diff options
Diffstat (limited to 'fdio.infra.ansible/roles')
130 files changed, 5313 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/ab/defaults/main.yaml b/fdio.infra.ansible/roles/ab/defaults/main.yaml new file mode 100644 index 0000000000..45b80be42d --- /dev/null +++ b/fdio.infra.ansible/roles/ab/defaults/main.yaml @@ -0,0 +1,20 @@ +--- +# file: roles/wrk/defaults/main.yaml + +packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}" + +packages_base: + - [] + +packages_by_distro: + ubuntu: + bionic: + - "apache2-utils" + focal: + - "apache2-utils" + +packages_by_arch: + aarch64: + - [] + x86_64: + - [] diff --git a/fdio.infra.ansible/roles/ab/tasks/main.yaml b/fdio.infra.ansible/roles/ab/tasks/main.yaml new file mode 100644 index 0000000000..37e702e6df --- /dev/null +++ b/fdio.infra.ansible/roles/ab/tasks/main.yaml @@ -0,0 +1,18 @@ +--- +# file: roles/ab/tasks/main.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - ab-inst-prerequisites + +- name: Inst - Apache ab tools + package: + name: "{{ packages | flatten(levels=1) }}" + state: present + tags: + - ab-inst
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/aws/defaults/main.yaml b/fdio.infra.ansible/roles/aws/defaults/main.yaml new file mode 100644 index 0000000000..d4ea91afd4 --- /dev/null +++ b/fdio.infra.ansible/roles/aws/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +# file: roles/aws/defaults/main.yaml diff --git a/fdio.infra.ansible/roles/aws/handlers/main.yaml b/fdio.infra.ansible/roles/aws/handlers/main.yaml new file mode 100644 index 0000000000..7363dc2c34 --- /dev/null +++ b/fdio.infra.ansible/roles/aws/handlers/main.yaml @@ -0,0 +1,15 @@ +--- +# file: roles/aws/handlers/main.yaml + +- name: Reboot server + reboot: + reboot_timeout: 3600 + tags: + - reboot-server + +- name: AWS - Reload systemd-modules + systemd: + name: "systemd-modules-load" + state: "restarted" + tags: + - reload-systemd-modules diff --git a/fdio.infra.ansible/roles/aws/tasks/main.yaml b/fdio.infra.ansible/roles/aws/tasks/main.yaml new file mode 100644 index 0000000000..2d209762c3 --- /dev/null +++ b/fdio.infra.ansible/roles/aws/tasks/main.yaml @@ -0,0 +1,93 @@ +--- +# file: roles/aws/tasks/main.yaml + +- name: Edit repositories + include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml" + tags: + - aws-edit-repo + +- name: Get vfio-pci With WC Patcher + get_url: + url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/get-vfio-with-wc.sh" + dest: "/opt/get-vfio-with-wc.sh" + mode: "744" + tags: + - aws-vfio-patch + +- name: Create vfio-pci Patch Directory + file: + path: "/opt/patches/" + state: "directory" + tags: + - aws-vfio-patch + +- name: Get vfio-pci WC Patch >=4.10 + get_url: + url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/linux-4.10-vfio-wc.patch" + dest: "/opt/patches/linux-4.10-vfio-wc.patch" + mode: "744" + tags: + - aws-vfio-patch + +- name: Get vfio-pci WC Patch >=5.8 + get_url: + url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/linux-5.8-vfio-wc.patch" + dest: "/opt/patches/linux-5.8-vfio-wc.patch" + mode: "744" + tags: + - aws-vfio-patch + +- name: Compile vfio-pci With WC Patch + shell: "/bin/bash /opt/get-vfio-with-wc.sh" + tags: + - aws-vfio-patch + +- name: Load Kernel Modules By Default + lineinfile: + path: "/etc/modules" + state: "present" + line: "{{ item }}" + with_items: + - "vfio-pci" + - "igb_uio" + tags: + - aws-load-kernel-modules + +- name: Add Kernel Modules Options (igb_uio) + lineinfile: + path: "/etc/modprobe.d/igb_uio.conf" + state: "present" + line: "{{ item }}" + create: "yes" + with_items: + - "options igb_uio wc_activate=1" + tags: + - aws-load-kernel-modules + +- name: Add Kernel Modules Options (vfio-pci) + lineinfile: + path: "/etc/modprobe.d/vfio-noiommu.conf" + state: "present" + line: "{{ item }}" + create: "yes" + with_items: + - "options vfio enable_unsafe_noiommu_mode=1" + tags: + - aws-load-kernel-modules + +- name: Reload systemd-modules + systemd: + name: "systemd-modules-load" + state: "restarted" + tags: + - aws-reload-systemd-modules + +- name: Performance Tuning - Adjust nr_hugepages + sysctl: + name: "vm.nr_hugepages" + value: "8192" + state: "present" + sysctl_file: "/etc/sysctl.d/90-csit.conf" + reload: "yes" + tags: + - aws-set-hugepages diff --git a/fdio.infra.ansible/roles/aws/tasks/ubuntu_bionic.yaml b/fdio.infra.ansible/roles/aws/tasks/ubuntu_bionic.yaml new file mode 100644 index 0000000000..bca1cf5095 --- /dev/null +++ b/fdio.infra.ansible/roles/aws/tasks/ubuntu_bionic.yaml @@ -0,0 +1,10 @@ +--- +# file: roles/aws/tasks/ubuntu_bionic.yaml.yaml + +- name: Enable deb-src APT Repository + apt_repository: + repo: "deb-src http://archive.ubuntu.com/ubuntu bionic main" + state: "present" + update_cache: yes + tags: + - aws-enable-src-repo diff --git a/fdio.infra.ansible/roles/aws/tasks/ubuntu_focal.yaml b/fdio.infra.ansible/roles/aws/tasks/ubuntu_focal.yaml new file mode 100644 index 0000000000..a8cc56c0c4 --- /dev/null +++ b/fdio.infra.ansible/roles/aws/tasks/ubuntu_focal.yaml @@ -0,0 +1,10 @@ +--- +# file: roles/aws/tasks/ubuntu_focal.yaml.yaml + +- name: Enable deb-src APT Repository + apt_repository: + repo: "deb-src http://archive.ubuntu.com/ubuntu focal main" + state: "present" + update_cache: yes + tags: + - aws-enable-src-repo diff --git a/fdio.infra.ansible/roles/azure/defaults/main.yaml b/fdio.infra.ansible/roles/azure/defaults/main.yaml new file mode 100644 index 0000000000..8c48c307bc --- /dev/null +++ b/fdio.infra.ansible/roles/azure/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +# file: roles/azure/defaults/main.yaml + diff --git a/fdio.infra.ansible/roles/azure/files/10-dtap.link b/fdio.infra.ansible/roles/azure/files/10-dtap.link new file mode 100644 index 0000000000..a8e0aa10f3 --- /dev/null +++ b/fdio.infra.ansible/roles/azure/files/10-dtap.link @@ -0,0 +1,4 @@ +[Match] +OriginalName=dtap* +[Link] +NamePolicy=kernel diff --git a/fdio.infra.ansible/roles/azure/handlers/main.yaml b/fdio.infra.ansible/roles/azure/handlers/main.yaml new file mode 100644 index 0000000000..f0d46062d9 --- /dev/null +++ b/fdio.infra.ansible/roles/azure/handlers/main.yaml @@ -0,0 +1,15 @@ +--- +# file: roles/azure/handlers/main.yaml + +- name: Reboot server + reboot: + reboot_timeout: 3600 + tags: + - reboot-server + +- name: Azure - Reload systemd-modules + systemd: + name: "systemd-modules-load" + state: "restarted" + tags: + - reload-systemd-modules diff --git a/fdio.infra.ansible/roles/azure/tasks/main.yaml b/fdio.infra.ansible/roles/azure/tasks/main.yaml new file mode 100644 index 0000000000..c8d72475d8 --- /dev/null +++ b/fdio.infra.ansible/roles/azure/tasks/main.yaml @@ -0,0 +1,38 @@ +--- +# file: roles/azure/tasks/main.yaml + +- name: Azure - Load Kernel Modules By Default + lineinfile: + path: "/etc/modules" + state: "present" + line: "{{ item }}" + with_items: + - "vfio-pci" + - "ib_uverbs" + - "mlx4_ib" + - "mlx5_ib" + notify: "Azure - Reload systemd-modules" + tags: + - load-kernel-modules + +- name: Azure - Performance Tuning - Adjust nr_hugepages + sysctl: + name: "vm.nr_hugepages" + value: "8192" + state: "present" + sysctl_file: "/etc/sysctl.d/90-csit.conf" + reload: "yes" + tags: + - set-sysctl + +- name: Azure - prevent interface renaming + copy: + src: "files/10-dtap.link" + dest: "/etc/systemd/network/" + owner: "root" + group: "root" + mode: "0644" + notify: + - "Reboot server" + tags: + - prevent-interface-renaming diff --git a/fdio.infra.ansible/roles/baremetal/handlers/cimc.yaml b/fdio.infra.ansible/roles/baremetal/handlers/cimc.yaml new file mode 100644 index 0000000000..0048d19032 --- /dev/null +++ b/fdio.infra.ansible/roles/baremetal/handlers/cimc.yaml @@ -0,0 +1,74 @@ +--- +# file: roles/baremeatal/handlers/cimc.yaml + +- name: Boot from network + imc_rest: + hostname: "{{ inventory_cimc_hostname }}" + username: "{{ inventory_cimc_username }}" + password: "{{ inventory_cimc_password }}" + validate_certs: no + content: | + <!-- Configure PXE boot --> + <configConfMo><inConfig> + <lsbootLan dn="sys/rack-unit-1/boot-policy/lan-read-only" access="read-only" order="1" prot="pxe" type="lan"/> + </inConfig></configConfMo> + delegate_to: localhost + tags: + - boot-network + +- name: Boot from storage + imc_rest: + hostname: "{{ inventory_cimc_hostname }}" + username: "{{ inventory_cimc_username }}" + password: "{{ inventory_cimc_password }}" + validate_certs: no + content: | + <configConfMo><inConfig> + <lsbootStorage dn="sys/rack-unit-1/boot-policy/storage-read-write" access="read-write" order="1" type="storage"/> + </inConfig></configConfMo> + delegate_to: localhost + tags: + - boot-storage + +- name: Power up server + imc_rest: + hostname: "{{ inventory_cimc_hostname }}" + username: "{{ inventory_cimc_username }}" + password: "{{ inventory_cimc_password }}" + validate_certs: no + content: | + <configConfMo><inConfig> + <computeRackUnit dn="sys/rack-unit-1" adminPower="up"/> + </inConfig></configConfMo> + delegate_to: localhost + tags: + - power-up + +- name: Power down server + imc_rest: + hostname: "{{ inventory_cimc_hostname }}" + username: "{{ inventory_cimc_username }}" + password: "{{ inventory_cimc_password }}" + validate_certs: no + content: | + <configConfMo><inConfig> + <computeRackUnit dn="sys/rack-unit-1" adminPower="down"/> + </inConfig></configConfMo> + delegate_to: localhost + tags: + - power-down + +- name: Power cycle server + imc_rest: + hostname: "{{ inventory_cimc_hostname }}" + username: "{{ inventory_cimc_username }}" + password: "{{ inventory_cimc_password }}" + validate_certs: no + content: | + <!-- Power cycle server --> + <configConfMo><inConfig> + <computeRackUnit dn="sys/rack-unit-1" adminPower="cycle-immediate"/> + </inConfig></configConfMo> + delegate_to: localhost + tags: + - power-cycle diff --git a/fdio.infra.ansible/roles/baremetal/handlers/ipmi.yaml b/fdio.infra.ansible/roles/baremetal/handlers/ipmi.yaml new file mode 100644 index 0000000000..239b8973f7 --- /dev/null +++ b/fdio.infra.ansible/roles/baremetal/handlers/ipmi.yaml @@ -0,0 +1,52 @@ +--- +# file: roles/baremetal/handlers/ipmi.yaml + +- name: Boot from network + ipmi_boot: + name: "{{ inventory_ipmi_hostname }}" + user: "{{ inventory_ipmi_username }}" + password: "{{ inventory_ipmi_password }}" + bootdev: network + delegate_to: localhost + tags: + - boot-network + +- name: Boot from storage + ipmi_boot: + name: "{{ inventory_ipmi_hostname }}" + user: "{{ inventory_ipmi_username }}" + password: "{{ inventory_ipmi_password }}" + bootdev: hd + delegate_to: localhost + tags: + - boot-storage + +- name: Power up server + ipmi_power: + name: "{{ inventory_ipmi_hostname }}" + user: "{{ inventory_ipmi_username }}" + password: "{{ inventory_ipmi_password }}" + state: on + delegate_to: localhost + tags: + - power-up + +- name: Power down server + ipmi_power: + name: "{{ inventory_ipmi_hostname }}" + user: "{{ inventory_ipmi_username }}" + password: "{{ inventory_ipmi_password }}" + state: off + delegate_to: localhost + tags: + - power-down + +- name: Power cycle server + ipmi_power: + name: "{{ inventory_ipmi_hostname }}" + user: "{{ inventory_ipmi_username }}" + password: "{{ inventory_ipmi_password }}" + state: boot + delegate_to: localhost + tags: + - power-cycle diff --git a/fdio.infra.ansible/roles/baremetal/handlers/main.yaml b/fdio.infra.ansible/roles/baremetal/handlers/main.yaml new file mode 100644 index 0000000000..d8dabeb222 --- /dev/null +++ b/fdio.infra.ansible/roles/baremetal/handlers/main.yaml @@ -0,0 +1,30 @@ +--- +# file: roles/baremetal/handlers/main.yaml + +- name: IPMI specific + import_tasks: ipmi.yaml + when: inventory_ipmi_hostname is defined + tags: + - ipmi-handlers + +- name: CIMC specific + import_tasks: cimc.yaml + when: inventory_cimc_hostname is defined + tags: + - cimc-handlers + +- name: Reboot server + reboot: + reboot_timeout: 3600 + tags: + - reboot-server + +- name: Wait for server to restart + wait_for: + host: "{{ inventory_hostname }}" + search_regex: OpenSSH + port: 22 + delay: 60 + timeout: 3600 + tags: + - reboot-server diff --git a/fdio.infra.ansible/roles/cadvisor/defaults/main.yaml b/fdio.infra.ansible/roles/cadvisor/defaults/main.yaml new file mode 100644 index 0000000000..3b25e551ea --- /dev/null +++ b/fdio.infra.ansible/roles/cadvisor/defaults/main.yaml @@ -0,0 +1,24 @@ +--- +# file: roles/cadvisor/defaults/main.yaml + +packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}" + +packages_base: + - [] + +packages_by_distro: + ubuntu: + - "python3-docker" + - "python3-dockerpty" + +packages_by_arch: + aarch64: + - [] + x86_64: + - [] + +image: "{{ image_by_arch[ansible_machine] }}" + +image_by_arch: + aarch64: "zcube/cadvisor:v0.37.0" + x86_64: "gcr.io/cadvisor/cadvisor:v0.38.7"
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/cadvisor/tasks/main.yaml b/fdio.infra.ansible/roles/cadvisor/tasks/main.yaml new file mode 100644 index 0000000000..a2a13368c2 --- /dev/null +++ b/fdio.infra.ansible/roles/cadvisor/tasks/main.yaml @@ -0,0 +1,39 @@ +--- +# file: roles/cadvisor/tasks/main.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - cadvisor-inst-prerequisites + +- name: Inst - Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + tags: + - cadvisor-inst-prerequisites + +- name: Inst - Start a container + docker_container: + name: "cAdvisor" + image: "{{ image }}" + state: "started" + restart_policy: "unless-stopped" + detach: yes + devices: + - "/dev/kmsg" + ports: + - "8080:8080" + privileged: yes + volumes: + - "/:/rootfs:ro" + - "/var/run:/var/run:ro" + - "/sys:/sys:ro" + - "/var/lib/docker/:/var/lib/docker:ro" + - "/dev/disk/:/dev/disk:ro" + tags: + - cadvisor-run-container diff --git a/fdio.infra.ansible/roles/calibration/defaults/main.yaml b/fdio.infra.ansible/roles/calibration/defaults/main.yaml new file mode 100644 index 0000000000..020c0119b1 --- /dev/null +++ b/fdio.infra.ansible/roles/calibration/defaults/main.yaml @@ -0,0 +1,47 @@ +--- +# file: roles/calibration/defaults/main.yaml + +# Packages to install. +packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}" + +packages_base: + - [] + +packages_by_distro: + ubuntu: + bionic: + - "build-essential" + - "dmidecode" + focal: + - "build-essential" + - "dmidecode" + +packages_by_arch: + aarch64: + - [] + x86_64: + - [] + +# Kernel version to check. +kernel_version: "{{ kernel_version_by_distro_by_arch[ansible_distribution | lower][ansible_distribution_release][ansible_machine] }}" + +kernel_version_by_distro_by_arch: + ubuntu: + bionic: + x86_64: + - "4.15.0-72-generic" + - "5.3.0-1020-azure" + - "4.15.0-1057-aws" + aarch64: + - "4.15.0-54-generic" + focal: + x86_64: + - "5.4.0-65-generic" + - "5.3.0-1020-azure" + - "5.4.0-1035-aws" + aarch64: + - "5.4.0-65-generic" + +pma_directory: "/tmp/pma_tools" +jitter_core: 7 +jitter_iterations: 20 diff --git a/fdio.infra.ansible/roles/calibration/tasks/aarch64.yaml b/fdio.infra.ansible/roles/calibration/tasks/aarch64.yaml new file mode 100644 index 0000000000..ca4e75d268 --- /dev/null +++ b/fdio.infra.ansible/roles/calibration/tasks/aarch64.yaml @@ -0,0 +1,2 @@ +--- +# file: roles/calibration/tasks/aarch64.yaml diff --git a/fdio.infra.ansible/roles/calibration/tasks/main.yaml b/fdio.infra.ansible/roles/calibration/tasks/main.yaml new file mode 100644 index 0000000000..696f1c9265 --- /dev/null +++ b/fdio.infra.ansible/roles/calibration/tasks/main.yaml @@ -0,0 +1,89 @@ +--- +# file: roles/calibration/tasks/main.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - calibration-inst-prerequisites + +- name: Inst - Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + tags: + - calibration-inst-prerequisites + +- name: Check CPU Power States + shell: "lscpu" + register: current_lscpu + changed_when: false + tags: + - check-cpu-frequency + +- name: Check CPU Power States + assert: + that: + - "'CPU min MHz' not in current_lscpu.stdout or 'Intel(R) Xeon(R)' not in ansible_processor" + fail_msg: "CPU configuration!" + success_msg: "CPU configuration match." + tags: + - check-cpu-frequency + +- name: Check Kernel Parameters + assert: + that: + - item in ansible_cmdline and grub[item] == ansible_cmdline[item] + fail_msg: "Kernel parameters!" + success_msg: "Kernel parameters match." + loop: "{{ grub.keys()|sort }}" + when: + - grub is defined + tags: + - check-kernel-params + +- name: Check Kernel Version + assert: + that: + - ansible_kernel not in kernel_version_by_distro_by_arch + fail_msg: "Kernel version!" + success_msg: "Kernel version match." + tags: + - check-kernel-version + +- name: Get Spectre Meltdown Checker + get_url: + url: "https://meltdown.ovh" + dest: "/opt/spectre-meltdown-checker.sh" + mode: "744" + tags: + - check-spectre-meltdown + +- name: Run Spectre Meltdown Checker + shell: "/opt/spectre-meltdown-checker.sh --no-color || true" + async: 60 + poll: 0 + ignore_errors: true + register: spectre_meltdown_async + tags: + - check-spectre-meltdown + +- name: "{{ ansible_machine }} Specific" + include_tasks: "{{ ansible_machine }}.yaml" + tags: + - check-machine-specific + - check-jitter-tool + +- name: Check Sync Status + async_status: + jid: "{{ spectre_meltdown_async.ansible_job_id }}" + register: "spectre_meltdown_poll_results" + until: spectre_meltdown_poll_results.finished + retries: 30 + +- debug: var=spectre_meltdown_poll_results.stdout_lines + tags: + - check-spectre-meltdown diff --git a/fdio.infra.ansible/roles/calibration/tasks/x86_64.yaml b/fdio.infra.ansible/roles/calibration/tasks/x86_64.yaml new file mode 100644 index 0000000000..90b1c954b5 --- /dev/null +++ b/fdio.infra.ansible/roles/calibration/tasks/x86_64.yaml @@ -0,0 +1,35 @@ +--- +# file: roles/calibration/tasks/x86_64.yaml + +- name: Calibration - Clone PMA Tool + git: + repo: "https://gerrit.fd.io/r/pma_tools" + dest: "{{ pma_directory }}" + tags: + - check-jitter-tool + +- name: Calibration - Compile PMA Tool + raw: "cd {{ pma_directory }}/jitter && make" + tags: + - check-jitter-tool + +- name: Calibration - Run Jitter Tool + shell: "{{ pma_directory }}/jitter/jitter -c {{ jitter_core }} -i {{ jitter_iterations }} -f" + become: yes + async: 60 + poll: 0 + ignore_errors: yes + register: jitter_async + tags: + - check-jitter-tool + +- name: Check sync status + async_status: + jid: "{{ jitter_async.ansible_job_id }}" + register: "jitter_poll_results" + until: jitter_poll_results.finished + retries: 30 + +- debug: var=jitter_poll_results.stdout_lines + tags: + - check-jitter-tool diff --git a/fdio.infra.ansible/roles/cleanup/files/reset_vppdevice.sh b/fdio.infra.ansible/roles/cleanup/files/reset_vppdevice.sh new file mode 100644 index 0000000000..ede2db1273 --- /dev/null +++ b/fdio.infra.ansible/roles/cleanup/files/reset_vppdevice.sh @@ -0,0 +1,113 @@ +#!/usr/bin/env bash + +set -euo pipefail + +function die () { + # Print the message to standard error end exit with error code specified + # by the second argument. + # + # Hardcoded values: + # - The default error message. + # Arguments: + # - ${1} - The whole error message, be sure to quote. Optional + # - ${2} - the code to exit with, default: 1. + + set +eu + warn "${1:-Unspecified run-time error occurred!}" + exit "${2:-1}" +} + + +function set_eligibility_off { + # Set Nomad eligibility to ineligible for scheduling. Fail otherwise. + + set -euo pipefail + + node_id="$(nomad node status | grep $(hostname) | cut -d ' ' -f 1)" || die + node_status="$(nomad node status | grep $(hostname))" || die + + if [[ "${node_status}" != *"ineligible"* ]]; then + nomad node eligibility -disable "${node_id}" || die + node_status="$(nomad node status | grep $(hostname))" || die + if [[ "${node_status}" != *"ineligible"* ]]; then + die "Set eligibility off failed!" + fi + fi +} + + +function set_eligibility_on { + # Set Nomad eligibility to eligible for scheduling. Fail otherwise. + + set -euo pipefail + + node_id="$(nomad node status | grep $(hostname) | cut -d ' ' -f 1)" || die + node_status="$(nomad node status | grep $(hostname))" || die + + if [[ "${node_status}" == *"ineligible"* ]]; then + nomad node eligibility -enable "${node_id}" || die + node_status="$(nomad node status | grep $(hostname))" || die + if [[ "${node_status}" == *"ineligible"* ]]; then + die "Set eligibility on failed!" + fi + fi +} + + +function restart_vfs_service { + # Stop and start VF serice. This will reinitialize VFs and driver mappings. + + set -euo pipefail + + warn "Restarting VFs service (this may take few minutes)..." + sudo service csit-initialize-vfs stop || die "Failed to stop VFs service!" + sudo service csit-initialize-vfs start || die "Failed to start VFs service!" +} + + +function wait_for_pending_containers { + # Wait in loop for defined amount of time for pending containers to + # gracefully quit them. If parameter force is specified. Force kill them. + + # Arguments: + # - ${@} - Script parameters. + + set -euo pipefail + + retries=60 + wait_time=60 + containers=(docker ps --quiet --filter name=csit*) + + for i in $(seq 1 ${retries}); do + mapfile -t pending_containers < <( ${containers[@]} ) || die + warn "Waiting for pending containers [${pending_containers[@]}] ..." + if [ ${#pending_containers[@]} -eq 0 ]; then + break + fi + sleep "${wait_time}" || die + done + if [ ${#pending_containers[@]} -ne 0 ]; then + if [[ "${1-}" == "force" ]]; then + warn "Force killing [${pending_containers[@]}] ..." + docker rm --force ${pending_containers[@]} || die + else + die "Still few containers running!" + fi + fi +} + + +function warn () { + # Print the message to standard error. + # + # Arguments: + # - ${@} - The text of the message. + + echo "$@" >&2 +} + + +set_eligibility_off || die +wait_for_pending_containers "${@}" || die +restart_vfs_service || die +set_eligibility_on || die diff --git a/fdio.infra.ansible/roles/cleanup/tasks/clean_images.yaml b/fdio.infra.ansible/roles/cleanup/tasks/clean_images.yaml new file mode 100644 index 0000000000..e030acbff2 --- /dev/null +++ b/fdio.infra.ansible/roles/cleanup/tasks/clean_images.yaml @@ -0,0 +1,36 @@ +--- +# file: roles/cleanup/tasks/clean_images.yaml + +- name: Clean Docker Images + block: + - name: Clean Images - Prefetch Docker Images + cron: + name: "Prefetch docker image {{ item }}" + minute: "10" + hour: "7" + job: "/usr/bin/docker pull {{ item }}" + loop: + "{{ images_to_prefetch_by_arch[ansible_machine] }}" + tags: + - prefetch-docker-images + + - name: Clean Images - Remove Dangling Docker Images + cron: + name: "Remove dangling docker images" + minute: "10" + hour: "5" + weekday: "7" + job: "/usr/bin/docker rmi $(/usr/bin/docker images --filter 'dangling=true' -q)" + tags: + - remove-docker-images-dangling + + # TODO: Disabled until all images will be in registry + #- name: Clean Images - Prune Docker Images + # cron: + # name: "Prune docker images" + # minute: "10" + # hour: "6" + # weekday: 7 + # job: "/usr/bin/docker image prune --all --force" + # tags: + # - prune-docker-images
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/cleanup/tasks/kill_containers.yaml b/fdio.infra.ansible/roles/cleanup/tasks/kill_containers.yaml new file mode 100644 index 0000000000..25fd48e420 --- /dev/null +++ b/fdio.infra.ansible/roles/cleanup/tasks/kill_containers.yaml @@ -0,0 +1,42 @@ +--- +# file: roles/cleanup/tasks/kill_containers.yaml + +- name: Kill Docker Containers + block: + - name: Kill Container - Get Running Docker Containers + shell: "docker ps -aq" + register: running_containers + changed_when: no + tags: + - kill-containers + + - name: Kill Container - Remove All Docker Containers + shell: "docker rm --force {{ item }}" + with_items: "{{ running_containers.stdout_lines }}" + tags: + - kill-containers + + rescue: + - name: Restart Docker Daemon + systemd: + name: "docker" + state: "restarted" + +- name: Kill LXC Containers + block: + - name: Kill Container - Get Running LXC Containers + shell: "lxc-ls" + register: running_containers + changed_when: no + tags: + - kill-containers + + - name: Kill Container - Remove All LXC Containers + shell: "lxc-destroy --force -n {{ item }}" + with_items: "{{ running_containers.stdout_lines }}" + tags: + - kill-containers + + rescue: + - fail: + msg: "Kill LXC containers failed!"
