aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible/roles
diff options
context:
space:
mode:
Diffstat (limited to 'fdio.infra.ansible/roles')
-rw-r--r--fdio.infra.ansible/roles/ab/defaults/main.yaml20
-rw-r--r--fdio.infra.ansible/roles/ab/tasks/main.yaml18
-rw-r--r--fdio.infra.ansible/roles/aws/defaults/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/aws/handlers/main.yaml15
-rw-r--r--fdio.infra.ansible/roles/aws/tasks/main.yaml93
-rw-r--r--fdio.infra.ansible/roles/aws/tasks/ubuntu_bionic.yaml10
-rw-r--r--fdio.infra.ansible/roles/aws/tasks/ubuntu_focal.yaml10
-rw-r--r--fdio.infra.ansible/roles/azure/defaults/main.yaml3
-rw-r--r--fdio.infra.ansible/roles/azure/files/10-dtap.link4
-rw-r--r--fdio.infra.ansible/roles/azure/handlers/main.yaml15
-rw-r--r--fdio.infra.ansible/roles/azure/tasks/main.yaml38
-rw-r--r--fdio.infra.ansible/roles/baremetal/handlers/cimc.yaml74
-rw-r--r--fdio.infra.ansible/roles/baremetal/handlers/ipmi.yaml52
-rw-r--r--fdio.infra.ansible/roles/baremetal/handlers/main.yaml30
-rw-r--r--fdio.infra.ansible/roles/cadvisor/defaults/main.yaml24
-rw-r--r--fdio.infra.ansible/roles/cadvisor/tasks/main.yaml39
-rw-r--r--fdio.infra.ansible/roles/calibration/defaults/main.yaml47
-rw-r--r--fdio.infra.ansible/roles/calibration/tasks/aarch64.yaml2
-rw-r--r--fdio.infra.ansible/roles/calibration/tasks/main.yaml89
-rw-r--r--fdio.infra.ansible/roles/calibration/tasks/x86_64.yaml35
-rw-r--r--fdio.infra.ansible/roles/cleanup/files/reset_vppdevice.sh113
-rw-r--r--fdio.infra.ansible/roles/cleanup/tasks/clean_images.yaml36
-rw-r--r--fdio.infra.ansible/roles/cleanup/tasks/kill_containers.yaml42
-rw-r--r--fdio.infra.ansible/roles/cleanup/tasks/kill_process.yaml37
-rw-r--r--fdio.infra.ansible/roles/cleanup/tasks/main.yaml43
-rw-r--r--fdio.infra.ansible/roles/cleanup/tasks/nomad.yaml22
-rw-r--r--fdio.infra.ansible/roles/cleanup/tasks/remove_package.yaml21
-rw-r--r--fdio.infra.ansible/roles/cleanup/tasks/sut.yaml83
-rw-r--r--fdio.infra.ansible/roles/cleanup/tasks/tg.yaml13
-rw-r--r--fdio.infra.ansible/roles/cleanup/tasks/vpp_device.yaml32
-rw-r--r--fdio.infra.ansible/roles/common/defaults/main.yaml72
-rw-r--r--fdio.infra.ansible/roles/common/handlers/main.yaml8
-rw-r--r--fdio.infra.ansible/roles/common/tasks/main.yaml55
-rw-r--r--fdio.infra.ansible/roles/consul/defaults/main.yaml110
-rw-r--r--fdio.infra.ansible/roles/consul/handlers/main.yaml23
-rw-r--r--fdio.infra.ansible/roles/consul/meta/main.yaml9
-rw-r--r--fdio.infra.ansible/roles/consul/tasks/main.yaml182
-rw-r--r--fdio.infra.ansible/roles/consul/templates/base.hcl.j243
-rw-r--r--fdio.infra.ansible/roles/consul/templates/consul.hcl.j212
-rw-r--r--fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j221
-rw-r--r--fdio.infra.ansible/roles/consul/templates/ports.hcl.j29
-rw-r--r--fdio.infra.ansible/roles/consul/templates/services.json.j213
-rw-r--r--fdio.infra.ansible/roles/consul/templates/telemetry.hcl.j23
-rw-r--r--fdio.infra.ansible/roles/consul/vars/main.yaml5
-rw-r--r--fdio.infra.ansible/roles/csit_sut_image/files/Dockerfile166
-rw-r--r--fdio.infra.ansible/roles/csit_sut_image/files/supervisord.conf24
-rw-r--r--fdio.infra.ansible/roles/csit_sut_image/tasks/main.yaml30
-rw-r--r--fdio.infra.ansible/roles/docker/defaults/main.yaml38
-rw-r--r--fdio.infra.ansible/roles/docker/handlers/main.yaml9
-rw-r--r--fdio.infra.ansible/roles/docker/meta/main.yaml4
-rw-r--r--fdio.infra.ansible/roles/docker/tasks/main.yaml82
-rw-r--r--fdio.infra.ansible/roles/docker/tasks/ubuntu_bionic.yaml30
-rw-r--r--fdio.infra.ansible/roles/docker/tasks/ubuntu_focal.yaml30
-rw-r--r--fdio.infra.ansible/roles/docker/templates/daemon.json.j21
-rw-r--r--fdio.infra.ansible/roles/docker/templates/docker.service.proxy.http4
-rw-r--r--fdio.infra.ansible/roles/docker/templates/docker.service.proxy.https4
-rw-r--r--fdio.infra.ansible/roles/dpdk/defaults/main.yaml31
-rw-r--r--fdio.infra.ansible/roles/dpdk/files/dpdk-mlx5.patch19
-rw-r--r--fdio.infra.ansible/roles/dpdk/tasks/main.yaml68
-rw-r--r--fdio.infra.ansible/roles/iperf/defaults/main.yaml26
-rw-r--r--fdio.infra.ansible/roles/iperf/tasks/main.yaml62
-rw-r--r--fdio.infra.ansible/roles/jenkins_job_health_exporter/defaults/main.yaml35
-rw-r--r--fdio.infra.ansible/roles/jenkins_job_health_exporter/handlers/main.yaml9
-rw-r--r--fdio.infra.ansible/roles/jenkins_job_health_exporter/tasks/main.yaml38
-rw-r--r--fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.j216
-rw-r--r--fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.service.j213
-rw-r--r--fdio.infra.ansible/roles/kernel/defaults/main.yaml43
-rw-r--r--fdio.infra.ansible/roles/kernel/filter_plugins/main.py143
-rw-r--r--fdio.infra.ansible/roles/kernel/handlers/main.yaml8
-rw-r--r--fdio.infra.ansible/roles/kernel/tasks/main.yaml9
-rw-r--r--fdio.infra.ansible/roles/kernel/tasks/ubuntu_bionic.yaml51
-rw-r--r--fdio.infra.ansible/roles/kernel/tasks/ubuntu_focal.yaml51
-rw-r--r--fdio.infra.ansible/roles/kernel_vm/files/initramfs_modules4
-rw-r--r--fdio.infra.ansible/roles/kernel_vm/files/initramfs_resume1
-rw-r--r--fdio.infra.ansible/roles/kernel_vm/tasks/main.yaml92
-rw-r--r--fdio.infra.ansible/roles/kubernetes/defaults/main.yaml15
-rw-r--r--fdio.infra.ansible/roles/kubernetes/tasks/main.yaml14
-rw-r--r--fdio.infra.ansible/roles/kubernetes/tasks/ubuntu_bionic.yaml37
-rw-r--r--fdio.infra.ansible/roles/mellanox/defaults/main.yaml21
-rw-r--r--fdio.infra.ansible/roles/mellanox/tasks/main.yaml67
-rw-r--r--fdio.infra.ansible/roles/nomad/defaults/main.yaml105
-rw-r--r--fdio.infra.ansible/roles/nomad/handlers/main.yaml10
-rw-r--r--fdio.infra.ansible/roles/nomad/meta/main.yaml9
-rw-r--r--fdio.infra.ansible/roles/nomad/tasks/main.yaml192
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/base.hcl.j211
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/client.hcl.j231
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/custom.hcl.j25
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j221
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/server.hcl.j216
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j220
-rw-r--r--fdio.infra.ansible/roles/nomad/templates/tls.hcl.j212
-rw-r--r--fdio.infra.ansible/roles/nomad/vars/main.yaml5
-rw-r--r--fdio.infra.ansible/roles/performance_tuning/defaults/main.yaml20
-rw-r--r--fdio.infra.ansible/roles/performance_tuning/files/cpufrequtils1
-rw-r--r--fdio.infra.ansible/roles/performance_tuning/files/disable-turbo-boost.service10
-rw-r--r--fdio.infra.ansible/roles/performance_tuning/files/irqbalance25
-rw-r--r--fdio.infra.ansible/roles/performance_tuning/filter_plugins/main.py29
-rw-r--r--fdio.infra.ansible/roles/performance_tuning/handlers/main.yaml13
-rw-r--r--fdio.infra.ansible/roles/performance_tuning/tasks/main.yaml189
-rw-r--r--fdio.infra.ansible/roles/performance_tuning/tasks/turbo_boost.yaml44
-rw-r--r--fdio.infra.ansible/roles/prometheus_exporter/defaults/main.yaml17
-rw-r--r--fdio.infra.ansible/roles/prometheus_exporter/files/blackbox.yml25
-rw-r--r--fdio.infra.ansible/roles/prometheus_exporter/handlers/main.yaml16
-rw-r--r--fdio.infra.ansible/roles/prometheus_exporter/tasks/main.yaml15
-rw-r--r--fdio.infra.ansible/roles/prometheus_exporter/tasks/ubuntu_bionic.yaml33
-rw-r--r--fdio.infra.ansible/roles/python_env/defaults/main.yaml41
-rw-r--r--fdio.infra.ansible/roles/python_env/tasks/main.yaml82
-rw-r--r--fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.service12
-rwxr-xr-xfdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.sh58
-rw-r--r--fdio.infra.ansible/roles/tg/handlers/main.yaml10
-rw-r--r--fdio.infra.ansible/roles/tg/tasks/main.yaml30
-rw-r--r--fdio.infra.ansible/roles/topology/tasks/main.yaml9
-rw-r--r--fdio.infra.ansible/roles/topology/templates/topology_2n_aws_c5n.j256
-rw-r--r--fdio.infra.ansible/roles/topology/templates/topology_3n_aws_c5n.j283
-rw-r--r--fdio.infra.ansible/roles/topology/templates/topology_3n_azure_Fsv2.j282
-rw-r--r--fdio.infra.ansible/roles/trex/defaults/main.yaml44
-rw-r--r--fdio.infra.ansible/roles/trex/files/t-rex.patch548
-rw-r--r--fdio.infra.ansible/roles/trex/tasks/deploy_block.yaml55
-rw-r--r--fdio.infra.ansible/roles/trex/tasks/main.yaml24
-rw-r--r--fdio.infra.ansible/roles/user_add/defaults/main.yaml11
-rw-r--r--fdio.infra.ansible/roles/user_add/handlers/main.yaml7
-rw-r--r--fdio.infra.ansible/roles/user_add/tasks/main.yaml48
-rw-r--r--fdio.infra.ansible/roles/vpp/defaults/main.yaml36
-rw-r--r--fdio.infra.ansible/roles/vpp/tasks/main.yaml27
-rw-r--r--fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-default.sh22
-rw-r--r--fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-tx2.sh34
-rw-r--r--fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.service12
-rw-r--r--fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.sh73
-rw-r--r--fdio.infra.ansible/roles/vpp_device/handlers/main.yaml21
-rw-r--r--fdio.infra.ansible/roles/vpp_device/tasks/main.yaml92
130 files changed, 5313 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/ab/defaults/main.yaml b/fdio.infra.ansible/roles/ab/defaults/main.yaml
new file mode 100644
index 0000000000..45b80be42d
--- /dev/null
+++ b/fdio.infra.ansible/roles/ab/defaults/main.yaml
@@ -0,0 +1,20 @@
+---
+# file: roles/wrk/defaults/main.yaml
+
+packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - []
+
+packages_by_distro:
+ ubuntu:
+ bionic:
+ - "apache2-utils"
+ focal:
+ - "apache2-utils"
+
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
diff --git a/fdio.infra.ansible/roles/ab/tasks/main.yaml b/fdio.infra.ansible/roles/ab/tasks/main.yaml
new file mode 100644
index 0000000000..37e702e6df
--- /dev/null
+++ b/fdio.infra.ansible/roles/ab/tasks/main.yaml
@@ -0,0 +1,18 @@
+---
+# file: roles/ab/tasks/main.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - ab-inst-prerequisites
+
+- name: Inst - Apache ab tools
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: present
+ tags:
+ - ab-inst \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/aws/defaults/main.yaml b/fdio.infra.ansible/roles/aws/defaults/main.yaml
new file mode 100644
index 0000000000..d4ea91afd4
--- /dev/null
+++ b/fdio.infra.ansible/roles/aws/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+# file: roles/aws/defaults/main.yaml
diff --git a/fdio.infra.ansible/roles/aws/handlers/main.yaml b/fdio.infra.ansible/roles/aws/handlers/main.yaml
new file mode 100644
index 0000000000..7363dc2c34
--- /dev/null
+++ b/fdio.infra.ansible/roles/aws/handlers/main.yaml
@@ -0,0 +1,15 @@
+---
+# file: roles/aws/handlers/main.yaml
+
+- name: Reboot server
+ reboot:
+ reboot_timeout: 3600
+ tags:
+ - reboot-server
+
+- name: AWS - Reload systemd-modules
+ systemd:
+ name: "systemd-modules-load"
+ state: "restarted"
+ tags:
+ - reload-systemd-modules
diff --git a/fdio.infra.ansible/roles/aws/tasks/main.yaml b/fdio.infra.ansible/roles/aws/tasks/main.yaml
new file mode 100644
index 0000000000..2d209762c3
--- /dev/null
+++ b/fdio.infra.ansible/roles/aws/tasks/main.yaml
@@ -0,0 +1,93 @@
+---
+# file: roles/aws/tasks/main.yaml
+
+- name: Edit repositories
+ include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml"
+ tags:
+ - aws-edit-repo
+
+- name: Get vfio-pci With WC Patcher
+ get_url:
+ url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/get-vfio-with-wc.sh"
+ dest: "/opt/get-vfio-with-wc.sh"
+ mode: "744"
+ tags:
+ - aws-vfio-patch
+
+- name: Create vfio-pci Patch Directory
+ file:
+ path: "/opt/patches/"
+ state: "directory"
+ tags:
+ - aws-vfio-patch
+
+- name: Get vfio-pci WC Patch >=4.10
+ get_url:
+ url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/linux-4.10-vfio-wc.patch"
+ dest: "/opt/patches/linux-4.10-vfio-wc.patch"
+ mode: "744"
+ tags:
+ - aws-vfio-patch
+
+- name: Get vfio-pci WC Patch >=5.8
+ get_url:
+ url: "https://github.com/amzn/amzn-drivers/raw/master/userspace/dpdk/enav2-vfio-patch/patches/linux-5.8-vfio-wc.patch"
+ dest: "/opt/patches/linux-5.8-vfio-wc.patch"
+ mode: "744"
+ tags:
+ - aws-vfio-patch
+
+- name: Compile vfio-pci With WC Patch
+ shell: "/bin/bash /opt/get-vfio-with-wc.sh"
+ tags:
+ - aws-vfio-patch
+
+- name: Load Kernel Modules By Default
+ lineinfile:
+ path: "/etc/modules"
+ state: "present"
+ line: "{{ item }}"
+ with_items:
+ - "vfio-pci"
+ - "igb_uio"
+ tags:
+ - aws-load-kernel-modules
+
+- name: Add Kernel Modules Options (igb_uio)
+ lineinfile:
+ path: "/etc/modprobe.d/igb_uio.conf"
+ state: "present"
+ line: "{{ item }}"
+ create: "yes"
+ with_items:
+ - "options igb_uio wc_activate=1"
+ tags:
+ - aws-load-kernel-modules
+
+- name: Add Kernel Modules Options (vfio-pci)
+ lineinfile:
+ path: "/etc/modprobe.d/vfio-noiommu.conf"
+ state: "present"
+ line: "{{ item }}"
+ create: "yes"
+ with_items:
+ - "options vfio enable_unsafe_noiommu_mode=1"
+ tags:
+ - aws-load-kernel-modules
+
+- name: Reload systemd-modules
+ systemd:
+ name: "systemd-modules-load"
+ state: "restarted"
+ tags:
+ - aws-reload-systemd-modules
+
+- name: Performance Tuning - Adjust nr_hugepages
+ sysctl:
+ name: "vm.nr_hugepages"
+ value: "8192"
+ state: "present"
+ sysctl_file: "/etc/sysctl.d/90-csit.conf"
+ reload: "yes"
+ tags:
+ - aws-set-hugepages
diff --git a/fdio.infra.ansible/roles/aws/tasks/ubuntu_bionic.yaml b/fdio.infra.ansible/roles/aws/tasks/ubuntu_bionic.yaml
new file mode 100644
index 0000000000..bca1cf5095
--- /dev/null
+++ b/fdio.infra.ansible/roles/aws/tasks/ubuntu_bionic.yaml
@@ -0,0 +1,10 @@
+---
+# file: roles/aws/tasks/ubuntu_bionic.yaml.yaml
+
+- name: Enable deb-src APT Repository
+ apt_repository:
+ repo: "deb-src http://archive.ubuntu.com/ubuntu bionic main"
+ state: "present"
+ update_cache: yes
+ tags:
+ - aws-enable-src-repo
diff --git a/fdio.infra.ansible/roles/aws/tasks/ubuntu_focal.yaml b/fdio.infra.ansible/roles/aws/tasks/ubuntu_focal.yaml
new file mode 100644
index 0000000000..a8cc56c0c4
--- /dev/null
+++ b/fdio.infra.ansible/roles/aws/tasks/ubuntu_focal.yaml
@@ -0,0 +1,10 @@
+---
+# file: roles/aws/tasks/ubuntu_focal.yaml.yaml
+
+- name: Enable deb-src APT Repository
+ apt_repository:
+ repo: "deb-src http://archive.ubuntu.com/ubuntu focal main"
+ state: "present"
+ update_cache: yes
+ tags:
+ - aws-enable-src-repo
diff --git a/fdio.infra.ansible/roles/azure/defaults/main.yaml b/fdio.infra.ansible/roles/azure/defaults/main.yaml
new file mode 100644
index 0000000000..8c48c307bc
--- /dev/null
+++ b/fdio.infra.ansible/roles/azure/defaults/main.yaml
@@ -0,0 +1,3 @@
+---
+# file: roles/azure/defaults/main.yaml
+
diff --git a/fdio.infra.ansible/roles/azure/files/10-dtap.link b/fdio.infra.ansible/roles/azure/files/10-dtap.link
new file mode 100644
index 0000000000..a8e0aa10f3
--- /dev/null
+++ b/fdio.infra.ansible/roles/azure/files/10-dtap.link
@@ -0,0 +1,4 @@
+[Match]
+OriginalName=dtap*
+[Link]
+NamePolicy=kernel
diff --git a/fdio.infra.ansible/roles/azure/handlers/main.yaml b/fdio.infra.ansible/roles/azure/handlers/main.yaml
new file mode 100644
index 0000000000..f0d46062d9
--- /dev/null
+++ b/fdio.infra.ansible/roles/azure/handlers/main.yaml
@@ -0,0 +1,15 @@
+---
+# file: roles/azure/handlers/main.yaml
+
+- name: Reboot server
+ reboot:
+ reboot_timeout: 3600
+ tags:
+ - reboot-server
+
+- name: Azure - Reload systemd-modules
+ systemd:
+ name: "systemd-modules-load"
+ state: "restarted"
+ tags:
+ - reload-systemd-modules
diff --git a/fdio.infra.ansible/roles/azure/tasks/main.yaml b/fdio.infra.ansible/roles/azure/tasks/main.yaml
new file mode 100644
index 0000000000..c8d72475d8
--- /dev/null
+++ b/fdio.infra.ansible/roles/azure/tasks/main.yaml
@@ -0,0 +1,38 @@
+---
+# file: roles/azure/tasks/main.yaml
+
+- name: Azure - Load Kernel Modules By Default
+ lineinfile:
+ path: "/etc/modules"
+ state: "present"
+ line: "{{ item }}"
+ with_items:
+ - "vfio-pci"
+ - "ib_uverbs"
+ - "mlx4_ib"
+ - "mlx5_ib"
+ notify: "Azure - Reload systemd-modules"
+ tags:
+ - load-kernel-modules
+
+- name: Azure - Performance Tuning - Adjust nr_hugepages
+ sysctl:
+ name: "vm.nr_hugepages"
+ value: "8192"
+ state: "present"
+ sysctl_file: "/etc/sysctl.d/90-csit.conf"
+ reload: "yes"
+ tags:
+ - set-sysctl
+
+- name: Azure - prevent interface renaming
+ copy:
+ src: "files/10-dtap.link"
+ dest: "/etc/systemd/network/"
+ owner: "root"
+ group: "root"
+ mode: "0644"
+ notify:
+ - "Reboot server"
+ tags:
+ - prevent-interface-renaming
diff --git a/fdio.infra.ansible/roles/baremetal/handlers/cimc.yaml b/fdio.infra.ansible/roles/baremetal/handlers/cimc.yaml
new file mode 100644
index 0000000000..0048d19032
--- /dev/null
+++ b/fdio.infra.ansible/roles/baremetal/handlers/cimc.yaml
@@ -0,0 +1,74 @@
+---
+# file: roles/baremeatal/handlers/cimc.yaml
+
+- name: Boot from network
+ imc_rest:
+ hostname: "{{ inventory_cimc_hostname }}"
+ username: "{{ inventory_cimc_username }}"
+ password: "{{ inventory_cimc_password }}"
+ validate_certs: no
+ content: |
+ <!-- Configure PXE boot -->
+ <configConfMo><inConfig>
+ <lsbootLan dn="sys/rack-unit-1/boot-policy/lan-read-only" access="read-only" order="1" prot="pxe" type="lan"/>
+ </inConfig></configConfMo>
+ delegate_to: localhost
+ tags:
+ - boot-network
+
+- name: Boot from storage
+ imc_rest:
+ hostname: "{{ inventory_cimc_hostname }}"
+ username: "{{ inventory_cimc_username }}"
+ password: "{{ inventory_cimc_password }}"
+ validate_certs: no
+ content: |
+ <configConfMo><inConfig>
+ <lsbootStorage dn="sys/rack-unit-1/boot-policy/storage-read-write" access="read-write" order="1" type="storage"/>
+ </inConfig></configConfMo>
+ delegate_to: localhost
+ tags:
+ - boot-storage
+
+- name: Power up server
+ imc_rest:
+ hostname: "{{ inventory_cimc_hostname }}"
+ username: "{{ inventory_cimc_username }}"
+ password: "{{ inventory_cimc_password }}"
+ validate_certs: no
+ content: |
+ <configConfMo><inConfig>
+ <computeRackUnit dn="sys/rack-unit-1" adminPower="up"/>
+ </inConfig></configConfMo>
+ delegate_to: localhost
+ tags:
+ - power-up
+
+- name: Power down server
+ imc_rest:
+ hostname: "{{ inventory_cimc_hostname }}"
+ username: "{{ inventory_cimc_username }}"
+ password: "{{ inventory_cimc_password }}"
+ validate_certs: no
+ content: |
+ <configConfMo><inConfig>
+ <computeRackUnit dn="sys/rack-unit-1" adminPower="down"/>
+ </inConfig></configConfMo>
+ delegate_to: localhost
+ tags:
+ - power-down
+
+- name: Power cycle server
+ imc_rest:
+ hostname: "{{ inventory_cimc_hostname }}"
+ username: "{{ inventory_cimc_username }}"
+ password: "{{ inventory_cimc_password }}"
+ validate_certs: no
+ content: |
+ <!-- Power cycle server -->
+ <configConfMo><inConfig>
+ <computeRackUnit dn="sys/rack-unit-1" adminPower="cycle-immediate"/>
+ </inConfig></configConfMo>
+ delegate_to: localhost
+ tags:
+ - power-cycle
diff --git a/fdio.infra.ansible/roles/baremetal/handlers/ipmi.yaml b/fdio.infra.ansible/roles/baremetal/handlers/ipmi.yaml
new file mode 100644
index 0000000000..239b8973f7
--- /dev/null
+++ b/fdio.infra.ansible/roles/baremetal/handlers/ipmi.yaml
@@ -0,0 +1,52 @@
+---
+# file: roles/baremetal/handlers/ipmi.yaml
+
+- name: Boot from network
+ ipmi_boot:
+ name: "{{ inventory_ipmi_hostname }}"
+ user: "{{ inventory_ipmi_username }}"
+ password: "{{ inventory_ipmi_password }}"
+ bootdev: network
+ delegate_to: localhost
+ tags:
+ - boot-network
+
+- name: Boot from storage
+ ipmi_boot:
+ name: "{{ inventory_ipmi_hostname }}"
+ user: "{{ inventory_ipmi_username }}"
+ password: "{{ inventory_ipmi_password }}"
+ bootdev: hd
+ delegate_to: localhost
+ tags:
+ - boot-storage
+
+- name: Power up server
+ ipmi_power:
+ name: "{{ inventory_ipmi_hostname }}"
+ user: "{{ inventory_ipmi_username }}"
+ password: "{{ inventory_ipmi_password }}"
+ state: on
+ delegate_to: localhost
+ tags:
+ - power-up
+
+- name: Power down server
+ ipmi_power:
+ name: "{{ inventory_ipmi_hostname }}"
+ user: "{{ inventory_ipmi_username }}"
+ password: "{{ inventory_ipmi_password }}"
+ state: off
+ delegate_to: localhost
+ tags:
+ - power-down
+
+- name: Power cycle server
+ ipmi_power:
+ name: "{{ inventory_ipmi_hostname }}"
+ user: "{{ inventory_ipmi_username }}"
+ password: "{{ inventory_ipmi_password }}"
+ state: boot
+ delegate_to: localhost
+ tags:
+ - power-cycle
diff --git a/fdio.infra.ansible/roles/baremetal/handlers/main.yaml b/fdio.infra.ansible/roles/baremetal/handlers/main.yaml
new file mode 100644
index 0000000000..d8dabeb222
--- /dev/null
+++ b/fdio.infra.ansible/roles/baremetal/handlers/main.yaml
@@ -0,0 +1,30 @@
+---
+# file: roles/baremetal/handlers/main.yaml
+
+- name: IPMI specific
+ import_tasks: ipmi.yaml
+ when: inventory_ipmi_hostname is defined
+ tags:
+ - ipmi-handlers
+
+- name: CIMC specific
+ import_tasks: cimc.yaml
+ when: inventory_cimc_hostname is defined
+ tags:
+ - cimc-handlers
+
+- name: Reboot server
+ reboot:
+ reboot_timeout: 3600
+ tags:
+ - reboot-server
+
+- name: Wait for server to restart
+ wait_for:
+ host: "{{ inventory_hostname }}"
+ search_regex: OpenSSH
+ port: 22
+ delay: 60
+ timeout: 3600
+ tags:
+ - reboot-server
diff --git a/fdio.infra.ansible/roles/cadvisor/defaults/main.yaml b/fdio.infra.ansible/roles/cadvisor/defaults/main.yaml
new file mode 100644
index 0000000000..3b25e551ea
--- /dev/null
+++ b/fdio.infra.ansible/roles/cadvisor/defaults/main.yaml
@@ -0,0 +1,24 @@
+---
+# file: roles/cadvisor/defaults/main.yaml
+
+packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - []
+
+packages_by_distro:
+ ubuntu:
+ - "python3-docker"
+ - "python3-dockerpty"
+
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
+
+image: "{{ image_by_arch[ansible_machine] }}"
+
+image_by_arch:
+ aarch64: "zcube/cadvisor:v0.37.0"
+ x86_64: "gcr.io/cadvisor/cadvisor:v0.38.7" \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/cadvisor/tasks/main.yaml b/fdio.infra.ansible/roles/cadvisor/tasks/main.yaml
new file mode 100644
index 0000000000..a2a13368c2
--- /dev/null
+++ b/fdio.infra.ansible/roles/cadvisor/tasks/main.yaml
@@ -0,0 +1,39 @@
+---
+# file: roles/cadvisor/tasks/main.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - cadvisor-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - cadvisor-inst-prerequisites
+
+- name: Inst - Start a container
+ docker_container:
+ name: "cAdvisor"
+ image: "{{ image }}"
+ state: "started"
+ restart_policy: "unless-stopped"
+ detach: yes
+ devices:
+ - "/dev/kmsg"
+ ports:
+ - "8080:8080"
+ privileged: yes
+ volumes:
+ - "/:/rootfs:ro"
+ - "/var/run:/var/run:ro"
+ - "/sys:/sys:ro"
+ - "/var/lib/docker/:/var/lib/docker:ro"
+ - "/dev/disk/:/dev/disk:ro"
+ tags:
+ - cadvisor-run-container
diff --git a/fdio.infra.ansible/roles/calibration/defaults/main.yaml b/fdio.infra.ansible/roles/calibration/defaults/main.yaml
new file mode 100644
index 0000000000..020c0119b1
--- /dev/null
+++ b/fdio.infra.ansible/roles/calibration/defaults/main.yaml
@@ -0,0 +1,47 @@
+---
+# file: roles/calibration/defaults/main.yaml
+
+# Packages to install.
+packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - []
+
+packages_by_distro:
+ ubuntu:
+ bionic:
+ - "build-essential"
+ - "dmidecode"
+ focal:
+ - "build-essential"
+ - "dmidecode"
+
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
+
+# Kernel version to check.
+kernel_version: "{{ kernel_version_by_distro_by_arch[ansible_distribution | lower][ansible_distribution_release][ansible_machine] }}"
+
+kernel_version_by_distro_by_arch:
+ ubuntu:
+ bionic:
+ x86_64:
+ - "4.15.0-72-generic"
+ - "5.3.0-1020-azure"
+ - "4.15.0-1057-aws"
+ aarch64:
+ - "4.15.0-54-generic"
+ focal:
+ x86_64:
+ - "5.4.0-65-generic"
+ - "5.3.0-1020-azure"
+ - "5.4.0-1035-aws"
+ aarch64:
+ - "5.4.0-65-generic"
+
+pma_directory: "/tmp/pma_tools"
+jitter_core: 7
+jitter_iterations: 20
diff --git a/fdio.infra.ansible/roles/calibration/tasks/aarch64.yaml b/fdio.infra.ansible/roles/calibration/tasks/aarch64.yaml
new file mode 100644
index 0000000000..ca4e75d268
--- /dev/null
+++ b/fdio.infra.ansible/roles/calibration/tasks/aarch64.yaml
@@ -0,0 +1,2 @@
+---
+# file: roles/calibration/tasks/aarch64.yaml
diff --git a/fdio.infra.ansible/roles/calibration/tasks/main.yaml b/fdio.infra.ansible/roles/calibration/tasks/main.yaml
new file mode 100644
index 0000000000..696f1c9265
--- /dev/null
+++ b/fdio.infra.ansible/roles/calibration/tasks/main.yaml
@@ -0,0 +1,89 @@
+---
+# file: roles/calibration/tasks/main.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - calibration-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - calibration-inst-prerequisites
+
+- name: Check CPU Power States
+ shell: "lscpu"
+ register: current_lscpu
+ changed_when: false
+ tags:
+ - check-cpu-frequency
+
+- name: Check CPU Power States
+ assert:
+ that:
+ - "'CPU min MHz' not in current_lscpu.stdout or 'Intel(R) Xeon(R)' not in ansible_processor"
+ fail_msg: "CPU configuration!"
+ success_msg: "CPU configuration match."
+ tags:
+ - check-cpu-frequency
+
+- name: Check Kernel Parameters
+ assert:
+ that:
+ - item in ansible_cmdline and grub[item] == ansible_cmdline[item]
+ fail_msg: "Kernel parameters!"
+ success_msg: "Kernel parameters match."
+ loop: "{{ grub.keys()|sort }}"
+ when:
+ - grub is defined
+ tags:
+ - check-kernel-params
+
+- name: Check Kernel Version
+ assert:
+ that:
+ - ansible_kernel not in kernel_version_by_distro_by_arch
+ fail_msg: "Kernel version!"
+ success_msg: "Kernel version match."
+ tags:
+ - check-kernel-version
+
+- name: Get Spectre Meltdown Checker
+ get_url:
+ url: "https://meltdown.ovh"
+ dest: "/opt/spectre-meltdown-checker.sh"
+ mode: "744"
+ tags:
+ - check-spectre-meltdown
+
+- name: Run Spectre Meltdown Checker
+ shell: "/opt/spectre-meltdown-checker.sh --no-color || true"
+ async: 60
+ poll: 0
+ ignore_errors: true
+ register: spectre_meltdown_async
+ tags:
+ - check-spectre-meltdown
+
+- name: "{{ ansible_machine }} Specific"
+ include_tasks: "{{ ansible_machine }}.yaml"
+ tags:
+ - check-machine-specific
+ - check-jitter-tool
+
+- name: Check Sync Status
+ async_status:
+ jid: "{{ spectre_meltdown_async.ansible_job_id }}"
+ register: "spectre_meltdown_poll_results"
+ until: spectre_meltdown_poll_results.finished
+ retries: 30
+
+- debug: var=spectre_meltdown_poll_results.stdout_lines
+ tags:
+ - check-spectre-meltdown
diff --git a/fdio.infra.ansible/roles/calibration/tasks/x86_64.yaml b/fdio.infra.ansible/roles/calibration/tasks/x86_64.yaml
new file mode 100644
index 0000000000..90b1c954b5
--- /dev/null
+++ b/fdio.infra.ansible/roles/calibration/tasks/x86_64.yaml
@@ -0,0 +1,35 @@
+---
+# file: roles/calibration/tasks/x86_64.yaml
+
+- name: Calibration - Clone PMA Tool
+ git:
+ repo: "https://gerrit.fd.io/r/pma_tools"
+ dest: "{{ pma_directory }}"
+ tags:
+ - check-jitter-tool
+
+- name: Calibration - Compile PMA Tool
+ raw: "cd {{ pma_directory }}/jitter && make"
+ tags:
+ - check-jitter-tool
+
+- name: Calibration - Run Jitter Tool
+ shell: "{{ pma_directory }}/jitter/jitter -c {{ jitter_core }} -i {{ jitter_iterations }} -f"
+ become: yes
+ async: 60
+ poll: 0
+ ignore_errors: yes
+ register: jitter_async
+ tags:
+ - check-jitter-tool
+
+- name: Check sync status
+ async_status:
+ jid: "{{ jitter_async.ansible_job_id }}"
+ register: "jitter_poll_results"
+ until: jitter_poll_results.finished
+ retries: 30
+
+- debug: var=jitter_poll_results.stdout_lines
+ tags:
+ - check-jitter-tool
diff --git a/fdio.infra.ansible/roles/cleanup/files/reset_vppdevice.sh b/fdio.infra.ansible/roles/cleanup/files/reset_vppdevice.sh
new file mode 100644
index 0000000000..ede2db1273
--- /dev/null
+++ b/fdio.infra.ansible/roles/cleanup/files/reset_vppdevice.sh
@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+function die () {
+ # Print the message to standard error end exit with error code specified
+ # by the second argument.
+ #
+ # Hardcoded values:
+ # - The default error message.
+ # Arguments:
+ # - ${1} - The whole error message, be sure to quote. Optional
+ # - ${2} - the code to exit with, default: 1.
+
+ set +eu
+ warn "${1:-Unspecified run-time error occurred!}"
+ exit "${2:-1}"
+}
+
+
+function set_eligibility_off {
+ # Set Nomad eligibility to ineligible for scheduling. Fail otherwise.
+
+ set -euo pipefail
+
+ node_id="$(nomad node status | grep $(hostname) | cut -d ' ' -f 1)" || die
+ node_status="$(nomad node status | grep $(hostname))" || die
+
+ if [[ "${node_status}" != *"ineligible"* ]]; then
+ nomad node eligibility -disable "${node_id}" || die
+ node_status="$(nomad node status | grep $(hostname))" || die
+ if [[ "${node_status}" != *"ineligible"* ]]; then
+ die "Set eligibility off failed!"
+ fi
+ fi
+}
+
+
+function set_eligibility_on {
+ # Set Nomad eligibility to eligible for scheduling. Fail otherwise.
+
+ set -euo pipefail
+
+ node_id="$(nomad node status | grep $(hostname) | cut -d ' ' -f 1)" || die
+ node_status="$(nomad node status | grep $(hostname))" || die
+
+ if [[ "${node_status}" == *"ineligible"* ]]; then
+ nomad node eligibility -enable "${node_id}" || die
+ node_status="$(nomad node status | grep $(hostname))" || die
+ if [[ "${node_status}" == *"ineligible"* ]]; then
+ die "Set eligibility on failed!"
+ fi
+ fi
+}
+
+
+function restart_vfs_service {
+ # Stop and start VF serice. This will reinitialize VFs and driver mappings.
+
+ set -euo pipefail
+
+ warn "Restarting VFs service (this may take few minutes)..."
+ sudo service csit-initialize-vfs stop || die "Failed to stop VFs service!"
+ sudo service csit-initialize-vfs start || die "Failed to start VFs service!"
+}
+
+
+function wait_for_pending_containers {
+ # Wait in loop for defined amount of time for pending containers to
+ # gracefully quit them. If parameter force is specified. Force kill them.
+
+ # Arguments:
+ # - ${@} - Script parameters.
+
+ set -euo pipefail
+
+ retries=60
+ wait_time=60
+ containers=(docker ps --quiet --filter name=csit*)
+
+ for i in $(seq 1 ${retries}); do
+ mapfile -t pending_containers < <( ${containers[@]} ) || die
+ warn "Waiting for pending containers [${pending_containers[@]}] ..."
+ if [ ${#pending_containers[@]} -eq 0 ]; then
+ break
+ fi
+ sleep "${wait_time}" || die
+ done
+ if [ ${#pending_containers[@]} -ne 0 ]; then
+ if [[ "${1-}" == "force" ]]; then
+ warn "Force killing [${pending_containers[@]}] ..."
+ docker rm --force ${pending_containers[@]} || die
+ else
+ die "Still few containers running!"
+ fi
+ fi
+}
+
+
+function warn () {
+ # Print the message to standard error.
+ #
+ # Arguments:
+ # - ${@} - The text of the message.
+
+ echo "$@" >&2
+}
+
+
+set_eligibility_off || die
+wait_for_pending_containers "${@}" || die
+restart_vfs_service || die
+set_eligibility_on || die
diff --git a/fdio.infra.ansible/roles/cleanup/tasks/clean_images.yaml b/fdio.infra.ansible/roles/cleanup/tasks/clean_images.yaml
new file mode 100644
index 0000000000..e030acbff2
--- /dev/null
+++ b/fdio.infra.ansible/roles/cleanup/tasks/clean_images.yaml
@@ -0,0 +1,36 @@
+---
+# file: roles/cleanup/tasks/clean_images.yaml
+
+- name: Clean Docker Images
+ block:
+ - name: Clean Images - Prefetch Docker Images
+ cron:
+ name: "Prefetch docker image {{ item }}"
+ minute: "10"
+ hour: "7"
+ job: "/usr/bin/docker pull {{ item }}"
+ loop:
+ "{{ images_to_prefetch_by_arch[ansible_machine] }}"
+ tags:
+ - prefetch-docker-images
+
+ - name: Clean Images - Remove Dangling Docker Images
+ cron:
+ name: "Remove dangling docker images"
+ minute: "10"
+ hour: "5"
+ weekday: "7"
+ job: "/usr/bin/docker rmi $(/usr/bin/docker images --filter 'dangling=true' -q)"
+ tags:
+ - remove-docker-images-dangling
+
+ # TODO: Disabled until all images will be in registry
+ #- name: Clean Images - Prune Docker Images
+ # cron:
+ # name: "Prune docker images"
+ # minute: "10"
+ # hour: "6"
+ # weekday: 7
+ # job: "/usr/bin/docker image prune --all --force"
+ # tags:
+ # - prune-docker-images \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/cleanup/tasks/kill_containers.yaml b/fdio.infra.ansible/roles/cleanup/tasks/kill_containers.yaml
new file mode 100644
index 0000000000..25fd48e420
--- /dev/null
+++ b/fdio.infra.ansible/roles/cleanup/tasks/kill_containers.yaml
@@ -0,0 +1,42 @@
+---
+# file: roles/cleanup/tasks/kill_containers.yaml
+
+- name: Kill Docker Containers
+ block:
+ - name: Kill Container - Get Running Docker Containers
+ shell: "docker ps -aq"
+ register: running_containers
+ changed_when: no
+ tags:
+ - kill-containers
+
+ - name: Kill Container - Remove All Docker Containers
+ shell: "docker rm --force {{ item }}"
+ with_items: "{{ running_containers.stdout_lines }}"
+ tags:
+ - kill-containers
+
+ rescue:
+ - name: Restart Docker Daemon
+ systemd:
+ name: "docker"
+ state: "restarted"
+
+- name: Kill LXC Containers
+ block:
+ - name: Kill Container - Get Running LXC Containers
+ shell: "lxc-ls"
+ register: running_containers
+ changed_when: no
+ tags:
+ - kill-containers
+
+ - name: Kill Container - Remove All LXC Containers
+ shell: "lxc-destroy --force -n {{ item }}"
+ with_items: "{{ running_containers.stdout_lines }}"
+ tags:
+ - kill-containers
+
+ rescue:
+ - fail:
+ msg: "Kill LXC containers failed!" \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/cleanup/tasks/kill_process.yaml b/fdio.infra.ansible/roles/cleanup/tasks/kill_process.yaml
new file mode 100644
index 0000000000..c7cee37485
--- /dev/null
+++ b/fdio.infra.ansible/roles/cleanup/tasks/kill_process.yaml
@@ -0,0 +1,37 @@
+---
+# file: roles/cleanup/tasks/kill_process.yaml
+
+- name: Kill Process - {{ process }}
+ block:
+ - name: Get PID Of {{ process }}
+ shell: "ps -ef | grep -v grep | grep -w {{ process }} | awk '{print $2}'"
+ when:
+ - process is defined and process != ""
+ register: running_processes
+ tags:
+ - kill-process
+
+ - name: Safe Kill {{ process }}
+ shell: "kill {{ item }}"
+ with_items: "{{ running_processes.stdout_lines }}"
+ tags:
+ - kill-process
+
+ - wait_for:
+ path: "/proc/{{ item }}/status"
+ state: "absent"
+ with_items: "{{ running_processes.stdout_lines }}"
+ ignore_errors: yes
+ register: killed_processes
+ tags:
+ - kill-process
+
+ - name: Kill Process - Force Kill {{ process }}
+ shell: "kill -9 {{ item }}"
+ with_items: "{{ killed_processes.results | select('failed') | map(attribute='item') | list }}"
+ tags:
+ - kill-process
+
+ rescue:
+ - fail:
+ msg: "Kill process {{ process }} failed!"
diff --git a/fdio.infra.ansible/roles/cleanup/tasks/main.yaml b/fdio.infra.ansible/roles/cleanup/tasks/main.yaml
new file mode 100644
index 0000000000..eeda0139b3
--- /dev/null
+++ b/fdio.infra.ansible/roles/cleanup/tasks/main.yaml
@@ -0,0 +1,43 @@
+---
+# file: roles/cleanup/tasks/main.yaml
+# purpose: Structured per server cleanup tasks.
+# - main:
+# - tg:
+# - Run tasks on TG servers only.
+# - Cleanup processes (T-Rex).
+# - sut:
+# - Run tasks on SUT servers only.
+# - Cleanup file leftovers (logs).
+# - Cleanup packages (VPP, Honeycomb).
+# - Cleanup processes (qemu, l3fwd, testpmd, docker, kubernetes)
+# - Cleanup interfaces.
+# - vpp_device
+# - Run tasks on vpp_device servers only.
+# - Reset SRIOV
+# - Docker image cleanup
+# - nomad
+# - Docker image cleanup
+
+- name: tg specific
+ include_tasks: tg.yaml
+ when: "'tg' in group_names"
+ tags:
+ - cleanup
+
+- name: sut specific
+ include_tasks: sut.yaml
+ when: "'sut' in group_names"
+ tags:
+ - cleanup
+
+- name: vpp_device specific
+ include_tasks: vpp_device.yaml
+ when: "'vpp_device' in group_names"
+ tags:
+ - cleanup
+
+- name: nomad specific
+ include_tasks: nomad.yaml
+ when: "'nomad' in group_names"
+ tags:
+ - cleanup
diff --git a/fdio.infra.ansible/roles/cleanup/tasks/nomad.yaml b/fdio.infra.ansible/roles/cleanup/tasks/nomad.yaml
new file mode 100644
index 0000000000..3c5bf6462d
--- /dev/null
+++ b/fdio.infra.ansible/roles/cleanup/tasks/nomad.yaml
@@ -0,0 +1,22 @@
+---
+# file: roles/cleanup/tasks/nomad.yaml
+
+- name: Host Cleanup
+ block:
+ - name: Clean Images
+ import_tasks: clean_images.yaml
+ vars:
+ images_to_prefetch_by_arch:
+ aarch64:
+ - "fdiotools/builder-ubuntu2004:prod-aarch64"
+ - "fdiotools/builder-ubuntu1804:prod-aarch64"
+ - "fdiotools/builder-centos8:prod-aarch64"
+ x86_64:
+ - "fdiotools/builder-ubuntu2004:prod-x86_64"
+ - "fdiotools/builder-ubuntu1804:prod-x86_64"
+ - "fdiotools/builder-debian10:prod-x86_64"
+ - "fdiotools/builder-debian9:prod-x86_64"
+ - "fdiotools/builder-centos8:prod-x86_64"
+ - "fdiotools/builder-centos7:prod-x86_64"
+ tags:
+ - clean-images \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/cleanup/tasks/remove_package.yaml b/fdio.infra.ansible/roles/cleanup/tasks/remove_package.yaml
new file mode 100644
index 0000000000..302b43c99a
--- /dev/null
+++ b/fdio.infra.ansible/roles/cleanup/tasks/remove_package.yaml
@@ -0,0 +1,21 @@
+---
+# file: roles/cleanup/tasks/remove_package.yaml
+
+- name: Remove Package - Fix Corrupted APT
+ shell: "dpkg --configure -a"
+ when:
+ - ansible_distribution == 'Ubuntu'
+ tags:
+ - remove-package
+
+- name: Remove Package - {{ package }}
+ apt:
+ name: "{{ package }}"
+ force: yes
+ purge: yes
+ state: "absent"
+ failed_when: no
+ when:
+ - ansible_distribution == 'Ubuntu'
+ tags:
+ - remove-package
diff --git a/fdio.infra.ansible/roles/cleanup/tasks/sut.yaml b/fdio.infra.ansible/roles/cleanup/tasks/sut.yaml
new file mode 100644
index 0000000000..d80a35b1cb
--- /dev/null
+++ b/fdio.infra.ansible/roles/cleanup/tasks/sut.yaml
@@ -0,0 +1,83 @@
+---
+# file: roles/cleanup/tasks/sut.yaml
+
+- name: Host Cleanup
+ block:
+ - name: Kill Processes - Qemu
+ import_tasks: kill_process.yaml
+ vars:
+ process: "qemu"
+ tags:
+ - kill-process
+
+ - name: Kill Processes - L3fwd
+ import_tasks: kill_process.yaml
+ vars:
+ process: "l3fwd"
+ tags:
+ - kill-process
+
+ - name: Kill Processes - Testpmd
+ import_tasks: kill_process.yaml
+ vars:
+ process: "testpmd"
+ tags:
+ - kill-process
+
+ - name: Kill Processes - iPerf3
+ import_tasks: kill_process.yaml
+ vars:
+ process: "iperf3"
+ tags:
+ - kill-process
+
+ - name: Kill Processes - vpp_echo
+ import_tasks: kill_process.yaml
+ vars:
+ process: "vpp_echo"
+ tags:
+ - kill-process
+
+ - name: Find File Or Dir - Core Zip File
+ find:
+ paths: "/tmp/"
+ patterns: "*tar.lzo.lrz.xz*"
+ register: files_to_delete
+ tags:
+ - remove-file-dir
+
+ - name: Remove File Or Dir - Core Zip File
+ file:
+ path: "{{ item.path }}"
+ state: absent
+ with_items: "{{ files_to_delete.files }}"
+ tags:
+ - remove-file-dir
+
+ - name: Find File Or Dir - Core Dump File
+ find:
+ paths: "/tmp/"
+ patterns: "*core*"
+ register: files_to_delete
+ tags:
+ - remove-file-dir
+
+ - name: Remove File Or Dir - Core Dump File
+ file:
+ path: "{{ item.path }}"
+ state: absent
+ with_items: "{{ files_to_delete.files }}"
+ tags:
+ - remove-file-dir
+
+ - name: Kill Containers - Remove All Containers
+ import_tasks: kill_containers.yaml
+ tags:
+ - kill-containers
+
+ - name: Remove Packages - Remove VPP
+ import_tasks: remove_package.yaml
+ vars:
+ package: "*vpp*"
+ tags:
+ - remove-package
diff --git a/fdio.infra.ansible/roles/cleanup/tasks/tg.yaml b/fdio.infra.ansible/roles/cleanup/tasks/tg.yaml
new file mode 100644
index 0000000000..fa2d2d2819
--- /dev/null
+++ b/fdio.infra.ansible/roles/cleanup/tasks/tg.yaml
@@ -0,0 +1,13 @@
+---
+# file: roles/cleanup/tasks/tg.yaml
+
+- name: Host Cleanup
+ block:
+ - name: Kill Processes - TRex
+ import_tasks: kill_process.yaml
+ vars:
+ process: "_t-rex"
+ when:
+ - docker_tg is undefined
+ tags:
+ - kill-process
diff --git a/fdio.infra.ansible/roles/cleanup/tasks/vpp_device.yaml b/fdio.infra.ansible/roles/cleanup/tasks/vpp_device.yaml
new file mode 100644
index 0000000000..41c4b29d37
--- /dev/null
+++ b/fdio.infra.ansible/roles/cleanup/tasks/vpp_device.yaml
@@ -0,0 +1,32 @@
+---
+# file: roles/cleanup/tasks/vpp_device.yaml
+
+- name: Host Cleanup
+ block:
+ - name: Reset vpp_device Binary
+ copy:
+ src: "files/reset_vppdevice.sh"
+ dest: "/usr/local/bin"
+ owner: "root"
+ group: "root"
+ mode: "744"
+ tags:
+ - reset-sriov
+
+ - name: Clean Images
+ import_tasks: clean_images.yaml
+ vars:
+ images_to_prefetch_by_arch:
+ aarch64:
+ - "fdiotools/builder-ubuntu2004:prod-aarch64"
+ - "fdiotools/builder-ubuntu1804:prod-aarch64"
+ - "fdiotools/builder-centos8:prod-aarch64"
+ x86_64:
+ - "fdiotools/builder-ubuntu2004:prod-x86_64"
+ - "fdiotools/builder-ubuntu1804:prod-x86_64"
+ - "fdiotools/builder-debian10:prod-x86_64"
+ - "fdiotools/builder-debian9:prod-x86_64"
+ - "fdiotools/builder-centos8:prod-x86_64"
+ - "fdiotools/builder-centos7:prod-x86_64"
+ tags:
+ - clean-images \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/common/defaults/main.yaml b/fdio.infra.ansible/roles/common/defaults/main.yaml
new file mode 100644
index 0000000000..43e40ebdf6
--- /dev/null
+++ b/fdio.infra.ansible/roles/common/defaults/main.yaml
@@ -0,0 +1,72 @@
+---
+# file: roles/common/defaults/main.yaml
+
+packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - "autoconf"
+ - "cgroup-tools"
+ - "dkms"
+ - "iperf3"
+ - "linux-tools-common"
+ - "ninja-build"
+ - "qemu-system"
+ - "socat"
+ - "unzip"
+ - "virtualenv"
+
+packages_by_distro:
+ ubuntu:
+ bionic:
+ - "build-essential"
+ - "libpcap-dev"
+ - "net-tools"
+ - "python-all"
+ - "python-apt"
+ - "python-cffi"
+ - "python-cffi-backend"
+ - "python-dev"
+ - "python-pip"
+ - "python-setuptools"
+ - "python3-all"
+ - "python3-apt"
+ - "python3-cffi"
+ - "python3-cffi-backend"
+ - "python3-dev"
+ - "python3-pip"
+ - "python3-pyelftools"
+ - "python3-setuptools"
+ focal:
+ - "build-essential"
+ - "libpcap-dev"
+ - "net-tools"
+ - "python3-all"
+ - "python3-apt"
+ - "python3-cffi"
+ - "python3-cffi-backend"
+ - "python3-dev"
+ - "python3-pip"
+ - "python3-pyelftools"
+ - "python3-setuptools"
+
+packages_by_arch:
+ aarch64:
+ - "gfortran"
+ - "libblas-dev"
+ - "libffi-dev"
+ - "liblapack-dev"
+ - "libssl-dev"
+ x86_64:
+ - []
+
+# Proxy settings: Uncomment and fill the proper values. These variables will be
+# set globally by writing into /etc/environment file on target machine.
