Clean repository: organized structure and GitOps setup
- Organized root directory structure - Moved orphan files to proper locations - Updated .gitignore to ignore temporary files - Set up Gitea Runner for GitOps automation - Fixed Tailscale access issues - Added workflow for automated Nomad deployment
This commit is contained in:
@@ -0,0 +1,8 @@
|
||||
# Nomad 配置
|
||||
|
||||
## Jobs
|
||||
|
||||
- `install-podman-driver.nomad` - 安装 Podman 驱动
|
||||
- `nomad-consul-config.nomad` - Nomad-Consul 配置
|
||||
- `nomad-consul-setup.nomad` - Nomad-Consul 设置
|
||||
- `nomad-nfs-volume.nomad` - NFS 卷配置
|
||||
@@ -0,0 +1,110 @@
|
||||
job "install-podman-driver" {
|
||||
datacenters = ["dc1"]
|
||||
type = "system" # 在所有节点上运行
|
||||
|
||||
group "install" {
|
||||
task "install-podman" {
|
||||
driver = "exec"
|
||||
|
||||
config {
|
||||
command = "bash"
|
||||
args = [
|
||||
"-c",
|
||||
<<-EOF
|
||||
set -euo pipefail
|
||||
export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"
|
||||
|
||||
# 依赖工具
|
||||
if ! command -v jq >/dev/null 2>&1 || ! command -v unzip >/dev/null 2>&1 || ! command -v wget >/dev/null 2>&1; then
|
||||
echo "Installing dependencies (jq unzip wget)..."
|
||||
sudo -n apt update -y || true
|
||||
sudo -n apt install -y jq unzip wget || true
|
||||
fi
|
||||
|
||||
# 安装 Podman(若未安装)
|
||||
if ! command -v podman >/dev/null 2>&1; then
|
||||
echo "Installing Podman..."
|
||||
sudo -n apt update -y || true
|
||||
sudo -n apt install -y podman || true
|
||||
sudo -n systemctl enable podman || true
|
||||
else
|
||||
echo "Podman already installed"
|
||||
fi
|
||||
|
||||
# 启用并启动 podman.socket,确保 Nomad 可访问
|
||||
sudo -n systemctl enable --now podman.socket || true
|
||||
if getent group podman >/dev/null 2>&1; then
|
||||
sudo -n usermod -aG podman nomad || true
|
||||
fi
|
||||
|
||||
# 安装 Nomad Podman 驱动插件(始终确保存在)
|
||||
PODMAN_DRIVER_VERSION="0.6.1"
|
||||
PLUGIN_DIR="/opt/nomad/data/plugins"
|
||||
sudo -n mkdir -p "${PLUGIN_DIR}" || true
|
||||
cd /tmp
|
||||
if [ ! -x "${PLUGIN_DIR}/nomad-driver-podman" ]; then
|
||||
echo "Installing nomad-driver-podman ${PODMAN_DRIVER_VERSION}..."
|
||||
wget -q "https://releases.hashicorp.com/nomad-driver-podman/${PODMAN_DRIVER_VERSION}/nomad-driver-podman_${PODMAN_DRIVER_VERSION}_linux_amd64.zip"
|
||||
unzip -o "nomad-driver-podman_${PODMAN_DRIVER_VERSION}_linux_amd64.zip"
|
||||
sudo -n mv -f nomad-driver-podman "${PLUGIN_DIR}/"
|
||||
sudo -n chmod +x "${PLUGIN_DIR}/nomad-driver-podman"
|
||||
sudo -n chown -R nomad:nomad "${PLUGIN_DIR}"
|
||||
rm -f "nomad-driver-podman_${PODMAN_DRIVER_VERSION}_linux_amd64.zip"
|
||||
else
|
||||
echo "nomad-driver-podman already present in ${PLUGIN_DIR}"
|
||||
fi
|
||||
|
||||
# 更新 /etc/nomad.d/nomad.hcl 的 plugin_dir 设置
|
||||
if [ -f /etc/nomad.d/nomad.hcl ]; then
|
||||
if grep -q "^plugin_dir\s*=\s*\"" /etc/nomad.d/nomad.hcl; then
|
||||
sudo -n sed -i 's#^plugin_dir\s*=\s*\".*\"#plugin_dir = "/opt/nomad/data/plugins"#' /etc/nomad.d/nomad.hcl || true
|
||||
else
|
||||
echo 'plugin_dir = "/opt/nomad/data/plugins"' | sudo -n tee -a /etc/nomad.d/nomad.hcl >/dev/null || true
|
||||
fi
|
||||
fi
|
||||
|
||||
# 重启 Nomad 服务以加载插件
|
||||
sudo -n systemctl restart nomad || true
|
||||
echo "Waiting for Nomad to restart..."
|
||||
sleep 15
|
||||
|
||||
# 检查 Podman 驱动是否被 Nomad 检测到
|
||||
if /usr/local/bin/nomad node status -self -json 2>/dev/null | jq -r '.Drivers.podman.Detected' | grep -q "true"; then
|
||||
echo "Podman driver successfully loaded"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Podman driver not detected yet, retrying once after socket restart..."
