diff options
Diffstat (limited to 'fdio.infra.ansible/inventories/lf_inventory')
75 files changed, 1102 insertions, 755 deletions
diff --git a/fdio.infra.ansible/inventories/lf_inventory/group_vars/all.yaml b/fdio.infra.ansible/inventories/lf_inventory/group_vars/all.yaml index 0756621eef..719ef32625 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/group_vars/all.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/group_vars/all.yaml @@ -1,5 +1,2 @@ --- # file: lf_inventory/group_vars/all.yaml - -# Ansible interpreter (for PIP) -ansible_python_interpreter: "/usr/bin/python3" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.20.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.20.yaml deleted file mode 100644 index 8055eec3e9..0000000000 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.20.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -# file: host_vars/10.30.51.20.yaml - -hostname: "s20-nomad" -inventory_cimc_hostname: "10.30.50.20" - -# User management. -users: - - username: localadmin - groups: [adm, sudo] - password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" - ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQ5KJyLPM5yJAVLwhEwiTEZD5LkY7FEPOoyJplVMQu5/oIp+KtFr4/RrFEpJwlzuE3um+Hn9+4KZJiQvVJBEp/ZYeGMXJDw0oHlubtI/0AEdolM5TvYNzCASHulRfg2JdCGAeCG5W7vkPQmJjwtQFNw3ISGKKHgJBGipqUjDyuZPi24RI0YBfqtr/GDA0e9dZwkqI+F5yxVi9vXG68bpMkxpeC4Zlxe2DmXAEp787LYSlF+HoELPW3AAWnuQ3j1R2tImM/S9jlxfb9Uy7KlX9epkGV2/caS2EiLszT7604LrSZy4soko1CgtX1LJ3Qobz9OppkJQ+tiBU8C0oz8Z5CXnQ/GYmFt9SBDHneB1ZOtIcoV8HTQVLKCse/VXogQogdG8xOis6F+R3OAJQUF7w3ujIBCXv8ghVcynvzaGB1kxZtwceEqtIXSFdve6T2onyM0722aQ93MiXPv+IA5qpkpSN3JS0KFGxKalTdFz9+lx/agV4JVOrVxEASfok3hbNzEm/4DwUyvgf2vbHlfYQdjHg2mBmYnN3iY/ccU906Tt/TlIp25+FIIbTiLn/nt3NLLPPEZJbJDkEJ5tgJ7XLfJ9ByCfZoOIMdSPF/swDXafTcA5mJ4AKFS0HJf9wBvbgkmD2OttOAvL8k2mqsb7MiMurbXm7Ko/D+nEX+oxkKZQ== peter.mikus@protonmail.ch" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" -sshd_disable_password_login: true - -# Nomad settings. -nomad_certificates: - - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" - - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" - - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" -nomad_datacenter: "yul1" -nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" -nomad_node_role: "client" -nomad_node_class: "builder" -nomad_options: - driver.raw_exec.enable: 1 - docker.cleanup.image: false - docker.privileged.enabled: true - docker.volumes.enabled: true - driver.whitelist: "docker,raw_exec,exec" -nomad_service_mgr: "systemd" -nomad_retry_servers: - - "10.30.51.23" - - "10.30.51.24" - - "10.30.51.25" -nomad_servers: - - "10.30.51.23:4647" - - "10.30.51.24:4647" - - "10.30.51.25:4647" - -# Consul settigs. -consul_nomad_integration: true -consul_certificates: - - src: "{{ file_consul_ca_pem }}" - dest: "{{ consul_ca_file }}" -consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" -consul_node_role: "client" -consul_retry_servers: - - "10.30.51.23" - - "10.30.51.24" - - "10.30.51.25" -consul_service_mgr: "systemd" - -# Docker daemon settings. -docker_daemon: - dns: ["172.17.0.1"] - dns-opts: [] - dns-search: ["{{ansible_hostname}}"] diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.21.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.21.yaml index 0bcbaed0ec..b28cae11ff 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.21.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.21.yaml @@ -2,7 +2,7 @@ # file: host_vars/10.30.51.21.yaml hostname: "s21-nomad" -inventory_cimc_hostname: "10.30.50.21" +inventory_ipmi_hostname: "10.30.50.21" # User management. users: @@ -10,56 +10,77 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQ5KJyLPM5yJAVLwhEwiTEZD5LkY7FEPOoyJplVMQu5/oIp+KtFr4/RrFEpJwlzuE3um+Hn9+4KZJiQvVJBEp/ZYeGMXJDw0oHlubtI/0AEdolM5TvYNzCASHulRfg2JdCGAeCG5W7vkPQmJjwtQFNw3ISGKKHgJBGipqUjDyuZPi24RI0YBfqtr/GDA0e9dZwkqI+F5yxVi9vXG68bpMkxpeC4Zlxe2DmXAEp787LYSlF+HoELPW3AAWnuQ3j1R2tImM/S9jlxfb9Uy7KlX9epkGV2/caS2EiLszT7604LrSZy4soko1CgtX1LJ3Qobz9OppkJQ+tiBU8C0oz8Z5CXnQ/GYmFt9SBDHneB1ZOtIcoV8HTQVLKCse/VXogQogdG8xOis6F+R3OAJQUF7w3ujIBCXv8ghVcynvzaGB1kxZtwceEqtIXSFdve6T2onyM0722aQ93MiXPv+IA5qpkpSN3JS0KFGxKalTdFz9+lx/agV4JVOrVxEASfok3hbNzEm/4DwUyvgf2vbHlfYQdjHg2mBmYnN3iY/ccU906Tt/TlIp25+FIIbTiLn/nt3NLLPPEZJbJDkEJ5tgJ7XLfJ9ByCfZoOIMdSPF/swDXafTcA5mJ4AKFS0HJf9wBvbgkmD2OttOAvL8k2mqsb7MiMurbXm7Ko/D+nEX+oxkKZQ== peter.mikus@protonmail.ch" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" - - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" - - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_ca_file }}" + - src: "{{ file_nomad_server_pem }}" + dest: "{{ nomad_tls_cert_file }}" + - src: "{{ file_nomad_server_key_pem }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" +nomad_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" nomad_node_role: "client" nomad_node_class: "builder" nomad_options: driver.raw_exec.enable: 1 - docker.cleanup.image: false + docker.cleanup.image: true docker.privileged.enabled: true docker.volumes.enabled: true driver.whitelist: "docker,raw_exec,exec" + fingerprint.network.disallow_link_local: true nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - - "10.30.51.23" + - "10.30.51.26" - "10.30.51.24" - "10.30.51.25" nomad_servers: - - "10.30.51.23:4647" + - "10.30.51.26:4647" - "10.30.51.24:4647" - "10.30.51.25:4647" -# Consul settigs. -consul_nomad_integration: true +# Consul settings. +nomad_use_consul: true consul_certificates: - src: "{{ file_consul_ca_pem }}" dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_0_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_0_key_pem }}" + dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "client" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - - "10.30.51.23" + - "10.30.51.26" - "10.30.51.24" - "10.30.51.25" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" + # Docker daemon settings. docker_daemon: dns: ["172.17.0.1"] diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.22.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.22.yaml index 9364464ac2..8d7223495b 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.22.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.22.yaml @@ -2,7 +2,7 @@ # file: host_vars/10.30.51.22.yaml hostname: "s22-nomad" -inventory_cimc_hostname: "10.30.50.22" +inventory_ipmi_hostname: "10.30.50.22" # User management. users: @@ -10,56 +10,76 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" - - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" - - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_ca_file }}" + - src: "{{ file_nomad_server_pem }}" + dest: "{{ nomad_tls_cert_file }}" + - src: "{{ file_nomad_server_key_pem }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" +nomad_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" nomad_node_role: "client" nomad_node_class: "builder" nomad_options: driver.raw_exec.enable: 1 - docker.cleanup.image: false + docker.cleanup.image: true docker.privileged.enabled: true docker.volumes.enabled: true driver.whitelist: "docker,raw_exec,exec" + fingerprint.network.disallow_link_local: true nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - "10.30.51.23" - - "10.30.51.24" + - "10.30.51.26" - "10.30.51.25" nomad_servers: - "10.30.51.23:4647" - - "10.30.51.24:4647" + - "10.30.51.26:4647" - "10.30.51.25:4647" # Consul settigs. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - src: "{{ file_consul_ca_pem }}" dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_1_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_1_key_pem }}" + dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "client" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - "10.30.51.23" - - "10.30.51.24" + - "10.30.51.26" - "10.30.51.25" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" # Docker daemon settings. docker_daemon: diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.23.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.23.yaml index b0a950988d..8c3afaf74c 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.23.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.23.yaml @@ -10,21 +10,23 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_server_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_server_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" @@ -38,6 +40,11 @@ nomad_options: driver.whitelist: "docker,raw_exec,exec" fingerprint.network.disallow_link_local: true nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - "10.30.51.26" - "10.30.51.24" @@ -52,7 +59,7 @@ nomad_volumes: read_only: false # Consul settings. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - src: "{{ file_consul_ca_pem }}" dest: "{{ consul_ca_file }}" @@ -60,16 +67,24 @@ consul_certificates: dest: "{{ consul_cert_file }}" - src: "{{ file_consul_server_0_key_pem }}" dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: true consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "both" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - "10.30.51.26" - "10.30.51.24" - "10.30.51.25" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" + # Docker daemon settings. docker_daemon: dns: ["172.17.0.1"] diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.24.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.24.yaml index b7981718e5..cb65e81c26 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.24.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.24.yaml @@ -10,21 +10,23 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_server_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_server_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" @@ -38,6 +40,11 @@ nomad_options: driver.whitelist: "docker,raw_exec,exec" fingerprint.network.disallow_link_local: true nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - "10.30.51.23" - "10.30.51.26" @@ -52,7 +59,7 @@ nomad_volumes: read_only: false # Consul settigs. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - src: "{{ file_consul_ca_pem }}" dest: "{{ consul_ca_file }}" @@ -60,16 +67,24 @@ consul_certificates: dest: "{{ consul_cert_file }}" - src: "{{ file_consul_server_1_key_pem }}" dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: true consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "both" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - "10.30.51.23" - "10.30.51.26" - "10.30.51.25" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" + # Docker daemon settings. docker_daemon: dns: ["172.17.0.1"] diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.25.