Merge pull request 'nomadをインストールし、consul、consul-templateのセットアップをする' (#72) from nomad into master

Reviewed-on: #72
2021-05-02 19:11:12 +09:00 · 2021-05-02 19:11:12 +09:00 · 8f6752dc6f
parent 380b464d42 1701922c91
commit 8f6752dc6f
27 changed files with 330 additions and 52 deletions
--- a/cookbooks/consul-template/attributes.rb
+++ b/cookbooks/consul-template/attributes.rb
@ -0,0 +1,13 @@
 # -------------------------------------------
 # Specifying the default settings:
 # -------------------------------------------
 node.reverse_merge!({
  'consulTemplate' => {
    'baseUrl' => 'https://releases.hashicorp.com/consul-template/',
    'version' => '0.25.2',
    'zipPrefix' => 'consul-template_',
    'zipPostfix' => '_linux_amd64.zip',
    'storage' => '/opt/consul-template/consul-template',
    'location' => '/usr/local/bin/consul-template'
  },
 })
--- a/cookbooks/consul-template/default.rb
+++ b/cookbooks/consul-template/default.rb
@ -0,0 +1,7 @@
 # Loading the attributes:
 include_recipe './attributes.rb'
 # Install loki here:
 include_recipe './install.rb'
 include_recipe './setup.rb'
--- a/cookbooks/consul-template/files/etc/default/consul-template
+++ b/cookbooks/consul-template/files/etc/default/consul-template
@ -0,0 +1 @@
 OPTIONS="-syslog -syslog-name=consul-template"
--- a/cookbooks/consul-template/files/etc/rsyslog.d/30-consul-template.conf
+++ b/cookbooks/consul-template/files/etc/rsyslog.d/30-consul-template.conf
@ -0,0 +1,7 @@
 # Log kernel generated promtail log messages to file
 :syslogtag,contains,"consul-template" /var/log/consul-template.log
 # Uncomment the following to stop logging anything that matches the last rule.
 # Doing this will stop logging kernel generated UFW log messages to the file
 # normally containing kern.* messages (eg, /var/log/kern.log)
 & stop
--- a/cookbooks/consul-template/files/etc/systemd/system/consul-template.service
+++ b/cookbooks/consul-template/files/etc/systemd/system/consul-template.service
@ -0,0 +1,13 @@
 [Unit]
 Description=consul-template
 Requires=network-online.target
 After=network-online.target consul.service
 [Service]
 EnvironmentFile=-/etc/default/consul-template
 Restart=on-failure
 ExecStart=/usr/local/bin/consul-template $OPTIONS -config=/etc/consul-template.d/conf/
 KillSignal=SIGINT
 [Install]
 WantedBy=multi-user.target
--- a/cookbooks/consul-template/install.rb
+++ b/cookbooks/consul-template/install.rb
@ -0,0 +1,34 @@
 consulTemplate_zip = "#{node['consulTemplate']['zipPrefix']}#{node['consulTemplate']['version']}#{node['consulTemplate']['zipPostfix']}"
 consulTemplate_url = "#{node['consulTemplate']['baseUrl']}#{node['consulTemplate']['version']}/#{consulTemplate_zip}"
 # バージョン確認して、アップデート必要かどうか確認
 result = run_command('which consul-template', error: false)
 if result.exit_status != 0
  # Download:
  TMP = "/tmp/#{consulTemplate_zip}"
  execute "wget #{consulTemplate_url} -O #{TMP}"
  directory '/opt/consul-template' do
    owner 'root'
    group 'root'
    mode  '0755'
  end
  execute "unzip #{TMP} -d /opt/consul-template/" do
