aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible
diff options
context:
space:
mode:
authorpmikus <peter.mikus@protonmail.ch>2024-07-22 13:51:10 +0200
committerPeter Mikus <peter.mikus@protonmail.ch>2024-07-26 07:21:19 +0000
commitbeacfb25fc1ef4a78415d93f97afeffb121a8ea2 (patch)
tree0f538d87b787ab5efe43f3e3950ca5553f58cd18 /fdio.infra.ansible
parentf97e5e9b91bc01c8fb5771b47107b0d8ef1aacab (diff)
feat(infra): Ubuntu 24.04 LTSoper-240722
Signed-off-by: Peter Mikus <peter.mikus@protonmail.ch> Change-Id: I81e48360fcc970a16f1203955003d59f476b3233 (cherry picked from commit 586b271c3f3401c8901ee26a27e804483d71d6c7)
Diffstat (limited to 'fdio.infra.ansible')
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.21.yaml5
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.22.yaml5
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.23.yaml5
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.24.yaml5
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.25.yaml5
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.26.yaml5
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.27.yaml8
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.28.yaml8
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml5
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.31.yaml5
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.91.yaml8
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.92.yaml7
-rw-r--r--fdio.infra.ansible/roles/common/defaults/main.yaml14
-rw-r--r--fdio.infra.ansible/roles/common/handlers/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/common/tasks/main.yaml28
-rw-r--r--fdio.infra.ansible/roles/consul/defaults/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/docker/defaults/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/docker/handlers/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/docker/meta/main.yaml21
-rw-r--r--fdio.infra.ansible/roles/docker/tasks/Debian.yaml (renamed from fdio.infra.ansible/roles/docker/tasks/jammy.yaml)8
-rw-r--r--fdio.infra.ansible/roles/docker/tasks/main.yaml24
-rw-r--r--fdio.infra.ansible/roles/intel/defaults/main.yaml6
-rw-r--r--fdio.infra.ansible/roles/nomad/defaults/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/consul.hcl.j24
-rw-r--r--fdio.infra.ansible/roles/user_add/defaults/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/user_add/handlers/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/user_add/tasks/main.yaml10
-rw-r--r--fdio.infra.ansible/roles/vault/defaults/main.yaml4
-rw-r--r--fdio.infra.ansible/roles/vault/templates/vault_backend_consul.j22
29 files changed, 125 insertions, 81 deletions
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.21.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.21.yaml
index b28cae11ff..581dc3c9a1 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.21.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.21.yaml
@@ -19,7 +19,7 @@ users:
sshd_disable_password_login: true
# Nomad settings.
-nomad_version: "1.6.1"
+nomad_version: "1.8.2"
nomad_certificates:
- src: "{{ file_nomad_ca_pem }}"
dest: "{{ nomad_tls_ca_file }}"
@@ -56,6 +56,7 @@ nomad_servers:
# Consul settings.
nomad_use_consul: true
+consul_version: "1.19.1"
consul_certificates:
- src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
@@ -79,7 +80,7 @@ consul_retry_servers:
consul_service_mgr: "systemd"
# Vault settings.
-vault_version: "1.13.1"
+vault_version: "1.17.2"
# Docker daemon settings.
docker_daemon:
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.22.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.22.yaml
index 8d7223495b..5de1de40a2 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.22.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.22.yaml
@@ -19,7 +19,7 @@ users:
sshd_disable_password_login: true
# Nomad settings.
-nomad_version: "1.6.1"
+nomad_version: "1.8.2"
nomad_certificates:
- src: "{{ file_nomad_ca_pem }}"
dest: "{{ nomad_tls_ca_file }}"
@@ -56,6 +56,7 @@ nomad_servers:
# Consul settigs.
nomad_use_consul: true
+consul_version: "1.19.1"
consul_certificates:
- src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
@@ -79,7 +80,7 @@ consul_retry_servers:
consul_service_mgr: "systemd"