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.25.yaml index ba84722fc6..20e45a90ea 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.25.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.25.yaml @@ -10,21 +10,23 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_server_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_server_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" @@ -38,6 +40,11 @@ nomad_options: driver.whitelist: "docker,raw_exec,exec" fingerprint.network.disallow_link_local: true nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - "10.30.51.23" - "10.30.51.24" @@ -52,7 +59,7 @@ nomad_volumes: read_only: false # Consul settigs. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - src: "{{ file_consul_ca_pem }}" dest: "{{ consul_ca_file }}" @@ -60,16 +67,24 @@ consul_certificates: dest: "{{ consul_cert_file }}" - src: "{{ file_consul_server_2_key_pem }}" dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: true consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "both" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - "10.30.51.23" - "10.30.51.24" - "10.30.51.26" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" + # Docker daemon settings. docker_daemon: dns: ["172.17.0.1"] diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.26.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.26.yaml index 1ad441bfe9..0d71009ede 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.26.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.26.yaml @@ -10,21 +10,23 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_server_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_server_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" @@ -38,6 +40,11 @@ nomad_options: driver.whitelist: "docker,raw_exec,exec" fingerprint.network.disallow_link_local: true nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - "10.30.51.23" - "10.30.51.24" @@ -52,7 +59,7 @@ nomad_volumes: read_only: false # Consul settigs. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - src: "{{ file_consul_ca_pem }}" dest: "{{ consul_ca_file }}" @@ -60,16 +67,24 @@ consul_certificates: dest: "{{ consul_cert_file }}" - src: "{{ file_consul_server_3_key_pem }}" dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: true consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "both" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - "10.30.51.23" - "10.30.51.24" - "10.30.51.25" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" + # Docker daemon settings. docker_daemon: dns: ["172.17.0.1"] diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.17.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.27.yaml index bcc443919d..745686c31e 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.17.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.27.yaml @@ -1,8 +1,8 @@ --- -# file: host_vars/10.30.51.17.yaml +# file: host_vars/10.30.51.27.yaml -hostname: "s17-nomad" -inventory_cimc_hostname: "10.30.50.17" +hostname: "s27-nomad" +inventory_cimc_hostname: "10.30.50.27" # User management. users: @@ -10,21 +10,23 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" nomad_node_role: "client" @@ -36,6 +38,11 @@ nomad_options: docker.volumes.enabled: true driver.whitelist: "docker,raw_exec,exec" nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - "10.30.51.23" - "10.30.51.24" @@ -45,21 +52,32 @@ nomad_servers: - "10.30.51.24:4647" - "10.30.51.25:4647" -# Consul settigs. -consul_nomad_integration: true +# Consul settings. +nomad_use_consul: true consul_certificates: - - src: "{{ file_consul_ca_pem }}" + - src: "{{ file_consul_agent_ca_pem }}" dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_0_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_0_key_pem }}" + dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "client" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - "10.30.51.23" - "10.30.51.24" - "10.30.51.25" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" # Docker daemon settings. docker_daemon: diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.18.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.28.yaml index cb643b9daa..5a3c8896fc 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.18.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.28.yaml @@ -1,8 +1,8 @@ --- -# file: host_vars/10.30.51.18.yaml +# file: host_vars/10.30.51.28.yaml -hostname: "s18-nomad" -inventory_cimc_hostname: "10.30.50.18" +hostname: "s28-nomad" +inventory_cimc_hostname: "10.30.50.28" # User management. users: @@ -10,21 +10,23 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" nomad_node_role: "client" @@ -36,6 +38,11 @@ nomad_options: docker.volumes.enabled: true driver.whitelist: "docker,raw_exec,exec" nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - "10.30.51.23" - "10.30.51.24" @@ -45,21 +52,32 @@ nomad_servers: - "10.30.51.24:4647" - "10.30.51.25:4647" -# Consul settigs. -consul_nomad_integration: true +# Consul settings. +nomad_use_consul: true consul_certificates: - - src: "{{ file_consul_ca_pem }}" + - src: "{{ file_consul_agent_ca_pem }}" dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_0_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_0_key_pem }}" + dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "client" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - "10.30.51.23" - "10.30.51.24" - "10.30.51.25" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" # Docker daemon settings. docker_daemon: diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.19.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml index 62edabfe0d..543f557d6e 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.19.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml @@ -1,8 +1,17 @@ --- -# file: host_vars/10.30.51.19.yaml +# file: host_vars/10.30.51.30.yaml -hostname: "s19-nomad" -inventory_cimc_hostname: "10.30.50.19" +hostname: "s30-t15-sut1" +grub: + hugepagesz: "2M" + hugepages: 32768 + iommu: "on" + vfio.enable_unsafe_noiommu_mode: 1 +inventory_ipmi_hostname: "10.30.50.30" +vfs_data_file: "csit-initialize-vfs-spr.sh" +cpu_microarchitecture: "sapphirerapids" + +intel_800_matrix: "dpdk22.03" # User management. users: @@ -10,25 +19,27 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" nomad_node_role: "client" -nomad_node_class: "builder" +nomad_node_class: "csit" nomad_options: driver.raw_exec.enable: 1 docker.cleanup.image: false @@ -36,6 +47,11 @@ nomad_options: docker.volumes.enabled: true driver.whitelist: "docker,raw_exec,exec" nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - "10.30.51.23" - "10.30.51.24" @@ -46,23 +62,36 @@ nomad_servers: - "10.30.51.25:4647" # Consul settigs. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - src: "{{ file_consul_ca_pem }}" dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_0_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_0_key_pem }}" + dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "client" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - "10.30.51.23" - "10.30.51.24" - "10.30.51.25" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" -# Docker daemon settings. +# Docker settings. docker_daemon: + default-shm-size: "1073741824" dns: ["172.17.0.1"] dns-opts: [] - dns-search: ["{{ansible_hostname}}"] + dns-search: ["{{ ansible_hostname }}"] + host: ["172.17.0.1:/var/run/docker.sock"] diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.16.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.31.yaml index 90a7f1b2ee..1c80c5d4a6 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.16.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.31.yaml @@ -1,8 +1,17 @@ --- -# file: host_vars/10.30.51.16.yaml +# file: host_vars/10.30.51.31.yaml -hostname: "s16-nomad" -inventory_cimc_hostname: "10.30.50.16" +hostname: "s31-t16-sut1" +grub: + hugepagesz: "2M" + hugepages: 32768 + iommu: "on" + vfio.enable_unsafe_noiommu_mode: 1 +inventory_ipmi_hostname: "10.30.50.31" +vfs_data_file: "csit-initialize-vfs-spr.sh" +cpu_microarchitecture: "sapphirerapids" + +intel_800_matrix: "dpdk22.03" # User management. users: @@ -10,25 +19,27 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" nomad_node_role: "client" -nomad_node_class: "builder" +nomad_node_class: "csit" nomad_options: driver.raw_exec.enable: 1 docker.cleanup.image: false @@ -36,6 +47,11 @@ nomad_options: docker.volumes.enabled: true driver.whitelist: "docker,raw_exec,exec" nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - "10.30.51.23" - "10.30.51.24" @@ -46,22 +62,36 @@ nomad_servers: - "10.30.51.25:4647" # Consul settigs. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - src: "{{ file_consul_ca_pem }}" dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_0_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_0_key_pem }}" + dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "client" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - "10.30.51.23" - "10.30.51.24" - "10.30.51.25" consul_service_mgr: "systemd" -# Docker daemon settings. +# Vault settings. +vault_version: "1.13.1" + +# Docker settings. docker_daemon: + default-shm-size: "1073741824" dns: ["172.17.0.1"] dns-opts: [] - dns-search: ["{{ansible_hostname}}"] + dns-search: ["{{ ansible_hostname }}"] + host: ["172.17.0.1:/var/run/docker.sock"] diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.32.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.32.yaml new file mode 100644 index 0000000000..f7d9c092e5 --- /dev/null +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.32.yaml @@ -0,0 +1,38 @@ +--- +# file: host_vars/10.30.51.32.yaml + +hostname: "s32-t31-sut1" +grub: + audit: "0" + default_hugepagesz: "2M hugepagesz=1G hugepages=16 hugepagesz=2M hugepages=8192" + hpet: "disable" + intel_idle.max_cstate: "1" + intel_iommu: "on" + intel_pstate: "disable" + iommu: "pt" + isolcpus: "1-19,21-39" + mce: "off" + nmi_watchdog: "0" + nohz_full: "1-19,21-39" + nosoftlockup: true + numa_balancing: "disable" + processor.max_cstate: "1" + rcu_nocbs: "1-19,21-39" + tsc: "reliable" +sysctl: + kernel: + watchdog_cpumask: "0,20" + vm: + nr_hugepages: 8192 + max_map_count: 20000 + +inventory_ipmi_hostname: "10.30.50.32" +cpu_microarchitecture: "icelake" + +intel_800_matrix: "dpdk23.11" +intel_qat_matrix: true + +kernel_version_by_distro: + ubuntu: + jammy: + - "5.15.0-72"
