X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=fdio.infra.ansible%2Froles%2Faws%2Ftasks%2Fmain.yaml;h=b5132c1909bc2d48131c7ade056fe16c78a1306b;hb=HEAD;hp=2b8c22ccce4a779aced2b4557221ebd31bf22bab;hpb=44784f12e7a1cfe42927bd301b90015ffa72b7d7;p=csit.git

diff --git a/fdio.infra.ansible/roles/aws/tasks/main.yaml b/fdio.infra.ansible/roles/aws/tasks/main.yaml
index 2b8c22ccce..b33848e2d2 100644
--- a/fdio.infra.ansible/roles/aws/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/aws/tasks/main.yaml
@@ -1,60 +1,31 @@
 ---
-# file: roles/aws/tasks/main.yaml
+# file: tasks/main.yaml
 
 - name: Edit repositories
   include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml"
   tags:
     - aws-edit-repo
 
-- name: Get vfio-pci With WC Patcher
-  get_url:
-    url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/get-vfio-with-wc.sh"
-    dest: "/opt/get-vfio-with-wc.sh"
-    mode: "744"
+- name: Prerequisites
+  ansible.builtin.package:
+    name: "{{ packages | flatten(levels=1) }}"
+    state: "latest"
   tags:
-    - aws-vfio-patch
-
-- name: Create vfio-pci Patch Directory
-  file:
-    path: "/opt/patches/"
-    state: "directory"
-  tags:
-    - aws-vfio-patch
-
-- name: Get vfio-pci WC Patch >=4.10
-  get_url:
-    url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/linux-4.10-vfio-wc.patch"
-    dest: "/opt/patches/linux-4.10-vfio-wc.patch"
-    mode: "744"
-  tags:
-    - aws-vfio-patch
-
-- name: Get vfio-pci WC Patch >=5.8
-  get_url:
-    url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/linux-5.8-vfio-wc.patch"
-    dest: "/opt/patches/linux-5.8-vfio-wc.patch"
-    mode: "744"
-  tags:
-    - aws-vfio-patch
-
-- name: Compile vfio-pci With WC Patch
-  shell: "/bin/bash /opt/get-vfio-with-wc.sh"
-  tags:
-    - aws-vfio-patch
+    - aws-inst-prerequisites
 
 - name: Load Kernel Modules By Default
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: "/etc/modules"
     state: "present"
     line: "{{ item }}"
   with_items:
-    - "vfio-pci"
     - "igb_uio"
+    - "vfio-pci"
   tags:
     - aws-load-kernel-modules
 
 - name: Add Kernel Modules Options (igb_uio)
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: "/etc/modprobe.d/igb_uio.conf"
     state: "present"
     line: "{{ item }}"
@@ -65,7 +36,7 @@
     - aws-load-kernel-modules
 
 - name: Add Kernel Modules Options (vfio-pci)
-  lineinfile:
+  ansible.builtin.lineinfile:
     path: "/etc/modprobe.d/vfio-noiommu.conf"
     state: "present"
     line: "{{ item }}"
@@ -75,24 +46,90 @@
   tags:
     - aws-load-kernel-modules
 
-- name: Reload systemd-modules
-  systemd:
-    name: "systemd-modules-load"
-    state: "restarted"
+- name: Kernel Parameters
+  ansible.builtin.lineinfile:
+    path: "/etc/default/grub"
+    state: "present"
+    regexp: "^GRUB_CMDLINE_LINUX="
+    line: "GRUB_CMDLINE_LINUX=iommu=1 intel_iommu=on"
+  notify:
+    - "Update GRUB"
+  tags:
+    - perf-conf-grub
+
+- meta: flush_handlers
+
+- name: Disable Password Login
+  ansible.builtin.lineinfile:
+    dest: "/etc/ssh/sshd_config"
+    regexp: "^PasswordAuthentication yes"
+    line: "PasswordAuthentication no"
+  notify:
+    - "Restart SSHd"
+  tags:
+    - conf-ssh
+
+- name: Recursively Delete Other Configs
+  ansible.builtin.file:
+    path: "/etc/ssh/sshd_config.d"
+    state: "absent"
   tags:
-    - aws-reload-systemd-modules
+    - conf-ssh
+
+#- name: Get vfio-pci With WC Patcher
+#  ansible.builtin.get_url:
+#    url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/get-vfio-with-wc.sh"
+#    dest: "/opt/get-vfio-with-wc.sh"
+#    mode: 0744
+#  tags:
+#    - aws-vfio-patch
+#
+#- name: Create vfio-pci Patch Directory
+#  ansible.builtin.file:
+#    path: "/opt/patches/"
+#    state: "directory"
+#  tags:
+#    - aws-vfio-patch
+#
+#- name: Get vfio-pci WC Patch
+#  ansible.builtin.get_url:
+#    url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/{{ item }}"
+#    dest: "/opt/patches/{{ item }}"
+#    mode: 0744
+#  with_items:
+#    - "linux-4.10-vfio-wc.patch"
+#    - "linux-5.8-vfio-wc.patch"
+#    - "linux-5.15-vfio-wc.patch"
+#  tags:
+#    - aws-vfio-patch
+#
+#- name: Copy vfio-pci WC Patch
+#  ansible.builtin.copy:
+#    src: "files/get-vfio-with-wc.sh"
+#    dest: "/opt"
+#    mode: 0744
+#  tags:
+#    - aws-vfio-patch
+#
+#- name: Compile vfio-pci With WC Patch
+#  ansible.builtin.shell: "/bin/bash /opt/get-vfio-with-wc.sh"
+#  environment:
+#    DEBIAN_FRONTEND: "noninteractive"
+#    TERM: "vt100"
+#  tags:
+#    - aws-vfio-patch
 
 - name: Adjust nr_hugepages
-  sysctl:
+  ansible.builtin.sysctl:
     name: "vm.nr_hugepages"
     value: "8192"
     state: "present"
     sysctl_file: "/etc/sysctl.d/90-csit.conf"
-    reload: "yes"
+    reload: true
   tags:
     - aws-set-hugepages
 
 - name: Shutdown host with delay
-  command: "/sbin/shutdown -P +720"
+  ansible.builtin.command: "/sbin/shutdown -P +720"
   tags:
     - aws-set-self-terminate