# Vault settings.
-vault_version: "1.13.1"
+vault_version: "1.17.2"
# Docker daemon settings.
docker_daemon:
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.23.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.23.yaml
index 8c3afaf74c..dd55ffa32f 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.23.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.23.yaml
@@ -19,7 +19,7 @@ users:
sshd_disable_password_login: true
# Nomad settings.
-nomad_version: "1.6.1"
+nomad_version: "1.8.2"
nomad_certificates:
- src: "{{ file_nomad_ca_pem }}"
dest: "{{ nomad_tls_ca_file }}"
@@ -60,6 +60,7 @@ nomad_volumes:
# Consul settings.
nomad_use_consul: true
+consul_version: "1.19.1"
consul_certificates:
- src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
@@ -83,7 +84,7 @@ consul_retry_servers:
consul_service_mgr: "systemd"
# Vault settings.
-vault_version: "1.13.1"
+vault_version: "1.17.2"
# Docker daemon settings.
docker_daemon:
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.24.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.24.yaml
index cb65e81c26..579f6d6f07 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.24.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.24.yaml
@@ -19,7 +19,7 @@ users:
sshd_disable_password_login: true
# Nomad settings.
-nomad_version: "1.6.1"
+nomad_version: "1.8.2"
nomad_certificates:
- src: "{{ file_nomad_ca_pem }}"
dest: "{{ nomad_tls_ca_file }}"
@@ -60,6 +60,7 @@ nomad_volumes:
# Consul settigs.
nomad_use_consul: true
+consul_version: "1.19.1"
consul_certificates:
- src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
@@ -83,7 +84,7 @@ consul_retry_servers:
consul_service_mgr: "systemd"
# Vault settings.
-vault_version: "1.13.1"
+vault_version: "1.17.2"
# Docker daemon settings.
docker_daemon:
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.25.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.25.yaml
index 20e45a90ea..528383bcdb 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.25.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.25.yaml
@@ -19,7 +19,7 @@ users:
sshd_disable_password_login: true
# Nomad settings.
-nomad_version: "1.6.1"
+nomad_version: "1.8.2"
nomad_certificates:
- src: "{{ file_nomad_ca_pem }}"
dest: "{{ nomad_tls_ca_file }}"
@@ -60,6 +60,7 @@ nomad_volumes:
# Consul settigs.
nomad_use_consul: true
+consul_version: "1.19.1"
consul_certificates:
- src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
@@ -83,7 +84,7 @@ consul_retry_servers:
consul_service_mgr: "systemd"
# Vault settings.
-vault_version: "1.13.1"
+vault_version: "1.17.2"
# Docker daemon settings.
docker_daemon:
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.26.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.26.yaml
index 0d71009ede..018174ceea 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.26.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.26.yaml
@@ -19,7 +19,7 @@ users:
sshd_disable_password_login: true
# Nomad settings.
-nomad_version: "1.6.1"
+nomad_version: "1.8.2"
nomad_certificates:
- src: "{{ file_nomad_ca_pem }}"
dest: "{{ nomad_tls_ca_file }}"
@@ -60,6 +60,7 @@ nomad_volumes:
# Consul settigs.
nomad_use_consul: true
+consul_version: "1.19.1"
consul_certificates:
- src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
@@ -83,7 +84,7 @@ consul_retry_servers:
consul_service_mgr: "systemd"
# Vault settings.
-vault_version: "1.13.1"
+vault_version: "1.17.2"
# Docker daemon settings.
docker_daemon:
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.27.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.27.yaml
index 745686c31e..a73d79fc4a 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.27.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.27.yaml
@@ -19,7 +19,7 @@ users:
