Fix hcp1 config with proper traefik-certs host volume

2025-10-09 03:40:32 +00:00 · 2025-10-09 03:40:32 +00:00 · 56fda79bd6
parent 541b110beb
commit 56fda79bd6
1 changed files with 51 additions and 94 deletions
--- a/nomad-configs/nodes/hcp1.hcl
+++ b/nomad-configs/nodes/hcp1.hcl
@ -18,11 +18,27 @@ advertise {
  serf = "hcp1.tailnet-68f9.ts.net:4648"
 }

+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
 client {
  enabled = true
+  network_interface = "tailscale0"
+  
+  # 配置七仙女服务器地址，使用完整FQDN
  servers = [
+    "semaphore.tailnet-68f9.ts.net:4647",
+    "ash1d.tailnet-68f9.ts.net:4647",
+    "ash2e.tailnet-68f9.ts.net:4647",
    "ch2.tailnet-68f9.ts.net:4647",
-    "ash3c.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
    "onecloud1.tailnet-68f9.ts.net:4647",
    "de.tailnet-68f9.ts.net:4647"
  ]
@ -37,7 +53,7 @@ client {
    path = "/opt/nomad/data/vault-storage"
    read_only = false
  }
-  
+
  host_volume "traefik-certs" {
    path = "/opt/traefik/certs"
    read_only = false
@ -60,97 +76,38 @@ client {
  gc_interval = "5m"
  gc_disk_usage_threshold = 80
  gc_inode_usage_threshold = 70
-  gc_max_allocs = 50
-  
-  # 网络配置
-  network_interface = "tailscale0"
-  
-  # 资源限制
-  cpu_total_compute = 4000
-  memory_total_mb = 8192
-  
-  # 任务限制
-  max_kill_timeout = "30s"
-  
-  # 日志配置
-  logging {
-    level = "INFO"
-    format = "json"
-    enable_syslog = true
-    syslog_facility = "LOCAL0"
-  }
-  
-  # 插件配置
-  plugin_dir = "/opt/nomad/plugins"
-  
-  # 状态同步
-  state_dir = "/opt/nomad/data/client"
-  alloc_dir = "/opt/nomad/data/alloc"
-  
-  # 任务驱动配置
-  task_drivers = ["exec", "raw_exec"]
-  
-  # 网络指纹
-  network_interface = "tailscale0"
-  
-  # 存储配置
-  disk_free_threshold = "10%"
-  disk_usage_threshold = "90%"
-  
-  # 任务限制
-  max_kill_timeout = "30s"
-  
-  # 健康检查
-  health_check_grace_period = "30s"
-  
-  # 任务重启策略
-  restart_policy {
-    interval = "5m"
-    attempts = 3
-    delay = "15s"
-    mode = "fail"
-  }
-  
-  # 任务清理
-  cleanup_interval = "5m"
-  
-  # 任务监控
-  enable_monitoring = true
-  
-  # 任务日志
-  log_config {
-    enabled = true
-    max_file_size = "10MB"
-    max_files = 10
-  }
-  
-  # 任务资源
-  resource_limits {
-    cpu_total_compute = 4000
-    memory_total_mb = 8192
-  }
-  
-  # 任务网络
-  network_config {
-    interface = "tailscale0"
-    port_range = "20000-30000"
-  }
-  
-  # 任务存储
-  storage_config {
-    disk_free_threshold = "10%"
-    disk_usage_threshold = "90%"
-  }
-  
-  # 任务安全
-  security_config {
-    enable_tls = false
-    verify_server_hostname = false
-  }
-  
-  # 任务调试
-  debug_config {
-    enabled = false
-    log_level = "INFO"
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
  }
 }
+
+consul {
+  enabled = false
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://master.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://hcp1.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}
+
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}