angrycub

Nomad Variables

Motivation

Many workloads running in Nomad need a means for acquiring a secret or sensitive configuration information. HashiCorp Vault provides industry leading secrets management and Nomad has an integration that enables Vault to be a backing store for this type of information.

However, we kept hearing from the community that deploying, managing, and integrating with Vault was a lot of effort for smaller use-cases, early proof-of-concept work, and home labs. Nomad users wanted something easier to use out of the box for these types of projects. To meet these needs, we created Nomad Variables.

Nomad Variables enables you to provide secrets and configuration to your job:

angrycub

Nomad Variable CLI Shenanigans

First steps

Create a variable as key-value pairs.

nomad var put my/first/var user=me password=passW0rd thoughts=awesome 

angrycub

#!/bin/bash

NOMAD_VERSION="1.0.4"

wait() {
  if [[ "$1" != "" ]]
  then
    message="⌛️ $1..."
  else
    message="⌛️ Press any key to continue..."

angrycub

#!/bin/bash

nomad_bin=${HOME}/github/hashicorp/nomad/pkg/darwin_amd64/nomad
#nomad_bin=/usr/local/bin/nomad

show_file () {
  echo ""
  echo "+================================================"
  echo "| 📄 ${1}"
  echo "+------------------------------------------------"

angrycub

# WindowsBootstrap
# ----------------
# By default, this script will install Consul and Nomad both in client+server mode to create
# a single node Windows cluster. This script also installs Windows Containers. Would be good
# to have Java and QEMU in here too as optional dependencies for task drivers.

## Don't forget to add a password for the services.

$CONSUL_VERSION = 1.10.1
$NOMAD_VERSION = 1.0.3

angrycub

Consul Connect / ACL Enformcement Flow

Nomad starts the JobEndpoint

In the beginning of time, the Nomad server makes a JobEndpoint using the NewJobEndpoints function.

Job is submitted

A job is submitted to the API (either directly or via the CLI).

The API sends a JobRegisterRequest to Register(). The Register() call is forwarded to the leader where execution continues.

angrycub

Single Node Nomad Configuration

This is a complex and unsupported configuration

Nomad is designed to be a highly-available, quorum-based cluster scheduler. Nomad deployments need to have three or more server nodes and one or more client nodes.

That said, Nomad does provide a dev mode which enables you to run Nomad with a single agent process. However, Nomad dev agents do behave slightly different than non-dev agents. To create a more authentic feeling experience, you might want to run Nomad with a configuration

angrycub

import json
import requests
import sys

URL_BASE = "http://127.0.0.1:4646"
URL_API_PATH = "/v1/event/stream"
URL_QUERY_STRING = ""
#URL.QUERY_STRING = "?topic=Node:*"

url = URL_BASE + URL_API_PATH + URL_QUERY_STRING

angrycub

server {
  listen {{ env "PORT" }};
  server_name {{ env "DOMAIN" }};

  location / {
    proxy_pass http://{{ env "UPSTREAM" }};
  }
}

angrycub

title	date	draft	tags	menu
Manually Unfederating a Nomad Cluster using a Network Partition	2017-12-07 12:49:20 -0500	false	nomad	main parent Nomad