sshd_disable_password_login: true
# Nomad settings.
-nomad_version: "1.6.1"
+nomad_version: "1.8.2"
nomad_certificates:
- src: "{{ file_nomad_ca_pem }}"
dest: "{{ nomad_tls_ca_file }}"
@@ -37,6 +37,7 @@ nomad_options:
docker.privileged.enabled: true
docker.volumes.enabled: true
driver.whitelist: "docker,raw_exec,exec"
+ fingerprint.network.disallow_link_local: true
nomad_service_mgr: "systemd"
nomad_consul_use_ssl: false
nomad_use_tls: false
@@ -54,8 +55,9 @@ nomad_servers:
# Consul settings.
nomad_use_consul: true
+consul_version: "1.19.1"
consul_certificates:
- - src: "{{ file_consul_agent_ca_pem }}"
+ - src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
- src: "{{ file_consul_server_0_pem }}"
dest: "{{ consul_cert_file }}"
@@ -77,7 +79,7 @@ consul_retry_servers:
consul_service_mgr: "systemd"
# Vault settings.
-vault_version: "1.13.1"
+vault_version: "1.17.2"
# Docker daemon settings.
docker_daemon:
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.28.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.28.yaml
index 5a3c8896fc..5880d076d1 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.28.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.28.yaml
@@ -19,7 +19,7 @@ users:
sshd_disable_password_login: true
# Nomad settings.
-nomad_version: "1.6.1"
+nomad_version: "1.8.2"
nomad_certificates:
- src: "{{ file_nomad_ca_pem }}"
dest: "{{ nomad_tls_ca_file }}"
@@ -37,6 +37,7 @@ nomad_options:
docker.privileged.enabled: true
docker.volumes.enabled: true
driver.whitelist: "docker,raw_exec,exec"
+ fingerprint.network.disallow_link_local: true
nomad_service_mgr: "systemd"
nomad_consul_use_ssl: false
nomad_use_tls: false
@@ -54,8 +55,9 @@ nomad_servers:
# Consul settings.
nomad_use_consul: true
+consul_version: "1.19.1"
consul_certificates:
- - src: "{{ file_consul_agent_ca_pem }}"
+ - src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
- src: "{{ file_consul_server_0_pem }}"
dest: "{{ consul_cert_file }}"
@@ -77,7 +79,7 @@ consul_retry_servers:
consul_service_mgr: "systemd"
# Vault settings.
-vault_version: "1.13.1"
+vault_version: "1.17.2"
# Docker daemon settings.
docker_daemon:
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml
index 543f557d6e..2d4584c724 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml
@@ -28,7 +28,7 @@ users:
sshd_disable_password_login: true
# Nomad settings.
-nomad_version: "1.6.1"
+nomad_version: "1.8.2"
nomad_certificates:
- src: "{{ file_nomad_ca_pem }}"
dest: "{{ nomad_tls_ca_file }}"
@@ -63,6 +63,7 @@ nomad_servers:
# Consul settigs.
nomad_use_consul: true
+consul_version: "1.19.1"
consul_certificates:
- src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
@@ -86,7 +87,7 @@ consul_retry_servers:
consul_service_mgr: "systemd"
# Vault settings.
-vault_version: "1.13.1"
+vault_version: "1.17.2"
# Docker settings.
docker_daemon:
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.31.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.31.yaml
index 1c80c5d4a6..4e9f1da943 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.31.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.31.yaml
@@ -28,7 +28,7 @@ users:
sshd_disable_password_login: true
# Nomad settings.
-nomad_version: "1.6.1"
+nomad_version: "1.8.2"
nomad_certificates:
- src: "{{ file_nomad_ca_pem }}"
dest: "{{ nomad_tls_ca_file }}"
@@ -63,6 +63,7 @@ nomad_servers:
# Consul settigs.
nomad_use_consul: true
+consul_version: "1.19.1"
consul_certificates:
- src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
@@ -86,7 +87,7 @@ consul_retry_servers:
consul_service_mgr: "systemd"
# Vault settings.
-vault_version: "1.13.1"
+vault_version: "1.17.2"
# Docker settings.
docker_daemon:
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.91.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.91.yaml
index 53239492ef..6765e72877 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.91.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.91.yaml
@@ -20,7 +20,7 @@ users:
