Hello,
I am currently hosting all my infrastructure with Ansible and docker-compose, however I want to take advantage of Nomad. I have had infinite trouble attempting to dynamically import files into docker containers.
I have had success in client.hcl utilizing host_volume and defining a location on my client pc. However this is not feasible in a production environment. here I would like to simply write a job file that downloads exclusively the necessary files and imports them into the docker container.
Currently I get an error “Constraint missing compatible host volumes filtered 1 node”. This is due to the fact that the files have not been download yet, however they will be downloaded when the first task of the job runs.
Is there a fix for this or a better way of doing it?
I guess the error is caused by type = “host”, but I don’t know how else to go about this.
Currently i am downloading the entire github repo for testing purposes
My jobfile:
job "infra-automation" {
datacenters = ["dc1"]
group "approle-test" {
task "clone-repo" {
driver = "raw_exec"
config {
command = "/bin/bash"
args = ["local/clone-repo.sh"]
}
vault {
policies = ["nomad"]
}
# Dynamically fetch the GitHub token from Vault
template {
data = <<EOT
#!/bin/bash
export GITHUB_TOKEN={{ with secret "kv/data/githubkey" }}{{ .Data.data.token }}{{ end }}
REPO_DIR="$NOMAD_TASK_DIR/repo"
if [ -d "$REPO_DIR/.git" ]; then
echo "Repository already cloned. Pulling latest changes..."
cd "$REPO_DIR" || exit 1
git pull || exit 1
else
echo "Cloning repository..."
git clone https:/<USERNAME>:$GITHUB_TOKEN@github.com/<GITREPO> "$REPO_DIR" || exit 1
fi
if [ -f "$REPO_DIR/README.md" ]; then
echo "Repository is ready!"
else
echo "Failed to set up repository."
exit 1
fi
EOT
destination = "local/clone-repo.sh"
perms = "0755"
}
resources {
cpu = 500
memory = 256
}
}
}
group "traefik" {
count = 1
network {
mode = "host"
port "web" {
static = 80
host_network = "private"
}
port "websecure" {
static = 443
host_network = "private"
}
}
service {
name = "traefik-web"
provider = "nomad"
port = "web"
}
task "server" {
driver = "docker"
config {
image = "traefik:2.8"
ports = ["websecure", "web"]
args = [
"--api.dashboard=true",
"--api.insecure=true", # Test only
"--entrypoints.web.address=:80",
"--entrypoints.websecure.address=:443",
"--providers.nomad=true",
"--providers.nomad.endpoint.address=<MYNOMADSERVER>:4646",
"-c", "cat /root.crt >> /etc/ssl/certs/ca-certificates.crt && traefik"
]
command = "/bin/sh"
dns_servers = ["100.100.100.100"]
volume_mount {
volume = "traefik-config"
destination = "/etc/traefik"
read_only = false
}
volume_mount {
volume = "docker-sock"
destination = "/var/run/docker.sock"
read_only = true
}
volume_mount {
volume = "root-cert"
destination = "/root.crt"
read_only = false
}
}
}
volume "traefik-config" {
type = "host"
source = "$NOMAD_TASK_DIR/repo/config/traefik/config/"
}
volume "docker-sock" {
type = "host"
source = "/var/run/docker.sock"
}
volume "root-cert" {
type = "host"
source = "$NOMAD_TASK_DIR/repo/config/traefik/root.crt"
}
}
}