62 lines
1.6 KiB
YAML
62 lines
1.6 KiB
YAML
---
|
|
# Ansible 批量修复所有服务器节点的安全配置
|
|
- name: 修复所有 Nomad 服务器节点的安全配置
|
|
hosts: ash1d,ash2e,onecloud1
|
|
gather_facts: no
|
|
vars:
|
|
nomad_servers:
|
|
- "semaphore.tailnet-68f9.ts.net:4647"
|
|
- "ash1d.tailnet-68f9.ts.net:4647"
|
|
- "ash2e.tailnet-68f9.ts.net:4647"
|
|
- "ch2.tailnet-68f9.ts.net:4647"
|
|
- "ch3.tailnet-68f9.ts.net:4647"
|
|
- "onecloud1.tailnet-68f9.ts.net:4647"
|
|
- "de.tailnet-68f9.ts.net:4647"
|
|
|
|
tasks:
|
|
- name: 生成安全的 Nomad 服务器配置
|
|
template:
|
|
src: server-secure.hcl.j2
|
|
dest: /tmp/nomad-secure.hcl
|
|
mode: '0644'
|
|
|
|
- name: 停止 Nomad 服务
|
|
systemd:
|
|
name: nomad
|
|
state: stopped
|
|
become: yes
|
|
|
|
- name: 备份当前配置
|
|
copy:
|
|
src: /etc/nomad.d/nomad.hcl
|
|
dest: "/etc/nomad.d/nomad.hcl.backup.{{ ansible_date_time.epoch }}"
|
|
remote_src: yes
|
|
become: yes
|
|
ignore_errors: yes
|
|
|
|
- name: 部署安全配置
|
|
copy:
|
|
src: /tmp/nomad-secure.hcl
|
|
dest: /etc/nomad.d/nomad.hcl
|
|
remote_src: yes
|
|
become: yes
|
|
|
|
- name: 清理 Raft 数据以重新加入集群
|
|
file:
|
|
path: /opt/nomad/data/server/raft/
|
|
state: absent
|
|
become: yes
|
|
|
|
- name: 启动 Nomad 服务
|
|
systemd:
|
|
name: nomad
|
|
state: started
|
|
enabled: yes
|
|
become: yes
|
|
|
|
- name: 等待服务启动
|
|
wait_for:
|
|
port: 4646
|
|
host: "{{ inventory_hostname }}.tailnet-68f9.ts.net"
|
|
delay: 10
|
|
timeout: 60 |