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/cleanup/tasks/kill_process.yaml b/fdio.infra.ansible/roles/cleanup/tasks/kill_process.yaml new file mode 100644 index 0000000000..c7cee37485 --- /dev/null +++ b/fdio.infra.ansible/roles/cleanup/tasks/kill_process.yaml @@ -0,0 +1,37 @@ +--- +# file: roles/cleanup/tasks/kill_process.yaml + +- name: Kill Process - {{ process }} + block: + - name: Get PID Of {{ process }} + shell: "ps -ef | grep -v grep | grep -w {{ process }} | awk '{print $2}'" + when: + - process is defined and process != "" + register: running_processes + tags: + - kill-process + + - name: Safe Kill {{ process }} + shell: "kill {{ item }}" + with_items: "{{ running_processes.stdout_lines }}" + tags: + - kill-process + + - wait_for: + path: "/proc/{{ item }}/status" + state: "absent" + with_items: "{{ running_processes.stdout_lines }}" + ignore_errors: yes + register: killed_processes + tags: + - kill-process + + - name: Kill Process - Force Kill {{ process }} + shell: "kill -9 {{ item }}" + with_items: "{{ killed_processes.results | select('failed') | map(attribute='item') | list }}" + tags: + - kill-process + + rescue: + - fail: + msg: "Kill process {{ process }} failed!" diff --git a/fdio.infra.ansible/roles/cleanup/tasks/main.yaml b/fdio.infra.ansible/roles/cleanup/tasks/main.yaml new file mode 100644 index 0000000000..eeda0139b3 --- /dev/null +++ b/fdio.infra.ansible/roles/cleanup/tasks/main.yaml @@ -0,0 +1,43 @@ +--- +# file: roles/cleanup/tasks/main.yaml +# purpose: Structured per server cleanup tasks. +# - main: +# - tg: +# - Run tasks on TG servers only. +# - Cleanup processes (T-Rex). +# - sut: +# - Run tasks on SUT servers only. +# - Cleanup file leftovers (logs). +# - Cleanup packages (VPP, Honeycomb). +# - Cleanup processes (qemu, l3fwd, testpmd, docker, kubernetes) +# - Cleanup interfaces. +# - vpp_device +# - Run tasks on vpp_device servers only. +# - Reset SRIOV +# - Docker image cleanup +# - nomad +# - Docker image cleanup + +- name: tg specific + include_tasks: tg.yaml + when: "'tg' in group_names" + tags: + - cleanup + +- name: sut specific + include_tasks: sut.yaml + when: "'sut' in group_names" + tags: + - cleanup + +- name: vpp_device specific + include_tasks: vpp_device.yaml + when: "'vpp_device' in group_names" + tags: + - cleanup + +- name: nomad specific + include_tasks: nomad.yaml + when: "'nomad' in group_names" + tags: + - cleanup diff --git a/fdio.infra.ansible/roles/cleanup/tasks/nomad.yaml b/fdio.infra.ansible/roles/cleanup/tasks/nomad.yaml new file mode 100644 index 0000000000..3c5bf6462d --- /dev/null +++ b/fdio.infra.ansible/roles/cleanup/tasks/nomad.yaml @@ -0,0 +1,22 @@ +--- +# file: roles/cleanup/tasks/nomad.yaml + +- name: Host Cleanup + block: + - name: Clean Images + import_tasks: clean_images.yaml + vars: + images_to_prefetch_by_arch: + aarch64: + - "fdiotools/builder-ubuntu2004:prod-aarch64" + - "fdiotools/builder-ubuntu1804:prod-aarch64" + - "fdiotools/builder-centos8:prod-aarch64" + x86_64: + - "fdiotools/builder-ubuntu2004:prod-x86_64" + - "fdiotools/builder-ubuntu1804:prod-x86_64" + - "fdiotools/builder-debian10:prod-x86_64" + - "fdiotools/builder-debian9:prod-x86_64" + - "fdiotools/builder-centos8:prod-x86_64" + - "fdiotools/builder-centos7:prod-x86_64" + tags: + - clean-images
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/cleanup/tasks/remove_package.yaml b/fdio.infra.ansible/roles/cleanup/tasks/remove_package.yaml new file mode 100644 index 0000000000..302b43c99a --- /dev/null +++ b/fdio.infra.ansible/roles/cleanup/tasks/remove_package.yaml @@ -0,0 +1,21 @@ +--- +# file: roles/cleanup/tasks/remove_package.yaml + +- name: Remove Package - Fix Corrupted APT + shell: "dpkg --configure -a" + when: + - ansible_distribution == 'Ubuntu' + tags: + - remove-package + +- name: Remove Package - {{ package }} + apt: + name: "{{ package }}" + force: yes + purge: yes + state: "absent" + failed_when: no + when: + - ansible_distribution == 'Ubuntu' + tags: + - remove-package diff --git a/fdio.infra.ansible/roles/cleanup/tasks/sut.yaml b/fdio.infra.ansible/roles/cleanup/tasks/sut.yaml new file mode 100644 index 0000000000..d80a35b1cb --- /dev/null +++ b/fdio.infra.ansible/roles/cleanup/tasks/sut.yaml @@ -0,0 +1,83 @@ +--- +# file: roles/cleanup/tasks/sut.yaml + +- name: Host Cleanup + block: + - name: Kill Processes - Qemu + import_tasks: kill_process.yaml + vars: + process: "qemu" + tags: + - kill-process + + - name: Kill Processes - L3fwd + import_tasks: kill_process.yaml + vars: + process: "l3fwd" + tags: + - kill-process + + - name: Kill Processes - Testpmd + import_tasks: kill_process.yaml + vars: + process: "testpmd" + tags: + - kill-process + + - name: Kill Processes - iPerf3 + import_tasks: kill_process.yaml + vars: + process: "iperf3" + tags: + - kill-process + + - name: Kill Processes - vpp_echo + import_tasks: kill_process.yaml + vars: + process: "vpp_echo" + tags: + - kill-process + + - name: Find File Or Dir - Core Zip File + find: + paths: "/tmp/" + patterns: "*tar.lzo.lrz.xz*" + register: files_to_delete + tags: + - remove-file-dir + + - name: Remove File Or Dir - Core Zip File + file: + path: "{{ item.path }}" + state: absent + with_items: "{{ files_to_delete.files }}" + tags: + - remove-file-dir + + - name: Find File Or Dir - Core Dump File + find: + paths: "/tmp/" + patterns: "*core*" + register: files_to_delete + tags: + - remove-file-dir + + - name: Remove File Or Dir - Core Dump File + file: + path: "{{ item.path }}" + state: absent + with_items: "{{ files_to_delete.files }}" + tags: + - remove-file-dir + + - name: Kill Containers - Remove All Containers + import_tasks: kill_containers.yaml + tags: + - kill-containers + + - name: Remove Packages - Remove VPP + import_tasks: remove_package.yaml + vars: + package: "*vpp*" + tags: + - remove-package diff --git a/fdio.infra.ansible/roles/cleanup/tasks/tg.yaml b/fdio.infra.ansible/roles/cleanup/tasks/tg.yaml new file mode 100644 index 0000000000..fa2d2d2819 --- /dev/null +++ b/fdio.infra.ansible/roles/cleanup/tasks/tg.yaml @@ -0,0 +1,13 @@ +--- +# file: roles/cleanup/tasks/tg.yaml + +- name: Host Cleanup + block: + - name: Kill Processes - TRex + import_tasks: kill_process.yaml + vars: + process: "_t-rex" + when: + - docker_tg is undefined + tags: + - kill-process diff --git a/fdio.infra.ansible/roles/cleanup/tasks/vpp_device.yaml b/fdio.infra.ansible/roles/cleanup/tasks/vpp_device.yaml new file mode 100644 index 0000000000..41c4b29d37 --- /dev/null +++ b/fdio.infra.ansible/roles/cleanup/tasks/vpp_device.yaml @@ -0,0 +1,32 @@ +--- +# file: roles/cleanup/tasks/vpp_device.yaml + +- name: Host Cleanup + block: + - name: Reset vpp_device Binary + copy: + src: "files/reset_vppdevice.sh" + dest: "/usr/local/bin" + owner: "root" + group: "root" + mode: "744" + tags: + - reset-sriov + + - name: Clean Images + import_tasks: clean_images.yaml + vars: + images_to_prefetch_by_arch: + aarch64: + - "fdiotools/builder-ubuntu2004:prod-aarch64" + - "fdiotools/builder-ubuntu1804:prod-aarch64" + - "fdiotools/builder-centos8:prod-aarch64" + x86_64: + - "fdiotools/builder-ubuntu2004:prod-x86_64" + - "fdiotools/builder-ubuntu1804:prod-x86_64" + - "fdiotools/builder-debian10:prod-x86_64" + - "fdiotools/builder-debian9:prod-x86_64" + - "fdiotools/builder-centos8:prod-x86_64" + - "fdiotools/builder-centos7:prod-x86_64" + tags: + - clean-images
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/common/defaults/main.yaml b/fdio.infra.ansible/roles/common/defaults/main.yaml new file mode 100644 index 0000000000..43e40ebdf6 --- /dev/null +++ b/fdio.infra.ansible/roles/common/defaults/main.yaml @@ -0,0 +1,72 @@ +--- +# file: roles/common/defaults/main.yaml + +packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}" + +packages_base: + - "autoconf" + - "cgroup-tools" + - "dkms" + - "iperf3" + - "linux-tools-common" + - "ninja-build" + - "qemu-system" + - "socat" + - "unzip" + - "virtualenv" + +packages_by_distro: + ubuntu: + bionic: + - "build-essential" + - "libpcap-dev" + - "net-tools" + - "python-all" + - "python-apt" + - "python-cffi" + - "python-cffi-backend" + - "python-dev" + - "python-pip" + - "python-setuptools" + - "python3-all" + - "python3-apt" + - "python3-cffi" + - "python3-cffi-backend" + - "python3-dev" + - "python3-pip" + - "python3-pyelftools" + - "python3-setuptools" + focal: + - "build-essential" + - "libpcap-dev" + - "net-tools" + - "python3-all" + - "python3-apt" + - "python3-cffi" + - "python3-cffi-backend" + - "python3-dev" + - "python3-pip" + - "python3-pyelftools" + - "python3-setuptools" + +packages_by_arch: + aarch64: + - "gfortran" + - "libblas-dev" + - "libffi-dev" + - "liblapack-dev" + - "libssl-dev" + x86_64: + - [] + +# Proxy settings: Uncomment and fill the proper values. These variables will be +# set globally by writing into /etc/environment file on target machine. +#proxy_env: +# http_proxy: http://proxy.com:80 +# HTTP_PROXY: http://proxy.com:80 +# https_proxy: http://proxy.com:80 +# HTTPS_PROXY: http://proxy.com:80 +# ftp_proxy: http://proxy.com:80 +# FTP_PROXY: http://proxy.com:80 +# no_proxy: localhost,127.0.0.1,{{ ansible_default_ipv4.address }} +# NO_PROXY: localhost,127.0.0.1,{{ ansible_default_ipv4.address }}
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/common/handlers/main.yaml b/fdio.infra.ansible/roles/common/handlers/main.yaml new file mode 100644 index 0000000000..bb317e8067 --- /dev/null +++ b/fdio.infra.ansible/roles/common/handlers/main.yaml @@ -0,0 +1,8 @@ +--- +# file: roles/common/handlers/main.yaml + +- name: Reboot Server + reboot: + reboot_timeout: 3600 + tags: + - reboot-server diff --git a/fdio.infra.ansible/roles/common/tasks/main.yaml b/fdio.infra.ansible/roles/common/tasks/main.yaml new file mode 100644 index 0000000000..60b49842d2 --- /dev/null +++ b/fdio.infra.ansible/roles/common/tasks/main.yaml @@ -0,0 +1,55 @@ +--- +# file: roles/common/tasks/main.yaml + +- name: Conf - Add permanent proxy settings + lineinfile: + path: "/etc/environment" + state: "present" + line: "{{ item.key }}={{ item.value }}" + with_dict: "{{ proxy_env }}" + when: proxy_env is defined + tags: + - common-conf-proxy + +- name: Inst - Update package cache (apt) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - common-inst-prerequisites + +- name: Inst - Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + tags: + - common-inst-prerequisites + +- name: Inst - Meson (DPDK) + pip: + name: + - "meson==0.47.1" + tags: + - common-inst-meson + +- name: Conf - sudoers admin + lineinfile: + path: "/etc/sudoers" + state: "present" + regexp: "^%admin ALL=" + line: "%admin ALL=(ALL) ALL" + validate: "/usr/sbin/visudo -cf %s" + tags: + - common-conf-sudoers + +- name: Conf - sudoers nopasswd + lineinfile: + path: "/etc/sudoers" + state: "present" + regexp: "^%sudo" + line: "%sudo ALL=(ALL:ALL) NOPASSWD: ALL" + validate: "/usr/sbin/visudo -cf %s" + tags: + - common-conf-sudoers diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml new file mode 100644 index 0000000000..786554eb58 --- /dev/null +++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml @@ -0,0 +1,110 @@ +--- +# file: roles/consul/defaults/main.yaml + +# Inst - Prerequisites. +packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}" + +packages_base: + - "cgroup-bin" + - "curl" + - "git" + - "libcgroup1" + - "unzip" + - "htop" +packages_by_distro: + ubuntu: + - [] +packages_by_arch: + aarch64: + - [] + x86_64: + - [] + +# Inst - Download Consul. +consul_architecture_map: + amd64: "amd64" + x86_64: "amd64" + armv7l: "arm" + aarch64: "arm64" + 32-bit: "386" + 64-bit: "amd64" +consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}" +consul_version: "1.8.6" +consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip" +consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}" + +# Inst - System paths. +consul_bin_dir: "/usr/local/bin" +consul_config_dir: "/etc/consul.d" +consul_data_dir: "/var/consul" +consul_inst_dir: "/opt" +consul_lockfile: "/var/lock/subsys/consul" +consul_run_dir: "/var/run/consul" +consul_ssl_dir: "/etc/consul.d/ssl" +nomad_config_dir: "/etc/nomad.d" + +# Conf - Service. +consul_node_role: "both" +consul_restart_handler_state: "restarted" +nomad_restart_handler_state: "restarted" +systemd_resolved_state: "stopped" + +# Conf - User and group. +consul_group: "consul" +consul_group_state: "present" +consul_manage_group: true +consul_manage_user: true +consul_user: "consul" +consul_user_groups: [ docker, nomad, consul, root ] +consul_user_state: "present" + +# Conf - nomad.d/consul.hcl +consul_nomad_integration: true +consul_certificates: + - src: "{{ vault_consul_v1_ca_file }}" + dest: "{{ consul_ca_file }}" + - src: "{{ vault_consul_v1_cert_file }}" + dest: "{{ consul_cert_file }}" + - src: "{{ vault_consul_v1_key_file }}" + dest: "{{ consul_key_file }}" + +consul_auto_advertise: true +consul_checks_use_advertise: true +consul_server_service_name: "nomad" +consul_client_service_name: "nomad-client" +consul_server_auto_join: false +consul_client_auto_join: true +consul_ACL_token_set: false +consul_token: "consul_token_default" + +# Conf - base.hcl +consul_bind_addr: "{{ ansible_default_ipv4.address }}" +consul_client_addr: "0.0.0.0" +consul_datacenter: "dc1" +consul_disable_update_check: true +consul_enable_debug: false +consul_enable_syslog: true +consul_log_level: "INFO" +consul_node_name: "{{ inventory_hostname }}" +consul_retry_join: true +consul_bootstrap_expect: 2 +consul_encrypt: "" +consul_ca_file: "{{ consul_ssl_dir }}/ca.pem" +consul_cert_file: "{{ consul_ssl_dir }}/consul.pem" +consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem" +consul_ui: true +consul_recursors: + - 1.1.1.1 + - 8.8.8.8 + +# Conf - ports.hcl +consul_port_dns: 53 +consul_port_http: 8500 +consul_port_https: 8501 +consul_port_grpc: 8502 +consul_port_serf_lan: 8301 +consul_port_serf_wan: 8302 +consul_port_server: 8300 + +# Conf - services.json +consul_services: false
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/consul/handlers/main.yaml b/fdio.infra.ansible/roles/consul/handlers/main.yaml new file mode 100644 index 0000000000..338baea74e --- /dev/null +++ b/fdio.infra.ansible/roles/consul/handlers/main.yaml @@ -0,0 +1,23 @@ +--- +# file roles/consul/handlers/main.yaml + +- name: Restart Nomad + systemd: + daemon_reload: true + enabled: true + name: "nomad" + state: "{{ nomad_restart_handler_state }}" + +- name: Restart Consul + systemd: + daemon_reload: true + enabled: true + name: "consul" + state: "{{ consul_restart_handler_state }}" + +- name: Stop Systemd-resolved + systemd: + daemon_reload: true + enabled: false + name: "systemd-resolved" + state: "{{ systemd_resolved_state }}"
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/consul/meta/main.yaml b/fdio.infra.ansible/roles/consul/meta/main.yaml new file mode 100644 index 0000000000..4ada8efad6 --- /dev/null +++ b/fdio.infra.ansible/roles/consul/meta/main.yaml @@ -0,0 +1,9 @@ +--- +# file: roles/consul/meta/main.yaml + +# desc: Install consul from stable branch and configure service. +# inst: Consul +# conf: ? +# info: 1.0 - added role + +dependencies: [ ] diff --git a/fdio.infra.ansible/roles/consul/tasks/main.yaml b/fdio.infra.ansible/roles/consul/tasks/main.yaml new file mode 100644 index 0000000000..99ac52da44 --- /dev/null +++ b/fdio.infra.ansible/roles/consul/tasks/main.yaml @@ -0,0 +1,182 @@ +--- +# file: roles/consul/tasks/main.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - consul-inst-prerequisites + +- name: Inst - Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + tags: + - consul-inst-prerequisites + +- name: Conf - Add Consul Group + group: + name: "{{ consul_group }}" + state: "{{ consul_group_state }}" + when: + - consul_manage_group | bool + tags: + - consul-conf-user + +- name: Conf - Add Consul user + user: + name: "{{ consul_user }}" + group: "{{ consul_group }}" + groups: "{{ consul_user_groups }}" + state: "{{ consul_user_state }}" + system: true + when: + - consul_manage_user | bool + tags: + - consul-conf-user + +- name: Inst - Clean Consul + file: + path: "{{ consul_inst_dir }}/consul" + state: "absent" + tags: + - consul-inst-package + +- name: Inst - Download Consul + get_url: + url: "{{ consul_zip_url }}" + dest: "{{ consul_inst_dir }}/{{ consul_pkg }}" + tags: + - consul-inst-package + +- name: Inst - Unarchive Consul + unarchive: + src: "{{ consul_inst_dir }}/{{ consul_pkg }}" + dest: "{{ consul_inst_dir }}/" + creates: "{{ consul_inst_dir }}/consul" + remote_src: true + tags: + - consul-inst-package + +- name: Inst - Consul + copy: + src: "{{ consul_inst_dir }}/consul" + dest: "{{ consul_bin_dir }}" + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + force: true + mode: 0755 + remote_src: true + tags: + - consul-inst-package + +- name: Conf - Create Directories "{{ consul_data_dir }}" + file: + dest: "{{ consul_data_dir }}" + state: directory + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + tags: + - consul-conf + +- name: Conf - Create Directories "{{ consul_ssl_dir }}" + file: + dest: "{{ consul_ssl_dir }}" + state: directory + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + tags: + - consul-conf + +- name: Conf - Create Config Directory + file: + dest: "{{ consul_config_dir }}" + state: directory + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + mode: 0755 + tags: + - consul-conf + +- name: Conf - Nomad integration Consul Configuration + template: + src: consul.hcl.j2 + dest: "{{ nomad_config_dir }}/consul.hcl" + owner: "nomad" + group: "nomad" + mode: 0644 + when: + - consul_nomad_integration | bool + tags: + - consul-conf + +- name: Conf - Base Configuration + template: + src: base.hcl.j2 + dest: "{{ consul_config_dir }}/base.hcl" + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + mode: 0644 + tags: + - consul-conf + +- name: Conf - Ports Configuration + template: + src: ports.hcl.j2 + dest: "{{ consul_config_dir }}/ports.hcl" + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + mode: 0644 + tags: + - consul-conf + +- name: Conf - Telemetry Configuration + template: + src: telemetry.hcl.j2 + dest: "{{ consul_config_dir }}/telemetry.hcl" + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + mode: 0644 + tags: + - consul-conf + +- name: Conf - Services Configuration + template: + src: services.json.j2 + dest: "{{ consul_config_dir }}/services.json" + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + mode: 0644 + when: + - consul_services + tags: + - consul-conf + +- name: Conf - Copy Certificates And Keys + copy: + content: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ consul_user }}" + group: "{{ consul_group }}" + mode: 0600 + no_log: true + loop: "{{ consul_certificates | flatten(levels=1) }}" + tags: + - consul-conf + +- name: Conf - System.d Script + template: + src: "consul_systemd.service.j2" + dest: "/lib/systemd/system/consul.service" + owner: "root" + group: "root" + mode: 0644 +# notify: +# - "Restart Consul" +# - "Stop Systemd-resolved" +# - "Restart Nomad" + tags: + - consul-conf diff --git a/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 new file mode 100644 index 0000000000..536c48d847 --- /dev/null +++ b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 @@ -0,0 +1,43 @@ +node_name = "{{ consul_node_name }}" +datacenter = "{{ consul_datacenter }}" + +bind_addr = "{{ consul_bind_addr }}" +client_addr = "{{ consul_client_addr }}" +data_dir = "{{ consul_data_dir }}" + +enable_syslog = {{ consul_enable_syslog | bool | lower }} +enable_debug = {{ consul_enable_debug | bool | lower }} +disable_update_check = {{ consul_disable_update_check | bool | lower }} +log_level = "{{ consul_log_level }}" + +server = {{ consul_node_server | bool | lower }} +encrypt = "{{ consul_encrypt }}" +{% if consul_node_server | bool == True %} +bootstrap_expect = {{ consul_bootstrap_expect }} +verify_incoming = true +verify_outgoing = true +verify_server_hostname = true +ca_file = "{{ consul_ca_file }}" +cert_file = "{{ consul_cert_file }}" +key_file = "{{ consul_key_file }}" +auto_encrypt { + allow_tls = true +} +{% else %} +verify_incoming = false +verify_outgoing = false +verify_server_hostname = false +ca_file = "{{ consul_ca_file }}" +auto_encrypt { + tls = false +} +{% endif %} +{% if consul_retry_join | bool -%} +retry_join = [ {% for ip_port in consul_retry_servers -%} "{{ ip_port }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ] +{%- endif %} + +ui = {{ consul_ui | bool | lower }} + +{% if consul_recursors -%} +recursors = [ {% for server in consul_recursors -%} "{{ server }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ] +{%- endif %}
