From 5b55cc1a16d07d2a201c121d2e5d795c2ee74759 Mon Sep 17 00:00:00 2001
From: Ryan Cavicchioni <ryan@cavi.cc>
Date: Tue, 30 Aug 2022 07:49:09 -0500
Subject: [PATCH] add nomad role

---
 roles/nomad/defaults/main.yaml     | 26 ++++++++
 roles/nomad/handlers/main.yaml     | 12 ++++
 roles/nomad/tasks/RedHat.yaml      | 18 ++++++
 roles/nomad/tasks/main.yaml        | 97 ++++++++++++++++++++++++++++++
 roles/nomad/templates/nomad.hcl.j2 | 46 ++++++++++++++
 roles/nomad/vars/RedHat.yaml       |  3 +
 roles/nomad/vars/default.yaml      |  0
 7 files changed, 202 insertions(+)
 create mode 100644 roles/nomad/defaults/main.yaml
 create mode 100644 roles/nomad/handlers/main.yaml
 create mode 100644 roles/nomad/tasks/RedHat.yaml
 create mode 100644 roles/nomad/tasks/main.yaml
 create mode 100644 roles/nomad/templates/nomad.hcl.j2
 create mode 100644 roles/nomad/vars/RedHat.yaml
 create mode 100644 roles/nomad/vars/default.yaml

diff --git a/roles/nomad/defaults/main.yaml b/roles/nomad/defaults/main.yaml
new file mode 100644
index 0000000..a49036f
--- /dev/null
+++ b/roles/nomad/defaults/main.yaml
@@ -0,0 +1,26 @@
+---
+nomad_package_name: nomad
+nomad_package_state: present
+nomad_service_name: nomad
+nomad_service_state: started
+nomad_service_enabled: true
+nomad_etc_path: /etc/nomad.d
+nomad_config_path: "{{ nomad_etc_path }}/nomad.hcl"
+nomad_config_template: nomad.hcl.j2
+nomad_user: nomad
+nomad_group: nomad
+nomad_config_owner: "{{ nomad_user }}"
+nomad_config_group: "{{ nomad_group }}"
+nomad_config_mode: 0644
+nomad_data_dir: /opt/nomad/data
+nomad_bind_addr: 0.0.0.0
+nomad_server__enabled: true
+nomad_server__bootstrap_expect: 1
+nomad_client__enabled: true
+nomad_client__servers:
+  - 127.0.0.1
+nomad_plugin_dir: "{{ nomad_data_dir }}/plugins"
+nomad_plugins:
+  - https://releases.hashicorp.com/nomad-driver-podman/0.3.0/nomad-driver-podman_0.3.0_linux_amd64.zip
+nomad_consul_enabled: no
+nomad_consul_address: 127.0.0.1:8500
diff --git a/roles/nomad/handlers/main.yaml b/roles/nomad/handlers/main.yaml
new file mode 100644
index 0000000..485afb1
--- /dev/null
+++ b/roles/nomad/handlers/main.yaml
@@ -0,0 +1,12 @@
+---
+- name: reload nomad
+  service:
+    name: "{{ nomad_service_name }}"
+    state: reloaded
+  when: nomad_service_enabled
+
+- name: restart nomad
+  service:
+    name: "{{ nomad_service_name }}"
+    state: restarted
+  when: nomad_service_enabled
diff --git a/roles/nomad/tasks/RedHat.yaml b/roles/nomad/tasks/RedHat.yaml
new file mode 100644
index 0000000..2485e13
--- /dev/null
+++ b/roles/nomad/tasks/RedHat.yaml
@@ -0,0 +1,18 @@
+---
+- name: install Hashicorp yum repo
+  yum_repository:
+    name: hashicorp
+    description: Hashicorp Stable - $basearch
+    baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/stable
+    enabled: 1
+    gpgcheck: 1
+    gpgkey: https://rpm.releases.hashicorp.com/gpg
+
+- name: install Hashicorp (test) yum repo
+  yum_repository:
+    name: hashicorp-test
+    description: Hashicorp Test - $basearch
+    baseurl: https://rpm.releases.hashicorp.com/RHEL/$releasever/$basearch/test
+    enabled: 0
+    gpgcheck: 1
+    gpgkey: https://rpm.releases.hashicorp.com/gpg
diff --git a/roles/nomad/tasks/main.yaml b/roles/nomad/tasks/main.yaml
new file mode 100644
index 0000000..9975f0a
--- /dev/null
+++ b/roles/nomad/tasks/main.yaml
@@ -0,0 +1,97 @@
+---
+- name: gather os specific variables
+  include_vars: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - vars
+
+- name: include os specific tasks
+  include_tasks: "{{ lookup('first_found', possible_files) }}"
+  vars:
+    possible_files:
+      files:
+        - "{{ ansible_distribution }}-{{ ansible_distribution_version }}.yaml"
+        - "{{ ansible_distribution }}.yaml"
