hashistack/playbooks/group_vars/all/nomad.yml

---
nomad_init_server: "{{ (inventory_hostname == groups['nomad_servers'][0]) | bool }}"

####################
# nomad api config #
####################

nomad_api_addr: "{{ nomad_api_scheme }}://{{ api_interface_address }}:{{ nomad_api_port[nomad_api_scheme] }}"
nomad_api_scheme: "{{ 'https' if nomad_enable_tls else 'http' }}"
nomad_api_port:
  http: "{{ nomad_address_configuration.ports.http }}"
  https: "{{ nomad_address_configuration.ports.http }}"

#########
# Nomad #
#########

nomad_config_dir: "{{ hashistack_remote_config_dir }}/nomad.d"
nomad_data_dir: "/opt/nomad"
nomad_certs_dir: "{{ nomad_config_dir }}/tls"
nomad_logs_dir: "{{ hashistack_remote_log_dir }}/nomad"

nomad_extra_files: true
# nomad_extra_files_list: []

nomad_env_variables: {}

#######################
# extra configuration #
#######################

# You should prioritize adding configuration
# to the configuration entries below, this
# option should be used to add pieces of configuration not
# available through standard variables.

# nomad_extra_configuration: {}

###########
# general #
###########

# nomad_region: global
# nomad_datacenter: dc1

#########################
# address configuration #
#########################

nomad_bind_addr: "0.0.0.0"
nomad_advertise_addr: "{{ api_interface_address }}"
nomad_address_configuration:
  bind_addr: "{{ nomad_bind_addr }}"
  addresses:
    http: "{{ nomad_advertise_addr }}"
    rpc: "{{ nomad_advertise_addr }}"
    serf: "{{ nomad_advertise_addr }}"
  advertise:
    http: "{{ nomad_advertise_addr }}"
    rpc: "{{ nomad_advertise_addr }}"
    serf: "{{ nomad_advertise_addr }}"
  ports:
    http: 4646
    rpc: 4647
    serf: 4648

###########################
# autopilot configuration #
###########################

# nomad_autopilot_configuration: {}

#######################
# leave configuration #
#######################

nomad_leave_on_interrupt: false
nomad_leave_on_terminate: false

########################
# server configuration #
########################

nomad_enable_server: "{{ ('nomad_servers' in group_names) | bool }}"
nomad_server_bootstrap_expect: "{{ (groups['nomad_servers'] | length) }}"
nomad_server_configuration:
  enabled: "{{ nomad_enable_server }}"
  data_dir: "{{ nomad_data_dir }}/server"
  encrypt: "{{ _credentials.nomad.gossip_encryption_key }}"

##############################
# client configuration #
##############################

nomad_enable_client: "{{ ('nomad_clients' in group_names) | bool }}"
nomad_client_configuration:
  enabled: "{{ nomad_enable_client }}"
  state_dir: "{{ nomad_data_dir }}/client"
  cni_path: "{{ cni_plugins_install_path | default('/opt/cni/bin') }}"
  bridge_network_name: nomad
  bridge_network_subnet: "172.26.64.0/20"
  node_pool: >-
    {{
      'ingress' if 'haproxy_servers' in group_names else
      'controller' if 'nomad_servers' in group_names else
      omit
    }}

####################
# ui configuration #
####################

nomad_ui_configuration:
  enabled: "{{ nomad_enable_server }}"

#########################
# drivers configuration #
#########################

nomad_driver_enable_docker: true
nomad_driver_enable_podman: false
nomad_driver_enable_raw_exec: false
nomad_driver_enable_java: false
nomad_driver_enable_qemu: false

nomad_driver_configuration:
  raw_exec:
    enabled: false

nomad_driver_extra_configuration: {}

###########
# logging #
###########

nomad_log_level: info
nomad_enable_log_to_file: "{{ enable_log_to_file | bool }}"
nomad_log_to_file_configuration:
  log_file: "{{ nomad_logs_dir }}/nomad.log"
  log_rotate_duration: 24h
  log_rotate_max_files: 30

