Since as of now there is no binary release for Hashicorp Nomad in aarch64, we'll have to compile it from scratch.
As of now, the mainline kernel that motorola-ali
uses comes with a couple of netfilter extensions disabled, and we'll have to enable them for the CNI plugins that Nomad uses.
Edit the kernel kconfig with:
pmbootstrap kconfig edit linux-postmarketos-qcom-msm8953-6.9.1-r1
Navigate to Networking Support -> Networking Options -> Network packet filtering framework (Netfilter) -> Core Netfilter Configuration -> Netfilter Xtables support (required for ip_tables)
and enable:
"comment" match support
"mark" match support
"multiport" Multiple port match support
Save your changes and exit. Compile the kernel with:
pmbootstrap build --force linux-postmarketos-qcom-msm8953
Install the packages to chroot with:
pmbootstrap install
Then proceed to flash the compiled kernel to the device following these instructions. Note this will format the device so you'll have to do USB forwarding and Wi-Fi configuration again.
sudo apk add docker
sudo rc-service docker start
sudo rc-service add docker
sudo apk add --update git linux-headers bash binutils build-base
sudo apk add go
echo 'if [ -d "$HOME/go" ] ; then
export PATH="$PATH:$HOME/go/bin"
export GOPATH="$HOME/go"
fi' | sudo tee /etc/profile.d/golang.sh
mkdir ~/go
source /etc/profile
mkdir -p $GOPATH/src/github.com/hashicorp && cd $_
git clone https://github.com/hashicorp/nomad.git
cd nomad
make bootstrap
make dev
sudo ln -s $PWD/bin/nomad /usr/local/bin/
Follow the HashiCorp documentation for installing CNI plugins and configuring bridge network.
This is optional, if you'd like to use nftables you'll have to configure firewall rules for the server and UI ports, and also any running containers if you'd like to use the device as a client.
sudo nft flush ruleset
sudo rc-service nftables stop
sudo rc-update del nftables default
Since Alpine uses OpenRC to manage services, we'll have to create an /etc/init.d/nomad
file with the following contents:
#!/sbin/openrc-run
name=$RC_SVCNAME
cfgfile="/etc/$RC_SVCNAME/$RC_SVCNAME.conf"
command="/usr/local/bin/nomad"
command_args="agent -config /etc/nomad/server.hcl -bind=$(/sbin/ifconfig wlan0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')"
command_user="root"
NOMAD_LOGFILE="${NOMAD_LOGFILE:-/var/log/${RC_SVCNAME}.log}"
NOMAD_ERRFILE="${NOMAD_ERRFILE:-${NOMAD_LOGFILE}}"
NOMAD_OUTFILE="${NOMAD_OUTFILE:-${NOMAD_LOGFILE}}"
if [ "$NOMAD_ERRFILE" = "$NOMAD_OUTFILE" ]; then
LOGPROXY_OPTS="$LOGPROXY_OPTS -m"
fi
export \
LOGPROXY_CHMOD="${LOGPROXY_CHMOD:-0644}" \
LOGPROXY_LOG_DIRECTORY="${LOGPROXY_LOG_DIRECTORY:-/var/log}" \
LOGPROXY_ROTATION_SIZE="${LOGPROXY_ROTATION_SIZE:-104857600}" \
LOGPROXY_ROTATION_TIME="${LOGPROXY_ROTATION_TIME:-86400}" \
LOGPROXY_ROTATION_SUFFIX="${LOGPROXY_ROTATION_SUFFIX:-.%Y%m%d%H%M%S}" \
LOGPROXY_ROTATED_FILES="${LOGPROXY_ROTATE_FILES:-5}"
output_logger="log_proxy $LOGPROXY_OPTS $NOMAD_OUTFILE"
error_logger="log_proxy $LOGPROXY_OPTS $NOMAD_ERRFILE"
pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
start_stop_daemon_args=""
command_background="yes"
depend() {
need net
}
start_pre() {
checkpath --directory --owner $command_user:$command_user --mode 0775 \
/run/$RC_SVCNAME /var/log/$RC_SVCNAME
}
Make it executable with:
sudo chmod +x /etc/init.d/nomad
This init file is configured to look up a configuration file at /etc/nomad/server.hcl
. This is the file contents:
log_level = "DEBUG"
# Setup data dir
data_dir = "/var/lib/nomad"
server {
enabled = true
bootstrap_expect = 1
}
You can also replace it with a client.hcl
file if you'd like to run the device as a Nomad client.
Start the server with:
sudo rc-service nomad start
Check logs at /var/log/nomad.log
for troubleshooting. If everything goes well, you should be able to access the Nomad UI at http://YOUR_SERVER_IP:4646
After all is done, you can enable it to start at boot:
sudo rc-update add nomad