Table of Contents
- Nomad Configuration Documentation 🌍
- 🔧 Basics
- 🌐 TLS Configuration
- 📂 Directory Paths
- 🌍 Address Configuration
- 🖥️ Server Configuration
- 🖥️ Client Configuration
- 🖥️ UI Configuration
- 🛠️ Driver Configuration
- 📝 Logging Configuration
- 🛡️ ACL Configuration
- 🔧 Autopilot Configuration
- 📊 Telemetry Configuration
- 🔗 Consul Integration
- 🔐 Vault Integration
Nomad Configuration Documentation 🌍
This section provides detailed documentation on the configurable variables for deploying and managing a Nomad cluster using the hashistack-ansible
collection. Each configuration map should adhere to the structure documented in the official Nomad documentation since these maps will be merged into the final Nomad configuration file.
🔧 Basics
To deploy a Nomad cluster, enable it and specify the version:
enable_nomad: "yes"
nomad_version: "1.8.1"
Define a fully qualified domain name (FQDN) for Nomad:
nomad_fqdn: nomad.ednz.lab
Specify the region and datacenter:
nomad_region: global
nomad_datacenter: dc1
🌐 TLS Configuration
Enable TLS for internal Nomad communication:
nomad_enable_tls: "{{ enable_tls_internal }}"
Define TLS settings:
nomad_tls_configuration:
http: true
rpc: true
ca_file: "/etc/ssl/certs/ca-certificates.crt"
cert_file: "{{ nomad_certs_dir }}/fullchain.crt"
key_file: "{{ nomad_certs_dir }}/cert.key"
verify_server_hostname: true
📂 Directory Paths
Configure the paths used by Nomad for storing configuration, data, certificates, and logs:
nomad_config_dir: "{{ hashistack_remote_config_dir }}/nomad.d"
nomad_data_dir: "/opt/nomad"
nomad_certs_dir: "{{ nomad_config_dir }}/tls"
nomad_logs_dir: "{{ hashistack_remote_log_dir }}/nomad"
🌍 Address Configuration
Set the addresses and ports for Nomad communication:
nomad_bind_addr: "0.0.0.0"
nomad_advertise_addr: "{{ api_interface_address }}"
nomad_address_configuration:
bind_addr: "{{ nomad_bind_addr }}"
addresses:
http: "{{ nomad_advertise_addr }}"
rpc: "{{ nomad_advertise_addr }}"
serf: "{{ nomad_advertise_addr }}"
advertise:
http: "{{ nomad_advertise_addr }}"
rpc: "{{ nomad_advertise_addr }}"
serf: "{{ nomad_advertise_addr }}"
ports:
http: 4646
rpc: 4647
serf: 4648
🖥️ Server Configuration
Enable and configure Nomad server nodes:
nomad_enable_server: "{{ ('nomad_servers' in group_names) | bool }}"
nomad_server_bootstrap_expect: "{{ (groups['nomad_servers'] | length) }}"
nomad_server_configuration:
enabled: "{{ nomad_enable_server }}"
data_dir: "{{ nomad_data_dir }}/server"
encrypt: "{{ _credentials.nomad.gossip_encryption_key }}"
🖥️ Client Configuration
Enable and configure Nomad client nodes:
nomad_enable_client: "{{ ('nomad_clients' in group_names) | bool }}"
nomad_client_configuration:
enabled: "{{ nomad_enable_client }}"
state_dir: "{{ nomad_data_dir }}/client"
cni_path: "{{ cni_plugins_install_path | default('/opt/cni/bin') }}"
bridge_network_name: nomad
bridge_network_subnet: "172.26.64.0/20"
node_pool: >-
{{
'ingress' if 'nomad_ingress' in group_names else
'controller' if 'nomad_servers' in group_names else
omit
}}
🖥️ UI Configuration
Enable the Nomad UI:
nomad_ui_configuration:
enabled: "{{ nomad_enable_server }}"
🛠️ Driver Configuration
Enable or disable specific Nomad task drivers:
nomad_driver_enable_docker: true
nomad_driver_enable_podman: false
nomad_driver_enable_raw_exec: false
nomad_driver_enable_java: false
nomad_driver_enable_qemu: false
nomad_driver_configuration:
raw_exec:
enabled: false
📝 Logging Configuration
Configure logging for Nomad:
nomad_log_level: info
nomad_enable_log_to_file: "{{ enable_log_to_file | bool }}"
nomad_log_to_file_configuration:
log_file: "{{ nomad_logs_dir }}/nomad.log"
log_rotate_duration: 24h
log_rotate_max_files: 30
🛡️ ACL Configuration
ACLs are enabled by default in Nomad. Customize ACL settings:
nomad_acl_configuration:
enabled: true
token_ttl: 30s
policy_ttl: 60s
role_ttl: 60s
🔧 Autopilot Configuration
Use Autopilot to automate the management of Nomad servers:
nomad_autopilot_configuration: {}
📊 Telemetry Configuration
Enable telemetry and configure settings:
nomad_telemetry_configuration:
collection_interval: 10s
disable_hostname: false
use_node_name: false
publish_allocation_metrics: false
publish_node_metrics: false
prefix_filter: []
disable_dispatched_job_summary_metrics: false
prometheus_metrics: false
🔗 Consul Integration
Enable integration with Consul:
nomad_enable_consul_integration: "{{ enable_consul | bool }}"
nomad_consul_integration_configuration:
address: >-
127.0.0.1:{{ consul_api_port[consul_api_scheme] }}
auto_advertise: true
ssl: "{{ consul_enable_tls | bool }}"
token: >-
{{ _credentials.consul.tokens.nomad.server.secret_id if nomad_enable_server else _credentials.consul.tokens.nomad.client.secret_id }}
tags: []
Define TLS settings for Consul integration:
nomad_consul_integration_tls_configuration:
ca_file: "/etc/ssl/certs/ca-certificates.crt"
Server and client policies for Consul integration:
nomad_consul_integration_server_policy: |
agent_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "write"
}
acl = "write"
mesh = "write"
nomad_consul_integration_client_policy: |
agent_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "write"
}
🔐 Vault Integration
Enable Vault integration with Nomad:
nomad_enable_vault_integration: false
nomad_vault_integration_configuration: {}
This setting allows for seamless integration with HashiCorp Vault for secrets management.
This documentation provides an overview of the key variables and settings for configuring a Nomad cluster using hashistack-ansible
. Remember to follow the official Nomad documentation for any specific configurations within each map to ensure proper integration into the final configuration file. Adjust the settings as needed to fit your environment and deployment requirements.