sshd_disable_password_login: true
# Nomad settings.
-nomad_version: "1.6.1"
+nomad_version: "1.8.2"
nomad_certificates:
- src: "{{ file_nomad_ca_pem }}"
dest: "{{ nomad_tls_ca_file }}"
@@ -38,6 +38,7 @@ nomad_options:
docker.privileged.enabled: true
docker.volumes.enabled: true
driver.whitelist: "docker,raw_exec,exec"
+ fingerprint.network.disallow_link_local: true
nomad_service_mgr: "systemd"
nomad_consul_use_ssl: false
nomad_use_tls: false
@@ -55,8 +56,9 @@ nomad_servers:
# Consul settings.
nomad_use_consul: true
+consul_version: "1.19.1"
consul_certificates:
- - src: "{{ file_consul_agent_ca_pem }}"
+ - src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
- src: "{{ file_consul_server_0_pem }}"
dest: "{{ consul_cert_file }}"
@@ -79,7 +81,7 @@ consul_service_mgr: "systemd"
#consul_package_version: "1.5.2+dfsg2-14"
# Vault settings.
-vault_version: "1.13.1"
+vault_version: "1.17.2"
# Docker daemon settings.
docker_daemon:
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.92.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.92.yaml
index 19ec70ce83..81386c82e5 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.92.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.92.yaml
@@ -20,7 +20,7 @@ users:
sshd_disable_password_login: true
# Nomad settings.
-nomad_version: "1.6.1"
+nomad_version: "1.8.2"
nomad_certificates:
- src: "{{ file_nomad_ca_pem }}"
dest: "{{ nomad_tls_ca_file }}"
@@ -55,8 +55,9 @@ nomad_servers:
# Consul settings.
nomad_use_consul: true
+consul_version: "1.19.1"
consul_certificates:
- - src: "{{ file_consul_agent_ca_pem }}"
+ - src: "{{ file_consul_ca_pem }}"
dest: "{{ consul_ca_file }}"
- src: "{{ file_consul_server_0_pem }}"
dest: "{{ consul_cert_file }}"
@@ -79,7 +80,7 @@ consul_service_mgr: "systemd"
#consul_package_version: "1.5.2+dfsg2-14"
# Vault settings.
-vault_version: "1.13.1"
+vault_version: "1.17.2"
# Docker daemon settings.
docker_daemon:
diff --git a/fdio.infra.ansible/roles/common/defaults/main.yaml b/fdio.infra.ansible/roles/common/defaults/main.yaml
index 9ded8fcba9..cb9021456c 100644
--- a/fdio.infra.ansible/roles/common/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/common/defaults/main.yaml
@@ -1,5 +1,5 @@
---
-# file: roles/common/defaults/main.yaml
+# file: defaults/main.yaml
packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}"
@@ -31,6 +31,18 @@ packages_by_distro:
- "python3-pip"
- "python3-pyelftools"
- "python3-setuptools"
+ noble:
+ - "build-essential"
+ - "libpcap-dev"
+ - "net-tools"
+ - "python3-all"
+ - "python3-apt"
+ - "python3-cffi"
+ - "python3-cffi-backend"
+ - "python3-dev"
+ - "python3-pip"
+ - "python3-pyelftools"
+ - "python3-setuptools"
packages_by_arch:
aarch64:
diff --git a/fdio.infra.ansible/roles/common/handlers/main.yaml b/fdio.infra.ansible/roles/common/handlers/main.yaml
index 0a4944b4ca..0be8cf215b 100644
--- a/fdio.infra.ansible/roles/common/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/common/handlers/main.yaml
@@ -1,5 +1,5 @@
---
-# file: roles/common/handlers/main.yaml
+# file: handlers/main.yaml
- name: Reboot Server
ansible.builtin.reboot:
diff --git a/fdio.infra.ansible/roles/common/tasks/main.yaml b/fdio.infra.ansible/roles/common/tasks/main.yaml