+#proxy_env:
+# http_proxy: http://proxy.com:80
+# HTTP_PROXY: http://proxy.com:80
+# https_proxy: http://proxy.com:80
+# HTTPS_PROXY: http://proxy.com:80
+# ftp_proxy: http://proxy.com:80
+# FTP_PROXY: http://proxy.com:80
+# no_proxy: localhost,127.0.0.1,{{ ansible_default_ipv4.address }}
+# NO_PROXY: localhost,127.0.0.1,{{ ansible_default_ipv4.address }} \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/common/handlers/main.yaml b/fdio.infra.ansible/roles/common/handlers/main.yaml
new file mode 100644
index 0000000000..bb317e8067
--- /dev/null
+++ b/fdio.infra.ansible/roles/common/handlers/main.yaml
@@ -0,0 +1,8 @@
+---
+# file: roles/common/handlers/main.yaml
+
+- name: Reboot Server
+ reboot:
+ reboot_timeout: 3600
+ tags:
+ - reboot-server
diff --git a/fdio.infra.ansible/roles/common/tasks/main.yaml b/fdio.infra.ansible/roles/common/tasks/main.yaml
new file mode 100644
index 0000000000..60b49842d2
--- /dev/null
+++ b/fdio.infra.ansible/roles/common/tasks/main.yaml
@@ -0,0 +1,55 @@
+---
+# file: roles/common/tasks/main.yaml
+
+- name: Conf - Add permanent proxy settings
+ lineinfile:
+ path: "/etc/environment"
+ state: "present"
+ line: "{{ item.key }}={{ item.value }}"
+ with_dict: "{{ proxy_env }}"
+ when: proxy_env is defined
+ tags:
+ - common-conf-proxy
+
+- name: Inst - Update package cache (apt)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - common-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - common-inst-prerequisites
+
+- name: Inst - Meson (DPDK)
+ pip:
+ name:
+ - "meson==0.47.1"
+ tags:
+ - common-inst-meson
+
+- name: Conf - sudoers admin
+ lineinfile:
+ path: "/etc/sudoers"
+ state: "present"
+ regexp: "^%admin ALL="
+ line: "%admin ALL=(ALL) ALL"
+ validate: "/usr/sbin/visudo -cf %s"
+ tags:
+ - common-conf-sudoers
+
+- name: Conf - sudoers nopasswd
+ lineinfile:
+ path: "/etc/sudoers"
+ state: "present"
+ regexp: "^%sudo"
+ line: "%sudo ALL=(ALL:ALL) NOPASSWD: ALL"
+ validate: "/usr/sbin/visudo -cf %s"
+ tags:
+ - common-conf-sudoers
diff --git a/fdio.infra.ansible/roles/consul/defaults/main.yaml b/fdio.infra.ansible/roles/consul/defaults/main.yaml
new file mode 100644
index 0000000000..786554eb58
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/defaults/main.yaml
@@ -0,0 +1,110 @@
+---
+# file: roles/consul/defaults/main.yaml
+
+# Inst - Prerequisites.
+packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - "cgroup-bin"
+ - "curl"
+ - "git"
+ - "libcgroup1"
+ - "unzip"
+ - "htop"
+packages_by_distro:
+ ubuntu:
+ - []
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
+
+# Inst - Download Consul.
+consul_architecture_map:
+ amd64: "amd64"
+ x86_64: "amd64"
+ armv7l: "arm"
+ aarch64: "arm64"
+ 32-bit: "386"
+ 64-bit: "amd64"
+consul_architecture: "{{ consul_architecture_map[ansible_architecture] }}"
+consul_version: "1.8.6"
+consul_pkg: "consul_{{ consul_version }}_linux_{{ consul_architecture }}.zip"
+consul_zip_url: "https://releases.hashicorp.com/consul/{{ consul_version }}/{{ consul_pkg }}"
+
+# Inst - System paths.
+consul_bin_dir: "/usr/local/bin"
+consul_config_dir: "/etc/consul.d"
+consul_data_dir: "/var/consul"
+consul_inst_dir: "/opt"
+consul_lockfile: "/var/lock/subsys/consul"
+consul_run_dir: "/var/run/consul"
+consul_ssl_dir: "/etc/consul.d/ssl"
+nomad_config_dir: "/etc/nomad.d"
+
+# Conf - Service.
+consul_node_role: "both"
+consul_restart_handler_state: "restarted"
+nomad_restart_handler_state: "restarted"
+systemd_resolved_state: "stopped"
+
+# Conf - User and group.
+consul_group: "consul"
+consul_group_state: "present"
+consul_manage_group: true
+consul_manage_user: true
+consul_user: "consul"
+consul_user_groups: [ docker, nomad, consul, root ]
+consul_user_state: "present"
+
+# Conf - nomad.d/consul.hcl
+consul_nomad_integration: true
+consul_certificates:
+ - src: "{{ vault_consul_v1_ca_file }}"
+ dest: "{{ consul_ca_file }}"
+ - src: "{{ vault_consul_v1_cert_file }}"
+ dest: "{{ consul_cert_file }}"
+ - src: "{{ vault_consul_v1_key_file }}"
+ dest: "{{ consul_key_file }}"
+
+consul_auto_advertise: true
+consul_checks_use_advertise: true
+consul_server_service_name: "nomad"
+consul_client_service_name: "nomad-client"
+consul_server_auto_join: false
+consul_client_auto_join: true
+consul_ACL_token_set: false
+consul_token: "consul_token_default"
+
+# Conf - base.hcl
+consul_bind_addr: "{{ ansible_default_ipv4.address }}"
+consul_client_addr: "0.0.0.0"
+consul_datacenter: "dc1"
+consul_disable_update_check: true
+consul_enable_debug: false
+consul_enable_syslog: true
+consul_log_level: "INFO"
+consul_node_name: "{{ inventory_hostname }}"
+consul_retry_join: true
+consul_bootstrap_expect: 2
+consul_encrypt: ""
+consul_ca_file: "{{ consul_ssl_dir }}/ca.pem"
+consul_cert_file: "{{ consul_ssl_dir }}/consul.pem"
+consul_key_file: "{{ consul_ssl_dir }}/consul-key.pem"
+consul_ui: true
+consul_recursors:
+ - 1.1.1.1
+ - 8.8.8.8
+
+# Conf - ports.hcl
+consul_port_dns: 53
+consul_port_http: 8500
+consul_port_https: 8501
+consul_port_grpc: 8502
+consul_port_serf_lan: 8301
+consul_port_serf_wan: 8302
+consul_port_server: 8300
+
+# Conf - services.json
+consul_services: false \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/consul/handlers/main.yaml b/fdio.infra.ansible/roles/consul/handlers/main.yaml
new file mode 100644
index 0000000000..338baea74e
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/handlers/main.yaml
@@ -0,0 +1,23 @@
+---
+# file roles/consul/handlers/main.yaml
+
+- name: Restart Nomad
+ systemd:
+ daemon_reload: true
+ enabled: true
+ name: "nomad"
+ state: "{{ nomad_restart_handler_state }}"
+
+- name: Restart Consul
+ systemd:
+ daemon_reload: true
+ enabled: true
+ name: "consul"
+ state: "{{ consul_restart_handler_state }}"
+
+- name: Stop Systemd-resolved
+ systemd:
+ daemon_reload: true
+ enabled: false
+ name: "systemd-resolved"
+ state: "{{ systemd_resolved_state }}" \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/consul/meta/main.yaml b/fdio.infra.ansible/roles/consul/meta/main.yaml
new file mode 100644
index 0000000000..4ada8efad6
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/meta/main.yaml
@@ -0,0 +1,9 @@
+---
+# file: roles/consul/meta/main.yaml
+
+# desc: Install consul from stable branch and configure service.
+# inst: Consul
+# conf: ?
+# info: 1.0 - added role
+
+dependencies: [ ]
diff --git a/fdio.infra.ansible/roles/consul/tasks/main.yaml b/fdio.infra.ansible/roles/consul/tasks/main.yaml
new file mode 100644
index 0000000000..99ac52da44
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/tasks/main.yaml
@@ -0,0 +1,182 @@
+---
+# file: roles/consul/tasks/main.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - consul-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - consul-inst-prerequisites
+
+- name: Conf - Add Consul Group
+ group:
+ name: "{{ consul_group }}"
+ state: "{{ consul_group_state }}"
+ when:
+ - consul_manage_group | bool
+ tags:
+ - consul-conf-user
+
+- name: Conf - Add Consul user
+ user:
+ name: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ groups: "{{ consul_user_groups }}"
+ state: "{{ consul_user_state }}"
+ system: true
+ when:
+ - consul_manage_user | bool
+ tags:
+ - consul-conf-user
+
+- name: Inst - Clean Consul
+ file:
+ path: "{{ consul_inst_dir }}/consul"
+ state: "absent"
+ tags:
+ - consul-inst-package
+
+- name: Inst - Download Consul
+ get_url:
+ url: "{{ consul_zip_url }}"
+ dest: "{{ consul_inst_dir }}/{{ consul_pkg }}"
+ tags:
+ - consul-inst-package
+
+- name: Inst - Unarchive Consul
+ unarchive:
+ src: "{{ consul_inst_dir }}/{{ consul_pkg }}"
+ dest: "{{ consul_inst_dir }}/"
+ creates: "{{ consul_inst_dir }}/consul"
+ remote_src: true
+ tags:
+ - consul-inst-package
+
+- name: Inst - Consul
+ copy:
+ src: "{{ consul_inst_dir }}/consul"
+ dest: "{{ consul_bin_dir }}"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ force: true
+ mode: 0755
+ remote_src: true
+ tags:
+ - consul-inst-package
+
+- name: Conf - Create Directories "{{ consul_data_dir }}"
+ file:
+ dest: "{{ consul_data_dir }}"
+ state: directory
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ tags:
+ - consul-conf
+
+- name: Conf - Create Directories "{{ consul_ssl_dir }}"
+ file:
+ dest: "{{ consul_ssl_dir }}"
+ state: directory
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ tags:
+ - consul-conf
+
+- name: Conf - Create Config Directory
+ file:
+ dest: "{{ consul_config_dir }}"
+ state: directory
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0755
+ tags:
+ - consul-conf
+
+- name: Conf - Nomad integration Consul Configuration
+ template:
+ src: consul.hcl.j2
+ dest: "{{ nomad_config_dir }}/consul.hcl"
+ owner: "nomad"
+ group: "nomad"
+ mode: 0644
+ when:
+ - consul_nomad_integration | bool
+ tags:
+ - consul-conf
+
+- name: Conf - Base Configuration
+ template:
+ src: base.hcl.j2
+ dest: "{{ consul_config_dir }}/base.hcl"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0644
+ tags:
+ - consul-conf
+
+- name: Conf - Ports Configuration
+ template:
+ src: ports.hcl.j2
+ dest: "{{ consul_config_dir }}/ports.hcl"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0644
+ tags:
+ - consul-conf
+
+- name: Conf - Telemetry Configuration
+ template:
+ src: telemetry.hcl.j2
+ dest: "{{ consul_config_dir }}/telemetry.hcl"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0644
+ tags:
+ - consul-conf
+
+- name: Conf - Services Configuration
+ template:
+ src: services.json.j2
+ dest: "{{ consul_config_dir }}/services.json"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0644
+ when:
+ - consul_services
+ tags:
+ - consul-conf
+
+- name: Conf - Copy Certificates And Keys
+ copy:
+ content: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: "{{ consul_user }}"
+ group: "{{ consul_group }}"
+ mode: 0600
+ no_log: true
+ loop: "{{ consul_certificates | flatten(levels=1) }}"
+ tags:
+ - consul-conf
+
+- name: Conf - System.d Script
+ template:
+ src: "consul_systemd.service.j2"
+ dest: "/lib/systemd/system/consul.service"
+ owner: "root"
+ group: "root"
+ mode: 0644
+# notify:
+# - "Restart Consul"
+# - "Stop Systemd-resolved"
+# - "Restart Nomad"
+ tags:
+ - consul-conf
diff --git a/fdio.infra.ansible/roles/consul/templates/base.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2
new file mode 100644
index 0000000000..536c48d847
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/templates/base.hcl.j2
@@ -0,0 +1,43 @@
+node_name = "{{ consul_node_name }}"
+datacenter = "{{ consul_datacenter }}"
+
+bind_addr = "{{ consul_bind_addr }}"
+client_addr = "{{ consul_client_addr }}"
+data_dir = "{{ consul_data_dir }}"
+
+enable_syslog = {{ consul_enable_syslog | bool | lower }}
+enable_debug = {{ consul_enable_debug | bool | lower }}
+disable_update_check = {{ consul_disable_update_check | bool | lower }}
+log_level = "{{ consul_log_level }}"
+
+server = {{ consul_node_server | bool | lower }}
+encrypt = "{{ consul_encrypt }}"
+{% if consul_node_server | bool == True %}
+bootstrap_expect = {{ consul_bootstrap_expect }}
+verify_incoming = true
+verify_outgoing = true
+verify_server_hostname = true
+ca_file = "{{ consul_ca_file }}"
+cert_file = "{{ consul_cert_file }}"
+key_file = "{{ consul_key_file }}"
+auto_encrypt {
+ allow_tls = true
+}
+{% else %}
+verify_incoming = false
+verify_outgoing = false
+verify_server_hostname = false
+ca_file = "{{ consul_ca_file }}"
+auto_encrypt {
+ tls = false
+}
+{% endif %}
+{% if consul_retry_join | bool -%}
+retry_join = [ {% for ip_port in consul_retry_servers -%} "{{ ip_port }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ]
+{%- endif %}
+
+ui = {{ consul_ui | bool | lower }}
+
+{% if consul_recursors -%}
+recursors = [ {% for server in consul_recursors -%} "{{ server }}"{% if not loop.last %}, {% endif %}{%- endfor -%} ]
+{%- endif %} \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/consul/templates/consul.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/consul.hcl.j2
new file mode 100644
index 0000000000..c78e5e1ce5
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/templates/consul.hcl.j2
@@ -0,0 +1,12 @@
+consul {
+ auto_advertise = {{ consul_auto_advertise | bool | lower }}
+ checks_use_advertise = {{ consul_checks_use_advertise | bool | lower }}
+ client_auto_join = {{ consul_client_auto_join | bool | lower }}
+ client_service_name = "{{ consul_client_service_name }}"
+ server_service_name = "{{ consul_server_service_name }}"
+ server_auto_join = {{ consul_server_auto_join | bool | lower }}
+{% if consul_ACL_token_set == True %}
+ token = "{{ consul_token }}"
+{% endif %}
+
+} \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2 b/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2
new file mode 100644
index 0000000000..8e1ef1310d
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/templates/consul_systemd.service.j2
@@ -0,0 +1,21 @@
+[Unit]
+Description=Consul Service
+Documentation=https://www.nomadproject.io/docs/
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+# TODO: Decrease privilege
+ExecReload=/bin/kill -SIGHUP $MAINPID
+ExecStart={{ consul_bin_dir }}/consul agent -config-dir {{ consul_config_dir }}
+KillSignal=SIGTERM
+LimitNOFILE=infinity
+LimitNPROC=infinity
+Restart=on-failure
+RestartSec=1
+User=root
+Group=root
+Environment="GOMAXPROCS=2"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2
new file mode 100644
index 0000000000..a658060ce8
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/templates/ports.hcl.j2
@@ -0,0 +1,9 @@
+ports {
+ dns = {{ consul_port_dns }}
+ http = {{ consul_port_http }}
+ https = {{ consul_port_https }}
+ grpc = {{ consul_port_grpc }}
+ serf_lan = {{ consul_port_serf_lan }}
+ serf_wan = {{ consul_port_serf_wan }}
+ server = {{ consul_port_server }}
+} \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/consul/templates/services.json.j2 b/fdio.infra.ansible/roles/consul/templates/services.json.j2
new file mode 100644
index 0000000000..3245ba92a4
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/templates/services.json.j2
@@ -0,0 +1,13 @@
+{
+ "services": [
+{% for item in consul_services %}
+ {
+ "name": "{{ item.name }}",
+ "port": {{ item.port }}
+ }
+{%- if not loop.last %},
+{% endif %}
+{% endfor %}
+
+ ]
+} \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/consul/templates/telemetry.hcl.j2 b/fdio.infra.ansible/roles/consul/templates/telemetry.hcl.j2
new file mode 100644
index 0000000000..ec7fabc9da
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/templates/telemetry.hcl.j2
@@ -0,0 +1,3 @@
+telemetry {
+ prometheus_retention_time = "24h"
+} \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/consul/vars/main.yaml b/fdio.infra.ansible/roles/consul/vars/main.yaml
new file mode 100644
index 0000000000..b46333a7a7
--- /dev/null
+++ b/fdio.infra.ansible/roles/consul/vars/main.yaml
@@ -0,0 +1,5 @@
+---
+# file: roles/consul/vars/main.yaml
+
+consul_node_client: "{{ (consul_node_role == 'client') or (consul_node_role == 'both') }}"
+consul_node_server: "{{ (consul_node_role == 'server') or (consul_node_role == 'both') }}"
diff --git a/fdio.infra.ansible/roles/csit_sut_image/files/Dockerfile b/fdio.infra.ansible/roles/csit_sut_image/files/Dockerfile
new file mode 100644
index 0000000000..73ff5c5e86
--- /dev/null
+++ b/fdio.infra.ansible/roles/csit_sut_image/files/Dockerfile
@@ -0,0 +1,166 @@
+# Copyright (c) 2021 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM ubuntu:20.04
+LABEL Description="CSIT vpp-device ubuntu 20.04 SUT image"
+LABEL Version="master"
+
+# Setup the environment
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Configure locales
+RUN apt-get update -qq \
+ && apt-get install -y \
+ apt-utils \
+ locales \
+ && sed -i 's/# \(en_US\.UTF-8 .*\)/\1/' /etc/locale.gen \
+ && locale-gen en_US.UTF-8 \
+ && dpkg-reconfigure --frontend=noninteractive locales \
+ && update-locale LANG=en_US.UTF-8 \
+ && TZ=Etc/UTC && ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone \
+ && rm -r /var/lib/apt/lists/*
+ENV LANG="en_US.UTF-8" LANGUAGE="en_US" LC_ALL="en_US.UTF-8"
+
+# Install packages and Docker
+RUN apt-get -q update \
+ && apt-get install -y -qq \
+ apt-transport-https \
+ bridge-utils \
+ ca-certificates \
+ cloud-init \
+ cmake \
+ curl \
+ dkms \
+ gdb \
+ gfortran \
+ libapr1 \
+ libblas-dev \
+ libffi-dev \
+ liblapack-dev \
+ libmbedcrypto3 \
+ libmbedtls12 \
+ libmbedx509-0 \
+ libnuma1 \
+ libnuma-dev \
+ libpcap-dev \
+ libpixman-1-dev \
+ libssl-dev \
+ locales \
+ net-tools \
+ openssh-server \
+ pciutils \
+ python3-all \
+ python3-apt \
+ python3-cffi \
+ python3-cffi-backend \
+ python3-dev \
+ python3-pip \
+ python3-setuptools \
+ python3-virtualenv \
+ qemu-system \
+ rsyslog \
+ socat \
+ software-properties-common \
+ strongswan \
+ ssh \
+ sshpass \
+ sudo \
+ supervisor \
+ tar \
+ tcpdump \
+ unzip \
+ vim \
+ wget \
+ zlib1g-dev \
+ && curl -fsSL https://get.docker.com | sh \
+ && rm -rf /var/lib/apt/lists/*
+
+# Fix permissions
+RUN chown root:syslog /var/log \
+ && chmod 755 /etc/default
+
+# Create directory structure
+RUN mkdir -p /tmp/dumps \
+ && mkdir -p /var/cache/vpp/python \
+ && mkdir -p /var/run/sshd
+
+# CSIT PIP pre-cache
+RUN pip3 install \
+ ecdsa==0.13.3 \
+ paramiko==2.6.0 \
+ pycrypto==2.6.1 \
+ pypcap==1.2.3 \
+ PyYAML==5.1.1 \
+ requests==2.22.0 \
+ robotframework==3.1.2 \
+ scapy==2.4.3 \
+ scp==0.13.2 \
+ ansible==2.10.7 \
+ dill==0.2.8.2 \
+ numpy==1.17.3 \
+ hdrhistogram==0.6.1 \
+ plotly==4.1.1 \
+ PTable==0.9.2 \
+ Sphinx==2.2.1 \
+ sphinx-rtd-theme==0.4.0 \
+ sphinxcontrib-programoutput==0.15 \
+ sphinxcontrib-robotdoc==0.11.0 \
+ ply==3.11 \
+ alabaster==0.7.12 \
+ Babel==2.7.0 \
+ bcrypt==3.1.7 \
+ certifi==2019.9.11 \
+ cffi==1.13.2 \
+ chardet==3.0.4 \
+ cryptography==2.8 \
+ docutils==0.15.2 \
+ future==0.18.2 \
+ idna==2.8 \
+ imagesize==1.1.0 \
+ Jinja2==2.10.3 \
+ MarkupSafe==1.1.1 \
+ packaging==19.2 \
+ pbr==5.4.3 \
+ pycparser==2.19 \
+ Pygments==2.4.2 \
+ PyNaCl==1.3.0 \
+ pyparsing==2.4.4 \
+ python-dateutil==2.8.1 \
+ pytz==2019.3 \
+ retrying==1.3.3 \
+ six==1.13.0 \
+ snowballstemmer==2.0.0 \
+ sphinxcontrib-applehelp==1.0.1 \
+ sphinxcontrib-devhelp==1.0.1 \
+ sphinxcontrib-htmlhelp==1.0.2 \
+ sphinxcontrib-jsmath==1.0.1 \
+ sphinxcontrib-qthelp==1.0.2 \
+ sphinxcontrib-serializinghtml==1.1.3 \
+ urllib3==1.25.6
+
+# ARM workaround
+RUN pip3 install \
+ pandas==0.25.3 \
+ scipy==1.5.4
+
+# SSH settings
+RUN echo 'root:Csit1234' | chpasswd \
+ && sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config \
+ && sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd \
+ && echo "export VISIBLE=now" >> /etc/profile
+
+EXPOSE 2222
+
+COPY supervisord.conf /etc/supervisor/supervisord.conf
+
+CMD ["sh", "-c", "rm -f /dev/shm/db /dev/shm/global_vm /dev/shm/vpe-api; /usr/bin/supervisord -c /etc/supervisor/supervisord.conf; /usr/sbin/sshd -D -p 2222"] \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/csit_sut_image/files/supervisord.conf b/fdio.infra.ansible/roles/csit_sut_image/files/supervisord.conf
new file mode 100644
index 0000000000..22a36be5c6
--- /dev/null
+++ b/fdio.infra.ansible/roles/csit_sut_image/files/supervisord.conf
@@ -0,0 +1,24 @@
+[unix_http_server]
+file = /tmp/supervisor.sock
+chmod = 0777
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+[supervisorctl]
+serverurl = unix:///tmp/supervisor.sock
+
+[supervisord]
+pidfile = /tmp/supervisord.pid
+identifier = supervisor
+directory = /tmp
+logfile = /tmp/supervisord.log
+loglevel = debug
+nodaemon = false
+
+[program:vpp]
+command = /usr/bin/vpp -c /etc/vpp/startup.conf
+autostart = false
+autorestart = true
+redirect_stderr = true
+priority = 1 \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/csit_sut_image/tasks/main.yaml b/fdio.infra.ansible/roles/csit_sut_image/tasks/main.yaml
new file mode 100644
index 0000000000..2affe4b18e
--- /dev/null
+++ b/fdio.infra.ansible/roles/csit_sut_image/tasks/main.yaml
@@ -0,0 +1,30 @@
+---
+# file: roles/csit_sut_image/tasks/main.yaml
+
+- name: Create a directory if it does not exist
+ file:
+ path: "/opt/csit-sut/"
+ state: "directory"
+ mode: 0755
+ tags:
+ - csit-sut-image
+
+- name: Copy Build Items
+ copy:
+ src: "{{ item }}"
+ dest: "/opt/csit-sut/"
+ owner: "root"
+ group: "root"
+ mode: 0755
+ with_items:
+ - Dockerfile
+ - supervisord.conf
+ tags:
+ - csit-sut-image
+
+- name: Build CSIT SUT Docker Image
+ shell: "docker build -t csit_sut-ubuntu2004:local ."
+ args:
+ chdir: "/opt/csit-sut"
+ tags:
+ - csit-sut-image \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker/defaults/main.yaml b/fdio.infra.ansible/roles/docker/defaults/main.yaml
new file mode 100644
index 0000000000..8343558238
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker/defaults/main.yaml
@@ -0,0 +1,38 @@
+---
+# file: roles/docker/defaults/main.yaml
+
+# Version options.
+docker_edition: "ce"
+docker_package: "docker-{{ docker_edition }}"
+docker_package_state: latest
+
+# Service options.
+docker_service_state: started
+docker_service_enabled: true
+docker_restart_handler_state: restarted
+
+# Used only for Debian/Ubuntu.
+docker_apt_release_channel: "stable"
+docker_apt_repository: "deb https://download.docker.com/linux/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} {{ docker_apt_release_channel }}"
+docker_apt_repository_state: present
+docker_apt_ignore_key_error: true
+docker_apt_gpg_key: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
+docker_apt_gpg_key_state: present
+
+# Used only for RedHat/CentOS/Fedora.
+docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo
+docker_yum_repo_enable_edge: "0"
+docker_yum_repo_enable_test: "0"
+docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg
+
+# A list of users who will be added to the docker group.
+docker_users:
+ - "testuser"
+
+# Proxy settings.
