REMOVE: 删除不再使用的 Terraform 配置文件

- 移除 nomad-terraform.tf 和 test_opentofu_consul.tf 文件 - 更新 Ansible inventory，注释掉不存在的节点 hcp2 - 修改 inventory.ini，确保节点配置的准确性 - 在 nomad-config 模块中添加 null_provider 以支持新配置 - 更新 influxdb1.hcl，添加 Grafana 和 Prometheus 数据卷配置
2025-10-10 13:53:41 +00:00
parent 45f93cc68c
commit eff8d3ec6d
50 changed files with 3683 additions and 239 deletions
--- a/ansible/templates/client-secure-template.hcl.j2
+++ b/ansible/templates/client-secure-template.hcl.j2
@@ -0,0 +1,106 @@
+# Nomad 客户端安全配置模板
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "{{ inventory_hostname }}"
+
+# 安全绑定 - 只绑定到 Tailscale 接口
+{% if inventory_hostname == 'influxdb' %}
+bind_addr = "influxdb1.tailnet-68f9.ts.net"
+
+addresses {
+  http = "influxdb1.tailnet-68f9.ts.net"
+  rpc  = "influxdb1.tailnet-68f9.ts.net"
+  serf = "influxdb1.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "influxdb1.tailnet-68f9.ts.net:4646"
+  rpc  = "influxdb1.tailnet-68f9.ts.net:4647"
+  serf = "influxdb1.tailnet-68f9.ts.net:4648"
+}
+{% else %}
+bind_addr = "{{ inventory_hostname }}.tailnet-68f9.ts.net"
+
+addresses {
+  http = "{{ inventory_hostname }}.tailnet-68f9.ts.net"
+  rpc  = "{{ inventory_hostname }}.tailnet-68f9.ts.net"
+  serf = "{{ inventory_hostname }}.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "{{ inventory_hostname }}.tailnet-68f9.ts.net:4646"
+  rpc  = "{{ inventory_hostname }}.tailnet-68f9.ts.net:4647"
+  serf = "{{ inventory_hostname }}.tailnet-68f9.ts.net:4648"
+}
+{% endif %}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+# 纯客户端模式
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  network_interface = "tailscale0"
+  
+  # 连接到当前活跃的服务器节点
+  servers = [
+    "ch2.tailnet-68f9.ts.net:4647",
+    "ch3.tailnet-68f9.ts.net:4647",
+    "de.tailnet-68f9.ts.net:4647",
+    "semaphore.tailnet-68f9.ts.net:4647"
+  ]
+  
+  # 基本驱动
+  options {
+    "driver.raw_exec.enable" = "1"
+    "driver.exec.enable" = "1"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+# Podman 插件配置
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+# 安全的 Consul 配置 - 指向本地客户端
+consul {
+  address = "127.0.0.1:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+# 禁用 Vault - 暂时
+vault {
+  enabled = false
+}
+
+# 遥测配置
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}