Merge pull request #78 from wiseflat/dev/mgarcia/fix

Multiple fix

Author: wiseflat

ansible/playbooks/paas/roles/ansible-docker/defaults/main.yml

@@ -9,13 +9,10 @@ docker_tls_configuration: false
 docker_tcp_listen_address: "127.0.0.1"
 docker_tcp_listen_port: 2376
 
-docker_private_registry_state: false
-docker_private_registry_url: ""
-docker_private_registry_username: ""
-docker_private_registry_password: ""
-docker_private_registry_config:
-  - /etc/docker/config.json
-  - /root/.docker/config.json
+docker_private_registry:
+  url: ""
+  username: ""
+  password: ""
 
 # DNS
 docker_dns_configuration: true
@@ -25,6 +22,12 @@ docker_dns_servers:
 
 docker_metrics_addr: "{{ docker_tcp_listen_address }}:9323"
 
+docker_runtimes: []
+  # - key: nvidia
+  #   value:
+  #     args: {}
+  #     path: nvidia-container-runtime
+
 # TLS
 # CA
 docker_ca_install_tls_ca_host: localhost

ansible/playbooks/paas/roles/ansible-docker/tasks/install.yml

@@ -63,21 +63,18 @@
 - name: Create home docker directory
   ansible.builtin.file:
     path: "{{ item }}"
-    recurse: true
     state: directory
     mode: '0755'
   loop:
     - /root/.docker
 
-- name: Copy config.json
+- name: Copy config.json to root directory
   ansible.builtin.template:
     src: config.json.j2
-    dest: "{{ item }}"
+    dest: /root/.docker/config.json
     owner: root
     group: root
     mode: '0600'
-  when: docker_private_registry_state
-  loop: "{{ docker_private_registry_config }}"
   notify: Docker_restart
 
 - name: Copy daemon.json for DNS resolution

ansible/playbooks/paas/roles/ansible-docker/templates/config.json.j2

@@ -1,7 +1,7 @@
 {
     "auths": {
-        "{{ docker_private_registry_url }}": {
-            "auth": "{{ (docker_private_registry_username + ':' + docker_private_registry_password) | b64encode }}"
+        "{{ docker_private_registry.url }}": {
+            "auth": "{{ (docker_private_registry.username + ':' + docker_private_registry.password) | b64encode }}"
         }
     }
 }

ansible/playbooks/paas/roles/ansible-docker/templates/daemon.json.j2

@@ -1,4 +1,8 @@
 {
     "metrics-addr" : "{{ docker_metrics_addr }}",
-    "dns": [{% for item in docker_dns_servers %}"{{ item }}"{% if not loop.last %},{% endif %}{% endfor %}]
+    "dns": [{% for item in docker_dns_servers %}"{{ item }}"{% if not loop.last %},{% endif %}{% endfor %}],
+    "runtimes": {
+    {%- for runtime in docker_runtimes | default([]) -%}
+        "{{ runtime.key }}": {{ runtime.value | to_json }}{% if not loop.last %},{% endif %}{% endfor %}
+    }
 }

ansible/playbooks/paas/roles/coredns/templates/Corefile.j2

@@ -4,7 +4,7 @@ service.nomad.:1053 {
     #debug
     #log
     nomad {
-        address https://{{ hostvars[nomad_primary_master_node | default(inventory_hostname)]['ansible_' + nomad_iface].ipv4.address | default('127.0.0.1') }}:4646
+        address https://{{ hostvars[nomad_primary_master_node | default(inventory_hostname)]['ansible_' + hostvars[nomad_primary_master_node | default(inventory_hostname)].nomad_iface].ipv4.address | default('127.0.0.1') }}:4646
         token {{ lookup('simple-stack-ui', type='secret', key=nomad_primary_master_node | default(inventory_hostname), subkey='nomad_management_token', missing='error') }}
         ttl 10
     }

ansible/playbooks/paas/roles/coredns/vars/upstream.yml

@@ -1,4 +1,4 @@
 ---
-latest_version: "{{ (lookup('url', 'https://api.github.com/repos/{{ image.upstream.user }}/{{ image.upstream.repo }}/releases/latest', headers={'Accept': 'application/vnd.github+json', 'Authorization': 'Bearer ' + lookup('ansible.builtin.env', 'GITHUB_API_TOKEN') }) | from_json).get('tag_name') | replace('v', '') }}"
+latest_version: "{{ (lookup('url', 'https://api.github.com/repos/' + image.upstream.user + '/' + image.upstream.repo + '/releases/latest', headers={'Accept': 'application/vnd.github+json', 'Authorization': 'Bearer ' + lookup('ansible.builtin.env', 'GITHUB_API_TOKEN') }) | from_json).get('tag_name') | replace('v', '') }}"
 upstream_file_name: "{{ image.upstream.file | replace('REPO', image.upstream.repo) | replace('VERSION', latest_version) | replace('OS', image.upstream.os) | replace('ARCH', upstream_default_arch) | replace('FORMAT', image.upstream.format) }}"
 upstream_file_url: "https://github.com/{{ image.upstream.user }}/{{ image.upstream.repo }}/releases/download/v{{ latest_version }}/{{ upstream_file_name }}"

ansible/playbooks/paas/roles/nomad/defaults/main.yml

@@ -18,6 +18,7 @@ nomad_group: simplestack
 nomad_dc_name: dc1
 
 nomad_project: "{{ fact_instance.project }}"
+nomad_provider: "{{ fact_instance.provider }}"
 nomad_region: "{{ fact_instance.region }}"
 nomad_location: "{{ fact_instance.region }}"
 