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.33.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.33.yaml new file mode 100644 index 0000000000..c91d5e8d35 --- /dev/null +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.33.yaml @@ -0,0 +1,38 @@ +--- +# file: host_vars/10.30.51.33.yaml + +hostname: "s33-t31-sut2" +grub: + audit: "0" + default_hugepagesz: "2M hugepagesz=1G hugepages=16 hugepagesz=2M hugepages=8192" + hpet: "disable" + intel_idle.max_cstate: "1" + intel_iommu: "on" + intel_pstate: "disable" + iommu: "pt" + isolcpus: "1-19,21-39" + mce: "off" + nmi_watchdog: "0" + nohz_full: "1-19,21-39" + nosoftlockup: true + numa_balancing: "disable" + processor.max_cstate: "1" + rcu_nocbs: "1-19,21-39" + tsc: "reliable" +sysctl: + kernel: + watchdog_cpumask: "0,20" + vm: + nr_hugepages: 8192 + max_map_count: 20000 + +inventory_ipmi_hostname: "10.30.50.33" +cpu_microarchitecture: "icelake" + +intel_800_matrix: "dpdk23.11" +intel_qat_matrix: true + +kernel_version_by_distro: + ubuntu: + jammy: + - "5.15.0-72"
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.34.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.34.yaml new file mode 100644 index 0000000000..0c26db6084 --- /dev/null +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.34.yaml @@ -0,0 +1,38 @@ +--- +# file: host_vars/10.30.51.34.yaml + +hostname: "s34-t32-sut1" +grub: + audit: "0" + default_hugepagesz: "2M hugepagesz=1G hugepages=16 hugepagesz=2M hugepages=8192" + hpet: "disable" + intel_idle.max_cstate: "1" + intel_iommu: "on" + intel_pstate: "disable" + iommu: "pt" + isolcpus: "1-19,21-39" + mce: "off" + nmi_watchdog: "0" + nohz_full: "1-19,21-39" + nosoftlockup: true + numa_balancing: "disable" + processor.max_cstate: "1" + rcu_nocbs: "1-19,21-39" + tsc: "reliable" +sysctl: + kernel: + watchdog_cpumask: "0,20" + vm: + nr_hugepages: 8192 + max_map_count: 20000 + +inventory_ipmi_hostname: "10.30.50.34" +cpu_microarchitecture: "icelake" + +intel_800_matrix: "dpdk23.11" +intel_qat_matrix: true + +kernel_version_by_distro: + ubuntu: + jammy: + - "5.15.0-72"
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.35.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.35.yaml new file mode 100644 index 0000000000..d60b46c52a --- /dev/null +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.35.yaml @@ -0,0 +1,38 @@ +--- +# file: host_vars/10.30.51.35.yaml + +hostname: "s35-t32-sut2" +grub: + audit: "0" + default_hugepagesz: "2M hugepagesz=1G hugepages=16 hugepagesz=2M hugepages=8192" + hpet: "disable" + intel_idle.max_cstate: "1" + intel_iommu: "on" + intel_pstate: "disable" + iommu: "pt" + isolcpus: "1-19,21-39" + mce: "off" + nmi_watchdog: "0" + nohz_full: "1-19,21-39" + nosoftlockup: true + numa_balancing: "disable" + processor.max_cstate: "1" + rcu_nocbs: "1-19,21-39" + tsc: "reliable" +sysctl: + kernel: + watchdog_cpumask: "0,20" + vm: + nr_hugepages: 8192 + max_map_count: 20000 + +inventory_ipmi_hostname: "10.30.50.35" +cpu_microarchitecture: "icelake" + +intel_800_matrix: "dpdk23.11" +intel_qat_matrix: true + +kernel_version_by_distro: + ubuntu: + jammy: + - "5.15.0-72"
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.36.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.36.yaml index c11c421769..1db367bd67 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.36.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.36.yaml @@ -6,6 +6,7 @@ grub: audit: "0" default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" iommu.passthrough: "1" + vfio.enable_unsafe_noiommu_mode: 1 isolcpus: "1-10,17-26,33-42,49-58" nmi_watchdog: "0" nohz_full: "1-10,17-26,33-42,49-58" @@ -20,6 +21,3 @@ sysctl: inventory_ipmi_hostname: "10.30.50.36" cpu_microarchitecture: "taishan" - -intel_700_matrix: "dpdk22.03" - diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.37.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.37.yaml index ab3176ef78..7d3188251a 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.37.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.37.yaml @@ -6,6 +6,7 @@ grub: audit: "0" default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" iommu.passthrough: "1" + vfio.enable_unsafe_noiommu_mode: 1 isolcpus: "1-10,17-26,33-42,49-58" nmi_watchdog: "0" nohz_full: "1-10,17-26,33-42,49-58" @@ -20,6 +21,3 @@ sysctl: inventory_ipmi_hostname: "10.30.50.37" cpu_microarchitecture: "taishan" - -intel_700_matrix: "dpdk22.03" - diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.38.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.38.yaml index 8d84fbdd0d..8b95603594 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.38.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.38.yaml @@ -11,9 +11,10 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.44.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.44.yaml deleted file mode 100644 index e1f4ebbe3f..0000000000 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.44.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# file: host_vars/10.30.51.44.yaml - -hostname: "s3-t21-sut1" -grub: - audit: "0" - default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" - hpet: "disable" - intel_idle.max_cstate: "1" - intel_iommu: "on" - intel_pstate: "disable" - iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" - mce: "off" - nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" - nosoftlockup: true - numa_balancing: "disable" - processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" - tsc: "reliable" -sysctl: - kernel: - watchdog_cpumask: "0,28,56,84" - vm: - nr_hugepages: 32768 - max_map_count: 20000 - -inventory_ipmi_hostname: "10.30.50.41" -cpu_microarchitecture: "skylake" - -intel_700_matrix: "dpdk22.03" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.45.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.45.yaml deleted file mode 100644 index a38f7f0845..0000000000 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.45.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# file: host_vars/10.30.51.45.yaml - -hostname: "s4-t21-tg1" -grub: - audit: "0" - default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=8192" - hpet: "disable" - intel_idle.max_cstate: "1" - intel_iommu: "on" - intel_pstate: "disable" - iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" - mce: "off" - nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" - nosoftlockup: true - numa_balancing: "disable" - processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" - tsc: "reliable" -sysctl: - kernel: - watchdog_cpumask: "0,28,56,84" - vm: - nr_hugepages: 8192 - max_map_count: 20000 - -inventory_ipmi_hostname: "10.30.50.42" -cpu_microarchitecture: "skylake" - -intel_700_matrix: "dpdk21.02" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.46.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.46.yaml deleted file mode 100644 index 55d38a2fd5..0000000000 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.46.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# file: host_vars/10.30.51.46.yaml - -hostname: "s11-t31-sut1" -grub: - audit: "0" - default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" - hpet: "disable" - intel_idle.max_cstate: "1" - intel_iommu: "on" - intel_pstate: "disable" - iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" - mce: "off" - nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" - nosoftlockup: true - numa_balancing: "disable" - processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" - tsc: "reliable" -sysctl: - kernel: - watchdog_cpumask: "0,28,56,84" - vm: - nr_hugepages: 32768 - max_map_count: 20000 - -inventory_ipmi_hostname: "10.30.50.43" -cpu_microarchitecture: "skylake" - -intel_700_matrix: "dpdk22.03" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.47.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.47.yaml deleted file mode 100644 index 718201b151..0000000000 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.47.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# file: host_vars/10.30.51.47.yaml - -hostname: "s12-t31-sut2" -grub: - audit: "0" - default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" - hpet: "disable" - intel_idle.max_cstate: "1" - intel_iommu: "on" - intel_pstate: "disable" - iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" - mce: "off" - nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" - nosoftlockup: true - numa_balancing: "disable" - processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" - tsc: "reliable" -sysctl: - kernel: - watchdog_cpumask: "0,28,56,84" - vm: - nr_hugepages: 32768 - max_map_count: 20000 - -inventory_ipmi_hostname: "10.30.50.44" -cpu_microarchitecture: "skylake" - -intel_700_matrix: "dpdk22.03" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.48.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.48.yaml deleted file mode 100644 index caa0f54b16..0000000000 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.48.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# file: host_vars/10.30.51.48.yaml - -hostname: "s13-t31-tg1" -grub: - audit: "0" - default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=8192" - hpet: "disable" - intel_idle.max_cstate: "1" - intel_iommu: "on" - intel_pstate: "disable" - iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" - mce: "off" - nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" - nosoftlockup: true - numa_balancing: "disable" - processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" - tsc: "reliable" -sysctl: - kernel: - watchdog_cpumask: "0,28,56,84" - vm: - nr_hugepages: 8192 - max_map_count: 20000 - -inventory_ipmi_hostname: "10.30.50.45" -cpu_microarchitecture: "skylake" - -intel_700_matrix: "dpdk21.02" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.49.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.49.yaml index 85184b5540..3b9b63dfd0 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.49.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.49.yaml @@ -30,4 +30,4 @@ inventory_ipmi_hostname: "10.30.50.46" cpu_microarchitecture: "skylake" docker_tg: true -intel_700_matrix: "dpdk21.02" +intel_700_matrix: "dpdk22.