infra/ansible/roles/nomad_client/templates/nomad.hcl.j2

datacenter = "{{ main_dc_name }}"
data_dir = "/opt/nomad"

client {
  enabled   = true
  options {
    "docker.volumes.enabled"    = true
  }
  meta {
{% for nomad_meta in nomad_meta_values %}
    "{{ nomad_meta.name }}"     = "{{ nomad_meta.value }}"
{% endfor %}
  }
}

consul {
  token     = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['consul-acl-client'] }}"
}

vault {
  enabled           = true
  ca_file           = "/etc/pki/certs/{{ vault_ca_cert_name }}"
  token             = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['vault-token'] }}"
  address           = "https://vault.service.{{ consul_domain }}:8200"
  create_from_role  = "nomad-cluster"
  unwrap_token      = true
}

tls {
  http      = true
  rpc       = true
  ca_file   = "/etc/pki/certs/{{ vault_ca_cert_name }}"
  cert_file = "/etc/nomad.d/certs/nomad.pem"
  key_file  = "/etc/nomad.d/certs/nomad.key"
}

plugin_dir = "/opt/nomad_plugins"

plugin "nomad-driver-podman" {
  enabled   = true
  config {
    socket_path = "unix:///run/user/{{ getent_passwd.podman[1] }}/podman/podman.sock"
  }
}
Add nomad server/client, fix ansible policy to allow for cert creation 2020-08-30 00:25:30 +00:00			`datacenter = "{{ main_dc_name }}"`
			`data_dir = "/opt/nomad"`

			`client {`
			`enabled = true`
Basic jenkins install (no ssl) with nomad 2020-10-04 00:35:33 +00:00			`options {`
			`"docker.volumes.enabled" = true`
			`}`
Basic setup for nomad container users/groups 2020-10-03 21:22:04 +00:00			`meta {`
			`{% for nomad_meta in nomad_meta_values %}`
			`"{{ nomad_meta.name }}" = "{{ nomad_meta.value }}"`
			`{% endfor %}`
			`}`
Add nomad server/client, fix ansible policy to allow for cert creation 2020-08-30 00:25:30 +00:00			`}`

			`consul {`
			`token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['consul-acl-client'] }}"`
			`}`
Add podman shell to nomad clients 2020-10-01 00:59:50 +00:00
Explicitly define ports for consul and vault 2020-10-13 02:39:23 +00:00			`vault {`
			`enabled = true`
			`ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"`
			`token = "{{ lookup('hashi_vault', 'secret=kv/data/nomad:data')['vault-token'] }}"`
			`address = "https://vault.service.{{ consul_domain }}:8200"`
			`create_from_role = "nomad-cluster"`
			`unwrap_token = true`
			`}`

Add tls to nomad 2020-10-01 02:37:18 +00:00			`tls {`
			`http = true`
			`rpc = true`
			`ca_file = "/etc/pki/certs/{{ vault_ca_cert_name }}"`
			`cert_file = "/etc/nomad.d/certs/nomad.pem"`
			`key_file = "/etc/nomad.d/certs/nomad.key"`
			`}`

Add podman shell to nomad clients 2020-10-01 00:59:50 +00:00			`plugin_dir = "/opt/nomad_plugins"`

			`plugin "nomad-driver-podman" {`
			`enabled = true`
Update nomad/docker to include arm64 builds 2021-08-16 01:30:56 +00:00			`config {`
Fix up podman 2022-03-26 22:06:26 +00:00			`socket_path = "unix:///run/user/{{ getent_passwd.podman[1] }}/podman/podman.sock"`
Update nomad/docker to include arm64 builds 2021-08-16 01:30:56 +00:00			`}`
Add podman shell to nomad clients 2020-10-01 00:59:50 +00:00			`}`