+docker_daemon_environment_http:
+ - "HTTP_PROXY={{ proxy_env.http_proxy }}"
+ - "NO_PROXY={{ proxy_env.no_proxy }}"
+docker_daemon_environment_https:
+ - "HTTPS_PROXY={{ proxy_env.https_proxy }}"
+ - "NO_PROXY={{ proxy_env.no_proxy }}" \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker/handlers/main.yaml b/fdio.infra.ansible/roles/docker/handlers/main.yaml
new file mode 100644
index 0000000000..d89adb9a1a
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker/handlers/main.yaml
@@ -0,0 +1,9 @@
+---
+# file roles/docker/handlers/main.yaml
+
+- name: Restart Docker
+ service:
+ name: "docker"
+ state: "{{ docker_restart_handler_state }}"
+ tags:
+ - docker-restart-service \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker/meta/main.yaml b/fdio.infra.ansible/roles/docker/meta/main.yaml
new file mode 100644
index 0000000000..ab3d197791
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker/meta/main.yaml
@@ -0,0 +1,4 @@
+---
+# file: roles/docker/meta/main.yaml
+
+dependencies: [] \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker/tasks/main.yaml b/fdio.infra.ansible/roles/docker/tasks/main.yaml
new file mode 100644
index 0000000000..5a96b7a7c5
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker/tasks/main.yaml
@@ -0,0 +1,82 @@
+---
+# file: roles/docker/tasks/main.yaml
+
+- include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml"
+ tags:
+ - docker-inst-dependencies
+
+- name: Inst - Docker
+ package:
+ name:
+ - "{{ docker_package }}"
+ - "{{ docker_package }}-cli"
+ state: "{{ docker_package_state }}"
+ tags:
+ - docker-inst-package
+
+- name: Conf - Docker Service
+ service:
+ name: docker
+ state: "{{ docker_service_state }}"
+ enabled: "{{ docker_service_enabled }}"
+ tags:
+ - docker-conf-service
+
+- name: Conf - Docker Service Directory
+ file:
+ path: "/etc/systemd/system/docker.service.d"
+ state: "directory"
+ tags:
+ - docker-conf-service
+
+- name: Conf - Docker Daemon
+ template:
+ src: "templates/daemon.json.j2"
+ dest: "/etc/docker/daemon.json"
+ owner: "root"
+ group: "root"
+ mode: "0644"
+ when: >
+ docker_daemon is defined
+ tags:
+ - docker-conf-daemon
+
+- name: Conf - Docker HTTP Proxy
+ template:
+ src: "templates/docker.service.proxy.http"
+ dest: "/etc/systemd/system/docker.service.d/http-proxy.conf"
+ owner: "root"
+ group: "root"
+ mode: "0644"
+ notify:
+ - "Restart Docker"
+ when: >
+ proxy_env is defined and
+ proxy_env.http_proxy is defined
+ tags:
+ - docker-conf-service
+
+- name: Conf - Docker HTTPS Proxy
+ template:
+ src: "templates/docker.service.proxy.https"
+ dest: "/etc/systemd/system/docker.service.d/https-proxy.conf"
+ owner: "root"
+ group: "root"
+ mode: "0644"
+ notify:
+ - "Restart Docker"
+ when: >
+ proxy_env is defined and
+ proxy_env.https_proxy is defined
+ tags:
+ - docker-conf-service
+
+- name: Conf - Users to Docker Group
+ user:
+ name: "{{ item }}"
+ groups: "docker"
+ append: True
+ loop: "{{ docker_users }}"
+ when: docker_users
+ tags:
+ - docker-conf-user
diff --git a/fdio.infra.ansible/roles/docker/tasks/ubuntu_bionic.yaml b/fdio.infra.ansible/roles/docker/tasks/ubuntu_bionic.yaml
new file mode 100644
index 0000000000..8bda4fed21
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker/tasks/ubuntu_bionic.yaml
@@ -0,0 +1,30 @@
+---
+# file: roles/docker/tasks/ubuntu_bionic.yaml
+
+- name: Inst - Dependencies
+ apt:
+ name:
+ - "apt-transport-https"
+ - "ca-certificates"
+ - "gpg-agent"
+ - "software-properties-common"
+ state: "present"
+ cache_valid_time: 3600
+ install_recommends: False
+ tags:
+ - docker-inst-dependencies
+
+- name: Conf - Add APT Key
+ apt_key:
+ url: "{{ docker_apt_gpg_key }}"
+ state: "{{ docker_apt_gpg_key_state }}"
+ tags:
+ - docker-conf-apt
+
+- name: Conf - Install APT Repository
+ apt_repository:
+ repo: "{{ docker_apt_repository }}"
+ state: "{{ docker_apt_repository_state }}"
+ update_cache: yes
+ tags:
+ - docker-conf-apt
diff --git a/fdio.infra.ansible/roles/docker/tasks/ubuntu_focal.yaml b/fdio.infra.ansible/roles/docker/tasks/ubuntu_focal.yaml
new file mode 100644
index 0000000000..84bd1c5824
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker/tasks/ubuntu_focal.yaml
@@ -0,0 +1,30 @@
+---
+# file: roles/docker/tasks/ubuntu_focal.yaml
+
+- name: Inst - Dependencies
+ apt:
+ name:
+ - "apt-transport-https"
+ - "ca-certificates"
+ - "gpg-agent"
+ - "software-properties-common"
+ state: "present"
+ cache_valid_time: 3600
+ install_recommends: False
+ tags:
+ - docker-inst-dependencies
+
+- name: Conf - Add APT Key
+ apt_key:
+ url: "{{ docker_apt_gpg_key }}"
+ state: "{{ docker_apt_gpg_key_state }}"
+ tags:
+ - docker-conf-apt
+
+- name: Conf - Install APT Repository
+ apt_repository:
+ repo: "{{ docker_apt_repository }}"
+ state: "{{ docker_apt_repository_state }}"
+ update_cache: yes
+ tags:
+ - docker-conf-apt
diff --git a/fdio.infra.ansible/roles/docker/templates/daemon.json.j2 b/fdio.infra.ansible/roles/docker/templates/daemon.json.j2
new file mode 100644
index 0000000000..becc2b1af7
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker/templates/daemon.json.j2
@@ -0,0 +1 @@
+{{ docker_daemon | to_nice_json }} \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.http b/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.http
new file mode 100644
index 0000000000..73ceba3870
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.http
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+[Service]
+Environment="{{ docker_daemon_environment_http | join('" "') }}"
diff --git a/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.https b/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.https
new file mode 100644
index 0000000000..1c2097eb9d
--- /dev/null
+++ b/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.https
@@ -0,0 +1,4 @@
+# {{ ansible_managed }}
+
+[Service]
+Environment="{{ docker_daemon_environment_https | join('" "') }}"
diff --git a/fdio.infra.ansible/roles/dpdk/defaults/main.yaml b/fdio.infra.ansible/roles/dpdk/defaults/main.yaml
new file mode 100644
index 0000000000..2a8c691728
--- /dev/null
+++ b/fdio.infra.ansible/roles/dpdk/defaults/main.yaml
@@ -0,0 +1,31 @@
+---
+# file: roles/dpdk/defaults/main.yaml
+
+packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - []
+
+packages_by_distro:
+ ubuntu:
+ bionic:
+ - "build-essential"
+ - "libnuma-dev"
+ focal:
+ - "build-essential"
+ - "libnuma-dev"
+
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
+
+dpdk_target_dir: "/opt"
+dpdk_version:
+ - "20.02"
+dpdk_url: "https://fast.dpdk.org/rel"
+dpdk_build_targets:
+ "20.02":
+ aarch64: "arm64-armv8a-linux-gcc"
+ x86_64: "x86_64-native-linux-gcc"
diff --git a/fdio.infra.ansible/roles/dpdk/files/dpdk-mlx5.patch b/fdio.infra.ansible/roles/dpdk/files/dpdk-mlx5.patch
new file mode 100644
index 0000000000..a3928d70f7
--- /dev/null
+++ b/fdio.infra.ansible/roles/dpdk/files/dpdk-mlx5.patch
@@ -0,0 +1,19 @@
+diff --git a/drivers/net/mlx5/mlx5_ethdev.c b/drivers/net/mlx5/mlx5_ethdev.c
+index d7d3bc73c..c21c38485 100644
+--- a/drivers/net/mlx5/mlx5_ethdev.c
++++ b/drivers/net/mlx5/mlx5_ethdev.c
+@@ -1032,11 +1032,14 @@ mlx5_link_update_unlocked_gs(struct rte_eth_dev *dev,
+ ETH_LINK_HALF_DUPLEX : ETH_LINK_FULL_DUPLEX);
+ dev_link.link_autoneg = !(dev->data->dev_conf.link_speeds &
+ ETH_LINK_SPEED_FIXED);
++#if 0
++ /* FIXME: this does not work on Azure w/ CX4-LX */
+ if (((dev_link.link_speed && !dev_link.link_status) ||
+ (!dev_link.link_speed && dev_link.link_status))) {
+ rte_errno = EAGAIN;
+ return -rte_errno;
+ }
++#endif
+ *link = dev_link;
+ return 0;
+ }
diff --git a/fdio.infra.ansible/roles/dpdk/tasks/main.yaml b/fdio.infra.ansible/roles/dpdk/tasks/main.yaml
new file mode 100644
index 0000000000..46f942be93
--- /dev/null
+++ b/fdio.infra.ansible/roles/dpdk/tasks/main.yaml
@@ -0,0 +1,68 @@
+---
+# file: roles/dpdk/tasks/main.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - dpdk-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - dpdk-inst-prerequisites
+
+- name: Download Release Archive
+ get_url:
+ url: "{{ dpdk_url }}/dpdk-{{ item }}.tar.xz"
+ dest: "{{ dpdk_target_dir }}/dpdk-{{ item }}.tar.xz"
+ mode: 0644
+ loop: "{{ dpdk_version }}"
+ register: "dpdk_downloaded"
+ tags:
+ - dpdk-inst
+
+- name: Extract Release Archive
+ unarchive:
+ remote_src: true
+ src: "{{ dpdk_target_dir }}/dpdk-{{ item }}.tar.xz"
+ dest: "{{ dpdk_target_dir }}/"
+ creates: "{{ dpdk_target_dir }}/dpdk-{{ item }}"
+ loop: "{{ dpdk_version }}"
+ when: "dpdk_downloaded"
+ register: "dpdk_extracted"
+ tags:
+ - dpdk-inst
+
+- name: Build igb_uio by default
+ lineinfile:
+ dest: "{{ dpdk_target_dir }}/dpdk-{{ item }}/config/common_base"
+ regexp: "^CONFIG_RTE_EAL_IGB_UIO"
+ line: "CONFIG_RTE_EAL_IGB_UIO=y"
+ loop: "{{ dpdk_version }}"
+ when: "dpdk_extracted"
+ register: "dpdk_configured"
+ tags:
+ - dpdk-inst
+
+- name: Compile Release I
+ become: yes
+ command: "make install T={{ dpdk_build_targets[item][ansible_machine] }} DESTDIR={{ dpdk_target_dir }}/dpdk-{{ item }} chdir={{ dpdk_target_dir }}/dpdk-{{ item }}"
+ loop: "{{ dpdk_version }}"
+ when: "dpdk_configured"
+ register: "dpdk_compiled"
+ tags:
+ - dpdk-inst
+
+- name: Link igb_uio Module
+ shell: "ln -fs {{ dpdk_target_dir }}/dpdk-{{ item }}/{{ dpdk_build_targets[item][ansible_machine] }}/kmod/igb_uio.ko /lib/modules/`uname -r`/igb_uio.ko && depmod -a"
+ ignore_errors: "yes"
+ loop: "{{ dpdk_version }}"
+ when: "dpdk_compiled"
+ tags:
+ - dpdk-inst \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/iperf/defaults/main.yaml b/fdio.infra.ansible/roles/iperf/defaults/main.yaml
new file mode 100644
index 0000000000..07af60b63a
--- /dev/null
+++ b/fdio.infra.ansible/roles/iperf/defaults/main.yaml
@@ -0,0 +1,26 @@
+---
+# file: roles/iperf/defaults/main.yaml
+
+packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - []
+
+packages_by_distro:
+ ubuntu:
+ bionic:
+ - "build-essential"
+ - "lib32z1"
+ focal:
+ - "build-essential"
+ - "lib32z1"
+
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
+
+iperf_target_dir: "/opt"
+iperf_version:
+ - "3.7"
diff --git a/fdio.infra.ansible/roles/iperf/tasks/main.yaml b/fdio.infra.ansible/roles/iperf/tasks/main.yaml
new file mode 100644
index 0000000000..f8948cae57
--- /dev/null
+++ b/fdio.infra.ansible/roles/iperf/tasks/main.yaml
@@ -0,0 +1,62 @@
+---
+# file: roles/iperf/tasks/main.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - iperf-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - iperf-inst-prerequisites
+
+- name: Get Release Archive
+ get_url:
+ url: "https://downloads.es.net/pub/iperf/iperf-{{ item }}.tar.gz"
+ dest: "{{ iperf_target_dir }}/iperf-{{ item }}.tar.gz"
+ validate_certs: false
+ mode: 0644
+ loop: "{{ iperf_version }}"
+ tags:
+ - iperf-inst
+
+- name: Extract Release Archive
+ unarchive:
+ remote_src: true
+ src: "{{ iperf_target_dir }}/iperf-{{ item }}.tar.gz"
+ dest: "{{ iperf_target_dir }}/"
+ creates: "{{ iperf_target_dir }}/iperf-{{ item }}/src"
+ loop: "{{ iperf_version }}"
+ tags:
+ - iperf-inst
+
+- name: Compile Release I
+ command: "./configure"
+ args:
+ chdir: "{{ iperf_target_dir }}/iperf-{{ item }}/"
+ loop: "{{ iperf_version }}"
+ tags:
+ - iperf-inst
+
+- name: Compile Release II
+ command: "make"
+ args:
+ chdir: "{{ iperf_target_dir }}/iperf-{{ item }}/"
+ loop: "{{ iperf_version }}"
+ tags:
+ - iperf-inst
+
+- name: Compile Release III
+ command: "make install"
+ args:
+ chdir: "{{ iperf_target_dir }}/iperf-{{ item }}/"
+ loop: "{{ iperf_version }}"
+ tags:
+ - iperf-inst \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/jenkins_job_health_exporter/defaults/main.yaml b/fdio.infra.ansible/roles/jenkins_job_health_exporter/defaults/main.yaml
new file mode 100644
index 0000000000..9813d41afb
--- /dev/null
+++ b/fdio.infra.ansible/roles/jenkins_job_health_exporter/defaults/main.yaml
@@ -0,0 +1,35 @@
+---
+# file: roles/jenkins_job_health_exporter/defaults/main.yaml
+
+# Conf - Jenkins Job Health Exporter.
+jenkins_host: "jenkins.fd.io"
+poll_interval_sec: 1800
+req_timeout_sec: 30
+bind_to: "0.0.0.0:9186"
+last_builds: 10
+jobs:
+ - "vpp-csit-verify-api-crc-master"
+ - "vpp-beta-verify-master-ubuntu2004-aarch64"
+ - "vpp-verify-master-centos8-aarch64"
+ - "vpp-verify-master-ubuntu1804-aarch64"
+ - "vpp-gcc-verify-master-ubuntu2004-x86_64"
+ - "vpp-verify-master-centos8-x86_64"
+ - "vpp-verify-master-debian10-x86_64"
+ - "vpp-verify-master-ubuntu2004-x86_64"
+ - "vpp-verify-master-ubuntu1804-x86_64"
+ - "vpp-debug-verify-master-ubuntu2004-x86_64"
+ - "vpp-checkstyle-verify-master-ubuntu2004-x86_64"
+ - "vpp-sphinx-docs-verify-master-ubuntu1804-x86_64"
+ - "vpp-docs-verify-master-ubuntu1804-x86_64"
+ - "vpp-make-test-docs-verify-master-ubuntu1804-x86_64"
+ - "vpp-csit-verify-device-master-1n-skx"
+ - "vpp-csit-verify-device-master-1n-tx2"
+
+# Conf - Service.
+jenkins_job_health_exporter_restart_handler_state: "restarted"
+
+# Inst - System paths.
+jenkins_job_health_exporter_target_dir: "/usr/bin"
+jenkins_job_health_exporter_conf_dir: "/etc"
+jenkins_job_health_exporter_url: "https://github.com/ayourtch/jenkins-job-health-exporter/releases/download"
+jenkins_job_health_exporter_version: "v0.0.3" \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/jenkins_job_health_exporter/handlers/main.yaml b/fdio.infra.ansible/roles/jenkins_job_health_exporter/handlers/main.yaml
new file mode 100644
index 0000000000..29fee98fed
--- /dev/null
+++ b/fdio.infra.ansible/roles/jenkins_job_health_exporter/handlers/main.yaml
@@ -0,0 +1,9 @@
+---
+# file roles/jenkins_job_health_exporter/handlers/main.yaml
+
+- name: Restart Jenkins Job Health Exporter
+ systemd:
+ daemon_reload: true
+ enabled: true
+ name: "jenkins-job-health-exporter"
+ state: "{{ jenkins_job_health_exporter_restart_handler_state }}"
diff --git a/fdio.infra.ansible/roles/jenkins_job_health_exporter/tasks/main.yaml b/fdio.infra.ansible/roles/jenkins_job_health_exporter/tasks/main.yaml
new file mode 100644
index 0000000000..5dbe476019
--- /dev/null
+++ b/fdio.infra.ansible/roles/jenkins_job_health_exporter/tasks/main.yaml
@@ -0,0 +1,38 @@
+---
+# file: roles/jenkins_job_health_exporter/tasks/main.yaml
+
+- name: Conf - Jenkins Job Health Exporter Config
+ template:
+ src: "templates/jenkins-job-health-exporter.j2"
+ dest: "/etc/jenkins-job-health-exporter.json"
+ owner: "root"
+ group: "root"
+ mode: "0644"
+ when:
+ - ansible_hostname == "s42-nomad"
+ tags:
+ - conf-jenkins-job-json
+
+- name: Inst - Jenkins Job Health Exporter Binary
+ get_url:
+ url: "{{ jenkins_job_health_exporter_url }}/{{ jenkins_job_health_exporter_version }}/jenkins-job-health-exporter"
+ dest: "{{ jenkins_job_health_exporter_target_dir }}/jenkins-job-health-exporter"
+ mode: "0755"
+ when:
+ - ansible_hostname == "s42-nomad"
+ tags:
+ - inst-jenkins-job-binary
+
+- name: Inst - Jenkins Job Health Exporter Service
+ template:
+ src: "templates/jenkins-job-health-exporter.service.j2"
+ dest: "/lib/systemd/system/jenkins-job-health-exporter.service"
+ owner: "root"
+ group: "root"
+ mode: "0644"
+ when:
+ - ansible_hostname == "s42-nomad"
+ notify:
+ - "Restart Jenkins Job Health Exporter"
+ tags:
+ - inst-jenkins-job-service
diff --git a/fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.j2 b/fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.j2
new file mode 100644
index 0000000000..5942b782e0
--- /dev/null
+++ b/fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.j2
@@ -0,0 +1,16 @@
+{
+ "jenkins_host": "{{ jenkins_host }}",
+ "poll_interval_sec": {{ poll_interval_sec }},
+ "req_timeout_sec": {{ req_timeout_sec }},
+ "bind_to": "{{ bind_to }}",
+ "last_builds": {{ last_builds }},
+ "jobs": [
+{% for item in jobs %}
+ "{{ item }}"
+{%- if not loop.last %},
+{% endif %}
+{% endfor %}
+
+ ],
+ "verbose": 3
+} \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.service.j2 b/fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.service.j2
new file mode 100644
index 0000000000..38073d0a8c
--- /dev/null
+++ b/fdio.infra.ansible/roles/jenkins_job_health_exporter/templates/jenkins-job-health-exporter.service.j2
@@ -0,0 +1,13 @@
+[Unit]
+Description=Jenkins Job Health Exporter
+Documentation=https://github.com/ayourtch/jenkins-job-health-exporter
+
+[Service]
+Restart=always
+ExecStart={{ jenkins_job_health_exporter_target_dir }}/jenkins-job-health-exporter {{ jenkins_job_health_exporter_conf_dir }}/jenkins-job-health-exporter.json
+ExecReload=/bin/kill -HUP $MAINPID
+TimeoutStopSec=20s
+SendSIGKILL=no
+
+[Install]
+WantedBy=multi-user.target \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kernel/defaults/main.yaml b/fdio.infra.ansible/roles/kernel/defaults/main.yaml
new file mode 100644
index 0000000000..b9b4253622
--- /dev/null
+++ b/fdio.infra.ansible/roles/kernel/defaults/main.yaml
@@ -0,0 +1,43 @@
+---
+# file: roles/kernel/defaults/main.yaml
+
+# Kernel version to install (Default to any version).
+kernel_version: "{{ kernel_version_by_distro[ansible_distribution|lower][ansible_distribution_release] | join(' ') }}"
+
+kernel_version_by_distro:
+ ubuntu:
+ bionic:
+ - "4.15.0-72"
+ focal:
+ - "5.4.0-65"
+
+kernel_packages: "{{ kernel_packages_by_distro[ansible_distribution|lower][ansible_distribution_release] | flatten(levels=1) }}"
+
+kernel_packages_by_distro:
+ ubuntu:
+ bionic:
+ - "linux-image"
+ - "linux-headers"
+ - "linux-modules"
+ - "linux-modules-extra"
+ - "linux-tools"
+ focal:
+ - "linux-image"
+ - "linux-headers"
+ - "linux-modules"
+ - "linux-modules-extra"
+ - "linux-tools"
+
+# Packages to remove in relation to kernel upgrade.
+absent_packages: "{{ absent_packages_by_distro[ansible_distribution|lower][ansible_distribution_release] | flatten(levels=1) }}"
+
+absent_packages_by_distro:
+ ubuntu:
+ bionic:
+ - "amd64-microcode"
+ - "intel-microcode"
+ - "iucode-tool"
+ focal:
+ - "amd64-microcode"
+ - "intel-microcode"
+ - "iucode-tool" \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kernel/filter_plugins/main.py b/fdio.infra.ansible/roles/kernel/filter_plugins/main.py
new file mode 100644
index 0000000000..7d909b90e8
--- /dev/null
+++ b/fdio.infra.ansible/roles/kernel/filter_plugins/main.py
@@ -0,0 +1,143 @@
+
+"""Extra Ansible filters"""
+
+def deb_kernel(packages, kernel_version, current_version):
+ """
+ Return best matching kernel version.
+ Args:
+ packages (dict): apt-cache showpkg output.
+ kernel_version (str): Kernel version to install.
+ current_version (str): Current kernel version.
+ Returns:
+ str: kernel version.
+ """
+ kernels = set()
+
+ # List all available kernel version and associated repository
+ for line in packages['stdout'].splitlines():
+ line = line.strip()
+ if line.startswith('Package: ') and (
+ line.endswith('-common') or # Debian
+ line.endswith('-generic')): # Ubuntu
+ kernel = line.split()[1]
+
+ for string in ('linux-headers-', 'common', 'generic'):
+ kernel = kernel.replace(string, '')
+ kernel = kernel.strip('-')
+
+ if kernel:
+ kernels.add(kernel)
+
+ # Sort Kernel versions
+ versions = {}
+ for kernel in kernels:
+ try:
+ version, build = kernel.split('-', 1)
+ except ValueError:
+ version = kernel
+ build = ''
+ versions[kernel] = list(
+ int(ver) for ver in version.split('.')) + [build]
+ kernels = sorted(versions.keys(), key=versions.get, reverse=True)
+
+ # Return more recent kernel package that match version requirement
+ for kernel in kernels:
+ if kernel.startswith(kernel_version):
+ return kernel
+
+ raise RuntimeError(
+ 'No kernel matching to "%s". Available kernel versions: %s' % (
+ kernel_version, ', '.join(reversed(kernels))))
+
+
+def _deb_kernel_package(kernel, dist, arch, name):
+ """
+ Return kernel package name.
+ Args:
+ kernel (str): Kernel version.
+ dist (str): Distribution.
+ arch (str): Architecture.
+ name (str): Package name.
+ Returns:
+ str: kernel package.
+ """
+ # Define package suffix
+ if dist == 'Ubuntu':
+ suffix = 'generic'
+ elif name == 'linux-image':
+ suffix = arch.replace('x86_64', 'amd64')
+ else:
+ suffix = 'common'
+
+ return '-'.join((name, kernel, suffix))
+
+
+def deb_kernel_pkg(packages, kernel_version, current_version, dist, arch, name):
+ """
+ Return kernel package to install.
+ Args:
+ packages (dict): apt-cache showpkg output.
+ kernel_version (str): Kernel version to install.
+ current_version (str): Current kernel version.
+ dist (str): Distribution.
+ arch (str): Architecture.
+ name (str): Package name.
+ Returns:
+ str: kernel package to install.
+ """
+ return _deb_kernel_package(
+ deb_kernel(packages, kernel_version, current_version), dist, arch, name)
+
+
+def deb_installed_kernel(installed, packages, kernel_version, current_version):
+ """
+ Return old kernel packages to remove.
+ Args:
+ installed (dict): dpkg -l output.
+ packages (dict): apt-cache showpkg output.
+ kernel_version (str): Kernel version to install.
+ current_version (str): Current kernel version.
+ Returns:
+ list of str: Kernel packages to remove.
+ """
+ # Filter installed package to keep
+ to_keep = deb_kernel(packages, kernel_version, current_version)
+
+ # Return installed package to remove
+ to_remove = []
+ for line in installed['stdout'].splitlines():
+ if ' linux-' not in line:
+ continue
+
+ package = line.split()[1]
+ if ((package.startswith('linux-image-') or
+ package.startswith('linux-headers-')) and not (
+ package.startswith('linux-image-' + to_keep) or
+ package.startswith('linux-headers-' + to_keep))):
+ to_remove.append(package)
+
+ return to_remove
+
+
+def kernel_match(kernel, kernel_spec):
+ """
+ Check if kernel version match.
+ Args:
+ kernel (str): Kernel
+ kernel_spec (str): Kernel to match.
+ Returns:
+ bool: True if Kernel match.