    not_if 'test -e /opt/consul-template/consul-template'
  end
  # Change Owner and Permissions:
  file "#{node['consulTemplate']['storage']}" do
    owner 'root'
    group 'root'
    mode  '755'
  end
  # Create Link
  link "#{node['consulTemplate']['location']}" do
    to "#{node['consulTemplate']['storage']}"
  end
 end
--- a/cookbooks/consul-template/setup.rb
+++ b/cookbooks/consul-template/setup.rb
@ -0,0 +1,39 @@
 # Create `/var/log/vector`:
 %w( /etc/consul-template.d/conf /etc/consul-template.d/templates ).each do |d|
  directory d do
    owner  'root'
    group  'root'
    mode   '0755'
  end
 end
 %w( /etc/systemd/system/consul-template.service /etc/default/consul-template).each do |conf|
  remote_file conf do
    owner 'root'
    group 'root'
    mode  '0644'
    notifies :run, 'execute[systemctl daemon-reload]', :immediately
  end
 end
 execute 'systemctl daemon-reload' do
  action :nothing
 end
 service 'consul-template' do
  action [:enable, :restart]
 end
 remote_file '/etc/rsyslog.d/30-consul-template.conf' do
  owner 'root'
  group 'root'
  mode  '0644'
  notifies :restart, 'service[rsyslog]', :immediately
 end
 service 'rsyslog' do
  action [ :nothing ]
 end
--- a/cookbooks/consul/install.rb
+++ b/cookbooks/consul/install.rb
@ -10,7 +10,7 @@ end
 DIST = run_command('lsb_release -cs').stdout.chomp
 # Deploy the `apt` sources:
-template '/etc/apt/sources.list.d/consul.list' do
+template '/etc/apt/sources.list.d/hashicorp.list' do
  action :create
  variables(distribution: DIST)
 end
--- a/cookbooks/consul/templates/etc/apt/sources.list.d/hashicorp.list
+++ b/cookbooks/consul/templates/etc/apt/sources.list.d/hashicorp.list
--- a/cookbooks/docker/files/etc/docker/daemon.json
+++ b/cookbooks/docker/files/etc/docker/daemon.json
@ -0,0 +1,3 @@
 {
  "insecure-registries" : ["reg.kazu634.com"]
 }
--- a/cookbooks/docker/install.rb
+++ b/cookbooks/docker/install.rb
@ -19,4 +19,10 @@ execute 'apt-get update' do
  not_if 'which docker'
 end
-package 'docker-ce'
+%w(docker-ce docker-ce-cli containerd.io).each do |p|
  package p
 end
 service 'docker' do
  action :nothing
 end
--- a/cookbooks/docker/setup.rb
+++ b/cookbooks/docker/setup.rb
@ -1,7 +1,16 @@
 # Ignore the certificate
 remote_file '/etc/docker/daemon.json' do
  owner 'root'
  group 'root'
  mode  '0600'
  notifies :restart, 'service[docker]'
 end
 # install `cifs-utils`
 package 'cifs-utils'
-%w( /mnt/backup /var/spool/apt-mirror ).each do |d|
+%w( /mnt/shared /var/spool/apt-mirror ).each do |d|
  directory d do
    owner 'root'
    group 'root'
@ -13,23 +22,13 @@ file '/etc/fstab' do
  action :edit
  block do |content|
-    content << "//192.168.10.200/Shared/AppData /mnt/backup cifs username=admin,password=Holiday88,uid=root,gid=root,file_mode=0777,dir_mode=0777,vers=3.0,_netdev 0 0\n"
+    content << "//192.168.10.200/Shared/AppData /mnt/shared cifs username=admin,password=Holiday88,uid=root,gid=root,file_mode=0777,dir_mode=0777,vers=3.0,_netdev 0 0\n"
  end
-  not_if 'grep backup /etc/fstab'
+  not_if 'grep shared /etc/fstab'
 end
