user/group mapping for nomad

ansible/group_vars/all/main.yml

@@ -7,7 +7,7 @@ admin_email_address: amarpreet@minhas.io
 hashi_arch: amd64
 
 # consul
-consul_version: 1.9.4
+consul_version: 1.9.7
 consul_domain: masked.name
 
 # vault
@@ -60,14 +60,14 @@ vault_ca_cert_payload: |
   -----END CERTIFICATE-----
 
 # nomad
-nomad_version: 1.0.1
+nomad_version: 1.1.1
 nomad_podman_driver_version: 0.1.0
 
 # podman
-podman_version: 3.0.1+dfsg1-2+b1
+podman_version: 3.0.1+dfsg1-3+b1
 
 # lnd
-lnd_version: 0.12.1-beta
+lnd_version: 0.13.1-beta
 
 # lego
 lego_version: 4.1.3

ansible/host_vars/ivyking.minhas.io/nomad.yml

@@ -0,0 +1,11 @@
+---
+nomad_meta_values:
+  - { name: "storage_optimized", value: "false" }
+  - { name: "ram_optimized", value: "true" }
+
+nomad_ug_map:
+  - { name: "jenkins", id: "15000" }
+
+nomad_bind_mounts:
+  - { path: /opt/jenkins_home, owner: jenkins }
+...

ansible/host_vars/sedan.minhas.io/nomad.yml

@@ -1,6 +1,7 @@
 ---
 nomad_meta_values:
-  - { name: "long_lived", value: "true" }
+  - { name: "storage_optimized", value: "true" }
+  - { name: "ram_optimized", value: "false" }
 
 nomad_ug_map:
   - { name: "jenkins", id: "15000" }

ansible/inventory.txt

@@ -18,9 +18,10 @@ ivyking.minhas.io
 
 [nomad_client]
 sedan.minhas.io
+ivyking.minhas.io
 
 [nomad_server]
-ivyking.minhas.io
+ranger.minhas.io
 
 [vault_server]
 ivyking.minhas.io

ansible/roles/consul_server/tasks/FreeBSD.yml

@@ -87,9 +87,14 @@
   check_mode: False
 
 - name: get consul
-  pkgng:
+  unarchive:
-    name: consul-{{ consul_version }}
+    src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_freebsd_amd64.zip"
-    state: present
+    dest: /usr/local/bin/
+    mode: 0755
+    owner: root
+    group: consul
+    remote_src: True
+  when: installed_consul_version.stdout != consul_version
 
 - name: template consul config
   template:

ansible/roles/lego/tasks/main.yml

@@ -105,7 +105,7 @@
     name: "{{ item.name }} renewal"
     hour: "4"
     user: lego
-    job: 'source /etc/default/lego && /usr/local/bin/lego --pem --path {{ lego_path }} --email {{ lego_email_address }} --dns {{ item.dns }} --domains "{{ item.domain }}" renew --days 30'
+    job: 'source /etc/default/lego && /usr/local/bin/lego --pem --path {{ lego_path }} --email {{ lego_email_address }} --dns {{ item.dns }} --domains "{{ item.domain }}" renew --days 45'
   loop: "{{ lego_certs }}"
 
 - name: create haproxy reload crontab

ansible/roles/lnd/tasks/main.yml

@@ -24,9 +24,17 @@
     state: stopped
   when: (lnd_binary.stat.exists == False) or (lnd_version != lnd_installed_version.stdout)
 
+- name: remove old lnd files
+  file:
+    name: "/home/bitcoind/go/bin/{{ item }}"
+    state: absent
+  with_items:
+    - lncli
+    - lnd
+
 - name: update lnd
   unarchive:
-    src: 'https://github.com/lightningnetwork/lnd/releases/download/v{{ lnd_version }}/lnd-linux-{{ lnd_arch }}-v{{ lnd_version }}.tar.gz'
+    src: "https://github.com/lightningnetwork/lnd/releases/download/v{{ lnd_version }}/lnd-linux-{{ lnd_arch }}-v{{ lnd_version }}.tar.gz"
     dest: /home/bitcoind/go/bin
     owner: bitcoind
     group: bitcoind

ansible/roles/nomad_client/tasks/client_setup.yml

@@ -5,6 +5,7 @@
     gid: "{{ item.id }}"
     system: True
   loop: "{{ nomad_ug_map }}"
+  when: nomad_ug_map is defined
 
 - name: setup user mappings
   user:
@@ -12,6 +13,7 @@
     uid: "{{ item.id }}"
     system: True
   loop: "{{ nomad_ug_map }}"
+  when: nomad_ug_map is defined
 
 - name: ensure mounts
   file:
@@ -21,4 +23,5 @@
     group: "{{ item.owner }}"
     mode: 0755
   loop: "{{ nomad_bind_mounts }}"
+  when: nomad_bind_mounts is defined
 ...