This Ansible role performs basic Nomad installation, including filesystem structure, and example configuration.
It will also bootstrap a minimal cluster of 3 server nodes, and can do this in a development environment based on Vagrant and VirtualBox. See README_VAGRANT.md for more details about the Vagrant setup.
This role requires a Debian, RHEL, or Ubuntu distribution; the role is tested with the following specific software versions:
- Ansible: 2.6.4
- nomad: 0.8.7
- CentOS: 7
- Debian: 8
- RHEL: 7
- Ubuntu: 16.04
The role defines most of its variables in defaults/main.yml
:
- Nomad debug mode
- Default value: no
- Nomad version to install
- Default value: 0.8.7
- This variable does not need to be changed in most cases
- Default value: Dictionary translating ansible_architecture to HashiCorp architecture naming convention
- Host architecture
- Default value: determined by
{{ nomad_architecture_map[ansible_architecture] }}
- Nomad package filename
- Default value:
nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip
- Nomad download URL
- Default value:
https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip
- Nomad checksum file URL
- Default value:
https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version}}_SHA256SUMS
- Nomad binary installation path
- Default value:
/usr/local/bin
- Nomad configuration file path
- Default value:
/etc/nomad.d
- Nomad data path
- Default value:
/var/nomad
- Nomad lockfile path
- Default value:
/var/lock/subsys/nomad
- Nomad log path
- Default value:
/var/log/nomad
- Nomad run path
- Default value:
/var/run/nomad
- Manage Nomad user?
- Default value: yes
- Nomad OS username
- Default value: root
- Manage Nomad group?
- Default value: no
- Nomad OS group
- Default value: bin
- Default region
- Default value: global
- Nomad datacenter label
- Default value: dc1
- Logging level
- Default value: INFO
- Log to syslog
- Default value: true
- Nomad network interface
- Default value:
{{ ansible_default_ipv4.interface }}
- Nomad node name
- Default value:
{{ inventory_hostname_short }}
- Nomad node role
- options: client, server, both
- Default value: client
- Send leave on termination
- Default value: yes
- Send leave on interrupt
- Default value: no
- Disable update check
- Default value: no
- Max retry join attempts
- Default value: 0
- Enable retry join?
- Default value: no
- Retry join interval
- Default value: 30s
- Rejoin after leave?
- Default value: no
- List of enabled schedulers
- Default value: service, batch, system
- Number of schedulers
- Default value:
{{ ansible_processor_vcpus }}
- Node garbage collection threshold
- Default value: 24h
- Job garbage collection threshold
- Default value: 4h
- Eval garbage collection threshold
- Default value: 1h
- Encryption secret for gossip communication
- Default value: ""
- Nomad node class
- Default value: ""
- Force the UUID generated by the client to be randomly generated
- Default value: no
- Max kill timeout
- Default value: 30s
- Nomad scheduler will choose from the IPs of this interface for allocating tasks
- Default value: none
- Overide network link speed (0 = no overide)
- Default value: 0
- Overide cpu compute (0 = no overide)
- Default value: 0
- Client garbage collection interval
- Default value: 1m
- Disk usage threshold percentage for garbage collection
- Default value: 80
- Inode usage threshold percentage for garbage collection
- Default value: 70
- Garbage collection max parallel destroys
- Default value: 2
- Reserved client resources
- Default value:
cpu: {{ nomad_reserved_cpu }}, memory: {{ nomad_reserved_memory }}, disk: {{ nomad_reserved_disk }}, ports: {{ nomad_reserved_ports }}
- Reserved client CPU
- Default value: 0
- Reserved client memory
- Default value: 0
- Reserved client disk
- Default value: 0
- Reserved client ports
- Default value: 22
- Driver options
- Key value dict
- Default value: {}
- Meta data
- Key value dict
- Default value: {}
- Bind interface address
- Default value:
{{ hostvars[inventory_hostname]['ansible_'+ nomad_iface ]['ipv4']['address'] }}
- Network interface address to advertise to other nodes
- Default value:
{{ hostvars[inventory_hostname]['ansible_'+ nomad_iface ]['ipv4']['address'] }}
- Ports used by Nomad
- Default value:
http: {{ nomad_ports_http }}, rpc: {{ nomad_ports_rpc }}, serf: {{ nomad_ports_serf }}
- Http port
- Default value: 4646
- RPC port
- Default value: 4647
- Serf port
- Default value: 4648
- Install Docker subsystem on nodes?