|
||||
sudo -n systemctl restart podman.socket || true
|
||||
sleep 5
|
||||
if /usr/local/bin/nomad node status -self -json 2>/dev/null | jq -r '.Drivers.podman.Detected' | grep -q "true"; then
|
||||
echo "Podman driver successfully loaded after socket restart"
|
||||
exit 0
|
||||
else
|
||||
echo "Podman driver still not detected; manual investigation may be required"
|
||||
exit 1
|
||||
fi
|
||||
EOF
|
||||
]
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 200
|
||||
memory = 256
|
||||
}
|
||||
|
||||
// 以root权限运行
|
||||
// user = "root"
|
||||
# 使用 nomad 用户运行任务,避免客户端策略禁止 root
|
||||
user = "nomad"
|
||||
|
||||
# 确保任务成功完成
|
||||
restart {
|
||||
attempts = 1
|
||||
interval = "24h"
|
||||
delay = "60s"
|
||||
mode = "fail"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,55 @@
|
||||
job "nomad-consul-config" {
|
||||
datacenters = ["dc1"]
|
||||
type = "system"
|
||||
|
||||
group "nomad-server-config" {
|
||||
constraint {
|
||||
attribute = "${node.unique.name}"
|
||||
operator = "regexp"
|
||||
value = "semaphore|ash1d|ash2e|ch2|ch3|onecloud1|de"
|
||||
}
|
||||
|
||||
task "update-nomad-config" {
|
||||
driver = "exec"
|
||||
|
||||
config {
|
||||
command = "sh"
|
||||
args = [
|
||||
"-c",
|
||||
"sed -i '/^consul {/,/^}/c\\consul {\\n address = \"ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500\"\\n server_service_name = \"nomad\"\\n client_service_name = \"nomad-client\"\\n auto_advertise = true\\n server_auto_join = true\\n client_auto_join = false\\n}' /etc/nomad.d/nomad.hcl && systemctl restart nomad"
|
||||
]
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 100
|
||||
memory = 128
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
group "nomad-client-config" {
|
||||
constraint {
|
||||
attribute = "${node.unique.name}"
|
||||
operator = "regexp"
|
||||
value = "ch4|ash3c|browser|influxdb1|hcp1|warden"
|
||||
}
|
||||
|
||||
task "update-nomad-config" {
|
||||
driver = "exec"
|
||||
|
||||
config {
|
||||
command = "sh"
|
||||
args = [
|
||||
"-c",
|
||||
"sed -i '/^consul {/,/^}/c\\consul {\\n address = \"ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500\"\\n server_service_name = \"nomad\"\\n client_service_name = \"nomad-client\"\\n auto_advertise = true\\n server_auto_join = false\\n client_auto_join = true\\n}' /etc/nomad.d/nomad.hcl && systemctl restart nomad"
|
||||
]
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 100
|
||||
memory = 128
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -0,0 +1,23 @@
|
||||
job "nomad-consul-setup" {
|
||||
datacenters = ["dc1"]
|
||||
type = "system"
|
||||
|
||||
group "nomad-config" {
|
||||
task "setup-consul" {
|
||||
driver = "exec"
|
||||
|
||||
config {
|
||||
command = "sh"
|
||||
args = [
|
||||
"-c",
|
||||
"if grep -q 'server.*enabled.*true' /etc/nomad.d/nomad.hcl; then sed -i '/^consul {/,/^}/c\\consul {\\n address = \"ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500\"\\n server_service_name = \"nomad\"\\n client_service_name = \"nomad-client\"\\n auto_advertise = true\\n server_auto_join = true\\n client_auto_join = false\\n}' /etc/nomad.d/nomad.hcl; else sed -i '/^consul {/,/^}/c\\consul {\\n address = \"ch4.tailnet-68f9.ts.net:8500,ash3c.tailnet-68f9.ts.net:8500,warden.tailnet-68f9.ts.net:8500\"\\n server_service_name = \"nomad\"\\n client_service_name = \"nomad-client\"\\n auto_advertise = true\\n server_auto_join = false\\n client_auto_join = true\\n}' /etc/nomad.d/nomad.hcl; fi && systemctl restart nomad"
|
||||
]
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 100
|
||||
memory = 128
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,34 @@
|
||||
job "nfs-volume-example" {
|
||||
datacenters = ["dc1"]
|
||||
type = "service"
|
||||
|
||||
group "nfs-app" {
|
||||
count = 1
|
||||
|
||||
volume "nfs-shared" {
|
||||
type = "host"
|
||||
source = "nfs-shared"
|
||||
read_only = false
|
||||
}
|
||||
|
||||
task "app" {
|
||||
driver = "podman"
|
||||
|
||||
config {
|
||||
image = "alpine:latest"
|
||||
args = ["tail", "-f", "/dev/null"]
|
||||
}
|
||||
|
||||
volume_mount {
|
||||
volume = "nfs-shared"
|
||||
destination = "/shared"
|
||||
read_only = false
|
||||
}
|
||||
|
||||
resources {
|
||||
cpu = 100
|
||||
memory = 64
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user