fix(terraform): AWS

Signed-off-by: Peter Mikus <peter.mikus@protonmail.ch> Change-Id: Ib1c89fb06dd2ad9c34f8b84c07c62806763ea878
author: Peter Mikus <peter.mikus@protonmail.ch> 2024-12-16 11:45:31 +0100
committer: Peter Mikus <peter.mikus@protonmail.ch> 2024-12-16 11:45:31 +0100
commit: a6cb05d1b843254ef1c4109ea82245da5491b111 (patch)
tree: 8b1c97d7e83b26509132364a3f5a39ce300725c9 /fdio.infra.ansible
parent: e59a830c21e699d51d6a95161575d5c9623f1a19 (diff)
5 files changed, 47 insertions, 277 deletions
diff --git a/fdio.infra.ansible/roles/aws/files/get-vfio-with-wc.sh b/fdio.infra.ansible/roles/aws/files/get-vfio-with-wc.sh
deleted file mode 100644
index 02a3139b66..0000000000
--- a/fdio.infra.ansible/roles/aws/files/get-vfio-with-wc.sh
+++ /dev/null
@@ -1,203 +0,0 @@
-#!/usr/bin/env bash
-# Enable WC in VFIO-PCI driver
-# Tested on:
-#  * Amazon Linux 2 AMI (HVM), SSD Volume Type - ami-0bb3fad3c0286ebd5
-#  * Amazon Linux AMI 2018.03.0 (HVM), SSD Volume Type - ami-015232c01a82b847b
-#  * Red Hat Enterprise Linux 8 (HVM), SSD Volume Type - ami-08f4717d06813bf00
-#  * Ubuntu Server 20.04 LTS (HVM), SSD Volume Type - ami-06fd8a495a537da8b
-#  * Ubuntu Server 18.04 LTS (HVM), SSD Volume Type - ami-0823c236601fef765
-
-set -e
-
-TMP_DIR="tmp"
-
-# Kernel modules location:
-P1="/usr/lib/modules/`uname -r`/kernel/drivers/vfio"
-P2="/lib/modules/`uname -r`/kernel/drivers/vfio"
-
-# This may return an error if executed from inside the script
-set +e
-RED="$(tput setaf 1)"
-GREEN="$(tput setaf 2)"
-
-BOLD="$(tput bold)"
-NORMAL="$(tput sgr0)"
-set -e
-
-function bold {
-	echo -e "${BOLD}${@}${NORMAL}"
-}
-
-function err {
-	bold "${RED}ERROR: ${@}"
-}
-
-function green {
-	bold "${GREEN}${@}"
-}
-
-function get_kernel_version {
-	local ver=$(uname -r | cut -f 1 -d '-')
-	local ver_major=$(echo $ver | cut -f1 -d '.')
-	local ver_minor=$(echo $ver | cut -f2 -d '.')
-	local ver_subminor=$(echo $ver | cut -f3 -d '.')
-
-	printf "%d%02d%04d" "${ver_major}" "${ver_minor}" "${ver_subminor}"
-}
-
-function download_kernel_src_yum {
-	echo "Use yum to get the kernel sources"
-
-	bold "\nInstall required applications and kernel headers"
-	yum install -y gcc "kernel-$(uname -r)" "kernel-devel-$(uname -r)" \
-	    git make elfutils-libelf-devel patch yum-utils
-	green Done
-
-	# Download kernel source
-	bold "\nDownload kernel source with vfio"
-	yumdownloader --source "kernel-devel-$(uname -r)"
-	rpm2cpio kernel*.src.rpm | cpio -idmv
-	green Done
-
-	rm -f *patches.tar
-	tar xf linux-*.tar*
-	rm -f linux-*.tar* linux-*.patch
-}
-
-function download_kernel_src_apt {
-	echo "Use apt-get to get the kernel sources"
-	apt-get -q -y update
-	green Done
-
-	bold "\nInstall required applications"
-	apt-get -q -y install dpkg-dev build-essential git
-	green Done
-
-	bold "\nDownload Linux kernel source with vfio"
-	if ! apt-get -q -y source -t focal linux-image-$(uname -r); then
-		err "Cannot download Linux kernel source.\nPlease uncomment appropriate 'deb-src' line in the /etc/apt/sources.list file"
-		exit 1
-	fi
-	green Done
-
-	rm -f linux-*.dsc linux-*.gz
-}
-
-function download_kernel_src {
-	bold "[1] Downloading prerequisites..."
-	rm -rf "${TMP_DIR}"
-	mkdir -p "${TMP_DIR}"
-	cd "${TMP_DIR}"
-
-	if apt-get -v >/dev/null 2>/dev/null; then
-		download_kernel_src_apt
-	else
-		download_kernel_src_yum
-	fi
-	cd linux-*
-}
-
-function apply_wc_patch {