#####################
# ACL configuration #
#####################

nomad_acl_configuration:
  enabled: true
  token_ttl: 30s
  policy_ttl: 60s
  role_ttl: 60s

################
# internal tls #
################

# nomad_enable_tls: false
nomad_tls_configuration:
  http: true
  rpc: true
  ca_file: "/etc/ssl/certs/ca-certificates.crt"
  cert_file: "{{ nomad_certs_dir }}/fullchain.crt"
  key_file: "{{ nomad_certs_dir }}/cert.key"
  verify_server_hostname: true

nomad_certificates_extra_files_dir: >
  {{
    [] if external_tls_externally_managed_certs | bool else
    [{
      'src': "{{ hashistack_sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}",
      'dest': "{{ nomad_certs_dir }}"
    }]
  }}

###########################
# telemetry configuration #
###########################

nomad_telemetry_configuration:
  collection_interval: 10s
  disable_hostname: false
  use_node_name: false
  publish_allocation_metrics: false
  publish_node_metrics: false
  prefix_filter: []
  disable_dispatched_job_summary_metrics: false
  prometheus_metrics: false

######################
# consul integration #
######################

nomad_enable_consul_integration: "{{ enable_consul | bool }}"
nomad_consul_integration_configuration:
  address: >-
    127.0.0.1:{{ consul_api_port[consul_api_scheme] }}
  auto_advertise: true
  ssl: "{{ consul_enable_tls | bool }}"
  token: >-
    {{ _credentials.consul.tokens.nomad.server.secret_id if nomad_enable_server else _credentials.consul.tokens.nomad.client.secret_id }}
  tags: []

nomad_consul_integration_tls_configuration:
  ca_file: "/etc/ssl/certs/ca-certificates.crt"

nomad_consul_integration_server_configuration:
  server_auto_join: true

nomad_consul_integration_client_configuration:
  client_auto_join: true
  grpc_address: >-
    127.0.0.1:{{ consul_grpc_port[consul_api_scheme] }}

nomad_consul_integration_client_tls_configuration:
  grpc_ca_file: "/etc/ssl/certs/ca-certificates.crt"

nomad_consul_integration_server_policy: |
  agent_prefix "" {
    policy = "read"
  }
  node_prefix "" {
    policy = "read"
  }
  service_prefix "" {
    policy = "write"
  }
  acl  = "write"
  mesh = "write"

nomad_consul_integration_client_policy: |
  agent_prefix "" {
    policy = "read"
  }
  node_prefix "" {
    policy = "read"
  }
  service_prefix "" {
    policy = "write"
  }

############################
# nomad vault integration #
############################

nomad_enable_vault_integration: false
nomad_vault_integration_configuration: {}
feat: add global variables for nomad deployment 2024-05-16 15:29:41 +00:00			`---`
fix: do not use run_once instructions as it is wildly unreliable 2024-07-11 21:27:44 +00:00			`nomad_init_server: "{{ (inventory_hostname == groups['nomad_servers'][0]) \| bool }}"`

feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00			`####################`
			`# nomad api config #`
			`####################`

			`nomad_api_addr: "{{ nomad_api_scheme }}://{{ api_interface_address }}:{{ nomad_api_port[nomad_api_scheme] }}"`
			`nomad_api_scheme: "{{ 'https' if nomad_enable_tls else 'http' }}"`
			`nomad_api_port:`
			`http: "{{ nomad_address_configuration.ports.http }}"`
			`https: "{{ nomad_address_configuration.ports.http }}"`

feat: organise group_vars 2024-08-17 12:05:44 +00:00			`#########`
			`# Nomad #`
			`#########`

			`nomad_config_dir: "{{ hashistack_remote_config_dir }}/nomad.d"`
			`nomad_data_dir: "/opt/nomad"`
			`nomad_certs_dir: "{{ nomad_config_dir }}/tls"`
			`nomad_logs_dir: "{{ hashistack_remote_log_dir }}/nomad"`
feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`nomad_extra_files: true`
			`# nomad_extra_files_list: []`
feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`nomad_env_variables: {}`
feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`#######################`
			`# extra configuration #`
			`#######################`
feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`# You should prioritize adding configuration`
			`# to the configuration entries below, this`
			`# option should be used to add pieces of configuration not`
			`# available through standard variables.`
feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`# nomad_extra_configuration: {}`
feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`###########`
			`# general #`
			`###########`