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/consul/templates/consul.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/consul.hcl.j2 new file mode 100644 index 0000000000..c78e5e1ce5 --- /dev/null +++ b/fdio.infra.ansible/roles/consul/templates/consul.hcl.j2 @@ -0,0 +1,12 @@ +consul { + auto_advertise = {{ consul_auto_advertise | bool | lower }} + checks_use_advertise = {{ consul_checks_use_advertise | bool | lower }} + client_auto_join = {{ consul_client_auto_join | bool | lower }} + client_service_name = "{{ consul_client_service_name }}" + server_service_name = "{{ consul_server_service_name }}" + server_auto_join = {{ consul_server_auto_join | bool | lower }} +{% if consul_ACL_token_set == True %} + token = "{{ consul_token }}" +{% endif %} + +}
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2 b/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2 new file mode 100644 index 0000000000..8e1ef1310d --- /dev/null +++ b/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2 @@ -0,0 +1,21 @@ +[Unit] +Description=Consul Service +Documentation=https://www.nomadproject.io/docs/ +Wants=network-online.target +After=network-online.target + +[Service] +# TODO: Decrease privilege +ExecReload=/bin/kill -SIGHUP $MAINPID +ExecStart={{ consul_bin_dir }}/consul agent -config-dir {{ consul_config_dir }} +KillSignal=SIGTERM +LimitNOFILE=infinity +LimitNPROC=infinity +Restart=on-failure +RestartSec=1 +User=root +Group=root +Environment="GOMAXPROCS=2" + +[Install] +WantedBy=multi-user.target diff --git a/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2 new file mode 100644 index 0000000000..a658060ce8 --- /dev/null +++ b/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2 @@ -0,0 +1,9 @@ +ports { + dns = {{ consul_port_dns }} + http = {{ consul_port_http }} + https = {{ consul_port_https }} + grpc = {{ consul_port_grpc }} + serf_lan = {{ consul_port_serf_lan }} + serf_wan = {{ consul_port_serf_wan }} + server = {{ consul_port_server }} +}
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/consul/templates/services.json.j2 b/fdio.infra.ansible/roles/consul/templates/services.json.j2 new file mode 100644 index 0000000000..3245ba92a4 --- /dev/null +++ b/fdio.infra.ansible/roles/consul/templates/services.json.j2 @@ -0,0 +1,13 @@ +{ + "services": [ +{% for item in consul_services %} + { + "name": "{{ item.name }}", + "port": {{ item.port }} + } +{%- if not loop.last %}, +{% endif %} +{% endfor %} + + ] +}
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/consul/templates/telemetry.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/telemetry.hcl.j2 new file mode 100644 index 0000000000..ec7fabc9da --- /dev/null +++ b/fdio.infra.ansible/roles/consul/templates/telemetry.hcl.j2 @@ -0,0 +1,3 @@ +telemetry { + prometheus_retention_time = "24h" +}
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/consul/vars/main.yaml b/fdio.infra.ansible/roles/consul/vars/main.yaml new file mode 100644 index 0000000000..b46333a7a7 --- /dev/null +++ b/fdio.infra.ansible/roles/consul/vars/main.yaml @@ -0,0 +1,5 @@ +--- +# file: roles/consul/vars/main.yaml + +consul_node_client: "{{ (consul_node_role == 'client') or (consul_node_role == 'both') }}" +consul_node_server: "{{ (consul_node_role == 'server') or (consul_node_role == 'both') }}" diff --git a/fdio.infra.ansible/roles/csit_sut_image/files/Dockerfile b/fdio.infra.ansible/roles/csit_sut_image/files/Dockerfile new file mode 100644 index 0000000000..73ff5c5e86 --- /dev/null +++ b/fdio.infra.ansible/roles/csit_sut_image/files/Dockerfile @@ -0,0 +1,166 @@ +# Copyright (c) 2021 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM ubuntu:20.04 +LABEL Description="CSIT vpp-device ubuntu 20.04 SUT image" +LABEL Version="master" + +# Setup the environment +ENV DEBIAN_FRONTEND=noninteractive + +# Configure locales +RUN apt-get update -qq \ + && apt-get install -y \ + apt-utils \ + locales \ + && sed -i 's/# \(en_US\.UTF-8 .*\)/\1/' /etc/locale.gen \ + && locale-gen en_US.UTF-8 \ + && dpkg-reconfigure --frontend=noninteractive locales \ + && update-locale LANG=en_US.UTF-8 \ + && TZ=Etc/UTC && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \ + && rm -r /var/lib/apt/lists/* +ENV LANG="en_US.UTF-8" LANGUAGE="en_US" LC_ALL="en_US.UTF-8" + +# Install packages and Docker +RUN apt-get -q update \ + && apt-get install -y -qq \ + apt-transport-https \ + bridge-utils \ + ca-certificates \ + cloud-init \ + cmake \ + curl \ + dkms \ + gdb \ + gfortran \ + libapr1 \ + libblas-dev \ + libffi-dev \ + liblapack-dev \ + libmbedcrypto3 \ + libmbedtls12 \ + libmbedx509-0 \ + libnuma1 \ + libnuma-dev \ + libpcap-dev \ + libpixman-1-dev \ + libssl-dev \ + locales \ + net-tools \ + openssh-server \ + pciutils \ + python3-all \ + python3-apt \ + python3-cffi \ + python3-cffi-backend \ + python3-dev \ + python3-pip \ + python3-setuptools \ + python3-virtualenv \ + qemu-system \ + rsyslog \ + socat \ + software-properties-common \ + strongswan \ + ssh \ + sshpass \ + sudo \ + supervisor \ + tar \ + tcpdump \ + unzip \ + vim \ + wget \ + zlib1g-dev \ + && curl -fsSL https://get.docker.com | sh \ + && rm -rf /var/lib/apt/lists/* + +# Fix permissions +RUN chown root:syslog /var/log \ + && chmod 755 /etc/default + +# Create directory structure +RUN mkdir -p /tmp/dumps \ + && mkdir -p /var/cache/vpp/python \ + && mkdir -p /var/run/sshd + +# CSIT PIP pre-cache +RUN pip3 install \ + ecdsa==0.13.3 \ + paramiko==2.6.0 \ + pycrypto==2.6.1 \ + pypcap==1.2.3 \ + PyYAML==5.1.1 \ + requests==2.22.0 \ + robotframework==3.1.2 \ + scapy==2.4.3 \ + scp==0.13.2 \ + ansible==2.10.7 \ + dill==0.2.8.2 \ + numpy==1.17.3 \ + hdrhistogram==0.6.1 \ + plotly==4.1.1 \ + PTable==0.9.2 \ + Sphinx==2.2.1 \ + sphinx-rtd-theme==0.4.0 \ + sphinxcontrib-programoutput==0.15 \ + sphinxcontrib-robotdoc==0.11.0 \ + ply==3.11 \ + alabaster==0.7.12 \ + Babel==2.7.0 \ + bcrypt==3.1.7 \ + certifi==2019.9.11 \ + cffi==1.13.2 \ + chardet==3.0.4 \ + cryptography==2.8 \ + docutils==0.15.2 \ + future==0.18.2 \ + idna==2.8 \ + imagesize==1.1.0 \ + Jinja2==2.10.3 \ + MarkupSafe==1.1.1 \ + packaging==19.2 \ + pbr==5.4.3 \ + pycparser==2.19 \ + Pygments==2.4.2 \ + PyNaCl==1.3.0 \ + pyparsing==2.4.4 \ + python-dateutil==2.8.1 \ + pytz==2019.3 \ + retrying==1.3.3 \ + six==1.13.0 \ + snowballstemmer==2.0.0 \ + sphinxcontrib-applehelp==1.0.1 \ + sphinxcontrib-devhelp==1.0.1 \ + sphinxcontrib-htmlhelp==1.0.2 \ + sphinxcontrib-jsmath==1.0.1 \ + sphinxcontrib-qthelp==1.0.2 \ + sphinxcontrib-serializinghtml==1.1.3 \ + urllib3==1.25.6 + +# ARM workaround +RUN pip3 install \ + pandas==0.25.3 \ + scipy==1.5.4 + +# SSH settings +RUN echo 'root:Csit1234' | chpasswd \ + && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \ + && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd \ + && echo "export VISIBLE=now" >> /etc/profile + +EXPOSE 2222 + +COPY supervisord.conf /etc/supervisor/supervisord.conf + +CMD ["sh", "-c", "rm -f /dev/shm/db /dev/shm/global_vm /dev/shm/vpe-api; /usr/bin/supervisord -c /etc/supervisor/supervisord.conf; /usr/sbin/sshd -D -p 2222"]
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/csit_sut_image/files/supervisord.conf b/fdio.infra.ansible/roles/csit_sut_image/files/supervisord.conf new file mode 100644 index 0000000000..22a36be5c6 --- /dev/null +++ b/fdio.infra.ansible/roles/csit_sut_image/files/supervisord.conf @@ -0,0 +1,24 @@ +[unix_http_server] +file = /tmp/supervisor.sock +chmod = 0777 + +[rpcinterface:supervisor] +supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface + +[supervisorctl] +serverurl = unix:///tmp/supervisor.sock + +[supervisord] +pidfile = /tmp/supervisord.pid +identifier = supervisor +directory = /tmp +logfile = /tmp/supervisord.log +loglevel = debug +nodaemon = false + +[program:vpp] +command = /usr/bin/vpp -c /etc/vpp/startup.conf +autostart = false +autorestart = true +redirect_stderr = true +priority = 1
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/csit_sut_image/tasks/main.yaml b/fdio.infra.ansible/roles/csit_sut_image/tasks/main.yaml new file mode 100644 index 0000000000..2affe4b18e --- /dev/null +++ b/fdio.infra.ansible/roles/csit_sut_image/tasks/main.yaml @@ -0,0 +1,30 @@ +--- +# file: roles/csit_sut_image/tasks/main.yaml + +- name: Create a directory if it does not exist + file: + path: "/opt/csit-sut/" + state: "directory" + mode: 0755 + tags: + - csit-sut-image + +- name: Copy Build Items + copy: + src: "{{ item }}" + dest: "/opt/csit-sut/" + owner: "root" + group: "root" + mode: 0755 + with_items: + - Dockerfile + - supervisord.conf + tags: + - csit-sut-image + +- name: Build CSIT SUT Docker Image + shell: "docker build -t csit_sut-ubuntu2004:local ." + args: + chdir: "/opt/csit-sut" + tags: + - csit-sut-image
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker/defaults/main.yaml b/fdio.infra.ansible/roles/docker/defaults/main.yaml new file mode 100644 index 0000000000..8343558238 --- /dev/null +++ b/fdio.infra.ansible/roles/docker/defaults/main.yaml @@ -0,0 +1,38 @@ +--- +# file: roles/docker/defaults/main.yaml + +# Version options. +docker_edition: "ce" +docker_package: "docker-{{ docker_edition }}" +docker_package_state: latest + +# Service options. +docker_service_state: started +docker_service_enabled: true +docker_restart_handler_state: restarted + +# Used only for Debian/Ubuntu. +docker_apt_release_channel: "stable" +docker_apt_repository: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}" +docker_apt_repository_state: present +docker_apt_ignore_key_error: true +docker_apt_gpg_key: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg" +docker_apt_gpg_key_state: present + +# Used only for RedHat/CentOS/Fedora. +docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo +docker_yum_repo_enable_edge: "0" +docker_yum_repo_enable_test: "0" +docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg + +# A list of users who will be added to the docker group. +docker_users: + - "testuser" + +# Proxy settings. +docker_daemon_environment_http: + - "HTTP_PROXY={{ proxy_env.http_proxy }}" + - "NO_PROXY={{ proxy_env.no_proxy }}" +docker_daemon_environment_https: + - "HTTPS_PROXY={{ proxy_env.https_proxy }}" + - "NO_PROXY={{ proxy_env.no_proxy }}"
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker/handlers/main.yaml b/fdio.infra.ansible/roles/docker/handlers/main.yaml new file mode 100644 index 0000000000..d89adb9a1a --- /dev/null +++ b/fdio.infra.ansible/roles/docker/handlers/main.yaml @@ -0,0 +1,9 @@ +--- +# file roles/docker/handlers/main.yaml + +- name: Restart Docker + service: + name: "docker" + state: "{{ docker_restart_handler_state }}" + tags: + - docker-restart-service
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker/meta/main.yaml b/fdio.infra.ansible/roles/docker/meta/main.yaml new file mode 100644 index 0000000000..ab3d197791 --- /dev/null +++ b/fdio.infra.ansible/roles/docker/meta/main.yaml @@ -0,0 +1,4 @@ +--- +# file: roles/docker/meta/main.yaml + +dependencies: []
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker/tasks/main.yaml b/fdio.infra.ansible/roles/docker/tasks/main.yaml new file mode 100644 index 0000000000..5a96b7a7c5 --- /dev/null +++ b/fdio.infra.ansible/roles/docker/tasks/main.yaml @@ -0,0 +1,82 @@ +--- +# file: roles/docker/tasks/main.yaml + +- include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml" + tags: + - docker-inst-dependencies + +- name: Inst - Docker + package: + name: + - "{{ docker_package }}" + - "{{ docker_package }}-cli" + state: "{{ docker_package_state }}" + tags: + - docker-inst-package + +- name: Conf - Docker Service + service: + name: docker + state: "{{ docker_service_state }}" + enabled: "{{ docker_service_enabled }}" + tags: + - docker-conf-service + +- name: Conf - Docker Service Directory + file: + path: "/etc/systemd/system/docker.service.d" + state: "directory" + tags: + - docker-conf-service + +- name: Conf - Docker Daemon + template: + src: "templates/daemon.json.j2" + dest: "/etc/docker/daemon.json" + owner: "root" + group: "root" + mode: "0644" + when: > + docker_daemon is defined + tags: + - docker-conf-daemon + +- name: Conf - Docker HTTP Proxy + template: + src: "templates/docker.service.proxy.http" + dest: "/etc/systemd/system/docker.service.d/http-proxy.conf" + owner: "root" + group: "root" + mode: "0644" + notify: + - "Restart Docker" + when: > + proxy_env is defined and + proxy_env.http_proxy is defined + tags: + - docker-conf-service + +- name: Conf - Docker HTTPS Proxy + template: + src: "templates/docker.service.proxy.https" + dest: "/etc/systemd/system/docker.service.d/https-proxy.conf" + owner: "root" + group: "root" + mode: "0644" + notify: + - "Restart Docker" + when: > + proxy_env is defined and + proxy_env.https_proxy is defined + tags: + - docker-conf-service + +- name: Conf - Users to Docker Group + user: + name: "{{ item }}" + groups: "docker" + append: True + loop: "{{ docker_users }}" + when: docker_users + tags: + - docker-conf-user diff --git a/fdio.infra.ansible/roles/docker/tasks/ubuntu_bionic.yaml b/fdio.infra.ansible/roles/docker/tasks/ubuntu_bionic.yaml new file mode 100644 index 0000000000..8bda4fed21 --- /dev/null +++ b/fdio.infra.ansible/roles/docker/tasks/ubuntu_bionic.yaml @@ -0,0 +1,30 @@ +--- +# file: roles/docker/tasks/ubuntu_bionic.yaml + +- name: Inst - Dependencies + apt: + name: + - "apt-transport-https" + - "ca-certificates" + - "gpg-agent" + - "software-properties-common" + state: "present" + cache_valid_time: 3600 + install_recommends: False + tags: + - docker-inst-dependencies + +- name: Conf - Add APT Key + apt_key: + url: "{{ docker_apt_gpg_key }}" + state: "{{ docker_apt_gpg_key_state }}" + tags: + - docker-conf-apt + +- name: Conf - Install APT Repository + apt_repository: + repo: "{{ docker_apt_repository }}" + state: "{{ docker_apt_repository_state }}" + update_cache: yes + tags: + - docker-conf-apt diff --git a/fdio.infra.ansible/roles/docker/tasks/ubuntu_focal.yaml b/fdio.infra.ansible/roles/docker/tasks/ubuntu_focal.yaml new file mode 100644 index 0000000000..84bd1c5824 --- /dev/null +++ b/fdio.infra.ansible/roles/docker/tasks/ubuntu_focal.yaml @@ -0,0 +1,30 @@ +--- +# file: roles/docker/tasks/ubuntu_focal.yaml + +- name: Inst - Dependencies + apt: + name: + - "apt-transport-https" + - "ca-certificates" + - "gpg-agent" + - "software-properties-common" + state: "present" + cache_valid_time: 3600 + install_recommends: False + tags: + - docker-inst-dependencies + +- name: Conf - Add APT Key + apt_key: + url: "{{ docker_apt_gpg_key }}" + state: "{{ docker_apt_gpg_key_state }}" + tags: + - docker-conf-apt + +- name: Conf - Install APT Repository + apt_repository: + repo: "{{ docker_apt_repository }}" + state: "{{ docker_apt_repository_state }}" + update_cache: yes + tags: + - docker-conf-apt diff --git a/fdio.infra.ansible/roles/docker/templates/daemon.json.j2 b/fdio.infra.ansible/roles/docker/templates/daemon.json.j2 new file mode 100644 index 0000000000..becc2b1af7 --- /dev/null +++ b/fdio.infra.ansible/roles/docker/templates/daemon.json.j2 @@ -0,0 +1 @@ +{{ docker_daemon | to_nice_json }}
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.http b/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.http new file mode 100644 index 0000000000..73ceba3870 --- /dev/null +++ b/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.http @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +[Service] +Environment="{{ docker_daemon_environment_http | join('" "') }}" diff --git a/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.https b/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.https new file mode 100644 index 0000000000..1c2097eb9d --- /dev/null +++ b/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.https @@ -0,0 +1,4 @@ +# {{ ansible_managed }} + +[Service] +Environment="{{ docker_daemon_environment_https | join('" "') }}" diff --git a/fdio.infra.ansible/roles/dpdk/defaults/main.yaml b/fdio.infra.ansible/roles/dpdk/defaults/main.yaml new file mode 100644 index 0000000000..2a8c691728 --- /dev/null +++ b/fdio.infra.ansible/roles/dpdk/defaults/main.yaml @@ -0,0 +1,31 @@ +--- +# file: roles/dpdk/defaults/main.yaml + +packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}" + +packages_base: + - [] + +packages_by_distro: + ubuntu: + bionic: + - "build-essential" + - "libnuma-dev" + focal: + - "build-essential" + - "libnuma-dev" + +packages_by_arch: + aarch64: + - [] + x86_64: + - [] + +dpdk_target_dir: "/opt" +dpdk_version: + - "20.02" +dpdk_url: "https://fast.dpdk.org/rel" +dpdk_build_targets: + "20.02": + aarch64: "arm64-armv8a-linux-gcc" + x86_64: "x86_64-native-linux-gcc" diff --git a/fdio.infra.ansible/roles/dpdk/files/dpdk-mlx5.patch b/fdio.infra.ansible/roles/dpdk/files/dpdk-mlx5.patch new file mode 100644 index 0000000000..a3928d70f7 --- /dev/null +++ b/fdio.infra.ansible/roles/dpdk/files/dpdk-mlx5.patch @@ -0,0 +1,19 @@ +diff --git a/drivers/net/mlx5/mlx5_ethdev.c b/drivers/net/mlx5/mlx5_ethdev.c +index d7d3bc73c..c21c38485 100644 +--- a/drivers/net/mlx5/mlx5_ethdev.c ++++ b/drivers/net/mlx5/mlx5_ethdev.c +@@ -1032,11 +1032,14 @@ mlx5_link_update_unlocked_gs(struct rte_eth_dev *dev, + ETH_LINK_HALF_DUPLEX : ETH_LINK_FULL_DUPLEX); + dev_link.link_autoneg = !(dev->data->dev_conf.link_speeds & + ETH_LINK_SPEED_FIXED); ++#if 0 ++ /* FIXME: this does not work on Azure w/ CX4-LX */ + if (((dev_link.link_speed && !dev_link.link_status) || + (!dev_link.link_speed && dev_link.link_status))) { + rte_errno = EAGAIN; + return -rte_errno; + } ++#endif + *link = dev_link; + return 0; + } diff --git a/fdio.infra.ansible/roles/dpdk/tasks/main.yaml b/fdio.infra.ansible/roles/dpdk/tasks/main.yaml new file mode 100644 index 0000000000..46f942be93 --- /dev/null +++ b/fdio.infra.ansible/roles/dpdk/tasks/main.yaml @@ -0,0 +1,68 @@ +--- +# file: roles/dpdk/tasks/main.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - dpdk-inst-prerequisites + +- name: Inst - Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + tags: + - dpdk-inst-prerequisites + +- name: Download Release Archive + get_url: + url: "{{ dpdk_url }}/dpdk-{{ item }}.tar.xz" + dest: "{{ dpdk_target_dir }}/dpdk-{{ item }}.tar.xz" + mode: 0644 + loop: "{{ dpdk_version }}" + register: "dpdk_downloaded" + tags: + - dpdk-inst + +- name: Extract Release Archive + unarchive: + remote_src: true + src: "{{ dpdk_target_dir }}/dpdk-{{ item }}.tar.xz" + dest: "{{ dpdk_target_dir }}/" + creates: "{{ dpdk_target_dir }}/dpdk-{{ item }}" + loop: "{{ dpdk_version }}" + when: "dpdk_downloaded" + register: "dpdk_extracted" + tags: + - dpdk-inst + +- name: Build igb_uio by default + lineinfile: + dest: "{{ dpdk_target_dir }}/dpdk-{{ item }}/config/common_base" + regexp: "^CONFIG_RTE_EAL_IGB_UIO" + line: "CONFIG_RTE_EAL_IGB_UIO=y" + loop: "{{ dpdk_version }}" + when: "dpdk_extracted" + register: "dpdk_configured" + tags: + - dpdk-inst + +- name: Compile Release I + become: yes + command: "make install T={{ dpdk_build_targets[item][ansible_machine] }} DESTDIR={{ dpdk_target_dir }}/dpdk-{{ item }} chdir={{ dpdk_target_dir }}/dpdk-{{ item }}" + loop: "{{ dpdk_version }}" + when: "dpdk_configured" + register: "dpdk_compiled" + tags: + - dpdk-inst + +- name: Link igb_uio Module + shell: "ln -fs {{ dpdk_target_dir }}/dpdk-{{ item }}/{{ dpdk_build_targets[item][ansible_machine] }}/kmod/igb_uio.ko /lib/modules/`uname -r`/igb_uio.ko && depmod -a" + ignore_errors: "yes" + loop: "{{ dpdk_version }}" + when: "dpdk_compiled" + tags: + - dpdk-inst