index e47a1fc7a8..7f03f2ceba 100644
--- a/fdio.infra.ansible/roles/common/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/common/tasks/main.yaml
@@ -1,7 +1,7 @@
---
-# file: roles/common/tasks/main.yaml
+# file: tasks/main.yaml
-- name: Conf - Add permanent proxy settings
+- name: Add permanent proxy settings
ansible.builtin.lineinfile:
path: "/etc/environment"
state: "present"
@@ -11,31 +11,39 @@
tags:
- common-conf-proxy
-- name: Inst - Update package cache (apt)
+- name: Update Repositories Cache
ansible.builtin.apt:
update_cache: true
- cache_valid_time: 3600
when:
- - ansible_distribution|lower == 'ubuntu'
+ - ansible_os_family == 'Debian'
tags:
- common-inst-prerequisites
-- name: Inst - Prerequisites
+- name: Prerequisites
ansible.builtin.package:
name: "{{ packages | flatten(levels=1) }}"
state: "latest"
tags:
- common-inst-prerequisites
-- name: Inst - Meson (DPDK)
+- name: PIP management
+ ansible.builtin.file:
+ path: "/usr/lib/python3.12/EXTERNALLY-MANAGED"
+ state: "absent"
+ tags:
+ - common-inst-pip
+
+- name: Meson (DPDK)
ansible.builtin.pip:
name:
- "meson==0.64.1"
state: "forcereinstall"
+ environment:
+ ANSIBLE_SKIP_CONFLICT_CHECK: 1
tags:
- - common-inst-meson
+ - common-inst-pip
-- name: Conf - sudoers admin
+- name: sudoers admin
ansible.builtin.lineinfile:
path: "/etc/sudoers"
state: "present"
@@ -45,7 +53,7 @@
tags:
- common-conf-sudoers
-- name: Conf - sudoers nopasswd
+- name: sudoers nopasswd
ansible.builtin.lineinfile:
path: "/etc/sudoers"
state: "present"
diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml
index 9ea38efb56..0ba7f33d0b 100644
--- a/fdio.infra.ansible/roles/consul/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml
@@ -52,7 +52,7 @@ consul_user: "consul"
# Conf - base.hcl
consul_allow_tls: true
consul_bind_addr: "{{ ansible_default_ipv4.address }}"
-consul_bootstrap_expect: 1
+consul_bootstrap_expect: 2
consul_client_addr: "0.0.0.0"
consul_datacenter: "dc1"
consul_disable_update_check: true
diff --git a/fdio.infra.ansible/roles/docker/defaults/main.yaml b/fdio.infra.ansible/roles/docker/defaults/main.yaml
index bf97b4a192..e0338fb5ad 100644
--- a/fdio.infra.ansible/roles/docker/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/docker/defaults/main.yaml
@@ -1,5 +1,5 @@
---
-# file: roles/docker/defaults/main.yaml
+# file: defaults/main.yaml
# Version options.
docker_edition: "ce"
diff --git a/fdio.infra.ansible/roles/docker/handlers/main.yaml b/fdio.infra.ansible/roles/docker/handlers/main.yaml
index 53eb8528f6..c8c3328cac 100644
--- a/fdio.infra.ansible/roles/docker/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/docker/handlers/main.yaml
@@ -1,5 +1,5 @@
---
-# file roles/docker/handlers/main.yaml
+# file handlers/main.yaml
- name: Restart Docker
ansible.builtin.service:
diff --git a/fdio.infra.ansible/roles/docker/meta/main.yaml b/fdio.infra.ansible/roles/docker/meta/main.yaml
index 7bef656eb5..0a1fe9787b 100644
--- a/fdio.infra.ansible/roles/docker/meta/main.yaml
+++ b/fdio.infra.ansible/roles/docker/meta/main.yaml
@@ -4,15 +4,18 @@
dependencies: []
galaxy_info:
- role_name: docker
- author: fd.io
- description: Docker-CE for Linux.