-	echo "Using patch for kernel version 4.10"
-	local wc_patch="${BASE_PATH}/patches/linux-4.10-vfio-wc.patch"
-
-	if ! patch --ignore-whitespace -p1 < "${wc_patch}"; then
-		err "Cannot apply patch: ${wc_patch}!"
-		exit 1
-	fi
-}
-
-function compile_vfio_driver {
-	bold "\n[2] Patch and build the vfio driver"
-	# Adjust VFIO-PCI driver
-
-	bold "Apply patch for the write combining to the vfio-pci"
-	apply_wc_patch
-	green Done
-
-	cd drivers/vfio
-	# Configure Makefile - build VFIO with support for NOIOMMU mode
-	bold "\nConfigure Makefile for standalone vfio build and noiommu mode support"
-	echo "ccflags-y := -DCONFIG_VFIO_NOIOMMU=1" >> Makefile
-	echo 'all:' >> Makefile
-	echo '	make -C /lib/modules/$(shell uname -r)/build M=$(PWD) modules' >> Makefile
-	green Done
-
-	bold "\nBuild the driver"
-	if ! make; then
-		err "Compilation error."
-		exit 1
-	fi
-	green Done
-}
-
-function get_module_location {
-	for p in ${P1} ${P2}; do
-		if find "${p}" -name "vfio.*" >/dev/null 2>/dev/null; then
-			MOD_PATH="${p}"
-			break
-		fi
-	done
-
-	if [ -z "${MOD_PATH}" ]; then
-		err "Cannot find kernel modules location..."
-		exit
-	fi
-}
-
-function get_module_compression {
-	if ls "${MOD_PATH}/vfio.ko.xz" >/dev/null 2>/dev/null; then
-		XZ=".xz"
-	else
-		XZ=""
-	fi
-}
-
-function replace_module {
-	local installed=0
-
-	bold "\n[3] Install module"
-	get_module_location
-	get_module_compression
-
-	for name in "pci/vfio-pci.ko" "pci/vfio-pci-core.ko" "vfio.ko"; do
-		if test -e "${MOD_PATH}/${name}${XZ}"; then
-			if [ -n "${XZ}" ]; then
-				xz "${name}" -c > "${name}${XZ}"
-			fi
-			mv "${MOD_PATH}/${name}${XZ}" "${MOD_PATH}/${name}${XZ}_no_wc"
-			cp "${name}${XZ}" "${MOD_PATH}/${name}${XZ}"
-			bold "Installing: ${MOD_PATH}/${name}${XZ}"
-			installed=1
-		fi
-	done
-	if [ "${installed}" -eq 1 ]; then
-		green "Module installed at: ${MOD_PATH}"
-	else
-		err "Failure during vfio-pci module installation. Prehaps it's not provided as a kernel module!"
-		exit 1
-	fi
-}
-
-###############################################
-# Main script code
-###############################################
-
-if [ "$(id -u)" -ne 0 ]; then
-	err 'Please execute script as a root'
-	exit 1
-fi
-
-cd $(dirname ${0})
-BASE_PATH=$(pwd)
-
-KERNEL_VERSION=$(get_kernel_version)
-
-if [ "${KERNEL_VERSION}" -lt 4100000 ]; then
-	err "Kernel version: $(uname -r) is not supported by the script. Please upgrade kernel to at least v4.10."
-	exit 1
-fi
-
-download_kernel_src
-compile_vfio_driver
-replace_module
diff --git a/fdio.infra.ansible/roles/aws/handlers/main.yaml b/fdio.infra.ansible/roles/aws/handlers/main.yaml
index b9680b10ea..fc7a13f1bc 100644
--- a/fdio.infra.ansible/roles/aws/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/aws/handlers/main.yaml
@@ -12,14 +12,3 @@
   ansible.builtin.command: "update-grub"
   tags:
     - update-grub
-
-- name: "Reboot Server"
-  ansible.builtin.reboot:
-    reboot_timeout: 3600
-  tags:
-    - reboot-server
-
-- name: "Restart SSHd"
-  ansible.builtin.service:
-    name: "sshd"
-    state: restarted
diff --git a/fdio.infra.ansible/roles/aws/tasks/main.yaml b/fdio.infra.ansible/roles/aws/tasks/main.yaml
index b06fe93d42..750bf9f4f7 100644
--- a/fdio.infra.ansible/roles/aws/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/aws/tasks/main.yaml
@@ -1,10 +1,22 @@
 ---
 # file: tasks/main.yaml
 
