5 min to read.
Managing distributed applications and workloads on servers can be a complex task. HashiCorp Nomad provides a solution that makes it possible to orchestrate containers and other workloads efficiently on a cluster. In this first part of the Nomad tutorials, we will guide you step by step through the installation of Nomad on an Ubuntu server.
Nomad is installed on both the client and the server. The following section describes the installation of Nomad on a Mac client and an Ubuntu server.
First add the HashiCorp repository to Brew:
brew tap hashicorp/tap
Nomad can then be installed directly:
brew install hashicorp/tap/nomad
To update to the latest version, do the following:
brew upgrade hashicorp/tap/nomad
First install some core packages on the Ubuntu server that are needed to add the HashiCorp repositories to Ubuntu:
sudo apt-get update && \
sudo apt-get install wget gpg coreutils
Add the HashiCorp archive key:
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
Add the HashiCorp repository to the list of package sources:
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
Update the package sources and install Nomad
sudo apt-get update && sudo apt-get install nomad
Further information on installation on other operating systems can be found here.
It is also necessary to install Docker on the server. Nomad will later use Docker to host containers. Here are the steps to install Docker on Ubuntu:
sudo apt update
sudo apt install -y docker.io
The creation of certificates is optional, but recommended if secure communication is required. Here are the steps for creating certificates:
nomad tls ca create
nomad tls cert create -server
nomad tls cert create -cli
Use these commands to create certificates and keys for a certification authority (CA) for Nomad, a server and for the CLI (Command Line Interface). Note that the server certificate is used to secure the communication between the Nomad servers and the CLI.
Later, a certificate is required for authentication against the Nomad UI. This is installed in the browser or in the operating system.
To generate the certificate, the following command creates a PKCS#12 file (browser.p12) containing the certificate and the private key.
openssl pkcs12 -export -in global-cli-nomad.pem -inkey global-cli-nomad-key.pem -out browser.p12
Create a directory on the server in which the certificates can be stored.
sudo mkdir -p /etc/tls/nomad/
Next, the certificates are copied to the server. To do this, the CA certificate and the key as well as the server certificate are copied over. To do this, replace username and destination address with your values.
scp /path/to/nomad-agent-ca.pem username@zieladresse:/etc/tls/nomad
scp /path/to/global-server-nomad.pem username@zieladresse:/etc/tls/nomad
scp /path/to/global-server-nomad-key.pem username@zieladresse:/etc/tls/nomad
A Container Network Interface (CNI) plugin is required for communication between Docker containers and the management of networks. CNI plugins enable efficient communication and coordination of networks in container environments.
Here are the steps to install the CNI plugin for Nomad on your Ubuntu server:
curl -L -o cni-plugins.tgz "https://github.com/containernetworking/plugins/releases/download/v1.0.0/cni-plugins-linux-$( [ $(uname -m) = aarch64 ] && echo arm64 || echo amd64)"-v1.0.0.tgz && \
sudo mkdir -p /opt/cni/bin && \
sudo tar -C /opt/cni/bin -xzf cni-plugins.tgz
CNI plugins play a crucial role in container orchestration as they ensure connectivity and communication between containers. Installing these plugins will enable Nomad to effectively manage container networks and ensure that the applications in your cluster can interact smoothly with each other.
First, we need to create a secret that you can later place in the placeholder `!my-created-secret!
nomad operator gossip keyring generate
The Nomad configuration is created on the server and stored in the /etc/nomad.d folder. I use nomad.hcl as the file name. Use a text editor like Nano to create the configuration, if there is already a file there, replace all existing text:
# The path where Nomad stores data
data_dir = "/usr/hashicorp/nomad"
# The name of the data centre in which Nomad is operated
datacenter = "!dein-datacenter-name!"
bind_addr = "0.0.0.0"
advertise {
rpc = "localhost:4647"
serf = "localhost:4648"
http = "localhost:4646"
}
# Server configuration
server {
enabled = true
bootstrap_expect = 1
encrypt = "!dein-ausgedachtes-secret!"
}
# Client-configuration
client {
enabled = true
}
plugin "docker" {
config {
# Allows privileged access for Docker containers
allow_privileged = true
# Activates volumes for Docker containers
volumes {
enabled = true
}
}
}
# Optional, if you want to protect Nomad with certificates
tls {
http = true
rpc = true
# Path to the CA certificate file
ca_file = "/etc/tls/nomad/nomad-agent-ca.pem"
# Path to the server certificate file
cert_file = "/etc/tls/nomad/global-server-nomad.pem"
# Path to the server key
key_file = "/etc/tls/nomad/global-server-nomad-key.pem"
# Activates the verification of the server host name
verify_server_hostname = true
# Activates the verification of the HTTPS client
verify_https_client = true
}
Replace the placeholders such as your-datacenter-name and your-secret with your specific values. Make sure that the paths to the certificate files are correct if you activate the TLS options.
Create a systemd service file to start Nomad as a service. To open the editor, use nano on the server and place the file in the Systemd system directory.
sudo nano /etc/systemd/system/nomad.service
Copy the following code into the editor:
[Unit]
Description=Nomad
Documentation=https://www.nomadproject.io/docs/
Wants=network-online.target
After=network-online.target
[Service]
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/bin/nomad agent -config /etc/nomad.d
KillMode=process
KillSignal=SIGINT
LimitNOFILE=65536
LimitNPROC=infinity
Restart=on-failure
RestartSec=2
TasksMax=infinity
OOMScoreAdjust=-1000
[Install]
WantedBy=multi-user.target
Save the files and start the Nomad service:
sudo systemctl enable nomad.service
sudo systemctl start nomad.service
Nomad should now be successfully installed and started on your Ubuntu server. You can test this by calling https:<ip-address>:4646 in your browser. If you get a warning there, it is possible that you still need to install the necessary certificates. You should also check whether port 4646 is open on the firewall.
In the next tutorial, we will go into the configuration of Nomad in more detail and create a simple job.