REMOVE: 删除不再使用的 Terraform 配置文件

- 移除 nomad-terraform.tf 和 test_opentofu_consul.tf 文件
- 更新 Ansible inventory，注释掉不存在的节点 hcp2
- 修改 inventory.ini，确保节点配置的准确性
- 在 nomad-config 模块中添加 null_provider 以支持新配置
- 更新 influxdb1.hcl，添加 Grafana 和 Prometheus 数据卷配置

nomad-configs-tofu/README.md

@@ -0,0 +1,23 @@
+# Nomad 配置 - OpenTofu 管理
+
+## 节点分配
+
+### 服务器节点 (3个)
+- ash3c.tailnet-68f9.ts.net
+- ch4.tailnet-68f9.ts.net  
+- warden.tailnet-68f9.ts.net
+
+### 客户端节点 (4个)
+- hcp1.tailnet-68f9.ts.net
+- influxdb.tailnet-68f9.ts.net (influxdb1)
+- browser.tailnet-68f9.ts.net
+- ash1d.tailnet-68f9.ts.net
+
+### 已删除节点
+- ash2e.tailnet-68f9.ts.net (实例被删除，需要重建)
+
+## 配置原则
+- 极简配置，移除所有垃圾
+- 禁用 Vault (历史遗留问题)
+- 使用本地 Consul (127.0.0.1:8500)
+- 服务器节点也可运行作业 (client.enabled = true)

nomad-configs-tofu/ash1d-server.hcl

@@ -0,0 +1,82 @@
+# ash1d - 基于 onecloud1 成功配置直接替换节点名
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "ash1d"
+
+bind_addr = "ash1d.tailnet-68f9.ts.net"
+
+addresses {
+  http = "ash1d.tailnet-68f9.ts.net"
+  rpc  = "ash1d.tailnet-68f9.ts.net"
+  serf = "ash1d.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "ash1d.tailnet-68f9.ts.net:4646"
+  rpc  = "ash1d.tailnet-68f9.ts.net:4647"
+  serf = "ash1d.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+# 服务器模式 + 七仙女发现配置
+server {
+  enabled = true
+  
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4647",
+      "ash1d.tailnet-68f9.ts.net:4647", 
+      "ch2.tailnet-68f9.ts.net:4647",
+      "ch3.tailnet-68f9.ts.net:4647",
+      "onecloud1.tailnet-68f9.ts.net:4647",
+      "de.tailnet-68f9.ts.net:4647"
+    ]
+  }
+}
+
+# 服务器不运行作业
+client {
+  enabled = false
+  network_interface = "tailscale0"
+}
+
+# Podman 插件
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+# 本地 Consul 客户端
+consul {
+  address = "127.0.0.1:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+# 禁用 Vault
+vault {
+  enabled = false
+}
+
+# 遥测配置
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs-tofu/client-template-clean.hcl

@@ -0,0 +1,68 @@
+# Nomad 客户端节点配置模板 - 基于 Ansible 配置优化，去除垃圾 meta 标签
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "NODE_NAME"
+
+bind_addr = "NODE_NAME.tailnet-68f9.ts.net"
+
+addresses {
+  http = "NODE_NAME.tailnet-68f9.ts.net"
+  rpc  = "NODE_NAME.tailnet-68f9.ts.net"
+  serf = "NODE_NAME.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "NODE_NAME.tailnet-68f9.ts.net:4646"
+  rpc  = "NODE_NAME.tailnet-68f9.ts.net:4647"
+  serf = "NODE_NAME.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  
+  # 激进的垃圾清理策略 - 继承自 Ansible 配置
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+# Podman 插件配置 - 继承自 Ansible 配置
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+# Consul 配置 - 继承自 Ansible 配置
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+# Vault 配置 - 继承自 Ansible 配置
+vault {
+  enabled = true
+  address = "http://ch4.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://warden.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}

nomad-configs-tofu/client-template.hcl

@@ -0,0 +1,70 @@
+# Nomad 客户端节点配置模板 - 基于现有 Ansible 配置
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "NODE_NAME"
+
+bind_addr = "NODE_NAME.tailnet-68f9.ts.net"
+
+addresses {
+  http = "NODE_NAME.tailnet-68f9.ts.net"
+  rpc  = "NODE_NAME.tailnet-68f9.ts.net"
+  serf = "NODE_NAME.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "NODE_NAME.tailnet-68f9.ts.net:4646"
+  rpc  = "NODE_NAME.tailnet-68f9.ts.net:4647"
+  serf = "NODE_NAME.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = false
+}
+
+client {
+  enabled = true
+  
+  meta {
+    consul = "true"
+    consul_version = "1.21.5"
+  }
+  
+  # 激进的垃圾清理策略
+  gc_interval = "5m"
+  gc_disk_usage_threshold = 80
+  gc_inode_usage_threshold = 70
+}
+
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+consul {
+  address = "ch4.tailnet-68f9.ts.net:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+vault {
+  enabled = true
+  address = "http://ch4.tailnet-68f9.ts.net:8200,http://ash3c.tailnet-68f9.ts.net:8200,http://warden.tailnet-68f9.ts.net:8200"
+  token = "hvs.A5Fu4E1oHyezJapVllKPFsWg"
+  create_from_role = "nomad-cluster"
+  tls_skip_verify = true
+}

