110 lines
4.2 KiB
HCL
110 lines
4.2 KiB
HCL
job "install-podman-driver" {
|
||
datacenters = ["dc1"]
|
||
type = "system" # 在所有节点上运行
|
||
|
||
group "install" {
|
||
task "install-podman" {
|
||
driver = "exec"
|
||
|
||
config {
|
||
command = "bash"
|
||
args = [
|
||
"-c",
|
||
<<-EOF
|
||
set -euo pipefail
|
||
export PATH="/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin"
|
||
|
||
# 依赖工具
|
||
if ! command -v jq >/dev/null 2>&1 || ! command -v unzip >/dev/null 2>&1 || ! command -v wget >/dev/null 2>&1; then
|
||
echo "Installing dependencies (jq unzip wget)..."
|
||
sudo -n apt update -y || true
|
||
sudo -n apt install -y jq unzip wget || true
|
||
fi
|
||
|
||
# 安装 Podman(若未安装)
|
||
if ! command -v podman >/dev/null 2>&1; then
|
||
echo "Installing Podman..."
|
||
sudo -n apt update -y || true
|
||
sudo -n apt install -y podman || true
|
||
sudo -n systemctl enable podman || true
|
||
else
|
||
echo "Podman already installed"
|
||
fi
|
||
|
||
# 启用并启动 podman.socket,确保 Nomad 可访问
|
||
sudo -n systemctl enable --now podman.socket || true
|
||
if getent group podman >/dev/null 2>&1; then
|
||
sudo -n usermod -aG podman nomad || true
|
||
fi
|
||
|
||
# 安装 Nomad Podman 驱动插件(始终确保存在)
|
||
PODMAN_DRIVER_VERSION="0.6.1"
|
||
PLUGIN_DIR="/opt/nomad/data/plugins"
|
||
sudo -n mkdir -p "${PLUGIN_DIR}" || true
|
||
cd /tmp
|
||
if [ ! -x "${PLUGIN_DIR}/nomad-driver-podman" ]; then
|
||
echo "Installing nomad-driver-podman ${PODMAN_DRIVER_VERSION}..."
|
||
wget -q "https://releases.hashicorp.com/nomad-driver-podman/${PODMAN_DRIVER_VERSION}/nomad-driver-podman_${PODMAN_DRIVER_VERSION}_linux_amd64.zip"
|
||
unzip -o "nomad-driver-podman_${PODMAN_DRIVER_VERSION}_linux_amd64.zip"
|
||
sudo -n mv -f nomad-driver-podman "${PLUGIN_DIR}/"
|
||
sudo -n chmod +x "${PLUGIN_DIR}/nomad-driver-podman"
|
||
sudo -n chown -R nomad:nomad "${PLUGIN_DIR}"
|
||
rm -f "nomad-driver-podman_${PODMAN_DRIVER_VERSION}_linux_amd64.zip"
|
||
else
|
||
echo "nomad-driver-podman already present in ${PLUGIN_DIR}"
|
||
fi
|
||
|
||
# 更新 /etc/nomad.d/nomad.hcl 的 plugin_dir 设置
|
||
if [ -f /etc/nomad.d/nomad.hcl ]; then
|
||
if grep -q "^plugin_dir\s*=\s*\"" /etc/nomad.d/nomad.hcl; then
|
||
sudo -n sed -i 's#^plugin_dir\s*=\s*\".*\"#plugin_dir = "/opt/nomad/data/plugins"#' /etc/nomad.d/nomad.hcl || true
|
||
else
|
||
echo 'plugin_dir = "/opt/nomad/data/plugins"' | sudo -n tee -a /etc/nomad.d/nomad.hcl >/dev/null || true
|
||
fi
|
||
fi
|
||
|
||
# 重启 Nomad 服务以加载插件
|
||
sudo -n systemctl restart nomad || true
|
||
echo "Waiting for Nomad to restart..."
|
||
sleep 15
|
||
|
||
# 检查 Podman 驱动是否被 Nomad 检测到
|
||
if /usr/local/bin/nomad node status -self -json 2>/dev/null | jq -r '.Drivers.podman.Detected' | grep -q "true"; then
|
||
echo "Podman driver successfully loaded"
|
||
exit 0
|
||
fi
|
||
|
||
echo "Podman driver not detected yet, retrying once after socket restart..."
|
||
sudo -n systemctl restart podman.socket || true
|
||
sleep 5
|
||
if /usr/local/bin/nomad node status -self -json 2>/dev/null | jq -r '.Drivers.podman.Detected' | grep -q "true"; then
|
||
echo "Podman driver successfully loaded after socket restart"
|
||
exit 0
|
||
else
|
||
echo "Podman driver still not detected; manual investigation may be required"
|
||
exit 1
|
||
fi
|
||
EOF
|
||
]
|
||
}
|
||
|
||
resources {
|
||
cpu = 200
|
||
memory = 256
|
||
}
|
||
|
||
// 以root权限运行
|
||
// user = "root"
|
||
# 使用 nomad 用户运行任务,避免客户端策略禁止 root
|
||
user = "nomad"
|
||
|
||
# 确保任务成功完成
|
||
restart {
|
||
attempts = 1
|
||
interval = "24h"
|
||
delay = "60s"
|
||
mode = "fail"
|
||
}
|
||
}
|
||
}
|
||
} |