@@ -199,8 +200,8 @@ nomad_tls_ip_range: "{{ ((range(0,256) | map('regex_replace', '^', 'IP:192.168.0
 nomad_tls_check_delay: "+2w"
 
 # TLS Server
-nomad_tls_cert_server: "{{ nomad_dc_name }}-server-nomad.pem"
-nomad_tls_privatekey_server: "{{ nomad_dc_name }}-server-nomad.key"
+nomad_tls_cert_server: "{{ nomad_region }}-{{ nomad_provider }}-{{ nomad_dc_name }}-server-nomad.pem"
+nomad_tls_privatekey_server: "{{ nomad_region }}-{{ nomad_provider }}-{{ nomad_dc_name }}-server-nomad.key"
 
 nomad_tls_common_name_server: "*.{{ nomad_dc_name }}.{{ nomad_tls_common_name }}"
 nomad_tls_subject_alt_name_server: "DNS:localhost,IP:127.0.0.1,IP:172.17.0.1,{{ nomad_tls_ip_range }},DNS:server.global.nomad,DNS:server.{{ nomad_region }}.nomad,DNS:server.{{ nomad_dc_name }}.nomad,DNS:*.{{ nomad_dc_name }}.nomad"

ansible/playbooks/paas/roles/nomad/tasks/04_tls_certs.yml

@@ -1,11 +1,11 @@
 ---
-- name: "Certificate | Create TLS directory on target"
+- name: "Nomad | Create TLS directory on target"
   ansible.builtin.file:
     path: "{{ nomad_tls_host_certificate_dir }}"
     state: directory
     mode: '0755'
 
-- name: "Certificate | Copy Public certs on nodes - {{ nomad_tls_ca_pubkey }}"
+- name: "Nomad | Copy Public certs on nodes - {{ nomad_tls_ca_pubkey }}"
   ansible.builtin.copy:
     src: "{{ nomad_tls_ca_host_dir }}/{{ nomad_tls_ca_pubkey }}"
     dest: "{{ nomad_tls_host_certificate_dir }}/{{ nomad_tls_ca_pubkey }}"
@@ -42,7 +42,7 @@
         certificate_client_privatekey: "{{ nomad_tls_privatekey_server }}"
         certificate_common_name: "{{ nomad_tls_common_name_server }}"
         certificate_subject_alt_name: "{{ nomad_tls_subject_alt_name_server }}"
-      run_once: true
+      # run_once: true
       when: not cert_tls_server_present.stat.exists or (cert_tls_server_present.stat.exists and not tls_check_server.valid_at.delay)
 
     - name: "Nomad | Copy certificates on server nodes"
@@ -64,7 +64,7 @@
   block:
     - name: "Nomad | Check if TLS cert exists for Client"
       ansible.builtin.stat:
-        path: "{{ nomad_tls_ca_host_dir }}{{ nomad_tls_cert_client }}"
+        path: "{{ nomad_tls_host_certificate_dir }}/{{ nomad_tls_cert_client }}"
       register: cert_tls_client_present
 
     - name: "Nomad | Get information on generated certificate for Clients"
@@ -88,7 +88,7 @@
         certificate_client_privatekey: "{{ nomad_tls_privatekey_client }}"
         certificate_common_name: "{{ nomad_tls_common_name_client }}"
         certificate_subject_alt_name: "{{ nomad_tls_subject_alt_name_client }}"
-      run_once: true
+      # run_once: true
       when: not cert_tls_client_present.stat.exists or (cert_tls_client_present.stat.exists and not tls_check_client.valid_at.delay)
 
 

ansible/playbooks/paas/roles/nomad/tasks/06_configuration.yml

@@ -38,6 +38,7 @@
     owner: nomad
     group: nomad
     mode: "0644"
+  notify: Nomad_restart
 
 - name: "Nomad Install | Copy configurations files for servers"
   ansible.builtin.template:

ansible/playbooks/paas/roles/nomad/tasks/07_autoeligibility.yml

@@ -17,10 +17,6 @@
         return_content: true
       register: nomad_policies_list_raw
 
-    - name: Debug nomad_policies_list_raw (for auto eligibility)
-      ansible.builtin.debug:
-        msg: "{{ nomad_policies_list_raw.json }}"
-
     - name: "Nomad Policy | Set policies list fact"
       ansible.builtin.set_fact:
         nomad_policies_list: "{{ nomad_policies_list_raw.json | community.general.json_query('[*].Name') | string }}"