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/iperf/defaults/main.yaml b/fdio.infra.ansible/roles/iperf/defaults/main.yaml new file mode 100644 index 0000000000..07af60b63a --- /dev/null +++ b/fdio.infra.ansible/roles/iperf/defaults/main.yaml @@ -0,0 +1,26 @@ +--- +# file: roles/iperf/defaults/main.yaml + +packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}" + +packages_base: + - [] + +packages_by_distro: + ubuntu: + bionic: + - "build-essential" + - "lib32z1" + focal: + - "build-essential" + - "lib32z1" + +packages_by_arch: + aarch64: + - [] + x86_64: + - [] + +iperf_target_dir: "/opt" +iperf_version: + - "3.7" diff --git a/fdio.infra.ansible/roles/iperf/tasks/main.yaml b/fdio.infra.ansible/roles/iperf/tasks/main.yaml new file mode 100644 index 0000000000..f8948cae57 --- /dev/null +++ b/fdio.infra.ansible/roles/iperf/tasks/main.yaml @@ -0,0 +1,62 @@ +--- +# file: roles/iperf/tasks/main.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - iperf-inst-prerequisites + +- name: Inst - Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + tags: + - iperf-inst-prerequisites + +- name: Get Release Archive + get_url: + url: "https://downloads.es.net/pub/iperf/iperf-{{ item }}.tar.gz" + dest: "{{ iperf_target_dir }}/iperf-{{ item }}.tar.gz" + validate_certs: false + mode: 0644 + loop: "{{ iperf_version }}" + tags: + - iperf-inst + +- name: Extract Release Archive + unarchive: + remote_src: true + src: "{{ iperf_target_dir }}/iperf-{{ item }}.tar.gz" + dest: "{{ iperf_target_dir }}/" + creates: "{{ iperf_target_dir }}/iperf-{{ item }}/src" + loop: "{{ iperf_version }}" + tags: + - iperf-inst + +- name: Compile Release I + command: "./configure" + args: + chdir: "{{ iperf_target_dir }}/iperf-{{ item }}/" + loop: "{{ iperf_version }}" + tags: + - iperf-inst + +- name: Compile Release II + command: "make" + args: + chdir: "{{ iperf_target_dir }}/iperf-{{ item }}/" + loop: "{{ iperf_version }}" + tags: + - iperf-inst + +- name: Compile Release III + command: "make install" + args: + chdir: "{{ iperf_target_dir }}/iperf-{{ item }}/" + loop: "{{ iperf_version }}" + tags: + - iperf-inst
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/jenkins_job_health_exporter/defaults/main.yaml b/fdio.infra.ansible/roles/jenkins_job_health_exporter/defaults/main.yaml new file mode 100644 index 0000000000..9813d41afb --- /dev/null +++ b/fdio.infra.ansible/roles/jenkins_job_health_exporter/defaults/main.yaml @@ -0,0 +1,35 @@ +--- +# file: roles/jenkins_job_health_exporter/defaults/main.yaml + +# Conf - Jenkins Job Health Exporter. +jenkins_host: "jenkins.fd.io" +poll_interval_sec: 1800 +req_timeout_sec: 30 +bind_to: "0.0.0.0:9186" +last_builds: 10 +jobs: + - "vpp-csit-verify-api-crc-master" + - "vpp-beta-verify-master-ubuntu2004-aarch64" + - "vpp-verify-master-centos8-aarch64" + - "vpp-verify-master-ubuntu1804-aarch64" + - "vpp-gcc-verify-master-ubuntu2004-x86_64" + - "vpp-verify-master-centos8-x86_64" + - "vpp-verify-master-debian10-x86_64" + - "vpp-verify-master-ubuntu2004-x86_64" + - "vpp-verify-master-ubuntu1804-x86_64" + - "vpp-debug-verify-master-ubuntu2004-x86_64" + - "vpp-checkstyle-verify-master-ubuntu2004-x86_64" + - "vpp-sphinx-docs-verify-master-ubuntu1804-x86_64" + - "vpp-docs-verify-master-ubuntu1804-x86_64" + - "vpp-make-test-docs-verify-master-ubuntu1804-x86_64" + - "vpp-csit-verify-device-master-1n-skx" + - "vpp-csit-verify-device-master-1n-tx2" + +# Conf - Service. +jenkins_job_health_exporter_restart_handler_state: "restarted" + +# Inst - System paths. +jenkins_job_health_exporter_target_dir: "/usr/bin" +jenkins_job_health_exporter_conf_dir: "/etc" +jenkins_job_health_exporter_url: "https://github.com/ayourtch/jenkins-job-health-exporter/releases/download" +jenkins_job_health_exporter_version: "v0.0.3"
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/jenkins_job_health_exporter/handlers/main.yaml b/fdio.infra.ansible/roles/jenkins_job_health_exporter/handlers/main.yaml new file mode 100644 index 0000000000..29fee98fed --- /dev/null +++ b/fdio.infra.ansible/roles/jenkins_job_health_exporter/handlers/main.yaml @@ -0,0 +1,9 @@ +--- +# file roles/jenkins_job_health_exporter/handlers/main.yaml + +- name: Restart Jenkins Job Health Exporter + systemd: + daemon_reload: true + enabled: true + name: "jenkins-job-health-exporter" + state: "{{ jenkins_job_health_exporter_restart_handler_state }}" diff --git a/fdio.infra.ansible/roles/jenkins_job_health_exporter/tasks/main.yaml b/fdio.infra.ansible/roles/jenkins_job_health_exporter/tasks/main.yaml new file mode 100644 index 0000000000..5dbe476019 --- /dev/null +++ b/fdio.infra.ansible/roles/jenkins_job_health_exporter/tasks/main.yaml @@ -0,0 +1,38 @@ +--- +# file: roles/jenkins_job_health_exporter/tasks/main.yaml + +- name: Conf - Jenkins Job Health Exporter Config + template: + src: "templates/jenkins-job-health-exporter.j2" + dest: "/etc/jenkins-job-health-exporter.json" + owner: "root" + group: "root" + mode: "0644" + when: + - ansible_hostname == "s42-nomad" + tags: + - conf-jenkins-job-json + +- name: Inst - Jenkins Job Health Exporter Binary + get_url: + url: "{{ jenkins_job_health_exporter_url }}/{{ jenkins_job_health_exporter_version }}/jenkins-job-health-exporter" + dest: "{{ jenkins_job_health_exporter_target_dir }}/jenkins-job-health-exporter" + mode: "0755" + when: + - ansible_hostname == "s42-nomad" + tags: + - inst-jenkins-job-binary + +- name: Inst - Jenkins Job Health Exporter Service + template: + src: "templates/jenkins-job-health-exporter.service.j2" + dest: "/lib/systemd/system/jenkins-job-health-exporter.service" + owner: "root" + group: "root" + mode: "0644" + when: + - ansible_hostname == "s42-nomad" + notify: + - "Restart Jenkins Job Health Exporter" + tags: + - inst-jenkins-job-service diff --git a/fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.j2 b/fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.j2 new file mode 100644 index 0000000000..5942b782e0 --- /dev/null +++ b/fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.j2 @@ -0,0 +1,16 @@ +{ + "jenkins_host": "{{ jenkins_host }}", + "poll_interval_sec": {{ poll_interval_sec }}, + "req_timeout_sec": {{ req_timeout_sec }}, + "bind_to": "{{ bind_to }}", + "last_builds": {{ last_builds }}, + "jobs": [ +{% for item in jobs %} + "{{ item }}" +{%- if not loop.last %}, +{% endif %} +{% endfor %} + + ], + "verbose": 3 +}
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.service.j2 b/fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.service.j2 new file mode 100644 index 0000000000..38073d0a8c --- /dev/null +++ b/fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.service.j2 @@ -0,0 +1,13 @@ +[Unit] +Description=Jenkins Job Health Exporter +Documentation=https://github.com/ayourtch/jenkins-job-health-exporter + +[Service] +Restart=always +ExecStart={{ jenkins_job_health_exporter_target_dir }}/jenkins-job-health-exporter {{ jenkins_job_health_exporter_conf_dir }}/jenkins-job-health-exporter.json +ExecReload=/bin/kill -HUP $MAINPID +TimeoutStopSec=20s +SendSIGKILL=no + +[Install] +WantedBy=multi-user.target
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/kernel/defaults/main.yaml b/fdio.infra.ansible/roles/kernel/defaults/main.yaml new file mode 100644 index 0000000000..b9b4253622 --- /dev/null +++ b/fdio.infra.ansible/roles/kernel/defaults/main.yaml @@ -0,0 +1,43 @@ +--- +# file: roles/kernel/defaults/main.yaml + +# Kernel version to install (Default to any version). +kernel_version: "{{ kernel_version_by_distro[ansible_distribution|lower][ansible_distribution_release] | join(' ') }}" + +kernel_version_by_distro: + ubuntu: + bionic: + - "4.15.0-72" + focal: + - "5.4.0-65" + +kernel_packages: "{{ kernel_packages_by_distro[ansible_distribution|lower][ansible_distribution_release] | flatten(levels=1) }}" + +kernel_packages_by_distro: + ubuntu: + bionic: + - "linux-image" + - "linux-headers" + - "linux-modules" + - "linux-modules-extra" + - "linux-tools" + focal: + - "linux-image" + - "linux-headers" + - "linux-modules" + - "linux-modules-extra" + - "linux-tools" + +# Packages to remove in relation to kernel upgrade. +absent_packages: "{{ absent_packages_by_distro[ansible_distribution|lower][ansible_distribution_release] | flatten(levels=1) }}" + +absent_packages_by_distro: + ubuntu: + bionic: + - "amd64-microcode" + - "intel-microcode" + - "iucode-tool" + focal: + - "amd64-microcode" + - "intel-microcode" + - "iucode-tool"
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/kernel/filter_plugins/main.py b/fdio.infra.ansible/roles/kernel/filter_plugins/main.py new file mode 100644 index 0000000000..7d909b90e8 --- /dev/null +++ b/fdio.infra.ansible/roles/kernel/filter_plugins/main.py @@ -0,0 +1,143 @@ + +"""Extra Ansible filters""" + +def deb_kernel(packages, kernel_version, current_version): + """ + Return best matching kernel version. + Args: + packages (dict): apt-cache showpkg output. + kernel_version (str): Kernel version to install. + current_version (str): Current kernel version. + Returns: + str: kernel version. + """ + kernels = set() + + # List all available kernel version and associated repository + for line in packages['stdout'].splitlines(): + line = line.strip() + if line.startswith('Package: ') and ( + line.endswith('-common') or # Debian + line.endswith('-generic')): # Ubuntu + kernel = line.split()[1] + + for string in ('linux-headers-', 'common', 'generic'): + kernel = kernel.replace(string, '') + kernel = kernel.strip('-') + + if kernel: + kernels.add(kernel) + + # Sort Kernel versions + versions = {} + for kernel in kernels: + try: + version, build = kernel.split('-', 1) + except ValueError: + version = kernel + build = '' + versions[kernel] = list( + int(ver) for ver in version.split('.')) + [build] + kernels = sorted(versions.keys(), key=versions.get, reverse=True) + + # Return more recent kernel package that match version requirement + for kernel in kernels: + if kernel.startswith(kernel_version): + return kernel + + raise RuntimeError( + 'No kernel matching to "%s". Available kernel versions: %s' % ( + kernel_version, ', '.join(reversed(kernels)))) + + +def _deb_kernel_package(kernel, dist, arch, name): + """ + Return kernel package name. + Args: + kernel (str): Kernel version. + dist (str): Distribution. + arch (str): Architecture. + name (str): Package name. + Returns: + str: kernel package. + """ + # Define package suffix + if dist == 'Ubuntu': + suffix = 'generic' + elif name == 'linux-image': + suffix = arch.replace('x86_64', 'amd64') + else: + suffix = 'common' + + return '-'.join((name, kernel, suffix)) + + +def deb_kernel_pkg(packages, kernel_version, current_version, dist, arch, name): + """ + Return kernel package to install. + Args: + packages (dict): apt-cache showpkg output. + kernel_version (str): Kernel version to install. + current_version (str): Current kernel version. + dist (str): Distribution. + arch (str): Architecture. + name (str): Package name. + Returns: + str: kernel package to install. + """ + return _deb_kernel_package( + deb_kernel(packages, kernel_version, current_version), dist, arch, name) + + +def deb_installed_kernel(installed, packages, kernel_version, current_version): + """ + Return old kernel packages to remove. + Args: + installed (dict): dpkg -l output. + packages (dict): apt-cache showpkg output. + kernel_version (str): Kernel version to install. + current_version (str): Current kernel version. + Returns: + list of str: Kernel packages to remove. + """ + # Filter installed package to keep + to_keep = deb_kernel(packages, kernel_version, current_version) + + # Return installed package to remove + to_remove = [] + for line in installed['stdout'].splitlines(): + if ' linux-' not in line: + continue + + package = line.split()[1] + if ((package.startswith('linux-image-') or + package.startswith('linux-headers-')) and not ( + package.startswith('linux-image-' + to_keep) or + package.startswith('linux-headers-' + to_keep))): + to_remove.append(package) + + return to_remove + + +def kernel_match(kernel, kernel_spec): + """ + Check if kernel version match. + Args: + kernel (str): Kernel + kernel_spec (str): Kernel to match. + Returns: + bool: True if Kernel match. + """ + return kernel.startswith(kernel_spec) + + +class FilterModule(object): + """Return filter plugin""" + + @staticmethod + def filters(): + """Return filter""" + return {'deb_kernel': deb_kernel, + 'deb_kernel_pkg': deb_kernel_pkg, + 'deb_installed_kernel': deb_installed_kernel, + 'kernel_match': kernel_match} diff --git a/fdio.infra.ansible/roles/kernel/handlers/main.yaml b/fdio.infra.ansible/roles/kernel/handlers/main.yaml new file mode 100644 index 0000000000..963fd71756 --- /dev/null +++ b/fdio.infra.ansible/roles/kernel/handlers/main.yaml @@ -0,0 +1,8 @@ +--- +# file roles/kernel/handlers/main.yaml + +- name: Reboot Server + reboot: + reboot_timeout: 3600 + tags: + - reboot-server
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/kernel/tasks/main.yaml b/fdio.infra.ansible/roles/kernel/tasks/main.yaml new file mode 100644 index 0000000000..431e344fb8 --- /dev/null +++ b/fdio.infra.ansible/roles/kernel/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +# file: roles/kernel/tasks/main.yaml + +- name: Inst - Prerequisites + include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml" + tags: + - kernel-inst-prerequisites + +- meta: flush_handlers diff --git a/fdio.infra.ansible/roles/kernel/tasks/ubuntu_bionic.yaml b/fdio.infra.ansible/roles/kernel/tasks/ubuntu_bionic.yaml new file mode 100644 index 0000000000..349c853c11 --- /dev/null +++ b/fdio.infra.ansible/roles/kernel/tasks/ubuntu_bionic.yaml @@ -0,0 +1,51 @@ +--- +# file: roles/kernel/tasks/ubuntu_bionic.yaml + +- name: Get Available Kernel Versions + command: "apt-cache showpkg linux-headers-*" + changed_when: false + register: apt_kernel_list + tags: + - kernel-inst + +- name: Get installed packages with APT + command: "dpkg -l" + changed_when: false + register: apt_packages_list + tags: + - kernel-inst + +- name: Set target APT kernel version + set_fact: + _kernel: "{{ apt_kernel_list | deb_kernel( + kernel_version, ansible_kernel) }}" + tags: + - kernel-inst + +- name: Ensure Packages Versions + apt: + name: "{{ apt_kernel_list | deb_kernel_pkg( + kernel_version, ansible_kernel, ansible_distribution, + ansible_architecture, item) }}" + loop: "{{ kernel_packages }}" + tags: + - kernel-inst + +- name: Ensure Any Other Kernel Packages Are Removed + apt: + name: "{{ apt_packages_list | deb_installed_kernel( + apt_kernel_list, kernel_version, ansible_kernel) }}" + state: absent + purge: true + notify: + - "Reboot Server" + tags: + - kernel-inst + +- name: Ensure Any Microcode Is Absent + apt: + name: "{{ absent_packages }}" + state: absent + purge: true + tags: + - kernel-inst
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/kernel/tasks/ubuntu_focal.yaml b/fdio.infra.ansible/roles/kernel/tasks/ubuntu_focal.yaml new file mode 100644 index 0000000000..9cbc4d4787 --- /dev/null +++ b/fdio.infra.ansible/roles/kernel/tasks/ubuntu_focal.yaml @@ -0,0 +1,51 @@ +--- +# file: roles/kernel/tasks/ubuntu_focal.yaml + +- name: Get Available Kernel Versions + command: "apt-cache showpkg linux-headers-*" + changed_when: false + register: apt_kernel_list + tags: + - kernel-inst + +- name: Get installed packages with APT + command: "dpkg -l" + changed_when: false + register: apt_packages_list + tags: + - kernel-inst + +- name: Set target APT kernel version + set_fact: + _kernel: "{{ apt_kernel_list | deb_kernel( + kernel_version, ansible_kernel) }}" + tags: + - kernel-inst + +- name: Ensure Packages Versions + apt: + name: "{{ apt_kernel_list | deb_kernel_pkg( + kernel_version, ansible_kernel, ansible_distribution, + ansible_architecture, item) }}" + loop: "{{ kernel_packages }}" + tags: + - kernel-inst + +- name: Ensure Any Other Kernel Packages Are Removed + apt: + name: "{{ apt_packages_list | deb_installed_kernel( + apt_kernel_list, kernel_version, ansible_kernel) }}" + state: absent + purge: true + notify: + - "Reboot Server" + tags: + - kernel-inst + +- name: Ensure Any Microcode Is Absent + apt: + name: "{{ absent_packages }}" + state: absent + purge: true + tags: + - kernel-inst
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/kernel_vm/files/initramfs_modules b/fdio.infra.ansible/roles/kernel_vm/files/initramfs_modules new file mode 100644 index 0000000000..00ae8e03e7 --- /dev/null +++ b/fdio.infra.ansible/roles/kernel_vm/files/initramfs_modules @@ -0,0 +1,4 @@ +9p +9pnet +9pnet_virtio +vfio-pci
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/kernel_vm/files/initramfs_resume b/fdio.infra.ansible/roles/kernel_vm/files/initramfs_resume new file mode 100644 index 0000000000..820819823b --- /dev/null +++ b/fdio.infra.ansible/roles/kernel_vm/files/initramfs_resume @@ -0,0 +1 @@ +RESUME=none