- Default value: false
- Ansible group that contains all cluster nodes
- Default value: nomad_instances
It's typically not necessary to manually alter this list.
- List of server nodes
- Default value: List of all nodes in
nomad_group_name
withnomad_node_role
set to server or both
This feature makes it possible to gather the nomad_bind_address
and
nomad_advertise_address
from servers that are currently not targeted by the
playbook.
To make this possible the delegate_facts
option is used. This option is broken
in many Ansible versions, so this feature might not always work.
- Gather facts from servers that are not currently targeted
- Default value: 'no'
- Bootstrap nomad via native consul zero-configuration support assumes consul default ports etc.
- Default value: False
- The address of your consul API, use it in combination with nomad_use_consul=True
- Default value: localhost:8500
- The name of the consul service for your nomad servers
- Default value: nomad-servers
- The name of the consul service for your nomad clients
- Default value: nomad-clients
- Specifies the number of server nodes to wait for before bootstrapping.
- Default value: `{{ nomad_servers | count or 3 }}}
- Enable ACLs
- Default value: no
- TTL for tokens
- Default value: "30s"
- TTL for policies
- Default value: "30s"
- Token to use for acl replication on non authoritive servers
- Default value: ""
- Enable vault
- Default value: no
- Vault address to use
- Default value:
{{ vault_address | default('0.0.0.0') }}
- Allow users to use vault without providing their own token
- Default value: yes
- Role to create tokens from
- Default value: ""
- Path of CA cert to use with vault
- Default value: ""
- Path of a folder containing CA cert(s) to use with vault
- Default value: ""
- Path to a certificate to use with vault
- Default value: ""
- Path to a private key file to use with vault
- Default value: ""
- Optional string used to set SNI host when connecting to vault
- Default value: ""
- Specifies if SSL peer validation should be enforced
- Default value: no
- Vault token used by nomad
- Default value: ""
- Enable docker
- Default value: no
- Run dmsetup on ubuntu (only if docker is enabled)
- Default value: yes
- Use a ca for tls connection, nomad_cert_file and nomad_key_file are needed
- Default value: ""
- Use a certificate for tls connection, nomad_ca_file and nomad_key_file are needed
- Default value: ""
- Use a key for tls connection, nomad_cert_file and nomad_key_file are needed
- Default value: ""
As Nomad loads the configuration from files and directories in lexical order,
typically merging on top of previously parsed configuration files, you may set
custom configurations via nomad_config_custom
, which will be expanded into a file named custom.json
within your nomad_config_dir
which will
be loaded after all other configuration by default.
An example usage for enabling vault
:
vars:
nomad_config_custom:
vault:
enabled : true
ca_path : "/etc/certs/ca"
cert_file : "/var/certs/vault.crt"
key_file : "/var/certs/vault.key"
address : "https://vault.service.consul:8200"
create_from_role : "nomad-cluster"
Ansible requires GNU tar and this role performs some local use of the
unarchive module, so ensure that your system has gtar
/unzip
installed.
Jinja2 templates use ipaddr filter that need netaddr
python library.
Basic nomad installation is possible using the included site.yml
playbook:
ansible-playbook -i <hosts> site.yml
You can also simply pass variables in using the --extra-vars
option to the
ansible-playbook
command:
ansible-playbook -i hosts site.yml --extra-vars "nomad_datacenter=maui"
See examples/README_VAGRANT.md
for details on quick Vagrant deployments
under VirtualBox for testing, etc.
BSD
Special thanks to the folks listed in CONTRIBUTORS.md for their contributions to this project.
Contributions are welcome, provided that you can agree to the terms outlined in CONTRIBUTING.md