nomad-configs-tofu/onecloud1-server.hcl

@@ -0,0 +1,87 @@
+# onecloud1 - 基于现有配置继承和扬弃
+# 继承：基础配置、网络配置、遥测配置
+# 扬弃：错误的服务器列表、Vault配置、客户端运行作业
+
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"  # 继承：保留插件目录
+log_level = "DEBUG"  # 启用调试模式
+name = "onecloud1"
+
+bind_addr = "onecloud1.tailnet-68f9.ts.net"
+
+addresses {
+  http = "onecloud1.tailnet-68f9.ts.net"
+  rpc  = "onecloud1.tailnet-68f9.ts.net"
+  serf = "onecloud1.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "onecloud1.tailnet-68f9.ts.net:4646"
+  rpc  = "onecloud1.tailnet-68f9.ts.net:4647"
+  serf = "onecloud1.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+# 继承：服务器模式，加上服务器发现配置
+server {
+  enabled = true
+  
+  # 七仙女服务器发现配置
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4647",
+      "ash1d.tailnet-68f9.ts.net:4647", 
+      "ash2e.tailnet-68f9.ts.net:4647",
+      "ch2.tailnet-68f9.ts.net:4647",
+      "ch3.tailnet-68f9.ts.net:4647",
+      "onecloud1.tailnet-68f9.ts.net:4647",
+      "de.tailnet-68f9.ts.net:4647"
+    ]
+  }
+}
+
+# 扬弃：服务器不应该运行作业，但保留网络接口配置
+client {
+  enabled = false
+  network_interface = "tailscale0"  # 继承：网络接口配置
+}
+
+# 继承：Podman 插件配置
+plugin "nomad-driver-podman" {
+  config {
+    socket_path = "unix:///run/podman/podman.sock"
+    volumes {
+      enabled = true
+    }
+  }
+}
+
+# 扬弃：错误的 Consul 地址，改为本地客户端 - 分层解耦
+consul {
+  address = "127.0.0.1:8500"  # 修改：使用本地 Consul 客户端
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+# 扬弃：Vault 垃圾配置
+vault {
+  enabled = false
+}
+
+# 继承：遥测配置
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs-tofu/server-template-secure.hcl

@@ -0,0 +1,68 @@
+# Nomad 服务器节点安全配置模板
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+plugin_dir = "/opt/nomad/plugins"
+log_level = "INFO"
+name = "NODE_NAME"
+
+# 安全绑定 - 只绑定到 Tailscale 接口
+bind_addr = "NODE_NAME.tailnet-68f9.ts.net"
+
+addresses {
+  http = "NODE_NAME.tailnet-68f9.ts.net"
+  rpc  = "NODE_NAME.tailnet-68f9.ts.net"
+  serf = "NODE_NAME.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "NODE_NAME.tailnet-68f9.ts.net:4646"
+  rpc  = "NODE_NAME.tailnet-68f9.ts.net:4647"
+  serf = "NODE_NAME.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+server {
+  enabled = true
+  
+  # 七仙女服务器发现配置
+  server_join {
+    retry_join = [
+      "semaphore.tailnet-68f9.ts.net:4647",
+      "ash1d.tailnet-68f9.ts.net:4647", 
+      "ash2e.tailnet-68f9.ts.net:4647",
+      "ch2.tailnet-68f9.ts.net:4647",
+      "ch3.tailnet-68f9.ts.net:4647",
+      "onecloud1.tailnet-68f9.ts.net:4647",
+      "de.tailnet-68f9.ts.net:4647"
+    ]
+  }
+}
+
+# 安全的 Consul 配置 - 指向本地客户端
+consul {
+  address = "127.0.0.1:8500"
+  server_service_name = "nomad"
+  client_service_name = "nomad-client"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+# 安全的 Vault 配置 - 指向本地代理
+vault {
+  enabled = false  # 暂时禁用，等 Vault 集群部署完成
+}
+
+# 遥测配置
+telemetry {
+  collection_interval = "1s"
+  disable_hostname = false
+  prometheus_metrics = true
+  publish_allocation_metrics = true
+  publish_node_metrics = true
+}

nomad-configs-tofu/server-template.hcl

@@ -0,0 +1,57 @@
+# Nomad 服务器节点极简配置模板
+datacenter = "dc1"
+data_dir = "/opt/nomad/data"
+log_level = "INFO"
+name = "NODE_NAME"
+
+bind_addr = "NODE_NAME.tailnet-68f9.ts.net"
+
+addresses {
+  http = "NODE_NAME.tailnet-68f9.ts.net"
+  rpc  = "NODE_NAME.tailnet-68f9.ts.net"
+  serf = "NODE_NAME.tailnet-68f9.ts.net"
+}
+
+advertise {
+  http = "NODE_NAME.tailnet-68f9.ts.net:4646"
+  rpc  = "NODE_NAME.tailnet-68f9.ts.net:4647"
+  serf = "NODE_NAME.tailnet-68f9.ts.net:4648"
+}
+
+ports {
+  http = 4646
+  rpc  = 4647
+  serf = 4648
+}
+
+# 服务器模式
+server {
+  enabled = true
+  bootstrap_expect = 3
+  server_join {
+    retry_join = [
+      "ash3c.tailnet-68f9.ts.net",
+      "ch4.tailnet-68f9.ts.net", 
+      "warden.tailnet-68f9.ts.net"
+    ]
+  }
+}
+
+# 客户端也启用，服务器可以运行作业
+client {
+  enabled = true
+  network_interface = "tailscale0"
+}
+
+# 极简 Consul 配置
+consul {
+  address = "127.0.0.1:8500"
+  auto_advertise = true
+  server_auto_join = true
+  client_auto_join = true
+}
+
+# 禁用 Vault - 清理垃圾配置
+vault {
+  enabled = false
+}