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/kernel_vm/tasks/main.yaml b/fdio.infra.ansible/roles/kernel_vm/tasks/main.yaml new file mode 100644 index 0000000000..4d1b306e64 --- /dev/null +++ b/fdio.infra.ansible/roles/kernel_vm/tasks/main.yaml @@ -0,0 +1,92 @@ +--- +# file: roles/kernel_vm/tasks/main.yaml + +- name: Inst - Backup remote initramfs modules + copy: + src: "/etc/initramfs-tools/modules" + dest: "/tmp/initramfs_modules.bkp" + remote_src: yes + ignore_errors: yes + register: __initramfs_modules_backuped + tags: + - kernel-inst-image + +- name: Inst - Backup remote initramfs resume config + copy: + src: "/etc/initramfs-tools/conf.d/resume" + dest: "/tmp/initramfs-resume.bkp" + remote_src: yes + ignore_errors: yes + register: __initramfs_resume_backuped + tags: + - kernel-inst-image + +- name: Inst - Update remote initramfs modules + copy: + src: "../files/initramfs_modules" + dest: "/etc/initramfs-tools/modules" + tags: + - kernel-inst-image + +- name: Inst - Update remote initramfs resume config + copy: + src: "../files/initramfs_resume" + dest: "/etc/initramfs-tools/conf.d/resume" + tags: + - kernel-inst-image + +- name: Inst - Create target kernel dir + file: + path: "/opt/boot" + state: "directory" + tags: + - kernel-inst-image + +- name: Inst - Build initrd image + shell: "update-initramfs -k {{ ansible_kernel }} -c -b /opt/boot" + tags: + - kernel-inst-image + +- name: Inst - Copy corresponding kernel img + copy: + src: "/boot/vmlinuz-{{ ansible_kernel }}" + dest: "/opt/boot/vmlinuz-{{ ansible_kernel }}" + remote_src: yes + tags: + - kernel-inst-image + +- name: Inst - Restore remote initramfs modules + copy: + src: "/tmp/initramfs_modules.bkp" + dest: "/etc/initramfs-tools/modules" + remote_src: yes + ignore_errors: yes + when: __initramfs_modules_backuped + tags: + - kernel-inst-image + +- name: Inst - Remove remote backup initramfs modules + file: + path: "/tmp/initramfs_modules.bkp" + state: "absent" + when: __initramfs_modules_backuped + tags: + - kernel-inst-image + +- name: Inst - Restore remote initramfs resume config + copy: + src: "/tmp/initramfs-resume.bkp" + dest: "/etc/initramfs-tools/conf.d/resume" + remote_src: yes + ignore_errors: yes + when: __initramfs_resume_backuped + tags: + - kernel-inst-image + +- name: Inst - Remove remote backup initramfs resume config + file: + path: "/tmp/initramfs-resume.bkp" + state: "absent" + when: __initramfs_resume_backuped + tags: + - kernel-inst-image diff --git a/fdio.infra.ansible/roles/kubernetes/defaults/main.yaml b/fdio.infra.ansible/roles/kubernetes/defaults/main.yaml new file mode 100644 index 0000000000..1a2f773950 --- /dev/null +++ b/fdio.infra.ansible/roles/kubernetes/defaults/main.yaml @@ -0,0 +1,15 @@ +--- +# file: roles/kubernetes/defaults/main.yaml + +# Version options. +kubernetes_version: "1.11.0-00" +kubernetes_apt_package_state: present + +# Service options. +kubernetes_service_state: started +kubernetes_service_enabled: true +kubernetes_restart_handler_state: restarted + +# APT options. +kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial main" +kubernetes_apt_repository_state: present diff --git a/fdio.infra.ansible/roles/kubernetes/tasks/main.yaml b/fdio.infra.ansible/roles/kubernetes/tasks/main.yaml new file mode 100644 index 0000000000..160ffb8c06 --- /dev/null +++ b/fdio.infra.ansible/roles/kubernetes/tasks/main.yaml @@ -0,0 +1,14 @@ +--- +# file: roles/kubernetes/tasks/main.yaml + +- name: Kubernetes - Install distribution - release - machine prerequisites + include_tasks: '{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml' + tags: install-kubernetes + +- name: Kubernetes - Apply kubelet parameter + lineinfile: + path: '/etc/default/kubelet' + state: 'present' + regexp: '^KUBELET_EXTRA_ARGS=*' + line: 'KUBELET_EXTRA_ARGS=--feature-gates HugePages=false' + tags: install-kubernetes diff --git a/fdio.infra.ansible/roles/kubernetes/tasks/ubuntu_bionic.yaml b/fdio.infra.ansible/roles/kubernetes/tasks/ubuntu_bionic.yaml new file mode 100644 index 0000000000..454e80e002 --- /dev/null +++ b/fdio.infra.ansible/roles/kubernetes/tasks/ubuntu_bionic.yaml @@ -0,0 +1,37 @@ +--- +# file: roles/kubernetes/tasks/ubuntu_bionic.yaml + +- name: Kubernetes repository - Dependencies + apt: + name: + - 'apt-transport-https' + - 'ca-certificates' + - 'software-properties-common' + state: 'present' + cache_valid_time: 3600 + install_recommends: False + tags: install-kubernetes + +- name: Kubernetes repository - Add an Apt signing key + apt_key: + url: 'https://packages.cloud.google.com/apt/doc/apt-key.gpg' + state: 'present' + tags: install-kubernetes + +- name: Kubernetes repository - Install APT repository + apt_repository: + repo: '{{ kubernetes_apt_repository }}' + state: '{{ kubernetes_apt_repository_state }}' + update_cache: yes + tags: install-kubernetes + +- name: Kubernetes - Install + apt: + name: + - 'kubernetes-cni=0.6.0-00' + - 'kubeadm={{ kubernetes_version }}' + - 'kubectl={{ kubernetes_version }}' + - 'kubelet={{ kubernetes_version }}' + state: '{{ kubernetes_apt_package_state }}' + force: True + tags: install-kubernetes diff --git a/fdio.infra.ansible/roles/mellanox/defaults/main.yaml b/fdio.infra.ansible/roles/mellanox/defaults/main.yaml new file mode 100644 index 0000000000..0961ec7df6 --- /dev/null +++ b/fdio.infra.ansible/roles/mellanox/defaults/main.yaml @@ -0,0 +1,21 @@ +--- +# file: roles/mellanox/defaults/main.yaml + +packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}" + +packages_base: + - [] + +packages_by_distro: + ubuntu: + - "build-essential" + - "libnl-3-dev" + - "libnl-route-3-dev" + +packages_by_arch: + aarch64: + - [] + x86_64: + - [] + +mellanox_version: "5.2-1.0.4.0"
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/mellanox/tasks/main.yaml b/fdio.infra.ansible/roles/mellanox/tasks/main.yaml new file mode 100644 index 0000000000..670282923a --- /dev/null +++ b/fdio.infra.ansible/roles/mellanox/tasks/main.yaml @@ -0,0 +1,67 @@ +--- +# file: roles/mellanox/tasks/main.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - mellanox-inst-prerequisites + +- name: Inst - Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + tags: + - mellanox-inst-prerequisites + +- name: Inst - Check Presence of Mellanox Hardware + shell: "lspci | grep Mellanox | awk '{print $1}'" + register: mellanox_pcis + failed_when: no + changed_when: no + tags: + - mellanox-inst + +- name: Inst - Get OFED + get_url: + url: "http://content.mellanox.com/ofed/MLNX_OFED-{{ mellanox_version }}/MLNX_OFED_LINUX-{{ mellanox_version }}-{{ ansible_distribution|lower }}{{ ansible_distribution_version }}-{{ ansible_machine }}.tgz" + dest: "/opt/MLNX_OFED_LINUX-{{ mellanox_version }}-{{ ansible_distribution|lower }}{{ ansible_distribution_version }}-{{ ansible_machine }}.tgz" + mode: 0644 + when: mellanox_pcis.stdout_lines | length > 0 + tags: + - mellanox-inst + +- name: Inst - Extract OFED + unarchive: + remote_src: true + src: "/opt/MLNX_OFED_LINUX-{{ mellanox_version }}-{{ ansible_distribution|lower }}{{ ansible_distribution_version }}-{{ ansible_machine }}.tgz" + dest: "/opt/" + creates: "/opt/MLNX_OFED_LINUX-{{ mellanox_version }}-{{ ansible_distribution|lower }}{{ ansible_distribution_version }}-{{ ansible_machine }}" + register: mellanox_firmware_extracted + when: mellanox_pcis.stdout_lines | length > 0 + tags: + - mellanox-inst + +- name: Inst - OFED + command: "./mlnxofedinstall --with-mft --dpdk --force --upstream-libs" + args: + chdir: "/opt/MLNX_OFED_LINUX-{{ mellanox_version }}-{{ ansible_distribution|lower }}{{ ansible_distribution_version }}-{{ ansible_machine }}" + when: mellanox_pcis.stdout_lines | length > 0 and mellanox_firmware_extracted + tags: + - mellanox-inst + +- name: Switch Infiniband to Ethernet + command: "mlxconfig --yes --dev {{ item }} set LINK_TYPE_P1=2 LINK_TYPE_P2=2" + with_items: "{{ mellanox_pcis.stdout_lines }}" + tags: + - mellanox-conf + +- name: FIX qemu-system removal + package: + name: "qemu-system" + state: latest + tags: + - mellanox-inst diff --git a/fdio.infra.ansible/roles/nomad/defaults/main.yaml b/fdio.infra.ansible/roles/nomad/defaults/main.yaml new file mode 100644 index 0000000000..864890c11e --- /dev/null +++ b/fdio.infra.ansible/roles/nomad/defaults/main.yaml @@ -0,0 +1,105 @@ +--- +# file: roles/nomad/defaults/main.yaml + +# Inst - Prerequisites. +packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}" + +packages_base: + - "cgroup-bin" + - "curl" + - "git" + - "libcgroup1" + - "unzip" + - "htop" +packages_by_distro: + ubuntu: + - [] +packages_by_arch: + aarch64: + - [] + x86_64: + - [] + +# Inst - Download Nomad. +nomad_architecture_map: + amd64: "amd64" + x86_64: "amd64" + armv7l: "arm" + aarch64: "arm64" + 32-bit: "386" + 64-bit: "amd64" +nomad_architecture: "{{ nomad_architecture_map[ansible_architecture] }}" +nomad_version: "0.12.0" +nomad_pkg: "nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip" +nomad_zip_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/{{ nomad_pkg }}" + +# Inst - System paths. +nomad_bin_dir: "/usr/local/bin" +nomad_config_dir: "/etc/nomad.d" +nomad_data_dir: "/var/nomad" +nomad_inst_dir: "/opt" +nomad_lockfile: "/var/lock/subsys/nomad" +nomad_run_dir: "/var/run/nomad" +nomad_ssl_dir: "/etc/nomad.d/ssl" + +# Conf - Service. +nomad_node_role: "both" +nomad_restart_handler_state: "restarted" + +# Conf - User and group. +nomad_group: "nomad" +nomad_group_state: "present" +nomad_manage_group: true +nomad_manage_user: true +nomad_user: "nomad" +nomad_user_groups: [ docker, nomad, root ] +nomad_user_state: "present" + +# Conf - base.hcl +nomad_bind_addr: "0.0.0.0" +nomad_datacenter: "dc1" +nomad_disable_update_check: true +nomad_enable_debug: false +nomad_log_level: "INFO" +nomad_name: "{{ inventory_hostname }}" +nomad_region: "global" +nomad_syslog_enable: true + +# Conf - tls.hcl +nomad_ca_file: "{{ nomad_ssl_dir }}/ca.pem" +nomad_cert_file: "{{ nomad_ssl_dir }}/nomad.pem" +nomad_http: false +nomad_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem" +nomad_rpc: false + +# Conf - client.hcl +nomad_certificates: + - src: "{{ vault_nomad_ca_file }}" + dest: "{{ nomad_ca_file }}" + - src: "{{ vault_nomad_cert_file }}" + dest: "{{ nomad_cert_file }}" + - src: "{{ vault_nomad_key_file }}" + dest: "{{ nomad_key_file }}" +nomad_node_class: "" +nomad_no_host_uuid: true +nomad_options: {} +nomad_servers: [] +nomad_volumes: [] + +# Conf - server.hcl +nomad_bootstrap_expect: 2 +nomad_encrypt: "" +nomad_retry_join: true + +# Conf - telemetry.hcl +nomad_disable_hostname: false +nomad_collection_interval: 60s +nomad_use_node_name: false +nomad_publish_allocation_metrics: true +nomad_publish_node_metrics: true +nomad_backwards_compatible_metrics: false +nomad_telemetry_provider_parameters: + prometheus_metrics: true + +# Conf - custom.hcl +# empty diff --git a/fdio.infra.ansible/roles/nomad/handlers/main.yaml b/fdio.infra.ansible/roles/nomad/handlers/main.yaml new file mode 100644 index 0000000000..f0bcee9142 --- /dev/null +++ b/fdio.infra.ansible/roles/nomad/handlers/main.yaml @@ -0,0 +1,10 @@ +--- +# file roles/nomad/handlers/main.yaml + +- name: Restart Nomad + systemd: + daemon_reload: true + enabled: true + name: "nomad" + state: "{{ nomad_restart_handler_state }}" + diff --git a/fdio.infra.ansible/roles/nomad/meta/main.yaml b/fdio.infra.ansible/roles/nomad/meta/main.yaml new file mode 100644 index 0000000000..9fc40d9ae1 --- /dev/null +++ b/fdio.infra.ansible/roles/nomad/meta/main.yaml @@ -0,0 +1,9 @@ +--- +# file: roles/nomad/meta/main.yaml + +# desc: Install nomad from stable branch and configure service. +# inst: Nomad +# conf: ? +# info: 1.0 - added role + +dependencies: [ docker ] diff --git a/fdio.infra.ansible/roles/nomad/tasks/main.yaml b/fdio.infra.ansible/roles/nomad/tasks/main.yaml new file mode 100644 index 0000000000..54e80513b8 --- /dev/null +++ b/fdio.infra.ansible/roles/nomad/tasks/main.yaml @@ -0,0 +1,192 @@ +--- +# file: roles/nomad/tasks/main.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - nomad-inst-prerequisites + +- name: Inst - Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + tags: + - nomad-inst-prerequisites + +- name: Conf - Add Nomad Group + group: + name: "{{ nomad_group }}" + state: "{{ nomad_group_state }}" + when: + - nomad_manage_group | bool + tags: + - nomad-conf-user + +- name: Conf - Add Nomad user + user: + name: "{{ nomad_user }}" + group: "{{ nomad_group }}" + groups: "{{ nomad_user_groups }}" + state: "{{ nomad_user_state }}" + system: true + when: + - nomad_manage_user | bool + tags: + - nomad-conf-user + +- name: Inst - Clean Nomad + file: + path: "{{ nomad_inst_dir }}/nomad" + state: "absent" + tags: + - nomad-inst-package + +- name: Inst - Download Nomad + get_url: + url: "{{ nomad_zip_url }}" + dest: "{{ nomad_inst_dir }}/{{ nomad_pkg }}" + tags: + - nomad-inst-package + +- name: Inst - Unarchive Nomad + unarchive: + src: "{{ nomad_inst_dir }}/{{ nomad_pkg }}" + dest: "{{ nomad_inst_dir }}/" + creates: "{{ nomad_inst_dir }}/nomad" + remote_src: true + tags: + - nomad-inst-package + +- name: Inst - Nomad + copy: + src: "{{ nomad_inst_dir }}/nomad" + dest: "{{ nomad_bin_dir }}" + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + force: true + mode: 0755 + remote_src: true + tags: + - nomad-inst-package + +- name: Conf - Create Directories "{{ nomad_data_dir }}" + file: + dest: "{{ nomad_data_dir }}" + state: directory + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + tags: + - nomad-conf + +- name: Conf - Create Directories "{{ nomad_ssl_dir }}" + file: + dest: "{{ nomad_ssl_dir }}" + state: directory + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + tags: + - nomad-conf + +- name: Conf - Create Config Directory + file: + dest: "{{ nomad_config_dir }}" + state: directory + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + mode: 0755 + tags: + - nomad-conf + +- name: Conf - Base Configuration + template: + src: base.hcl.j2 + dest: "{{ nomad_config_dir }}/base.hcl" + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + mode: 0644 + tags: + - nomad-conf + +- name: Conf - Server Configuration + template: + src: server.hcl.j2 + dest: "{{ nomad_config_dir }}/server.hcl" + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + mode: 0644 + when: + - nomad_node_server | bool + tags: + - nomad-conf + +- name: Conf - Client Configuration + template: + src: client.hcl.j2 + dest: "{{ nomad_config_dir }}/client.hcl" + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + mode: 0644 + when: + - nomad_node_client | bool + tags: + - nomad-conf + +- name: Conf - TLS Configuration + template: + src: tls.hcl.j2 + dest: "{{ nomad_config_dir }}/tls.hcl" + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + mode: 0644 + tags: + - nomad-conf + +- name: Conf - Telemetry Configuration + template: + src: telemetry.hcl.j2 + dest: "{{ nomad_config_dir }}/telemetry.hcl" + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + mode: 0644 + tags: + - nomad-conf + +- name: Conf - Custom Configuration + template: + src: custom.json.j2 + dest: "{{ nomad_config_dir }}/custom.json" + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + mode: 0644 + when: + - nomad_config_custom is defined + tags: + - nomad-conf + +- name: Conf - Copy Certificates And Keys + copy: + content: "{{ item.src }}" + dest: "{{ item.dest }}" + owner: "{{ nomad_user }}" + group: "{{ nomad_group }}" + mode: 0600 + no_log: true + loop: "{{ nomad_certificates | flatten(levels=1) }}" + tags: + - nomad-conf + +- name: Conf - System.d Script + template: + src: "nomad_systemd.service.j2" + dest: "/lib/systemd/system/nomad.service" + owner: "root" + group: "root" + mode: 0644 +# notify: +# - "Restart Nomad" + tags: + - nomad-conf diff --git a/fdio.infra.ansible/roles/nomad/templates/base.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/base.hcl.j2 new file mode 100644 index 0000000000..7badecf9e0 --- /dev/null +++ b/fdio.infra.ansible/roles/nomad/templates/base.hcl.j2 @@ -0,0 +1,11 @@ +name = "{{ nomad_name }}" +region = "{{ nomad_region }}" +datacenter = "{{ nomad_datacenter }}" + +bind_addr = "{{ nomad_bind_addr }}" +data_dir = "{{ nomad_data_dir }}" + +enable_syslog = {{ nomad_syslog_enable | bool | lower }} +enable_debug = {{ nomad_enable_debug | bool | lower }} +disable_update_check = {{ nomad_disable_update_check | bool | lower }} +log_level = "{{ nomad_log_level }}" diff --git a/fdio.infra.ansible/roles/nomad/templates/client.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/client.hcl.j2 new file mode 100644 index 0000000000..f245697a22 --- /dev/null +++ b/fdio.infra.ansible/roles/nomad/templates/client.hcl.j2 @@ -0,0 +1,31 @@ +client { + enabled = {{ nomad_node_client | bool | lower }} + no_host_uuid = {{ nomad_no_host_uuid | bool | lower }} + node_class = "{{ nomad_node_class }}" + + {% if nomad_cpu_total_compute is defined -%} + cpu_total_compute = {{ nomad_cpu_total_compute }} + {% endif -%} + + {% if nomad_servers -%} + servers = [ {% for ip_port in nomad_servers -%} "{{ ip_port }}" {% if not loop.last %},{% endif %}{%- endfor -%} ] + {% endif %} + + {% if nomad_options -%} + options = { + {% for key, value in nomad_options.items() %} + "{{ key }}" = "{{ value }}" + {% endfor -%} + } + {% endif %} + + {% if nomad_volumes -%} + {% for volume in nomad_volumes -%} + host_volume "{{ volume.name }}" { + path = "{{ volume.path }}" + read_only = {{ volume.read_only | bool | lower }} + } + {% endfor -%} + {% endif %} + +} diff --git a/fdio.infra.ansible/roles/nomad/templates/custom.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/custom.hcl.j2 new file mode 100644 index 0000000000..37ff6f3496 --- /dev/null +++ b/fdio.infra.ansible/roles/nomad/templates/custom.hcl.j2 @@ -0,0 +1,5 @@ +{% if nomad_config_custom -%} +{{ nomad_config_custom | to_nice_json }} +{% else %} +{} +{% endif %} diff --git a/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 b/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 new file mode 100644 index 0000000000..2a87c65063 --- /dev/null +++ b/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 @@ -0,0 +1,21 @@ +[Unit] +Description=Nomad Service +Documentation=https://www.nomadproject.io/docs/ +Wants=network-online.target +After=network-online.target + +[Service] +# TODO: Decrease privilege +ExecReload=/bin/kill -SIGHUP $MAINPID +ExecStart={{ nomad_bin_dir }}/nomad agent -config={{ nomad_config_dir }} +KillSignal=SIGTERM +LimitNOFILE=infinity +LimitNPROC=infinity +Restart=on-failure +RestartSec=1 +User=root +Group=root +Environment="GOMAXPROCS=2" + +[Install] +WantedBy=multi-user.target diff --git a/fdio.infra.ansible/roles/nomad/templates/server.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/server.hcl.j2 new file mode 100644 index 0000000000..b581de9ad0 --- /dev/null +++ b/fdio.infra.ansible/roles/nomad/templates/server.hcl.j2 @@ -0,0 +1,16 @@ +server { + enabled = {{ nomad_node_server | bool | lower }} + + {% if nomad_node_server | bool -%} + bootstrap_expect = {{ nomad_bootstrap_expect }} + {%- endif %} + + encrypt = "{{ nomad_encrypt }}" + + {% if nomad_retry_join | bool -%} + server_join { + retry_join = [ {% for ip_port in nomad_retry_servers -%} "{{ ip_port }}" {% if not loop.last %},{% endif %}{%- endfor -%} ] + } + {%- endif %} + +} diff --git a/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 new file mode 100644 index 0000000000..256c6999e9 --- /dev/null +++ b/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 @@ -0,0 +1,20 @@ +telemetry { + # Telemetry provider parameters + {% for key, value in nomad_telemetry_provider_parameters.items() -%} + {% if value|bool -%} + {{ key }} = {{ value | bool | lower }} + {% elif value|string or value == "" -%} + {{ key }} = "{{ value }}" + {% else %} + {{ key }} = {{ value }} + {% endif -%} + {% endfor -%} + + # Common parameters + disable_hostname = {{ nomad_disable_hostname | bool | lower }} + collection_interval = "{{ nomad_collection_interval }}" + use_node_name = {{ nomad_use_node_name | bool | lower }} + publish_allocation_metrics = {{ nomad_publish_allocation_metrics | bool | lower }} + publish_node_metrics = {{ nomad_publish_node_metrics | bool | lower }} + backwards_compatible_metrics = {{ nomad_backwards_compatible_metrics | bool | lower }} +} diff --git a/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 new file mode 100644 index 0000000000..650765f1b1 --- /dev/null +++ b/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 @@ -0,0 +1,12 @@ +{% if ( nomad_ca_file ) and + ( nomad_cert_file ) and + ( nomad_key_file ) +%} +tls { + http = {{ nomad_http | bool | lower }} + rpc = {{ nomad_rpc | bool | lower }} + ca_file = "{{ nomad_ca_file }}" + cert_file = "{{ nomad_cert_file }}" + key_file = "{{ nomad_key_file }}" +} +{% endif %} diff --git a/fdio.infra.ansible/roles/nomad/vars/main.yaml b/fdio.infra.ansible/roles/nomad/vars/main.yaml new file mode 100644 index 0000000000..a72222c992 --- /dev/null +++ b/fdio.infra.ansible/roles/nomad/vars/main.yaml @@ -0,0 +1,5 @@ +--- +# file: roles/nomad/vars/main.yaml + +nomad_node_client: "{{ (nomad_node_role == 'client') or (nomad_node_role == 'both') }}" +nomad_node_server: "{{ (nomad_node_role == 'server') or (nomad_node_role == 'both') }}" diff --git a/fdio.infra.ansible/roles/performance_tuning/defaults/main.yaml b/fdio.infra.ansible/roles/performance_tuning/defaults/main.yaml new file mode 100644 index 0000000000..2dad931e92 --- /dev/null +++ b/fdio.infra.ansible/roles/performance_tuning/defaults/main.yaml @@ -0,0 +1,20 @@ +--- +# file: roles/performance_tuning/defaults/main.yaml + +packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}" + +packages_base: + - "cpufrequtils" + +packages_by_distro: + ubuntu: + bionic: + - [] + focal: + - [] + +packages_by_arch: + aarch64: + - [] + x86_64: + - []