+ """
+ return kernel.startswith(kernel_spec)
+
+
+class FilterModule(object):
+ """Return filter plugin"""
+
+ @staticmethod
+ def filters():
+ """Return filter"""
+ return {'deb_kernel': deb_kernel,
+ 'deb_kernel_pkg': deb_kernel_pkg,
+ 'deb_installed_kernel': deb_installed_kernel,
+ 'kernel_match': kernel_match}
diff --git a/fdio.infra.ansible/roles/kernel/handlers/main.yaml b/fdio.infra.ansible/roles/kernel/handlers/main.yaml
new file mode 100644
index 0000000000..963fd71756
--- /dev/null
+++ b/fdio.infra.ansible/roles/kernel/handlers/main.yaml
@@ -0,0 +1,8 @@
+---
+# file roles/kernel/handlers/main.yaml
+
+- name: Reboot Server
+ reboot:
+ reboot_timeout: 3600
+ tags:
+ - reboot-server \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kernel/tasks/main.yaml b/fdio.infra.ansible/roles/kernel/tasks/main.yaml
new file mode 100644
index 0000000000..431e344fb8
--- /dev/null
+++ b/fdio.infra.ansible/roles/kernel/tasks/main.yaml
@@ -0,0 +1,9 @@
+---
+# file: roles/kernel/tasks/main.yaml
+
+- name: Inst - Prerequisites
+ include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml"
+ tags:
+ - kernel-inst-prerequisites
+
+- meta: flush_handlers
diff --git a/fdio.infra.ansible/roles/kernel/tasks/ubuntu_bionic.yaml b/fdio.infra.ansible/roles/kernel/tasks/ubuntu_bionic.yaml
new file mode 100644
index 0000000000..349c853c11
--- /dev/null
+++ b/fdio.infra.ansible/roles/kernel/tasks/ubuntu_bionic.yaml
@@ -0,0 +1,51 @@
+---
+# file: roles/kernel/tasks/ubuntu_bionic.yaml
+
+- name: Get Available Kernel Versions
+ command: "apt-cache showpkg linux-headers-*"
+ changed_when: false
+ register: apt_kernel_list
+ tags:
+ - kernel-inst
+
+- name: Get installed packages with APT
+ command: "dpkg -l"
+ changed_when: false
+ register: apt_packages_list
+ tags:
+ - kernel-inst
+
+- name: Set target APT kernel version
+ set_fact:
+ _kernel: "{{ apt_kernel_list | deb_kernel(
+ kernel_version, ansible_kernel) }}"
+ tags:
+ - kernel-inst
+
+- name: Ensure Packages Versions
+ apt:
+ name: "{{ apt_kernel_list | deb_kernel_pkg(
+ kernel_version, ansible_kernel, ansible_distribution,
+ ansible_architecture, item) }}"
+ loop: "{{ kernel_packages }}"
+ tags:
+ - kernel-inst
+
+- name: Ensure Any Other Kernel Packages Are Removed
+ apt:
+ name: "{{ apt_packages_list | deb_installed_kernel(
+ apt_kernel_list, kernel_version, ansible_kernel) }}"
+ state: absent
+ purge: true
+ notify:
+ - "Reboot Server"
+ tags:
+ - kernel-inst
+
+- name: Ensure Any Microcode Is Absent
+ apt:
+ name: "{{ absent_packages }}"
+ state: absent
+ purge: true
+ tags:
+ - kernel-inst \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kernel/tasks/ubuntu_focal.yaml b/fdio.infra.ansible/roles/kernel/tasks/ubuntu_focal.yaml
new file mode 100644
index 0000000000..9cbc4d4787
--- /dev/null
+++ b/fdio.infra.ansible/roles/kernel/tasks/ubuntu_focal.yaml
@@ -0,0 +1,51 @@
+---
+# file: roles/kernel/tasks/ubuntu_focal.yaml
+
+- name: Get Available Kernel Versions
+ command: "apt-cache showpkg linux-headers-*"
+ changed_when: false
+ register: apt_kernel_list
+ tags:
+ - kernel-inst
+
+- name: Get installed packages with APT
+ command: "dpkg -l"
+ changed_when: false
+ register: apt_packages_list
+ tags:
+ - kernel-inst
+
+- name: Set target APT kernel version
+ set_fact:
+ _kernel: "{{ apt_kernel_list | deb_kernel(
+ kernel_version, ansible_kernel) }}"
+ tags:
+ - kernel-inst
+
+- name: Ensure Packages Versions
+ apt:
+ name: "{{ apt_kernel_list | deb_kernel_pkg(
+ kernel_version, ansible_kernel, ansible_distribution,
+ ansible_architecture, item) }}"
+ loop: "{{ kernel_packages }}"
+ tags:
+ - kernel-inst
+
+- name: Ensure Any Other Kernel Packages Are Removed
+ apt:
+ name: "{{ apt_packages_list | deb_installed_kernel(
+ apt_kernel_list, kernel_version, ansible_kernel) }}"
+ state: absent
+ purge: true
+ notify:
+ - "Reboot Server"
+ tags:
+ - kernel-inst
+
+- name: Ensure Any Microcode Is Absent
+ apt:
+ name: "{{ absent_packages }}"
+ state: absent
+ purge: true
+ tags:
+ - kernel-inst \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kernel_vm/files/initramfs_modules b/fdio.infra.ansible/roles/kernel_vm/files/initramfs_modules
new file mode 100644
index 0000000000..00ae8e03e7
--- /dev/null
+++ b/fdio.infra.ansible/roles/kernel_vm/files/initramfs_modules
@@ -0,0 +1,4 @@
+9p
+9pnet
+9pnet_virtio
+vfio-pci \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kernel_vm/files/initramfs_resume b/fdio.infra.ansible/roles/kernel_vm/files/initramfs_resume
new file mode 100644
index 0000000000..820819823b
--- /dev/null
+++ b/fdio.infra.ansible/roles/kernel_vm/files/initramfs_resume
@@ -0,0 +1 @@
+RESUME=none \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/kernel_vm/tasks/main.yaml b/fdio.infra.ansible/roles/kernel_vm/tasks/main.yaml
new file mode 100644
index 0000000000..4d1b306e64
--- /dev/null
+++ b/fdio.infra.ansible/roles/kernel_vm/tasks/main.yaml
@@ -0,0 +1,92 @@
+---
+# file: roles/kernel_vm/tasks/main.yaml
+
+- name: Inst - Backup remote initramfs modules
+ copy:
+ src: "/etc/initramfs-tools/modules"
+ dest: "/tmp/initramfs_modules.bkp"
+ remote_src: yes
+ ignore_errors: yes
+ register: __initramfs_modules_backuped
+ tags:
+ - kernel-inst-image
+
+- name: Inst - Backup remote initramfs resume config
+ copy:
+ src: "/etc/initramfs-tools/conf.d/resume"
+ dest: "/tmp/initramfs-resume.bkp"
+ remote_src: yes
+ ignore_errors: yes
+ register: __initramfs_resume_backuped
+ tags:
+ - kernel-inst-image
+
+- name: Inst - Update remote initramfs modules
+ copy:
+ src: "../files/initramfs_modules"
+ dest: "/etc/initramfs-tools/modules"
+ tags:
+ - kernel-inst-image
+
+- name: Inst - Update remote initramfs resume config
+ copy:
+ src: "../files/initramfs_resume"
+ dest: "/etc/initramfs-tools/conf.d/resume"
+ tags:
+ - kernel-inst-image
+
+- name: Inst - Create target kernel dir
+ file:
+ path: "/opt/boot"
+ state: "directory"
+ tags:
+ - kernel-inst-image
+
+- name: Inst - Build initrd image
+ shell: "update-initramfs -k {{ ansible_kernel }} -c -b /opt/boot"
+ tags:
+ - kernel-inst-image
+
+- name: Inst - Copy corresponding kernel img
+ copy:
+ src: "/boot/vmlinuz-{{ ansible_kernel }}"
+ dest: "/opt/boot/vmlinuz-{{ ansible_kernel }}"
+ remote_src: yes
+ tags:
+ - kernel-inst-image
+
+- name: Inst - Restore remote initramfs modules
+ copy:
+ src: "/tmp/initramfs_modules.bkp"
+ dest: "/etc/initramfs-tools/modules"
+ remote_src: yes
+ ignore_errors: yes
+ when: __initramfs_modules_backuped
+ tags:
+ - kernel-inst-image
+
+- name: Inst - Remove remote backup initramfs modules
+ file:
+ path: "/tmp/initramfs_modules.bkp"
+ state: "absent"
+ when: __initramfs_modules_backuped
+ tags:
+ - kernel-inst-image
+
+- name: Inst - Restore remote initramfs resume config
+ copy:
+ src: "/tmp/initramfs-resume.bkp"
+ dest: "/etc/initramfs-tools/conf.d/resume"
+ remote_src: yes
+ ignore_errors: yes
+ when: __initramfs_resume_backuped
+ tags:
+ - kernel-inst-image
+
+- name: Inst - Remove remote backup initramfs resume config
+ file:
+ path: "/tmp/initramfs-resume.bkp"
+ state: "absent"
+ when: __initramfs_resume_backuped
+ tags:
+ - kernel-inst-image
diff --git a/fdio.infra.ansible/roles/kubernetes/defaults/main.yaml b/fdio.infra.ansible/roles/kubernetes/defaults/main.yaml
new file mode 100644
index 0000000000..1a2f773950
--- /dev/null
+++ b/fdio.infra.ansible/roles/kubernetes/defaults/main.yaml
@@ -0,0 +1,15 @@
+---
+# file: roles/kubernetes/defaults/main.yaml
+
+# Version options.
+kubernetes_version: "1.11.0-00"
+kubernetes_apt_package_state: present
+
+# Service options.
+kubernetes_service_state: started
+kubernetes_service_enabled: true
+kubernetes_restart_handler_state: restarted
+
+# APT options.
+kubernetes_apt_repository: "deb http://apt.kubernetes.io/ kubernetes-xenial main"
+kubernetes_apt_repository_state: present
diff --git a/fdio.infra.ansible/roles/kubernetes/tasks/main.yaml b/fdio.infra.ansible/roles/kubernetes/tasks/main.yaml
new file mode 100644
index 0000000000..160ffb8c06
--- /dev/null
+++ b/fdio.infra.ansible/roles/kubernetes/tasks/main.yaml
@@ -0,0 +1,14 @@
+---
+# file: roles/kubernetes/tasks/main.yaml
+
+- name: Kubernetes - Install distribution - release - machine prerequisites
+ include_tasks: '{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml'
+ tags: install-kubernetes
+
+- name: Kubernetes - Apply kubelet parameter
+ lineinfile:
+ path: '/etc/default/kubelet'
+ state: 'present'
+ regexp: '^KUBELET_EXTRA_ARGS=*'
+ line: 'KUBELET_EXTRA_ARGS=--feature-gates HugePages=false'
+ tags: install-kubernetes
diff --git a/fdio.infra.ansible/roles/kubernetes/tasks/ubuntu_bionic.yaml b/fdio.infra.ansible/roles/kubernetes/tasks/ubuntu_bionic.yaml
new file mode 100644
index 0000000000..454e80e002
--- /dev/null
+++ b/fdio.infra.ansible/roles/kubernetes/tasks/ubuntu_bionic.yaml
@@ -0,0 +1,37 @@
+---
+# file: roles/kubernetes/tasks/ubuntu_bionic.yaml
+
+- name: Kubernetes repository - Dependencies
+ apt:
+ name:
+ - 'apt-transport-https'
+ - 'ca-certificates'
+ - 'software-properties-common'
+ state: 'present'
+ cache_valid_time: 3600
+ install_recommends: False
+ tags: install-kubernetes
+
+- name: Kubernetes repository - Add an Apt signing key
+ apt_key:
+ url: 'https://packages.cloud.google.com/apt/doc/apt-key.gpg'
+ state: 'present'
+ tags: install-kubernetes
+
+- name: Kubernetes repository - Install APT repository
+ apt_repository:
+ repo: '{{ kubernetes_apt_repository }}'
+ state: '{{ kubernetes_apt_repository_state }}'
+ update_cache: yes
+ tags: install-kubernetes
+
+- name: Kubernetes - Install
+ apt:
+ name:
+ - 'kubernetes-cni=0.6.0-00'
+ - 'kubeadm={{ kubernetes_version }}'
+ - 'kubectl={{ kubernetes_version }}'
+ - 'kubelet={{ kubernetes_version }}'
+ state: '{{ kubernetes_apt_package_state }}'
+ force: True
+ tags: install-kubernetes
diff --git a/fdio.infra.ansible/roles/mellanox/defaults/main.yaml b/fdio.infra.ansible/roles/mellanox/defaults/main.yaml
new file mode 100644
index 0000000000..0961ec7df6
--- /dev/null
+++ b/fdio.infra.ansible/roles/mellanox/defaults/main.yaml
@@ -0,0 +1,21 @@
+---
+# file: roles/mellanox/defaults/main.yaml
+
+packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - []
+
+packages_by_distro:
+ ubuntu:
+ - "build-essential"
+ - "libnl-3-dev"
+ - "libnl-route-3-dev"
+
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
+
+mellanox_version: "5.2-1.0.4.0" \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/mellanox/tasks/main.yaml b/fdio.infra.ansible/roles/mellanox/tasks/main.yaml
new file mode 100644
index 0000000000..670282923a
--- /dev/null
+++ b/fdio.infra.ansible/roles/mellanox/tasks/main.yaml
@@ -0,0 +1,67 @@
+---
+# file: roles/mellanox/tasks/main.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - mellanox-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - mellanox-inst-prerequisites
+
+- name: Inst - Check Presence of Mellanox Hardware
+ shell: "lspci | grep Mellanox | awk '{print $1}'"
+ register: mellanox_pcis
+ failed_when: no
+ changed_when: no
+ tags:
+ - mellanox-inst
+
+- name: Inst - Get OFED
+ get_url:
+ url: "http://content.mellanox.com/ofed/MLNX_OFED-{{ mellanox_version }}/MLNX_OFED_LINUX-{{ mellanox_version }}-{{ ansible_distribution|lower }}{{ ansible_distribution_version }}-{{ ansible_machine }}.tgz"
+ dest: "/opt/MLNX_OFED_LINUX-{{ mellanox_version }}-{{ ansible_distribution|lower }}{{ ansible_distribution_version }}-{{ ansible_machine }}.tgz"
+ mode: 0644
+ when: mellanox_pcis.stdout_lines | length > 0
+ tags:
+ - mellanox-inst
+
+- name: Inst - Extract OFED
+ unarchive:
+ remote_src: true
+ src: "/opt/MLNX_OFED_LINUX-{{ mellanox_version }}-{{ ansible_distribution|lower }}{{ ansible_distribution_version }}-{{ ansible_machine }}.tgz"
+ dest: "/opt/"
+ creates: "/opt/MLNX_OFED_LINUX-{{ mellanox_version }}-{{ ansible_distribution|lower }}{{ ansible_distribution_version }}-{{ ansible_machine }}"
+ register: mellanox_firmware_extracted
+ when: mellanox_pcis.stdout_lines | length > 0
+ tags:
+ - mellanox-inst
+
+- name: Inst - OFED
+ command: "./mlnxofedinstall --with-mft --dpdk --force --upstream-libs"
+ args:
+ chdir: "/opt/MLNX_OFED_LINUX-{{ mellanox_version }}-{{ ansible_distribution|lower }}{{ ansible_distribution_version }}-{{ ansible_machine }}"
+ when: mellanox_pcis.stdout_lines | length > 0 and mellanox_firmware_extracted
+ tags:
+ - mellanox-inst
+
+- name: Switch Infiniband to Ethernet
+ command: "mlxconfig --yes --dev {{ item }} set LINK_TYPE_P1=2 LINK_TYPE_P2=2"
+ with_items: "{{ mellanox_pcis.stdout_lines }}"
+ tags:
+ - mellanox-conf
+
+- name: FIX qemu-system removal
+ package:
+ name: "qemu-system"
+ state: latest
+ tags:
+ - mellanox-inst
diff --git a/fdio.infra.ansible/roles/nomad/defaults/main.yaml b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
new file mode 100644
index 0000000000..864890c11e
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/defaults/main.yaml
@@ -0,0 +1,105 @@
+---
+# file: roles/nomad/defaults/main.yaml
+
+# Inst - Prerequisites.
+packages: "{{ packages_base + packages_by_distro[ansible_distribution | lower] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - "cgroup-bin"
+ - "curl"
+ - "git"
+ - "libcgroup1"
+ - "unzip"
+ - "htop"
+packages_by_distro:
+ ubuntu:
+ - []
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
+
+# Inst - Download Nomad.
+nomad_architecture_map:
+ amd64: "amd64"
+ x86_64: "amd64"
+ armv7l: "arm"
+ aarch64: "arm64"
+ 32-bit: "386"
+ 64-bit: "amd64"
+nomad_architecture: "{{ nomad_architecture_map[ansible_architecture] }}"
+nomad_version: "0.12.0"
+nomad_pkg: "nomad_{{ nomad_version }}_linux_{{ nomad_architecture }}.zip"
+nomad_zip_url: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/{{ nomad_pkg }}"
+
+# Inst - System paths.
+nomad_bin_dir: "/usr/local/bin"
+nomad_config_dir: "/etc/nomad.d"
+nomad_data_dir: "/var/nomad"
+nomad_inst_dir: "/opt"
+nomad_lockfile: "/var/lock/subsys/nomad"
+nomad_run_dir: "/var/run/nomad"
+nomad_ssl_dir: "/etc/nomad.d/ssl"
+
+# Conf - Service.
+nomad_node_role: "both"
+nomad_restart_handler_state: "restarted"
+
+# Conf - User and group.
+nomad_group: "nomad"
+nomad_group_state: "present"
+nomad_manage_group: true
+nomad_manage_user: true
+nomad_user: "nomad"
+nomad_user_groups: [ docker, nomad, root ]
+nomad_user_state: "present"
+
+# Conf - base.hcl
+nomad_bind_addr: "0.0.0.0"
+nomad_datacenter: "dc1"
+nomad_disable_update_check: true
+nomad_enable_debug: false
+nomad_log_level: "INFO"
+nomad_name: "{{ inventory_hostname }}"
+nomad_region: "global"
+nomad_syslog_enable: true
+
+# Conf - tls.hcl
+nomad_ca_file: "{{ nomad_ssl_dir }}/ca.pem"
+nomad_cert_file: "{{ nomad_ssl_dir }}/nomad.pem"
+nomad_http: false
+nomad_key_file: "{{ nomad_ssl_dir }}/nomad-key.pem"
+nomad_rpc: false
+
+# Conf - client.hcl
+nomad_certificates:
+ - src: "{{ vault_nomad_ca_file }}"
+ dest: "{{ nomad_ca_file }}"
+ - src: "{{ vault_nomad_cert_file }}"
+ dest: "{{ nomad_cert_file }}"
+ - src: "{{ vault_nomad_key_file }}"
+ dest: "{{ nomad_key_file }}"
+nomad_node_class: ""
+nomad_no_host_uuid: true
+nomad_options: {}
+nomad_servers: []
+nomad_volumes: []
+
+# Conf - server.hcl
+nomad_bootstrap_expect: 2
+nomad_encrypt: ""
+nomad_retry_join: true
+
+# Conf - telemetry.hcl
+nomad_disable_hostname: false
+nomad_collection_interval: 60s
+nomad_use_node_name: false
+nomad_publish_allocation_metrics: true
+nomad_publish_node_metrics: true
+nomad_backwards_compatible_metrics: false
+nomad_telemetry_provider_parameters:
+ prometheus_metrics: true
+
+# Conf - custom.hcl
+# empty
diff --git a/fdio.infra.ansible/roles/nomad/handlers/main.yaml b/fdio.infra.ansible/roles/nomad/handlers/main.yaml
new file mode 100644
index 0000000000..f0bcee9142
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/handlers/main.yaml
@@ -0,0 +1,10 @@
+---
+# file roles/nomad/handlers/main.yaml
+
+- name: Restart Nomad
+ systemd:
+ daemon_reload: true
+ enabled: true
+ name: "nomad"
+ state: "{{ nomad_restart_handler_state }}"
+
diff --git a/fdio.infra.ansible/roles/nomad/meta/main.yaml b/fdio.infra.ansible/roles/nomad/meta/main.yaml
new file mode 100644
index 0000000000..9fc40d9ae1
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/meta/main.yaml
@@ -0,0 +1,9 @@
+---
+# file: roles/nomad/meta/main.yaml
+
+# desc: Install nomad from stable branch and configure service.
+# inst: Nomad
+# conf: ?
+# info: 1.0 - added role
+
+dependencies: [ docker ]
diff --git a/fdio.infra.ansible/roles/nomad/tasks/main.yaml b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
new file mode 100644
index 0000000000..54e80513b8
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/tasks/main.yaml
@@ -0,0 +1,192 @@
+---
+# file: roles/nomad/tasks/main.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - nomad-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - nomad-inst-prerequisites
+
+- name: Conf - Add Nomad Group
+ group:
+ name: "{{ nomad_group }}"
+ state: "{{ nomad_group_state }}"
+ when:
+ - nomad_manage_group | bool
+ tags:
+ - nomad-conf-user
+
+- name: Conf - Add Nomad user
+ user:
+ name: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ groups: "{{ nomad_user_groups }}"
+ state: "{{ nomad_user_state }}"
+ system: true
+ when:
+ - nomad_manage_user | bool
+ tags:
+ - nomad-conf-user
+
+- name: Inst - Clean Nomad
+ file:
+ path: "{{ nomad_inst_dir }}/nomad"
+ state: "absent"
+ tags:
+ - nomad-inst-package
+
+- name: Inst - Download Nomad
+ get_url:
+ url: "{{ nomad_zip_url }}"
+ dest: "{{ nomad_inst_dir }}/{{ nomad_pkg }}"
+ tags:
+ - nomad-inst-package
+
+- name: Inst - Unarchive Nomad
+ unarchive:
+ src: "{{ nomad_inst_dir }}/{{ nomad_pkg }}"
+ dest: "{{ nomad_inst_dir }}/"
+ creates: "{{ nomad_inst_dir }}/nomad"
+ remote_src: true
+ tags:
+ - nomad-inst-package
+
+- name: Inst - Nomad
+ copy:
+ src: "{{ nomad_inst_dir }}/nomad"
+ dest: "{{ nomad_bin_dir }}"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ force: true
+ mode: 0755
+ remote_src: true
+ tags:
+ - nomad-inst-package
+
+- name: Conf - Create Directories "{{ nomad_data_dir }}"
+ file:
+ dest: "{{ nomad_data_dir }}"
+ state: directory
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ tags:
+ - nomad-conf
+
+- name: Conf - Create Directories "{{ nomad_ssl_dir }}"
+ file:
+ dest: "{{ nomad_ssl_dir }}"
+ state: directory
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ tags:
+ - nomad-conf
+
+- name: Conf - Create Config Directory
+ file:
+ dest: "{{ nomad_config_dir }}"
+ state: directory
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0755
+ tags:
+ - nomad-conf
+
+- name: Conf - Base Configuration
+ template:
+ src: base.hcl.j2
+ dest: "{{ nomad_config_dir }}/base.hcl"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ tags:
+ - nomad-conf
+
+- name: Conf - Server Configuration
+ template:
+ src: server.hcl.j2
+ dest: "{{ nomad_config_dir }}/server.hcl"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ when:
+ - nomad_node_server | bool
+ tags:
+ - nomad-conf
+
+- name: Conf - Client Configuration
+ template:
+ src: client.hcl.j2
+ dest: "{{ nomad_config_dir }}/client.hcl"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ when:
+ - nomad_node_client | bool
+ tags:
+ - nomad-conf
+
+- name: Conf - TLS Configuration
+ template:
+ src: tls.hcl.j2
+ dest: "{{ nomad_config_dir }}/tls.hcl"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ tags:
+ - nomad-conf
+
+- name: Conf - Telemetry Configuration
+ template:
+ src: telemetry.hcl.j2
+ dest: "{{ nomad_config_dir }}/telemetry.hcl"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ tags:
+ - nomad-conf
+
+- name: Conf - Custom Configuration
+ template:
+ src: custom.json.j2
+ dest: "{{ nomad_config_dir }}/custom.json"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0644
+ when:
+ - nomad_config_custom is defined
+ tags:
+ - nomad-conf
+
+- name: Conf - Copy Certificates And Keys
+ copy:
+ content: "{{ item.src }}"
+ dest: "{{ item.dest }}"
+ owner: "{{ nomad_user }}"
+ group: "{{ nomad_group }}"
+ mode: 0600
+ no_log: true
+ loop: "{{ nomad_certificates | flatten(levels=1) }}"
+ tags:
+ - nomad-conf
+
+- name: Conf - System.d Script
+ template:
+ src: "nomad_systemd.service.j2"
+ dest: "/lib/systemd/system/nomad.service"
+ owner: "root"
+ group: "root"
+ mode: 0644
+# notify:
+# - "Restart Nomad"
+ tags:
+ - nomad-conf
diff --git a/fdio.infra.ansible/roles/nomad/templates/base.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/base.hcl.j2
new file mode 100644
index 0000000000..7badecf9e0
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/base.hcl.j2
@@ -0,0 +1,11 @@
+name = "{{ nomad_name }}"
+region = "{{ nomad_region }}"
+datacenter = "{{ nomad_datacenter }}"
+
+bind_addr = "{{ nomad_bind_addr }}"
+data_dir = "{{ nomad_data_dir }}"
+
+enable_syslog = {{ nomad_syslog_enable | bool | lower }}
+enable_debug = {{ nomad_enable_debug | bool | lower }}
+disable_update_check = {{ nomad_disable_update_check | bool | lower }}
+log_level = "{{ nomad_log_level }}"
diff --git a/fdio.infra.ansible/roles/nomad/templates/client.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/client.hcl.j2
new file mode 100644
index 0000000000..f245697a22
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/client.hcl.j2
@@ -0,0 +1,31 @@
+client {
+ enabled = {{ nomad_node_client | bool | lower }}
+ no_host_uuid = {{ nomad_no_host_uuid | bool | lower }}
+ node_class = "{{ nomad_node_class }}"
+
+ {% if nomad_cpu_total_compute is defined -%}
+ cpu_total_compute = {{ nomad_cpu_total_compute }}
+ {% endif -%}
+
+ {% if nomad_servers -%}
+ servers = [ {% for ip_port in nomad_servers -%} "{{ ip_port }}" {% if not loop.last %},{% endif %}{%- endfor -%} ]
+ {% endif %}
+
+ {% if nomad_options -%}
+ options = {
+ {% for key, value in nomad_options.items() %}
+ "{{ key }}" = "{{ value }}"
+ {% endfor -%}
+ }
+ {% endif %}
+
+ {% if nomad_volumes -%}
+ {% for volume in nomad_volumes -%}
+ host_volume "{{ volume.name }}" {
+ path = "{{ volume.path }}"
+ read_only = {{ volume.read_only | bool | lower }}
+ }
+ {% endfor -%}
+ {% endif %}
+
+}
diff --git a/fdio.infra.ansible/roles/nomad/templates/custom.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/custom.hcl.j2
new file mode 100644
index 0000000000..37ff6f3496
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/custom.hcl.j2
@@ -0,0 +1,5 @@
+{% if nomad_config_custom -%}
+{{ nomad_config_custom | to_nice_json }}
+{% else %}
+{}
+{% endif %}
diff --git a/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2 b/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2
new file mode 100644
index 0000000000..2a87c65063
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/nomad_systemd.service.j2
@@ -0,0 +1,21 @@
+[Unit]
+Description=Nomad Service
+Documentation=https://www.nomadproject.io/docs/
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+# TODO: Decrease privilege
+ExecReload=/bin/kill -SIGHUP $MAINPID
+ExecStart={{ nomad_bin_dir }}/nomad agent -config={{ nomad_config_dir }}
+KillSignal=SIGTERM
+LimitNOFILE=infinity
+LimitNPROC=infinity
+Restart=on-failure
+RestartSec=1
+User=root
+Group=root
+Environment="GOMAXPROCS=2"
+
+[Install]
+WantedBy=multi-user.target
diff --git a/fdio.infra.ansible/roles/nomad/templates/server.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/server.hcl.j2
new file mode 100644
index 0000000000..b581de9ad0
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/server.hcl.j2
@@ -0,0 +1,16 @@
+server {
+ enabled = {{ nomad_node_server | bool | lower }}
+
+ {% if nomad_node_server | bool -%}
+ bootstrap_expect = {{ nomad_bootstrap_expect }}
+ {%- endif %}
+
+ encrypt = "{{ nomad_encrypt }}"
+
+ {% if nomad_retry_join | bool -%}
+ server_join {
+ retry_join = [ {% for ip_port in nomad_retry_servers -%} "{{ ip_port }}" {% if not loop.last %},{% endif %}{%- endfor -%} ]
+ }
+ {%- endif %}
+
+}
diff --git a/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2
new file mode 100644
index 0000000000..256c6999e9
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/telemetry.hcl.j2
@@ -0,0 +1,20 @@
+telemetry {
+ # Telemetry provider parameters
+ {% for key, value in nomad_telemetry_provider_parameters.items() -%}
+ {% if value|bool -%}
+ {{ key }} = {{ value | bool | lower }}
+ {% elif value|string or value == "" -%}
+ {{ key }} = "{{ value }}"
+ {% else %}
+ {{ key }} = {{ value }}
+ {% endif -%}
+ {% endfor -%}
+
+ # Common parameters
+ disable_hostname = {{ nomad_disable_hostname | bool | lower }}
+ collection_interval = "{{ nomad_collection_interval }}"
+ use_node_name = {{ nomad_use_node_name | bool | lower }}
+ publish_allocation_metrics = {{ nomad_publish_allocation_metrics | bool | lower }}
+ publish_node_metrics = {{ nomad_publish_node_metrics | bool | lower }}
+ backwards_compatible_metrics = {{ nomad_backwards_compatible_metrics | bool | lower }}
+}
diff --git a/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2 b/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2
new file mode 100644
index 0000000000..650765f1b1
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/templates/tls.hcl.j2
@@ -0,0 +1,12 @@
+{% if ( nomad_ca_file ) and
+ ( nomad_cert_file ) and
+ ( nomad_key_file )
+%}
+tls {
+ http = {{ nomad_http | bool | lower }}
+ rpc = {{ nomad_rpc | bool | lower }}
+ ca_file = "{{ nomad_ca_file }}"
+ cert_file = "{{ nomad_cert_file }}"
+ key_file = "{{ nomad_key_file }}"
+}
+{% endif %}
diff --git a/fdio.infra.ansible/roles/nomad/vars/main.yaml b/fdio.infra.ansible/roles/nomad/vars/main.yaml
new file mode 100644
index 0000000000..a72222c992
--- /dev/null
+++ b/fdio.infra.ansible/roles/nomad/vars/main.yaml
@@ -0,0 +1,5 @@
+---
+# file: roles/nomad/vars/main.yaml
+
+nomad_node_client: "{{ (nomad_node_role == 'client') or (nomad_node_role == 'both') }}"
+nomad_node_server: "{{ (nomad_node_role == 'server') or (nomad_node_role == 'both') }}"
diff --git a/fdio.infra.ansible/roles/performance_tuning/defaults/main.yaml b/fdio.infra.ansible/roles/performance_tuning/defaults/main.yaml
new file mode 100644
index 0000000000..2dad931e92
--- /dev/null
+++ b/fdio.infra.ansible/roles/performance_tuning/defaults/main.yaml
@@ -0,0 +1,20 @@
+---
+# file: roles/performance_tuning/defaults/main.yaml
+
+packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - "cpufrequtils"
+
+packages_by_distro:
+ ubuntu:
+ bionic:
+ - []
+ focal:
+ - []
+
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - [] \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/performance_tuning/files/cpufrequtils b/fdio.infra.ansible/roles/performance_tuning/files/cpufrequtils
new file mode 100644
index 0000000000..03070fefe1
--- /dev/null
+++ b/fdio.infra.ansible/roles/performance_tuning/files/cpufrequtils
@@ -0,0 +1 @@
+GOVERNOR="performance"
diff --git a/fdio.infra.ansible/roles/performance_tuning/files/disable-turbo-boost.service b/fdio.infra.ansible/roles/performance_tuning/files/disable-turbo-boost.service
new file mode 100644
index 0000000000..e04729de50
--- /dev/null
+++ b/fdio.infra.ansible/roles/performance_tuning/files/disable-turbo-boost.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Disable Turbo Boost on Intel CPU
+
+[Service]
+ExecStart=/bin/sh -c 'for core in `cat /proc/cpuinfo | grep processor | awk \'{print $3}\'`; do sudo wrmsr -p$core 0x1a0 0x4000850089; done'
+ExecStop=/bin/sh -c 'for core in `cat /proc/cpuinfo | grep processor | awk \'{print $3}\'`; do sudo wrmsr -p$core 0x1a0 0x850089; done'
+RemainAfterExit=yes
+
+[Install]
+WantedBy=sysinit.target
diff --git a/fdio.infra.ansible/roles/performance_tuning/files/irqbalance b/fdio.infra.ansible/roles/performance_tuning/files/irqbalance
new file mode 100644
index 0000000000..861be02fb3
--- /dev/null
+++ b/fdio.infra.ansible/roles/performance_tuning/files/irqbalance
@@ -0,0 +1,25 @@
+# irqbalance is a daemon process that distributes interrupts across
+# CPUS on SMP systems. The default is to rebalance once every 10
+# seconds. This is the environment file that is specified to systemd via the
+# EnvironmentFile key in the service unit file (or via whatever method the init
+# system you're using has.
