Nomad¶
Umfassende HashiCorp Nomad Befehle und Workflows für Workload-Orchestrierung, Job-Scheduling und Cluster-Management.
Installation und Inbetriebnahme¶
| Command | Description |
|---|---|
nomad version |
Show Nomad version |
nomad agent -dev |
Start development agent |
nomad agent -config=nomad.hcl |
Start with configuration |
nomad server members |
List server members |
nomad node status |
List client nodes |
Job Management¶
Stellenangebote¶
| Command | Description |
|---|---|
nomad job run example.nomad |
Submit job |
nomad job status |
List all jobs |
nomad job status example |
Show job details |
nomad job stop example |
Stop job |
nomad job stop -purge example |
Stop and purge job |
Jobplanung und Validierung¶
| Command | Description |
|---|---|
nomad job plan example.nomad |
Plan job changes |
nomad job validate example.nomad |
Validate job file |
nomad job inspect example |
Inspect job configuration |
nomad job history example |
Show job history |
Job Scaling¶
| Command | Description |
|---|---|
nomad job scale example 5 |
Scale job to 5 instances |
nomad job scale example group 3 |
Scale specific group |
Allocation Management¶
Zuweisungen¶
| Command | Description |
|---|---|
nomad alloc status |
List allocations |
nomad alloc status ALLOC_ID |
Show allocation details |
nomad alloc logs ALLOC_ID |
Show allocation logs |
nomad alloc logs -f ALLOC_ID |
Follow allocation logs |
nomad alloc exec ALLOC_ID /bin/bash |
Execute command in allocation |
Allocation Debugging¶
| Command | Description |
|---|---|
nomad alloc fs ALLOC_ID |
List allocation files |
nomad alloc fs ALLOC_ID /path/to/file |
Read allocation file |
nomad alloc restart ALLOC_ID |
Restart allocation |
nomad alloc stop ALLOC_ID |
Stop allocation |
Node Management¶
Node Operationen¶
| Command | Description |
|---|---|
nomad node status |
List all nodes |
nomad node status NODE_ID |
Show node details |
nomad node drain NODE_ID |
Drain node |
nomad node eligibility -disable NODE_ID |
Disable node scheduling |
nomad node eligibility -enable NODE_ID |
Enable node scheduling |
Keine Wartung¶
| Command | Description |
|---|---|
nomad node drain -enable -deadline 30m NODE_ID |
Drain with deadline |
nomad node drain -disable NODE_ID |
Cancel drain |
nomad node meta apply NODE_ID key=value |
Set node metadata |
Name und Name¶
| Command | Description |
|---|---|
nomad namespace list |
List namespaces |
nomad namespace status default |
Show namespace details |
nomad namespace apply -description="Dev environment" dev |
Create namespace |
nomad namespace delete dev |
Delete namespace |
ACL Management¶
ACL Operationen¶
| Command | Description |
|---|---|
nomad acl bootstrap |
Bootstrap ACL system |
nomad acl token create -name="dev-token" -policy=dev-policy |
Create token |
nomad acl token list |
List tokens |
nomad acl token info TOKEN_ID |
Show token details |
ACL Richtlinien¶
| Command | Description |
|---|---|
nomad acl policy apply dev-policy dev-policy.hcl |
Create/update policy |
nomad acl policy list |
List policies |
nomad acl policy info dev-policy |
Show policy details |
Überwachung und Debugging¶
Systeminformationen¶
| Command | Description |
|---|---|
nomad operator raft list-peers |
List Raft peers |
nomad operator snapshot save backup.snap |
Create snapshot |
nomad operator snapshot restore backup.snap |
Restore snapshot |
Überwachung¶
| Command | Description |
|---|---|
nomad monitor |
Stream logs |
nomad monitor -log-level=DEBUG |
Debug level logs |
nomad status |
Show cluster status |
Beispiele für die Job-Spezifikation¶
Basic Web Service¶
```hcl job "web" \\{ datacenters = ["dc1"] type = "service"
group "web" \\{ count = 3
network \\\\{
port "http" \\\\{
static = 8080
\\\\}
\\\\}
service \\\\{
name = "web"
port = "http"
check \\\\{
type = "http"
path = "/health"
interval = "10s"
timeout = "2s"
\\\\}
\\\\}
task "server" \\\\{
driver = "docker"
config \\\\{
image = "nginx:latest"
ports = ["http"]
\\\\}
resources \\\\{
cpu = 100
memory = 128
\\\\}
\\\\}
\\} \\} ```_
Batch Job¶
```hcl job "batch-job" \\{ datacenters = ["dc1"] type = "batch"
group "processing" \\{ count = 1
task "process" \\\\{
driver = "docker"
config \\\\{
