一、环境准备
1. 基础配置
bash# 系统优化
cat >> /etc/sysctl.conf << EOF
vm.swappiness = 0
net.ipv4.ip_local_port_range = 1024 65535
net.core.somaxconn = 65535
EOF
sysctl -p
# 安装依赖
apt update
apt install -y curl unzip jq
2. Nomad安装
bash# 下载Nomad
wget https://releases.hashicorp.com/nomad/1.5.6/nomad_1.5.6_linux_amd64.zip
unzip nomad_1.5.6_linux_amd64.zip
mv nomad /usr/local/bin/
# 创建配置目录
mkdir -p /etc/nomad.d
mkdir -p /opt/nomad
二、服务器配置
1. Server配置
hcl# /etc/nomad.d/server.hcl
datacenter = "dc1"
data_dir = "/opt/nomad/data"
server {
enabled = true
bootstrap_expect = 3
server_join {
retry_join = ["10.0.1.1", "10.0.1.2", "10.0.1.3"]
retry_max = 3
retry_interval = "15s"
}
}
consul {
address = "127.0.0.1:8500"
server_service_name = "nomad"
client_service_name = "nomad-client"
auto_advertise = true
server_auto_join = true
client_auto_join = true
}
2. Client配置
hcl# /etc/nomad.d/client.hcl
datacenter = "dc1"
data_dir = "/opt/nomad/data"
client {
enabled = true
network_interface = "eth0"
options = {
"driver.raw_exec.enable" = "1"
"docker.privileged.enabled" = "true"
}
}
三、任务调度配置
1. 基本任务定义
hcljob "web-app" {
datacenters = ["dc1"]
type = "service"
group "web" {
count = 3
network {
port "http" {
to = 8080
}
}
task "webapp" {
driver = "docker"
config {
image = "nginx:latest"
ports = ["http"]
}
resources {
cpu = 500
memory = 256
}
}
}
}
2. 服务发现集成
hclservice {
name = "webapp"
port = "http"
check {
type = "http"
path = "/"
interval = "10s"
timeout = "2s"
}
tags = ["webapp", "http"]
}
四、网络配置
1. CNI插件配置
hclclient {
cni_path = "/opt/cni/bin"
cni_config_dir = "/etc/cni/conf.d"
}
plugin "docker" {
config {
extra_labels = ["job_name", "task_group", "task_name"]
volumes {
enabled = true
}
}
}
2. 网络隔离
hclnetwork {
mode = "bridge"
port "http" {
static = 8080
to = 8080
}
}
五、监控与日志
1. Prometheus集成
hcltelemetry {
prometheus_metrics = true
publish_allocation_metrics = true
publish_node_metrics = true
disable_hostname = true
}
2. 日志配置
hclclient {
logging {
logs_dir = "/var/log/nomad"
stdout_log_size = "10M"
stderr_log_size = "10M"
}
}
六、安全配置
1. ACL配置
hclacl {
enabled = true
token_ttl = "30s"
policy_ttl = "30s"
}
tls {
http = true
rpc = true
ca_file = "/etc/nomad.d/tls/ca.pem"
cert_file = "/etc/nomad.d/tls/cert.pem"
key_file = "/etc/nomad.d/tls/key.pem"
}
2. 安全策略
hcl# policy.hcl
namespace "default" {
policy = "write"
}
agent {
policy = "read"
}
node {
policy = "read"
}
最佳实践建议
- 集群规划
- 合理规划节点角色
- 配置资源限制
- 优化调度策略
- 设置故障转移
- 性能优化
- 监控资源使用
- 优化网络配置
- 管理存储卷
- 配置资源预留
- 运维管理
- 配置备份策略
- 监控系统状态
- 管理证书更新
- 制定升级计划
本指南为您提供了在云服务器上搭建Nomad集群的完整方案。记住,集群的配置需要根据实际业务需求不断调整和优化。
重要提示:
- 定期更新版本
- 监控集群状态
- 优化资源配置
- 做好数据备份
对于生产环境的Nomad集群,建议建立完善的监控告警机制,确保集群的稳定运行。同时,要注意安全配置和资源管理,保证业务的持续可用。