+#
+# ONESHOT=yes
+# after starting, wait for a minute, then look at the interrupt
+# load and balance it once; after balancing exit and do not change
+# it again.
+#IRQBALANCE_ONESHOT=
+
+#
+# IRQBALANCE_BANNED_CPUS
+# 64 bit bitmask which allows you to indicate which cpu's should
+# be skipped when reblancing irqs. Cpu numbers which have their
+# corresponding bits set to one in this mask will not have any
+# irq's assigned to them on rebalance
+#
+IRQBALANCE_BANNED_CPUS="{{ ansible_processor_cores | irqbalance_banned_cpu_mask(ansible_processor_count, ansible_processor_threads_per_core) }}"
+#
+# IRQBALANCE_ARGS
+# append any args here to the irqbalance daemon as documented in the man page
+#
+#IRQBALANCE_ARGS=
diff --git a/fdio.infra.ansible/roles/performance_tuning/filter_plugins/main.py b/fdio.infra.ansible/roles/performance_tuning/filter_plugins/main.py
new file mode 100644
index 0000000000..d76f6fe166
--- /dev/null
+++ b/fdio.infra.ansible/roles/performance_tuning/filter_plugins/main.py
@@ -0,0 +1,29 @@
+"""Extra Ansible filters"""
+
+def irqbalance_banned_cpu_mask(
+ processor_cores, processor_count, processor_threads_per_core):
+ """
+ Return irqbalance CPU mask.
+ Args:
+ processor_cores (int): Physical processor unit.
+ processor_counts (int): Processors per physical unit.
+ processor_threads_per_core (int): Threads per physical unit.
+ Returns:
+ str: irqbalance_banned_cpus.
+ """
+ mask = int("1" * 128, 2)
+
+ for i in range(processor_count * processor_threads_per_core):
+ mask &= ~(1 << i * processor_cores)
+
+ import re
+ return ",".join(re.findall('.{1,8}', str(hex(mask))[2:]))
+
+
+class FilterModule(object):
+ """Return filter plugin"""
+
+ @staticmethod
+ def filters():
+ """Return filter"""
+ return {'irqbalance_banned_cpu_mask': irqbalance_banned_cpu_mask}
diff --git a/fdio.infra.ansible/roles/performance_tuning/handlers/main.yaml b/fdio.infra.ansible/roles/performance_tuning/handlers/main.yaml
new file mode 100644
index 0000000000..fa2876b7ac
--- /dev/null
+++ b/fdio.infra.ansible/roles/performance_tuning/handlers/main.yaml
@@ -0,0 +1,13 @@
+---
+# file roles/performance_tuning/handlers/main.yaml
+
+- name: Update GRUB
+ command: update-grub
+ tags:
+ - update-grub
+
+- name: Reboot server
+ reboot:
+ reboot_timeout: 3600
+ tags:
+ - reboot-server
diff --git a/fdio.infra.ansible/roles/performance_tuning/tasks/main.yaml b/fdio.infra.ansible/roles/performance_tuning/tasks/main.yaml
new file mode 100644
index 0000000000..e9cdd0d819
--- /dev/null
+++ b/fdio.infra.ansible/roles/performance_tuning/tasks/main.yaml
@@ -0,0 +1,189 @@
+---
+# file: roles/performance_tuning/tasks/main.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - perf-inst-prerequisites
+
+- name: Inst - Machine Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - perf-inst-prerequisites
+
+- name: Conf - Turbo Boost
+ import_tasks: turbo_boost.yaml
+ when: >
+ cpu_microarchitecture == "skylake" or
+ cpu_microarchitecture == "cascadelake"
+ tags:
+ - perf-conf-turbo-boost
+
+- name: Conf - Adjust nr_hugepages
+ # change the minimum size of the hugepage pool.
+ # 2G VPP, 4GB per VNF/CNF, 2G reserve
+ sysctl:
+ name: "vm.nr_hugepages"
+ value: "{{ sysctl.vm.nr_hugepages }}"
+ state: "present"
+ sysctl_file: "/etc/sysctl.d/90-csit.conf"
+ reload: "yes"
+ tags:
+ - perf-conf-sysctl
+
+- name: Conf - Adjust max_map_count
+ # this file contains the maximum number of memory map areas a process
+ # may have. memory map areas are used as a side-effect of calling
+ # malloc, directly by mmap and mprotect, and also when loading shared
+ # libraries.
+ #
+ # while most applications need less than a thousand maps, certain
+ # programs, particularly malloc debuggers, may consume lots of them,
+ # e.g., up to one or two maps per allocation.
+ # must be greater than or equal to (2 * vm.nr_hugepages).
+ sysctl:
+ name: "vm.max_map_count"
+ value: "{{ sysctl.vm.nr_hugepages * 4 }}"
+ state: "present"
+ sysctl_file: "/etc/sysctl.d/90-csit.conf"
+ reload: "yes"
+ tags:
+ - perf-conf-sysctl
+
+- name: Conf - Adjust hugetlb_shm_group
+ # hugetlb_shm_group contains group id that is allowed to create sysv
+ # shared memory segment using hugetlb page.
+ sysctl:
+ name: "vm.hugetlb_shm_group"
+ value: "1000"
+ state: "present"
+ sysctl_file: "/etc/sysctl.d/90-csit.conf"
+ reload: "yes"
+ tags:
+ - perf-conf-sysctl
+
+- name: Conf - Adjust swappiness
+ # this control is used to define how aggressive the kernel will swap
+ # memory pages. higher values will increase agressiveness, lower values
+ # decrease the amount of swap. a value of 0 instructs the kernel not to
+ # initiate swap until the amount of free and file-backed pages is less
+ # than the high water mark in a zone.
+ sysctl:
+ name: "vm.swappiness"
+ value: "0"
+ state: "present"
+ sysctl_file: "/etc/sysctl.d/90-csit.conf"
+ reload: "yes"
+ tags:
+ - perf-conf-sysctl
+
+- name: Conf - Adjust shmmax
+ # shared memory max must be greator or equal to the total size of hugepages.
+ # for 2mb pages, totalhugepagesize = vm.nr_hugepages * 2 * 1024 * 1024
+ # if the existing kernel.shmmax setting (cat /sys/proc/kernel/shmmax)
+ # is greater than the calculated totalhugepagesize then set this parameter
+ # to current shmmax value.
+ sysctl:
+ name: "kernel.shmmax"
+ value: "{{ sysctl.vm.nr_hugepages * 2 * 1024 * 1024 }}"
+ state: "present"
+ sysctl_file: "/etc/sysctl.d/90-csit.conf"
+ reload: "yes"
+ tags:
+ - perf-conf-sysctl
+
+- name: Conf - Adjust watchdog_cpumask
+ # this value can be used to control on which cpus the watchdog may run.
+ # the default cpumask is all possible cores, but if no_hz_full is
+ # enabled in the kernel config, and cores are specified with the
+ # nohz_full= boot argument, those cores are excluded by default.
+ # offline cores can be included in this mask, and if the core is later
+ # brought online, the watchdog will be started based on the mask value.
+ #
+ # typically this value would only be touched in the nohz_full case
+ # to re-enable cores that by default were not running the watchdog,
+ # if a kernel lockup was suspected on those cores.
+ sysctl:
+ name: "kernel.watchdog_cpumask"
+ value: "{{ sysctl.kernel.watchdog_cpumask }}"
+ state: "present"
+ sysctl_file: "/etc/sysctl.d/90-csit.conf"
+ reload: "yes"
+ tags:
+ - perf-conf-sysctl
+
+- name: Conf - Adjust randomize_va_space
+ # this option can be used to select the type of process address
+ # space randomization that is used in the system, for architectures
+ # that support this feature.
+ # 0 - turn the process address space randomization off. this is the
+ # default for architectures that do not support this feature anyways,
+ # and kernels that are booted with the "norandmaps" parameter.
+ sysctl:
+ name: "kernel.randomize_va_space"
+ value: "0"
+ state: "present"
+ sysctl_file: "/etc/sysctl.d/90-csit.conf"
+ reload: "yes"
+ tags:
+ - perf-conf-sysctl
+
+- name: Conf - Cpufrequtils
+ copy:
+ src: "files/cpufrequtils"
+ dest: "/etc/default/cpufrequtils"
+ owner: "root"
+ group: "root"
+ mode: 0644
+ tags:
+ - perf-conf-cpufrequtils
+
+- name: Conf - Irqbalance
+ template:
+ src: "files/irqbalance"
+ dest: "/etc/default/irqbalance"
+ owner: "root"
+ group: "root"
+ mode: 0644
+ tags:
+ - perf-conf-irqbalance
+
+- name: Conf - Set Ondemand Service To Disable
+ service:
+ name: "ondemand"
+ enabled: "no"
+ tags:
+ - perf-conf-ondemand
+
+- name: Conf - Kernel Parameters
+ lineinfile:
+ path: "/etc/default/grub"
+ state: "present"
+ regexp: "^GRUB_CMDLINE_LINUX="
+ line: "GRUB_CMDLINE_LINUX=\"{% for key, value in grub.items() %}{% if value is sameas true %}{{key}} {% else %}{{key}}={{value}} {% endif %}{% endfor %}\""
+ notify:
+ - "Update GRUB"
+ tags:
+ - perf-conf-grub
+
+- meta: flush_handlers
+
+- name: Conf - Load Kernel Modules By Default
+ lineinfile:
+ path: "/etc/modules"
+ state: "present"
+ line: "{{ item }}"
+ with_items:
+ - "vfio-pci"
+ notify:
+ - "Reboot Server"
+ tags:
+ - perf-conf-load-kernel-modules
+
+- meta: flush_handlers \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/performance_tuning/tasks/turbo_boost.yaml b/fdio.infra.ansible/roles/performance_tuning/tasks/turbo_boost.yaml
new file mode 100644
index 0000000000..7f69365a2d
--- /dev/null
+++ b/fdio.infra.ansible/roles/performance_tuning/tasks/turbo_boost.yaml
@@ -0,0 +1,44 @@
+---
+# file: roles/performance_tuning/tasks/turbo_boost.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - turbo-inst-prerequisites
+
+- name: Inst - msr-tools
+ package:
+ name:
+ - "msr-tools"
+ state: latest
+ tags:
+ - turbo-inst-prerequisites
+
+- name: Conf - Load msr By Default
+ lineinfile:
+ path: "/etc/modules"
+ state: "present"
+ line: "msr"
+ tags:
+ - turbo-conf-msr
+
+- name: Conf - Custom Startup Service Hook
+ copy:
+ src: "files/disable-turbo-boost.service"
+ dest: "/etc/systemd/system/disable-turbo-boost.service"
+ owner: "root"
+ group: "root"
+ mode: 0644
+ tags:
+ - turbo-conf-msr
+
+- name: Conf - Custom Startup Service Hook Enable
+ service:
+ name: "disable-turbo-boost"
+ enabled: yes
+ tags:
+ - turbo-conf-msr
diff --git a/fdio.infra.ansible/roles/prometheus_exporter/defaults/main.yaml b/fdio.infra.ansible/roles/prometheus_exporter/defaults/main.yaml
new file mode 100644
index 0000000000..eb2b94cb26
--- /dev/null
+++ b/fdio.infra.ansible/roles/prometheus_exporter/defaults/main.yaml
@@ -0,0 +1,17 @@
+---
+# file: roles/prometheus_exporter/defaults/main.yaml
+
+# Inst - Exporters.
+ne_packages: "{{ ne_packages_by_distro[ansible_distribution | lower][ansible_machine] }}"
+
+ne_packages_by_distro:
+ ubuntu:
+ aarch64: "http://ports.ubuntu.com/pool/universe/p/prometheus-node-exporter/prometheus-node-exporter_1.0.1+ds-1_arm64.deb"
+ x86_64: "http://archive.ubuntu.com/ubuntu/pool/universe/p/prometheus-node-exporter/prometheus-node-exporter_1.0.1+ds-1_amd64.deb"
+
+be_packages: "{{ be_packages_by_distro[ansible_distribution | lower][ansible_machine] }}"
+
+be_packages_by_distro:
+ ubuntu:
+ aarch64: "http://ports.ubuntu.com/pool/universe/p/prometheus-blackbox-exporter/prometheus-blackbox-exporter_0.17.0+ds-1_arm64.deb"
+ x86_64: "http://archive.ubuntu.com/ubuntu/pool/universe/p/prometheus-blackbox-exporter/prometheus-blackbox-exporter_0.17.0+ds-1_amd64.deb"
diff --git a/fdio.infra.ansible/roles/prometheus_exporter/files/blackbox.yml b/fdio.infra.ansible/roles/prometheus_exporter/files/blackbox.yml
new file mode 100644
index 0000000000..f61c26e1a8
--- /dev/null
+++ b/fdio.infra.ansible/roles/prometheus_exporter/files/blackbox.yml
@@ -0,0 +1,25 @@
+modules:
+ http_2xx:
+ prober: http
+ timeout: 5s
+ http:
+ valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
+ no_follow_redirects: false
+ fail_if_ssl: false
+ fail_if_not_ssl: true
+ tls_config:
+ insecure_skip_verify: false
+ preferred_ip_protocol: "ip4"
+ icmp_v4:
+ prober: icmp
+ timeout: 5s
+ icmp:
+ preferred_ip_protocol: "ip4"
+ dns_udp:
+ prober: dns
+ timeout: 5s
+ dns:
+ query_name: "jenkins.fd.io"
+ query_type: "A"
+ valid_rcodes:
+ - NOERROR \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/prometheus_exporter/handlers/main.yaml b/fdio.infra.ansible/roles/prometheus_exporter/handlers/main.yaml
new file mode 100644
index 0000000000..9c374eaa61
--- /dev/null
+++ b/fdio.infra.ansible/roles/prometheus_exporter/handlers/main.yaml
@@ -0,0 +1,16 @@
+---
+# file roles/prometheus_exporter/handlers/main.yaml
+
+- name: Restart Prometheus Node Exporter
+ systemd:
+ daemon_reload: true
+ enabled: true
+ name: "prometheus-node-exporter"
+ state: "restarted"
+
+- name: Restart Prometheus Blackbox Exporter
+ systemd:
+ daemon_reload: true
+ enabled: true
+ name: "prometheus-blackbox-exporter"
+ state: "restarted" \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/prometheus_exporter/tasks/main.yaml b/fdio.infra.ansible/roles/prometheus_exporter/tasks/main.yaml
new file mode 100644
index 0000000000..b38215c4a2
--- /dev/null
+++ b/fdio.infra.ansible/roles/prometheus_exporter/tasks/main.yaml
@@ -0,0 +1,15 @@
+---
+# file: roles/prometheus_exporter/tasks/main.yaml
+
+- include_tasks: "{{ ansible_distribution|lower }}_{{ ansible_distribution_release }}.yaml"
+ tags:
+ - prometheus-inst
+
+- name: Conf - Prometheus Blackbox Exporter
+ copy:
+ src: 'files/blackbox.yml'
+ dest: '/etc/prometheus/blackbox.yml'
+ notify:
+ - "Restart Prometheus Blackbox Exporter"
+ tags:
+ - prometheus-conf-blackbox-exporter \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/prometheus_exporter/tasks/ubuntu_bionic.yaml b/fdio.infra.ansible/roles/prometheus_exporter/tasks/ubuntu_bionic.yaml
new file mode 100644
index 0000000000..566753e272
--- /dev/null
+++ b/fdio.infra.ansible/roles/prometheus_exporter/tasks/ubuntu_bionic.yaml
@@ -0,0 +1,33 @@
+---
+# file: roles/prometheus_exporter/tasks/ubuntu_bionic.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ tags:
+ - prometheus-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "init-system-helpers"
+ default_release: "bionic-backports"
+ state: latest
+ tags:
+ - prometheus-inst-prerequisites
+
+- name: Inst - Prometheus Node Exporter
+ apt:
+ deb: "{{ ne_packages }}"
+ notify:
+ - "Restart Prometheus Node Exporter"
+ tags:
+ - prometheus-inst-node-exporter
+
+- name: Inst - Prometheus Blackbox Exporter
+ apt:
+ deb: "{{ be_packages }}"
+ notify:
+ - "Restart Prometheus Blackbox Exporter"
+ tags:
+ - prometheus-inst-blackbox-exporter \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/python_env/defaults/main.yaml b/fdio.infra.ansible/roles/python_env/defaults/main.yaml
new file mode 100644
index 0000000000..342d1c3d33
--- /dev/null
+++ b/fdio.infra.ansible/roles/python_env/defaults/main.yaml
@@ -0,0 +1,41 @@
+---
+# file: roles/common/defaults/main.yaml
+
+packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - "virtualenv"
+
+packages_by_distro:
+ ubuntu:
+ bionic:
+ - "python-all"
+ - "python-apt"
+ - "python-cffi"
+ - "python-cffi-backend"
+ - "python-dev"
+ - "python-pip"
+ - "python-setuptools"
+ - "python3-all"
+ - "python3-apt"
+ - "python3-cffi"
+ - "python3-cffi-backend"
+ - "python3-dev"
+ - "python3-pip"
+ - "python3-pyelftools"
+ - "python3-setuptools"
+ focal:
+ - "python3-all"
+ - "python3-apt"
+ - "python3-cffi"
+ - "python3-cffi-backend"
+ - "python3-dev"
+ - "python3-pip"
+ - "python3-pyelftools"
+ - "python3-setuptools"
+
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - [] \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/python_env/tasks/main.yaml b/fdio.infra.ansible/roles/python_env/tasks/main.yaml
new file mode 100644
index 0000000000..cddfe63655
--- /dev/null
+++ b/fdio.infra.ansible/roles/python_env/tasks/main.yaml
@@ -0,0 +1,82 @@
+---
+# file: roles/python_env/tasks/main.yaml
+
+- name: Inst - Update package cache (apt)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - common-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - common-inst-prerequisites
+
+- name: Inst - CSIT PIP requirements
+ pip:
+ name:
+ - "ecdsa==0.13.3"
+ - "paramiko==2.6.0"
+ - "pycrypto==2.6.1"
+ - "pypcap==1.2.3"
+ - "PyYAML==5.1.1"
+ - "requests==2.22.0"
+ - "robotframework==3.1.2"
+ - "scapy==2.4.3"
+ - "scp==0.13.2"
+ - "ansible==2.10.7"
+ - "dill==0.3.3"
+ - "numpy==1.17.3"
+ - "hdrhistogram==0.6.1"
+ - "plotly==4.1.1"
+ - "PTable==0.9.2"
+ - "Sphinx==2.2.1"
+ - "sphinx-rtd-theme==0.4.0"
+ - "sphinxcontrib-programoutput==0.15"
+ - "sphinxcontrib-robotdoc==0.11.0"
+ - "alabaster==0.7.12"
+ - "Babel==2.7.0"
+ - "bcrypt==3.1.7"
+ - "certifi==2019.9.11"
+ - "cffi==1.13.2"
+ - "chardet==3.0.4"
+ - "cryptography==2.8"
+ - "docutils==0.15.2"
+ - "future==0.18.2"
+ - "idna==2.8"
+ - "imagesize==1.1.0"
+ - "Jinja2==2.10.3"
+ - "MarkupSafe==1.1.1"
+ - "packaging==19.2"
+ - "pbr==5.4.3"
+ - "pycparser==2.19"
+ - "Pygments==2.4.2"
+ - "PyNaCl==1.3.0"
+ - "pyparsing==2.4.4"
+ - "python-dateutil==2.8.1"
+ - "pytz==2019.3"
+ - "retrying==1.3.3"
+ - "six==1.13.0"
+ - "snowballstemmer==2.0.0"
+ - "sphinxcontrib-applehelp==1.0.1"
+ - "sphinxcontrib-devhelp==1.0.1"
+ - "sphinxcontrib-htmlhelp==1.0.2"
+ - "sphinxcontrib-jsmath==1.0.1"
+ - "sphinxcontrib-qthelp==1.0.2"
+ - "sphinxcontrib-serializinghtml==1.1.3"
+ - "urllib3==1.25.6"
+ tags:
+ - common-inst-pip
+
+- name: Inst - CSIT PIP requirements - Pandas and SciPy workaround
+ pip:
+ name:
+ - "pandas==0.25.3"
+ - "scipy==1.5.4"
+ tags:
+ - common-inst-pip
diff --git a/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.service b/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.service
new file mode 100644
index 0000000000..11911201d5
--- /dev/null
+++ b/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=CSIT Initialize Docker TG
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=True
+ExecStart=/usr/local/bin/csit-initialize-docker-tg.sh start 2
+ExecStop=/usr/local/bin/csit-initialize-docker-tg.sh stop
+
+[Install]
+WantedBy=default.target
diff --git a/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.sh b/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.sh
new file mode 100755
index 0000000000..0120795e9c
--- /dev/null
+++ b/fdio.infra.ansible/roles/tg/files/csit-initialize-docker-tg.sh
@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# CSIT SRIOV VF initialization and isolation.
+
+set -euo pipefail
+
+case "${1:-start}" in
+ "start" )
+ # Run TG
+ for cnt in $(seq 1 ${2:-1}); do
+ docker network create --driver bridge csit-nw-tg${cnt} || true
+ # If the IMAGE is not already loaded then docker run will pull the
+ # IMAGE, and all image dependencies, before it starts the container.
+ dcr_image="csit_sut-ubuntu2004:local"
+ # Run the container in the background and print the new container
+ # ID.
+ dcr_stc_params="--detach=true "
+ # Give extended privileges to this container. A "privileged"
+ # container is given access to all devices and able to run nested
+ # containers.
+ dcr_stc_params+="--privileged "
+ # Publish all exposed ports to random ports on the host interfaces.
+ dcr_stc_params+="--publish 600${cnt}:2222 "
+ # Automatically remove the container when it exits.
+ dcr_stc_params+="--rm "
+ # Size of /dev/shm.
+ dcr_stc_params+="--shm-size 4G "
+ # Mount vfio to be able to bind to see binded interfaces. We cannot
+ # use --device=/dev/vfio as this does not see newly binded
+ # interfaces.
+ dcr_stc_params+="--volume /dev:/dev "
+ # Mount /opt/boot/ where VM kernel and initrd are located.
+ dcr_stc_params+="--volume /opt:/opt "
+ # Mount host hugepages for VMs.
