aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ansible/lxvm8
-rw-r--r--ansible/roles/nomad/tasks/main.yml19
-rw-r--r--ansible/roles/nomad/templates/nomad.hcl.j212
-rw-r--r--nomad/garage.hcl2
-rw-r--r--nomad/traefik.hcl46
5 files changed, 69 insertions, 18 deletions
diff --git a/ansible/lxvm b/ansible/lxvm
index 89fafaf..7847277 100644
--- a/ansible/lxvm
+++ b/ansible/lxvm
@@ -1,6 +1,6 @@
[cluster_nodes]
#ubuntu1 ansible_host=192.168.42.10
-debian1 ansible_host=192.168.42.20 ansible_user=root public_ip=192.168.42.20 dns_server=208.67.222.222 vpn_ip=10.68.70.11 public_vpn_port=51820 datacenter=belair
-debian2 ansible_host=192.168.42.21 ansible_user=root public_ip=192.168.42.21 dns_server=208.67.222.222 vpn_ip=10.68.70.12 public_vpn_port=51820 datacenter=belair
-debian3 ansible_host=192.168.42.22 ansible_user=root public_ip=192.168.42.22 dns_server=208.67.222.222 vpn_ip=10.68.70.13 public_vpn_port=51820 datacenter=belair
-ovh1 ansible_host=51.75.4.20 ansible_user=debian ansible_become=yes public_ip=51.75.4.20 dns_server=208.67.222.222 vpn_ip=10.68.70.20 public_vpn_port=51820 datacenter=saturne
+debian1 ansible_host=192.168.42.20 ansible_user=root public_ip=192.168.42.20 dns_server=208.67.222.222 vpn_ip=10.68.70.11 public_vpn_port=51820 datacenter=belair interface=enp1s0
+debian2 ansible_host=192.168.42.21 ansible_user=root public_ip=192.168.42.21 dns_server=208.67.222.222 vpn_ip=10.68.70.12 public_vpn_port=51820 datacenter=belair interface=enp1s0
+debian3 ansible_host=192.168.42.22 ansible_user=root public_ip=192.168.42.22 dns_server=208.67.222.222 vpn_ip=10.68.70.13 public_vpn_port=51820 datacenter=belair interface=enp1s0
+ovh1 ansible_host=51.75.4.20 ansible_user=debian ansible_become=yes public_ip=51.75.4.20 dns_server=208.67.222.222 vpn_ip=10.68.70.20 public_vpn_port=51820 datacenter=saturne interface=eth0
diff --git a/ansible/roles/nomad/tasks/main.yml b/ansible/roles/nomad/tasks/main.yml
index 7c73362..3bfd3a6 100644
--- a/ansible/roles/nomad/tasks/main.yml
+++ b/ansible/roles/nomad/tasks/main.yml
@@ -1,7 +1,11 @@
-- name: "Set nomad version"
+- name: "Set Nomad version"
set_fact:
nomad_version: 0.12.0-beta2
+- name: "Set CNI version"
+ set_fact:
+ cni_plugins_version: 0.8.6
+
- name: "Download and install Nomad for x86_64"
unarchive:
src: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip"
@@ -10,6 +14,19 @@
when:
- "ansible_architecture == 'x86_64'"
+- name: "Create /opt/cni/bin"
+ file: path=/opt/cni/bin state=directory
+
+- name: "Download and install CNI plugins for x86_64"
+ unarchive:
+ src: "https://github.com/containernetworking/plugins/releases/download/v{{ cni_plugins_version }}/cni-plugins-linux-amd64-v{{ cni_plugins_version }}.tgz"
+ dest: /opt/cni/bin
+ remote_src: yes
+ when:
+ - "ansible_architecture == 'x86_64'"
+ notify:
+ - restart nomad
+
- name: "Create Nomad configuration directory"
file: path=/etc/nomad/ state=directory
diff --git a/ansible/roles/nomad/templates/nomad.hcl.j2 b/ansible/roles/nomad/templates/nomad.hcl.j2
index c7a8b94..55aa481 100644
--- a/ansible/roles/nomad/templates/nomad.hcl.j2
+++ b/ansible/roles/nomad/templates/nomad.hcl.j2
@@ -31,6 +31,16 @@ client {
docker.privileged.enabled = "true"
docker.volumes.enabled = "true"
}
- #network_interface = "wgdeuxfleurs"
+
+ network_interface = "wgdeuxfleurs"
+
+ host_network "default" {
+ #cidr = "{{ vpn_ip }}/24"
+ interface = "wgdeuxfleurs"
+ }
+ host_network "public" {
+ #cidr = "{{ public_ip }}/32"
+ interface = "{{ interface }}"
+ }
}
diff --git a/nomad/garage.hcl b/nomad/garage.hcl
index 3478706..293e58b 100644
--- a/nomad/garage.hcl
+++ b/nomad/garage.hcl
@@ -59,7 +59,7 @@ job "garage" {
"garage_api",
"traefik.enable=true",
"traefik.frontend.entryPoints=https,http",
- "traefik.frontend.rule=Host:garage.deuxfleurs.fr"
+ "traefik.frontend.rule=Host:garage.deuxfleurs.fr,garage.devx.adnab.me"
]
port = "api_port"
address_mode = "host"
diff --git a/nomad/traefik.hcl b/nomad/traefik.hcl
index 9dcb5b5..657e8c7 100644
--- a/nomad/traefik.hcl
+++ b/nomad/traefik.hcl
@@ -9,6 +9,7 @@ job "frontend" {
config {
image = "amd64/traefik:1.7.20"
readonly_rootfs = true
+ network_mode = "host"
port_map {
https_port = 443
http_port = 80
@@ -24,30 +25,58 @@ job "frontend" {
network {
port "https_port" {
static = "443"
+ host_network = "public"
}
port "http_port" {
static = "80"
+ host_network = "public"
}
port "adm_port" {
static = "8082"
}
}
}
+
+ template {
+ data = "{{ key \"configuration/traefik/traefik.toml\" }}"
+ destination = "secrets/traefik.toml"
+ }
+
+ service {
+ tags = [
+ "http",
+ "frontend",
+ "(diplonat (tcp_port 80))"
+ ]
+ port = "http_port"
+ name = "traefik-http"
+
+ check {
+ type = "tcp"
+ port = "http_port"
+ interval = "60s"
+ timeout = "5s"
+ check_restart {
+ limit = 3
+ grace = "90s"
+ ignore_warnings = false
+ }
+ }
+ }
service {
tags = [
"https",
"frontend",
- "(diplonat (tcp_port 80 443))"
+ "(diplonat (tcp_port 443))"
]
port = "https_port"
address_mode = "host"
- name = "traefik"
+ name = "traefik-https"
+
check {
- type = "http"
- protocol = "http"
- port = "adm_port"
- path = "/ping"
+ type = "tcp"
+ port = "https_port"
interval = "60s"
timeout = "5s"
check_restart {
@@ -57,11 +86,6 @@ job "frontend" {
}
}
}
-
- template {
- data = "{{ key \"configuration/traefik/traefik.toml\" }}"
- destination = "secrets/traefik.toml"
- }
}
}
}