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.50.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.50.yaml index 7115292b1a..117c6d2c31 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.50.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.50.yaml @@ -18,21 +18,23 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" nomad_node_role: "client" @@ -44,30 +46,47 @@ nomad_options: docker.volumes.enabled: true driver.whitelist: "docker,raw_exec,exec" nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - - "10.32.8.15" - - "10.32.8.16" - - "10.32.8.17" + - "10.30.51.23" + - "10.30.51.24" + - "10.30.51.25" nomad_servers: - - "10.32.8.15:4647" - - "10.32.8.16:4647" - - "10.32.8.17:4647" + - "10.30.51.23:4647" + - "10.30.51.24:4647" + - "10.30.51.25:4647" # Consul settigs. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - - src: "{{ file_consul_ca_pem }}" + - src: "{{ file_consul_agent_ca_pem }}" dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_0_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_0_key_pem }}" + dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "client" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - - "10.32.8.15" - - "10.32.8.16" - - "10.32.8.17" + - "10.30.51.23" + - "10.30.51.24" + - "10.30.51.25" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" + # Docker settings. docker_daemon: default-shm-size: "1073741824" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.51.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.51.yaml index a21eb85dcd..875b759675 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.51.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.51.yaml @@ -18,21 +18,23 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" nomad_node_role: "client" @@ -44,30 +46,47 @@ nomad_options: docker.volumes.enabled: true driver.whitelist: "docker,raw_exec,exec" nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - - "10.32.8.15" - - "10.32.8.16" - - "10.32.8.17" + - "10.30.51.23" + - "10.30.51.24" + - "10.30.51.25" nomad_servers: - - "10.32.8.15:4647" - - "10.32.8.16:4647" - - "10.32.8.17:4647" + - "10.30.51.23:4647" + - "10.30.51.24:4647" + - "10.30.51.25:4647" # Consul settigs. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - - src: "{{ file_consul_ca_pem }}" + - src: "{{ file_consul_agent_ca_pem }}" dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_0_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_0_key_pem }}" + dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "client" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - - "10.32.8.15" - - "10.32.8.16" - - "10.32.8.17" + - "10.30.51.23" + - "10.30.51.24" + - "10.30.51.25" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" + # Docker settings. docker_daemon: default-shm-size: "1073741824" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.52.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.52.yaml index 2b1eeff967..8e8d3d39c2 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.52.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.52.yaml @@ -1,32 +1,74 @@ --- # file: host_vars/10.30.51.52.yaml -hostname: "s5-t22-sut1" +hostname: "s52-t21-sut1" grub: audit: "0" default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" hpet: "disable" intel_idle.max_cstate: "1" - intel_iommu: "on" + intel_iommu: "on,sm_on" intel_pstate: "disable" iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" + isolcpus: "1-31,33-63,65-95,97-127" mce: "off" nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" + nohz_full: "1-31,33-63,65-95,97-127" nosoftlockup: true numa_balancing: "disable" processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" + rcu_nocbs: "1-31,33-63,65-95,97-127" tsc: "reliable" sysctl: kernel: - watchdog_cpumask: "0,28,56,84" + watchdog_cpumask: "0,32,64,96" vm: nr_hugepages: 32768 max_map_count: 20000 -inventory_ipmi_hostname: "10.30.50.49" -cpu_microarchitecture: "skylake" +inventory_ipmi_hostname: "10.30.50.52" +cpu_microarchitecture: "sapphirerapids" -intel_700_matrix: "dpdk22.03" +mellanox_matrix: "dpdk23.11" +intel_dsa_matrix: true +intel_qat_matrix: true + +kernel_version_by_distro: + ubuntu: + jammy: + - "5.15.0-72" + +docker_sut: true +docker_volumes: + - source: "/usr/bin/ofed_info" + target: "/usr/bin/ofed_info" + - source: "/dev/hugepages" + target: "/dev/hugepages" + - source: "/dev/vfio" + target: "/dev/vfio" + - source: "/etc/sudoers" + target: "/etc/sudoers" + - source: "/dev/null" + target: "/etc/sysctl.d/80-vpp.conf" + - source: "/opt/boot/" + target: "/opt/boot/" + - source: "/usr/bin/iperf3" + target: "/usr/bin/iperf3" + - source: "/usr/lib/x86_64-linux-gnu/libiperf.so.0" + target: "/usr/lib/x86_64-linux-gnu/libiperf.so.0" + - source: "/usr/lib/x86_64-linux-gnu/libiperf.so.0.0.0" + target: "/usr/lib/x86_64-linux-gnu/libiperf.so.0.0.0" + - source: "/var/run/docker.sock" + target: "/var/run/docker.sock" + - source: "/usr/lib/firmware/" + target: "/usr/lib/firmware/" + - source: "/usr/local/bin/adf_ctl" + target: "/usr/local/bin/adf_ctl" + - source: "/etc/4xxx_dev0.conf" + target: "/etc/4xxx_dev0.conf" + - source: "/etc/4xxx_dev1.conf" + target: "/etc/4xxx_dev1.conf" + - source: "/etc/4xxx_dev2.conf" + target: "/etc/4xxx_dev2.conf" + - source: "/etc/4xxx_dev3.conf" + target: "/etc/4xxx_dev3.conf"
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.53.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.53.yaml index 5806993388..ce07968323 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.53.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.53.yaml @@ -1,32 +1,65 @@ --- # file: host_vars/10.30.51.53.yaml -hostname: "s6-t22-tg1" +hostname: "s53-t21-tg1" grub: audit: "0" - default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=8192" + default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" hpet: "disable" intel_idle.max_cstate: "1" - intel_iommu: "on" + intel_iommu: "on,sm_on" intel_pstate: "disable" iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" + isolcpus: "1-31,33-63,65-95,97-127" mce: "off" nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" + nohz_full: "1-31,33-63,65-95,97-127" nosoftlockup: true numa_balancing: "disable" processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" + rcu_nocbs: "1-31,33-63,65-95,97-127" tsc: "reliable" sysctl: kernel: - watchdog_cpumask: "0,28,56,84" + watchdog_cpumask: "0,32,64,96" vm: - nr_hugepages: 8192 + nr_hugepages: 32768 max_map_count: 20000 -inventory_ipmi_hostname: "10.30.50.50" -cpu_microarchitecture: "skylake" +inventory_ipmi_hostname: "10.30.50.53" +cpu_microarchitecture: "sapphirerapids" -intel_700_matrix: "dpdk21.02" +mellanox_matrix: "dpdk23.07" +intel_dsa_matrix: true +intel_qat_matrix: true + +docker_tg: true +docker_volumes: + - source: "/usr/bin/ofed_info" + target: "/usr/bin/ofed_info" + - source: "/dev/hugepages" + target: "/dev/hugepages" + - source: "/dev/vfio" + target: "/dev/vfio" + - source: "/etc/sudoers" + target: "/etc/sudoers" + - source: "/opt/" + target: "/opt/" + - source: "/usr/bin/iperf3" + target: "/usr/bin/iperf3" + - source: "/usr/lib/x86_64-linux-gnu/libiperf.so.0" + target: "/usr/lib/x86_64-linux-gnu/libiperf.so.0" + - source: "/usr/lib/x86_64-linux-gnu/libiperf.so.0.0.0" + target: "/usr/lib/x86_64-linux-gnu/libiperf.so.0.0.0" + - source: "/usr/lib/firmware/" + target: "/usr/lib/firmware/" + - source: "/usr/local/bin/adf_ctl" + target: "/usr/local/bin/adf_ctl" + - source: "/etc/4xxx_dev0.conf" + target: "/etc/4xxx_dev0.conf" + - source: "/etc/4xxx_dev1.conf" + target: "/etc/4xxx_dev1.conf" + - source: "/etc/4xxx_dev2.conf" + target: "/etc/4xxx_dev2.conf" + - source: "/etc/4xxx_dev3.conf" + target: "/etc/4xxx_dev3.conf"
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.54.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.54.yaml index 50908d7df8..1fd8edd5dd 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.54.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.54.yaml @@ -1,32 +1,67 @@ --- # file: host_vars/10.30.51.54.yaml -hostname: "s7-t23-sut1" +hostname: "s54-t22-sut1" grub: audit: "0" default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" hpet: "disable" intel_idle.max_cstate: "1" - intel_iommu: "on" + intel_iommu: "on,sm_on" intel_pstate: "disable" iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" + isolcpus: "1-31,33-63,65-95,97-127" mce: "off" nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" + nohz_full: "1-31,33-63,65-95,97-127" nosoftlockup: true numa_balancing: "disable" processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" + rcu_nocbs: "1-31,33-63,65-95,97-127" tsc: "reliable" sysctl: kernel: - watchdog_cpumask: "0,28,56,84" + watchdog_cpumask: "0,32,64,96" vm: nr_hugepages: 32768 max_map_count: 20000 -inventory_ipmi_hostname: "10.30.50.51" -cpu_microarchitecture: "skylake" +inventory_ipmi_hostname: "10.30.50.54" +cpu_microarchitecture: "sapphirerapids" -intel_700_matrix: "dpdk22.03" +intel_800_matrix: "dpdk23.11" +intel_dsa_matrix: true +intel_qat_matrix: true + +docker_sut: true +docker_volumes: + - source: "/dev/hugepages" + target: "/dev/hugepages" + - source: "/dev/vfio" + target: "/dev/vfio" + - source: "/etc/sudoers" + target: "/etc/sudoers" + - source: "/dev/null" + target: "/etc/sysctl.d/80-vpp.conf" + - source: "/opt/boot/" + target: "/opt/boot/" + - source: "/usr/bin/iperf3" + target: "/usr/bin/iperf3" + - source: "/usr/lib/x86_64-linux-gnu/libiperf.so.0" + target: "/usr/lib/x86_64-linux-gnu/libiperf.so.0" + - source: "/usr/lib/x86_64-linux-gnu/libiperf.so.0.0.0" + target: "/usr/lib/x86_64-linux-gnu/libiperf.so.0.0.0" + - source: "/var/run/docker.sock" + target: "/var/run/docker.sock" + - source: "/usr/lib/firmware/" + target: "/usr/lib/firmware/" + - source: "/usr/local/bin/adf_ctl" + target: "/usr/local/bin/adf_ctl" + - source: "/etc/4xxx_dev0.conf" + target: "/etc/4xxx_dev0.conf" + - source: "/etc/4xxx_dev1.conf" + target: "/etc/4xxx_dev1.conf" + - source: "/etc/4xxx_dev2.conf" + target: "/etc/4xxx_dev2.conf" + - source: "/etc/4xxx_dev3.conf" + target: "/etc/4xxx_dev3.conf"
