Merge pull request 'Add CSI support for `nomad`.' (#95) from nomad-csi-support into master

Reviewed-on: #95
2022-01-14 23:54:37 +09:00 · 2022-01-14 23:54:37 +09:00 · e340adfdcd
parent d898ea65b4 2bec4d88f3
commit e340adfdcd
26 changed files with 114 additions and 25 deletions
--- a/cookbooks/nomad/attributes.rb
+++ b/cookbooks/nomad/attributes.rb
@ -5,6 +5,7 @@ node.reverse_merge!({
  'nomad' => {
    'manager' => false,
    'client' => false,
-    'lokiendpoint' => 'loki.service.consul:3100'
+    'lokiendpoint' => 'loki.service.consul:3100',
+    'synology' => '192.168.10.200'
  }
 })
--- a/cookbooks/nomad/csi.rb
+++ b/cookbooks/nomad/csi.rb
@ -0,0 +1,61 @@
+SYNOLOGY = node['nomad']['synology']
+
+# 前提パッケージのインストール・セットアップ
+%w( open-iscsi lsscsi sg3-utils multipath-tools scsitools ).each do |p|
+  package p
+end
+
+execute "iscsiadm -m discoverydb -t st -p #{SYNOLOGY} --discover" do
+  user 'root'
+end
+
+remote_file "/etc/multipath.conf" do
+  user 'root'
+  group 'root'
+  mode '0644'
+
+  notifies :restart, 'service[multipath-tools]'
+end
+
+%w( multipath-tools open-iscsi).each do |s|
+  service s do
+    action [:enable, :restart]
+  end
+end
+
+# CNIプラグインのデプロイ・セットアップ
+directory '/opt/cni/bin' do
+  owner 'root'
+  group 'root'
+
+  mode '0755'
+end
+
+%w( bandwidth bridge dhcp firewall host-device host-local ipvlan loopback macvlan portmap ptp sbr static tuning vlan vrf ).each do |f|
+  remote_file "/opt/cni/bin/#{f}" do
+    owner 'root'
+    group 'root'
+
+    mode '0775'
+  end
+end
+
+directory '/etc/cni' do
+  owner 'root'
+  group 'root'
+  mode '0755'
+end
+
+remote_file '/etc/cni/nomad.conflist' do
+  owner 'root'
+  group 'root'
+  mode '0644'
+end
+
+remote_file '/etc/nomad.d/csi.hcl' do
+  owner 'nomad'
+  group 'nomad'
+  mode '0664'
+
+  notifies :restart, 'service[nomad]'
+end
--- a/cookbooks/nomad/default.rb
+++ b/cookbooks/nomad/default.rb
@ -4,6 +4,7 @@ include_recipe './install.rb'

 if node['nomad']['manager'] || node['nomad']['client']
  include_recipe './setup.rb'
+  include_recipe './csi.rb'

