b/cookbooks/nomad/setup.rb @@ -24,6 +24,12 @@ if node['nomad']['manager'] end directory '/etc/nomad.d/policies' do + owner 'nomad' + group 'nomad' + mode '755' + end + + remote_file '/etc/nomad.d/policies/anonymous.hcl' do owner 'nomad' group 'nomad' mode '644' From ef40d3dc0122aa0b9746620d5f1a085add887854 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Mon, 14 Mar 2022 23:06:37 +0900 Subject: [PATCH 5/6] Create /etc/nomad.d/jobs --- cookbooks/nomad/setup.rb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cookbooks/nomad/setup.rb b/cookbooks/nomad/setup.rb index 73c6c3d..24b4edb 100644 --- a/cookbooks/nomad/setup.rb +++ b/cookbooks/nomad/setup.rb @@ -46,6 +46,12 @@ if node['nomad']['client'] notifies :restart, 'service[nomad]' end end + + directory '/etc/nomad.d/jobs' do + owner 'nomad' + group 'nomad' + mode '755' + end end # Create directory: From 4a57c21614704dab44046847fcf90564bc137d92 Mon Sep 17 00:00:00 2001 From: Kazuhiro MUSASHI Date: Mon, 14 Mar 2022 23:06:41 +0900 Subject: [PATCH 6/6] Deploy example `Consul Connect` job. --- .../etc/nomad.d/jobs/countdash-intention.hcl | 8 ++ .../files/etc/nomad.d/jobs/countdash.hcl | 98 +++++++++++++++++++ cookbooks/nomad/setup.rb | 8 ++ 3 files changed, 114 insertions(+) create mode 100644 cookbooks/nomad/files/etc/nomad.d/jobs/countdash-intention.hcl create mode 100644 cookbooks/nomad/files/etc/nomad.d/jobs/countdash.hcl diff --git a/cookbooks/nomad/files/etc/nomad.d/jobs/countdash-intention.hcl b/cookbooks/nomad/files/etc/nomad.d/jobs/countdash-intention.hcl new file mode 100644 index 0000000..7fc1fc0 --- /dev/null +++ b/cookbooks/nomad/files/etc/nomad.d/jobs/countdash-intention.hcl @@ -0,0 +1,8 @@ +Kind = "service-intentions" +Name = "count-api" +Sources = [ + { + Name = "count-dashboard" + Action = "allow" + } +] diff --git a/cookbooks/nomad/files/etc/nomad.d/jobs/countdash.hcl b/cookbooks/nomad/files/etc/nomad.d/jobs/countdash.hcl new file mode 100644 index 0000000..a963c47 --- /dev/null +++ b/cookbooks/nomad/files/etc/nomad.d/jobs/countdash.hcl @@ -0,0 +1,98 @@ +job "countdash" { + datacenters = ["dc1"] + group "api" { + network { + mode = "bridge" + + port "envoy_metrics" { + to = 9102 + } + } + + service { + name = "count-api" + port = "9001" + + meta { + envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}" + } + + connect { + sidecar_service { + proxy { + config { + envoy_prometheus_bind_addr = "0.0.0.0:9102" + } + } + tags = ["envoy"] + } + } + } + + task "web" { + driver = "docker" + config { + image = "hashicorpnomad/counter-api:v1" + } + + # constraint { + # attribute = "${attr.unique.hostname}" + # value = "test01" + # } + } + } + + group "dashboard" { + network { + mode ="bridge" + port "http" { + static = 9002 + to = 9002 + } + + port "envoy_metrics" { + to = 9102 + } + } + + service { + name = "count-dashboard" + port = "9002" + + meta { + envoy_metrics_port = "${NOMAD_HOST_PORT_envoy_metrics}" + } + + connect { + sidecar_service { + proxy { + upstreams { + destination_name = "count-api" + local_bind_port = 8080 + } + config { + envoy_prometheus_bind_addr = "0.0.0.0:9102" + } + } + tags = ["envoy"] + } + } + } + + task "dashboard" { + driver = "docker" + env { + COUNTING_SERVICE_URL = "http://${NOMAD_UPSTREAM_ADDR_count_api}" + } + + config { + image = "hashicorpnomad/counter-dashboard:v1" + } + + # constraint { + # attribute = "${attr.unique.hostname}" + # value = "test03" + # } + } + } +} diff --git a/cookbooks/nomad/setup.rb b/cookbooks/nomad/setup.rb index 24b4edb..3661691 100644 --- a/cookbooks/nomad/setup.rb +++ b/cookbooks/nomad/setup.rb @@ -52,6 +52,14 @@ if node['nomad']['client'] group 'nomad' mode '755' end + + %w( countdash.hcl countdash-intention.hcl ).each do |f| + remote_file "/etc/nomad.d/jobs/#{f}" do + owner 'nomad' + group 'nomad' + mode '644' + end + end end # Create directory: