feat: add nomad profile/role (#200)

- add basic consul manage nomad servers

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/200
This commit was merged in pull request #200.
This commit is contained in:
2024-12-22 22:35:31 +11:00
parent c97db0f0aa
commit 6ebf5c03a5
5 changed files with 220 additions and 0 deletions
@@ -0,0 +1,39 @@
# data_dir tends to be environment specific.
data_dir = "<%= @data_dir %>"
bind_addr = "0.0.0.0"
datacenter = "<%= scope['facts']['country'] %>-<%= scope['facts']['region'] %>"
<% if @server -%>
# Manage Servers
advertise {
http = "<%= @facts['networking']['ip'] %>"
rpc = "<%= @facts['networking']['ip'] %>"
serf = "<%= @facts['networking']['ip'] %>"
}
server {
enabled = true
bootstrap_expect = <%= @bootstrap_expect %>
}
<% end -%>
<% if @client -%>
# Manage clients/agents
client {
enabled = true
}
<% end -%>
# Require TLS
tls {
http = true
rpc = true
ca_file = "/etc/pki/ca-trust/source/anchors/vaultcaroot.pem"
cert_file = "/etc/pki/tls/vault/certificate.crt"
key_file = "/etc/pki/tls/vault/private.key"
verify_server_hostname = true
verify_https_client = false
}
@@ -0,0 +1,67 @@
[Unit]
Description=Nomad
Documentation=https://nomadproject.io/docs/
Wants=network-online.target
After=network-online.target
# When using Nomad with Consul it is not necessary to start Consul first. These
# lines start Consul before Nomad as an optimization to avoid Nomad logging
# that Consul is unavailable at startup.
Wants=consul.service
After=consul.service
## Configure unit start rate limiting. Units which are started more than
## *burst* times within an *interval* time span are not permitted to start any
## more. Use `StartLimitIntervalSec` or `StartLimitInterval` (depending on
## systemd version) to configure the checking interval and `StartLimitBurst`
## to configure how many starts per interval are allowed. The values in the
## commented lines are defaults.
# StartLimitBurst = 5
## StartLimitIntervalSec is used for systemd versions >= 230
# StartLimitIntervalSec = 10s
## StartLimitInterval is used for systemd versions < 230
# StartLimitInterval = 10s
[Service]
# Nomad clients need to be run as "root" whereas Nomad servers should be run as
# the "nomad" user. Please change this if needed.
<% if @server -%>
User=<%= @user %>
Group=<%= @group %>
<% else -%>
User=root
Group=root
<% end -%>
Type=notify
EnvironmentFile=-/etc/nomad.d/nomad.env
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/bin/nomad agent -config /etc/nomad.d/config.hcl
KillMode=process
KillSignal=SIGINT
LimitNOFILE=65536
LimitNPROC=infinity
Restart=on-failure
RestartSec=2
TasksMax=infinity
# Nomad Server agents should never be force killed,
# so here we disable OOM (out of memory) killing for this unit.
# However, you may wish to change this for Client agents, since
# the workloads that Nomad places may be more important
# than the Nomad agent itself.
OOMScoreAdjust=-1000
# To facilitate debugging when a service fails to stop cleanly,
# TimeoutStopFailureMode=abort is set to "crash" services that fail to stop in
# the time allotted. This will cause the service to be terminated with SIGABRT
# and a coredump to be generated.
TimeoutStopFailureMode=abort
[Install]
WantedBy=multi-user.target