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/performance_tuning/files/cpufrequtils b/fdio.infra.ansible/roles/performance_tuning/files/cpufrequtils new file mode 100644 index 0000000000..03070fefe1 --- /dev/null +++ b/fdio.infra.ansible/roles/performance_tuning/files/cpufrequtils @@ -0,0 +1 @@ +GOVERNOR="performance" diff --git a/fdio.infra.ansible/roles/performance_tuning/files/disable-turbo-boost.service b/fdio.infra.ansible/roles/performance_tuning/files/disable-turbo-boost.service new file mode 100644 index 0000000000..e04729de50 --- /dev/null +++ b/fdio.infra.ansible/roles/performance_tuning/files/disable-turbo-boost.service @@ -0,0 +1,10 @@ +[Unit] +Description=Disable Turbo Boost on Intel CPU + +[Service] +ExecStart=/bin/sh -c 'for core in `cat /proc/cpuinfo | grep processor | awk \'{print $3}\'`; do sudo wrmsr -p$core 0x1a0 0x4000850089; done' +ExecStop=/bin/sh -c 'for core in `cat /proc/cpuinfo | grep processor | awk \'{print $3}\'`; do sudo wrmsr -p$core 0x1a0 0x850089; done' +RemainAfterExit=yes + +[Install] +WantedBy=sysinit.target diff --git a/fdio.infra.ansible/roles/performance_tuning/files/irqbalance b/fdio.infra.ansible/roles/performance_tuning/files/irqbalance new file mode 100644 index 0000000000..861be02fb3 --- /dev/null +++ b/fdio.infra.ansible/roles/performance_tuning/files/irqbalance @@ -0,0 +1,25 @@ +# irqbalance is a daemon process that distributes interrupts across +# CPUS on SMP systems. The default is to rebalance once every 10 +# seconds. This is the environment file that is specified to systemd via the +# EnvironmentFile key in the service unit file (or via whatever method the init +# system you're using has. +# +# ONESHOT=yes +# after starting, wait for a minute, then look at the interrupt +# load and balance it once; after balancing exit and do not change +# it again. +#IRQBALANCE_ONESHOT= + +# +# IRQBALANCE_BANNED_CPUS +# 64 bit bitmask which allows you to indicate which cpu's should +# be skipped when reblancing irqs. Cpu numbers which have their +# corresponding bits set to one in this mask will not have any +# irq's assigned to them on rebalance +# +IRQBALANCE_BANNED_CPUS="{{ ansible_processor_cores | irqbalance_banned_cpu_mask(ansible_processor_count, ansible_processor_threads_per_core) }}" +# +# IRQBALANCE_ARGS +# append any args here to the irqbalance daemon as documented in the man page +# +#IRQBALANCE_ARGS= diff --git a/fdio.infra.ansible/roles/performance_tuning/filter_plugins/main.py b/fdio.infra.ansible/roles/performance_tuning/filter_plugins/main.py new file mode 100644 index 0000000000..d76f6fe166 --- /dev/null +++ b/fdio.infra.ansible/roles/performance_tuning/filter_plugins/main.py @@ -0,0 +1,29 @@ +"""Extra Ansible filters""" + +def irqbalance_banned_cpu_mask( + processor_cores, processor_count, processor_threads_per_core): + """ + Return irqbalance CPU mask. + Args: + processor_cores (int): Physical processor unit. + processor_counts (int): Processors per physical unit. + processor_threads_per_core (int): Threads per physical unit. + Returns: + str: irqbalance_banned_cpus. + """ + mask = int("1" * 128, 2) + + for i in range(processor_count * processor_threads_per_core): + mask &= ~(1 << i * processor_cores) + + import re + return ",".join(re.findall('.{1,8}', str(hex(mask))[2:])) + + +class FilterModule(object): + """Return filter plugin""" + + @staticmethod + def filters(): + """Return filter""" + return {'irqbalance_banned_cpu_mask': irqbalance_banned_cpu_mask} diff --git a/fdio.infra.ansible/roles/performance_tuning/handlers/main.yaml b/fdio.infra.ansible/roles/performance_tuning/handlers/main.yaml new file mode 100644 index 0000000000..fa2876b7ac --- /dev/null +++ b/fdio.infra.ansible/roles/performance_tuning/handlers/main.yaml @@ -0,0 +1,13 @@ +--- +# file roles/performance_tuning/handlers/main.yaml + +- name: Update GRUB + command: update-grub + tags: + - update-grub + +- name: Reboot server + reboot: + reboot_timeout: 3600 + tags: + - reboot-server diff --git a/fdio.infra.ansible/roles/performance_tuning/tasks/main.yaml b/fdio.infra.ansible/roles/performance_tuning/tasks/main.yaml new file mode 100644 index 0000000000..e9cdd0d819 --- /dev/null +++ b/fdio.infra.ansible/roles/performance_tuning/tasks/main.yaml @@ -0,0 +1,189 @@ +--- +# file: roles/performance_tuning/tasks/main.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - perf-inst-prerequisites + +- name: Inst - Machine Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + tags: + - perf-inst-prerequisites + +- name: Conf - Turbo Boost + import_tasks: turbo_boost.yaml + when: > + cpu_microarchitecture == "skylake" or + cpu_microarchitecture == "cascadelake" + tags: + - perf-conf-turbo-boost + +- name: Conf - Adjust nr_hugepages + # change the minimum size of the hugepage pool. + # 2G VPP, 4GB per VNF/CNF, 2G reserve + sysctl: + name: "vm.nr_hugepages" + value: "{{ sysctl.vm.nr_hugepages }}" + state: "present" + sysctl_file: "/etc/sysctl.d/90-csit.conf" + reload: "yes" + tags: + - perf-conf-sysctl + +- name: Conf - Adjust max_map_count + # this file contains the maximum number of memory map areas a process + # may have. memory map areas are used as a side-effect of calling + # malloc, directly by mmap and mprotect, and also when loading shared + # libraries. + # + # while most applications need less than a thousand maps, certain + # programs, particularly malloc debuggers, may consume lots of them, + # e.g., up to one or two maps per allocation. + # must be greater than or equal to (2 * vm.nr_hugepages). + sysctl: + name: "vm.max_map_count" + value: "{{ sysctl.vm.nr_hugepages * 4 }}" + state: "present" + sysctl_file: "/etc/sysctl.d/90-csit.conf" + reload: "yes" + tags: + - perf-conf-sysctl + +- name: Conf - Adjust hugetlb_shm_group + # hugetlb_shm_group contains group id that is allowed to create sysv + # shared memory segment using hugetlb page. + sysctl: + name: "vm.hugetlb_shm_group" + value: "1000" + state: "present" + sysctl_file: "/etc/sysctl.d/90-csit.conf" + reload: "yes" + tags: + - perf-conf-sysctl + +- name: Conf - Adjust swappiness + # this control is used to define how aggressive the kernel will swap + # memory pages. higher values will increase agressiveness, lower values + # decrease the amount of swap. a value of 0 instructs the kernel not to + # initiate swap until the amount of free and file-backed pages is less + # than the high water mark in a zone. + sysctl: + name: "vm.swappiness" + value: "0" + state: "present" + sysctl_file: "/etc/sysctl.d/90-csit.conf" + reload: "yes" + tags: + - perf-conf-sysctl + +- name: Conf - Adjust shmmax + # shared memory max must be greator or equal to the total size of hugepages. + # for 2mb pages, totalhugepagesize = vm.nr_hugepages * 2 * 1024 * 1024 + # if the existing kernel.shmmax setting (cat /sys/proc/kernel/shmmax) + # is greater than the calculated totalhugepagesize then set this parameter + # to current shmmax value. + sysctl: + name: "kernel.shmmax" + value: "{{ sysctl.vm.nr_hugepages * 2 * 1024 * 1024 }}" + state: "present" + sysctl_file: "/etc/sysctl.d/90-csit.conf" + reload: "yes" + tags: + - perf-conf-sysctl + +- name: Conf - Adjust watchdog_cpumask + # this value can be used to control on which cpus the watchdog may run. + # the default cpumask is all possible cores, but if no_hz_full is + # enabled in the kernel config, and cores are specified with the + # nohz_full= boot argument, those cores are excluded by default. + # offline cores can be included in this mask, and if the core is later + # brought online, the watchdog will be started based on the mask value. + # + # typically this value would only be touched in the nohz_full case + # to re-enable cores that by default were not running the watchdog, + # if a kernel lockup was suspected on those cores. + sysctl: + name: "kernel.watchdog_cpumask" + value: "{{ sysctl.kernel.watchdog_cpumask }}" + state: "present" + sysctl_file: "/etc/sysctl.d/90-csit.conf" + reload: "yes" + tags: + - perf-conf-sysctl + +- name: Conf - Adjust randomize_va_space + # this option can be used to select the type of process address + # space randomization that is used in the system, for architectures + # that support this feature. + # 0 - turn the process address space randomization off. this is the + # default for architectures that do not support this feature anyways, + # and kernels that are booted with the "norandmaps" parameter. + sysctl: + name: "kernel.randomize_va_space" + value: "0" + state: "present" + sysctl_file: "/etc/sysctl.d/90-csit.conf" + reload: "yes" + tags: + - perf-conf-sysctl + +- name: Conf - Cpufrequtils + copy: + src: "files/cpufrequtils" + dest: "/etc/default/cpufrequtils" + owner: "root" + group: "root" + mode: 0644 + tags: + - perf-conf-cpufrequtils + +- name: Conf - Irqbalance + template: + src: "files/irqbalance" + dest: "/etc/default/irqbalance" + owner: "root" + group: "root" + mode: 0644 + tags: + - perf-conf-irqbalance + +- name: Conf - Set Ondemand Service To Disable + service: + name: "ondemand" + enabled: "no" + tags: + - perf-conf-ondemand + +- name: Conf - Kernel Parameters + lineinfile: + path: "/etc/default/grub" + state: "present" + regexp: "^GRUB_CMDLINE_LINUX=" + line: "GRUB_CMDLINE_LINUX=\"{% for key, value in grub.items() %}{% if value is sameas true %}{{key}} {% else %}{{key}}={{value}} {% endif %}{% endfor %}\"" + notify: + - "Update GRUB" + tags: + - perf-conf-grub + +- meta: flush_handlers + +- name: Conf - Load Kernel Modules By Default + lineinfile: + path: "/etc/modules" + state: "present" + line: "{{ item }}" + with_items: + - "vfio-pci" + notify: + - "Reboot Server" + tags: + - perf-conf-load-kernel-modules + +- meta: flush_handlers
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/performance_tuning/tasks/turbo_boost.yaml b/fdio.infra.ansible/roles/performance_tuning/tasks/turbo_boost.yaml new file mode 100644 index 0000000000..7f69365a2d --- /dev/null +++ b/fdio.infra.ansible/roles/performance_tuning/tasks/turbo_boost.yaml @@ -0,0 +1,44 @@ +--- +# file: roles/performance_tuning/tasks/turbo_boost.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - turbo-inst-prerequisites + +- name: Inst - msr-tools + package: + name: + - "msr-tools" + state: latest + tags: + - turbo-inst-prerequisites + +- name: Conf - Load msr By Default + lineinfile: + path: "/etc/modules" + state: "present" + line: "msr" + tags: + - turbo-conf-msr + +- name: Conf - Custom Startup Service Hook + copy: + src: "files/disable-turbo-boost.service" + dest: "/etc/systemd/system/disable-turbo-boost.service" + owner: "root" + group: "root" + mode: 0644 + tags: + - turbo-conf-msr + +- name: Conf - Custom Startup Service Hook Enable + service: + name: "disable-turbo-boost" + enabled: yes + tags: + - turbo-conf-msr diff --git a/fdio.infra.ansible/roles/prometheus_exporter/defaults/main.yaml b/fdio.infra.ansible/roles/prometheus_exporter/defaults/main.yaml new file mode 100644 index 0000000000..eb2b94cb26 --- /dev/null +++ b/fdio.infra.ansible/roles/prometheus_exporter/defaults/main.yaml @@ -0,0 +1,17 @@ +--- +# file: roles/prometheus_exporter/defaults/main.yaml + +# Inst - Exporters. +ne_packages: "{{ ne_packages_by_distro[ansible_distribution | lower][ansible_machine] }}" + +ne_packages_by_distro: + ubuntu: + aarch64: "http://ports.ubuntu.com/pool/universe/p/prometheus-node-exporter/prometheus-node-exporter_1.0.1+ds-1_arm64.deb" + x86_64: "http://archive.ubuntu.com/ubuntu/pool/universe/p/prometheus-node-exporter/prometheus-node-exporter_1.0.1+ds-1_amd64.deb" + +be_packages: "{{ be_packages_by_distro[ansible_distribution | lower][ansible_machine] }}" + +be_packages_by_distro: + ubuntu: + aarch64: "http://ports.ubuntu.com/pool/universe/p/prometheus-blackbox-exporter/prometheus-blackbox-exporter_0.17.0+ds-1_arm64.deb" + x86_64: "http://archive.ubuntu.com/ubuntu/pool/universe/p/prometheus-blackbox-exporter/prometheus-blackbox-exporter_0.17.0+ds-1_amd64.deb" diff --git a/fdio.infra.ansible/roles/prometheus_exporter/files/blackbox.yml b/fdio.infra.ansible/roles/prometheus_exporter/files/blackbox.yml new file mode 100644 index 0000000000..f61c26e1a8 --- /dev/null +++ b/fdio.infra.ansible/roles/prometheus_exporter/files/blackbox.yml @@ -0,0 +1,25 @@ +modules: + http_2xx: + prober: http + timeout: 5s + http: + valid_http_versions: ["HTTP/1.1", "HTTP/2.0"] + no_follow_redirects: false + fail_if_ssl: false + fail_if_not_ssl: true + tls_config: + insecure_skip_verify: false + preferred_ip_protocol: "ip4" + icmp_v4: + prober: icmp + timeout: 5s + icmp: + preferred_ip_protocol: "ip4" + dns_udp: + prober: dns + timeout: 5s + dns: + query_name: "jenkins.fd.io" + query_type: "A" + valid_rcodes: + - NOERROR
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/prometheus_exporter/handlers/main.yaml b/fdio.infra.ansible/roles/prometheus_exporter/handlers/main.yaml new file mode 100644 index 0000000000..9c374eaa61 --- /dev/null +++ b/fdio.infra.ansible/roles/prometheus_exporter/handlers/main.yaml @@ -0,0 +1,16 @@ +--- +# file roles/prometheus_exporter/handlers/main.yaml + +- name: Restart Prometheus Node Exporter + systemd: + daemon_reload: true + enabled: true + name: "prometheus-node-exporter" + state: "restarted" + +- name: Restart Prometheus Blackbox Exporter + systemd: + daemon_reload: true + enabled: true + name: "prometheus-blackbox-exporter" + state: "restarted"
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/prometheus_exporter/tasks/main.yaml b/fdio.infra.ansible/roles/prometheus_exporter/tasks/main.yaml new file mode 100644 index 0000000000..b38215c4a2 --- /dev/null +++ b/fdio.infra.ansible/roles/prometheus_exporter/tasks/main.yaml @@ -0,0 +1,15 @@ +--- +# file: roles/prometheus_exporter/tasks/main.yaml + +- include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml" + tags: + - prometheus-inst + +- name: Conf - Prometheus Blackbox Exporter + copy: + src: 'files/blackbox.yml' + dest: '/etc/prometheus/blackbox.yml' + notify: + - "Restart Prometheus Blackbox Exporter" + tags: + - prometheus-conf-blackbox-exporter
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/prometheus_exporter/tasks/ubuntu_bionic.yaml b/fdio.infra.ansible/roles/prometheus_exporter/tasks/ubuntu_bionic.yaml new file mode 100644 index 0000000000..566753e272 --- /dev/null +++ b/fdio.infra.ansible/roles/prometheus_exporter/tasks/ubuntu_bionic.yaml @@ -0,0 +1,33 @@ +--- +# file: roles/prometheus_exporter/tasks/ubuntu_bionic.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + tags: + - prometheus-inst-prerequisites + +- name: Inst - Prerequisites + package: + name: "init-system-helpers" + default_release: "bionic-backports" + state: latest + tags: + - prometheus-inst-prerequisites + +- name: Inst - Prometheus Node Exporter + apt: + deb: "{{ ne_packages }}" + notify: + - "Restart Prometheus Node Exporter" + tags: + - prometheus-inst-node-exporter + +- name: Inst - Prometheus Blackbox Exporter + apt: + deb: "{{ be_packages }}" + notify: + - "Restart Prometheus Blackbox Exporter" + tags: + - prometheus-inst-blackbox-exporter
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/python_env/defaults/main.yaml b/fdio.infra.ansible/roles/python_env/defaults/main.yaml new file mode 100644 index 0000000000..342d1c3d33 --- /dev/null +++ b/fdio.infra.ansible/roles/python_env/defaults/main.yaml @@ -0,0 +1,41 @@ +--- +# file: roles/common/defaults/main.yaml + +packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}" + +packages_base: + - "virtualenv" + +packages_by_distro: + ubuntu: + bionic: + - "python-all" + - "python-apt" + - "python-cffi" + - "python-cffi-backend" + - "python-dev" + - "python-pip" + - "python-setuptools" + - "python3-all" + - "python3-apt" + - "python3-cffi" + - "python3-cffi-backend" + - "python3-dev" + - "python3-pip" + - "python3-pyelftools" + - "python3-setuptools" + focal: + - "python3-all" + - "python3-apt" + - "python3-cffi" + - "python3-cffi-backend" + - "python3-dev" + - "python3-pip" + - "python3-pyelftools" + - "python3-setuptools" + +packages_by_arch: + aarch64: + - [] + x86_64: + - []
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/python_env/tasks/main.yaml b/fdio.infra.ansible/roles/python_env/tasks/main.yaml new file mode 100644 index 0000000000..cddfe63655 --- /dev/null +++ b/fdio.infra.ansible/roles/python_env/tasks/main.yaml @@ -0,0 +1,82 @@ +--- +# file: roles/python_env/tasks/main.yaml + +- name: Inst - Update package cache (apt) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - common-inst-prerequisites + +- name: Inst - Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + tags: + - common-inst-prerequisites + +- name: Inst - CSIT PIP requirements + pip: + name: + - "ecdsa==0.13.3" + - "paramiko==2.6.0" + - "pycrypto==2.6.1" + - "pypcap==1.2.3" + - "PyYAML==5.1.1" + - "requests==2.22.0" + - "robotframework==3.1.2" + - "scapy==2.4.3" + - "scp==0.13.2" + - "ansible==2.10.7" + - "dill==0.3.3" + - "numpy==1.17.3" + - "hdrhistogram==0.6.1" + - "plotly==4.1.1" + - "PTable==0.9.2" + - "Sphinx==2.2.1" + - "sphinx-rtd-theme==0.4.0" + - "sphinxcontrib-programoutput==0.15" + - "sphinxcontrib-robotdoc==0.11.0" + - "alabaster==0.7.12" + - "Babel==2.7.0" + - "bcrypt==3.1.7" + - "certifi==2019.9.11" + - "cffi==1.13.2" + - "chardet==3.0.4" + - "cryptography==2.8" + - "docutils==0.15.2" + - "future==0.18.2" + - "idna==2.8" + - "imagesize==1.1.0" + - "Jinja2==2.10.3" + - "MarkupSafe==1.1.1" + - "packaging==19.2" + - "pbr==5.4.3" + - "pycparser==2.19" + - "Pygments==2.4.2" + - "PyNaCl==1.3.0" + - "pyparsing==2.4.4" + - "python-dateutil==2.8.1" + - "pytz==2019.3" + - "retrying==1.3.3" + - "six==1.13.0" + - "snowballstemmer==2.0.0" + - "sphinxcontrib-applehelp==1.0.1" + - "sphinxcontrib-devhelp==1.0.1" + - "sphinxcontrib-htmlhelp==1.0.2" + - "sphinxcontrib-jsmath==1.0.1" + - "sphinxcontrib-qthelp==1.0.2" + - "sphinxcontrib-serializinghtml==1.1.3" + - "urllib3==1.25.6" + tags: + - common-inst-pip + +- name: Inst - CSIT PIP requirements - Pandas and SciPy workaround + pip: + name: + - "pandas==0.25.3" + - "scipy==1.5.4" + tags: + - common-inst-pip diff --git a/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.service b/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.service new file mode 100644 index 0000000000..11911201d5 --- /dev/null +++ b/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.service @@ -0,0 +1,12 @@ +[Unit] +Description=CSIT Initialize Docker TG +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=True +ExecStart=/usr/local/bin/csit-initialize-docker-tg.sh start 2 +ExecStop=/usr/local/bin/csit-initialize-docker-tg.sh stop + +[Install] +WantedBy=default.target diff --git a/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.sh b/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.sh new file mode 100755 index 0000000000..0120795e9c --- /dev/null +++ b/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.sh @@ -0,0 +1,58 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# CSIT SRIOV VF initialization and isolation. + +set -euo pipefail + +case "${1:-start}" in + "start" ) + # Run TG + for cnt in $(seq 1 ${2:-1}); do + docker network create --driver bridge csit-nw-tg${cnt} || true + # If the IMAGE is not already loaded then docker run will pull the + # IMAGE, and all image dependencies, before it starts the container. + dcr_image="csit_sut-ubuntu2004:local" + # Run the container in the background and print the new container + # ID. + dcr_stc_params="--detach=true " + # Give extended privileges to this container. A "privileged" + # container is given access to all devices and able to run nested + # containers. + dcr_stc_params+="--privileged " + # Publish all exposed ports to random ports on the host interfaces. + dcr_stc_params+="--publish 600${cnt}:2222 " + # Automatically remove the container when it exits. + dcr_stc_params+="--rm " + # Size of /dev/shm. + dcr_stc_params+="--shm-size 4G " + # Mount vfio to be able to bind to see binded interfaces. We cannot + # use --device=/dev/vfio as this does not see newly binded + # interfaces. + dcr_stc_params+="--volume /dev:/dev " + # Mount /opt/boot/ where VM kernel and initrd are located. + dcr_stc_params+="--volume /opt:/opt " + # Mount host hugepages for VMs. + dcr_stc_params+="--volume /dev/hugepages:/dev/hugepages " + + params=(${dcr_stc_params} --name csit-tg-"${cnt}" "${dcr_image}") + docker run --network=csit-nw-tg${cnt} "${params[@]}" + done + ;; + "stop" ) + docker rm --force $(docker ps --all --quiet --filter name=csit) + docker network rm $(docker network ls --filter name=csit --quiet) + ;; +esac diff --git a/fdio.infra.ansible/roles/tg/handlers/main.yaml b/fdio.infra.ansible/roles/tg/handlers/main.yaml new file mode 100644 index 