  include_recipe './shared_dir.rb'
 end
--- a/cookbooks/nomad/files/etc/cni/nomad.conflist
+++ b/cookbooks/nomad/files/etc/cni/nomad.conflist
@ -0,0 +1,23 @@
+{
+  "cniVersion": "0.3.1",
+  "name": "nomad",
+  "plugins": [
+    {
+      "type": "ptp",
+      "ipMasq": true,
+      "ipam": {
+        "type": "host-local",
+        "subnet": "172.16.30.0/24",
+        "routes": [
+          {
+            "dst": "0.0.0.0/0"
+          }
+        ]
+      }
+    },
+    {
+      "type": "portmap",
+      "capabilities": { "portMappings": true }
+    }
+  ]
+}
--- a/cookbooks/nomad/files/etc/multipath.conf
+++ b/cookbooks/nomad/files/etc/multipath.conf
@ -0,0 +1,8 @@
+defaults {
+    user_friendly_names yes
+    find_multipaths yes
+}
+
+blacklist {
+    devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st|sda)[0-9]*"
+}
--- a/cookbooks/nomad/files/etc/nomad.d/client.hcl
+++ b/cookbooks/nomad/files/etc/nomad.d/client.hcl
@ -1,13 +1,3 @@
-# /etc/nomad.d/server.hcl
-
 client {
-  enabled          = true
-}
-
-plugin "docker" {
-  config {
-    volumes {
-      enabled = true
-    }
-  }
+  enabled        = true
 }
--- a/cookbooks/nomad/files/etc/nomad.d/csi.hcl
+++ b/cookbooks/nomad/files/etc/nomad.d/csi.hcl
@ -0,0 +1,14 @@
+client {
+  cni_path       = "/opt/cni/bin"
+  cni_config_dir = "/etc/cni/"
+}
+
+plugin "docker" {
+  config {
+    volumes {
+      enabled = true
+    }
+
+    allow_privileged = true
+  }
+}
--- a/cookbooks/nomad/files/etc/nomad.d/datadir.hcl
+++ b/cookbooks/nomad/files/etc/nomad.d/datadir.hcl
@ -1,4 +0,0 @@
-# /etc/nomad.d/server.hcl
-
-# data_dir tends to be environment specific.
-data_dir = "/opt/nomad/data/"
--- a/cookbooks/nomad/files/etc/nomad.d/server.hcl
+++ b/cookbooks/nomad/files/etc/nomad.d/server.hcl
@ -2,3 +2,6 @@ server {
  enabled          = true
  bootstrap_expect = 3
 }
+
+# data_dir tends to be environment specific.
+data_dir = "/opt/nomad/data/"
--- a/cookbooks/nomad/files/opt/cni/bin/bandwidth
+++ b/cookbooks/nomad/files/opt/cni/bin/bandwidth
--- a/cookbooks/nomad/files/opt/cni/bin/bridge
+++ b/cookbooks/nomad/files/opt/cni/bin/bridge
--- a/cookbooks/nomad/files/opt/cni/bin/dhcp
+++ b/cookbooks/nomad/files/opt/cni/bin/dhcp
--- a/cookbooks/nomad/files/opt/cni/bin/firewall
+++ b/cookbooks/nomad/files/opt/cni/bin/firewall
--- a/cookbooks/nomad/files/opt/cni/bin/host-device
+++ b/cookbooks/nomad/files/opt/cni/bin/host-device
--- a/cookbooks/nomad/files/opt/cni/bin/host-local
+++ b/cookbooks/nomad/files/opt/cni/bin/host-local
--- a/cookbooks/nomad/files/opt/cni/bin/ipvlan
+++ b/cookbooks/nomad/files/opt/cni/bin/ipvlan
--- a/cookbooks/nomad/files/opt/cni/bin/loopback
+++ b/cookbooks/nomad/files/opt/cni/bin/loopback
--- a/cookbooks/nomad/files/opt/cni/bin/macvlan
+++ b/cookbooks/nomad/files/opt/cni/bin/macvlan
--- a/cookbooks/nomad/files/opt/cni/bin/portmap
+++ b/cookbooks/nomad/files/opt/cni/bin/portmap
--- a/cookbooks/nomad/files/opt/cni/bin/ptp
+++ b/cookbooks/nomad/files/opt/cni/bin/ptp
--- a/cookbooks/nomad/files/opt/cni/bin/sbr
+++ b/cookbooks/nomad/files/opt/cni/bin/sbr
--- a/cookbooks/nomad/files/opt/cni/bin/static
+++ b/cookbooks/nomad/files/opt/cni/bin/static
--- a/cookbooks/nomad/files/opt/cni/bin/tuning
+++ b/cookbooks/nomad/files/opt/cni/bin/tuning
--- a/cookbooks/nomad/files/opt/cni/bin/vlan
+++ b/cookbooks/nomad/files/opt/cni/bin/vlan
--- a/cookbooks/nomad/files/opt/cni/bin/vrf
+++ b/cookbooks/nomad/files/opt/cni/bin/vrf
--- a/cookbooks/nomad/setup.rb
+++ b/cookbooks/nomad/setup.rb
@ -12,14 +12,6 @@ file '/etc/nomad.d/nomad.hcl' do
  action :delete
 end

-remote_file '/etc/nomad.d/datadir.hcl' do
-  owner 'nomad'
-  group 'nomad'
-  mode '664'
-
-  notifies :restart, 'service[nomad]'
-end
-
 if node['nomad']['manager']
  %w( server.hcl acl.hcl ).each do |conf|
    remote_file "/etc/nomad.d/#{conf}" do
@ -33,7 +25,7 @@ if node['nomad']['manager']
 end

 if node['nomad']['client']
-  %w( /etc/nomad.d/client.hcl /etc/nomad.d/docker-registry.hcl ).each do |conf|
+  %w( /etc/nomad.d/client.hcl  ).each do |conf|
    remote_file conf do
      owner 'nomad'
      group 'nomad'