feat: add nomad profile/role
- add basic consul manage nomad servers
This commit is contained in:
@@ -0,0 +1,39 @@
|
||||
# data_dir tends to be environment specific.
|
||||
data_dir = "<%= @data_dir %>"
|
||||
bind_addr = "0.0.0.0"
|
||||
datacenter = "<%= scope['facts']['country'] %>-<%= scope['facts']['region'] %>"
|
||||
|
||||
<% if @server -%>
|
||||
# Manage Servers
|
||||
advertise {
|
||||
http = "<%= @facts['networking']['ip'] %>"
|
||||
rpc = "<%= @facts['networking']['ip'] %>"
|
||||
serf = "<%= @facts['networking']['ip'] %>"
|
||||
}
|
||||
|
||||
server {
|
||||
enabled = true
|
||||
bootstrap_expect = <%= @bootstrap_expect %>
|
||||
}
|
||||
<% end -%>
|
||||
|
||||
<% if @client -%>
|
||||
# Manage clients/agents
|
||||
client {
|
||||
enabled = true
|
||||
}
|
||||
<% end -%>
|
||||
|
||||
# Require TLS
|
||||
tls {
|
||||
http = true
|
||||
rpc = true
|
||||
|
||||
ca_file = "/etc/pki/ca-trust/source/anchors/vaultcaroot.pem"
|
||||
cert_file = "/etc/pki/tls/vault/certificate.crt"
|
||||
key_file = "/etc/pki/tls/vault/private.key"
|
||||
|
||||
verify_server_hostname = true
|
||||
verify_https_client = false
|
||||
}
|
||||
|
||||
@@ -0,0 +1,67 @@
|
||||
[Unit]
|
||||
Description=Nomad
|
||||
Documentation=https://nomadproject.io/docs/
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
|
||||
# When using Nomad with Consul it is not necessary to start Consul first. These
|
||||
# lines start Consul before Nomad as an optimization to avoid Nomad logging
|
||||
# that Consul is unavailable at startup.
|
||||
Wants=consul.service
|
||||
After=consul.service
|
||||
|
||||
## Configure unit start rate limiting. Units which are started more than
|
||||
## *burst* times within an *interval* time span are not permitted to start any
|
||||
## more. Use `StartLimitIntervalSec` or `StartLimitInterval` (depending on
|
||||
## systemd version) to configure the checking interval and `StartLimitBurst`
|
||||
## to configure how many starts per interval are allowed. The values in the
|
||||
## commented lines are defaults.
|
||||
|
||||
# StartLimitBurst = 5
|
||||
|
||||
## StartLimitIntervalSec is used for systemd versions >= 230
|
||||
# StartLimitIntervalSec = 10s
|
||||
|
||||
## StartLimitInterval is used for systemd versions < 230
|
||||
# StartLimitInterval = 10s
|
||||
|
||||
[Service]
|
||||
|
||||
# Nomad clients need to be run as "root" whereas Nomad servers should be run as
|
||||
# the "nomad" user. Please change this if needed.
|
||||
<% if @server -%>
|
||||
User=<%= @user %>
|
||||
Group=<%= @group %>
|
||||
<% else -%>
|
||||
User=root
|
||||
Group=root
|
||||
<% end -%>
|
||||
|
||||
Type=notify
|
||||
EnvironmentFile=-/etc/nomad.d/nomad.env
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
ExecStart=/usr/bin/nomad agent -config /etc/nomad.d/config.hcl
|
||||
KillMode=process
|
||||
KillSignal=SIGINT
|
||||
LimitNOFILE=65536
|
||||
LimitNPROC=infinity
|
||||
Restart=on-failure
|
||||
RestartSec=2
|
||||
|
||||
TasksMax=infinity
|
||||
|
||||
# Nomad Server agents should never be force killed,
|
||||
# so here we disable OOM (out of memory) killing for this unit.
|
||||
# However, you may wish to change this for Client agents, since
|
||||
# the workloads that Nomad places may be more important
|
||||
# than the Nomad agent itself.
|
||||
OOMScoreAdjust=-1000
|
||||
|
||||
# To facilitate debugging when a service fails to stop cleanly,
|
||||
# TimeoutStopFailureMode=abort is set to "crash" services that fail to stop in
|
||||
# the time allotted. This will cause the service to be terminated with SIGABRT
|
||||
# and a coredump to be generated.
|
||||
TimeoutStopFailureMode=abort
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user