Basic setup for nomad container users/groups

2020-10-03 17:22:04 -04:00 · 2020-10-03 17:22:04 -04:00 · e10b2a5172
commit e10b2a5172
parent dce8d35fe4
4 changed files with 40 additions and 0 deletions
--- a/ansible/host_vars/sedan.minhas.io/nomad.yml
+++ b/ansible/host_vars/sedan.minhas.io/nomad.yml
@ -0,0 +1,10 @@
 ---
 nomad_meta_values:
  - { name: "long_lived", value: "true" }
 nomad_ug_map:
  - { name: "jenkins", id: "15000" }
 nomad_bind_mounts:
  - { path: /opt/jenkins_home, owner: jenkins }
 ...
--- a/ansible/roles/nomad_client/tasks/client_setup.yml
+++ b/ansible/roles/nomad_client/tasks/client_setup.yml
@ -0,0 +1,24 @@
 ---
 - name: setup group mappings
  group:
    name: "{{ item.name }}"
    gid: "{{ item.id }}"
    system: True
  loop: "{{ nomad_ug_map }}"
 - name: setup user mappings
  user:
    name: "{{ item.name }}"
    uid: "{{ item.id }}"
    system: True
  loop: "{{ nomad_ug_map }}"
 - name: ensure mounts
  file:
    state: directory
    path: "{{ item.path }}"
    owner: "{{ item.owner }}"
    group: "{{ item.owner }}"
    mode: 0755
  loop: "{{ nomad_bind_mounts }}"
 ...
--- a/ansible/roles/nomad_client/tasks/main.yml
+++ b/ansible/roles/nomad_client/tasks/main.yml
@ -1,4 +1,5 @@
 ---
 - import_tasks: podman_prep.yml
 - import_tasks: nomad.yml
 - import_tasks: client_setup.yml
 ...
--- a/ansible/roles/nomad_client/templates/nomad.hcl.j2
+++ b/ansible/roles/nomad_client/templates/nomad.hcl.j2
@ -3,6 +3,11 @@ data_dir = "/opt/nomad"
 client {
  enabled   = true
  meta {
 {% for nomad_meta in nomad_meta_values %}
    "{{ nomad_meta.name }}"     = "{{ nomad_meta.value }}"
 {% endfor %}
  }
 }
 consul {