-file '/etc/fstab' do
+execute 'mount -a || true'
  action :edit
  block do |content|
    content << "//192.168.10.200/Shared/PXEBoot/www/ubuntu/apt-mirror /var/spool/apt-mirror cifs username=admin,password=Holiday88,uid=root,gid=root,file_mode=0777,dir_mode=0777,vers=3.0,_netdev 0 0\n"
  end
  not_if 'grep apt-mirror /etc/fstab'
 end
 execute 'mount -a'
 # Deploy the cron.d file:
 remote_file '/etc/cron.d/docker-housekeep' do
--- a/cookbooks/nginx/default.rb
+++ b/cookbooks/nginx/default.rb
@ -4,6 +4,34 @@ include_recipe './attributes.rb'
 # Kernel Parameters:
 include_recipe './kernel.rb'
 # Create the necessary directories:
 %w( body fastcgi proxy scgi uwsgi ).each do |d|
  directory "/var/lib/nginx/#{d}" do
    owner 'www-data'
    group 'root'
    mode '755'
  end
 end
 %w( /etc/nginx/sites-enabled /etc/nginx/stream-enabled ).each do |d|
  directory d do
    owner 'root'
    group 'root'
    mode  '0755'
  end
 end
 # Deploy the nginx configuration files:
 %w(nginx.conf basic-auth).each do |f|
  remote_file "/etc/nginx/#{f}" do
    owner 'root'
    group 'root'
    mode '644'
    notifies :reload, 'service[nginx]'
  end
 end
 # Prerequisites for Building nginx:
 include_recipe './webadm.rb'
--- a/cookbooks/nginx/setup.rb
+++ b/cookbooks/nginx/setup.rb
@ -1,37 +1,3 @@
 # Create the necessary directories:
 %w( body fastcgi proxy scgi uwsgi ).each do |d|
  directory "/var/lib/nginx/#{d}" do
    owner 'www-data'
    group 'root'
    mode '755'
  end
 end
 link '/etc/nginx/sites-enabled' do
  to '/home/webadm/repo/nginx-config/sites-available'
  user 'root'
  notifies :reload, 'service[nginx]'
 end
 link '/etc/nginx/stream-enabled' do
  to '/home/webadm/repo/nginx-config/stream-available'
  user 'root'
  notifies :reload, 'service[nginx]'
 end
 # Deploy the nginx configuration files:
 %w(nginx.conf basic-auth).each do |f|
  remote_file "/etc/nginx/#{f}" do
    owner 'root'
    group 'root'
    mode '644'
    notifies :reload, 'service[nginx]'
  end
 end
 # Log rotation setting:
 remote_file '/etc/logrotate.d/nginx' do
  owner 'root'
--- a/cookbooks/nginx/webadm.rb
+++ b/cookbooks/nginx/webadm.rb
@ -46,7 +46,17 @@ end
 git '/home/webadm/repo/nginx-config' do
  user 'webadm'
  repository 'https://gitea.kazu634.com/kazu634/nginx-config.git'
  not_if 'test -e /home/webadm/repo/nginx-config'
 end
 execute '/home/webadm/repo/nginx-config/deploy.sh' do
  user 'root'
  cwd '/home/webadm/repo/nginx-config/'
 end
 service 'consul-template' do
  action :restart
 end
 service 'nginx' do
  action :restart
 end
--- a/cookbooks/nomad/attributes.rb
+++ b/cookbooks/nomad/attributes.rb
@ -0,0 +1,9 @@
 # -------------------------------------------
 # Specifying the default settings:
 # -------------------------------------------
 node.reverse_merge!({
  'nomad' => {
    'manager' => false,
    'client' => true
  }
 })
--- a/cookbooks/nomad/default.rb
+++ b/cookbooks/nomad/default.rb
@ -0,0 +1,7 @@
 include_recipe './attributes.rb'
 include_recipe './install.rb'
 include_recipe './setup.rb'
 include_recipe './shared_dir.rb'