+        - "{{ ansible_os_family }}.yaml"
+        - "default.yaml"
+      paths:
+        - tasks
+
+- name: enable br_netfilter
+  modprobe:
+    name: br_netfilter
+    state: present
+
+- name: enable br_netfilter (persistent)
+  copy:
+    dest: /etc/modules-load.d/br_netfilter.conf
+    content: br_netfilter
+    mode: 0644
+
+- name: sysctl net.bridge.bridge-nf-call-arptables
+  sysctl:
+    name: net.bridge.bridge-nf-call-arptables
+    value: "1"
+    sysctl_set: yes
+    state: present
+
+- name: sysctl net.bridge.bridge-nf-call-ip6tables
+  sysctl:
+    name: net.bridge.bridge-nf-call-ip6tables
+    value: "1"
+    sysctl_set: yes
+    state: present
+
+- name: sysctl net.bridge.bridge-nf-call-iptables
+  sysctl:
+    name: net.bridge.bridge-nf-call-iptables
+    value: "1"
+    sysctl_set: yes
+    state: present
+
+- name: create plugin directory
+  file:
+    path: "{{ nomad_plugin_dir }}"
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+
+- name: install unzip
+  package:
+    name: unzip
+    state: present
+
+- name: install plugins
+  unarchive:
+    src: "{{ item }}"
+    dest: "{{ nomad_plugin_dir }}"
+    remote_src: true
+  loop: "{{ nomad_plugins }}"
+  notify: restart nomad
+
+- name: install
+  package:
+    name: "{{ nomad_package_name | default('nomad') }}"
+    state: "{{ nomad_package_state | default('present') }}"
+
+- name: configure
+  template:
+    src: "{{ nomad_config_template }}"
+    dest: "{{ nomad_config_path }}"
+    owner: "{{ nomad_config_owner }}"
+    group: "{{ nomad_config_group }}"
+    mode: "{{ nomad_config_mode }}"
+  notify: restart nomad
+
+- name: service
+  service:
+    name: "{{ nomad_service_name | default('nomad') }}"
+    state: "{{ nomad_service_state | default('started') }}"
+    enabled: "{{ nomad_service_enabled | default(true) }}"
diff --git a/roles/nomad/templates/nomad.hcl.j2 b/roles/nomad/templates/nomad.hcl.j2
new file mode 100644
index 0000000..76d236b
--- /dev/null
+++ b/roles/nomad/templates/nomad.hcl.j2
@@ -0,0 +1,46 @@
+// {{ ansible_managed }}
+
+data_dir = "{{ nomad_data_dir }}"
+bind_addr = "{{ nomad_bind_addr }}"
+
+{% if nomad_consul_enabled %}
+consul {
+    address = "{{ nomad_consul_address }}"
+}
+{% endif %}
+
+server {
+  enabled = {{ nomad_server__enabled | bool | lower }}
+  bootstrap_expect = {{ nomad_server__bootstrap_expect }}
+  server_join = {
+    retry_join = [
+{%- set comma = joiner(",") -%}
+{%- for x in nomad_server__server_join__retry_join | default([]) -%}
+    {{ comma() }}"{{ x }}"
+{%- endfor -%} ]
+{% if nomad_server__server_join__retry_max is defined %}
+    retry_max = {{ nomad_server__server_join__retry_max }}
+{% endif %}
+{% if nomad_server__server_join__retry_interval is defined %}
+    retry_interval = "{{ nomad_server__server_join__retry_interval }}"
+{% endif %}
+  }
+}
+
+client {
+  enabled = {{ nomad_client__enabled | bool | lower }}
+{% if nomad_client__servers %}
+  servers = [
+{%- set comma = joiner(",") -%}
+{%- for x in nomad_client__servers -%}
+    {{ comma() }}"{{ x }}"
+{%- endfor -%} ]
+{% endif %}
+{% if nomad_client__cni_path is defined %}
+  cni_path = "{{ nomad_client__cni_path }}"
+{% endif %}
+{% if nomad_client__cni_config_dir is defined %}
+  cni_config_dir = "{{ nomad_client__cni_config_dir }}"
+{% endif %}
+}
+
diff --git a/roles/nomad/vars/RedHat.yaml b/roles/nomad/vars/RedHat.yaml
new file mode 100644
index 0000000..1829a57
--- /dev/null
+++ b/roles/nomad/vars/RedHat.yaml
@@ -0,0 +1,3 @@
+---
+nomad_client__cni_path: /usr/libexec/cni
+nomad_client__cni_config_dir: /etc/cni/net.d
diff --git a/roles/nomad/vars/default.yaml b/roles/nomad/vars/default.yaml
new file mode 100644
index 0000000..e69de29