adds readme and base nomad/consul config

.gitignore

@@ -0,0 +1 @@
+ansible/hosts

README.md

@@ -0,0 +1,42 @@
+# Redbrick Nomad Configs and Ansible Scripts
+
+This repo contains all of Redbrick's infrastructure that is deployed through Hashicorp's Nomad and uses ansible to configure and manage the hosts.
+
+## Nomad
+
+All Nomad job related configurations are stored in the `nomad` directory.
+
+The terminology used here is explained [here](https://developer.hashicorp.com/nomad/tutorials/get-started/get-started-vocab). This is **required reading**.
+
+All of the job files are stored in the `nomad` directory. To deploy a Nomad job manually, connect to a host and run
+
+```bash
+$ nomad job plan path/to/job/file.hcl
+```
+
+This will plan the allocations and ensure that what is deployed is the correct version.
+
+If you are happy with the deployment, run
+
+```bash
+$ nomad job run -check-index [id from last command] path/to/job/file.hcl
+```
+
+This will deploy the planned allocations, and will error if the file changed on disk between the plan and the run.
+
+You can shorten this command to just
+
+```bash
+$ nomad job plan path/to/file.hcl | grep path/to/file.hcl | bash
+```
+
+This will plan and run the job file without the need for you to copy and paste the check index id. Only use this once you are comfortable with how Nomad places allocations.
+
+## Ansible
+
+Ansible can be used to provision a new host, connect a host to the cluster, run new jobs and more.
+
+In order to use ansible from your local machine, you must have access to the admin vpn. This will allow you direct connection to each of the hosts.
+
+Change the `ansible/hosts.sample` file to your local username before you run any of these playbooks. Your local user should have an SSH key in its home dir, which can be configured with the `ssh` playbook.
+

ansible/templates/consul-server.hcl.j2

@@ -0,0 +1,14 @@
+server = true
+bootstrap_expect = {{ nomad_server_bootstrap_expect }}
+
+connect {
+  enabled = true
+}
+
+addresses {
+  grpc = "127.0.0.1"
+}
+
+ports {
+  grpc  = 8502
+}

ansible/templates/consul.hcl.j2

@@ -0,0 +1,32 @@
+datacenter = "{{ nomad_datacenter_name }}"
+data_dir = "/opt/consul"
+encrypt = "{{ consul_generated_encrypt_key }}"
+verify_incoming = true
+verify_outgoing = true
+verify_server_hostname = true
+bind_addr = "{{ GetPrivateInterfaces | include \"network\" \"10.10.0.0/24\" | attr \"address\" }}"
+client_addr = "0.0.0.0"
+
+ca_file = "/etc/consul.d/consul-agent-ca.pem"
+cert_file = "/etc/consul.d/{{ nomad_datacenter_name }}-server-consul-0.pem"
+key_file = "/etc/consul.d/{{ nomad_datacenter_name }}-server-consul-0-key.pem"
+
+auto_encrypt {
+  allow_tls = true
+}
+
+# TODO: add jinja template to add all except destination host address here
+retry_join = []
+
+acl {
+  enabled = false
+  default_policy = "allow"
+  enable_token_persistence = true
+}
+
+performance {
+  raft_multiplier = 1
+}
+
+# TODO: change once DNS is running on a host
+recursors = [] # adds DNS forwarding for non-`.consul` domains

ansible/templates/nomad-base.hcl

@@ -0,0 +1,10 @@
+datacenter = {{ nomad_datacenter_name }}
+data_dir = "/opt/nomad"
+
+bind_addr = "0.0.0.0"
+
+advertise {
+  http = "{{ ansible_default_ipv4[address] }}"
+  rpc  = "{{ ansible_default_ipv4[address] }}"
+  serf = "{{ ansible_default_ipv4[address] }}"
+}

ansible/templates/nomad-client.hcl

@@ -0,0 +1,18 @@
+client {
+  enabled = true
+}
+
+plugin "raw_exec" {
+  config {
+    enabled = true
+  }
+}
+
+plugin "docker" {
+  config {
+    allow_privileged = true
+    volumes {
+      enabled = true
+    }
+  }
+}

ansible/templates/nomad-server.hcl.j2

@@ -0,0 +1,4 @@
+server {
+  enabled = true
+  bootstrap_expect = {{ nomad_server_bootstrap_expect }}
+}