--- a/cookbooks/nomad/files/etc/nomad.d/client.hcl
+++ b/cookbooks/nomad/files/etc/nomad.d/client.hcl
@ -0,0 +1,13 @@
 # /etc/nomad.d/server.hcl
 client {
  enabled          = true
 }
 plugin "docker" {
  config {
    volumes {
      enabled = true
    }
  }
 }
--- a/cookbooks/nomad/files/etc/nomad.d/datadir.hcl
+++ b/cookbooks/nomad/files/etc/nomad.d/datadir.hcl
@ -0,0 +1,4 @@
 # /etc/nomad.d/server.hcl
 # data_dir tends to be environment specific.
 data_dir = "/opt/nomad/data/"
--- a/cookbooks/nomad/files/etc/nomad.d/docker-registry.hcl
+++ b/cookbooks/nomad/files/etc/nomad.d/docker-registry.hcl
@ -0,0 +1,6 @@
 client {
  host_volume "docker-registry" {
    path      = "/mnt/shared/Docker-registry"
    read_only = false
  }
 }
--- a/cookbooks/nomad/files/etc/nomad.d/server.hcl
+++ b/cookbooks/nomad/files/etc/nomad.d/server.hcl
@ -0,0 +1,4 @@
 server {
  enabled          = true
  bootstrap_expect = 3
 }
--- a/cookbooks/nomad/files/etc/sysctl.d/90-nomad.conf
+++ b/cookbooks/nomad/files/etc/sysctl.d/90-nomad.conf
@ -0,0 +1,3 @@
 net.bridge.bridge-nf-call-arptables = 1
 net.bridge.bridge-nf-call-ip6tables = 1
 net.bridge.bridge-nf-call-iptables = 1
--- a/cookbooks/nomad/install.rb
+++ b/cookbooks/nomad/install.rb
@ -0,0 +1,20 @@
 # Install `Consul`:
 KEYSRV = "https://apt.releases.hashicorp.com/gpg"
 ID = "A3219F7B"
 execute "apt-key adv --keyserver #{KEYSRV} --recv-keys #{ID}" do
  not_if 'apt-key list | grep HashiCorp'
 end
 # Retrieve the Ubuntu code:
 DIST = run_command('lsb_release -cs').stdout.chomp
 # Deploy the `apt` sources:
 template '/etc/apt/sources.list.d/hashicorp.list' do
  action :create
  variables(distribution: DIST)
 end
 execute 'apt update'
 package 'nomad'
--- a/cookbooks/nomad/setup.rb
+++ b/cookbooks/nomad/setup.rb
@ -0,0 +1,65 @@
 # Kernel parameters:
 remote_file '/etc/sysctl.d/90-nomad.conf' do
  owner 'root'
  group 'root'
  mode '0644'
 end
 # nomad configuration files:
 file '/etc/nomad.d/nomad.hcl' do
  action :delete
 end
 remote_file '/etc/nomad.d/datadir.hcl' do
  owner 'nomad'
  group 'nomad'
  mode '664'
  notifies :restart, 'service[nomad]'
 end
 if node['nomad']['manager']
  remote_file '/etc/nomad.d/server.hcl' do
    owner 'nomad'
    group 'nomad'
    mode '664'
    notifies :restart, 'service[nomad]'
  end
 end
 if node['nomad']['client']
  %w( /etc/nomad.d/client.hcl /etc/nomad.d/docker-registry.hcl ).each do |conf|
    remote_file conf do
      owner 'nomad'
      group 'nomad'
      mode '664'
      notifies :restart, 'service[nomad]'
    end
  end
 end
 # Create directory:
 directory '/opt/nomad/data/' do
  owner 'nomad'
  group 'nomad'
  mode '0755'
 end
 # iptables settings here:
 %w( 80/tcp 4646/tcp 4647/tcp 4648/tcp 8081/tcp 20000:32000/tcp ).each do |port|
  execute "ufw allow #{port}" do
    user 'root'
    not_if "LANG=c ufw status | grep #{port}"
    notifies :run, 'execute[ufw reload-or-enable]'
  end
 end
 # Enable and start nomad:
 service 'nomad' do
  action [:enable, :start]
 end
--- a/cookbooks/nomad/shared_dir.rb
+++ b/cookbooks/nomad/shared_dir.rb
@ -0,0 +1,19 @@
 %w( /mnt/shared ).each do |d|
  directory d do
    owner 'root'
    group 'root'
  end
 end
 # Add the fstab entry:
 file '/etc/fstab' do
  action :edit
  block do |content|
    content << "//192.168.10.200/Shared/AppData /mnt/shared cifs username=admin,password=Holiday88,uid=root,gid=root,file_mode=0777,dir_mode=0777,vers=3.0,_netdev 0 0\n"
  end
  not_if 'grep shared /etc/fstab'
 end
 execute 'mount -a || true'
--- a/cookbooks/nomad/templates/etc/apt/sources.list.d/hashicorp.list
+++ b/cookbooks/nomad/templates/etc/apt/sources.list.d/hashicorp.list
@ -0,0 +1 @@
 deb [arch=amd64] https://apt.releases.hashicorp.com <%= @distribution %> main
--- a/roles/base.rb
+++ b/roles/base.rb
@ -2,6 +2,7 @@ include_recipe '../cookbooks/base/default.rb'
 include_recipe '../cookbooks/kazu634/default.rb'
 include_recipe '../cookbooks/supervisor/default.rb'
 include_recipe '../cookbooks/consul/default.rb'
 include_recipe '../cookbooks/consul-template/default.rb'
 include_recipe '../cookbooks/fzf/default.rb'
 include_recipe '../cookbooks/promtail/default.rb'
 include_recipe '../cookbooks/vector/default.rb'
		`@ -0,0 +1 @@`
							`OPTIONS="-syslog -syslog-name=consul-template"`
		`@ -0,0 +1 @@`
							`deb [arch=amd64] https://apt.releases.hashicorp.com <%= @distribution %> main`