diff options
Diffstat (limited to 'fdio.infra.ansible/roles/aws')
-rw-r--r-- | fdio.infra.ansible/roles/aws/defaults/main.yaml | 6 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/aws/handlers/main.yaml | 5 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/aws/tasks/main.yaml | 119 |
3 files changed, 72 insertions, 58 deletions
diff --git a/fdio.infra.ansible/roles/aws/defaults/main.yaml b/fdio.infra.ansible/roles/aws/defaults/main.yaml index 5b6978da51..a0150eae37 100644 --- a/fdio.infra.ansible/roles/aws/defaults/main.yaml +++ b/fdio.infra.ansible/roles/aws/defaults/main.yaml @@ -15,12 +15,10 @@ packages_base: packages_by_distro: ubuntu: - - "linux-image-5.4.0-1009-aws" - - "linux-headers-5.4.0-1009-aws" - - "linux-tools-5.4.0-1009-aws" + - [] packages_by_arch: aarch64: - [] x86_64: - - []
\ No newline at end of file + - [] diff --git a/fdio.infra.ansible/roles/aws/handlers/main.yaml b/fdio.infra.ansible/roles/aws/handlers/main.yaml index d55db1c22f..bc160a3263 100644 --- a/fdio.infra.ansible/roles/aws/handlers/main.yaml +++ b/fdio.infra.ansible/roles/aws/handlers/main.yaml @@ -18,3 +18,8 @@ reboot_timeout: 3600 tags: - reboot-server + +- name: Restart SSHd + ansible.builtin.service: + name: sshd + state: restarted diff --git a/fdio.infra.ansible/roles/aws/tasks/main.yaml b/fdio.infra.ansible/roles/aws/tasks/main.yaml index b5132c1909..b33848e2d2 100644 --- a/fdio.infra.ansible/roles/aws/tasks/main.yaml +++ b/fdio.infra.ansible/roles/aws/tasks/main.yaml @@ -13,18 +13,6 @@ tags: - aws-inst-prerequisites -- name: Switch Kernel At Boot - ansible.builtin.lineinfile: - path: "/etc/default/grub" - state: "present" - line: "GRUB_DEFAULT=\"1>2\"" - notify: - - "Update GRUB" - tags: - - perf-conf-grub - -- meta: flush_handlers - - name: Load Kernel Modules By Default ansible.builtin.lineinfile: path: "/etc/modules" @@ -58,55 +46,78 @@ tags: - aws-load-kernel-modules -#- name: Get vfio-pci With WC Patcher -# ansible.builtin.get_url: -# url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/get-vfio-with-wc.sh" -# dest: "/opt/get-vfio-with-wc.sh" -# mode: 0744 -# tags: -# - aws-vfio-patch - -- name: Create vfio-pci Patch Directory - ansible.builtin.file: - path: "/opt/patches/" - state: "directory" +- name: Kernel Parameters + ansible.builtin.lineinfile: + path: "/etc/default/grub" + state: "present" + regexp: "^GRUB_CMDLINE_LINUX=" + line: "GRUB_CMDLINE_LINUX=iommu=1 intel_iommu=on" + notify: + - "Update GRUB" tags: - - aws-vfio-patch + - perf-conf-grub -- name: Get vfio-pci WC Patch - ansible.builtin.get_url: - url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/{{ item }}" - dest: "/opt/patches/{{ item }}" - mode: 0744 - with_items: - - "linux-4.10-vfio-wc.patch" - - "linux-5.8-vfio-wc.patch" - - "linux-5.15-vfio-wc.patch" - tags: - - aws-vfio-patch +- meta: flush_handlers -- name: Copy vfio-pci WC Patch - ansible.builtin.copy: - src: "files/get-vfio-with-wc.sh" - dest: "/opt" - mode: 0744 +- name: Disable Password Login + ansible.builtin.lineinfile: + dest: "/etc/ssh/sshd_config" + regexp: "^PasswordAuthentication yes" + line: "PasswordAuthentication no" + notify: + - "Restart SSHd" tags: - - aws-vfio-patch + - conf-ssh -- name: Compile vfio-pci With WC Patch - ansible.builtin.shell: "/bin/bash /opt/get-vfio-with-wc.sh" - environment: - DEBIAN_FRONTEND: "noninteractive" - TERM: "vt100" +- name: Recursively Delete Other Configs + ansible.builtin.file: + path: "/etc/ssh/sshd_config.d" + state: "absent" tags: - - aws-vfio-patch + - conf-ssh -- name: Reload systemd-modules - ansible.builtin.systemd: - name: "systemd-modules-load" - state: "restarted" - tags: - - aws-reload-systemd-modules +#- name: Get vfio-pci With WC Patcher +# ansible.builtin.get_url: +# url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/get-vfio-with-wc.sh" +# dest: "/opt/get-vfio-with-wc.sh" +# mode: 0744 +# tags: +# - aws-vfio-patch +# +#- name: Create vfio-pci Patch Directory +# ansible.builtin.file: +# path: "/opt/patches/" +# state: "directory" +# tags: +# - aws-vfio-patch +# +#- name: Get vfio-pci WC Patch +# ansible.builtin.get_url: +# url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/{{ item }}" +# dest: "/opt/patches/{{ item }}" +# mode: 0744 +# with_items: +# - "linux-4.10-vfio-wc.patch" +# - "linux-5.8-vfio-wc.patch" +# - "linux-5.15-vfio-wc.patch" +# tags: +# - aws-vfio-patch +# +#- name: Copy vfio-pci WC Patch +# ansible.builtin.copy: +# src: "files/get-vfio-with-wc.sh" +# dest: "/opt" +# mode: 0744 +# tags: +# - aws-vfio-patch +# +#- name: Compile vfio-pci With WC Patch +# ansible.builtin.shell: "/bin/bash /opt/get-vfio-with-wc.sh" +# environment: +# DEBIAN_FRONTEND: "noninteractive" +# TERM: "vt100" +# tags: +# - aws-vfio-patch - name: Adjust nr_hugepages ansible.builtin.sysctl: |