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.55.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.55.yaml index 9404e18ae0..1b9f9a56d3 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.55.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.55.yaml @@ -1,32 +1,63 @@ --- # file: host_vars/10.30.51.55.yaml -hostname: "s8-t23-tg1" +hostname: "s55-t22-tg1" grub: audit: "0" - default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=8192" + default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" hpet: "disable" intel_idle.max_cstate: "1" - intel_iommu: "on" + intel_iommu: "on,sm_on" intel_pstate: "disable" iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" + isolcpus: "1-31,33-63,65-95,97-127" mce: "off" nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" + nohz_full: "1-31,33-63,65-95,97-127" nosoftlockup: true numa_balancing: "disable" processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" + rcu_nocbs: "1-31,33-63,65-95,97-127" tsc: "reliable" sysctl: kernel: - watchdog_cpumask: "0,28,56,84" + watchdog_cpumask: "0,32,64,96" vm: - nr_hugepages: 8192 + nr_hugepages: 32768 max_map_count: 20000 -inventory_ipmi_hostname: "10.30.50.52" -cpu_microarchitecture: "skylake" +inventory_ipmi_hostname: "10.30.50.55" +cpu_microarchitecture: "sapphirerapids" -intel_700_matrix: "dpdk21.02" +intel_800_matrix: "dpdk22.07" +intel_dsa_matrix: true +intel_qat_matrix: true + +docker_tg: true +docker_volumes: + - source: "/dev/hugepages" + target: "/dev/hugepages" + - source: "/dev/vfio" + target: "/dev/vfio" + - source: "/etc/sudoers" + target: "/etc/sudoers" + - source: "/opt/" + target: "/opt/" + - source: "/usr/bin/iperf3" + target: "/usr/bin/iperf3" + - source: "/usr/lib/x86_64-linux-gnu/libiperf.so.0" + target: "/usr/lib/x86_64-linux-gnu/libiperf.so.0" + - source: "/usr/lib/x86_64-linux-gnu/libiperf.so.0.0.0" + target: "/usr/lib/x86_64-linux-gnu/libiperf.so.0.0.0" + - source: "/usr/lib/firmware/" + target: "/usr/lib/firmware/" + - source: "/usr/local/bin/adf_ctl" + target: "/usr/local/bin/adf_ctl" + - source: "/etc/4xxx_dev0.conf" + target: "/etc/4xxx_dev0.conf" + - source: "/etc/4xxx_dev1.conf" + target: "/etc/4xxx_dev1.conf" + - source: "/etc/4xxx_dev2.conf" + target: "/etc/4xxx_dev2.conf" + - source: "/etc/4xxx_dev3.conf" + target: "/etc/4xxx_dev3.conf"
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.56.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.56.yaml new file mode 100644 index 0000000000..e8f5c55393 --- /dev/null +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.56.yaml @@ -0,0 +1,36 @@ +--- +# file: host_vars/10.30.51.56.yaml + +hostname: "s56-t23-sut1" +grub: + audit: "0" + default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" + hpet: "disable" + intel_idle.max_cstate: "1" + intel_iommu: "on,sm_on" + intel_pstate: "disable" + iommu: "pt" + isolcpus: "1-31,33-63,65-95,97-127" + mce: "off" + nmi_watchdog: "0" + nohz_full: "1-31,33-63,65-95,97-127" + nosoftlockup: true + numa_balancing: "disable" + processor.max_cstate: "1" + rcu_nocbs: "1-31,33-63,65-95,97-127" + tsc: "reliable" +sysctl: + kernel: + watchdog_cpumask: "0,32,64,96" + vm: + nr_hugepages: 32768 + max_map_count: 20000 + +inventory_ipmi_hostname: "10.30.50.56" +cpu_microarchitecture: "sapphirerapids" +docker_sut: true + +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" +intel_dsa_matrix: true +intel_qat_matrix: true
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.57.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.57.yaml new file mode 100644 index 0000000000..03817cdef9 --- /dev/null +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.57.yaml @@ -0,0 +1,36 @@ +--- +# file: host_vars/10.30.51.57.yaml + +hostname: "s57-t23-tg1" +grub: + audit: "0" + default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" + hpet: "disable" + intel_idle.max_cstate: "1" + intel_iommu: "on,sm_on" + intel_pstate: "disable" + iommu: "pt" + isolcpus: "1-31,33-63,65-95,97-127" + mce: "off" + nmi_watchdog: "0" + nohz_full: "1-31,33-63,65-95,97-127" + nosoftlockup: true + numa_balancing: "disable" + processor.max_cstate: "1" + rcu_nocbs: "1-31,33-63,65-95,97-127" + tsc: "reliable" +sysctl: + kernel: + watchdog_cpumask: "0,32,64,96" + vm: + nr_hugepages: 32768 + max_map_count: 20000 + +inventory_ipmi_hostname: "10.30.50.57" +cpu_microarchitecture: "sapphirerapids" +docker_tg: true + +intel_800_matrix: "dpdk22.07" +mellanox_matrix: "dpdk23.07" +intel_dsa_matrix: true +intel_qat_matrix: true
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.58.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.58.yaml index a100bcca8a..ecfced1823 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.58.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.58.yaml @@ -1,32 +1,36 @@ --- # file: host_vars/10.30.51.58.yaml -hostname: "s14-t32-sut1" +hostname: "s58-t24-sut1" grub: audit: "0" default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" hpet: "disable" intel_idle.max_cstate: "1" - intel_iommu: "on" + intel_iommu: "on,sm_on" intel_pstate: "disable" iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" + isolcpus: "1-31,33-63,65-95,97-127" mce: "off" nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" + nohz_full: "1-31,33-63,65-95,97-127" nosoftlockup: true numa_balancing: "disable" processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" + rcu_nocbs: "1-31,33-63,65-95,97-127" tsc: "reliable" sysctl: kernel: - watchdog_cpumask: "0,28,56,84" + watchdog_cpumask: "0,32,64,96" vm: nr_hugepages: 32768 max_map_count: 20000 -inventory_ipmi_hostname: "10.30.50.55" -cpu_microarchitecture: "skylake" +inventory_ipmi_hostname: "10.30.50.58" +cpu_microarchitecture: "sapphirerapids" +docker_sut: true -intel_700_matrix: "dpdk22.03" +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" +intel_dsa_matrix: true +#intel_qat_matrix: true
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.59.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.59.yaml index be5d0b09ae..5b9cd9b98c 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.59.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.59.yaml @@ -1,32 +1,41 @@ --- # file: host_vars/10.30.51.59.yaml -hostname: "s15-t32-sut2" +hostname: "s59-t24-tg1" grub: audit: "0" default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" hpet: "disable" intel_idle.max_cstate: "1" - intel_iommu: "on" + intel_iommu: "on,sm_on" intel_pstate: "disable" iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" + isolcpus: "1-31,33-63,65-95,97-127" mce: "off" nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" + nohz_full: "1-31,33-63,65-95,97-127" nosoftlockup: true numa_balancing: "disable" processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" + rcu_nocbs: "1-31,33-63,65-95,97-127" tsc: "reliable" sysctl: kernel: - watchdog_cpumask: "0,28,56,84" + watchdog_cpumask: "0,32,64,96" vm: nr_hugepages: 32768 max_map_count: 20000 -inventory_ipmi_hostname: "10.30.50.56" -cpu_microarchitecture: "skylake" +inventory_ipmi_hostname: "10.30.50.59" +cpu_microarchitecture: "sapphirerapids" +docker_tg: true -intel_700_matrix: "dpdk22.03" +intel_800_matrix: "dpdk22.07" +mellanox_matrix: "dpdk23.07" +intel_dsa_matrix: true +#intel_qat_matrix: true + +kernel_version_by_distro: + ubuntu: + jammy: + - "5.15.0-72"
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.60.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.60.yaml deleted file mode 100644 index d340e39102..0000000000 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.60.yaml +++ /dev/null @@ -1,32 +0,0 @@ ---- -# file: host_vars/10.30.51.60.yaml - -hostname: "s16-t32-tg1" -grub: - audit: "0" - default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=8192" - hpet: "disable" - intel_idle.max_cstate: "1" - intel_iommu: "on" - intel_pstate: "disable" - iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" - mce: "off" - nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" - nosoftlockup: true - numa_balancing: "disable" - processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" - tsc: "reliable" -sysctl: - kernel: - watchdog_cpumask: "0,28,56,84" - vm: - nr_hugepages: 8192 - max_map_count: 20000 - -inventory_ipmi_hostname: "10.30.50.57" -cpu_microarchitecture: "skylake" - -intel_700_matrix: "dpdk21.02" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.69.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.69.yaml index 07eb7be548..3b5bb0be8a 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.69.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.69.yaml @@ -28,13 +28,15 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" - username: testuser groups: [adm, sudo] password: "$6$zpBUdQ4q$P2zKclumvCndWujgP/qQ8eMk3YZk7ESAom04Fqp26hJH2jWkMXEX..jqxzMdDLJKiDaDHIaSkQMVjHzd3cRLs1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" -intel_700_matrix: "dpdk22.03" +intel_700_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml index 66df09b8bf..2337277144 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml @@ -1,14 +1,16 @@ --- # file: host_vars/10.30.51.70.yaml -hostname: "s55-t13-sut1" -inventory_ipmi_hostname: "10.30.50.70" -vfs_data_file: "csit-initialize-vfs-tx2.sh" +hostname: "s70-t13-sut1" grub: hugepagesz: "2M" hugepages: 32768 iommu.passthrough: "1" -cpu_microarchitecture: "thunderx2" +inventory_ipmi_hostname: "10.30.50.70" +vfs_data_file: "csit-initialize-vfs-alt.sh" +cpu_microarchitecture: "altra" + +intel_700_matrix: "dpdk22.07" # User management. users: @@ -16,23 +18,25 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJIAgAKD47mDur3n5jeHXzId2uUFHKa5kBiF649YQsdBKeQyfMVysvN9immKSTvwo4BUlwqeKQq5aIWWpjKMJU2/WXe4WU1YVyKLYCAlbkYJ3WuIBKQ/fm2wb8M4oXtgkYb+wEr5RkP48WqtIo3Cm/L+1j6k5jiu5E1hKBmdaY1er5OG9nCpOHfN3e+VkWwIjqdHFphB9NIMu2X+1iKDwOq4+sIX6POweVvcGFZJ8djB4RRtnkuH5W89x7k8IM4e2w0SK/5yKfxNfN3CzWSQ1dsqpQFPbry7z8Oy+56mlRs15bv5TU9IJ78aDpp/FbSZPfVfmTfwFLUBIHMtEjLUGBrGPQN8p32ap+6a9st5Qfh7rVhIGyB/4npLmar9Nw0lJNX9nmKiD119bkwyuWZjk4s2ELvCAw9RBJCHP8AxXnLgieqkBebn00zoGL/gdQTxXKDJGe3SEbOk56AkkIynB6I7prERvnbIhGI/ObwrNKtfKliiIKq3iWTdBP6BfCgAOqgD6320G2VdZyXyh3oXyM2AlFXzuA8zc8wpZraUCX9J/iMoxhELcL0gpDFO4HUKxTt+uU45uNNK0DkXw3GDF/lr+oYvzJ45jX0qMExF6EHaKfplZxW0Nt9rPT8pKi9BC8dzdSHXuunA1PshvEfc7mLMtz0QdOXOvomtM2Jv84lw== jieqiang.wang@arm.com" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPsm7Ny+8QYyJ5JEECF0sntRbsF3jRqdSItPTgcbBEFwfNBVd0ulmmkwPUVrcJRMfGuzp3vA3Ss/BgutfvNo3WD5G+WECnOWXiTzroM34oZQ6awoZujxlQsNGBRsiGTPNay6oFoS2hIaW5OB/QHZwZH8HVYcc53oyM0uC72ItnCg5cvSS5v1XaoQby0pUsu2v5uSOm35XV/N2ishcF3sxfCjTMZEODCwYdcb1xOflzIWlIk7ZSDNzOlpmG/jZNDfc7V2GHvGz7WnBFkjkcVH86SEVcQmsc7yyQD1UUG/EZ5AA75vbH4vFye4cISTWpBZik5CbkElxvX9XrfFxtYEM/ tianyu.li@arm.com" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" nomad_node_role: "client" @@ -44,34 +48,51 @@ nomad_options: docker.volumes.enabled: true driver.whitelist: "docker,raw_exec,exec" nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - - "10.32.8.15" - - "10.32.8.16" - - "10.32.8.17" + - "10.30.51.23" + - "10.30.51.24" + - "10.30.51.25" nomad_servers: - - "10.32.8.15:4647" - - "10.32.8.16:4647" - - "10.32.8.17:4647" -nomad_cpu_total_compute: "40000" + - "10.30.51.23:4647" + - "10.30.51.24:4647" + - "10.30.51.25:4647" # Consul settigs. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - src: "{{ file_consul_ca_pem }}" dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_0_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_0_key_pem }}" + dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "client" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - - "10.32.8.15" - - "10.32.8.16" - - "10.32.8.17" + - "10.30.51.23" + - "10.30.51.24" + - "10.30.51.25" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" + # Docker settings. docker_daemon: - dns: ["172.17.0.1"] - dns-opts: [] - dns-search: ["{{ansible_hostname}}"] - storage-driver: "overlay2" + default-shm-size: "1073741824" +# dns: ["172.17.0.1"] +# dns-opts: [] +# dns-search: ["{{ansible_hostname}}"] +# host: ["172.17.0.1:/var/run/docker.sock"] diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml index 9642b69efb..1d414b32c7 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml @@ -1,14 +1,16 @@ --- # file: host_vars/10.30.51.71.yaml -hostname: "s56-t14-sut1" -inventory_ipmi_hostname: "10.30.50.71" -vfs_data_file: "csit-initialize-vfs-tx2.sh" +hostname: "s71-t14-sut1" grub: hugepagesz: "2M" hugepages: 32768 iommu.passthrough: "1" -cpu_microarchitecture: "thunderx2" +inventory_ipmi_hostname: "10.30.50.71" +vfs_data_file: "csit-initialize-vfs-alt.sh" +cpu_microarchitecture: "altra" + +intel_700_matrix: "dpdk22.07" # User management. users: @@ -16,23 +18,25 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJIAgAKD47mDur3n5jeHXzId2uUFHKa5kBiF649YQsdBKeQyfMVysvN9immKSTvwo4BUlwqeKQq5aIWWpjKMJU2/WXe4WU1YVyKLYCAlbkYJ3WuIBKQ/fm2wb8M4oXtgkYb+wEr5RkP48WqtIo3Cm/L+1j6k5jiu5E1hKBmdaY1er5OG9nCpOHfN3e+VkWwIjqdHFphB9NIMu2X+1iKDwOq4+sIX6POweVvcGFZJ8djB4RRtnkuH5W89x7k8IM4e2w0SK/5yKfxNfN3CzWSQ1dsqpQFPbry7z8Oy+56mlRs15bv5TU9IJ78aDpp/FbSZPfVfmTfwFLUBIHMtEjLUGBrGPQN8p32ap+6a9st5Qfh7rVhIGyB/4npLmar9Nw0lJNX9nmKiD119bkwyuWZjk4s2ELvCAw9RBJCHP8AxXnLgieqkBebn00zoGL/gdQTxXKDJGe3SEbOk56AkkIynB6I7prERvnbIhGI/ObwrNKtfKliiIKq3iWTdBP6BfCgAOqgD6320G2VdZyXyh3oXyM2AlFXzuA8zc8wpZraUCX9J/iMoxhELcL0gpDFO4HUKxTt+uU45uNNK0DkXw3GDF/lr+oYvzJ45jX0qMExF6EHaKfplZxW0Nt9rPT8pKi9BC8dzdSHXuunA1PshvEfc7mLMtz0QdOXOvomtM2Jv84lw== jieqiang.wang@arm.com" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPsm7Ny+8QYyJ5JEECF0sntRbsF3jRqdSItPTgcbBEFwfNBVd0ulmmkwPUVrcJRMfGuzp3vA3Ss/BgutfvNo3WD5G+WECnOWXiTzroM34oZQ6awoZujxlQsNGBRsiGTPNay6oFoS2hIaW5OB/QHZwZH8HVYcc53oyM0uC72ItnCg5cvSS5v1XaoQby0pUsu2v5uSOm35XV/N2ishcF3sxfCjTMZEODCwYdcb1xOflzIWlIk7ZSDNzOlpmG/jZNDfc7V2GHvGz7WnBFkjkcVH86SEVcQmsc7yyQD1UUG/EZ5AA75vbH4vFye4cISTWpBZik5CbkElxvX9XrfFxtYEM/ tianyu.li@arm.com" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" nomad_node_role: "client" @@ -44,34 +48,51 @@ nomad_options: docker.volumes.enabled: true driver.whitelist: "docker,raw_exec,exec" nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - - "10.32.8.15" - - "10.32.8.16" - - "10.32.8.17" + - "10.30.51.23" + - "10.30.51.24" + - "10.30.51.25" nomad_servers: - - "10.32.8.15:4647" - - "10.32.8.16:4647" - - "10.32.8.17:4647" -nomad_cpu_total_compute: "40000" + - "10.30.51.23:4647" + - "10.30.51.24:4647" + - "10.30.51.25:4647" # Consul settigs. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - src: "{{ file_consul_ca_pem }}" dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_0_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_0_key_pem }}" + dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "client" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - - "10.32.8.15" - - "10.32.8.16" - - "10.32.8.17" + - "10.30.51.23" + - "10.30.51.24" + - "10.30.51.25" consul_service_mgr: "systemd" +# Vault settings. +vault_version: "1.13.1" + # Docker settings. docker_daemon: - dns: ["172.17.0.1"] - dns-opts: [] - dns-search: ["{{ansible_hostname}}"] - storage-driver: "overlay2" + default-shm-size: "1073741824" +# dns: ["172.17.0.1"] +# dns-opts: [] +# dns-search: ["{{ansible_hostname}}"] +# host: ["172.17.0.1:/var/run/docker.sock"] diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.72.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.72.yaml index a8193343e0..b7c8c26aae 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.72.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.72.yaml @@ -22,4 +22,5 @@ sysctl: inventory_ipmi_hostname: "10.30.50.72" cpu_microarchitecture: "altra" -intel_700_matrix: "dpdk22.03" +intel_700_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.73.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.73.yaml index ebddd86462..0811b038b7 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.73.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.73.yaml @@ -22,4 +22,5 @@ sysctl: inventory_ipmi_hostname: "10.30.50.73" cpu_microarchitecture: "altra" -intel_700_matrix: "dpdk22.03" +intel_700_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.74.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.74.yaml index 40dfa1e6b3..473e4a9a5e 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.74.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.74.yaml @@ -29,5 +29,5 @@ sysctl: inventory_ipmi_hostname: "10.30.50.74" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk21.02" -intel_800_matrix: "dpdk21.02" +intel_700_matrix: "dpdk22.07" +intel_800_matrix: "dpdk22.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.75.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.75.yaml index ed651e973d..a96f087643 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.75.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.75.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.75" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" +intel_700_matrix: "dpdk23.11" +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.76.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.76.yaml index 6d9f0f4940..c1ddcf5a58 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.76.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.76.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.76" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" +intel_700_matrix: "dpdk23.11" +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.77.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.77.yaml index 1f98f1c8aa..e447ed2c81 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.77.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.77.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.77" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk21.02" -intel_800_matrix: "dpdk21.02" +intel_700_matrix: "dpdk22.07" +intel_800_matrix: "dpdk22.07" +mellanox_matrix: "dpdk23.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.78.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.78.yaml index 71d4245580..88f36b3880 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.78.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.78.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.78" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" +intel_700_matrix: "dpdk23.11" +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.79.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.79.yaml index d57803d525..37d6a18b2c 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.79.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.79.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.79" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" +intel_700_matrix: "dpdk23.11" +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.80.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.80.yaml index b1a5404498..dcb87d1a7c 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.80.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.80.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.80" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk21.02" -intel_800_matrix: "dpdk21.02" +intel_700_matrix: "dpdk22.07" +intel_800_matrix: "dpdk22.07" +mellanox_matrix: "dpdk23.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.81.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.81.yaml index f70c121bc3..e984947235 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.81.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.81.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.81" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk21.02" -intel_800_matrix: "dpdk21.02" +intel_700_matrix: "dpdk23.11" +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.82.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.82.yaml index 828189d45d..5e6160e3ec 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.82.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.82.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.82" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" +intel_700_matrix: "dpdk22.07" +intel_800_matrix: "dpdk22.07" +mellanox_matrix: "dpdk23.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.83.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.83.yaml index a1c5a81233..ac936cd89d 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.83.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.83.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.83" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk21.02" -intel_800_matrix: "dpdk21.02" +intel_700_matrix: "dpdk23.11" +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.84.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.84.yaml index c9e998b8fa..05877b59e9 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.84.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.84.