ansible: install Nomad from HashiCorp releases for better control.

hashicorp-forge · May 24, 2024 · 4ec3dfc · 4ec3dfc
1 parent 776cac2
commit 4ec3dfc
Show file tree

Hide file tree

Showing 4 changed files with 99 additions and 29 deletions.
diff --git a/shared/ansible/hashicorp/nomad_bench/roles/common/defaults/main.yaml b/shared/ansible/hashicorp/nomad_bench/roles/common/defaults/main.yaml
@@ -0,0 +1,9 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+common_apt_packages: [
+  "jq",
+  "net-tools",
+  "ntp",
+  "unzip",
+]
diff --git a/shared/ansible/hashicorp/nomad_bench/roles/common/tasks/main.yaml b/shared/ansible/hashicorp/nomad_bench/roles/common/tasks/main.yaml
@@ -2,3 +2,11 @@
 # SPDX-License-Identifier: MPL-2.0
 
 - amazon.aws.ec2_metadata_facts:
+
+- name: "install_packages"
+  become: true
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: "present"
+    update_cache: true
+  loop: "{{ common_apt_packages }}"
diff --git a/shared/ansible/hashicorp/nomad_bench/roles/nomad/defaults/main.yaml b/shared/ansible/hashicorp/nomad_bench/roles/nomad/defaults/main.yaml
@@ -1,7 +1,20 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-nomad_pkg_version: "" # defaults to latest
+nomad_version: "1.8.0-rc.1"
+
+nomad_release_arch_map:
+  amd64: "amd64"
+  x86_64: "amd64"
+  armv7l: "arm"
+  aarch64: "arm64"
+  32-bit: "386"
+  64-bit: "amd64"
+
+nomad_release_architecture: "{{ nomad_release_arch_map[ansible_architecture] }}"
+nomad_release_zip_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_{{ nomad_release_architecture }}.zip"
+nomad_checksum_file_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_SHA256SUMS"
+nomad_package_name: "nomad_{{ nomad_version }}_linux_{{ nomad_release_architecture }}.zip"
 
 nomad_user: root
 nomad_group: root

diff --git a/shared/ansible/hashicorp/nomad_bench/roles/nomad/tasks/main.yaml b/shared/ansible/hashicorp/nomad_bench/roles/nomad/tasks/main.yaml
@@ -1,35 +1,75 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-- name: "download_hashicorp_gpg_key"
-  become: true
-  ansible.builtin.get_url:
-    url: "https://apt.releases.hashicorp.com/gpg"
-    dest: "/usr/share/keyrings/hashicorp-archive-keyring.asc"
-    checksum: "sha256:cafb01beac341bf2a9ba89793e6dd2468110291adfbb6c62ed11a0cde6c09029"
-
-- name: "install_hashicorp_apt_repo"
-  become: true
-  ansible.builtin.apt_repository:
-    repo: "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.asc] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main"
-    filename: "hashicorp"
-    state: "present"
-
-- name: "install_specific_nomad_version"
-  become: true
-  ansible.builtin.apt:
-    name: "nomad={{ nomad_pkg_version }}"
-    state: "present"
-    update_cache: true
-  when: nomad_pkg_version | length > 0
+- name: "check_nomad_checksum_file"
+  ansible.builtin.stat:
+    path: "/tmp/nomad_{{ nomad_version }}_SHA256SUMS"
+  become: false
+  register: nomad_checksum
 
-- name: "install_latest_nomad_version"
-  become: true
-  ansible.builtin.apt:
-    name: "nomad"
-    state: "present"
-    update_cache: true
-  when: nomad_pkg_version| length == 0
+- name: "get_nomad_checksum_file"
+  ansible.builtin.get_url:
+    url: "{{ nomad_checksum_file_url }}"
+    dest: "/tmp/nomad_{{ nomad_version }}_SHA256SUMS"
+    mode: "0644"
+  become: false
+  when: not nomad_checksum.stat.exists
+
+- name: "get_nomad_checksum"
+  ansible.builtin.shell: |
+    set -o pipefail
+    grep "{{ nomad_package_name }}" "/tmp/nomad_{{ nomad_version }}_SHA256SUMS" | awk '{print $1}'
+  args:
+    executable: /bin/bash
+  become: false
+  register: nomad_sha256
+
+- name: "stat_nomad_binary"
+  stat:
+    path: "{{ nomad_install_dir }}/nomad"
+  register: nomad_binary
+
+- name: "check_nomad_binary"
+  ansible.builtin.command: "nomad version"
+  register: nomad_binary_version
+  become: false
+  changed_when: false
+  failed_when: false
+
+- block:
+  - name: "download_nomad_release_zip"
+    ansible.builtin.get_url:
+      url: "{{ nomad_release_zip_url }}"
+      dest: "/tmp/nomad.zip"
+      checksum: "sha256:{{ nomad_sha256.stdout }}"
+      timeout: "60"
+      mode: "600"
+    become: false
+  - name: "unzip_nomad_release"
+    ansible.builtin.unarchive:
+      remote_src: "yes"
+      src: "/tmp/nomad.zip"
+      dest: "/tmp/"
+      owner: "root"
+      group: "root"
+      mode: "0755"
+    become: true
+  - name: "move_nomad_release_binary"
+    ansible.builtin.copy:
+      src: "/tmp/nomad"
+      dest: "{{ nomad_install_dir }}/nomad"
+      owner: "root"
+      group: "root"
+      mode: "0755"
+      remote_src: true
+    become: true
+  - name: "remove_nomad_zip"
+    ansible.builtin.file:
+      path: "/tmp/nomad.zip"
+      state: "absent"
+  when: "not nomad_binary.stat.exists or nomad_binary_version is not defined or nomad_version|string not in nomad_binary_version.stdout"
+  notify:
+    - "restart_nomad"
 
 - name: "stat_log_file"
   stat: path="{{ nomad_log_file }}"