-- name: "Edit repositories"
-  include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml"
+- name: "Enable deb-src APT Repository"
+  ansible.builtin.apt_repository:
+    repo: "deb-src {{ packages_repo[ansible_distribution|lower][ansible_machine] }} noble main"
+    state: "present"
+    update_cache: true
+  tags:
+    - aws-enable-src-repo
+
+- name: "Update Package Cache (APT)"
+  ansible.builtin.apt:
+    update_cache: true
+    cache_valid_time: 3600
+  when:
+    - ansible_distribution == 'Ubuntu'
   tags:
-    - aws-edit-repo
+    - aws-enable-src-repo
 
 - name: "Prerequisites"
   ansible.builtin.package:
@@ -59,11 +71,11 @@
 
 - meta: flush_handlers
 
-- name: "Disable Password Login"
+- name: "Enable Password Login"
   ansible.builtin.lineinfile:
     dest: "/etc/ssh/sshd_config"
-    regexp: "^PasswordAuthentication yes"
-    line: "PasswordAuthentication no"
+    regexp: "^PasswordAuthentication no"
+    line: "PasswordAuthentication yes"
   tags:
     - conf-ssh
 
@@ -127,7 +139,33 @@
   tags:
     - aws-set-hugepages
 
-- name: "Shutdown host with delay"
-  ansible.builtin.command: "/sbin/shutdown -P +720"
+- name: "Add User"
+  ansible.builtin.user:
+    createhome: "yes"
+    groups: "adm,sudo"
+    name: "testuser"
+    password: "$6$Y62lhMGJD8YNzmJn$H4DSqjrwFp5WN3tOvIrF.g/G2duOV76zXHAmaA/RU8jfT8H8sDumLQe/Q.EmI5pjPv7dzgI8j9BQPWes7efBK0"
+    shell: "/bin/bash"
+    state: "present"
+  tags:
+    - aws-user-add
+
+- name: "sudoers admin"
+  ansible.builtin.lineinfile:
+    path: "/etc/sudoers"
+    state: "present"
+    regexp: "^%admin ALL="
+    line: "%admin ALL=(ALL) ALL"
+    validate: "/usr/sbin/visudo -cf %s"
+  tags:
+    - aws-sudoers
+
+- name: "sudoers nopasswd"
+  ansible.builtin.lineinfile:
+    path: "/etc/sudoers"
+    state: "present"
+    regexp: "^%sudo"
+    line: "%sudo ALL=(ALL:ALL) NOPASSWD: ALL"
+    validate: "/usr/sbin/visudo -cf %s"
   tags:
-    - aws-set-self-terminate
+    - aws-sudoers
diff --git a/fdio.infra.ansible/roles/aws/tasks/ubuntu_jammy.yaml b/fdio.infra.ansible/roles/aws/tasks/ubuntu_jammy.yaml
deleted file mode 100644
index c589239f61..0000000000
--- a/fdio.infra.ansible/roles/aws/tasks/ubuntu_jammy.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-# file: tasks/ubuntu_jammy.yaml
-
-- name: Enable deb-src APT Repository
-  ansible.builtin.apt_repository:
-    repo: "deb-src {{ packages_repo[ansible_distribution|lower][ansible_machine] }} jammy main"
-    state: "present"
-    update_cache: true
-  tags:
-    - aws-enable-src-repo
-
-- name: Enable deb APT Repository Focal
-  ansible.builtin.apt_repository:
-    repo: "deb {{ packages_repo[ansible_distribution|lower][ansible_machine] }} focal main"
-    state: "present"
-    update_cache: true
-  tags:
-    - aws-enable-src-repo
-
-- name: Enable deb-src APT Repository Focal Src
-  ansible.builtin.apt_repository:
-    repo: "deb-src {{ packages_repo[ansible_distribution|lower][ansible_machine] }} focal main"
-    state: "present"
-    update_cache: true
-  tags:
-    - aws-enable-src-repo
-
-- name: Update Package Cache (APT)
-  ansible.builtin.apt:
-    update_cache: true
-    cache_valid_time: 3600
-  when:
-    - ansible_distribution == 'Ubuntu'
-  tags:
-    - aws-enable-src-repo
-\ No newline at end of file
diff --git a/fdio.infra.ansible/roles/aws/tasks/ubuntu_noble.yaml b/fdio.infra.ansible/roles/aws/tasks/ubuntu_noble.yaml
deleted file mode 100644
index f99da4fdb0..0000000000
--- a/fdio.infra.ansible/roles/aws/tasks/ubuntu_noble.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-# file: tasks/ubuntu_noble.yaml
-
-- name: "Enable deb-src APT Repository"
-  ansible.builtin.apt_repository:
-    repo: "deb-src {{ packages_repo[ansible_distribution|lower][ansible_machine] }} noble main"
-    state: "present"
-    update_cache: true
-  tags:
-    - aws-enable-src-repo
-
-- name: "Update Package Cache (APT)"
-  ansible.builtin.apt:
-    update_cache: true
-    cache_valid_time: 3600
-  when:
-    - ansible_distribution == 'Ubuntu'
-  tags:
-    - aws-enable-src-repo
-\ No newline at end of file
author	Peter Mikus <peter.mikus@protonmail.ch>	2024-12-16 11:45:31 +0100
committer	Peter Mikus <peter.mikus@protonmail.ch>	2024-12-16 11:45:31 +0100
commit	a6cb05d1b843254ef1c4109ea82245da5491b111 (patch)
tree	8b1c97d7e83b26509132364a3f5a39ce300725c9 /fdio.infra.ansible
parent	e59a830c21e699d51d6a95161575d5c9623f1a19 (diff)