From 4ec3dfc38c07e77cd70077f80691f60f4a463729 Mon Sep 17 00:00:00 2001 From: James Rasell Date: Fri, 24 May 2024 12:29:35 +0100 Subject: [PATCH] ansible: install Nomad from HashiCorp releases for better control. --- .../roles/common/defaults/main.yaml | 9 ++ .../nomad_bench/roles/common/tasks/main.yaml | 8 ++ .../roles/nomad/defaults/main.yaml | 15 ++- .../nomad_bench/roles/nomad/tasks/main.yaml | 96 +++++++++++++------ 4 files changed, 99 insertions(+), 29 deletions(-) create mode 100644 shared/ansible/hashicorp/nomad_bench/roles/common/defaults/main.yaml diff --git a/shared/ansible/hashicorp/nomad_bench/roles/common/defaults/main.yaml b/shared/ansible/hashicorp/nomad_bench/roles/common/defaults/main.yaml new file mode 100644 index 0000000..93de3b2 --- /dev/null +++ b/shared/ansible/hashicorp/nomad_bench/roles/common/defaults/main.yaml @@ -0,0 +1,9 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +common_apt_packages: [ + "jq", + "net-tools", + "ntp", + "unzip", +] diff --git a/shared/ansible/hashicorp/nomad_bench/roles/common/tasks/main.yaml b/shared/ansible/hashicorp/nomad_bench/roles/common/tasks/main.yaml index c07df7f..64056d7 100644 --- a/shared/ansible/hashicorp/nomad_bench/roles/common/tasks/main.yaml +++ b/shared/ansible/hashicorp/nomad_bench/roles/common/tasks/main.yaml @@ -2,3 +2,11 @@ # SPDX-License-Identifier: MPL-2.0 - amazon.aws.ec2_metadata_facts: + +- name: "install_packages" + become: true + ansible.builtin.apt: + name: "{{ item }}" + state: "present" + update_cache: true + loop: "{{ common_apt_packages }}" diff --git a/shared/ansible/hashicorp/nomad_bench/roles/nomad/defaults/main.yaml b/shared/ansible/hashicorp/nomad_bench/roles/nomad/defaults/main.yaml index 50ff2ca..a2c5737 100644 --- a/shared/ansible/hashicorp/nomad_bench/roles/nomad/defaults/main.yaml +++ b/shared/ansible/hashicorp/nomad_bench/roles/nomad/defaults/main.yaml @@ -1,7 +1,20 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 -nomad_pkg_version: "" # defaults to latest +nomad_version: "1.8.0-rc.1" + +nomad_release_arch_map: + amd64: "amd64" + x86_64: "amd64" + armv7l: "arm" + aarch64: "arm64" + 32-bit: "386" + 64-bit: "amd64" + +nomad_release_architecture: "{{ nomad_release_arch_map[ansible_architecture] }}" +nomad_release_zip_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_{{ nomad_release_architecture }}.zip" +nomad_checksum_file_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_SHA256SUMS" +nomad_package_name: "nomad_{{ nomad_version }}_linux_{{ nomad_release_architecture }}.zip" nomad_user: root nomad_group: root diff --git a/shared/ansible/hashicorp/nomad_bench/roles/nomad/tasks/main.yaml b/shared/ansible/hashicorp/nomad_bench/roles/nomad/tasks/main.yaml index 1b77f7a..7cc26d8 100644 --- a/shared/ansible/hashicorp/nomad_bench/roles/nomad/tasks/main.yaml +++ b/shared/ansible/hashicorp/nomad_bench/roles/nomad/tasks/main.yaml @@ -1,35 +1,75 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 -- name: "download_hashicorp_gpg_key" - become: true - ansible.builtin.get_url: - url: "https://apt.releases.hashicorp.com/gpg" - dest: "/usr/share/keyrings/hashicorp-archive-keyring.asc" - checksum: "sha256:cafb01beac341bf2a9ba89793e6dd2468110291adfbb6c62ed11a0cde6c09029" - -- name: "install_hashicorp_apt_repo" - become: true - ansible.builtin.apt_repository: - repo: "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.asc] https://apt.releases.hashicorp.com {{ ansible_distribution_release }} main" - filename: "hashicorp" - state: "present" - -- name: "install_specific_nomad_version" - become: true - ansible.builtin.apt: - name: "nomad={{ nomad_pkg_version }}" - state: "present" - update_cache: true - when: nomad_pkg_version | length > 0 +- name: "check_nomad_checksum_file" + ansible.builtin.stat: + path: "/tmp/nomad_{{ nomad_version }}_SHA256SUMS" + become: false + register: nomad_checksum -- name: "install_latest_nomad_version" - become: true - ansible.builtin.apt: - name: "nomad" - state: "present" - update_cache: true - when: nomad_pkg_version| length == 0 +- name: "get_nomad_checksum_file" + ansible.builtin.get_url: + url: "{{ nomad_checksum_file_url }}" + dest: "/tmp/nomad_{{ nomad_version }}_SHA256SUMS" + mode: "0644" + become: false + when: not nomad_checksum.stat.exists + +- name: "get_nomad_checksum" + ansible.builtin.shell: | + set -o pipefail + grep "{{ nomad_package_name }}" "/tmp/nomad_{{ nomad_version }}_SHA256SUMS" | awk '{print $1}' + args: + executable: /bin/bash + become: false + register: nomad_sha256 + +- name: "stat_nomad_binary" + stat: + path: "{{ nomad_install_dir }}/nomad" + register: nomad_binary + +- name: "check_nomad_binary" + ansible.builtin.command: "nomad version" + register: nomad_binary_version + become: false + changed_when: false + failed_when: false + +- block: + - name: "download_nomad_release_zip" + ansible.builtin.get_url: + url: "{{ nomad_release_zip_url }}" + dest: "/tmp/nomad.zip" + checksum: "sha256:{{ nomad_sha256.stdout }}" + timeout: "60" + mode: "600" + become: false + - name: "unzip_nomad_release" + ansible.builtin.unarchive: + remote_src: "yes" + src: "/tmp/nomad.zip" + dest: "/tmp/" + owner: "root" + group: "root" + mode: "0755" + become: true + - name: "move_nomad_release_binary" + ansible.builtin.copy: + src: "/tmp/nomad" + dest: "{{ nomad_install_dir }}/nomad" + owner: "root" + group: "root" + mode: "0755" + remote_src: true + become: true + - name: "remove_nomad_zip" + ansible.builtin.file: + path: "/tmp/nomad.zip" + state: "absent" + when: "not nomad_binary.stat.exists or nomad_binary_version is not defined or nomad_version|string not in nomad_binary_version.stdout" + notify: + - "restart_nomad" - name: "stat_log_file" stat: path="{{ nomad_log_file }}"