aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible/roles/aws
diff options
context:
space:
mode:
authorpmikus <peter.mikus@protonmail.ch>2024-05-23 13:37:23 +0200
committerPeter Mikus <peter.mikus@protonmail.ch>2024-05-29 11:03:28 +0000
commitfa300743951b31a8109769c075d1edba9e6a85bd (patch)
treed7f08fd928abfb9cd9639708298b0cf53a5f2e4a /fdio.infra.ansible/roles/aws
parent5bb211044c10e791277d7de8561dc50af30c6abc (diff)
fix(packer): Update AWS image
Signed-off-by: Peter Mikus <peter.mikus@protonmail.ch> Change-Id: I1907fcb88dff0bb62cc6f5a8bf3ea58e3ad1578d
Diffstat (limited to 'fdio.infra.ansible/roles/aws')
-rw-r--r--fdio.infra.ansible/roles/aws/defaults/main.yaml6
-rw-r--r--fdio.infra.ansible/roles/aws/handlers/main.yaml5
-rw-r--r--fdio.infra.ansible/roles/aws/tasks/main.yaml119
3 files changed, 72 insertions, 58 deletions
diff --git a/fdio.infra.ansible/roles/aws/defaults/main.yaml b/fdio.infra.ansible/roles/aws/defaults/main.yaml
index 5b6978da51..a0150eae37 100644
--- a/fdio.infra.ansible/roles/aws/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/aws/defaults/main.yaml
@@ -15,12 +15,10 @@ packages_base:
packages_by_distro:
ubuntu:
- - "linux-image-5.4.0-1009-aws"
- - "linux-headers-5.4.0-1009-aws"
- - "linux-tools-5.4.0-1009-aws"
+ - []
packages_by_arch:
aarch64:
- []
x86_64:
- - [] \ No newline at end of file
+ - []
diff --git a/fdio.infra.ansible/roles/aws/handlers/main.yaml b/fdio.infra.ansible/roles/aws/handlers/main.yaml
index d55db1c22f..bc160a3263 100644
--- a/fdio.infra.ansible/roles/aws/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/aws/handlers/main.yaml
@@ -18,3 +18,8 @@
reboot_timeout: 3600
tags:
- reboot-server
+
+- name: Restart SSHd
+ ansible.builtin.service:
+ name: sshd
+ state: restarted
diff --git a/fdio.infra.ansible/roles/aws/tasks/main.yaml b/fdio.infra.ansible/roles/aws/tasks/main.yaml
index b5132c1909..b33848e2d2 100644
--- a/fdio.infra.ansible/roles/aws/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/aws/tasks/main.yaml
@@ -13,18 +13,6 @@
tags:
- aws-inst-prerequisites
-- name: Switch Kernel At Boot
- ansible.builtin.lineinfile:
- path: "/etc/default/grub"
- state: "present"
- line: "GRUB_DEFAULT=\"1>2\""
- notify:
- - "Update GRUB"
- tags:
- - perf-conf-grub
-
-- meta: flush_handlers
-
- name: Load Kernel Modules By Default
ansible.builtin.lineinfile:
path: "/etc/modules"
@@ -58,55 +46,78 @@
tags:
- aws-load-kernel-modules
-#- name: Get vfio-pci With WC Patcher
-# ansible.builtin.get_url:
-# url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/get-vfio-with-wc.sh"
-# dest: "/opt/get-vfio-with-wc.sh"
-# mode: 0744
-# tags:
-# - aws-vfio-patch
-
-- name: Create vfio-pci Patch Directory
- ansible.builtin.file:
- path: "/opt/patches/"
- state: "directory"
+- name: Kernel Parameters
+ ansible.builtin.lineinfile:
+ path: "/etc/default/grub"
+ state: "present"
+ regexp: "^GRUB_CMDLINE_LINUX="
+ line: "GRUB_CMDLINE_LINUX=iommu=1 intel_iommu=on"
+ notify:
+ - "Update GRUB"
tags:
- - aws-vfio-patch
+ - perf-conf-grub
-- name: Get vfio-pci WC Patch
- ansible.builtin.get_url:
- url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/{{ item }}"
- dest: "/opt/patches/{{ item }}"
- mode: 0744
- with_items:
- - "linux-4.10-vfio-wc.patch"
- - "linux-5.8-vfio-wc.patch"
- - "linux-5.15-vfio-wc.patch"
- tags:
- - aws-vfio-patch
+- meta: flush_handlers
-- name: Copy vfio-pci WC Patch
- ansible.builtin.copy:
- src: "files/get-vfio-with-wc.sh"
- dest: "/opt"
- mode: 0744
+- name: Disable Password Login
+ ansible.builtin.lineinfile:
+ dest: "/etc/ssh/sshd_config"
+ regexp: "^PasswordAuthentication yes"
+ line: "PasswordAuthentication no"
+ notify:
+ - "Restart SSHd"
tags:
- - aws-vfio-patch
+ - conf-ssh
-- name: Compile vfio-pci With WC Patch
- ansible.builtin.shell: "/bin/bash /opt/get-vfio-with-wc.sh"
- environment:
- DEBIAN_FRONTEND: "noninteractive"
- TERM: "vt100"
+- name: Recursively Delete Other Configs
+ ansible.builtin.file:
+ path: "/etc/ssh/sshd_config.d"
+ state: "absent"
tags:
- - aws-vfio-patch
+ - conf-ssh
-- name: Reload systemd-modules
- ansible.builtin.systemd:
- name: "systemd-modules-load"
- state: "restarted"
- tags:
- - aws-reload-systemd-modules
+#- name: Get vfio-pci With WC Patcher
+# ansible.builtin.get_url:
+# url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/get-vfio-with-wc.sh"
+# dest: "/opt/get-vfio-with-wc.sh"
+# mode: 0744
+# tags:
+# - aws-vfio-patch
+#
+#- name: Create vfio-pci Patch Directory
+# ansible.builtin.file:
+# path: "/opt/patches/"
+# state: "directory"
+# tags:
+# - aws-vfio-patch
+#
+#- name: Get vfio-pci WC Patch
+# ansible.builtin.get_url:
+# url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/{{ item }}"
+# dest: "/opt/patches/{{ item }}"
+# mode: 0744
+# with_items:
+# - "linux-4.10-vfio-wc.patch"
+# - "linux-5.8-vfio-wc.patch"
+# - "linux-5.15-vfio-wc.patch"
+# tags:
+# - aws-vfio-patch
+#
+#- name: Copy vfio-pci WC Patch
+# ansible.builtin.copy:
+# src: "files/get-vfio-with-wc.sh"
+# dest: "/opt"
+# mode: 0744
+# tags:
+# - aws-vfio-patch
+#
+#- name: Compile vfio-pci With WC Patch
+# ansible.builtin.shell: "/bin/bash /opt/get-vfio-with-wc.sh"
+# environment:
+# DEBIAN_FRONTEND: "noninteractive"
+# TERM: "vt100"
+# tags:
+# - aws-vfio-patch
- name: Adjust nr_hugepages
ansible.builtin.sysctl: