Code Review / csit.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
fix(packer): Update AWS image
[csit.git] / fdio.infra.ansible / roles / aws / tasks / main.yaml
1 ---
2 # file: tasks/main.yaml
3
4 - name: Edit repositories
5   include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml"
6   tags:
7     - aws-edit-repo
8
9 - name: Prerequisites
10   ansible.builtin.package:
11     name: "{{ packages | flatten(levels=1) }}"
12     state: "latest"
13   tags:
14     - aws-inst-prerequisites
15
16 - name: Load Kernel Modules By Default
17   ansible.builtin.lineinfile:
18     path: "/etc/modules"
19     state: "present"
20     line: "{{ item }}"
21   with_items:
22     - "igb_uio"
23     - "vfio-pci"
24   tags:
25     - aws-load-kernel-modules
26
27 - name: Add Kernel Modules Options (igb_uio)
28   ansible.builtin.lineinfile:
29     path: "/etc/modprobe.d/igb_uio.conf"
30     state: "present"
31     line: "{{ item }}"
32     create: "yes"
33   with_items:
34     - "options igb_uio wc_activate=1"
35   tags:
36     - aws-load-kernel-modules
37
38 - name: Add Kernel Modules Options (vfio-pci)
39   ansible.builtin.lineinfile:
40     path: "/etc/modprobe.d/vfio-noiommu.conf"
41     state: "present"
42     line: "{{ item }}"
43     create: "yes"
44   with_items:
45     - "options vfio enable_unsafe_noiommu_mode=1"
46   tags:
47     - aws-load-kernel-modules
48
49 - name: Kernel Parameters
50   ansible.builtin.lineinfile:
51     path: "/etc/default/grub"
52     state: "present"
53     regexp: "^GRUB_CMDLINE_LINUX="
54     line: "GRUB_CMDLINE_LINUX=iommu=1 intel_iommu=on"
55   notify:
56     - "Update GRUB"
57   tags:
58     - perf-conf-grub
59
60 - meta: flush_handlers
61
62 - name: Disable Password Login
63   ansible.builtin.lineinfile:
64     dest: "/etc/ssh/sshd_config"
65     regexp: "^PasswordAuthentication yes"
66     line: "PasswordAuthentication no"
67   notify:
68     - "Restart SSHd"
69   tags:
70     - conf-ssh
71
72 - name: Recursively Delete Other Configs
73   ansible.builtin.file:
74     path: "/etc/ssh/sshd_config.d"
75     state: "absent"
76   tags:
77     - conf-ssh
78
79 #- name: Get vfio-pci With WC Patcher
80 #  ansible.builtin.get_url:
81 #    url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/get-vfio-with-wc.sh"
82 #    dest: "/opt/get-vfio-with-wc.sh"
83 #    mode: 0744
84 #  tags:
85 #    - aws-vfio-patch
86 #
87 #- name: Create vfio-pci Patch Directory
88 #  ansible.builtin.file:
89 #    path: "/opt/patches/"
90 #    state: "directory"
91 #  tags:
92 #    - aws-vfio-patch
93 #
94 #- name: Get vfio-pci WC Patch
95 #  ansible.builtin.get_url:
96 #    url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/{{ item }}"
97 #    dest: "/opt/patches/{{ item }}"
98 #    mode: 0744
99 #  with_items:
100 #    - "linux-4.10-vfio-wc.patch"
101 #    - "linux-5.8-vfio-wc.patch"
102 #    - "linux-5.15-vfio-wc.patch"
103 #  tags:
104 #    - aws-vfio-patch
105 #
106 #- name: Copy vfio-pci WC Patch
107 #  ansible.builtin.copy:
108 #    src: "files/get-vfio-with-wc.sh"
109 #    dest: "/opt"
110 #    mode: 0744
111 #  tags:
112 #    - aws-vfio-patch
113 #
114 #- name: Compile vfio-pci With WC Patch
115 #  ansible.builtin.shell: "/bin/bash /opt/get-vfio-with-wc.sh"
116 #  environment:
117 #    DEBIAN_FRONTEND: "noninteractive"
118 #    TERM: "vt100"
119 #  tags:
120 #    - aws-vfio-patch
121
122 - name: Adjust nr_hugepages
123   ansible.builtin.sysctl:
124     name: "vm.nr_hugepages"
125     value: "8192"
126     state: "present"
127     sysctl_file: "/etc/sysctl.d/90-csit.conf"
128     reload: true
129   tags:
130     - aws-set-hugepages
131
132 - name: Shutdown host with delay
133   ansible.builtin.command: "/sbin/shutdown -P +720"
134   tags:
135     - aws-set-self-terminate
Integration tests