image = "alpine:latest"
command = "sh"
args = ["-c", "echo 'Processing data...' && sleep 30"]
\\\\}
resources \\\\{
cpu = 200
memory = 256
\\\\}
\\\\}
\\} \\} ```_
Regelmäßiger Job¶
```hcl job "backup" \\{ datacenters = ["dc1"] type = "batch"
periodic \\{ cron = "0 2 * * *" prohibit_overlap = true \\}
group "backup" \\{ task "backup-task" \\{ driver = "docker"
config \\\\{
image = "backup-tool:latest"
command = "/backup.sh"
\\\\}
resources \\\\{
cpu = 100
memory = 256
\\\\}
\\\\}
\\} \\} ```_
System Job¶
```hcl job "monitoring" \\{ datacenters = ["dc1"] type = "system"
group "monitoring" \\{ task "node-exporter" \\{ driver = "docker"
config \\\\{
image = "prom/node-exporter:latest"
network_mode = "host"
pid_mode = "host"
\\\\}
resources \\\\{
cpu = 50
memory = 64
\\\\}
\\\\}
\\} \\} ```_
Konfigurationsbeispiele¶
Serverkonfiguration¶
```hcl datacenter = "dc1" data_dir = "/opt/nomad/data" log_level = "INFO" bind_addr = "0.0.0.0"
server \\{ enabled = true bootstrap_expect = 3
server_join \\{ retry_join = ["10.0.1.10", "10.0.1.11", "10.0.1.12"] \\} \\}
consul \\{ address = "127.0.0.1:8500" \\}
vault \\{ enabled = true address = "https://vault.service.consul:8200" \\}
acl \\{ enabled = true \\}
ui \\{ enabled = true \\} ```_
Client Konfiguration¶
```hcl datacenter = "dc1" data_dir = "/opt/nomad/data" log_level = "INFO" bind_addr = "0.0.0.0"
client \\{ enabled = true
server_join \\{ retry_join = ["10.0.1.10", "10.0.1.11", "10.0.1.12"] \\}
node_class = "compute"
meta \\{ "type" = "worker" "zone" = "us-east-1a" \\} \\}
plugin "docker" \\{ config \\{ allow_privileged = true volumes \\{ enabled = true \\} \\} \\}
consul \\{ address = "127.0.0.1:8500" \\}
vault \\{ enabled = true address = "https://vault.service.consul:8200" \\} ```_
Erweiterte Funktionen¶
Einschränkungen und Affinitäten¶
```hcl job "web" \\{ constraint \\{ attribute = "$\\{attr.kernel.name\\}" value = "linux" \\}
affinity \\{ attribute = "$\\{node.class\\}" value = "compute" weight = 100 \\}
group "web" \\{ constraint \\{ attribute = "$\\{meta.zone\\}" value = "us-east-1a" \\}
# ... rest of group configuration
\\} \\} ```_
Finanzmanagement¶
```hcl job "database" \\{ group "db" \\{ volume "data" \\{ type = "host" source = "mysql_data" read_only = false \\}
task "mysql" \\\\{
driver = "docker"
volume_mount \\\\{
volume = "data"
destination = "/var/lib/mysql"
\\\\}
config \\\\{
image = "mysql:8.0"
\\\\}
\\\\}
\\} \\} ```_
Service Discovery Integration¶
```hcl job "api" \\{ group "api" \\{ service \\{ name = "api" port = "http"
tags = [
"api",
"v1.0",
"traefik.enable=true",
"traefik.http.routers.api.rule=Host(`api.example.com`)"
]
check \\\\{
type = "http"
path = "/health"
interval = "10s"
timeout = "2s"
\\\\}
connect \\\\{
sidecar_service \\\\{
proxy \\\\{
upstreams \\\\{
destination_name = "database"
local_bind_port = 5432
\\\\}
\\\\}
\\\\}
\\\\}
\\\\}
\\} \\} ```_
Best Practices¶
Job Design¶
- Resource Allocation: Setzen Sie entsprechende CPU- und Speichergrenzen
- **Gesundheitskontrollen*: Durchführung umfassender Gesundheitskontrollen
- Graceful Shutdown: Schalten Sie SIGTERM Signale richtig
- Logging: Verwenden Sie strukturiertes Protokoll mit den richtigen Ebenen
- ** Konfiguration*: Vorlagen und Umgebungsvariablen verwenden
Cluster Management¶
- ** Hohe Verfügbarkeit**: Bereitstellung mehrerer Serverknoten
- **Backup-Strategie*: Regelmäßige Snapshots und Backups
- Monitoring: Überwachung von Cluster-Gesundheit und Jobstatus
- **Kapazitätsplanung*: Plan für Ressourcenanforderungen
- Sicherheit: ACL aktivieren und TLS verwenden
Operationen¶
- **Rolling-Updates*: Verwenden Sie Update-Strategien für null Ausfallzeiten
- Kanzleien: Teständerungen mit Kanarieneinsätzen
- ** Ressourcenüberwachung** Ressourcennutzung überwachen
- Log Aggregation: Zentrale Protokollsammlung
- Alerting: Alarme für kritische Fragen einrichten
Sicherheit¶
- ACL Richtlinien: Mindestberechtigungszugriff
- Network Security: Dienstnetz für sichere Kommunikation verwenden
- **Secrets Management*: Integrieren mit Tresor für Geheimnisse
- Image Security: Scannen von Containerbildern für Schwachstellen
- **Audit Logging*: Auditprotokoll aktivieren für Compliance