+ dcr_stc_params+="--volume /dev/hugepages:/dev/hugepages "
+
+ params=(${dcr_stc_params} --name csit-tg-"${cnt}" "${dcr_image}")
+ docker run --network=csit-nw-tg${cnt} "${params[@]}"
+ done
+ ;;
+ "stop" )
+ docker rm --force $(docker ps --all --quiet --filter name=csit)
+ docker network rm $(docker network ls --filter name=csit --quiet)
+ ;;
+esac
diff --git a/fdio.infra.ansible/roles/tg/handlers/main.yaml b/fdio.infra.ansible/roles/tg/handlers/main.yaml
new file mode 100644
index 0000000000..e13e67b2c1
--- /dev/null
+++ b/fdio.infra.ansible/roles/tg/handlers/main.yaml
@@ -0,0 +1,10 @@
+---
+# file: roles/tg/handlers/main.yaml
+
+- name: Start csit-initialize-docker-tg.service
+ systemd:
+ enabled: yes
+ state: "started"
+ name: "csit-initialize-docker-tg.service"
+ tags:
+ - docker-tg
diff --git a/fdio.infra.ansible/roles/tg/tasks/main.yaml b/fdio.infra.ansible/roles/tg/tasks/main.yaml
new file mode 100644
index 0000000000..4e79dabfab
--- /dev/null
+++ b/fdio.infra.ansible/roles/tg/tasks/main.yaml
@@ -0,0 +1,30 @@
+---
+# file: roles/tg/tasks/main.yaml
+
+- name: Conf - csit-initialize-docker-tg.sh
+ copy:
+ src: "files/csit-initialize-docker-tg.sh"
+ dest: "/usr/local/bin/csit-initialize-docker-tg.sh"
+ owner: "root"
+ group: "root"
+ mode: 0744
+ when:
+ - docker_tg is defined
+ tags:
+ - tg-conf-docker
+
+- name: Conf - Start csit-initialize-docker-tg.service
+ copy:
+ src: "files/csit-initialize-docker-tg.service"
+ dest: "/etc/systemd/system/"
+ owner: "root"
+ group: "root"
+ mode: 0644
+ notify:
+ - "Start csit-initialize-docker-tg.service"
+ when:
+ - docker_tg is defined
+ tags:
+ - tg-conf-docker
+
+- meta: flush_handlers
diff --git a/fdio.infra.ansible/roles/topology/tasks/main.yaml b/fdio.infra.ansible/roles/topology/tasks/main.yaml
new file mode 100644
index 0000000000..cf3eb5367f
--- /dev/null
+++ b/fdio.infra.ansible/roles/topology/tasks/main.yaml
@@ -0,0 +1,9 @@
+---
+# file: roles/topology/tasks/main.yaml
+
+- name: Create topology file
+ template:
+ src: "templates/topology_{{ cloud_topology }}.j2"
+ dest: "../../../../topologies/available/{{ cloud_topology }}_{{ testbed_name }}.yaml"
+ tags:
+ - create-topology-file
diff --git a/fdio.infra.ansible/roles/topology/templates/topology_2n_aws_c5n.j2 b/fdio.infra.ansible/roles/topology/templates/topology_2n_aws_c5n.j2
new file mode 100644
index 0000000000..1d99a34994
--- /dev/null
+++ b/fdio.infra.ansible/roles/topology/templates/topology_2n_aws_c5n.j2
@@ -0,0 +1,56 @@
+---
+metadata:
+ version: 0.1
+ schema:
+ - resources/topology_schemas/2_node_topology.sch.yaml
+ - resources/topology_schemas/topology.sch.yaml
+ tags: [hw, 2-node]
+
+nodes:
+ TG:
+ type: TG
+ subtype: TREX
+ host: "{{ tg_public_ip }}"
+ arch: x86_64
+ port: 22
+ username: testuser
+ password: Csit1234
+ interfaces:
+ port1:
+ # tg_instance/p1 - 50GE port1 on ENA NIC.
+ mac_address: {{ tg_if1_mac }}
+ pci_address: "0000:00:06.0"
+ link: link1
+ model: Amazon-Nitro-50G
+ port2:
+ # tg_instance/p2 - 50GE port2 on ENA NIC.
+ mac_address: {{ tg_if2_mac }}
+ pci_address: "0000:00:07.0"
+ link: link2
+ model: Amazon-Nitro-50G
+ DUT1:
+ type: DUT
+ host: "{{ dut1_public_ip }}"
+ arch: x86_64
+ port: 22
+ username: testuser
+ password: Csit1234
+ uio_driver: vfio-pci
+ honeycomb:
+ user: admin
+ passwd: admin
+ port: 8183
+ netconf_port: 2831
+ interfaces:
+ port1:
+ # dut1_instance/p1 - 50GE port1 on ENA NIC.
+ mac_address: {{ dut1_if1_mac }}
+ pci_address: "0000:00:06.0"
+ link: link1
+ model: Amazon-Nitro-50G
+ port2:
+ # dut1_instance/p2 - 50GE port2 on ENA NIC.
+ mac_address: {{ dut1_if2_mac }}
+ pci_address: "0000:00:07.0"
+ link: link2
+ model: Amazon-Nitro-50G
diff --git a/fdio.infra.ansible/roles/topology/templates/topology_3n_aws_c5n.j2 b/fdio.infra.ansible/roles/topology/templates/topology_3n_aws_c5n.j2
new file mode 100644
index 0000000000..631b0be63b
--- /dev/null
+++ b/fdio.infra.ansible/roles/topology/templates/topology_3n_aws_c5n.j2
@@ -0,0 +1,83 @@
+---
+metadata:
+ version: 0.1
+ schema:
+ - resources/topology_schemas/3_node_topology.sch.yaml
+ - resources/topology_schemas/topology.sch.yaml
+ tags: [hw, 3-node]
+
+nodes:
+ TG:
+ type: TG
+ subtype: TREX
+ host: "{{ tg_public_ip }}"
+ arch: x86_64
+ port: 22
+ username: testuser
+ password: Csit1234
+ interfaces:
+ port1:
+ # tg_instance/p1 - 50GE port1 on ENA NIC.
+ mac_address: {{ tg_if1_mac }}
+ pci_address: "0000:00:06.0"
+ link: link1
+ model: Amazon-Nitro-50G
+ port2:
+ # tg_instance/p2 - 50GE port2 on ENA NIC.
+ mac_address: {{ tg_if2_mac }}
+ pci_address: "0000:00:07.0"
+ link: link2
+ model: Amazon-Nitro-50G
+ DUT1:
+ type: DUT
+ host: "{{ dut1_public_ip }}"
+ arch: x86_64
+ port: 22
+ username: testuser
+ password: Csit1234
+ uio_driver: vfio-pci
+ honeycomb:
+ user: admin
+ passwd: admin
+ port: 8183
+ netconf_port: 2831
+ interfaces:
+ port1:
+ # dut1_instance/p1 - 50GE port1 on ENA NIC.
+ mac_address: {{ dut1_if1_mac }}
+ pci_address: "0000:00:06.0"
+ link: link1
+ model: Amazon-Nitro-50G
+ port2:
+ # dut1_instance/p2 - 50GE port2 on ENA NIC.
+ mac_address: {{ dut1_if2_mac }}
+ pci_address: "0000:00:07.0"
+ link: link21
+ model: Amazon-Nitro-50G
+ DUT2:
+ type: DUT
+ host: "{{ dut2_public_ip }}"
+ arch: x86_64
+ port: 22
+ username: testuser
+ password: Csit1234
+ uio_driver: vfio-pci
+ honeycomb:
+ user: admin
+ passwd: admin
+ port: 8183
+ netconf_port: 2831
+ interfaces:
+ port1:
+ # dut2_instance/p1 - 50GE port1 on ENA NIC.
+ mac_address: {{ dut2_if1_mac }}
+ pci_address: "0000:00:06.0"
+ link: link21
+ model: Amazon-Nitro-50G
+ port2:
+ # dut2_instance/p2 - 50GE port1 on ENA NIC.
+ mac_address: {{ dut2_if2_mac }}
+ pci_address: "0000:00:07.0"
+ link: link2
+ model: Amazon-Nitro-50G
+
diff --git a/fdio.infra.ansible/roles/topology/templates/topology_3n_azure_Fsv2.j2 b/fdio.infra.ansible/roles/topology/templates/topology_3n_azure_Fsv2.j2
new file mode 100644
index 0000000000..e4dd6cdbf2
--- /dev/null
+++ b/fdio.infra.ansible/roles/topology/templates/topology_3n_azure_Fsv2.j2
@@ -0,0 +1,82 @@
+---
+metadata:
+ version: 0.1
+ schema:
+ - resources/topology_schemas/3_node_topology.sch.yaml
+ - resources/topology_schemas/topology.sch.yaml
+ tags: [hw, 3-node]
+
+nodes:
+ TG:
+ type: TG
+ subtype: TREX
+ host: "{{ tg_public_ip }}"
+ arch: x86_64
+ port: 22
+ username: testuser
+ password: Csit1234
+ interfaces:
+ port1:
+ # tg_instance/p1 - 40GE port1 on Mellanox NIC.
+ mac_address: "{{ tg_if1_mac | lower | replace('-',':') }}"
+ pci_address: "0002:00:02.0"
+ link: link1
+ model: Azure-MLX-40G
+ port2:
+ # tg_instance/p2 - 40GE port2 on Mellanox NIC.
+ mac_address: "{{ tg_if2_mac | lower | replace('-',':') }}"
+ pci_address: "0003:00:02.0"
+ link: link2
+ model: Azure-MLX-40G
+ DUT1:
+ type: DUT
+ host: "{{ dut1_public_ip }}"
+ arch: x86_64
+ port: 22
+ username: testuser
+ password: Csit1234
+ uio_driver: vfio-pci
+ honeycomb:
+ user: admin
+ passwd: admin
+ port: 8183
+ netconf_port: 2831
+ interfaces:
+ port1:
+ # dut1_instance/p1 - 40GE port1 on Mellanox NIC.
+ mac_address: "{{ dut1_if1_mac | lower | replace('-',':') }}"
+ pci_address: "0002:00:02.0"
+ link: link1
+ model: Azure-MLX-40G
+ port2:
+ # dut2_instance/p1 - 40GE port2 on Mellanox NIC.
+ mac_address: "{{ dut1_if2_mac | lower | replace('-',':') }}"
+ pci_address: "0003:00:02.0"
+ link: link21
+ model: Azure-MLX-40G
+ DUT2:
+ type: DUT
+ host: "{{ dut2_public_ip }}"
+ arch: x86_64
+ port: 22
+ username: testuser
+ password: Csit1234
+ uio_driver: vfio-pci
+ honeycomb:
+ user: admin
+ passwd: admin
+ port: 8183
+ netconf_port: 2831
+ interfaces:
+ port1:
+ # dut1_instance/p1 - 40GE port1 on Mellanox NIC.
+ mac_address: "{{ dut2_if1_mac | lower | replace('-',':') }}"
+ pci_address: "0002:00:02.0"
+ link: link21
+ model: Azure-MLX-40G
+ port2:
+ # dut2_instance/p1 - 40GE port2 on Mellanox NIC.
+ mac_address: "{{ dut2_if2_mac | lower | replace('-',':') }}"
+ pci_address: "0003:00:02.0"
+ link: link2
+ model: Azure-MLX-40G
diff --git a/fdio.infra.ansible/roles/trex/defaults/main.yaml b/fdio.infra.ansible/roles/trex/defaults/main.yaml
new file mode 100644
index 0000000000..19bb15e9d3
--- /dev/null
+++ b/fdio.infra.ansible/roles/trex/defaults/main.yaml
@@ -0,0 +1,44 @@
+---
+# file: roles/trex/defaults/main.yaml
+
+packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - []
+
+packages_by_distro:
+ ubuntu:
+ bionic:
+ - "build-essential"
+ - "libmnl-dev"
+ - "libnuma-dev"
+ - "libpcap-dev"
+ - "librdmacm-dev"
+ - "librdmacm1"
+ - "libssl-dev"
+ - "pciutils"
+ - "python3-pip"
+ - "zlib1g-dev"
+ focal:
+ - "build-essential"
+ - "libmnl-dev"
+ - "libnuma-dev"
+ - "libpcap-dev"
+ - "librdmacm-dev"
+ - "librdmacm1"
+ - "libssl-dev"
+ - "pciutils"
+ - "python3-pip"
+ - "zlib1g-dev"
+
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
+
+trex_target_dir: "/opt"
+trex_url: "https://github.com/cisco-system-traffic-generator/trex-core/archive/"
+trex_version:
+ # master // ubuntu 20.04
+ - "2.88" \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/trex/files/t-rex.patch b/fdio.infra.ansible/roles/trex/files/t-rex.patch
new file mode 100644
index 0000000000..e7db647779
--- /dev/null
+++ b/fdio.infra.ansible/roles/trex/files/t-rex.patch
@@ -0,0 +1,548 @@
+diff --git a/linux_dpdk/ws_main.py b/linux_dpdk/ws_main.py
+index e8d0cd51..a0c01adb 100755
+--- a/linux_dpdk/ws_main.py
++++ b/linux_dpdk/ws_main.py
+@@ -209,7 +209,7 @@ def check_ofed(ctx):
+
+ ofed_ver= 42
+ ofed_ver_show= '4.2'
+-
++ return True
+ if not os.path.isfile(ofed_info):
+ ctx.end_msg('not found', 'YELLOW')
+ return False
+@@ -1552,8 +1552,6 @@ class build_option:
+ flags += ['-DNDEBUG'];
+ else:
+ flags += ['-UNDEBUG'];
+- if bld.env.OFED_OK:
+- flags += ['-DHAVE_IBV_MLX4_WQE_LSO_SEG=1']
+ return (flags)
+
+ def get_bnxt_flags(self):
+diff --git a/src/dpdk/drivers/net/mlx4/mlx4_autoconf.h b/src/dpdk/drivers/net/mlx4/mlx4_autoconf.h
+index b3d68683..35474409 100644
+--- a/src/dpdk/drivers/net/mlx4/mlx4_autoconf.h
++++ b/src/dpdk/drivers/net/mlx4/mlx4_autoconf.h
+@@ -1,3 +1,6 @@
+-#ifndef HAVE_IBV_MLX4_WQE_LSO_SEG
+-#define HAVE_IBV_MLX4_WQE_LSO_SEG
+-#endif
++/* HAVE_IBV_MLX4_BUF_ALLOCATORS is not defined. */
++
++/* HAVE_IBV_MLX4_UAR_MMAP_OFFSET is not defined. */
++
++/* HAVE_IBV_MLX4_WQE_LSO_SEG is not defined. */
++
+diff --git a/src/dpdk/drivers/net/mlx5/mlx5_autoconf.h b/src/dpdk/drivers/net/mlx5/mlx5_autoconf.h
+index 8770fdde..75db5ae8 100644
+--- a/src/dpdk/drivers/net/mlx5/mlx5_autoconf.h
++++ b/src/dpdk/drivers/net/mlx5/mlx5_autoconf.h
+@@ -1,54 +1,362 @@
+-#ifndef HAVE_IBV_DEVICE_COUNTERS_SET_SUPPORT
+-#define HAVE_IBV_DEVICE_COUNTERS_SET_SUPPORT
+-#endif
++/* HAVE_IBV_DEVICE_STRIDING_RQ_SUPPORT is not defined. */
+
+-#ifndef HAVE_IBV_FLOW_DV_SUPPORT
+-#define HAVE_IBV_FLOW_DV_SUPPORT
+-#endif
++#ifndef HAVE_IBV_DEVICE_TUNNEL_SUPPORT
++#define HAVE_IBV_DEVICE_TUNNEL_SUPPORT 1
++#endif /* HAVE_IBV_DEVICE_TUNNEL_SUPPORT */
+
+-#ifndef HAVE_IBV_DEVICE_COUNTERS_SET_V45
+-#define HAVE_IBV_DEVICE_COUNTERS_SET_V45
+-#endif
++/* HAVE_IBV_DEVICE_MPLS_SUPPORT is not defined. */
+
+-#ifndef HAVE_IBV_FLOW_DEVX_COUNTERS
+-#define HAVE_IBV_FLOW_DEVX_COUNTERS
+-#endif
++#ifndef HAVE_IBV_WQ_FLAGS_PCI_WRITE_END_PADDING
++#define HAVE_IBV_WQ_FLAGS_PCI_WRITE_END_PADDING 1
++#endif /* HAVE_IBV_WQ_FLAGS_PCI_WRITE_END_PADDING */
+
+-#ifndef HAVE_IBV_MLX4_WQE_LSO_SEG
+-#define HAVE_IBV_MLX4_WQE_LSO_SEG
+-#endif
++/* HAVE_IBV_WQ_FLAG_RX_END_PADDING is not defined. */
+
++#ifndef HAVE_IBV_MLX5_MOD_SWP
++#define HAVE_IBV_MLX5_MOD_SWP 1
++#endif /* HAVE_IBV_MLX5_MOD_SWP */
+
+-#ifdef SUPPORTED_40000baseKR4_Full
++#ifndef HAVE_IBV_MLX5_MOD_MPW
++#define HAVE_IBV_MLX5_MOD_MPW 1
++#endif /* HAVE_IBV_MLX5_MOD_MPW */
++
++#ifndef HAVE_IBV_MLX5_MOD_CQE_128B_COMP
++#define HAVE_IBV_MLX5_MOD_CQE_128B_COMP 1
++#endif /* HAVE_IBV_MLX5_MOD_CQE_128B_COMP */
++
++#ifndef HAVE_IBV_MLX5_MOD_CQE_128B_PAD
++#define HAVE_IBV_MLX5_MOD_CQE_128B_PAD 1
++#endif /* HAVE_IBV_MLX5_MOD_CQE_128B_PAD */
++
++/* HAVE_IBV_FLOW_DV_SUPPORT is not defined. */
++
++/* HAVE_MLX5DV_DR is not defined. */
++
++/* HAVE_MLX5DV_DR_ESWITCH is not defined. */
++
++/* HAVE_IBV_DEVX_OBJ is not defined. */
++
++/* HAVE_IBV_FLOW_DEVX_COUNTERS is not defined. */
++
++#ifndef HAVE_ETHTOOL_LINK_MODE_25G
++#define HAVE_ETHTOOL_LINK_MODE_25G 1
++#endif /* HAVE_ETHTOOL_LINK_MODE_25G */
++
++#ifndef HAVE_ETHTOOL_LINK_MODE_50G
++#define HAVE_ETHTOOL_LINK_MODE_50G 1
++#endif /* HAVE_ETHTOOL_LINK_MODE_50G */
++
++#ifndef HAVE_ETHTOOL_LINK_MODE_100G
++#define HAVE_ETHTOOL_LINK_MODE_100G 1
++#endif /* HAVE_ETHTOOL_LINK_MODE_100G */
++
++/* HAVE_IBV_DEVICE_COUNTERS_SET_V42 is not defined. */
++
++/* HAVE_IBV_DEVICE_COUNTERS_SET_V45 is not defined. */
++
++#ifndef HAVE_RDMA_NL_NLDEV
++#define HAVE_RDMA_NL_NLDEV 1
++#endif /* HAVE_RDMA_NL_NLDEV */
++
++#ifndef HAVE_RDMA_NLDEV_CMD_GET
++#define HAVE_RDMA_NLDEV_CMD_GET 1
++#endif /* HAVE_RDMA_NLDEV_CMD_GET */
++
++#ifndef HAVE_RDMA_NLDEV_CMD_PORT_GET
++#define HAVE_RDMA_NLDEV_CMD_PORT_GET 1
++#endif /* HAVE_RDMA_NLDEV_CMD_PORT_GET */
++
++#ifndef HAVE_RDMA_NLDEV_ATTR_DEV_INDEX
++#define HAVE_RDMA_NLDEV_ATTR_DEV_INDEX 1
++#endif /* HAVE_RDMA_NLDEV_ATTR_DEV_INDEX */
++
++#ifndef HAVE_RDMA_NLDEV_ATTR_DEV_NAME
++#define HAVE_RDMA_NLDEV_ATTR_DEV_NAME 1
++#endif /* HAVE_RDMA_NLDEV_ATTR_DEV_NAME */
++
++#ifndef HAVE_RDMA_NLDEV_ATTR_PORT_INDEX
++#define HAVE_RDMA_NLDEV_ATTR_PORT_INDEX 1
++#endif /* HAVE_RDMA_NLDEV_ATTR_PORT_INDEX */
++
++/* HAVE_RDMA_NLDEV_ATTR_NDEV_INDEX is not defined. */
++
++#ifndef HAVE_IFLA_NUM_VF
++#define HAVE_IFLA_NUM_VF 1
++#endif /* HAVE_IFLA_NUM_VF */
++
++#ifndef HAVE_IFLA_EXT_MASK
++#define HAVE_IFLA_EXT_MASK 1
++#endif /* HAVE_IFLA_EXT_MASK */
++
++#ifndef HAVE_IFLA_PHYS_SWITCH_ID
++#define HAVE_IFLA_PHYS_SWITCH_ID 1
++#endif /* HAVE_IFLA_PHYS_SWITCH_ID */
++
++#ifndef HAVE_IFLA_PHYS_PORT_NAME
++#define HAVE_IFLA_PHYS_PORT_NAME 1
++#endif /* HAVE_IFLA_PHYS_PORT_NAME */
++
++#ifndef HAVE_IFLA_VXLAN_COLLECT_METADATA
++#define HAVE_IFLA_VXLAN_COLLECT_METADATA 1
++#endif /* HAVE_IFLA_VXLAN_COLLECT_METADATA */
++
++#ifndef HAVE_TCA_CHAIN
++#define HAVE_TCA_CHAIN 1
++#endif /* HAVE_TCA_CHAIN */
++
++#ifndef HAVE_TCA_FLOWER_ACT
++#define HAVE_TCA_FLOWER_ACT 1
++#endif /* HAVE_TCA_FLOWER_ACT */
++
++#ifndef HAVE_TCA_FLOWER_FLAGS
++#define HAVE_TCA_FLOWER_FLAGS 1
++#endif /* HAVE_TCA_FLOWER_FLAGS */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ETH_TYPE
++#define HAVE_TCA_FLOWER_KEY_ETH_TYPE 1
++#endif /* HAVE_TCA_FLOWER_KEY_ETH_TYPE */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ETH_DST
++#define HAVE_TCA_FLOWER_KEY_ETH_DST 1
++#endif /* HAVE_TCA_FLOWER_KEY_ETH_DST */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ETH_DST_MASK
++#define HAVE_TCA_FLOWER_KEY_ETH_DST_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_ETH_DST_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ETH_SRC
++#define HAVE_TCA_FLOWER_KEY_ETH_SRC 1
++#endif /* HAVE_TCA_FLOWER_KEY_ETH_SRC */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ETH_SRC_MASK
++#define HAVE_TCA_FLOWER_KEY_ETH_SRC_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_ETH_SRC_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IP_PROTO
++#define HAVE_TCA_FLOWER_KEY_IP_PROTO 1
++#endif /* HAVE_TCA_FLOWER_KEY_IP_PROTO */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IPV4_SRC
++#define HAVE_TCA_FLOWER_KEY_IPV4_SRC 1
++#endif /* HAVE_TCA_FLOWER_KEY_IPV4_SRC */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IPV4_SRC_MASK
++#define HAVE_TCA_FLOWER_KEY_IPV4_SRC_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_IPV4_SRC_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IPV4_DST
++#define HAVE_TCA_FLOWER_KEY_IPV4_DST 1
++#endif /* HAVE_TCA_FLOWER_KEY_IPV4_DST */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IPV4_DST_MASK
++#define HAVE_TCA_FLOWER_KEY_IPV4_DST_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_IPV4_DST_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IPV6_SRC
++#define HAVE_TCA_FLOWER_KEY_IPV6_SRC 1
++#endif /* HAVE_TCA_FLOWER_KEY_IPV6_SRC */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IPV6_SRC_MASK
++#define HAVE_TCA_FLOWER_KEY_IPV6_SRC_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_IPV6_SRC_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IPV6_DST
++#define HAVE_TCA_FLOWER_KEY_IPV6_DST 1
++#endif /* HAVE_TCA_FLOWER_KEY_IPV6_DST */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IPV6_DST_MASK
++#define HAVE_TCA_FLOWER_KEY_IPV6_DST_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_IPV6_DST_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_TCP_SRC
++#define HAVE_TCA_FLOWER_KEY_TCP_SRC 1
++#endif /* HAVE_TCA_FLOWER_KEY_TCP_SRC */
++
++#ifndef HAVE_TCA_FLOWER_KEY_TCP_SRC_MASK
++#define HAVE_TCA_FLOWER_KEY_TCP_SRC_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_TCP_SRC_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_TCP_DST
++#define HAVE_TCA_FLOWER_KEY_TCP_DST 1
++#endif /* HAVE_TCA_FLOWER_KEY_TCP_DST */
++
++#ifndef HAVE_TCA_FLOWER_KEY_TCP_DST_MASK
++#define HAVE_TCA_FLOWER_KEY_TCP_DST_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_TCP_DST_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_UDP_SRC
++#define HAVE_TCA_FLOWER_KEY_UDP_SRC 1
++#endif /* HAVE_TCA_FLOWER_KEY_UDP_SRC */
++
++#ifndef HAVE_TCA_FLOWER_KEY_UDP_SRC_MASK
++#define HAVE_TCA_FLOWER_KEY_UDP_SRC_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_UDP_SRC_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_UDP_DST
++#define HAVE_TCA_FLOWER_KEY_UDP_DST 1
++#endif /* HAVE_TCA_FLOWER_KEY_UDP_DST */
++
++#ifndef HAVE_TCA_FLOWER_KEY_UDP_DST_MASK
++#define HAVE_TCA_FLOWER_KEY_UDP_DST_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_UDP_DST_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_VLAN_ID
++#define HAVE_TCA_FLOWER_KEY_VLAN_ID 1
++#endif /* HAVE_TCA_FLOWER_KEY_VLAN_ID */
++
++#ifndef HAVE_TCA_FLOWER_KEY_VLAN_PRIO
++#define HAVE_TCA_FLOWER_KEY_VLAN_PRIO 1
++#endif /* HAVE_TCA_FLOWER_KEY_VLAN_PRIO */
++
++#ifndef HAVE_TCA_FLOWER_KEY_VLAN_ETH_TYPE
++#define HAVE_TCA_FLOWER_KEY_VLAN_ETH_TYPE 1
++#endif /* HAVE_TCA_FLOWER_KEY_VLAN_ETH_TYPE */
++
++#ifndef HAVE_TCA_FLOWER_KEY_TCP_FLAGS
++#define HAVE_TCA_FLOWER_KEY_TCP_FLAGS 1
++#endif /* HAVE_TCA_FLOWER_KEY_TCP_FLAGS */
++
++#ifndef HAVE_TCA_FLOWER_KEY_TCP_FLAGS_MASK
++#define HAVE_TCA_FLOWER_KEY_TCP_FLAGS_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_TCP_FLAGS_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IP_TOS
++#define HAVE_TCA_FLOWER_KEY_IP_TOS 1
++#endif /* HAVE_TCA_FLOWER_KEY_IP_TOS */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IP_TOS_MASK
++#define HAVE_TCA_FLOWER_KEY_IP_TOS_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_IP_TOS_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IP_TTL
++#define HAVE_TCA_FLOWER_KEY_IP_TTL 1
++#endif /* HAVE_TCA_FLOWER_KEY_IP_TTL */
++
++#ifndef HAVE_TCA_FLOWER_KEY_IP_TTL_MASK
++#define HAVE_TCA_FLOWER_KEY_IP_TTL_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_IP_TTL_MASK */
++
++#ifndef HAVE_TC_ACT_GOTO_CHAIN
++#define HAVE_TC_ACT_GOTO_CHAIN 1
++#endif /* HAVE_TC_ACT_GOTO_CHAIN */
++
++#ifndef HAVE_TC_ACT_VLAN
++#define HAVE_TC_ACT_VLAN 1
++#endif /* HAVE_TC_ACT_VLAN */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_KEY_ID
++#define HAVE_TCA_FLOWER_KEY_ENC_KEY_ID 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_KEY_ID */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC
++#define HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK
++#define HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV4_SRC_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST
++#define HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST_MASK
++#define HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV4_DST_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC
++#define HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK
++#define HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV6_SRC_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST
++#define HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST_MASK
++#define HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_IPV6_DST_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT
++#define HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK
++#define HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_UDP_SRC_PORT_MASK */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT
++#define HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT */
++
++#ifndef HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK
++#define HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK 1
++#endif /* HAVE_TCA_FLOWER_KEY_ENC_UDP_DST_PORT_MASK */
++
++/* HAVE_TCA_FLOWER_KEY_ENC_IP_TOS is not defined. */
++
++/* HAVE_TCA_FLOWER_KEY_ENC_IP_TOS_MASK is not defined. */
++
++/* HAVE_TCA_FLOWER_KEY_ENC_IP_TTL is not defined. */
++
++/* HAVE_TCA_FLOWER_KEY_ENC_IP_TTL_MASK is not defined. */
++
++#ifndef HAVE_TC_ACT_TUNNEL_KEY
++#define HAVE_TC_ACT_TUNNEL_KEY 1
++#endif /* HAVE_TC_ACT_TUNNEL_KEY */
++
++#ifndef HAVE_TCA_TUNNEL_KEY_ENC_DST_PORT
++#define HAVE_TCA_TUNNEL_KEY_ENC_DST_PORT 1
++#endif /* HAVE_TCA_TUNNEL_KEY_ENC_DST_PORT */
++
++/* HAVE_TCA_TUNNEL_KEY_ENC_TOS is not defined. */
++
++/* HAVE_TCA_TUNNEL_KEY_ENC_TTL is not defined. */
++
++#ifndef HAVE_TCA_TUNNEL_KEY_NO_CSUM
++#define HAVE_TCA_TUNNEL_KEY_NO_CSUM 1
++#endif /* HAVE_TCA_TUNNEL_KEY_NO_CSUM */
++
++#ifndef HAVE_TC_ACT_PEDIT
++#define HAVE_TC_ACT_PEDIT 1
++#endif /* HAVE_TC_ACT_PEDIT */
++
++#ifndef HAVE_SUPPORTED_40000baseKR4_Full
+ #define HAVE_SUPPORTED_40000baseKR4_Full 1
+-#endif
++#endif /* HAVE_SUPPORTED_40000baseKR4_Full */
+
+-#ifdef SUPPORTED_40000baseCR4_Full
++#ifndef HAVE_SUPPORTED_40000baseCR4_Full
+ #define HAVE_SUPPORTED_40000baseCR4_Full 1
+-#endif
++#endif /* HAVE_SUPPORTED_40000baseCR4_Full */
+
+-#ifdef SUPPORTED_40000baseSR4_Full
++#ifndef HAVE_SUPPORTED_40000baseSR4_Full
+ #define HAVE_SUPPORTED_40000baseSR4_Full 1
+-#endif
++#endif /* HAVE_SUPPORTED_40000baseSR4_Full */
+
+-#ifdef SUPPORTED_40000baseLR4_Full
++#ifndef HAVE_SUPPORTED_40000baseLR4_Full
+ #define HAVE_SUPPORTED_40000baseLR4_Full 1
+-#endif
++#endif /* HAVE_SUPPORTED_40000baseLR4_Full */
+
+-#ifdef SUPPORTED_56000baseKR4_Full
++#ifndef HAVE_SUPPORTED_56000baseKR4_Full
+ #define HAVE_SUPPORTED_56000baseKR4_Full 1
+-#endif
++#endif /* HAVE_SUPPORTED_56000baseKR4_Full */
+
+-#ifdef SUPPORTED_56000baseCR4_Full
++#ifndef HAVE_SUPPORTED_56000baseCR4_Full
+ #define HAVE_SUPPORTED_56000baseCR4_Full 1
+-#endif
++#endif /* HAVE_SUPPORTED_56000baseCR4_Full */
+
+-#ifdef SUPPORTED_56000baseSR4_Full
++#ifndef HAVE_SUPPORTED_56000baseSR4_Full
+ #define HAVE_SUPPORTED_56000baseSR4_Full 1
+-#endif
++#endif /* HAVE_SUPPORTED_56000baseSR4_Full */
+
+-#ifdef SUPPORTED_56000baseLR4_Full
++#ifndef HAVE_SUPPORTED_56000baseLR4_Full
+ #define HAVE_SUPPORTED_56000baseLR4_Full 1
+-#endif
++#endif /* HAVE_SUPPORTED_56000baseLR4_Full */
+
++#ifndef HAVE_STATIC_ASSERT
++#define HAVE_STATIC_ASSERT 1
++#endif /* HAVE_STATIC_ASSERT */
+
+diff --git a/src/dpdk/drivers/net/tap/rte_eth_tap.c b/src/dpdk/drivers/net/tap/rte_eth_tap.c
+index bc889c19..47a2b68f 100644
+--- a/src/dpdk/drivers/net/tap/rte_eth_tap.c
++++ b/src/dpdk/drivers/net/tap/rte_eth_tap.c
+@@ -34,8 +34,8 @@
+ #include <unistd.h>
+ #include <arpa/inet.h>
+ #include <net/if.h>
+-#include <linux_tap/if_tun.h>
+-#include <linux_tap/if_ether.h>
++#include <linux/if_tun.h>
++#include <linux/if_ether.h>
+ #include <fcntl.h>
+ #include <ctype.h>
+
+diff --git a/src/dpdk/drivers/net/tap/rte_eth_tap.h b/src/dpdk/drivers/net/tap/rte_eth_tap.h
+index 66cd3441..dc3579ac 100644
+--- a/src/dpdk/drivers/net/tap/rte_eth_tap.h
++++ b/src/dpdk/drivers/net/tap/rte_eth_tap.h
+@@ -11,7 +11,7 @@
+ #include <inttypes.h>
+ #include <net/if.h>
+
+-#include <linux_tap/if_tun.h>
++#include <linux/if_tun.h>
+
+ #include <rte_ethdev_driver.h>
+ #include <rte_ether.h>
+diff --git a/src/dpdk/drivers/net/tap/tap_autoconf.h b/src/dpdk/drivers/net/tap/tap_autoconf.h
+index dddd4ae6..d5880608 100644
+--- a/src/dpdk/drivers/net/tap/tap_autoconf.h
++++ b/src/dpdk/drivers/net/tap/tap_autoconf.h
+@@ -1,14 +1,24 @@
+ #ifndef HAVE_TC_FLOWER
+ #define HAVE_TC_FLOWER 1
+-#endif
++#endif /* HAVE_TC_FLOWER */
+
++#ifndef HAVE_TC_VLAN_ID
++#define HAVE_TC_VLAN_ID 1
++#endif /* HAVE_TC_VLAN_ID */
+
+ #ifndef HAVE_TC_BPF
+ #define HAVE_TC_BPF 1
+-#endif
++#endif /* HAVE_TC_BPF */
+
+-#ifndef HAVE_TC_VLAN_ID
+-#define HAVE_TC_VLAN_ID 1
+-#endif
++#ifndef HAVE_TC_BPF_FD
++#define HAVE_TC_BPF_FD 1
++#endif /* HAVE_TC_BPF_FD */
++
++#ifndef HAVE_TC_ACT_BPF
++#define HAVE_TC_ACT_BPF 1
++#endif /* HAVE_TC_ACT_BPF */
+
++#ifndef HAVE_TC_ACT_BPF_FD
++#define HAVE_TC_ACT_BPF_FD 1
++#endif /* HAVE_TC_ACT_BPF_FD */
+
+diff --git a/src/dpdk/drivers/net/tap/tap_netlink.h b/src/dpdk/drivers/net/tap/tap_netlink.h
+index 900ce375..faa73ba1 100644
+--- a/src/dpdk/drivers/net/tap/tap_netlink.h
++++ b/src/dpdk/drivers/net/tap/tap_netlink.h
+@@ -8,8 +8,8 @@
+
+ #include <ctype.h>
+ #include <inttypes.h>
+-#include <linux_tap/rtnetlink.h>
+-#include <linux_tap/netlink.h>
++#include <linux/rtnetlink.h>
++#include <linux/netlink.h>
+ #include <stdio.h>
+
+ #include <rte_log.h>
+diff --git a/src/dpdk/drivers/net/tap/tap_tcmsgs.h b/src/dpdk/drivers/net/tap/tap_tcmsgs.h
+index 782de540..8cedea84 100644
+--- a/src/dpdk/drivers/net/tap/tap_tcmsgs.h
++++ b/src/dpdk/drivers/net/tap/tap_tcmsgs.h
+@@ -7,13 +7,13 @@
+ #define _TAP_TCMSGS_H_
+
+ #include <tap_autoconf.h>
+-#include <linux_tap/if_ether.h>
+-#include <linux_tap/rtnetlink.h>
+-#include <linux_tap/pkt_sched.h>
+-#include <linux_tap/pkt_cls.h>
+-#include <linux_tap/tc_act/tc_mirred.h>
+-#include <linux_tap/tc_act/tc_gact.h>
+-#include <linux_tap/tc_act/tc_skbedit.h>
++#include <linux/if_ether.h>
++#include <linux/rtnetlink.h>
++#include <linux/pkt_sched.h>
++#include <linux/pkt_cls.h>
++#include <linux/tc_act/tc_mirred.h>
++#include <linux/tc_act/tc_gact.h>
++#include <linux/tc_act/tc_skbedit.h>
+ #ifdef HAVE_TC_ACT_BPF
+ #include <linux/tc_act/tc_bpf.h>
+ #endif
+diff --git a/src/main_dpdk.cpp b/src/main_dpdk.cpp
+index 0f66b07a..8c37ea15 100644
+--- a/src/main_dpdk.cpp
++++ b/src/main_dpdk.cpp
+@@ -6969,6 +6969,7 @@ COLD_FUNC bool DpdkTRexPortAttr::update_link_status_nowait(){
+ bool changed = false;
+ rte_eth_link_get_nowait(m_repid, &new_link);
+
++ new_link.link_speed = ETH_SPEED_NUM_50G;
+ if (new_link.link_speed != m_link.link_speed ||
+ new_link.link_duplex != m_link.link_duplex ||
+ new_link.link_autoneg != m_link.link_autoneg ||
diff --git a/fdio.infra.ansible/roles/trex/tasks/deploy_block.yaml b/fdio.infra.ansible/roles/trex/tasks/deploy_block.yaml
new file mode 100644
index 0000000000..5a7890b071
--- /dev/null
+++ b/fdio.infra.ansible/roles/trex/tasks/deploy_block.yaml
@@ -0,0 +1,55 @@
+---
+# file: roles/trex/tasks/deploy_block.yaml
+
+- name: Get Release {{ item }}
+ get_url:
+ url: "{{ trex_url }}/v{{ item }}.tar.gz"
+ dest: "{{ trex_target_dir }}/trex-core-{{ item }}.tar.gz"
+ validate_certs: False
+ mode: 0644
+ register: trex_downloaded
+
+- name: Create Directory {{ item }}
+ file:
+ path: "{{ trex_target_dir }}/trex-core-{{ item }}"
+ state: "directory"
+
+- name: Extract Release {{ item }}
+ unarchive:
+ remote_src: true
+ src: "{{ trex_target_dir }}/trex-core-{{ item }}.tar.gz"
+ dest: "{{ trex_target_dir }}/"
+ creates: "{{ trex_target_dir }}/trex-core-{{ item }}/linux_dpdk/"
+ register: trex_extracted
+
+- name: Patch Azure
+ patch:
+ src: "files/t-rex.patch"
+ basedir: "{{ trex_target_dir }}/trex-core-{{ item }}"
+ strip: 1
+ when:
+ - azure is defined and item == "2.73"
+
+- name: Compile Release {{ item }} Part I
+ command: "./b configure"
+ args:
+ chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/linux_dpdk/"
+ when: trex_extracted.changed
+
+- name: Compile Release {{ item }} Part II
+ command: "./b build"
+ args:
+ chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/linux_dpdk/"
+ when: trex_extracted.changed
+
+- name: Compile Release {{ item }} Part III
+ command: "make -j 16"
+ args:
+ chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/scripts/ko/src"
+ when: trex_extracted.changed
+
+- name: Compile Release {{ item }} Part IV
+ command: "make install"
+ args:
+ chdir: "{{ trex_target_dir }}/trex-core-{{ item }}/scripts/ko/src"
+ when: trex_extracted.changed \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/trex/tasks/main.yaml b/fdio.infra.ansible/roles/trex/tasks/main.yaml
new file mode 100644
index 0000000000..d43baf909b
--- /dev/null
+++ b/fdio.infra.ansible/roles/trex/tasks/main.yaml
@@ -0,0 +1,24 @@
+---
+# file: roles/trex/tasks/main.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - trex-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - trex-inst-prerequisites
+
+- name: Inst - Multiple T-Rex Versions
+ include_tasks: deploy_block.yaml
+ loop: "{{ trex_version }}"
+ tags:
+ - trex-inst \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/user_add/defaults/main.yaml b/fdio.infra.ansible/roles/user_add/defaults/main.yaml
new file mode 100644
index 0000000000..56f5098f12
--- /dev/null
+++ b/fdio.infra.ansible/roles/user_add/defaults/main.yaml
@@ -0,0 +1,11 @@
+---
+# file: roles/user_add/defaults/main.yaml
+
+# Default shell for a user if none is specified.
+users_shell: /bin/bash
+
+# Default create home dirs for new users.
+users_create_homedirs: true
+
+# Default list of users to create.
+users: []
diff --git a/fdio.infra.ansible/roles/user_add/handlers/main.yaml b/fdio.infra.ansible/roles/user_add/handlers/main.yaml
new file mode 100644
index 0000000000..960f573b48
--- /dev/null
+++ b/fdio.infra.ansible/roles/user_add/handlers/main.yaml
@@ -0,0 +1,7 @@
+---
+# file: roles/user_add/handlers/main.yaml
+
+- name: Restart SSHd
+ service:
+ name: sshd
+ state: restarted
diff --git a/fdio.infra.ansible/roles/user_add/tasks/main.yaml b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
new file mode 100644
index 0000000000..f980aff84d
--- /dev/null
+++ b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
@@ -0,0 +1,48 @@
+---
+# file: roles/user_add/tasks/main.yaml
+
+- name: Conf - Add User
+ user:
+ append: "{{ item.append | default(omit) }}"
+ createhome: "{{ 'yes' if users_create_homedirs else 'no' }}"
+ generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}"
+ groups: "{{ item.groups | join(',') if 'groups' in item else '' }}"
+ name: "{{ item.username }}"
+ password: "{{ item.password if item.password is defined else '!' }}"
+ shell: "{{ item.shell if item.shell is defined else users_shell }}"
+ state: present
+ with_items: "{{ users }}"
+ tags:
+ - user-add-conf
+
+- name: Conf - SSH keys
+ authorized_key:
+ user: "{{ item.0.username }}"
+ key: "{{ item.1 }}"
+ with_subelements:
+ - "{{ users }}"
+ - ssh_key
+ - skip_missing: yes
+ tags:
+ - user-add-conf
+
+- name: Conf - Allow Password Login
+ lineinfile:
+ dest: "/etc/ssh/sshd_config"
+ regexp: "^PasswordAuthentication no"
+ line: "PasswordAuthentication yes"
+ notify:
+ - "Restart SSHd"
+ tags:
+ - user-add-conf
+
+- name: Conf - Add Visudo Entry
+ lineinfile:
+ dest: "/etc/sudoers"
+ state: present
+ line: "{{ item.username }} ALL=(ALL) NOPASSWD: ALL"
+ validate: "visudo -cf %s"
+ with_items: "{{ users }}"
+ tags:
+ - user-add-conf
+
diff --git a/fdio.infra.ansible/roles/vpp/defaults/main.yaml b/fdio.infra.ansible/roles/vpp/defaults/main.yaml
new file mode 100644
index 0000000000..7fac499307
--- /dev/null
+++ b/fdio.infra.ansible/roles/vpp/defaults/main.yaml
@@ -0,0 +1,36 @@
+---
+# file: roles/vpp/defaults/main.yaml
+
+packages: "{{ packages_base + packages_by_distro[ansible_distribution|lower][ansible_distribution_release] + packages_by_arch[ansible_machine] }}"
+
+packages_base:
+ - "gdb"
+ - "libtool"
+ - "lxc"
+ - "pkg-config"
+ - "screen"
+
+packages_by_distro:
+ ubuntu:
+ bionic:
+ - "build-essential"
+ - "libglib2.0-dev"
+ - "libmbedcrypto1"
+ - "libmbedtls10"
+ - "libmbedx509-0"
+ - "libnuma-dev"
+ - "libpixman-1-dev"
+ focal:
+ - "build-essential"
+ - "libglib2.0-dev"
+ - "libmbedcrypto3"
+ - "libmbedtls12"
+ - "libmbedx509-0"
+ - "libnuma-dev"
+ - "libpixman-1-dev"
+
+packages_by_arch:
+ aarch64:
+ - []
+ x86_64:
+ - []
diff --git a/fdio.infra.ansible/roles/vpp/tasks/main.yaml b/fdio.infra.ansible/roles/vpp/tasks/main.yaml
new file mode 100644
index 0000000000..ef03011b51
--- /dev/null
+++ b/fdio.infra.ansible/roles/vpp/tasks/main.yaml
@@ -0,0 +1,27 @@
+---
+# file: roles/vpp/tasks/main.yaml
+
+- name: Inst - Update Package Cache (APT)
+ apt:
+ update_cache: yes
+ cache_valid_time: 3600
+ when:
+ - ansible_distribution|lower == 'ubuntu'
+ tags:
+ - vpp-inst-prerequisites
+
+- name: Inst - Prerequisites
+ package:
+ name: "{{ packages | flatten(levels=1) }}"
+ state: latest
+ tags:
+ - vpp-inst-prerequisites
+
+- name: Conf - sysctl
+ file:
+ src: "/dev/null"
+ dest: "/etc/sysctl.d/80-vpp.conf"
+ state: "link"
+ become: yes
+ tags:
+ - vpp-conf-sysctl
diff --git a/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-default.sh b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-default.sh
new file mode 100644
index 0000000000..d0fc772037
--- /dev/null
+++ b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-default.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Add Intel Corporation Ethernet Controller 10G X550T to blacklist.
+PCI_BLACKLIST=($(lspci -Dmmd ':1563:0200' | cut -f1 -d' '))
+
+# Add Intel Corporation Ethernet Controller X710 for 10GbE SFP+ to whitelist.
+PCI_WHITELIST=($(lspci -Dmmd ':1572:0200' | cut -f1 -d' '))
+
+# See http://pci-ids.ucw.cz/v2.2/pci.ids for more info.
diff --git a/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-tx2.sh b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-tx2.sh
new file mode 100644
index 0000000000..6c56752ad0
--- /dev/null
+++ b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs-tx2.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021 PANTHEON.tech and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Add QLogic Corp. FastLinQ QL41000 Series 10/25/40/50GbE Controller to
+# blacklist.
+PCI_BLACKLIST=($(lspci -Dmmd ':8070:0200' | cut -f1 -d' '))
+# Add I350 Gigabit Network Connection 1521 to blacklist.
+PCI_BLACKLIST+=($(lspci -Dmmd ':1521:0200' | cut -f1 -d' '))
+# Add MT27800 Family [ConnectX-5] 1017 to blacklist.
+PCI_BLACKLIST+=($(lspci -Dmmd ':1017:0200' | cut -f1 -d' '))
+
+# Add Intel Corporation Ethernet Controller XL710 for 40GbE QSFP+ to whitelist.
+PCI_WHITELIST=($(lspci -Dmmd ':1583:0200' | cut -f1 -d' '))
+
+# See http://pci-ids.ucw.cz/v2.2/pci.ids for more info.
+
+declare -A PF_INDICES
+# Intel NICs
+PF_INDICES["0000:05:00.0"]=0
+PF_INDICES["0000:05:00.1"]=1
+PF_INDICES["0000:91:00.0"]=0
+PF_INDICES["0000:91:00.1"]=1
diff --git a/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.service b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.service
new file mode 100644
index 0000000000..996792ab9b
--- /dev/null
+++ b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.service
@@ -0,0 +1,12 @@
+[Unit]
+Description=CSIT Initialize SR-IOV VFs
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=True
+ExecStart=/usr/local/bin/csit-initialize-vfs.sh start
+ExecStop=/usr/local/bin/csit-initialize-vfs.sh stop
+
+[Install]
+WantedBy=default.target
diff --git a/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.sh b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.sh
new file mode 100644
index 0000000000..393e997d65
--- /dev/null
+++ b/fdio.infra.ansible/roles/vpp_device/files/csit-initialize-vfs.sh
@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021 Cisco and/or its affiliates.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# CSIT SRIOV VF initialization and isolation.
+
+set -euo pipefail
+
+SCRIPT_DIR="$(dirname $(readlink -e "${BASH_SOURCE[0]}"))"
+source "${SCRIPT_DIR}/csit-initialize-vfs-data.sh"
+
+# Initilize whitelisted NICs with maximum number of VFs.
+pci_idx=0
+for pci_addr in ${PCI_WHITELIST[@]}; do
+ if ! [[ ${PCI_BLACKLIST[*]} =~ "${pci_addr}" ]]; then
+ pci_path="/sys/bus/pci/devices/${pci_addr}"
+ # SR-IOV initialization
+ case "${1:-start}" in
+ "start" )
+ sriov_totalvfs=$(< "${pci_path}"/sriov_totalvfs)
+ ;;
+ "stop" )
+ sriov_totalvfs=0
+ ;;
+ esac
+ echo ${sriov_totalvfs} > "${pci_path}"/sriov_numvfs
+ # SR-IOV 802.1Q isolation
+ case "${1:-start}" in
+ "start" )
+ pf=$(basename "${pci_path}"/net/*)
+ for vf in $(seq "${sriov_totalvfs}"); do
+ # PCI address index in array (pairing siblings).
+ if [[ -n ${PF_INDICES[@]} ]]
+ then
+ vlan_pf_idx=${PF_INDICES[$pci_addr]}
+ else
+ vlan_pf_idx=$(( pci_idx % (${#PCI_WHITELIST[@]} / 2) ))
+ fi
+ # 802.1Q base offset.
+ vlan_bs_off=1100
+ # 802.1Q PF PCI address offset.
+ vlan_pf_off=$(( vlan_pf_idx * 100 + vlan_bs_off ))
+ # 802.1Q VF PCI address offset.
+ vlan_vf_off=$(( vlan_pf_off + vf - 1 ))
+ # VLAN string.
+ vlan_str="vlan ${vlan_vf_off}"
+ # MAC string.
+ mac5="$(printf '%x' ${pci_idx})"
+ mac6="$(printf '%x' $(( vf - 1 )))"
+ mac_str="mac ba:dc:0f:fe:${mac5}:${mac6}"
+ # Set 802.1Q VLAN id and MAC address
+ ip link set ${pf} vf $(( vf - 1 )) ${mac_str} ${vlan_str}
+ ip link set ${pf} vf $(( vf - 1 )) trust on
+ ip link set ${pf} vf $(( vf - 1 )) spoof off
+ done
+ pci_idx=$(( pci_idx + 1 ))
+ ;;
+ esac
+ rmmod i40evf
+ modprobe i40evf
+ fi
+done
diff --git a/fdio.infra.ansible/roles/vpp_device/handlers/main.yaml b/fdio.infra.ansible/roles/vpp_device/handlers/main.yaml
new file mode 100644
index 0000000000..ee9d368638
--- /dev/null
+++ b/fdio.infra.ansible/roles/vpp_device/handlers/main.yaml
@@ -0,0 +1,21 @@
+---
+# file: roles/vpp_device/handlers/main.yaml
+
+- name: Start csit-initialize-vfs.service
+ systemd:
+ enabled: yes
+ state: started
+ name: csit-initialize-vfs.service
+ tags:
+ - start-vf-service
+
+- name: Update GRUB
+ command: update-grub
+ tags:
+ - update-grub
+
+- name: Reboot server
+ reboot:
+ reboot_timeout: 3600
+ tags:
+ - reboot-server
diff --git a/fdio.infra.ansible/roles/vpp_device/tasks/main.yaml b/fdio.infra.ansible/roles/vpp_device/tasks/main.yaml
new file mode 100644
index 0000000000..33b551715f
--- /dev/null
+++ b/fdio.infra.ansible/roles/vpp_device/tasks/main.yaml
@@ -0,0 +1,92 @@
+---
+# file: roles/vpp_device/tasks/main.yaml
+
+- name: VPP_device - Load Kernel Modules By Default
+ lineinfile:
+ path: "/etc/modules"
+ state: "present"
+ line: "{{ item }}"
+ with_items:
+ - "vfio-pci"
+ tags:
+ - load-kernel-modules
+
+- name: VPP_device - Disable ipv6 router advertisement
+ sysctl:
+ name: "net.ipv6.conf.default.accept_ra"
+ value: "0"
+ state: "present"
+ sysctl_file: "/etc/sysctl.d/90-csit.conf"
+ reload: "yes"
+ tags:
+ - set-sysctl
+
+- name: VPP_device - Disable ipv6 router advertisement
+ sysctl:
+ name: "net.ipv6.conf.all.accept_ra"
+ value: "0"
+ state: "present"
+ sysctl_file: "/etc/sysctl.d/90-csit.conf"
+ reload: "yes"
+ tags:
+ - set-sysctl
+
+- name: VPP_device - Copy csit-initialize-vfs.sh
+ copy:
+ src: "files/csit-initialize-vfs.sh"
+ dest: "/usr/local/bin/"
+ owner: "root"
+ group: "root"
+ mode: "744"
+ tags:
+ - copy-vf-script
+
+- name: VPP_device - Copy csit-initialize-vfs-data.sh
+ copy:
+ src: "files/{{ vfs_data_file }}"
+ dest: "/usr/local/bin/csit-initialize-vfs-data.sh"
+ owner: "root"
+ group: "root"
+ mode: "744"
+ tags: copy-vf-data-script
+ when:
+ - vfs_data_file is defined
+
+- name: VPP_device - Copy default csit-initialize-vfs-data.sh
+ copy:
+ src: "files/csit-initialize-vfs-default.sh"
+ dest: "/usr/local/bin/csit-initialize-vfs-data.sh"
+ owner: "root"
+ group: "root"
+ mode: "744"
+ tags: copy-vf-data-script
+ when:
+ - vfs_data_file is not defined
+
+- name: VPP_device - Start csit-initialize-vfs.service
+ copy:
+ src: "files/csit-initialize-vfs.service"
+ dest: "/etc/systemd/system/"
+ owner: "root"
+ group: "root"
+ mode: "644"
+ notify:
+ - "Start csit-initialize-vfs.service"
+ tags:
+ - start-vf-service
+
+- meta: flush_handlers
+
+- name: VPP_device - Set hugepages in GRUB
+ lineinfile:
+ path: "/etc/default/grub"
+ state: "present"
+ regexp: "^GRUB_CMDLINE_LINUX="
+ line: "GRUB_CMDLINE_LINUX=\"{% for key, value in grub.items() %}{% if value %}{{key}}={{value}} {% else %}{{key}} {% endif %}{% endfor %}\""
+ notify:
+ - "Update GRUB"
+ - "Reboot server"
+ tags:
+ - set-grub
+
+- meta: flush_handlers