nomad-snapshots.nomad (1895B)
1 job "snapshot" { 2 datacenters = ["dc1"] 3 type = "batch" 4 5 vault { 6 role = "snapshot" 7 # export VAULT_TOKEN for use in snapshot.sh script 8 env = true 9 } 10 11 parameterized { 12 payload = "forbidden" 13 meta_required = ["service"] 14 } 15 16 periodic { 17 # At minute 12 past every hour 18 crons = [ 19 "12 */1 * * *" 20 ] 21 # prevents "volume max claim reached" on CSI volume 22 prohibit_overlap = true 23 } 24 25 group "snapshot" { 26 count = 1 27 28 volume "nomad-snapshots" { 29 type = "csi" 30 source = "nomad-snapshots" 31 access_mode = "multi-node-multi-writer" 32 attachment_mode = "file-system" 33 } 34 35 network { 36 mode = "host" 37 } 38 39 task "snapshot-save" { 40 driver = "exec" 41 42 env { 43 NOMAD_ADDR = "https://127.0.0.1:4646" 44 # only save variables from default namespace 45 NOMAD_NAMESPACE = "default" 46 NOMAD_SKIP_VERIFY = 1 47 # Snapshots can only be taken from the leader node 48 VAULT_ADDR = "https://vault.in0rdr.ch" 49 VAULT_SKIP_VERIFY = 1 50 } 51 52 template { 53 destination = "${NOMAD_TASK_DIR}/snapshot.sh" 54 data = file("./templates/snapshot.sh.tmpl") 55 perms = 755 56 } 57 58 template { 59 # export NOMAD_TOKEN for use in snapshot.sh script 60 destination = "${NOMAD_SECRETS_DIR}/NOMAD_TOKEN" 61 env = true 62 data = <<EOF 63 NOMAD_TOKEN={{with secret "kv/snapshot"}}{{index .Data.data.NOMAD_TOKEN}}{{end}} 64 EOF 65 } 66 67 config { 68 command = "${NOMAD_TASK_DIR}/snapshot.sh" 69 # Note: This meta variable (the parametrized service name) 70 # could also be directly accessed inside the template 71 args = [NOMAD_META_SERVICE] 72 } 73 74 volume_mount { 75 volume = "nomad-snapshots" 76 destination = "/mnt" 77 } 78 79 resources { 80 memory = 128 81 cpu = 200 82 } 83 } 84 } 85 }