Puppet Class: nomad

Defined in:
manifests/init.pp

Overview

Installs, configures, and manages nomad

Examples:

To set up a single nomad server, with several agents attached, on the server.

class { 'nomad':
  config_hash => {
    'region'     => 'us-west',
    'datacenter' => 'ptk',
    'log_level'  => 'INFO',
    'bind_addr'  => '0.0.0.0',
    'data_dir'   => '/opt/nomad',
    'server'     => {
      'enabled'          => true,
      'bootstrap_expect' => 3,
    }
  }
}

On the agent(s)

class { 'nomad':
  config_hash => {
    'region'     => 'us-west',
    'datacenter' => 'ptk',
    'log_level'  => 'INFO',
    'bind_addr'  => '0.0.0.0',
    'data_dir'   => '/opt/nomad',
    'client'     => {
      'enabled' => true,
      'servers' => [
        "nomad01.your-org.pvt:4647",
        "nomad02.your-org.pvt:4647",
        "nomad03.your-org.pvt:4647"
      ]
    }
  },
}

Install from zip file for a CPU architecture HashiCorp does not provide native packages for.

class { 'nomad':
  arch                => 'armv7l',
  install_method      => 'url',
  manage_service_file => true,
  version             => '1.0.3', # check latest version at https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md
  config_hash         => {
    'region'     => 'us-west',
    'datacenter' => 'ptk',
    'log_level'  => 'INFO',
    'bind_addr'  => '0.0.0.0',
    'data_dir'   => '/opt/nomad',
    'client'     => {
      'enabled' => true,
      'servers' => [
        "nomad01.your-org.pvt:4647",
        "nomad02.your-org.pvt:4647",
        "nomad03.your-org.pvt:4647"
      ]
    }
  },
}

Disable install and service components

class { 'nomad':
  install_method => 'none',
  manage_service => false,
  config_hash    => {
    region     => 'us-west',
    datacenter => 'ptk',
    log_level  => 'INFO',
    bind_addr  => '0.0.0.0',
    data_dir   => '/opt/nomad',
    'client'     => {
      'enabled' => true,
      'servers' => [
        "nomad01.your-org.pvt:4647",
        "nomad02.your-org.pvt:4647",
        "nomad03.your-org.pvt:4647"
      ]
    }
  },
}

Parameters:

  • arch (String[1])

    cpu architecture

  • purge_config_dir (Boolean) (defaults to: true)

    Purge config files no longer generated by Puppet

  • data_dir_mode (Stdlib::Filemode) (defaults to: '0755')

    Specify unix permissions for data dir directory managed by this module

  • plugin_dir_mode (Stdlib::Filemode) (defaults to: '0755')

    Specify unix permissions for plugin dir directory managed by this module

  • join_wan (Optional[String[1]]) (defaults to: undef)

    join nomad cluster over the WAN

  • bin_dir (Stdlib::Absolutepath) (defaults to: '/usr/bin')

    location of the nomad binary

  • version (String[1]) (defaults to: 'installed')

    Specify version of nomad binary to download.

  • install_method (Enum['none', 'package', 'url']) (defaults to: 'package')

    install via system package, download and extract from a url.

  • os (String[1]) (defaults to: downcase($facts['kernel']))

    operation system to install for

  • download_url (Optional[String[1]]) (defaults to: undef)

    download url to download from

  • download_url_base (String[1]) (defaults to: 'https://releases.hashicorp.com/nomad/')

    download hostname to down from

  • download_extension (String[1]) (defaults to: 'zip')

    archive type to download

  • package_name (String[1]) (defaults to: 'nomad')

    Only valid when the install_method == package.

  • config_dir (Stdlib::Absolutepath) (defaults to: '/etc/nomad.d')

    location of the nomad configuration

  • extra_options (Optional[String[1]]) (defaults to: undef)

    Extra arguments to be passed to the nomad agent

  • config_hash (Hash) (defaults to: {})

    Use this to populate the JSON config file for nomad.

  • config_defaults (Hash) (defaults to: {})

    default set of config settings

  • config_validator (Variant[ Enum['nomad_validator', 'ruby_validator'], Pattern[/\A.*\ %\z/] ]) (defaults to: 'nomad_validator')

    Use this to set the JSON config file validation command. It defaults to nomad validator which is currenly missing some validation checks. If ruby is available on the system you could use ‘ruby_validator’, or create your own script (ending with space and % symbol).

  • config_mode (Stdlib::Filemode) (defaults to: '0660')

    Use this to set the JSON config file mode for nomad.

  • manage_repo (Boolean) (defaults to: true)

    Configure the upstream HashiCorp repository. Only relevant when $nomad::install_method = ‘package’.

  • manage_service (Boolean) (defaults to: true)

    manage the nomad service

  • manage_service_file (Boolean) (defaults to: false)

    create and manage the systemd service file

  • pretty_config (Boolean) (defaults to: false)

    Generates a human readable JSON config file.

  • service_enable (Boolean) (defaults to: true)

    enable the nomad service

  • service_ensure (Stdlib::Ensure::Service) (defaults to: 'running')

    ensure the state of the nomad service

  • restart_on_change (Boolean) (defaults to: true)

    Determines whether to restart nomad agent on $config_hash changes. This will not affect reloads when service, check or watch configs change.

  • env_vars (Hash[String[1], String]) (defaults to: {})

    Hash of optional environment variables that should be passed to nomad

  • user (String[1]) (defaults to: 'root')

    User to run the Nomad binary as. Also used as owner of directories and config files managed by this module.

