nomad supporting redhat family install

roles/common_vars/vars/main.yml

@@ -11,6 +11,7 @@ __hs_role_tasks_precedence:
   - "{{ ansible_distribution | lower }}_{{ ansible_architecture | lower }}/main.yml"
   - "{{ ansible_distribution | lower }}_{{ ansible_distribution_major_version }}/main.yml"
   - "{{ ansible_distribution | lower }}/main.yml"
+  - "{{ ansible_os_family | lower }}/main.yml"
 
 __hs_ansible_vault_password_file_is_present: >-
   {{ (lookup('env', 'ANSIBLE_VAULT_PASSWORD_FILE') | length) > 0 }}

roles/nomad/tasks/common/_bootstrap.yml

@@ -0,0 +1,46 @@
+---
+- name: Bootstrap
+  debug:
+    msg: "Starting nomad bootstrap"
+    verbosity: 1
+
+- name: Get nomad status
+  uri:
+    url: "{{ __hs_nomad_api.status }}"
+    return_content: true
+  register: _current_hs_nomad_status
+  environment:
+    SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
+  retries: 6
+  delay: 10
+  until:
+    - _current_hs_nomad_status.status == 200
+
+- name: Bootstrap acl
+  uri:
+    url: "{{ __hs_nomad_api.acl_bootstrap }}"
+    method: POST
+    body_format: json
+    return_content: true
+  environment:
+    SSL_CERT_FILE: /etc/ssl/certs/ca-certificates.crt
+  register: _hs_nomad_acl_bootstrap
+  run_once: true
+
+- name: Store nomad bootstrap secrets
+  copy:
+    dest: "{{ hs_nomad_local_secret_file }}"
+    mode: 0600
+    content: |-
+      ---
+      {{ {'root_nomad': _hs_nomad_acl_bootstrap.json} | to_nice_yaml(indent=2) }}
+  become: false
+  delegate_to: localhost
+
+- name: Marking bootstrap
+  copy:
+    dest: /etc/ansible/facts.d/{{ __hs_nomad_bootstrap_mark }}.fact
+    content: "true"
+    mode: 0640
+  tags:
+    - mark

roles/nomad/tasks/debian/main.yml

@@ -28,13 +28,8 @@
 - name: Flush
   meta: flush_handlers
 
-
-
-
-
-
 - name: Bootstrap
-  include_tasks: _bootstrap.yml
+  include_tasks: "{{ role_path }}/tasks/common/_bootstrap.yml"
   when:
     - __hs_nomad_is_master
     - __hs_nomad_bootstrap_mark not in ansible_local

roles/consul/tasks/rocky/main.yml → roles/nomad/tasks/redhat/main.yml

@@ -22,9 +22,24 @@
     file: "{{ role_path }}/tasks/common/_configure.yml"
     apply:
       tags: configure
-  when: __hs_consul_is_master
   tags:
     - configure
 
 - name: Flush
   meta: flush_handlers
+
+- name: Bootstrap
+  include_tasks: "{{ role_path }}/tasks/common/_bootstrap.yml"
+  when:
+    - __hs_nomad_is_master
+    - __hs_nomad_bootstrap_mark not in ansible_local
+  tags:
+    - bootstrap
+
+- name: Enable nomad service
+  systemd:
+    name: nomad
+    daemon_reload: true
+    state: started
+    enabled: true
+

roles/nomad/vars/main.yml

@@ -32,6 +32,8 @@ __hs_nomad_env_file: "{{ __hs_nomad_conf_dir }}/nomad.env"
 __hs_nomad_self_private_key: "{{ __hs_nomad_tls_dir }}/self.cert.key"
 __hs_nomad_self_certificate: "{{ __hs_nomad_tls_dir }}/self.fullchain.cert.pem"
 
+
+# BUG LATENT
 __hs_nomad_ca_certificate_dir: "/usr/local/share/ca-certificates"
 __hs_nomad_ca_certificate: "{{ __hs_nomad_ca_certificate_dir }}/nomad.ca.crt"
 

roles/stage1_rproxy/templates/hs.nginx.conf.j2

@@ -19,14 +19,6 @@ upstream nomad_masters {
 {% endfor %}
 }
 
-{% if groups['hashistack_minions'] is defined %}
-upstream nomad_minions {
-  ip_hash;
-{% for minion_name in groups['hashistack_minions'] %}
-  server {{ minion_name }}.{{ public_domain }}:8080;
-{% endfor %}
-}
-{% endif %}
 
 server {
 	listen 80;
@@ -117,7 +109,15 @@ server {
   }
 }
 
-{% if groups['hashistack_minions'] is defined %}
+
+{% if groups['hashistack_minions'] is defined and (groups['hashistack_minions'] | length) > 0 %}
+upstream nomad_minions {
+  ip_hash;
+{% for minion_name in groups['hashistack_minions'] %}
+  server {{ minion_name }}.{{ public_domain }}:8080;
+{% endfor %}
+}
+
 server {
 	listen 80;
   server_name *.{{ public_domain }};