feat: add nomad agent role

- add nomad agent role
- mount cephfs volume nomadfs to /shared/nomad
- manage docker volume path to be /shared/nomad
This commit is contained in:
2024-12-25 23:36:29 +11:00
parent 48e1fb8e30
commit 94a1b8fa93
8 changed files with 111 additions and 5 deletions
+2
View File
@@ -0,0 +1,2 @@
---
ceph::key::media: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAEzl2zX8ok6iURymPLbvkFE/dZhunzwisNCsLE5Tx6Pmil0PNx7iFULHXxWU6HMVOxzJmgcnTY+NsRnoTMSpXHGeC3wmD525T4xO4wvG/l9apzmPs1NTI4hcyYCj4NkAKyo249xXEodU4uM2AZp3ZgLBLf2cZpOe0/SPngWSq0kC4pJMnxWH+YsQ/O/1EMxpjSgMMna4YcMtcW2M0+wRhASNSTV7icsiAp6F/cInZuP44ASviHmM6+aMEhygBariOT80kaHZZI+aP6vqSd9lChXCV5qjRzeoEBIKOzT2ZBj41RTsF75J8UYFPwY7dp584tDpiIedUSR9IRCJe4d0uTjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCau9oXJiYiCGgvxZl62EsagDDgX2cU3+3QCkImEGS1oBahkPl3fYHKynbRi0ZQW1CoW0UFRzY8FmWmGkowns9OsIM=]
+55
View File
@@ -0,0 +1,55 @@
---
hiera_include:
- docker
- docker::networks
- profiles::nomad::node
docker::version: latest
docker::curl_ensure: false
docker::root_dir: /data/docker
docker::bip: '198.18.101.254/24'
docker::ip_forward: true
docker::ip_masq: false
docker::iptables: true
profiles::yum::global::repos:
ceph-reef:
name: ceph-reef
descr: ceph reef repository
target: /etc/yum.repos.d/ceph-reef.repo
baseurl: https://edgecache.query.consul/ceph/yum/el%{facts.os.release.major}/%{facts.os.architecture}
gpgcheck: 0,
mirrorlist: absent
profiles::ceph::client::keyrings:
nomad:
key: "%{hiera('ceph::key::media')}"
profiles::packages::include:
nomad: {}
profiles::nomad::node::client: true
# additional altnames
profiles::pki::vault::alt_names:
- client.global.nomad
- client.au-syd1.nomad
- nomad-client.service.consul
- nomad-client.query.consul
- "nomad-client.service.%{facts.country}-%{facts.region}.consul"
# configure consul service
profiles::consul::client::node_rules:
- resource: service
segment: nomad-client
disposition: write
- resource: agent_prefix
segment: ''
disposition: read
- resource: node_prefix
segment: ''
disposition: write
- resource: service_prefix
segment: ''
disposition: write