diff options
| author |   pmikus <peter.mikus@protonmail.ch> | 2024-07-22 13:51:10 +0200 |
|---|---|---|
| committer | Peter Mikus <peter.mikus@protonmail.ch> | 2024-07-26 07:20:46 +0000 |
| commit | 421111d9150b506a324f32c82b6ccb9abf7fb6c9 (patch) | |
| tree | 4248b2746cb17d8cf15c12ad7769112ad8fa5cd1 /fdio.infra.ansible/roles | |
| parent | 3abec6afd2d1d96d9d6c35615245cf031bd1c596 (diff) | |
feat(infra): Ubuntu 24.04 LTS
Signed-off-by: Peter Mikus <peter.mikus@protonmail.ch>
Change-Id: I81e48360fcc970a16f1203955003d59f476b3233
Diffstat (limited to 'fdio.infra.ansible/roles')
17 files changed, 82 insertions, 53 deletions
diff --git a/fdio.infra.ansible/roles/common/defaults/main.yaml b/fdio.infra.ansible/roles/common/defaults/main.yaml index 9ded8fcba9..cb9021456c 100644 --- a/fdio.infra.ansible/roles/common/defaults/main.yaml +++ b/fdio.infra.ansible/roles/common/defaults/main.yaml @@ -1,5 +1,5 @@ --- -# file: roles/common/defaults/main.yaml +# file: defaults/main.yaml packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}" @@ -31,6 +31,18 @@ packages_by_distro: - "python3-pip" - "python3-pyelftools" - "python3-setuptools" + noble: + - "build-essential" + - "libpcap-dev" + - "net-tools" + - "python3-all" + - "python3-apt" + - "python3-cffi" + - "python3-cffi-backend" + - "python3-dev" + - "python3-pip" + - "python3-pyelftools" + - "python3-setuptools" packages_by_arch: aarch64: diff --git a/fdio.infra.ansible/roles/common/handlers/main.yaml b/fdio.infra.ansible/roles/common/handlers/main.yaml index 0a4944b4ca..0be8cf215b 100644 --- a/fdio.infra.ansible/roles/common/handlers/main.yaml +++ b/fdio.infra.ansible/roles/common/handlers/main.yaml @@ -1,5 +1,5 @@ --- -# file: roles/common/handlers/main.yaml +# file: handlers/main.yaml - name: Reboot Server ansible.builtin.reboot: diff --git a/fdio.infra.ansible/roles/common/tasks/main.yaml b/fdio.infra.ansible/roles/common/tasks/main.yaml index e47a1fc7a8..7f03f2ceba 100644 --- a/fdio.infra.ansible/roles/common/tasks/main.yaml +++ b/fdio.infra.ansible/roles/common/tasks/main.yaml @@ -1,7 +1,7 @@ --- -# file: roles/common/tasks/main.yaml +# file: tasks/main.yaml -- name: Conf - Add permanent proxy settings +- name: Add permanent proxy settings ansible.builtin.lineinfile: path: "/etc/environment" state: "present" @@ -11,31 +11,39 @@ tags: - common-conf-proxy -- name: Inst - Update package cache (apt) +- name: Update Repositories Cache ansible.builtin.apt: update_cache: true - cache_valid_time: 3600 when: - - ansible_distribution|lower == 'ubuntu' + - ansible_os_family == 'Debian' tags: - common-inst-prerequisites -- name: Inst - Prerequisites +- name: Prerequisites ansible.builtin.package: name: "{{ packages | flatten(levels=1) }}" state: "latest" tags: - common-inst-prerequisites -- name: Inst - Meson (DPDK) +- name: PIP management + ansible.builtin.file: + path: "/usr/lib/python3.12/EXTERNALLY-MANAGED" + state: "absent" + tags: + - common-inst-pip + +- name: Meson (DPDK) ansible.builtin.pip: name: - "meson==0.64.1" state: "forcereinstall" + environment: + ANSIBLE_SKIP_CONFLICT_CHECK: 1 tags: - - common-inst-meson + - common-inst-pip -- name: Conf - sudoers admin +- name: sudoers admin ansible.builtin.lineinfile: path: "/etc/sudoers" state: "present" @@ -45,7 +53,7 @@ tags: - common-conf-sudoers -- name: Conf - sudoers nopasswd +- name: sudoers nopasswd ansible.builtin.lineinfile: path: "/etc/sudoers" state: "present" diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml index 9ea38efb56..0ba7f33d0b 100644 --- a/fdio.infra.ansible/roles/consul/defaults/main.yaml +++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml @@ -52,7 +52,7 @@ consul_user: "consul" # Conf - base.hcl consul_allow_tls: true consul_bind_addr: "{{ ansible_default_ipv4.address }}" -consul_bootstrap_expect: 1 +consul_bootstrap_expect: 2 consul_client_addr: "0.0.0.0" consul_datacenter: "dc1" consul_disable_update_check: true diff --git a/fdio.infra.ansible/roles/docker/defaults/main.yaml b/fdio.infra.ansible/roles/docker/defaults/main.yaml index bf97b4a192..e0338fb5ad 100644 --- a/fdio.infra.ansible/roles/docker/defaults/main.yaml +++ b/fdio.infra.ansible/roles/docker/defaults/main.yaml @@ -1,5 +1,5 @@ --- -# file: roles/docker/defaults/main.yaml +# file: defaults/main.yaml # Version options. docker_edition: "ce" diff --git a/fdio.infra.ansible/roles/docker/handlers/main.yaml b/fdio.infra.ansible/roles/docker/handlers/main.yaml index 53eb8528f6..c8c3328cac 100644 --- a/fdio.infra.ansible/roles/docker/handlers/main.yaml +++ b/fdio.infra.ansible/roles/docker/handlers/main.yaml @@ -1,5 +1,5 @@ --- -# file roles/docker/handlers/main.yaml +# file handlers/main.yaml - name: Restart Docker ansible.builtin.service: diff --git a/fdio.infra.ansible/roles/docker/meta/main.yaml b/fdio.infra.ansible/roles/docker/meta/main.yaml index 7bef656eb5..0a1fe9787b 100644 --- a/fdio.infra.ansible/roles/docker/meta/main.yaml +++ b/fdio.infra.ansible/roles/docker/meta/main.yaml @@ -4,15 +4,18 @@ dependencies: [] galaxy_info: - role_name: docker - author: fd.io - description: Docker-CE for Linux. - company: none - license: "license (Apache)" - min_ansible_version: 2.9 + role_name: "docker" + author: "pmikus" + description: "Docker-CE for Linux." + company: "none" + license: "license (BSD, MIT)" + min_ansible_version: "2.9" platforms: - - name: Ubuntu + - name: "Ubuntu" versions: - - jammy + - "jammy" + - name: "Debian" + versions: + - "bookworm" galaxy_tags: - - docker + - "docker" diff --git a/fdio.infra.ansible/roles/docker/tasks/jammy.yaml b/fdio.infra.ansible/roles/docker/tasks/Debian.yaml index 8ec7a01ee1..f81277ac47 100644 --- a/fdio.infra.ansible/roles/docker/tasks/jammy.yaml +++ b/fdio.infra.ansible/roles/docker/tasks/Debian.yaml @@ -1,7 +1,7 @@ --- -# file: roles/docker/tasks/ubuntu_jammy.yaml +# file: tasks/Debian.yaml -- name: Inst - Dependencies +- name: "Install Dependencies" ansible.builtin.apt: name: - "apt-transport-https" @@ -14,14 +14,14 @@ tags: - docker-inst-dependencies -- name: Conf - Add APT Key +- name: "Add APT Key" ansible.builtin.apt_key: url: "{{ docker_apt_gpg_key }}" state: "{{ docker_apt_gpg_key_state }}" tags: - docker-conf-apt -- name: Conf - Install APT Repository +- name: "Install APT Repository" ansible.builtin.apt_repository: repo: "{{ docker_apt_repository }}" state: "{{ docker_apt_repository_state }}" diff --git a/fdio.infra.ansible/roles/docker/tasks/main.yaml b/fdio.infra.ansible/roles/docker/tasks/main.yaml index e07b29e363..4146dbbadf 100644 --- a/fdio.infra.ansible/roles/docker/tasks/main.yaml +++ b/fdio.infra.ansible/roles/docker/tasks/main.yaml @@ -1,11 +1,17 @@ --- -# file: roles/docker/tasks/main.yaml +# file: tasks/main.yaml -- include_tasks: "{{ ansible_distribution_release }}.yaml" +- name: "Install Prerequisites Based on OS" + ansible.builtin.include_tasks: + file: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_os_family }}.yaml" + - "default.yaml" tags: - docker-inst-dependencies -- name: Inst - Docker +- name: "Install Docker" ansible.builtin.package: name: - "{{ docker_package }}" @@ -14,7 +20,7 @@ tags: - docker-inst-package -- name: Conf - Docker Service +- name: "Enable Docker Service" ansible.builtin.service: name: docker state: "{{ docker_service_state }}" @@ -24,7 +30,7 @@ tags: - docker-conf-service -- name: Conf - Docker Service Directory +- name: "Docker Service Directory" ansible.builtin.file: path: "/etc/systemd/system/docker.service.d" state: "directory" @@ -34,7 +40,7 @@ tags: - docker-conf-service -- name: Conf - Docker Daemon +- name: "Configure Docker Daemon" ansible.builtin.template: src: "templates/daemon.json.j2" dest: "/etc/docker/daemon.json" @@ -49,7 +55,7 @@ tags: - docker-conf-daemon -- name: Conf - Docker HTTP Proxy +- name: "Configure Docker HTTP Proxy" ansible.builtin.template: src: "templates/docker.service.proxy.http" dest: "/etc/systemd/system/docker.service.d/http-proxy.conf" @@ -65,7 +71,7 @@ tags: - docker-conf-service -- name: Conf - Docker HTTPS Proxy +- name: "Configure Docker HTTPS Proxy" ansible.builtin.template: src: "templates/docker.service.proxy.https" dest: "/etc/systemd/system/docker.service.d/https-proxy.conf" @@ -81,5 +87,5 @@ tags: - docker-conf-service -- name: Meta - Flush handlers +- name: "Meta - Flush handlers" ansible.builtin.meta: flush_handlers diff --git a/fdio.infra.ansible/roles/intel/defaults/main.yaml b/fdio.infra.ansible/roles/intel/defaults/main.yaml index 9a3c5c0f0c..603b1367b9 100644 --- a/fdio.infra.ansible/roles/intel/defaults/main.yaml +++ b/fdio.infra.ansible/roles/intel/defaults/main.yaml @@ -62,9 +62,9 @@ intel_700_compatibility_matrix: intel_800_compatibility_matrix: dpdk22.03: # custom for vpp_device - ice: "1.13.7" + ice: "1.14.13" ddp: "1.3.45.0" - iavf: "4.9.5" + iavf: "4.11.3" nvm: "4.40" dpdk22.07: # https://doc.dpdk.org/guides/rel_notes/release_22_07.html @@ -93,11 +93,13 @@ intel_i40e_url: intel_ice_url: "1.9.7": "ice%20stable/1.9.7/ice-1.9.7.tar.gz/download" "1.13.7": "ice%20stable/1.13.7/ice-1.13.7.tar.gz/download" + "1.14.13": "ice%20stable/1.14.13/ice-1.14.13.tar.gz/download" intel_iavf_url: "4.3.19": "iavf%20stable/4.3.19/iavf-4.3.19.tar.gz/download" "4.5.3": "iavf%20stable/4.5.3/iavf-4.5.3.tar.gz/download" "4.9.5": "iavf%20stable/4.9.5/iavf-4.9.5.tar.gz/download" + "4.11.3": "iavf%20stable/4.11.3/iavf-4.11.3.tar.gz/download" intel_ddp_url: "1.3.37.0": "738733/800%20Series%20DDP%20Comms%20Package%201.3.37.0.zip" diff --git a/fdio.infra.ansible/roles/nomad/defaults/main.yaml b/fdio.infra.ansible/roles/nomad/defaults/main.yaml index 535db2bb2c..333d4763bd 100644 --- a/fdio.infra.ansible/roles/nomad/defaults/main.yaml +++ b/fdio.infra.ansible/roles/nomad/defaults/main.yaml @@ -134,7 +134,7 @@ nomad_consul_address: "localhost:8500" nomad_consul_token: "" nomad_consul_servers_service_name: "nomad" nomad_consul_clients_service_name: "nomad-client" -nomad_consul_tags: {} +nomad_consul_tags: "" nomad_consul_use_ssl: false # ACLs diff --git a/fdio.infra.ansible/roles/nomad/templates/consul.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/consul.hcl.j2 index a9c1aff7b2..c1fe878965 100644 --- a/fdio.infra.ansible/roles/nomad/templates/consul.hcl.j2 +++ b/fdio.infra.ansible/roles/nomad/templates/consul.hcl.j2 @@ -33,7 +33,7 @@ consul { # Specifies optional Consul tags to be registered with the Nomad server and # agent services. - tags = {{ nomad_consul_tags | to_json }} + tags = "{{ nomad_consul_tags }}" # Specifies the token used to provide a per-request ACL token. This option # overrides the Consul Agent's default token. If the token is not set here @@ -60,4 +60,4 @@ consul { {% endif %} } -{% endif %}