			`# nomad_region: global`
			`# nomad_datacenter: dc1`

			`#########################`
			`# address configuration #`
			`#########################`

			`nomad_bind_addr: "0.0.0.0"`
			`nomad_advertise_addr: "{{ api_interface_address }}"`
feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00			`nomad_address_configuration:`
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`bind_addr: "{{ nomad_bind_addr }}"`
feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00			`addresses:`
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`http: "{{ nomad_advertise_addr }}"`
			`rpc: "{{ nomad_advertise_addr }}"`
			`serf: "{{ nomad_advertise_addr }}"`
feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00			`advertise:`
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`http: "{{ nomad_advertise_addr }}"`
			`rpc: "{{ nomad_advertise_addr }}"`
			`serf: "{{ nomad_advertise_addr }}"`
feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00			`ports:`
			`http: 4646`
			`rpc: 4647`
			`serf: 4648`

feat: organise group_vars 2024-08-17 12:05:44 +00:00			`###########################`
			`# autopilot configuration #`
			`###########################`
feat: add global variables for nomad deployment 2024-05-16 15:29:41 +00:00
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`# nomad_autopilot_configuration: {}`
feat: add global variables for nomad deployment 2024-05-16 15:29:41 +00:00
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`#######################`
			`# leave configuration #`
			`#######################`

			`nomad_leave_on_interrupt: false`
			`nomad_leave_on_terminate: false`

			`########################`
			`# server configuration #`
			`########################`

			`nomad_enable_server: "{{ ('nomad_servers' in group_names) \| bool }}"`
			`nomad_server_bootstrap_expect: "{{ (groups['nomad_servers'] \| length) }}"`
			`nomad_server_configuration:`
			`enabled: "{{ nomad_enable_server }}"`
			`data_dir: "{{ nomad_data_dir }}/server"`
			`encrypt: "{{ _credentials.nomad.gossip_encryption_key }}"`

			`##############################`
			`# client configuration #`
			`##############################`

			`nomad_enable_client: "{{ ('nomad_clients' in group_names) \| bool }}"`
			`nomad_client_configuration:`
			`enabled: "{{ nomad_enable_client }}"`
			`state_dir: "{{ nomad_data_dir }}/client"`
			`cni_path: "{{ cni_plugins_install_path \| default('/opt/cni/bin') }}"`
			`bridge_network_name: nomad`
			`bridge_network_subnet: "172.26.64.0/20"`
feat: new tls_multi_node test for molecule with some adjustment to tags 2024-08-26 21:10:04 +00:00			`node_pool: >-`
			`{{`
			`'ingress' if 'haproxy_servers' in group_names else`
			`'controller' if 'nomad_servers' in group_names else`
			`omit`
			`}}`
feat: organise group_vars 2024-08-17 12:05:44 +00:00
			`####################`
			`# ui configuration #`
			`####################`

			`nomad_ui_configuration:`
			`enabled: "{{ nomad_enable_server }}"`

			`#########################`
			`# drivers configuration #`
			`#########################`

			`nomad_driver_enable_docker: true`
			`nomad_driver_enable_podman: false`
			`nomad_driver_enable_raw_exec: false`
			`nomad_driver_enable_java: false`
			`nomad_driver_enable_qemu: false`

			`nomad_driver_configuration:`
			`raw_exec:`
			`enabled: false`

			`nomad_driver_extra_configuration: {}`

			`###########`
			`# logging #`
			`###########`

			`nomad_log_level: info`
			`nomad_enable_log_to_file: "{{ enable_log_to_file \| bool }}"`
			`nomad_log_to_file_configuration:`
			`log_file: "{{ nomad_logs_dir }}/nomad.log"`
			`log_rotate_duration: 24h`
			`log_rotate_max_files: 30`

			`#####################`
			`# ACL configuration #`
			`#####################`

			`nomad_acl_configuration:`
			`enabled: true`
			`token_ttl: 30s`
			`policy_ttl: 60s`
			`role_ttl: 60s`

			`################`
			`# internal tls #`
			`################`

feat: new tls_multi_node test for molecule with some adjustment to tags 2024-08-26 21:10:04 +00:00			`# nomad_enable_tls: false`
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`nomad_tls_configuration:`
			`http: true`
			`rpc: true`
			`ca_file: "/etc/ssl/certs/ca-certificates.crt"`
			`cert_file: "{{ nomad_certs_dir }}/fullchain.crt"`
			`key_file: "{{ nomad_certs_dir }}/cert.key"`
			`verify_server_hostname: true`

feat: add global internal TLS option, make externally_managed_certs work 2024-08-17 14:47:38 +00:00			`nomad_certificates_extra_files_dir: >`
			`{{`
			`[] if external_tls_externally_managed_certs \| bool else`
			`[{`
			`'src': "{{ hashistack_sub_configuration_directories['certificates'] }}/nomad/{{ inventory_hostname }}",`
			`'dest': "{{ nomad_certs_dir }}"`
			`}]`
			`}}`
feat: organise group_vars 2024-08-17 12:05:44 +00:00
			`###########################`
			`# telemetry configuration #`
			`###########################`

			`nomad_telemetry_configuration:`
			`collection_interval: 10s`
			`disable_hostname: false`
			`use_node_name: false`
			`publish_allocation_metrics: false`
			`publish_node_metrics: false`
			`prefix_filter: []`
			`disable_dispatched_job_summary_metrics: false`
			`prometheus_metrics: false`

			`######################`
			`# consul integration #`
			`######################`

			`nomad_enable_consul_integration: "{{ enable_consul \| bool }}"`
			`nomad_consul_integration_configuration:`
			`address: >-`
			`127.0.0.1:{{ consul_api_port[consul_api_scheme] }}`
			`auto_advertise: true`
			`ssl: "{{ consul_enable_tls \| bool }}"`
			`token: >-`
			`{{ _credentials.consul.tokens.nomad.server.secret_id if nomad_enable_server else _credentials.consul.tokens.nomad.client.secret_id }}`
			`tags: []`
feat: add global variables for nomad deployment 2024-05-16 15:29:41 +00:00
feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00			`nomad_consul_integration_tls_configuration:`
			`ca_file: "/etc/ssl/certs/ca-certificates.crt"`

			`nomad_consul_integration_server_configuration:`
			`server_auto_join: true`

			`nomad_consul_integration_client_configuration:`
			`client_auto_join: true`
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`grpc_address: >-`
			`127.0.0.1:{{ consul_grpc_port[consul_api_scheme] }}`
feat: add nomad deployment options, variables, and playbooks 2024-06-25 13:16:42 +00:00
			`nomad_consul_integration_client_tls_configuration:`
			`grpc_ca_file: "/etc/ssl/certs/ca-certificates.crt"`

			`nomad_consul_integration_server_policy: \|`
			`agent_prefix "" {`
			`policy = "read"`
			`}`
			`node_prefix "" {`
			`policy = "read"`
			`}`
			`service_prefix "" {`
			`policy = "write"`
			`}`
			`acl = "write"`
			`mesh = "write"`

			`nomad_consul_integration_client_policy: \|`
			`agent_prefix "" {`
			`policy = "read"`
			`}`
			`node_prefix "" {`
			`policy = "read"`
			`}`
			`service_prefix "" {`
			`policy = "write"`
			`}`
feat: add global variables for nomad deployment 2024-05-16 15:29:41 +00:00
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`############################`
			`# nomad vault integration #`
			`############################`
feat: add global variables for nomad deployment 2024-05-16 15:29:41 +00:00
feat: organise group_vars 2024-08-17 12:05:44 +00:00			`nomad_enable_vault_integration: false`
			`nomad_vault_integration_configuration: {}`