From 24118ab426f08e5bbfd9e53faeab09ac09f44313 Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Wed, 1 Jul 2020 15:36:22 +0200 Subject: [PATCH] Make things work on cluster devx.adnab.me --- ansible/lxvm | 8 ++-- ansible/roles/nomad/tasks/main.yml | 19 +++++++- ansible/roles/nomad/templates/nomad.hcl.j2 | 12 +++++- nomad/garage.hcl | 2 +- nomad/traefik.hcl | 50 ++++++++++++++++------ 5 files changed, 71 insertions(+), 20 deletions(-) diff --git a/ansible/lxvm b/ansible/lxvm index 89fafaf..7847277 100644 --- a/ansible/lxvm +++ b/ansible/lxvm @@ -1,6 +1,6 @@ [cluster_nodes] #ubuntu1 ansible_host=192.168.42.10 -debian1 ansible_host=192.168.42.20 ansible_user=root public_ip=192.168.42.20 dns_server=208.67.222.222 vpn_ip=10.68.70.11 public_vpn_port=51820 datacenter=belair -debian2 ansible_host=192.168.42.21 ansible_user=root public_ip=192.168.42.21 dns_server=208.67.222.222 vpn_ip=10.68.70.12 public_vpn_port=51820 datacenter=belair -debian3 ansible_host=192.168.42.22 ansible_user=root public_ip=192.168.42.22 dns_server=208.67.222.222 vpn_ip=10.68.70.13 public_vpn_port=51820 datacenter=belair -ovh1 ansible_host=51.75.4.20 ansible_user=debian ansible_become=yes public_ip=51.75.4.20 dns_server=208.67.222.222 vpn_ip=10.68.70.20 public_vpn_port=51820 datacenter=saturne +debian1 ansible_host=192.168.42.20 ansible_user=root public_ip=192.168.42.20 dns_server=208.67.222.222 vpn_ip=10.68.70.11 public_vpn_port=51820 datacenter=belair interface=enp1s0 +debian2 ansible_host=192.168.42.21 ansible_user=root public_ip=192.168.42.21 dns_server=208.67.222.222 vpn_ip=10.68.70.12 public_vpn_port=51820 datacenter=belair interface=enp1s0 +debian3 ansible_host=192.168.42.22 ansible_user=root public_ip=192.168.42.22 dns_server=208.67.222.222 vpn_ip=10.68.70.13 public_vpn_port=51820 datacenter=belair interface=enp1s0 +ovh1 ansible_host=51.75.4.20 ansible_user=debian ansible_become=yes public_ip=51.75.4.20 dns_server=208.67.222.222 vpn_ip=10.68.70.20 public_vpn_port=51820 datacenter=saturne interface=eth0 diff --git a/ansible/roles/nomad/tasks/main.yml b/ansible/roles/nomad/tasks/main.yml index 7c73362..3bfd3a6 100644 --- a/ansible/roles/nomad/tasks/main.yml +++ b/ansible/roles/nomad/tasks/main.yml @@ -1,7 +1,11 @@ -- name: "Set nomad version" +- name: "Set Nomad version" set_fact: nomad_version: 0.12.0-beta2 +- name: "Set CNI version" + set_fact: + cni_plugins_version: 0.8.6 + - name: "Download and install Nomad for x86_64" unarchive: src: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip" @@ -10,6 +14,19 @@ when: - "ansible_architecture == 'x86_64'" +- name: "Create /opt/cni/bin" + file: path=/opt/cni/bin state=directory + +- name: "Download and install CNI plugins for x86_64" + unarchive: + src: "https://github.com/containernetworking/plugins/releases/download/v{{ cni_plugins_version }}/cni-plugins-linux-amd64-v{{ cni_plugins_version }}.tgz" + dest: /opt/cni/bin + remote_src: yes + when: + - "ansible_architecture == 'x86_64'" + notify: + - restart nomad + - name: "Create Nomad configuration directory" file: path=/etc/nomad/ state=directory diff --git a/ansible/roles/nomad/templates/nomad.hcl.j2 b/ansible/roles/nomad/templates/nomad.hcl.j2 index c7a8b94..55aa481 100644 --- a/ansible/roles/nomad/templates/nomad.hcl.j2 +++ b/ansible/roles/nomad/templates/nomad.hcl.j2 @@ -31,6 +31,16 @@ client { docker.privileged.enabled = "true" docker.volumes.enabled = "true" } - #network_interface = "wgdeuxfleurs" + + network_interface = "wgdeuxfleurs" + + host_network "default" { + #cidr = "{{ vpn_ip }}/24" + interface = "wgdeuxfleurs" + } + host_network "public" { + #cidr = "{{ public_ip }}/32" + interface = "{{ interface }}" + } } diff --git a/nomad/garage.hcl b/nomad/garage.hcl index 3478706..293e58b 100644 --- a/nomad/garage.hcl +++ b/nomad/garage.hcl @@ -59,7 +59,7 @@ job "garage" { "garage_api", "traefik.enable=true", "traefik.frontend.entryPoints=https,http", - "traefik.frontend.rule=Host:garage.deuxfleurs.fr" + "traefik.frontend.rule=Host:garage.deuxfleurs.fr,garage.devx.adnab.me" ] port = "api_port" address_mode = "host" diff --git a/nomad/traefik.hcl b/nomad/traefik.hcl index 9dcb5b5..657e8c7 100644 --- a/nomad/traefik.hcl +++ b/nomad/traefik.hcl @@ -9,6 +9,7 @@ job "frontend" { config { image = "amd64/traefik:1.7.20" readonly_rootfs = true + network_mode = "host" port_map { https_port = 443 http_port = 80 @@ -24,30 +25,35 @@ job "frontend" { network { port "https_port" { static = "443" + host_network = "public" } port "http_port" { static = "80" + host_network = "public" } port "adm_port" { static = "8082" } } } + + template { + data = "{{ key \"configuration/traefik/traefik.toml\" }}" + destination = "secrets/traefik.toml" + } service { tags = [ - "https", + "http", "frontend", - "(diplonat (tcp_port 80 443))" + "(diplonat (tcp_port 80))" ] - port = "https_port" - address_mode = "host" - name = "traefik" + port = "http_port" + name = "traefik-http" + check { - type = "http" - protocol = "http" - port = "adm_port" - path = "/ping" + type = "tcp" + port = "http_port" interval = "60s" timeout = "5s" check_restart { @@ -57,10 +63,28 @@ job "frontend" { } } } - - template { - data = "{{ key \"configuration/traefik/traefik.toml\" }}" - destination = "secrets/traefik.toml" + + service { + tags = [ + "https", + "frontend", + "(diplonat (tcp_port 443))" + ] + port = "https_port" + address_mode = "host" + name = "traefik-https" + + check { + type = "tcp" + port = "https_port" + interval = "60s" + timeout = "5s" + check_restart { + limit = 3 + grace = "90s" + ignore_warnings = false + } + } } } }