\ No newline at end of file +{% endif %} diff --git a/fdio.infra.ansible/roles/user_add/defaults/main.yaml b/fdio.infra.ansible/roles/user_add/defaults/main.yaml index 643ad7dfd7..799f660b73 100644 --- a/fdio.infra.ansible/roles/user_add/defaults/main.yaml +++ b/fdio.infra.ansible/roles/user_add/defaults/main.yaml @@ -1,5 +1,5 @@ --- -# file: roles/user_add/defaults/main.yaml +# file: defaults/main.yaml # Default shell for a user if none is specified. users_shell: /bin/bash diff --git a/fdio.infra.ansible/roles/user_add/handlers/main.yaml b/fdio.infra.ansible/roles/user_add/handlers/main.yaml index 5f1f71a332..e5c2a82780 100644 --- a/fdio.infra.ansible/roles/user_add/handlers/main.yaml +++ b/fdio.infra.ansible/roles/user_add/handlers/main.yaml @@ -1,5 +1,5 @@ --- -# file: roles/user_add/handlers/main.yaml +# file: handlers/main.yaml - name: Restart SSHd ansible.builtin.service: diff --git a/fdio.infra.ansible/roles/user_add/tasks/main.yaml b/fdio.infra.ansible/roles/user_add/tasks/main.yaml index 329c6abd07..c01a1497d8 100644 --- a/fdio.infra.ansible/roles/user_add/tasks/main.yaml +++ b/fdio.infra.ansible/roles/user_add/tasks/main.yaml @@ -1,7 +1,7 @@ --- -# file: roles/user_add/tasks/main.yaml +# file: tasks/main.yaml -- name: Conf - Add User +- name: Add User ansible.builtin.user: append: "{{ item.append | default(omit) }}" createhome: "{{ 'yes' if users_create_homedirs else 'no' }}" @@ -15,7 +15,7 @@ tags: - user-add-conf -- name: Conf - SSH keys +- name: SSH keys ansible.builtin.authorized_key: user: "{{ item.0.username }}" key: "{{ item.1 }}" @@ -26,13 +26,11 @@ tags: - user-add-conf -- name: Conf - Disable Password Login +- name: Disable Password Login ansible.builtin.lineinfile: dest: "/etc/ssh/sshd_config" regexp: "^PasswordAuthentication yes" line: "PasswordAuthentication no" - notify: - - "Restart SSHd" when: - sshd_disable_password_login tags: diff --git a/fdio.infra.ansible/roles/vault/defaults/main.yaml b/fdio.infra.ansible/roles/vault/defaults/main.yaml index 5dd3db63c1..69386146d0 100644 --- a/fdio.infra.ansible/roles/vault/defaults/main.yaml +++ b/fdio.infra.ansible/roles/vault/defaults/main.yaml @@ -107,7 +107,7 @@ vault_backend_tls_key_file: "{{ vault_tls_key_file }}" vault_backend_tls_ca_file: "{{ vault_tls_ca_file }}" vault_consul: "127.0.0.1:8500" -vault_consul_path: "vault" +vault_consul_path: "vault_data" vault_consul_service: "vault" vault_consul_scheme: "http" @@ -146,7 +146,7 @@ vault_tls_disable: "{{ lookup('env','VAULT_TLS_DISABLE') | default(1, true) }}" vault_tls_gossip: "{{ lookup('env','VAULT_TLS_GOSSIP') | default(0, true) }}" vault_tls_copy_keys: true -vault_protocol: "{% if vault_tls_disable %}http{% else %}https{% endif %}" +vault_protocol: "{% if vault_tls_disable %}https{% else %}https{% endif %}" vault_tls_cert_file: "{{ lookup('env','VAULT_TLS_CERT_FILE') | default('server.crt', true) }}" vault_tls_key_file: "{{ lookup('env','VAULT_TLS_KEY_FILE') | default('server.key', true) }}" vault_tls_ca_file: "{{ lookup('env','VAULT_TLS_CA_CRT') | default('ca.crt', true) }}" diff --git a/fdio.infra.ansible/roles/vault/templates/vault_backend_consul.j2 b/fdio.infra.ansible/roles/vault/templates/vault_backend_consul.j2 index c45498af90..32f2fdcb01 100644 --- a/fdio.infra.ansible/roles/vault/templates/vault_backend_consul.j2 +++ b/fdio.infra.ansible/roles/vault/templates/vault_backend_consul.j2 @@ -12,4 +12,4 @@ backend "consul" { tls_ca_file="{{ vault_backend_tls_config_path }}/{{ vault_backend_tls_ca_file }}" {% endif %} -}
\ No newline at end of file +} |