  • group (String[1]) (defaults to: 'root')

    Group to run the Nomad binary as. Also used as group of directories and config files managed by this module.

  • server_recovery (Boolean) (defaults to: false)

    Nomad server outage recovery configuration

  • recovery_nomad_server_regex (Optional[String]) (defaults to: undef)

    Regex to match Nomad server hostnames within the same puppet environment. It requires PuppetDB and it’s mutually exclusive with nomad_server_hash.

  • recovery_nomad_server_hash (Optional[Hash]) (defaults to: undef)

    If you don’t have the PuppetDB you can supply a Hash with server IPs and corresponding node-ids. It works without PuppetDB and it’s mutually exclusive with nomad_server_regex.

  • recovery_network_interface (Optional[String]) (defaults to: undef)

    NIC where Nomad server IP is configured

  • recovery_rpc_port (Stdlib::Port) (defaults to: 4647)

    Nomad server RPC port



150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
 
# File 'manifests/init.pp', line 150

class nomad (
  String[1] $arch,
  Boolean $purge_config_dir                      = true,
  Stdlib::Filemode $data_dir_mode                = '0755',
  Stdlib::Filemode $plugin_dir_mode              = '0755',
  Optional[String[1]] $join_wan                  = undef,
  Stdlib::Absolutepath $bin_dir                  = '/usr/bin',
  String[1] $version                             = 'installed',
  Enum['none', 'package', 'url'] $install_method = 'package',
  String[1] $os                                  = downcase($facts['kernel']),
  Optional[String[1]] $download_url              = undef,
  String[1] $download_url_base                   = 'https://releases.hashicorp.com/nomad/',
  String[1] $download_extension                  = 'zip',
  String[1] $package_name                        = 'nomad',
  Stdlib::Absolutepath $config_dir               = '/etc/nomad.d',
  Optional[String[1]] $extra_options             = undef,
  Hash $config_hash                              = {},
  Hash $config_defaults                          = {},
  Stdlib::Filemode $config_mode                  = '0660',
  Boolean $pretty_config                         = false,
  Boolean $service_enable                        = true,
  Stdlib::Ensure::Service $service_ensure        = 'running',
  Boolean $manage_repo                           = true,
  Boolean $manage_service                        = true,
  Boolean $manage_service_file                   = false,
  Boolean $restart_on_change                     = true,
  Hash[String[1], String] $env_vars              = {},
  String[1] $user                                = 'root',
  String[1] $group                               = 'root',
  Boolean $server_recovery                       = false,
  Optional[String] $recovery_nomad_server_regex  = undef,
  Optional[Hash] $recovery_nomad_server_hash     = undef,
  Optional[String] $recovery_network_interface   = undef,
  Stdlib::Port $recovery_rpc_port                = 4647,
  Variant[
    Enum['nomad_validator', 'ruby_validator'], Pattern[/\A.*\ %\z/]
  ] $config_validator                            = 'nomad_validator',
) {
  $real_download_url = pick($download_url, "${download_url_base}${version}/${package_name}_${version}_${os}_${arch}.${download_extension}")
  $config_hash_real = deep_merge($config_defaults, $config_hash)

  if $config_hash_real['data_dir'] {
    $data_dir = $config_hash_real['data_dir']
  } else {
    $data_dir = undef
  }

  if $config_hash_real['plugin_dir'] {
    $plugin_dir = $config_hash_real['plugin_dir']
  } else {
    $plugin_dir = undef
  }

  if ($config_hash_real['ports'] and $config_hash_real['ports']['rpc']) {
    $rpc_port = $config_hash_real['ports']['rpc']
  } else {
    $rpc_port = 8400
  }

  if ($config_hash_real['addresses'] and $config_hash_real['addresses']['rpc']) {
    $rpc_addr = $config_hash_real['addresses']['rpc']
  } elsif ($config_hash_real['client_addr']) {
    $rpc_addr = $config_hash_real['client_addr']
  } else {
    $rpc_addr = $facts['networking']['interfaces']['lo']['ip']
  }

  $notify_service = $restart_on_change ? {
    true    => Class['nomad::run_service'],
    default => undef,
  }

  class { 'nomad::install': }
  -> class { 'nomad::config':
    notify => $notify_service,
  }
  -> class { 'nomad::run_service': }
  -> class { 'nomad::reload_service': }

  contain nomad::install
  contain nomad::config
  contain nomad::run_service
  contain nomad::reload_service

  if ($server_recovery) {
    if ($recovery_nomad_server_regex) and ($recovery_nomad_server_hash) {
      fail('You can only use one of the parameters: recovery_nomad_server_regex or recovery_nomad_server_hash')
    }
    elsif !($recovery_nomad_server_regex) and !($recovery_nomad_server_hash) {
      fail('You must use one of the parameters: recovery_nomad_server_regex or recovery_nomad_server_hash')
    }
    if !($recovery_network_interface) and ($recovery_nomad_server_regex) {
      fail('You must specify the network_interface parameter when using recovery_nomad_server_regex')
    }
    class { 'nomad::server_recovery':
      nomad_server_regex => $recovery_nomad_server_regex,
      nomad_server_hash  => $recovery_nomad_server_hash,
      rpc_port           => $recovery_rpc_port,
      network_interface  => $recovery_network_interface,
    }
  } else {
    file { '/usr/local/bin/nomad-server-outage-recovery.sh':
      ensure => 'absent',
    }
  }
}