1 feat: 重构基础设施架构并完善Consul集群配置

2 3 主要变更: 4 - 重构Terraform/OpenTofu目录结构，统一迁移至infrastructure/opentofu 5 - 添加"7天创造世界"文档，记录基础设施建设演进逻辑 6 - 更新Consul集群配置管理经验，添加实际案例和解决方案 7 - 修正README中的Sticky Note，反映Consul集群健康状态 8 - 添加Ansible部署配置和inventory文件 9 - 完善项目文档结构，添加各组件配置指南 10 11 技术架构演进: 12 - 第1天: Tailscale网络连接基础 ✅ 13 - 第2天: Ansible分布式控制 ✅ 14 - 第3天: Nomad服务感知与任务调度 ✅ 15 - 第4天: Consul配置集中管理 ✅ 16 - 第5天: OpenTofu状态一致性 ✅ 17 - 第6天: Vault密钥管理 ⏳ 18 - 第7天: Waypoint应用部署 ⏳
2025-09-30 03:46:33 +00:00
parent c0064b2cad
commit e8bfc76038
119 changed files with 1772 additions and 631 deletions
--- a/deployment/ansible/playbooks/install/install-configure-nomad-podman-driver.yml
+++ b/deployment/ansible/playbooks/install/install-configure-nomad-podman-driver.yml
@@ -0,0 +1,161 @@
+---
+- name: Install and Configure Nomad Podman Driver on Client Nodes
+  hosts: nomad_clients
+  become: yes
+  vars:
+    nomad_plugin_dir: "/opt/nomad/plugins"
+    
+  tasks:
+    - name: Create backup directory with timestamp
+      set_fact:
+        backup_dir: "/root/backup/{{ ansible_date_time.date }}_{{ ansible_date_time.hour }}{{ ansible_date_time.minute }}{{ ansible_date_time.second }}"
+    
+    - name: Create backup directory
+      file:
+        path: "{{ backup_dir }}"
+        state: directory
+        mode: '0755'
+    
+    - name: Backup current Nomad configuration
+      copy:
+        src: /etc/nomad.d/nomad.hcl
+        dest: "{{ backup_dir }}/nomad.hcl.backup"
+        remote_src: yes
+      ignore_errors: yes
+    
+    - name: Backup current apt sources
+      shell: |
+        cp -r /etc/apt/sources.list* {{ backup_dir }}/
+        dpkg --get-selections > {{ backup_dir }}/installed_packages.txt
+      ignore_errors: yes
+    
+    - name: Create temporary directory for apt
+      file:
+        path: /tmp/apt-temp
+        state: directory
+        mode: '1777'
+    
+    - name: Download HashiCorp GPG key
+      get_url:
+        url: https://apt.releases.hashicorp.com/gpg
+        dest: /tmp/hashicorp.gpg
+        mode: '0644'
+      environment:
+        TMPDIR: /tmp/apt-temp
+    
+    - name: Install HashiCorp GPG key
+      shell: |
+        gpg --dearmor < /tmp/hashicorp.gpg > /usr/share/keyrings/hashicorp-archive-keyring.gpg
+      environment:
+        TMPDIR: /tmp/apt-temp
+    
+    - name: Add HashiCorp repository
+      lineinfile:
+        path: /etc/apt/sources.list.d/hashicorp.list
+        line: "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main"
+        create: yes
+        mode: '0644'
+    
+    - name: Update apt cache
+      apt:
+        update_cache: yes
+      environment:
+        TMPDIR: /tmp/apt-temp
+      ignore_errors: yes
+    
+    - name: Install nomad-driver-podman
+      apt:
+        name: nomad-driver-podman
+        state: present
+      environment:
+        TMPDIR: /tmp/apt-temp
+    
+    - name: Create Nomad plugin directory
+      file:
+        path: "{{ nomad_plugin_dir }}"
+        state: directory
+        owner: nomad
+        group: nomad
+        mode: '0755'
+    
+    - name: Create symlink for nomad-driver-podman in plugin directory
+      file:
+        src: /usr/bin/nomad-driver-podman
+        dest: "{{ nomad_plugin_dir }}/nomad-driver-podman"
+        state: link
+        owner: nomad
+        group: nomad
+    
+    - name: Get server IP address
+      shell: |
+        ip route get 1.1.1.1 | grep -oP 'src \K\S+'
+      register: server_ip_result
+      changed_when: false
+    
+    - name: Set server IP fact
+      set_fact:
+        server_ip: "{{ server_ip_result.stdout }}"
+    
+    - name: Stop Nomad service
+      systemd:
+        name: nomad
+        state: stopped
+    
+    - name: Create updated Nomad client configuration
+      copy:
+        content: |
+          datacenter = "{{ nomad_datacenter }}"
+          data_dir = "/opt/nomad/data"
+          log_level = "INFO"
+          bind_addr = "{{ server_ip }}"
+          
+          server {
+            enabled = false
+          }
+          
+          client {
+            enabled = true
+            servers = ["100.117.106.136:4647", "100.116.80.94:4647", "100.97.62.111:4647", "100.116.112.45:4647", "100.84.197.26:4647"]
+          }
+          
+          plugin_dir = "{{ nomad_plugin_dir }}"
+          
+          plugin "nomad-driver-podman" {
+            config {
+              volumes {
+                enabled = true
+              }
+              recover_stopped = true
+            }
+          }
+          
+          consul {
+            address = "127.0.0.1:8500"
+          }
+        dest: /etc/nomad.d/nomad.hcl
+        owner: nomad
+        group: nomad
+        mode: '0640'
+        backup: yes
+    
+    - name: Validate Nomad configuration
+      shell: nomad config validate /etc/nomad.d/nomad.hcl
+      register: nomad_validate
+      failed_when: nomad_validate.rc != 0
+    
+    - name: Start Nomad service
+      systemd:
+        name: nomad
+        state: started
+        enabled: yes
+    
+    - name: Wait for Nomad to be ready
+      wait_for:
+        port: 4646
+        host: "{{ server_ip }}"
+        delay: 5
+        timeout: 60
+    
+    - name: Display backup location
+      debug:
+        msg: "Backup created at: {{ backup_dir }}"