README.md

NIRVai Nomad docs

• scripting architecture & guidance
• source code
• configuration

RACEXP

• NIRV DOCS IaC board
• RACEXP docs

NIRVai Mindset

if it doesnt copypasta, it doesnt belong in your stack

insert video here

WHY NOMAD ?

• put stuff here

NIRVai is a zero trust open source platform

• copypasta from consul, we need something specific for nomad

all services must follow PoLP and require authnz

validation: transition from local to cloud services

• transitioning from: active development with docker compose
  • i.e. where:
    • apps are developed
    • unit tests are accepted
• transitioning to: validation with nomad orchestration
  • i.e. where
    • integration & e2e tests are accepted
    • security controls established and first round of obfuscation occurs
    • service runtimes mirror prod infrastructure

helpful links

• error about cni plugin
• enabling bind mounts
• vault container requires ipc_lock

REQUIREMENTS

• complete CFSSL setup
  • be sure to create a p12 cert to access nomad UI from your browser
• see the env docs for how to set up /etc/ssl/certs
• your services are ready for deployment

# jq:       # @see https://stedolan.github.io/jq/manual/
# nomad:    # @see https://developer.hashicorp.com/nomad/docs/install

# directory structure matches:
├── scripts      # @see https://github.com/nirv-ai/scripts
├── configs      # @see https://github.com/nirv-ai/configs
├── $REPO_DIR_NAME
    └── iac/$ENV                  # validation|test|stage|production
        ├── $REPO_DIR_NAME.nomad  # jobspec for this stack
        ├── client.nomad          # nomad client conf
        ├── server.nomad          # nomad server conf

INTERFACE

###########

NOMAD_ADDR_SUBD=dev
NOMAD_ADDR_HOST=nirv.ai
NOMAD_SERVER_PORT=4646
NOMAD_ADDR=https://$NOMAD_ADDR_SUBD.$NOMAD_ADDR_HOST:$NOMAD_SERVER_PORT
NOMAD_CACERT=/etc/ssl/certs/mad.nirv.ai/ca.pem
NOMAD_CLIENT_CERT=/etc/ssl/certs/mad.nirv.ai/cli-0.pem
NOMAD_CLIENT_KEY=/etc/ssl/certs/mad.nirv.ai/cli-0-key.pem

start nomad server and client agents

# prefix all cmds with script.nmd.sh
###########
# sync configs
# we validate every config and jobspec, deal with the errors
sync-confs

# start server agent in bg
start server

# start client agent in bg
start client

# check status of all servers
get server

# check status of all clients
get client

# open the Nomad UI: https://mad.nirv.ai:4646

deploy nomad jobspec

create stack core

## create a fresh job plan and retrieve the index number from stdout
create plan core

## deploy the core stack
run core indexNumber

# check stacks & specifically core
get stack # list all stacks
get stack core # check on the core stack

## cleanup
## rm/stop the job
rm core
stop core

## requires shell-init
kill

## reset nomad to a green state if you dont plan on using it later
gc

usage

• TODO: move this entire section to usage.md

## review logs of running containers
## TODO: move this to one of the docker scripts
dockerlogs
dockerlogs-kill # cleanup when finished

## inspection
get client [ID] # all/specific client agent
get dep [DEPLOYMENT_ID] # all/specific deployment
get eval [EVAL_ID] # all/specific evaluation
get loc [ALLOCATION_ID] # get all/specific allocation
get self # info about local nomad agent
get server # info about server agents
get service [SRV_NAME] # list all/specific service
get stack [STACK_ID] # all/specific stack (jobs)

next steps

• Congrats!
• checkout usage usage docs
  • TODO: this file is seriously out of date