Basic setup for nomad container users/groups

2020-10-03 17:22:04 -04:00 · 2020-10-03 17:22:04 -04:00 · e10b2a5172
commit e10b2a5172
parent dce8d35fe4
4 changed files with 40 additions and 0 deletions
--- a/ansible/host_vars/sedan.minhas.io/nomad.yml
+++ b/ansible/host_vars/sedan.minhas.io/nomad.yml
@ -0,0 +1,10 @@
+---
+nomad_meta_values:
+  - { name: "long_lived", value: "true" }
+
+nomad_ug_map:
+  - { name: "jenkins", id: "15000" }
+
+nomad_bind_mounts:
+  - { path: /opt/jenkins_home, owner: jenkins }
+...
--- a/ansible/roles/nomad_client/tasks/client_setup.yml
+++ b/ansible/roles/nomad_client/tasks/client_setup.yml
@ -0,0 +1,24 @@
+---
+- name: setup group mappings
+  group:
+    name: "{{ item.name }}"
+    gid: "{{ item.id }}"
+    system: True
+  loop: "{{ nomad_ug_map }}"
+
+- name: setup user mappings
+  user:
+    name: "{{ item.name }}"
+    uid: "{{ item.id }}"
+    system: True
+  loop: "{{ nomad_ug_map }}"
+
+- name: ensure mounts
+  file:
+    state: directory
+    path: "{{ item.path }}"
+    owner: "{{ item.owner }}"
+    group: "{{ item.owner }}"
+    mode: 0755
+  loop: "{{ nomad_bind_mounts }}"
+...
--- a/ansible/roles/nomad_client/tasks/main.yml
+++ b/ansible/roles/nomad_client/tasks/main.yml
@ -1,4 +1,5 @@
 ---
 - import_tasks: podman_prep.yml
 - import_tasks: nomad.yml
+- import_tasks: client_setup.yml
 ...
--- a/ansible/roles/nomad_client/templates/nomad.hcl.j2
+++ b/ansible/roles/nomad_client/templates/nomad.hcl.j2
@ -3,6 +3,11 @@ data_dir = "/opt/nomad"

 client {
  enabled   = true
+  meta {
+{% for nomad_meta in nomad_meta_values %}
+    "{{ nomad_meta.name }}"     = "{{ nomad_meta.value }}"
+{% endfor %}
+  }
 }

 consul {