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.84" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" +intel_700_matrix: "dpdk22.07" +intel_800_matrix: "dpdk22.07" +mellanox_matrix: "dpdk23.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.85.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.85.yaml index 31373e558c..0d61c87e4f 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.85.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.85.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.85" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk21.02" -intel_800_matrix: "dpdk21.02" +intel_700_matrix: "dpdk23.11" +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.86.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.86.yaml index 24f0f517af..f40b86bd6b 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.86.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.86.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.86" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" +intel_700_matrix: "dpdk22.07" +intel_800_matrix: "dpdk22.07" +mellanox_matrix: "dpdk23.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.87.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.87.yaml index a00eab9c26..2c767d6795 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.87.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.87.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.87" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk21.02" -intel_800_matrix: "dpdk21.02" +intel_700_matrix: "dpdk23.11" +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.88.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.88.yaml index 3ab76b6952..313c316752 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.88.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.88.yaml @@ -29,5 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.50.88" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" +intel_700_matrix: "dpdk22.07" +intel_800_matrix: "dpdk22.07" +mellanox_matrix: "dpdk23.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.89.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.89.yaml index ba44916ab0..7ab0d8ab68 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.89.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.89.yaml @@ -29,5 +29,5 @@ sysctl: inventory_ipmi_hostname: "10.30.50.89" cpu_microarchitecture: "icelake" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" +intel_700_matrix: "dpdk22.07" +intel_800_matrix: "dpdk22.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.90.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.90.yaml new file mode 100644 index 0000000000..dfc36904f8 --- /dev/null +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.90.yaml @@ -0,0 +1,38 @@ +--- +# file: host_vars/10.30.51.90.yaml + +hostname: "s90-t31t32-tg1" +grub: + audit: "0" + default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=32768" + hpet: "disable" + intel_idle.max_cstate: "1" + intel_iommu: "on,sm_on" + intel_pstate: "disable" + iommu: "pt" + isolcpus: "1-31,33-63,65-95,97-127" + mce: "off" + nmi_watchdog: "0" + nohz_full: "1-31,33-63,65-95,97-127" + nosoftlockup: true + numa_balancing: "disable" + processor.max_cstate: "1" + rcu_nocbs: "1-31,33-63,65-95,97-127" + tsc: "reliable" +sysctl: + kernel: + watchdog_cpumask: "0,32,64,96" + vm: + nr_hugepages: 32768 + max_map_count: 20000 + +inventory_ipmi_hostname: "10.30.50.90" +cpu_microarchitecture: "icelake" +docker_tg: true + +intel_800_matrix: "dpdk23.07" + +kernel_version_by_distro: + ubuntu: + jammy: + - "5.15.0-72"
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.91.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.91.yaml index d06284d5a4..53239492ef 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.91.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.91.yaml @@ -11,21 +11,23 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" nomad_node_role: "client" @@ -37,6 +39,11 @@ nomad_options: docker.volumes.enabled: true driver.whitelist: "docker,raw_exec,exec" nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - "10.30.51.23" - "10.30.51.24" @@ -47,14 +54,23 @@ nomad_servers: - "10.30.51.25:4647" # Consul settings. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - - src: "{{ file_consul_ca_pem }}" + - src: "{{ file_consul_agent_ca_pem }}" dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_0_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_0_key_pem }}" + dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "client" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - "10.30.51.23" - "10.30.51.24" @@ -62,6 +78,9 @@ consul_retry_servers: consul_service_mgr: "systemd" #consul_package_version: "1.5.2+dfsg2-14" +# Vault settings. +vault_version: "1.13.1" + # Docker daemon settings. docker_daemon: dns: ["172.17.0.1"] diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.92.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.92.yaml index 705409fb6b..19ec70ce83 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.92.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.92.yaml @@ -11,21 +11,23 @@ users: groups: [adm, sudo] password: "$6$FIsbVDQR$5D0wgufOd2FtnmOiRNsGlgg6Loh.0x3dWSj72DSQnqisSyE9DROfgSgA6s0yxDwz4Jd5SRTXiTKuRYuSQ5POI1" ssh_key: - - "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAgObJFDIMmPwQhhkjAynvlbwpM5yeSewyaE7vTLaFf4uFz4vmsE2hFf6B2xXHUGLVwoVfk91UeK7LOGrdDpoDDHzvPZXj5NmZI+WiWax5y2pQZNkcSZws0ENCeEc4hPwc4veJ1JmhokF4Bsmu14HyFMaFUhM8897jtJwsh+9fLA/no0iPGaQqEtRUQhkV+P4jCEPoY0qdRZAzVw/rY4EGAMhsJe3EJmyj63OfrrkG3+hvSLFo5pDxHQr3pZd/c6ukI7xMef48PosAvGCm3oxzb/Gu9PZIGuHLczY+tCnzCkY7MO7E+IWgjXrUAfYwSWz8XmFmA9LLe26DT5jkcK8hGQ== pmikus@cisco.com" + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM" sshd_disable_password_login: true # Nomad settings. +nomad_version: "1.6.1" nomad_certificates: - src: "{{ file_nomad_ca_pem }}" - dest: "{{ nomad_ca_file }}" + dest: "{{ nomad_tls_ca_file }}" - src: "{{ file_nomad_client_pem }}" - dest: "{{ nomad_cert_file }}" + dest: "{{ nomad_tls_cert_file }}" - src: "{{ file_nomad_client_key_pem }}" - dest: "{{ nomad_key_file }}" + dest: "{{ nomad_tls_key_file }}" nomad_datacenter: "yul1" nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}" nomad_node_role: "client" @@ -37,6 +39,11 @@ nomad_options: docker.volumes.enabled: true driver.whitelist: "docker,raw_exec,exec" nomad_service_mgr: "systemd" +nomad_consul_use_ssl: false +nomad_use_tls: false +nomad_tls_http: false +nomad_tls_rpc: false +nomad_use_vault: false nomad_retry_servers: - "10.30.51.23" - "10.30.51.24" @@ -47,14 +54,23 @@ nomad_servers: - "10.30.51.25:4647" # Consul settings. -consul_nomad_integration: true +nomad_use_consul: true consul_certificates: - - src: "{{ file_consul_ca_pem }}" + - src: "{{ file_consul_agent_ca_pem }}" dest: "{{ consul_ca_file }}" + - src: "{{ file_consul_server_0_pem }}" + dest: "{{ consul_cert_file }}" + - src: "{{ file_consul_server_0_key_pem }}" + dest: "{{ consul_key_file }}" +consul_verify_incoming: false +consul_verify_outgoing: false +consul_vefify_server_hostname: false +consul_allow_tls: false consul_datacenter: "yul1" -consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" -consul_node_name: "{{ hostname }}" consul_node_role: "client" +consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ==" +consul_node_name: "{{ ansible_hostname }}" +consul_retry_join: true consul_retry_servers: - "10.30.51.23" - "10.30.51.24" @@ -62,6 +78,9 @@ consul_retry_servers: consul_service_mgr: "systemd" #consul_package_version: "1.5.2+dfsg2-14" +# Vault settings. +vault_version: "1.13.1" + # Docker daemon settings. docker_daemon: dns: ["172.17.0.1"] diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.93.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.93.yaml index 624945341b..cf4816a5f8 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.93.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.93.yaml @@ -29,5 +29,5 @@ sysctl: inventory_ipmi_hostname: "10.30.50.93" cpu_microarchitecture: "snowridge" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" +intel_800_matrix: "dpdk23.11" +intel_qat_matrix: true
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.94.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.94.yaml index 02bf62e674..d663cda18b 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.94.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.94.yaml @@ -29,5 +29,5 @@ sysctl: inventory_ipmi_hostname: "10.30.50.94" cpu_microarchitecture: "snowridge" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" +intel_800_matrix: "dpdk23.11" +intel_qat_matrix: true
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.10.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.10.yaml deleted file mode 100644 index 49abf934b5..0000000000 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.10.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# file: host_vars/10.32.8.10.yaml - -hostname: "s28-t26t35-tg1" -grub: - audit: "0" - default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=16484" - hpet: "disable" - intel_idle.max_cstate: "1" - intel_iommu: "on" - intel_pstate: "disable" - iommu: "pt" - isolcpus: "1-27,29-55,57-83,85-111" - mce: "off" - nmi_watchdog: "0" - nohz_full: "1-27,29-55,57-83,85-111" - nosoftlockup: true - numa_balancing: "disable" - processor.max_cstate: "1" - rcu_nocbs: "1-27,29-55,57-83,85-111" - tsc: "reliable" -sysctl: - kernel: - watchdog_cpumask: "0,28,56,84" - vm: - nr_hugepages: 16384 - max_map_count: 20000 - -inventory_ipmi_hostname: "10.30.55.10" -cpu_microarchitecture: "skylake" -docker_tg: true - -intel_700_matrix: "dpdk21.02" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.11.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.11.yaml deleted file mode 100644 index e21568d8ca..0000000000 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.11.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# file: host_vars/10.32.8.11.yaml - -hostname: "s29-t26-sut1" -grub: - audit: "0" - default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=8192" - hpet: "disable" - intel_idle.max_cstate: "1" - intel_iommu: "on" - intel_pstate: "disable" - iommu: "pt" - isolcpus: "1-5" - mce: "off" - nmi_watchdog: "0" - nohz_full: "1-5" - nosoftlockup: true - numa_balancing: "disable" - processor.max_cstate: "1" - rcu_nocbs: "1-5" - tsc: "reliable" -sysctl: - kernel: - watchdog_cpumask: "0" - vm: - nr_hugepages: 8192 - max_map_count: 20000 - -inventory_ipmi_hostname: "10.30.55.11" -cpu_microarchitecture: "denverton" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.12.