Make things work on cluster devx.adnab.me

2020-07-01 15:36:22 +02:00 · 2020-07-01 15:36:22 +02:00 · 24118ab426
commit 24118ab426
parent 65af077d5a
5 changed files with 71 additions and 20 deletions
--- a/ansible/lxvm
+++ b/ansible/lxvm
@ -1,6 +1,6 @@
 [cluster_nodes]
 #ubuntu1 ansible_host=192.168.42.10
-debian1 ansible_host=192.168.42.20 ansible_user=root public_ip=192.168.42.20 dns_server=208.67.222.222 vpn_ip=10.68.70.11 public_vpn_port=51820 datacenter=belair
+debian1 ansible_host=192.168.42.20 ansible_user=root public_ip=192.168.42.20 dns_server=208.67.222.222 vpn_ip=10.68.70.11 public_vpn_port=51820 datacenter=belair interface=enp1s0
-debian2 ansible_host=192.168.42.21 ansible_user=root public_ip=192.168.42.21 dns_server=208.67.222.222 vpn_ip=10.68.70.12 public_vpn_port=51820 datacenter=belair
+debian2 ansible_host=192.168.42.21 ansible_user=root public_ip=192.168.42.21 dns_server=208.67.222.222 vpn_ip=10.68.70.12 public_vpn_port=51820 datacenter=belair interface=enp1s0
-debian3 ansible_host=192.168.42.22 ansible_user=root public_ip=192.168.42.22 dns_server=208.67.222.222 vpn_ip=10.68.70.13 public_vpn_port=51820 datacenter=belair
+debian3 ansible_host=192.168.42.22 ansible_user=root public_ip=192.168.42.22 dns_server=208.67.222.222 vpn_ip=10.68.70.13 public_vpn_port=51820 datacenter=belair interface=enp1s0
-ovh1 ansible_host=51.75.4.20 ansible_user=debian ansible_become=yes public_ip=51.75.4.20 dns_server=208.67.222.222 vpn_ip=10.68.70.20 public_vpn_port=51820 datacenter=saturne
+ovh1 ansible_host=51.75.4.20 ansible_user=debian ansible_become=yes public_ip=51.75.4.20 dns_server=208.67.222.222 vpn_ip=10.68.70.20 public_vpn_port=51820 datacenter=saturne interface=eth0
--- a/ansible/roles/nomad/tasks/main.yml
+++ b/ansible/roles/nomad/tasks/main.yml
@ -1,7 +1,11 @@
- name: "Set nomad version"
+- name: "Set Nomad version"
  set_fact:
    nomad_version: 0.12.0-beta2
 - name: "Set CNI version"
  set_fact:
    cni_plugins_version: 0.8.6
 - name: "Download and install Nomad for x86_64"
  unarchive:
    src: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip"
@ -10,6 +14,19 @@
  when:
    - "ansible_architecture == 'x86_64'"
 - name: "Create /opt/cni/bin"
  file: path=/opt/cni/bin state=directory
 - name: "Download and install CNI plugins for x86_64"
  unarchive:
    src: "https://github.com/containernetworking/plugins/releases/download/v{{ cni_plugins_version }}/cni-plugins-linux-amd64-v{{ cni_plugins_version }}.tgz"
    dest: /opt/cni/bin
    remote_src: yes
  when:
    - "ansible_architecture == 'x86_64'"
  notify:
    - restart nomad
 - name: "Create Nomad configuration directory"
  file: path=/etc/nomad/ state=directory
--- a/ansible/roles/nomad/templates/nomad.hcl.j2
+++ b/ansible/roles/nomad/templates/nomad.hcl.j2
@ -31,6 +31,16 @@ client {
    docker.privileged.enabled = "true"
    docker.volumes.enabled = "true"
  } 
-  #network_interface = "wgdeuxfleurs"
+
  network_interface = "wgdeuxfleurs"
  host_network "default" {
    #cidr = "{{ vpn_ip }}/24"
 	interface = "wgdeuxfleurs"
  }
  host_network "public" {
    #cidr = "{{ public_ip }}/32"
 	interface = "{{ interface }}"
  }
 }
--- a/nomad/garage.hcl
+++ b/nomad/garage.hcl
@ -59,7 +59,7 @@ job "garage" {
          "garage_api",
          "traefik.enable=true",
          "traefik.frontend.entryPoints=https,http",
-          "traefik.frontend.rule=Host:garage.deuxfleurs.fr"
+          "traefik.frontend.rule=Host:garage.deuxfleurs.fr,garage.devx.adnab.me"
        ]
        port = "api_port"
        address_mode = "host"
--- a/nomad/traefik.hcl
+++ b/nomad/traefik.hcl
@ -9,6 +9,7 @@ job "frontend" {
      config {
        image = "amd64/traefik:1.7.20"
        readonly_rootfs = true
        network_mode = "host"
        port_map {
          https_port = 443
          http_port = 80
@ -24,30 +25,35 @@ job "frontend" {
        network {
          port "https_port" {
            static = "443"
            host_network = "public"
          }
          port "http_port" {
            static = "80"
            host_network = "public"
          }
          port "adm_port" {
            static = "8082"
          }
        }
      }
      template {
        data = "{{ key \"configuration/traefik/traefik.toml\" }}"
        destination = "secrets/traefik.toml"
      }
      service {
        tags = [
-          "https", 
+          "http", 
          "frontend",
-          "(diplonat (tcp_port 80 443))"
+          "(diplonat (tcp_port 80))"
        ]
-        port = "https_port"
+        port = "http_port"
-        address_mode = "host"
+        name = "traefik-http"
-        name = "traefik"
+
        check {
-          type = "http"
+          type = "tcp"
-          protocol = "http"
+          port = "http_port"
          port = "adm_port"
          path = "/ping"
          interval = "60s"
          timeout = "5s"
          check_restart {
@ -57,10 +63,28 @@ job "frontend" {
          }
        }
      }
-      
+
-      template {
+      service {
-        data = "{{ key \"configuration/traefik/traefik.toml\" }}"
+        tags = [
-        destination = "secrets/traefik.toml"
+          "https", 
          "frontend",
          "(diplonat (tcp_port 443))"
        ]
        port = "https_port"
        address_mode = "host"
        name = "traefik-https"
        check {
          type = "tcp"
          port = "https_port"
          interval = "60s"
          timeout = "5s"
          check_restart {
            limit = 3
            grace = "90s"
            ignore_warnings = false
          }
        }
      }
    }
  }