0000000000..e13e67b2c1 --- /dev/null +++ b/fdio.infra.ansible/roles/tg/handlers/main.yaml @@ -0,0 +1,10 @@ +--- +# file: roles/tg/handlers/main.yaml + +- name: Start csit-initialize-docker-tg.service + systemd: + enabled: yes + state: "started" + name: "csit-initialize-docker-tg.service" + tags: + - docker-tg diff --git a/fdio.infra.ansible/roles/tg/tasks/main.yaml b/fdio.infra.ansible/roles/tg/tasks/main.yaml new file mode 100644 index 0000000000..4e79dabfab --- /dev/null +++ b/fdio.infra.ansible/roles/tg/tasks/main.yaml @@ -0,0 +1,30 @@ +--- +# file: roles/tg/tasks/main.yaml + +- name: Conf - csit-initialize-docker-tg.sh + copy: + src: "files/csit-initialize-docker-tg.sh" + dest: "/usr/local/bin/csit-initialize-docker-tg.sh" + owner: "root" + group: "root" + mode: 0744 + when: + - docker_tg is defined + tags: + - tg-conf-docker + +- name: Conf - Start csit-initialize-docker-tg.service + copy: + src: "files/csit-initialize-docker-tg.service" + dest: "/etc/systemd/system/" + owner: "root" + group: "root" + mode: 0644 + notify: + - "Start csit-initialize-docker-tg.service" + when: + - docker_tg is defined + tags: + - tg-conf-docker + +- meta: flush_handlers diff --git a/fdio.infra.ansible/roles/topology/tasks/main.yaml b/fdio.infra.ansible/roles/topology/tasks/main.yaml new file mode 100644 index 0000000000..cf3eb5367f --- /dev/null +++ b/fdio.infra.ansible/roles/topology/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +# file: roles/topology/tasks/main.yaml + +- name: Create topology file + template: + src: "templates/topology_{{ cloud_topology }}.j2" + dest: "../../../../topologies/available/{{ cloud_topology }}_{{ testbed_name }}.yaml" + tags: + - create-topology-file diff --git a/fdio.infra.ansible/roles/topology/templates/topology_2n_aws_c5n.j2 b/fdio.infra.ansible/roles/topology/templates/topology_2n_aws_c5n.j2 new file mode 100644 index 0000000000..1d99a34994 --- /dev/null +++ b/fdio.infra.ansible/roles/topology/templates/topology_2n_aws_c5n.j2 @@ -0,0 +1,56 @@ +--- +metadata: + version: 0.1 + schema: + - resources/topology_schemas/2_node_topology.sch.yaml + - resources/topology_schemas/topology.sch.yaml + tags: [hw, 2-node] + +nodes: + TG: + type: TG + subtype: TREX + host: "{{ tg_public_ip }}" + arch: x86_64 + port: 22 + username: testuser + password: Csit1234 + interfaces: + port1: + # tg_instance/p1 - 50GE port1 on ENA NIC. + mac_address: {{ tg_if1_mac }} + pci_address: "0000:00:06.0" + link: link1 + model: Amazon-Nitro-50G + port2: + # tg_instance/p2 - 50GE port2 on ENA NIC. + mac_address: {{ tg_if2_mac }} + pci_address: "0000:00:07.0" + link: link2 + model: Amazon-Nitro-50G + DUT1: + type: DUT + host: "{{ dut1_public_ip }}" + arch: x86_64 + port: 22 + username: testuser + password: Csit1234 + uio_driver: vfio-pci + honeycomb: + user: admin + passwd: admin + port: 8183 + netconf_port: 2831 + interfaces: + port1: + # dut1_instance/p1 - 50GE port1 on ENA NIC. + mac_address: {{ dut1_if1_mac }} + pci_address: "0000:00:06.0" + link: link1 + model: Amazon-Nitro-50G + port2: + # dut1_instance/p2 - 50GE port2 on ENA NIC. + mac_address: {{ dut1_if2_mac }} + pci_address: "0000:00:07.0" + link: link2 + model: Amazon-Nitro-50G diff --git a/fdio.infra.ansible/roles/topology/templates/topology_3n_aws_c5n.j2 b/fdio.infra.ansible/roles/topology/templates/topology_3n_aws_c5n.j2 new file mode 100644 index 0000000000..631b0be63b --- /dev/null +++ b/fdio.infra.ansible/roles/topology/templates/topology_3n_aws_c5n.j2 @@ -0,0 +1,83 @@ +--- +metadata: + version: 0.1 + schema: + - resources/topology_schemas/3_node_topology.sch.yaml + - resources/topology_schemas/topology.sch.yaml + tags: [hw, 3-node] + +nodes: + TG: + type: TG + subtype: TREX + host: "{{ tg_public_ip }}" + arch: x86_64 + port: 22 + username: testuser + password: Csit1234 + interfaces: + port1: + # tg_instance/p1 - 50GE port1 on ENA NIC. + mac_address: {{ tg_if1_mac }} + pci_address: "0000:00:06.0" + link: link1 + model: Amazon-Nitro-50G + port2: + # tg_instance/p2 - 50GE port2 on ENA NIC. + mac_address: {{ tg_if2_mac }} + pci_address: "0000:00:07.0" + link: link2 + model: Amazon-Nitro-50G + DUT1: + type: DUT + host: "{{ dut1_public_ip }}" + arch: x86_64 + port: 22 + username: testuser + password: Csit1234 + uio_driver: vfio-pci + honeycomb: + user: admin + passwd: admin + port: 8183 + netconf_port: 2831 + interfaces: + port1: + # dut1_instance/p1 - 50GE port1 on ENA NIC. + mac_address: {{ dut1_if1_mac }} + pci_address: "0000:00:06.0" + link: link1 + model: Amazon-Nitro-50G + port2: + # dut1_instance/p2 - 50GE port2 on ENA NIC. + mac_address: {{ dut1_if2_mac }} + pci_address: "0000:00:07.0" + link: link21 + model: Amazon-Nitro-50G + DUT2: + type: DUT + host: "{{ dut2_public_ip }}" + arch: x86_64 + port: 22 + username: testuser + password: Csit1234 + uio_driver: vfio-pci + honeycomb: + user: admin + passwd: admin + port: 8183 + netconf_port: 2831 + interfaces: + port1: + # dut2_instance/p1 - 50GE port1 on ENA NIC. + mac_address: {{ dut2_if1_mac }} + pci_address: "0000:00:06.0" + link: link21 + model: Amazon-Nitro-50G + port2: + # dut2_instance/p2 - 50GE port1 on ENA NIC. + mac_address: {{ dut2_if2_mac }} + pci_address: "0000:00:07.0" + link: link2 + model: Amazon-Nitro-50G + diff --git a/fdio.infra.ansible/roles/topology/templates/topology_3n_azure_Fsv2.j2 b/fdio.infra.ansible/roles/topology/templates/topology_3n_azure_Fsv2.j2 new file mode 100644 index 0000000000..e4dd6cdbf2 --- /dev/null +++ b/fdio.infra.ansible/roles/topology/templates/topology_3n_azure_Fsv2.j2 @@ -0,0 +1,82 @@ +--- +metadata: + version: 0.1 + schema: + - resources/topology_schemas/3_node_topology.sch.yaml + - resources/topology_schemas/topology.sch.yaml + tags: [hw, 3-node] + +nodes: + TG: + type: TG + subtype: TREX + host: "{{ tg_public_ip }}" + arch: x86_64 + port: 22 + username: testuser + password: Csit1234 + interfaces: + port1: + # tg_instance/p1 - 40GE port1 on Mellanox NIC. + mac_address: "{{ tg_if1_mac | lower | replace('-',':') }}" + pci_address: "0002:00:02.0" + link: link1 + model: Azure-MLX-40G + port2: + # tg_instance/p2 - 40GE port2 on Mellanox NIC. + mac_address: "{{ tg_if2_mac | lower | replace('-',':') }}" + pci_address: "0003:00:02.0" + link: link2 + model: Azure-MLX-40G + DUT1: + type: DUT + host: "{{ dut1_public_ip }}" + arch: x86_64 + port: 22 + username: testuser + password: Csit1234 + uio_driver: vfio-pci + honeycomb: + user: admin + passwd: admin + port: 8183 + netconf_port: 2831 + interfaces: + port1: + # dut1_instance/p1 - 40GE port1 on Mellanox NIC. + mac_address: "{{ dut1_if1_mac | lower | replace('-',':') }}" + pci_address: "0002:00:02.0" + link: link1 + model: Azure-MLX-40G + port2: + # dut2_instance/p1 - 40GE port2 on Mellanox NIC. + mac_address: "{{ dut1_if2_mac | lower | replace('-',':') }}" + pci_address: "0003:00:02.0" + link: link21 + model: Azure-MLX-40G + DUT2: + type: DUT + host: "{{ dut2_public_ip }}" + arch: x86_64 + port: 22 + username: testuser + password: Csit1234 + uio_driver: vfio-pci + honeycomb: + user: admin + passwd: admin + port: 8183 + netconf_port: 2831 + interfaces: + port1: + # dut1_instance/p1 - 40GE port1 on Mellanox NIC. + mac_address: "{{ dut2_if1_mac | lower | replace('-',':') }}" + pci_address: "0002:00:02.0" + link: link21 + model: Azure-MLX-40G + port2: + # dut2_instance/p1 - 40GE port2 on Mellanox NIC. + mac_address: "{{ dut2_if2_mac | lower | replace('-',':') }}" + pci_address: "0003:00:02.0" + link: link2 + model: Azure-MLX-40G diff --git a/fdio.infra.ansible/roles/trex/defaults/main.yaml b/fdio.infra.ansible/roles/trex/defaults/main.yaml new file mode 100644 index 0000000000..19bb15e9d3 --- /dev/null +++ b/fdio.infra.ansible/roles/trex/defaults/main.yaml @@ -0,0 +1,44 @@ +--- +# file: roles/trex/defaults/main.yaml + +packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}" + +packages_base: + - [] + +packages_by_distro: + ubuntu: + bionic: + - "build-essential" + - "libmnl-dev" + - "libnuma-dev" + - "libpcap-dev" + - "librdmacm-dev" + - "librdmacm1" + - "libssl-dev" + - "pciutils" + - "python3-pip" + - "zlib1g-dev" + focal: + - "build-essential" + - "libmnl-dev" + - "libnuma-dev" + - "libpcap-dev" + - "librdmacm-dev" + - "librdmacm1" + - "libssl-dev" + - "pciutils" + - "python3-pip" + - "zlib1g-dev" + +packages_by_arch: + aarch64: + - [] + x86_64: + - [] + +trex_target_dir: "/opt" +trex_url: "https://github.com/cisco-system-traffic-generator/trex-core/archive/" +trex_version: + # master // ubuntu 20.04 + - "2.88"
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/trex/files/t-rex.patch b/fdio.infra.ansible/roles/trex/files/t-rex.patch new file mode 100644 index 0000000000..e7db647779 --- /dev/null +++ b/fdio.infra.ansible/roles/trex/files/t-rex.patch @@ -0,0 +1,548 @@ +diff --git a/linux_dpdk/ws_main.py b/linux_dpdk/ws_main.py +index e8d0cd51..a0c01adb 100755 +--- a/linux_dpdk/ws_main.py ++++ b/linux_dpdk/ws_main.py +@@ -209,7 +209,7 @@ def check_ofed(ctx): + + ofed_ver= 42 + ofed_ver_show= '4.2' +- ++ return True + if not os.path.isfile(ofed_info): + ctx.end_msg('not found', 'YELLOW') + return False +@@ -1552,8 +1552,6 @@ class build_option: + flags += ['-DNDEBUG']; + else: + flags += ['-UNDEBUG']; +- if bld.env.OFED_OK: +- flags += ['-DHAVE_IBV_MLX4_WQE_LSO_SEG=1'] + return (flags) + + def get_bnxt_flags(self): +diff --git a/src/dpdk/drivers/net/mlx4/mlx4_autoconf.h b/src/dpdk/drivers/net/mlx4/mlx4_autoconf.h +index b3d68683..35474409 100644 +--- a/src/dpdk/drivers/net/mlx4/mlx4_autoconf.h ++++ b/src/dpdk/drivers/net/mlx4/mlx4_autoconf.h +@@ -1,3 +1,6 @@ +-#ifndef HAVE_IBV_MLX4_WQE_LSO_SEG +-#define HAVE_IBV_MLX4_WQE_LSO_SEG +-#endif ++/* HAVE_IBV_MLX4_BUF_ALLOCATORS is not defined. */ ++ ++/* HAVE_IBV_MLX4_UAR_MMAP_OFFSET is not defined. */ ++ ++/* HAVE_IBV_MLX4_WQE_LSO_SEG is not defined. */ ++ +diff --git a/src/dpdk/drivers/net/mlx5/mlx5_autoconf.h b/src/dpdk/drivers/net/mlx5/mlx5_autoconf.h +index 8770fdde..75db5ae8 100644 +--- a/src/dpdk/drivers/net/mlx5/mlx5_autoconf.h ++++ b/src/dpdk/drivers/net/mlx5/mlx5_autoconf.h +@@ -1,54 +1,362 @@ +-#ifndef HAVE_IBV_DEVICE_COUNTERS_SET_SUPPORT +-#define HAVE_IBV_DEVICE_COUNTERS_SET_SUPPORT +-#endif ++/* HAVE_IBV_DEVICE_STRIDING_RQ_SUPPORT is not defined. */ + +-#ifndef HAVE_IBV_FLOW_DV_SUPPORT +-#define HAVE_IBV_FLOW_DV_SUPPORT +-#endif ++#ifndef HAVE_IBV_DEVICE_TUNNEL_SUPPORT ++#define HAVE_IBV_DEVICE_TUNNEL_SUPPORT 1 ++#endif /* HAVE_IBV_DEVICE_TUNNEL_SUPPORT */ + +-#ifndef HAVE_IBV_DEVICE_COUNTERS_SET_V45 +-#define HAVE_IBV_DEVICE_COUNTERS_SET_V45 +-#endif ++/* HAVE_IBV_DEVICE_MPLS_SUPPORT is not defined. */ + +-#ifndef HAVE_IBV_FLOW_DEVX_COUNTERS +-#define HAVE_IBV_FLOW_DEVX_COUNTERS +-#endif ++#ifndef HAVE_IBV_WQ_FLAGS_PCI_WRITE_END_PADDING ++#define HAVE_IBV_WQ_FLAGS_PCI_WRITE_END_PADDING 1 ++#endif /* HAVE_IBV_WQ_FLAGS_PCI_WRITE_END_PADDING */ + +-#ifndef HAVE_IBV_MLX4_WQE_LSO_SEG +-#define HAVE_IBV_MLX4_WQE_LSO_SEG +-#endif ++/* HAVE_IBV_WQ_FLAG_RX_END_PADDING is not defined. */ + ++#ifndef HAVE_IBV_MLX5_MOD_SWP ++#define HAVE_IBV_MLX5_MOD_SWP 1 ++#endif /* HAVE_IBV_MLX5_MOD_SWP */ + +-#ifdef SUPPORTED_40000baseKR4_Full ++#ifndef HAVE_IBV_MLX5_MOD_MPW ++#define HAVE_IBV_MLX5_MOD_MPW 1 ++#endif /* HAVE_IBV_MLX5_MOD_MPW */ ++ ++#ifndef HAVE_IBV_MLX5_MOD_CQE_128B_COMP ++#define HAVE_IBV_MLX5_MOD_CQE_128B_COMP 1 ++#endif /* HAVE_IBV_MLX5_MOD_CQE_128B_COMP */ ++ ++#ifndef HAVE_IBV_MLX5_MOD_CQE_128B_PAD ++#define HAVE_IBV_MLX5_MOD_CQE_128B_PAD 1 ++#endif /* HAVE_IBV_MLX5_MOD_CQE_128B_PAD */ ++ ++/* HAVE_IBV_FLOW_DV_SUPPORT is not defined. */ ++ ++/* HAVE_MLX5DV_DR is not defined. */ ++ ++/* HAVE_MLX5DV_DR_ESWITCH is not defined. */ ++ ++/* HAVE_IBV_DEVX_OBJ is not defined. */ ++ ++/* HAVE_IBV_FLOW_DEVX_COUNTERS is not defined. */ ++ ++#ifndef HAVE_ETHTOOL_LINK_MODE_25G ++#define HAVE_ETHTOOL_LINK_MODE_25G 1 ++#endif /* HAVE_ETHTOOL_LINK_MODE_25G */ ++ ++#ifndef HAVE_ETHTOOL_LINK_MODE_50G ++#define HAVE_ETHTOOL_LINK_MODE_50G 1 ++#endif /* HAVE_ETHTOOL_LINK_MODE_50G */ ++ ++#ifndef HAVE_ETHTOOL_LINK_MODE_100G ++#define HAVE_ETHTOOL_LINK_MODE_100G 1 ++#endif /* HAVE_ETHTOOL_LINK_MODE_100G */ ++ ++/* HAVE_IBV_DEVICE_COUNTERS_SET_V42 is not defined. */ ++ ++/* HAVE_IBV_DEVICE_COUNTERS_SET_V45 is not defined. */ ++ ++#ifndef HAVE_RDMA_NL_NLDEV ++#define HAVE_RDMA_NL_NLDEV 1 ++#endif /* HAVE_RDMA_NL_NLDEV */ ++ ++#ifndef HAVE_RDMA_NLDEV_CMD_GET ++#define HAVE_RDMA_NLDEV_CMD_GET 1 ++#endif /* HAVE_RDMA_NLDEV_CMD_GET */ ++ ++#ifndef HAVE_RDMA_NLDEV_CMD_PORT_GET ++#define HAVE_RDMA_NLDEV_CMD_PORT_GET 1 ++#endif /* HAVE_RDMA_NLDEV_CMD_PORT_GET */ ++ ++#ifndef HAVE_RDMA_NLDEV_ATTR_DEV_INDEX ++#define HAVE_RDMA_NLDEV_ATTR_DEV_INDEX 1 ++#endif /* HAVE_RDMA_NLDEV_ATTR_DEV_INDEX */ ++ ++#ifndef HAVE_RDMA_NLDEV_ATTR_DEV_NAME ++#define HAVE_RDMA_NLDEV_ATTR_DEV_NAME 1 ++#endif /* HAVE_RDMA_NLDEV_ATTR_DEV_NAME */ ++ ++#ifndef HAVE_RDMA_NLDEV_ATTR_PORT_INDEX ++#define HAVE_RDMA_NLDEV_ATTR_PORT_INDEX 1 ++#endif /* HAVE_RDMA_NLDEV_ATTR_PORT_INDEX */ ++ ++/* HAVE_RDMA_NLDEV_ATTR_NDEV_INDEX is not defined. */ ++ ++#ifndef HAVE_IFLA_NUM_VF ++#define HAVE_IFLA_NUM_VF 1 ++#endif /* HAVE_IFLA_NUM_VF */ ++ ++#ifndef HAVE_IFLA_EXT_MASK ++#define HAVE_IFLA_EXT_MASK 1 ++#endif /* HAVE_IFLA_EXT_MASK */ ++ ++#ifndef HAVE_IFLA_PHYS_SWITCH_ID ++#define HAVE_IFLA_PHYS_SWITCH_ID 1 ++#endif /* HAVE_IFLA_PHYS_SWITCH_ID */ ++ ++#ifndef HAVE_IFLA_PHYS_PORT_NAME ++#define HAVE_IFLA_PHYS_PORT_NAME 1 ++#endif /* HAVE_IFLA_PHYS_PORT_NAME */ ++ ++#ifndef HAVE_IFLA_VXLAN_COLLECT_METADATA ++#define HAVE_IFLA_VXLAN_COLLECT_METADATA 1 ++#endif /* HAVE_IFLA_VXLAN_COLLECT_METADATA */ ++ ++#ifndef HAVE_TCA_CHAIN ++#define HAVE_TCA_CHAIN 1 ++#endif /* HAVE_TCA_CHAIN */ ++ ++#ifndef HAVE_TCA_FLOWER_ACT ++#define HAVE_TCA_FLOWER_ACT 1 ++#endif /* HAVE_TCA_FLOWER_ACT */ ++ ++#ifndef HAVE_TCA_FLOWER_FLAGS ++#define HAVE_TCA_FLOWER_FLAGS 1 ++#endif /* HAVE_TCA_FLOWER_FLAGS */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ETH_TYPE ++#define HAVE_TCA_FLOWER_KEY_ETH_TYPE 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ETH_TYPE */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ETH_DST ++#define HAVE_TCA_FLOWER_KEY_ETH_DST 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ETH_DST */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ETH_DST_MASK ++#define HAVE_TCA_FLOWER_KEY_ETH_DST_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ETH_DST_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ETH_SRC ++#define HAVE_TCA_FLOWER_KEY_ETH_SRC 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ETH_SRC */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ETH_SRC_MASK ++#define HAVE_TCA_FLOWER_KEY_ETH_SRC_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ETH_SRC_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IP_PROTO ++#define HAVE_TCA_FLOWER_KEY_IP_PROTO 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IP_PROTO */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IPV4_SRC ++#define HAVE_TCA_FLOWER_KEY_IPV4_SRC 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IPV4_SRC */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IPV4_SRC_MASK ++#define HAVE_TCA_FLOWER_KEY_IPV4_SRC_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IPV4_SRC_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IPV4_DST ++#define HAVE_TCA_FLOWER_KEY_IPV4_DST 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IPV4_DST */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IPV4_DST_MASK ++#define HAVE_TCA_FLOWER_KEY_IPV4_DST_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IPV4_DST_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IPV6_SRC ++#define HAVE_TCA_FLOWER_KEY_IPV6_SRC 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IPV6_SRC */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IPV6_SRC_MASK ++#define HAVE_TCA_FLOWER_KEY_IPV6_SRC_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IPV6_SRC_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IPV6_DST ++#define HAVE_TCA_FLOWER_KEY_IPV6_DST 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IPV6_DST */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IPV6_DST_MASK ++#define HAVE_TCA_FLOWER_KEY_IPV6_DST_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IPV6_DST_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_TCP_SRC ++#define HAVE_TCA_FLOWER_KEY_TCP_SRC 1 ++#endif /* HAVE_TCA_FLOWER_KEY_TCP_SRC */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_TCP_SRC_MASK ++#define HAVE_TCA_FLOWER_KEY_TCP_SRC_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_TCP_SRC_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_TCP_DST ++#define HAVE_TCA_FLOWER_KEY_TCP_DST 1 ++#endif /* HAVE_TCA_FLOWER_KEY_TCP_DST */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_TCP_DST_MASK ++#define HAVE_TCA_FLOWER_KEY_TCP_DST_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_TCP_DST_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_UDP_SRC ++#define HAVE_TCA_FLOWER_KEY_UDP_SRC 1 ++#endif /* HAVE_TCA_FLOWER_KEY_UDP_SRC */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_UDP_SRC_MASK ++#define HAVE_TCA_FLOWER_KEY_UDP_SRC_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_UDP_SRC_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_UDP_DST ++#define HAVE_TCA_FLOWER_KEY_UDP_DST 1 ++#endif /* HAVE_TCA_FLOWER_KEY_UDP_DST */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_UDP_DST_MASK ++#define HAVE_TCA_FLOWER_KEY_UDP_DST_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_UDP_DST_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_VLAN_ID ++#define HAVE_TCA_FLOWER_KEY_VLAN_ID 1 ++#endif /* HAVE_TCA_FLOWER_KEY_VLAN_ID */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_VLAN_PRIO ++#define HAVE_TCA_FLOWER_KEY_VLAN_PRIO 1 ++#endif /* HAVE_TCA_FLOWER_KEY_VLAN_PRIO */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_VLAN_ETH_TYPE ++#define HAVE_TCA_FLOWER_KEY_VLAN_ETH_TYPE 1 ++#endif /* HAVE_TCA_FLOWER_KEY_VLAN_ETH_TYPE */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_TCP_FLAGS ++#define HAVE_TCA_FLOWER_KEY_TCP_FLAGS 1 ++#endif /* HAVE_TCA_FLOWER_KEY_TCP_FLAGS */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_TCP_FLAGS_MASK ++#define HAVE_TCA_FLOWER_KEY_TCP_FLAGS_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_TCP_FLAGS_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IP_TOS ++#define HAVE_TCA_FLOWER_KEY_IP_TOS 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IP_TOS */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IP_TOS_MASK ++#define HAVE_TCA_FLOWER_KEY_IP_TOS_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IP_TOS_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IP_TTL ++#define HAVE_TCA_FLOWER_KEY_IP_TTL 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IP_TTL */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_IP_TTL_MASK ++#define HAVE_TCA_FLOWER_KEY_IP_TTL_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_IP_TTL_MASK */ ++ ++#ifndef HAVE_TC_ACT_GOTO_CHAIN ++#define HAVE_TC_ACT_GOTO_CHAIN 1 ++#endif /* HAVE_TC_ACT_GOTO_CHAIN */ ++ ++#ifndef HAVE_TC_ACT_VLAN ++#define HAVE_TC_ACT_VLAN 1 ++#endif /* HAVE_TC_ACT_VLAN */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_KEY_ID ++#define HAVE_TCA_FLOWER_KEY_ENC_KEY_ID 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_KEY_ID */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC ++#define HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK ++#define HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST ++#define HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST_MASK ++#define HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC ++#define HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK ++#define HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST ++#define HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST_MASK ++#define HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT ++#define HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK ++#define HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT ++#define HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT */ ++ ++#ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK ++#define HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK 1 ++#endif /* HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK */ ++ ++/* HAVE_TCA_FLOWER_KEY_ENC_IP_TOS is not defined. */ ++ ++/* HAVE_TCA_FLOWER_KEY_ENC_IP_TOS_MASK is not defined. */ ++ ++/* HAVE_TCA_FLOWER_KEY_ENC_IP_TTL is not defined. */ ++ ++/* HAVE_TCA_FLOWER_KEY_ENC_IP_TTL_MASK is not defined. */ ++ ++#ifndef HAVE_TC_ACT_TUNNEL_KEY ++#define HAVE_TC_ACT_TUNNEL_KEY 1 ++#endif /* HAVE_TC_ACT_TUNNEL_KEY */ ++ ++#ifndef HAVE_TCA_TUNNEL_KEY_ENC_DST_PORT ++#define HAVE_TCA_TUNNEL_KEY_ENC_DST_PORT 1 ++#endif /* HAVE_TCA_TUNNEL_KEY_ENC_DST_PORT */ ++ ++/* HAVE_TCA_TUNNEL_KEY_ENC_TOS is not defined. */ ++ ++/* HAVE_TCA_TUNNEL_KEY_ENC_TTL is not defined. */ ++ ++#ifndef HAVE_TCA_TUNNEL_KEY_NO_CSUM ++#define HAVE_TCA_TUNNEL_KEY_NO_CSUM 1 ++#endif /* HAVE_TCA_TUNNEL_KEY_NO_CSUM */ ++ ++#ifndef HAVE_TC_ACT_PEDIT ++#define HAVE_TC_ACT_PEDIT 1 ++#endif /* HAVE_TC_ACT_PEDIT */ ++ ++#ifndef HAVE_SUPPORTED_40000baseKR4_Full + #define HAVE_SUPPORTED_40000baseKR4_Full 1 +-#endif ++#endif /* HAVE_SUPPORTED_40000baseKR4_Full */ + +-#ifdef SUPPORTED_40000baseCR4_Full ++#ifndef HAVE_SUPPORTED_40000baseCR4_Full + #define HAVE_SUPPORTED_40000baseCR4_Full 1 +-#endif ++#endif /* HAVE_SUPPORTED_40000baseCR4_Full */ + +-#ifdef SUPPORTED_40000baseSR4_Full ++#ifndef HAVE_SUPPORTED_40000baseSR4_Full + #define HAVE_SUPPORTED_40000baseSR4_Full 1 +-#endif ++#endif /* HAVE_SUPPORTED_40000baseSR4_Full */ + +-#ifdef SUPPORTED_40000baseLR4_Full ++#ifndef HAVE_SUPPORTED_40000baseLR4_Full + #define HAVE_SUPPORTED_40000baseLR4_Full 1 +-#endif ++#endif /* HAVE_SUPPORTED_40000baseLR4_Full */ + +-#ifdef SUPPORTED_56000baseKR4_Full ++#ifndef HAVE_SUPPORTED_56000baseKR4_Full + #define HAVE_SUPPORTED_56000baseKR4_Full 1 +-#endif ++#endif /* HAVE_SUPPORTED_56000baseKR4_Full */ + +-#ifdef SUPPORTED_56000baseCR4_Full ++#ifndef HAVE_SUPPORTED_56000baseCR4_Full + #define HAVE_SUPPORTED_56000baseCR4_Full 1 +-#endif ++#endif /* HAVE_SUPPORTED_56000baseCR4_Full */ + +-#ifdef SUPPORTED_56000baseSR4_Full ++#ifndef HAVE_SUPPORTED_56000baseSR4_Full + #define HAVE_SUPPORTED_56000baseSR4_Full 1 +-#endif ++#endif /* HAVE_SUPPORTED_56000baseSR4_Full */ + +-#ifdef SUPPORTED_56000baseLR4_Full ++#ifndef HAVE_SUPPORTED_56000baseLR4_Full + #define HAVE_SUPPORTED_56000baseLR4_Full 1 +-#endif ++#endif /* HAVE_SUPPORTED_56000baseLR4_Full */ + ++#ifndef HAVE_STATIC_ASSERT ++#define HAVE_STATIC_ASSERT 1 ++#endif /* HAVE_STATIC_ASSERT */ + +diff --git a/src/dpdk/drivers/net/tap/rte_eth_tap.c b/src/dpdk/drivers/net/tap/rte_eth_tap.c +index bc889c19..47a2b68f 100644 +--- a/src/dpdk/drivers/net/tap/rte_eth_tap.c ++++ b/src/dpdk/drivers/net/tap/rte_eth_tap.c +@@ -34,8 +34,8 @@ + #include <unistd.h> + #include <arpa/inet.h> + #include <net/if.h> +-#include <linux_tap/if_tun.h> +-#include <linux_tap/if_ether.h> ++#include <linux/if_tun.h> ++#include <linux/if_ether.h> + #include <fcntl.h> + #include <ctype.h> + +diff --git a/src/dpdk/drivers/net/tap/rte_eth_tap.h b/src/dpdk/drivers/net/tap/rte_eth_tap.h +index 66cd3441..dc3579ac 100644 +--- a/src/dpdk/drivers/net/tap/rte_eth_tap.h ++++ b/src/dpdk/drivers/net/tap/rte_eth_tap.h +@@ -11,7 +11,7 @@ + #include <inttypes.h> + #include <net/if.h> + +-#include <linux_tap/if_tun.h> ++#include <linux/if_tun.h> + + #include <rte_ethdev_driver.h> + #include <rte_ether.h> +diff --git a/src/dpdk/drivers/net/tap/tap_autoconf.h b/src/dpdk/drivers/net/tap/tap_autoconf.h +index dddd4ae6..d5880608 100644 +--- a/src/dpdk/drivers/net/tap/tap_autoconf.h ++++ b/src/dpdk/drivers/net/tap/tap_autoconf.h +@@ -1,14 +1,24 @@ + #ifndef HAVE_TC_FLOWER + #define HAVE_TC_FLOWER 1 +-#endif ++#endif /* HAVE_TC_FLOWER */ + ++#ifndef HAVE_TC_VLAN_ID ++#define HAVE_TC_VLAN_ID 1 ++#endif /* HAVE_TC_VLAN_ID */ + + #ifndef HAVE_TC_BPF + #define HAVE_TC_BPF 1 +-#endif ++#endif /* HAVE_TC_BPF */ + +-#ifndef HAVE_TC_VLAN_ID +-#define HAVE_TC_VLAN_ID 1 +-#endif ++#ifndef HAVE_TC_BPF_FD ++#define HAVE_TC_BPF_FD 1 ++#endif /* HAVE_TC_BPF_FD */ ++ ++#ifndef HAVE_TC_ACT_BPF ++#define HAVE_TC_ACT_BPF 1 ++#endif /* HAVE_TC_ACT_BPF */ + ++#ifndef HAVE_TC_ACT_BPF_FD ++#define HAVE_TC_ACT_BPF_FD 1 ++#endif /* HAVE_TC_ACT_BPF_FD */ + +diff --git a/src/dpdk/drivers/net/tap/tap_netlink.h b/src/dpdk/drivers/net/tap/tap_netlink.h +index 900ce375..faa73ba1 100644 +--- a/src/dpdk/drivers/net/tap/tap_netlink.h ++++ b/src/dpdk/drivers/net/tap/tap_netlink.h +@@ -8,8 +8,8 @@ + + #include <ctype.h> + #include <inttypes.h> +-#include <linux_tap/rtnetlink.h> +-#include <linux_tap/netlink.h> ++#include <linux/rtnetlink.h> ++#include <linux/netlink.h> + #include <stdio.h> + + #include <rte_log.h> +diff --git a/src/dpdk/drivers/net/tap/tap_tcmsgs.h b/src/dpdk/drivers/net/tap/tap_tcmsgs.h +index 782de540..8cedea84 100644 +--- a/src/dpdk/drivers/net/tap/tap_tcmsgs.h ++++ b/src/dpdk/drivers/net/tap/tap_tcmsgs.h +@@ -7,13 +7,13 @@ + #define _TAP_TCMSGS_H_ + + #include <tap_autoconf.h> +-#include <linux_tap/if_ether.h> +-#include <linux_tap/rtnetlink.h> +-#include <linux_tap/pkt_sched.h> +-#include <linux_tap/pkt_cls.h> +-#include <linux_tap/tc_act/tc_mirred.h> +-#include <linux_tap/tc_act/tc_gact.h> +-#include <linux_tap/tc_act/tc_skbedit.h> ++#include <linux/if_ether.h> ++#include <linux/rtnetlink.h> ++#include <linux/pkt_sched.h> ++#include <linux/pkt_cls.h> ++#include <linux/tc_act/tc_mirred.h> ++#include <linux/tc_act/tc_gact.h> ++#include <linux/tc_act/tc_skbedit.h> + #ifdef HAVE_TC_ACT_BPF + #include <linux/tc_act/tc_bpf.h> + #endif +diff --git a/src/main_dpdk.cpp b/src/main_dpdk.cpp +index 0f66b07a..8c37ea15 100644 +--- a/src/main_dpdk.cpp ++++ b/src/main_dpdk.cpp +@@ -6969,6 +6969,7 @@ COLD_FUNC bool DpdkTRexPortAttr::update_link_status_nowait(){ + bool changed = false; + rte_eth_link_get_nowait(m_repid, &new_link); + ++ new_link.link_speed = ETH_SPEED_NUM_50G; + if (new_link.link_speed != m_link.link_speed || + new_link.link_duplex != m_link.link_duplex || + new_link.link_autoneg != m_link.link_autoneg || diff --git a/fdio.infra.ansible/roles/trex/tasks/deploy_block.yaml b/fdio.infra.ansible/roles/trex/tasks/deploy_block.yaml new file mode 100644 index 0000000000..5a7890b071 --- /dev/null +++ b/fdio.infra.ansible/roles/trex/tasks/deploy_block.yaml @@ -0,0 +1,55 @@ +--- +# file: roles/trex/tasks/deploy_block.yaml + +- name: Get Release {{ item }} + get_url: + url: "{{ trex_url }}/v{{ item }}.tar.gz" + dest: "{{ trex_target_dir }}/trex-core-{{ item }}.tar.gz" + validate_certs: False + mode: 0644 + register: trex_downloaded + +- name: Create Directory {{ item }} + file: + path: "{{ trex_target_dir }}/trex-core-{{ item }}" + state: "directory" + +- name: Extract Release {{ item }} + unarchive: + remote_src: true + src: "{{ trex_target_dir }}/trex-core-{{ item }}.tar.gz" + dest: "{{ trex_target_dir }}/" + creates: "{{ trex_target_dir }}/trex-core-{{ item }}/linux_dpdk/" + register: trex_extracted + +- name: Patch Azure + patch: + src: "files/t-rex.patch" + basedir: "{{ trex_target_dir }}/trex-core-{{ item }}" + strip: 1 + when: + - azure is defined and item == "2.73" + +- name: Compile Release {{ item }} Part I + command: "./b configure" + args: + chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/linux_dpdk/" + when: trex_extracted.changed + +- name: Compile Release {{ item }} Part II + command: "./b build" + args: + chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/linux_dpdk/" + when: trex_extracted.changed + +- name: Compile Release {{ item }} Part III + command: "make -j 16" + args: + chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/scripts/ko/src" + when: trex_extracted.changed + +- name: Compile Release {{ item }} Part IV + command: "make install" + args: + chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/scripts/ko/src" + when: trex_extracted.changed
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/trex/tasks/main.yaml b/fdio.infra.ansible/roles/trex/tasks/main.yaml new file mode 100644 index 0000000000..d43baf909b --- /dev/null +++ b/fdio.infra.ansible/roles/trex/tasks/main.yaml @@ -0,0 +1,24 @@ +--- +# file: roles/trex/tasks/main.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - trex-inst-prerequisites + +- name: Inst - Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + tags: + - trex-inst-prerequisites + +- name: Inst - Multiple T-Rex Versions + include_tasks: deploy_block.yaml + loop: "{{ trex_version }}" + tags: + - trex-inst
\ No newline at end of file diff --git a/fdio.infra.ansible/roles/user_add/defaults/main.yaml b/fdio.infra.ansible/roles/user_add/defaults/main.yaml new file mode 100644 index 0000000000..56f5098f12 --- /dev/null +++ b/fdio.infra.ansible/roles/user_add/defaults/main.yaml @@ -0,0 +1,11 @@ +--- +# file: roles/user_add/defaults/main.yaml + +# Default shell for a user if none is specified. +users_shell: /bin/bash + +# Default create home dirs for new users. +users_create_homedirs: true + +# Default list of users to create. +users: [] diff --git a/fdio.infra.ansible/roles/user_add/handlers/main.yaml b/fdio.infra.ansible/roles/user_add/handlers/main.yaml new file mode 100644 index 0000000000..960f573b48 --- /dev/null +++ b/fdio.infra.ansible/roles/user_add/handlers/main.yaml @@ -0,0 +1,7 @@ +--- +# file: roles/user_add/handlers/main.yaml + +- name: Restart SSHd + service: + name: sshd + state: restarted diff --git a/fdio.infra.ansible/roles/user_add/tasks/main.yaml b/fdio.infra.ansible/roles/user_add/tasks/main.yaml new file mode 100644 index 0000000000..f980aff84d --- /dev/null +++ b/fdio.infra.ansible/roles/user_add/tasks/main.yaml @@ -0,0 +1,48 @@ +--- +# file: roles/user_add/tasks/main.yaml + +- name: Conf - Add User + user: + append: "{{ item.append | default(omit) }}" + createhome: "{{ 'yes' if users_create_homedirs else 'no' }}" + generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}" + groups: "{{ item.groups | join(',') if 'groups' in item else '' }}" + name: "{{ item.username }}" + password: "{{ item.password if item.password is defined else '!' }}" + shell: "{{ item.shell if item.shell is defined else users_shell }}" + state: present + with_items: "{{ users }}" + tags: + - user-add-conf + +- name: Conf - SSH keys + authorized_key: + user: "{{ item.0.username }}" + key: "{{ item.1 }}" + with_subelements: + - "{{ users }}" + - ssh_key + - skip_missing: yes + tags: + - user-add-conf + +- name: Conf - Allow Password Login + lineinfile: + dest: "/etc/ssh/sshd_config" + regexp: "^PasswordAuthentication no" + line: "PasswordAuthentication yes" + notify: + - "Restart SSHd" + tags: + - user-add-conf + +- name: Conf - Add Visudo Entry + lineinfile: + dest: "/etc/sudoers" + state: present + line: "{{ item.username }} ALL=(ALL) NOPASSWD: ALL" + validate: "visudo -cf %s" + with_items: "{{ users }}" + tags: + - user-add-conf + diff --git a/fdio.infra.ansible/roles/vpp/defaults/main.yaml b/fdio.infra.ansible/roles/vpp/defaults/main.yaml new file mode 100644 index 0000000000..7fac499307 --- /dev/null +++ b/fdio.infra.ansible/roles/vpp/defaults/main.yaml @@ -0,0 +1,36 @@ +--- +# file: roles/vpp/defaults/main.yaml + +packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}" + +packages_base: + - "gdb" + - "libtool" + - "lxc" + - "pkg-config" + - "screen" + +packages_by_distro: + ubuntu: + bionic: + - "build-essential" + - "libglib2.0-dev" + - "libmbedcrypto1" + - "libmbedtls10" + - "libmbedx509-0" + - "libnuma-dev" + - "libpixman-1-dev" + focal: + - "build-essential" + - "libglib2.0-dev" + - "libmbedcrypto3" + - "libmbedtls12" + - "libmbedx509-0" + - "libnuma-dev" + - "libpixman-1-dev" + +packages_by_arch: + aarch64: + - [] + x86_64: + - [] diff --git a/fdio.infra.ansible/roles/vpp/tasks/main.yaml b/fdio.infra.ansible/roles/vpp/tasks/main.yaml new file mode 100644 index 0000000000..ef03011b51 --- /dev/null +++ b/fdio.infra.ansible/roles/vpp/tasks/main.yaml @@ -0,0 +1,27 @@ +--- +# file: roles/vpp/tasks/main.yaml + +- name: Inst - Update Package Cache (APT) + apt: + update_cache: yes + cache_valid_time: 3600 + when: + - ansible_distribution|lower == 'ubuntu' + tags: + - vpp-inst-prerequisites + +- name: Inst - Prerequisites + package: + name: "{{ packages | flatten(levels=1) }}" + state: latest + tags: + - vpp-inst-prerequisites + +- name: Conf - sysctl + file: + src: "/dev/null" + dest: "/etc/sysctl.d/80-vpp.conf" + state: "link" + become: yes + tags: + - vpp-conf-sysctl diff --git a/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-default.sh b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-default.sh new file mode 100644 index 0000000000..d0fc772037 --- /dev/null +++ b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-default.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Add Intel Corporation Ethernet Controller 10G X550T to blacklist. +PCI_BLACKLIST=($(lspci -Dmmd ':1563:0200' | cut -f1 -d' ')) + +# Add Intel Corporation Ethernet Controller X710 for 10GbE SFP+ to whitelist. +PCI_WHITELIST=($(lspci -Dmmd ':1572:0200' | cut -f1 -d' ')) + +# See http://pci-ids.ucw.cz/v2.2/pci.ids for more info. diff --git a/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-tx2.sh b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-tx2.sh new file mode 100644 index 0000000000..6c56752ad0 --- /dev/null +++ b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-tx2.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021 PANTHEON.tech and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Add QLogic Corp. FastLinQ QL41000 Series 10/25/40/50GbE Controller to +# blacklist. +PCI_BLACKLIST=($(lspci -Dmmd ':8070:0200' | cut -f1 -d' ')) +# Add I350 Gigabit Network Connection 1521 to blacklist. +PCI_BLACKLIST+=($(lspci -Dmmd ':1521:0200' | cut -f1 -d' ')) +# Add MT27800 Family [ConnectX-5] 1017 to blacklist. +PCI_BLACKLIST+=($(lspci -Dmmd ':1017:0200' | cut -f1 -d' ')) + +# Add Intel Corporation Ethernet Controller XL710 for 40GbE QSFP+ to whitelist. +PCI_WHITELIST=($(lspci -Dmmd ':1583:0200' | cut -f1 -d' ')) + +# See http://pci-ids.ucw.cz/v2.2/pci.ids for more info. + +declare -A PF_INDICES +# Intel NICs +PF_INDICES["0000:05:00.0"]=0 +PF_INDICES["0000:05:00.1"]=1 +PF_INDICES["0000:91:00.0"]=0 +PF_INDICES["0000:91:00.1"]=1 diff --git a/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.service b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.service new file mode 100644 index 0000000000..996792ab9b --- /dev/null +++ b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.service @@ -0,0 +1,12 @@ +[Unit] +Description=CSIT Initialize SR-IOV VFs +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=True +ExecStart=/usr/local/bin/csit-initialize-vfs.sh start +ExecStop=/usr/local/bin/csit-initialize-vfs.sh stop + +[Install] +WantedBy=default.target diff --git a/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.sh b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.sh new file mode 100644 index 0000000000..393e997d65 --- /dev/null +++ b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.sh @@ -0,0 +1,73 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021 Cisco and/or its affiliates. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# CSIT SRIOV VF initialization and isolation. + +set -euo pipefail + +SCRIPT_DIR="$(dirname $(readlink -e "${BASH_SOURCE[0]}"))" +source "${SCRIPT_DIR}/csit-initialize-vfs-data.sh" + +# Initilize whitelisted NICs with maximum number of VFs. +pci_idx=0 +for pci_addr in ${PCI_WHITELIST[@]}; do + if ! [[ ${PCI_BLACKLIST[*]} =~ "${pci_addr}" ]]; then + pci_path="/sys/bus/pci/devices/${pci_addr}" + # SR-IOV initialization + case "${1:-start}" in + "start" ) + sriov_totalvfs=$(< "${pci_path}"/sriov_totalvfs) + ;; + "stop" ) + sriov_totalvfs=0 + ;; + esac + echo ${sriov_totalvfs} > "${pci_path}"/sriov_numvfs + # SR-IOV 802.1Q isolation + case "${1:-start}" in + "start" ) + pf=$(basename "${pci_path}"/net/*) + for vf in $(seq "${sriov_totalvfs}"); do + # PCI address index in array (pairing siblings). + if [[ -n ${PF_INDICES[@]} ]] + then + vlan_pf_idx=${PF_INDICES[$pci_addr]} + else + vlan_pf_idx=$(( pci_idx % (${#PCI_WHITELIST[@]} / 2) )) + fi + # 802.1Q base offset. + vlan_bs_off=1100 + # 802.1Q PF PCI address offset. + vlan_pf_off=$(( vlan_pf_idx * 100 + vlan_bs_off )) + # 802.1Q VF PCI address offset. + vlan_vf_off=$(( vlan_pf_off + vf - 1 )) + # VLAN string. + vlan_str="vlan ${vlan_vf_off}" + # MAC string. + mac5="$(printf '%x' ${pci_idx})" + mac6="$(printf '%x' $(( vf - 1 )))" + mac_str="mac ba:dc:0f:fe:${mac5}:${mac6}" + # Set 802.1Q VLAN id and MAC address + ip link set ${pf} vf $(( vf - 1 )) ${mac_str} ${vlan_str} + ip link set ${pf} vf $(( vf - 1 )) trust on + ip link set ${pf} vf $(( vf - 1 )) spoof off + done + pci_idx=$(( pci_idx + 1 )) + ;; + esac + rmmod i40evf + modprobe i40evf + fi +done diff --git a/fdio.infra.ansible/roles/vpp_device/handlers/main.yaml b/fdio.infra.ansible/roles/vpp_device/handlers/main.yaml new file mode 100644 index 0000000000..ee9d368638 --- /dev/null +++ b/fdio.infra.ansible/roles/vpp_device/handlers/main.yaml @@ -0,0 +1,21 @@ +--- +# file: roles/vpp_device/handlers/main.yaml + +- name: Start csit-initialize-vfs.service + systemd: + enabled: yes + state: started + name: csit-initialize-vfs.service + tags: + - start-vf-service + +- name: Update GRUB + command: update-grub + tags: + - update-grub + +- name: Reboot server + reboot: + reboot_timeout: 3600 + tags: + - reboot-server diff --git a/fdio.infra.ansible/roles/vpp_device/tasks/main.yaml b/fdio.infra.ansible/roles/vpp_device/tasks/main.yaml new file mode 100644 index 0000000000..33b551715f --- /dev/null +++ b/fdio.infra.ansible/roles/vpp_device/tasks/main.yaml @@ -0,0 +1,92 @@ +--- +# file: roles/vpp_device/tasks/main.yaml + +- name: VPP_device - Load Kernel Modules By Default + lineinfile: + path: "/etc/modules" + state: "present" + line: "{{ item }}" + with_items: + - "vfio-pci" + tags: + - load-kernel-modules + +- name: VPP_device - Disable ipv6 router advertisement + sysctl: + name: "net.ipv6.conf.default.accept_ra" + value: "0" + state: "present" + sysctl_file: "/etc/sysctl.d/90-csit.conf" + reload: "yes" + tags: + - set-sysctl + +- name: VPP_device - Disable ipv6 router advertisement + sysctl: + name: "net.ipv6.conf.all.accept_ra" + value: "0" + state: "present" + sysctl_file: "/etc/sysctl.d/90-csit.conf" + reload: "yes" + tags: + - set-sysctl + +- name: VPP_device - Copy csit-initialize-vfs.sh + copy: + src: "files/csit-initialize-vfs.sh" + dest: "/usr/local/bin/" + owner: "root" + group: "root" + mode: "744" + tags: + - copy-vf-script + +- name: VPP_device - Copy csit-initialize-vfs-data.sh + copy: + src: "files/{{ vfs_data_file }}" + dest: "/usr/local/bin/csit-initialize-vfs-data.sh" + owner: "root" + group: "root" + mode: "744" + tags: copy-vf-data-script + when: + - vfs_data_file is defined + +- name: VPP_device - Copy default csit-initialize-vfs-data.sh + copy: + src: "files/csit-initialize-vfs-default.sh" + dest: "/usr/local/bin/csit-initialize-vfs-data.sh" + owner: "root" + group: "root" + mode: "744" + tags: copy-vf-data-script + when: + - vfs_data_file is not defined + +- name: VPP_device - Start csit-initialize-vfs.service + copy: + src: "files/csit-initialize-vfs.service" + dest: "/etc/systemd/system/" + owner: "root" + group: "root" + mode: "644" + notify: + - "Start csit-initialize-vfs.service" + tags: + - start-vf-service + +- meta: flush_handlers + +- name: VPP_device - Set hugepages in GRUB + lineinfile: + path: "/etc/default/grub" + state: "present" + regexp: "^GRUB_CMDLINE_LINUX=" + line: "GRUB_CMDLINE_LINUX=\"{% for key, value in grub.items() %}{% if value %}{{key}}={{value}} {% else %}{{key}} {% endif %}{% endfor %}\"" + notify: + - "Update GRUB" + - "Reboot server" + tags: + - set-grub + +- meta: flush_handlers |