- company: none
- license: "license (Apache)"
- min_ansible_version: 2.9
+ role_name: "docker"
+ author: "pmikus"
+ description: "Docker-CE for Linux."
+ company: "none"
+ license: "license (BSD, MIT)"
+ min_ansible_version: "2.9"
platforms:
- - name: Ubuntu
+ - name: "Ubuntu"
versions:
- - jammy
+ - "jammy"
+ - name: "Debian"
+ versions:
+ - "bookworm"
galaxy_tags:
- - docker
+ - "docker"
diff --git a/fdio.infra.ansible/roles/docker/tasks/jammy.yaml b/fdio.infra.ansible/roles/docker/tasks/Debian.yaml
index 8ec7a01ee1..f81277ac47 100644
--- a/fdio.infra.ansible/roles/docker/tasks/jammy.yaml
+++ b/fdio.infra.ansible/roles/docker/tasks/Debian.yaml
@@ -1,7 +1,7 @@
---
-# file: roles/docker/tasks/ubuntu_jammy.yaml
+# file: tasks/Debian.yaml
-- name: Inst - Dependencies
+- name: "Install Dependencies"
ansible.builtin.apt:
name:
- "apt-transport-https"
@@ -14,14 +14,14 @@
tags:
- docker-inst-dependencies
-- name: Conf - Add APT Key
+- name: "Add APT Key"
ansible.builtin.apt_key:
url: "{{ docker_apt_gpg_key }}"
state: "{{ docker_apt_gpg_key_state }}"
tags:
- docker-conf-apt
-- name: Conf - Install APT Repository
+- name: "Install APT Repository"
ansible.builtin.apt_repository:
repo: "{{ docker_apt_repository }}"
state: "{{ docker_apt_repository_state }}"
diff --git a/fdio.infra.ansible/roles/docker/tasks/main.yaml b/fdio.infra.ansible/roles/docker/tasks/main.yaml
index e07b29e363..4146dbbadf 100644
--- a/fdio.infra.ansible/roles/docker/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/docker/tasks/main.yaml
@@ -1,11 +1,17 @@
---
-# file: roles/docker/tasks/main.yaml
+# file: tasks/main.yaml
-- include_tasks: "{{ ansible_distribution_release }}.yaml"
+- name: "Install Prerequisites Based on OS"
+ ansible.builtin.include_tasks:
+ file: "{{ item }}"
+ with_first_found:
+ - files:
+ - "{{ ansible_os_family }}.yaml"
+ - "default.yaml"
tags:
- docker-inst-dependencies
-- name: Inst - Docker
+- name: "Install Docker"
ansible.builtin.package:
name:
- "{{ docker_package }}"
@@ -14,7 +20,7 @@
tags:
- docker-inst-package
-- name: Conf - Docker Service
+- name: "Enable Docker Service"
ansible.builtin.service:
name: docker
state: "{{ docker_service_state }}"
@@ -24,7 +30,7 @@
tags:
- docker-conf-service
-- name: Conf - Docker Service Directory
+- name: "Docker Service Directory"
ansible.builtin.file:
path: "/etc/systemd/system/docker.service.d"
state: "directory"
@@ -34,7 +40,7 @@
tags:
- docker-conf-service
-- name: Conf - Docker Daemon
+- name: "Configure Docker Daemon"
ansible.builtin.template:
src: "templates/daemon.json.j2"
dest: "/etc/docker/daemon.json"
@@ -49,7 +55,7 @@
tags:
- docker-conf-daemon
-- name: Conf - Docker HTTP Proxy
+- name: "Configure Docker HTTP Proxy"
ansible.builtin.template:
src: "templates/docker.service.proxy.http"
dest: "/etc/systemd/system/docker.service.d/http-proxy.conf"
@@ -65,7 +71,7 @@
tags:
- docker-conf-service
-- name: Conf - Docker HTTPS Proxy
+- name: "Configure Docker HTTPS Proxy"
ansible.builtin.template:
src: "templates/docker.service.proxy.https"
dest: "/etc/systemd/system/docker.service.d/https-proxy.conf"
@@ -81,5 +87,5 @@
tags:
- docker-conf-service
-- name: Meta - Flush handlers
+- name: "Meta - Flush handlers"
ansible.builtin.meta: flush_handlers
diff --git a/fdio.infra.ansible/roles/intel/defaults/main.yaml b/fdio.infra.ansible/roles/intel/defaults/main.yaml
index 9a3c5c0f0c..603b1367b9 100644
--- a/fdio.infra.ansible/roles/intel/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/intel/defaults/main.yaml
@@ -62,9 +62,9 @@ intel_700_compatibility_matrix:
intel_800_compatibility_matrix:
dpdk22.03:
# custom for vpp_device
- ice: "1.13.7"
+ ice: "1.14.13"
ddp: "1.3.45.0"
- iavf: "4.9.5"
+ iavf: "4.11.3"
nvm: "4.40"
dpdk22.07:
# https://doc.dpdk.org/guides/rel_notes/release_22_07.html
@@ -93,11 +93,13 @@ intel_i40e_url:
intel_ice_url:
"1.9.7": "ice%20stable/1.9.7/ice-1.9.7.tar.gz/download"
"1.13.7": "ice%20stable/1.13.7/ice-1.13.7.tar.gz/download"
+ "1.14.13": "ice%20stable/1.14.13/ice-1.14.13.tar.gz/download"
intel_iavf_url:
"4.3.19": "iavf%20stable/4.3.19/iavf-4.3.19.tar.gz/download"
"4.5.3": "iavf%20stable/4.5.3/iavf-4.5.3.tar.gz/download"
"4.9.5": "iavf%20stable/4.9.5/iavf-4.9.5.tar.gz/download"
+ "4.11.3": "iavf%20stable/4.11.3/iavf-4.11.3.tar.gz/download"
intel_ddp_url:
"1.3.37.0": "738733/800%20Series%20DDP%20Comms%20Package%201.3.37.0.zip"
diff --git a/fdio.infra.ansible/roles/nomad/defaults/main.yaml b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
index 535db2bb2c..333d4763bd 100644
--- a/fdio.infra.ansible/roles/nomad/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
@@ -134,7 +134,7 @@ nomad_consul_address: "localhost:8500"
nomad_consul_token: ""
nomad_consul_servers_service_name: "nomad"
nomad_consul_clients_service_name: "nomad-client"
-nomad_consul_tags: {}
+nomad_consul_tags: ""
nomad_consul_use_ssl: false
# ACLs
diff --git a/fdio.infra.ansible/roles/nomad/templates/consul.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/consul.hcl.j2
index a9c1aff7b2..c1fe878965 100644
--- a/fdio.infra.ansible/roles/nomad/templates/consul.hcl.j2
+++ b/fdio.infra.ansible/roles/nomad/templates/consul.hcl.j2
@@ -33,7 +33,7 @@ consul {
# Specifies optional Consul tags to be registered with the Nomad server and
# agent services.
- tags = {{ nomad_consul_tags | to_json }}
+ tags = "{{ nomad_consul_tags }}"
# Specifies the token used to provide a per-request ACL token. This option
# overrides the Consul Agent's default token. If the token is not set here
@@ -60,4 +60,4 @@ consul {
{% endif %}
}
-{% endif %} \ No newline at end of file
+{% endif %}
diff --git a/fdio.infra.ansible/roles/user_add/defaults/main.yaml b/fdio.infra.ansible/roles/user_add/defaults/main.yaml
index 643ad7dfd7..799f660b73 100644
--- a/fdio.infra.ansible/roles/user_add/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/user_add/defaults/main.yaml
