Updated exec2 case in quickstart (#40)

* Updated exec2 case in quickstart * Update README.md Updated Intro part in the begining by mentioning exec2 inclusion. * Update README.md Moved exec2 description from intro to pre-requisites section. * Update hashibox.pkr.hcl Added exec2 install in packer * fix indentation * Moved exec2 to a separate provisioner --------- Co-authored-by: Vishal <vsaxena@hashicorp.com> Co-authored-by: Ranjandas <thejranjan@gmail.com>
Ranjandas · Jun 27, 2024 · 3d2585b · 3d2585b
1 parent 867d8e5
commit 3d2585b
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 2 deletions.
diff --git a/packer/hashibox.pkr.hcl b/packer/hashibox.pkr.hcl
@@ -138,6 +138,11 @@ build {
       "sudo mkdir /etc/consul.d/certs && cd /etc/consul.d/certs ; sudo consul tls ca create",
       "sudo mkdir /etc/nomad.d/certs && cd /etc/nomad.d/certs ; sudo nomad tls ca create",
 
+      # Install exec2 driver and copy under /opt/nomad/data/plugins dir
+      "sudo dnf install -y nomad-driver-exec2 --enablerepo hashicorp-test",
+      "sudo mkdir /opt/nomad/data/plugins && sudo chown nomad:nomad /opt/nomad/data/plugins",
+      "sudo cp /usr/bin/nomad-driver-exec2 /opt/nomad/data/plugins/",
+
       # Set permissions for the certs directory
       "sudo chown consul:consul /etc/consul.d/certs",
       "sudo chown nomad:nomad /etc/nomad.d/certs",

diff --git a/scenarios/nomad-consul-quickstart/README.md b/scenarios/nomad-consul-quickstart/README.md
@@ -1,6 +1,6 @@
 # Scenario: Nomad Consul Quickstart
 
-This scenario deploys both Nomad and Consul with out any of the security configurations in place. This scenario is useful when you have to play around the features of Nomad (with or without Consul) and not worry about the security aspects.
+This scenario deploys both Nomad and Consul with out any of the security configurations in place. This scenario is useful when you have to play around the features of Nomad (with or without Consul) and not worry about the security aspects. 
 
 ## Prerequsites
 
@@ -10,6 +10,7 @@ This scenario has the following pre-requsites:
 * Requires a base VM image built using packer (`../../packer/hashibox.pkr.hcl`)
 * Uses `qemu` driver (you can use `vz` by modifying `vmType` in the template)
 * If running enterprise binaries, the Consul and Nomad licenses should be passed as environment variable (shown in the example below)
+* Packer is baked with `exec2` driver, and Nomad only utilizes this driver when version 1.8.x or higher is deployed.
 
 ### Usage
 
@@ -68,4 +69,4 @@ ID        Node Pool  DC      Name                Class   Drain  Eligibility  Sta
 
 ```
 $ shikari destroy -f -n murphy
-```
+```
diff --git a/scenarios/nomad-consul-quickstart/hashibox.yaml b/scenarios/nomad-consul-quickstart/hashibox.yaml
@@ -115,6 +115,42 @@ provision:
         }
       EOF
       fi
+
+  - mode: system # configure Nomad exec2 driver
+    script: |
+      #!/bin/bash
+
+      # Get Nomad version
+      nomad_version=$(nomad --version | sed -n 's/^Nomad v\([0-9]\+\.[0-9]\+\).*/\1/p')
+      nomad_required_version="1.8"
+
+      if awk 'BEGIN { exit !('"${nomad_version}"' >= '"${nomad_required_version}"') }' && [[ $MODE == "client" ]]; then
+      # Check if Nomad version is 1.8 or higher
+      cat <<-EOF > /etc/nomad.d/exec2.hcl
+      plugin "nomad-driver-exec2" {
+        config {
+          unveil_defaults = true
+          unveil_paths    = []
+          unveil_by_task  = true
+        }
+      }
+      EOF
+
+        package_name="nomad-driver-exec2"
+        existing_package_location="/usr/bin"
+        nomad_pluginsdir=/opt/nomad/data/plugins
+
+        # Check if the directory exists
+        if [ ! -d "$nomad_pluginsdir" ]; then
+          mkdir -p "$nomad_pluginsdir"
+        fi
+
+        # Check if the plugin exists.
+        if rpm -q "$package_name" >/dev/null 2>&1; then
+          cp "$existing_package_location/$package_name" "$nomad_pluginsdir"
+        fi
+      fi
+
   - mode:
     script: |
       systemctl enable --now docker

diff --git a/scenarios/nomad-consul-secure/hashibox.yaml b/scenarios/nomad-consul-secure/hashibox.yaml
@@ -197,6 +197,42 @@ provision:
         }
       EOF
       fi
+
+  - mode: system # configure Nomad exec2 driver
+    script: |
+      #!/bin/bash
+
+      # Get Nomad version
+      nomad_version=$(nomad --version | sed -n 's/^Nomad v\([0-9]\+\.[0-9]\+\).*/\1/p')
+      nomad_required_version="1.8"
+
+      if awk 'BEGIN { exit !('"${nomad_version}"' >= '"${nomad_required_version}"') }' && [[ $MODE == "client" ]]; then
+      # Check if Nomad version is 1.8 or higher
+      cat <<-EOF > /etc/nomad.d/exec2.hcl
+      plugin "nomad-driver-exec2" {
+        config {
+          unveil_defaults = true
+          unveil_paths    = []
+          unveil_by_task  = true
+        }
+      }
+      EOF
+
+        package_name="nomad-driver-exec2"
+        existing_package_location="/usr/bin"
+        nomad_pluginsdir=/opt/nomad/data/plugins
+
+        # Check if the directory exists
+        if [ ! -d "$nomad_pluginsdir" ]; then
+          mkdir -p "$nomad_pluginsdir"
+        fi
+
+        # Check if the plugin exists.
+        if rpm -q "$package_name" >/dev/null 2>&1; then
+          cp "$existing_package_location/$package_name" "$nomad_pluginsdir"
+        fi
+      fi
+
   - mode: system
     script: |
       systemctl enable --now docker