In my previous article, we talked about the advantages of using container technologies. And the most famous container orchestration tools should be Kubernetes (k8s). But k8s is not easy to maintain and it is quite complicated. The next question you may ask, is there any simplified container orchestration? Yes, Nomad. If you did not hear about Nomad, you may probably heard about Terraform, in fact they are under the same company called HashiCorp.
According to the official guide, Nomad is “A simple and flexible workload orchestrator to deploy and manage containers and non-containerized applications across on-prem and clouds at scale.” As a matter of fact, when we talk about k8s, we normally depend on the k8s clusters provided by cloud provider, no one wants to maintain the cluster by themselves. But for Nomad, we can even just need 1 instance only.
Another tool I would like to introduce is Consul. According to the official guide, “Consul automates networking for simple and secure application delivery.” Consul is good for secure connection between services, and the UI is quite awesome (I think).
What we will do
I am not a theory guy, let’s talk about what we do in this tutorial. I will make use of the official tutorial to build dashboard counter. However, the tutorial is just teaching how you apply the “job” but not teaching you how to setup the whole Nomad and Consul. So I will demonstrate how to use ansible to setup our Nomad testing environment. In this tutorial, we use Google Cloud instance but in fact it doesn’t matter, you can even deploy to on-premises server. The final result should look like below.
- A Linux server, prefer ubuntu 20 or above
- Open firewall port for TCP port 22, 4646, 8500 and 9002
- Ansible installed, knowledge in ansible
- Know your server IP
In addition, you could also store your public key in server directly when you create an instance.
After the creation, your server ip is shown here:
First of all, please git clone or fork my prepared files:
git clone https://github.com/manbobo2002/nomad-consul.git
Our main playbook is very classic, we just need to update our server, install docker, consul and nomad.
If you don’t want to have a great change, the only thing you must change is just the server IP you want to locate, and the ansible_user name as well.
If you want to make it more “real”, I also prepare a template for you to input your secrets. And in fact you could turn on the ACL token for Nomad, that means only people who own the token can access Nomad UI. But for this tutorial I turn it off.
For consul_encrypt, you can generate a base64-encoded 32-byte random key using openssl instead of my provided key.
openssl rand -base64 32
In case you want to protect your secrets or variables with a key, in Ansible you could use below command:
$ ansible-vault encrypt_string abcde12345
New Vault password:
Confirm New Vault password:
The Vault password should be the key you provide.
Now it is time to apply it, just run below command, may be run it 2 times because the first time may not be successful as Nomad and Consul need to restart.
ansible-playbook -i production nomad-test.yml --diff
If you encrypt your variables, then you need to use below command and provide your own key instead:
ansible-playbook -i production nomad-test.yml --ask-vault-pass --diff
The last task of Nomad is to run our
- name: apply nomad jobs command: /usr/local/bin/nomad job run --detach countdash.nomad become: yesargs:chdir: /opt/nomad ignore_errors: True
The example job is nothing but just a front end and back end docker container. The front end expose port 9002 and connect to backend port 9001.
Then browse your Nomad and Consul by:
And we can now access our wonderful Nomad and Consul dashboard.
And test our application on http://<server-ip>:9002
In this article, we demonstrate how to manage our container using Nomad and Consul. Nomad is an alternative tools to Kubernetes and make container management much more simplified while Consul is a tool for service mesh.