From e10b2a5172a82edebdc49b0c130e2537170eceb7 Mon Sep 17 00:00:00 2001
From: Asara <amarpreet@minhas.io>
Date: Sat, 3 Oct 2020 17:22:04 -0400
Subject: [PATCH] Basic setup for nomad container users/groups

---
 ansible/host_vars/sedan.minhas.io/nomad.yml   | 10 ++++++++
 .../roles/nomad_client/tasks/client_setup.yml | 24 +++++++++++++++++++
 ansible/roles/nomad_client/tasks/main.yml     |  1 +
 .../roles/nomad_client/templates/nomad.hcl.j2 |  5 ++++
 4 files changed, 40 insertions(+)
 create mode 100644 ansible/host_vars/sedan.minhas.io/nomad.yml
 create mode 100644 ansible/roles/nomad_client/tasks/client_setup.yml

diff --git a/ansible/host_vars/sedan.minhas.io/nomad.yml b/ansible/host_vars/sedan.minhas.io/nomad.yml
new file mode 100644
index 0000000..23658d0
--- /dev/null
+++ b/ansible/host_vars/sedan.minhas.io/nomad.yml
@@ -0,0 +1,10 @@
+---
+nomad_meta_values:
+  - { name: "long_lived", value: "true" }
+
+nomad_ug_map:
+  - { name: "jenkins", id: "15000" }
+
+nomad_bind_mounts:
+  - { path: /opt/jenkins_home, owner: jenkins }
+...
diff --git a/ansible/roles/nomad_client/tasks/client_setup.yml b/ansible/roles/nomad_client/tasks/client_setup.yml
new file mode 100644
index 0000000..28876fa
--- /dev/null
+++ b/ansible/roles/nomad_client/tasks/client_setup.yml
@@ -0,0 +1,24 @@
+---
+- name: setup group mappings
+  group:
+    name: "{{ item.name }}"
+    gid: "{{ item.id }}"
+    system: True
+  loop: "{{ nomad_ug_map }}"
+
+- name: setup user mappings
+  user:
+    name: "{{ item.name }}"
+    uid: "{{ item.id }}"
+    system: True
+  loop: "{{ nomad_ug_map }}"
+
+- name: ensure mounts
+  file:
+    state: directory
+    path: "{{ item.path }}"
+    owner: "{{ item.owner }}"
+    group: "{{ item.owner }}"
+    mode: 0755
+  loop: "{{ nomad_bind_mounts }}"
+...
diff --git a/ansible/roles/nomad_client/tasks/main.yml b/ansible/roles/nomad_client/tasks/main.yml
index 0d87ea5..b319164 100644
--- a/ansible/roles/nomad_client/tasks/main.yml
+++ b/ansible/roles/nomad_client/tasks/main.yml
@@ -1,4 +1,5 @@
 ---
 - import_tasks: podman_prep.yml
 - import_tasks: nomad.yml
+- import_tasks: client_setup.yml
 ...
diff --git a/ansible/roles/nomad_client/templates/nomad.hcl.j2 b/ansible/roles/nomad_client/templates/nomad.hcl.j2
index c7b8dc5..ea13fd8 100644
--- a/ansible/roles/nomad_client/templates/nomad.hcl.j2
+++ b/ansible/roles/nomad_client/templates/nomad.hcl.j2
@@ -3,6 +3,11 @@ data_dir = "/opt/nomad"
 
 client {
   enabled   = true
+  meta {
+{% for nomad_meta in nomad_meta_values %}
+    "{{ nomad_meta.name }}"     = "{{ nomad_meta.value }}"
+{% endfor %}
+  }
 }
 
 consul {