@@ -1,5 +1,5 @@
---
-# file: roles/user_add/defaults/main.yaml
+# file: defaults/main.yaml
# Default shell for a user if none is specified.
users_shell: /bin/bash
diff --git a/fdio.infra.ansible/roles/user_add/handlers/main.yaml b/fdio.infra.ansible/roles/user_add/handlers/main.yaml
index 5f1f71a332..e5c2a82780 100644
--- a/fdio.infra.ansible/roles/user_add/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/user_add/handlers/main.yaml
@@ -1,5 +1,5 @@
---
-# file: roles/user_add/handlers/main.yaml
+# file: handlers/main.yaml
- name: Restart SSHd
ansible.builtin.service:
diff --git a/fdio.infra.ansible/roles/user_add/tasks/main.yaml b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
index 329c6abd07..c01a1497d8 100644
--- a/fdio.infra.ansible/roles/user_add/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
@@ -1,7 +1,7 @@
---
-# file: roles/user_add/tasks/main.yaml
+# file: tasks/main.yaml
-- name: Conf - Add User
+- name: Add User
ansible.builtin.user:
append: "{{ item.append | default(omit) }}"
createhome: "{{ 'yes' if users_create_homedirs else 'no' }}"
@@ -15,7 +15,7 @@
tags:
- user-add-conf
-- name: Conf - SSH keys
+- name: SSH keys
ansible.builtin.authorized_key:
user: "{{ item.0.username }}"
key: "{{ item.1 }}"
@@ -26,13 +26,11 @@
tags:
- user-add-conf
-- name: Conf - Disable Password Login
+- name: Disable Password Login
ansible.builtin.lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "^PasswordAuthentication yes"
line: "PasswordAuthentication no"
- notify:
- - "Restart SSHd"
when:
- sshd_disable_password_login
tags:
diff --git a/fdio.infra.ansible/roles/vault/defaults/main.yaml b/fdio.infra.ansible/roles/vault/defaults/main.yaml
index 5dd3db63c1..69386146d0 100644
--- a/fdio.infra.ansible/roles/vault/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/vault/defaults/main.yaml
@@ -107,7 +107,7 @@ vault_backend_tls_key_file: "{{ vault_tls_key_file }}"
vault_backend_tls_ca_file: "{{ vault_tls_ca_file }}"
vault_consul: "127.0.0.1:8500"
-vault_consul_path: "vault"
+vault_consul_path: "vault_data"
vault_consul_service: "vault"
vault_consul_scheme: "http"
@@ -146,7 +146,7 @@ vault_tls_disable: "{{ lookup('env','VAULT_TLS_DISABLE') | default(1, true) }}"
vault_tls_gossip: "{{ lookup('env','VAULT_TLS_GOSSIP') | default(0, true) }}"
vault_tls_copy_keys: true
-vault_protocol: "{% if vault_tls_disable %}http{% else %}https{% endif %}"
+vault_protocol: "{% if vault_tls_disable %}https{% else %}https{% endif %}"
vault_tls_cert_file: "{{ lookup('env','VAULT_TLS_CERT_FILE') | default('server.crt', true) }}"
vault_tls_key_file: "{{ lookup('env','VAULT_TLS_KEY_FILE') | default('server.key', true) }}"
vault_tls_ca_file: "{{ lookup('env','VAULT_TLS_CA_CRT') | default('ca.crt', true) }}"
diff --git a/fdio.infra.ansible/roles/vault/templates/vault_backend_consul.j2 b/fdio.infra.ansible/roles/vault/templates/vault_backend_consul.j2
index c45498af90..32f2fdcb01 100644
--- a/fdio.infra.ansible/roles/vault/templates/vault_backend_consul.j2
+++ b/fdio.infra.ansible/roles/vault/templates/vault_backend_consul.j2
@@ -12,4 +12,4 @@ backend "consul" {
tls_ca_file="{{ vault_backend_tls_config_path }}/{{ vault_backend_tls_ca_file }}"
{% endif %}
-} \ No newline at end of file
+}