diff options
Diffstat (limited to 'fdio.infra.ansible/roles/aws/tasks/main.yaml')
| -rw-r--r-- | fdio.infra.ansible/roles/aws/tasks/main.yaml | 119 |
1 files changed, 65 insertions, 54 deletions
diff --git a/fdio.infra.ansible/roles/aws/tasks/main.yaml b/fdio.infra.ansible/roles/aws/tasks/main.yaml index b5132c1909..b33848e2d2 100644 --- a/fdio.infra.ansible/roles/aws/tasks/main.yaml +++ b/fdio.infra.ansible/roles/aws/tasks/main.yaml @@ -13,18 +13,6 @@ tags: - aws-inst-prerequisites -- name: Switch Kernel At Boot - ansible.builtin.lineinfile: - path: "/etc/default/grub" - state: "present" - line: "GRUB_DEFAULT=\"1>2\"" - notify: - - "Update GRUB" - tags: - - perf-conf-grub - -- meta: flush_handlers - - name: Load Kernel Modules By Default ansible.builtin.lineinfile: path: "/etc/modules" @@ -58,55 +46,78 @@ tags: - aws-load-kernel-modules -#- name: Get vfio-pci With WC Patcher -# ansible.builtin.get_url: -# url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/get-vfio-with-wc.sh" -# dest: "/opt/get-vfio-with-wc.sh" -# mode: 0744 -# tags: -# - aws-vfio-patch - -- name: Create vfio-pci Patch Directory - ansible.builtin.file: - path: "/opt/patches/" - state: "directory" +- name: Kernel Parameters + ansible.builtin.lineinfile: + path: "/etc/default/grub" + state: "present" + regexp: "^GRUB_CMDLINE_LINUX=" + line: "GRUB_CMDLINE_LINUX=iommu=1 intel_iommu=on" + notify: + - "Update GRUB" tags: - - aws-vfio-patch + - perf-conf-grub -- name: Get vfio-pci WC Patch - ansible.builtin.get_url: - url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/{{ item }}" - dest: "/opt/patches/{{ item }}" - mode: 0744 - with_items: - - "linux-4.10-vfio-wc.patch" - - "linux-5.8-vfio-wc.patch" - - "linux-5.15-vfio-wc.patch" - tags: - - aws-vfio-patch +- meta: flush_handlers -- name: Copy vfio-pci WC Patch - ansible.builtin.copy: - src: "files/get-vfio-with-wc.sh" - dest: "/opt" - mode: 0744 +- name: Disable Password Login + ansible.builtin.lineinfile: + dest: "/etc/ssh/sshd_config" + regexp: "^PasswordAuthentication yes" + line: "PasswordAuthentication no" + notify: + - "Restart SSHd" tags: - - aws-vfio-patch + - conf-ssh -- name: Compile vfio-pci With WC Patch - ansible.builtin.shell: "/bin/bash /opt/get-vfio-with-wc.sh" - environment: - DEBIAN_FRONTEND: "noninteractive" - TERM: "vt100" +- name: Recursively Delete Other Configs + ansible.builtin.file: + path: "/etc/ssh/sshd_config.d" + state: "absent" tags: - - aws-vfio-patch + - conf-ssh -- name: Reload systemd-modules - ansible.builtin.systemd: - name: "systemd-modules-load" - state: "restarted" - tags: - - aws-reload-systemd-modules +#- name: Get vfio-pci With WC Patcher +# ansible.builtin.get_url: +# url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/get-vfio-with-wc.sh" +# dest: "/opt/get-vfio-with-wc.sh" +# mode: 0744 +# tags: +# - aws-vfio-patch +# +#- name: Create vfio-pci Patch Directory +# ansible.builtin.file: +# path: "/opt/patches/" +# state: "directory" +# tags: +# - aws-vfio-patch +# +#- name: Get vfio-pci WC Patch +# ansible.builtin.get_url: +# url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/{{ item }}" +# dest: "/opt/patches/{{ item }}" +# mode: 0744 +# with_items: +# - "linux-4.10-vfio-wc.patch" +# - "linux-5.8-vfio-wc.patch" +# - "linux-5.15-vfio-wc.patch" +# tags: +# - aws-vfio-patch +# +#- name: Copy vfio-pci WC Patch +# ansible.builtin.copy: +# src: "files/get-vfio-with-wc.sh" +# dest: "/opt" +# mode: 0744 +# tags: +# - aws-vfio-patch +# +#- name: Compile vfio-pci With WC Patch +# ansible.builtin.shell: "/bin/bash /opt/get-vfio-with-wc.sh" +# environment: +# DEBIAN_FRONTEND: "noninteractive" +# TERM: "vt100" +# tags: +# - aws-vfio-patch - name: Adjust nr_hugepages ansible.builtin.sysctl: |