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.12.yaml deleted file mode 100644 index 9c6c0b7571..0000000000 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.12.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# file: host_vars/10.32.8.12.yaml - -hostname: "s30-t35-sut1" -grub: - audit: "0" - default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=8192" - hpet: "disable" - intel_idle.max_cstate: "1" - intel_iommu: "on" - intel_pstate: "disable" - iommu: "pt" - isolcpus: "1-5" - mce: "off" - nmi_watchdog: "0" - nohz_full: "1-5" - nosoftlockup: true - numa_balancing: "disable" - processor.max_cstate: "1" - rcu_nocbs: "1-5" - tsc: "reliable" -sysctl: - kernel: - watchdog_cpumask: "0" - vm: - nr_hugepages: 8192 - max_map_count: 20000 - -inventory_ipmi_hostname: "10.30.55.12" -cpu_microarchitecture: "denverton" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.13.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.13.yaml deleted file mode 100644 index 90554042cc..0000000000 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.13.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# file: host_vars/10.32.8.13.yaml - -hostname: "s31-t35-sut2" -grub: - audit: "0" - default_hugepagesz: "2M hugepagesz=1G hugepages=32 hugepagesz=2M hugepages=8192" - hpet: "disable" - intel_idle.max_cstate: "1" - intel_iommu: "on" - intel_pstate: "disable" - iommu: "pt" - isolcpus: "1-5" - mce: "off" - nmi_watchdog: "0" - nohz_full: "1-5" - nosoftlockup: true - numa_balancing: "disable" - processor.max_cstate: "1" - rcu_nocbs: "1-5" - tsc: "reliable" -sysctl: - kernel: - watchdog_cpumask: "0" - vm: - nr_hugepages: 8192 - max_map_count: 20000 - -inventory_ipmi_hostname: "10.30.55.13" -cpu_microarchitecture: "denverton" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.18.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.18.yaml index 18ba2bfbfb..4423a36f56 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.18.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.18.yaml @@ -29,6 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.55.18" cpu_microarchitecture: "cascadelake" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" -mellanox_cx5_matrix: "dpdk22.03" +intel_700_matrix: "dpdk23.11" +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.19.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.19.yaml index 5ff676eb21..22210ae4bd 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.19.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.19.yaml @@ -29,6 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.55.19" cpu_microarchitecture: "cascadelake" -intel_700_matrix: "dpdk21.02" -intel_800_matrix: "dpdk21.02" -mellanox_cx5_matrix: "dpdk21.02" +intel_700_matrix: "dpdk22.07" +intel_800_matrix: "dpdk22.07" +mellanox_matrix: "dpdk22.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.20.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.20.yaml index 947242ed92..36ba5c15f8 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.20.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.20.yaml @@ -29,6 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.55.20" cpu_microarchitecture: "cascadelake" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" -mellanox_cx5_matrix: "dpdk22.03" +intel_700_matrix: "dpdk23.11" +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.21.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.21.yaml index c4b626897e..61c6f51b06 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.21.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.21.yaml @@ -29,6 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.55.21" cpu_microarchitecture: "cascadelake" -intel_700_matrix: "dpdk21.02" -intel_800_matrix: "dpdk21.02" -mellanox_cx5_matrix: "dpdk21.02" +intel_700_matrix: "dpdk22.07" +intel_800_matrix: "dpdk22.07" +mellanox_matrix: "dpdk22.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.22.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.22.yaml index 5c51159813..ae2947f54a 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.22.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.22.yaml @@ -29,6 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.55.22" cpu_microarchitecture: "cascadelake" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" -mellanox_cx5_matrix: "dpdk22.03" +intel_700_matrix: "dpdk23.11" +intel_800_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11"
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.23.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.23.yaml index cfa84c784e..a3f19b4249 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.23.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.23.yaml @@ -29,6 +29,6 @@ sysctl: inventory_ipmi_hostname: "10.30.55.23" cpu_microarchitecture: "cascadelake" -intel_700_matrix: "dpdk21.02" -intel_800_matrix: "dpdk21.02" -mellanox_cx5_matrix: "dpdk21.02" +intel_700_matrix: "dpdk22.07" +intel_800_matrix: "dpdk22.07" +mellanox_matrix: "dpdk22.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.24.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.24.yaml index c0046ec862..accb8c5dc9 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.24.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.24.yaml @@ -26,6 +26,5 @@ sysctl: inventory_ipmi_hostname: "10.30.55.24" cpu_microarchitecture: "epyc" -intel_700_matrix: "dpdk22.03" -intel_800_matrix: "dpdk22.03" -mellanox_cx5_matrix: "dpdk22.03" +intel_700_matrix: "dpdk23.11" +mellanox_matrix: "dpdk23.11"
\ No newline at end of file diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.25.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.25.yaml index 639e37bb20..629538fa34 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.25.yaml +++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.32.8.25.yaml @@ -26,6 +26,5 @@ sysctl: inventory_ipmi_hostname: "10.30.55.25" cpu_microarchitecture: "epyc" -intel_700_matrix: "dpdk21.02" -intel_800_matrix: "dpdk21.02" -mellanox_cx5_matrix: "dpdk21.02" +intel_700_matrix: "dpdk22.07" +mellanox_matrix: "dpdk22.07" diff --git a/fdio.infra.ansible/inventories/lf_inventory/hosts b/fdio.infra.ansible/inventories/lf_inventory/hosts index 76261d70e3..b7109a1261 100644 --- a/fdio.infra.ansible/inventories/lf_inventory/hosts +++ b/fdio.infra.ansible/inventories/lf_inventory/hosts @@ -2,12 +2,11 @@ all: children: tg: hosts: - 10.30.51.45: #s4-t21-tg1 - skylake - 10.30.51.48: #s13-t31-tg1 - skylake 10.30.51.49: #s19-t33t211-tg1 - skylake - 10.30.51.53: #s6-t22-tg1 - skylake - 10.30.51.55: #s8-t23-tg1 - skylake - 10.30.51.60: #s16-t32-tg1 - skylake + 10.30.51.53: #s53-t21-tg1 - sapphirerapids + 10.30.51.55: #s55-t22-tg1 - sapphirerapids + 10.30.51.57: #s57-t23-tg1 - sapphirerapids + 10.30.51.59: #s59-t24-tg1 - sapphirerapids 10.30.51.74: #s64-t34-tg1 - icelake 10.30.51.77: #s67-t37-tg1 - icelake 10.30.51.80: #s80-t38-tg1 - icelake @@ -16,70 +15,60 @@ all: 10.30.51.86: #s86-t214-tg1 - icelake 10.30.51.88: #s88-t215-tg1 - icelake 10.30.51.89: #s89-t39t310-tg1 - icelake - 10.32.8.10: #s28-t26t35-tg1 - skylake + 10.30.51.90: #s90-t31t32-tg1 - icelake 10.32.8.19: #s34-t27-tg1 - cascadelake 10.32.8.21: #s36-t28-tg1 - cascadelake 10.32.8.23: #s38-t29-tg1 - cascadelake 10.32.8.25: #s61-t210-tg1 - epyc sut: hosts: + 10.30.51.32: #s32-t31-sut1 - icelaked + 10.30.51.33: #s33-t31-sut2 - icelaked + 10.30.51.34: #s34-t32-sut1 - icelaked + 10.30.51.35: #s35-t32-sut2 - icelaked 10.30.51.36: #s17-t33-sut1 - taishan 10.30.51.37: #s18-t33-sut2 - taishan - 10.30.51.44: #s3-t21-sut1 - skylake - 10.30.51.46: #s11-t31-sut1 - skylake - 10.30.51.47: #s12-t31-sut2 - skylake - 10.30.51.52: #s5-t22-sut1 - skylake - 10.30.51.54: #s7-t23-sut1 - skylake - 10.30.51.58: #s14-t32-sut1 - skylake - 10.30.51.59: #s15-t32-sut2 - skylake + 10.30.51.52: #s52-t21-sut1 - sapphirerapids + 10.30.51.54: #s54-t22-sut1 - sapphirerapids + 10.30.51.56: #s56-t23-sut1 - sapphirerapids + 10.30.51.58: #s58-t24-sut1 - sapphirerapids 10.30.51.72: #s62-t34-sut1 - altra 10.30.51.73: #s63-t34-sut2 - altra 10.30.51.75: #s65-t37-sut1 - icelake 10.30.51.76: #s66-t37-sut2 - icelake 10.30.51.78: #s78-t38-sut1 - icelake 10.30.51.79: #s79-t38-sut2 - icelake - 10.30.51.81: #s71-t212-sut1 - icelake + 10.30.51.81: #s81-t212-sut1 - icelake 10.30.51.83: #s83-t213-sut1 - icelake 10.30.51.85: #s85-t214-sut1 - icelake 10.30.51.87: #s87-t215-sut1 - icelake 10.30.51.93: #s93-t39-sut1 - snowridge 10.30.51.94: #s94-t39-sut2 - snowridge - 10.32.8.11: #s29-t26-sut1 - denverton - 10.32.8.12: #s30-t35-sut1 - denverton - 10.32.8.13: #s31-t35-sut2 - denverton 10.32.8.18: #s33-t27-sut1 - cascadelake 10.32.8.20: #s35-t28-sut1 - cascadelake 10.32.8.22: #s37-t29-sut1 - cascadelake 10.32.8.24: #s60-t210-sut1 - epyc 10.30.51.69: #s27-t211-sut1 - thunderx2 9975 vpp_device: - # Note: vpp_device hosts are also nomad client hosts hosts: + 10.30.51.30: #s30-t15-sut1 - sapphirerapids + 10.30.51.31: #s31-t16-sut1 - sapphirerapids 10.30.51.50: #s1-t11-sut1 - skylake 10.30.51.51: #s2-t12-sut1 - skylake 10.30.51.70: #s55-t13-sut1 - thunderx2 9980 10.30.51.71: #s56-t14-sut1 - thunderx2 9980 nomad: hosts: - 10.30.51.16: #s16-nomad - haswell - 10.30.51.17: #s17-nomad - haswell - 10.30.51.18: #s18-nomad - haswell - 10.30.51.19: #s19-nomad - haswell - 10.30.51.20: #s20-nomad - haswell - 10.30.51.21: #s21-nomad - haswell - 10.30.51.22: #s22-nomad - haswell + 10.30.51.21: #s21-nomad - sapphirerapids + 10.30.51.22: #s22-nomad - sapphirerapids 10.30.51.23: #s23-nomad - skylake 10.30.51.24: #s24-nomad - skylake 10.30.51.25: #s25-nomad - skylake 10.30.51.26: #s26-nomad - skylake - 10.30.51.39: #s53-nomad - thunderx 88xx - 10.30.51.40: #s54-nomad - thunderx 88xx - 10.30.51.65: #s52-nomad - thunderx 88xx - 10.30.51.66: #s51-nomad - thunderx 88xx - 10.30.51.67: #s49-nomad - thunderx 88xx - 10.30.51.68: #s50-nomad - thunderx 88xx + 10.30.51.27: #s27-nomad - skylake + 10.30.51.28: #s28-nomad - skylake 10.30.51.91: #s58-nomad - neoverse n1 10.30.51.92: #s59-nomad - neoverse n1 dev: hosts: - 10.30.51.38: #fdio-marvell-dev - thunderx 88xx + 10.30.51.38: #fdio-marvell-dev - thunderx 88xx
\ No newline at end of file |