59 lines
1.8 KiB
YAML
59 lines
1.8 KiB
YAML
---
|
|
# 安全地修复客户端节点配置 - 先客户端,后服务器
|
|
- name: 修复客户端节点不安全配置
|
|
hosts: nomad_clients
|
|
become: yes
|
|
serial: 1 # 一个一个来,确保安全
|
|
tasks:
|
|
- name: 显示当前处理的节点
|
|
debug:
|
|
msg: "正在处理客户端节点: {{ inventory_hostname }}"
|
|
|
|
- name: 备份当前配置
|
|
copy:
|
|
src: /etc/nomad.d/nomad.hcl
|
|
dest: /etc/nomad.d/nomad.hcl.backup.{{ ansible_date_time.epoch }}
|
|
backup: yes
|
|
|
|
- name: 创建安全的客户端配置
|
|
template:
|
|
src: client-secure-template.hcl.j2
|
|
dest: /etc/nomad.d/nomad.hcl
|
|
backup: yes
|
|
notify: restart nomad
|
|
|
|
- name: 验证配置文件语法
|
|
command: nomad config validate /etc/nomad.d/nomad.hcl
|
|
register: config_validation
|
|
|
|
- name: 显示验证结果
|
|
debug:
|
|
msg: "{{ inventory_hostname }} 配置验证: {{ config_validation.stdout }}"
|
|
|
|
- name: 等待服务重启完成
|
|
wait_for:
|
|
port: 4646
|
|
host: "{% if inventory_hostname == 'influxdb' %}influxdb1.tailnet-68f9.ts.net{% else %}{{ inventory_hostname }}.tailnet-68f9.ts.net{% endif %}"
|
|
delay: 10
|
|
timeout: 60
|
|
delegate_to: localhost
|
|
|
|
handlers:
|
|
- name: restart nomad
|
|
systemd:
|
|
name: nomad
|
|
state: restarted
|
|
daemon_reload: yes
|
|
|
|
post_tasks:
|
|
- name: 验证节点重新加入集群
|
|
uri:
|
|
url: "http://{% if inventory_hostname == 'influxdb' %}influxdb1.tailnet-68f9.ts.net{% else %}{{ inventory_hostname }}.tailnet-68f9.ts.net{% endif %}:4646/v1/agent/self"
|
|
method: GET
|
|
register: node_status
|
|
delegate_to: localhost
|
|
|
|
- name: 显示节点状态
|
|
debug:
|
|
msg: "{{ inventory_hostname }} 重新加入集群成功"
|
|
when: node_status.status == 200 |