aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible
diff options
context:
space:
mode:
Diffstat (limited to 'fdio.infra.ansible')
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml31
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.31.yaml26
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml32
-rw-r--r--fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml32
-rw-r--r--fdio.infra.ansible/roles/docker/defaults/main.yaml16
-rw-r--r--fdio.infra.ansible/roles/docker/handlers/main.yaml2
-rw-r--r--fdio.infra.ansible/roles/docker/meta/main.yaml1
-rw-r--r--fdio.infra.ansible/roles/docker/tasks/main.yaml42
-rw-r--r--fdio.infra.ansible/roles/docker/templates/docker.service.proxy.http4
-rw-r--r--fdio.infra.ansible/roles/docker/templates/docker.service.proxy.https4
10 files changed, 42 insertions, 148 deletions
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml
index da85d7661f..25cf33891d 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.30.yaml
@@ -1,17 +1,8 @@
---
# file: host_vars/10.30.51.30.yaml
-hostname: "s30-t15-sut1"
-grub:
- hugepagesz: "2M"
- hugepages: 32768
- iommu: "on"
- vfio.enable_unsafe_noiommu_mode: 1
+hostname: "s30-nomad"
inventory_ipmi_hostname: "10.30.50.30"
-vfs_data_file: "csit-initialize-vfs-spr.sh"
-cpu_microarchitecture: "sapphirerapids"
-
-intel_800_matrix: "dpdk22.03"
# User management.
users:
@@ -21,7 +12,6 @@ users:
ssh_key:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx"
- - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM"
@@ -37,15 +27,18 @@ nomad_certificates:
- src: "{{ file_nomad_client_key_pem }}"
dest: "{{ nomad_tls_key_file }}"
nomad_datacenter: "yul1"
+nomad_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}"
nomad_node_role: "client"
-nomad_node_class: "csit"
+nomad_node_class: "builder"
nomad_options:
driver.raw_exec.enable: 1
docker.cleanup.image: false
docker.privileged.enabled: true
docker.volumes.enabled: true
driver.whitelist: "docker,raw_exec,exec"
+ fingerprint.network.disallow_link_local: true
+ artifact.disable_filesystem_isolation: true
nomad_service_mgr: "systemd"
nomad_consul_use_ssl: false
nomad_use_tls: false
@@ -53,11 +46,11 @@ nomad_tls_http: false
nomad_tls_rpc: false
nomad_use_vault: false
nomad_retry_servers:
- - "10.30.51.23"
+ - "10.30.51.26"
- "10.30.51.24"
- "10.30.51.25"
nomad_servers:
- - "10.30.51.23:4647"
+ - "10.30.51.26:4647"
- "10.30.51.24:4647"
- "10.30.51.25:4647"
@@ -81,7 +74,7 @@ consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
consul_retry_join: true
consul_retry_servers:
- - "10.30.51.23"
+ - "10.30.51.26"
- "10.30.51.24"
- "10.30.51.25"
consul_service_mgr: "systemd"
@@ -91,8 +84,6 @@ vault_version: "1.17.2"
# Docker settings.
docker_daemon:
- default-shm-size: "1073741824"
- # dns: ["172.17.0.1"]
- #dns-opts: []
- #dns-search: ["{{ ansible_hostname }}"]
- host: ["172.17.0.1:/var/run/docker.sock"]
+ dns: ["172.17.0.1"]
+ dns-opts: []
+ dns-search: ["{{ansible_hostname}}"] \ No newline at end of file
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.31.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.31.yaml
index 4e9f1da943..62dee437fe 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.31.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.31.yaml
@@ -1,17 +1,8 @@
---
# file: host_vars/10.30.51.31.yaml
-hostname: "s31-t16-sut1"
-grub:
- hugepagesz: "2M"
- hugepages: 32768
- iommu: "on"
- vfio.enable_unsafe_noiommu_mode: 1
+hostname: "s31-nomad"
inventory_ipmi_hostname: "10.30.50.31"
-vfs_data_file: "csit-initialize-vfs-spr.sh"
-cpu_microarchitecture: "sapphirerapids"
-
-intel_800_matrix: "dpdk22.03"
# User management.
users:
@@ -21,7 +12,6 @@ users:
ssh_key:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx"
- - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM"
@@ -39,13 +29,15 @@ nomad_certificates:
nomad_datacenter: "yul1"
nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}"
nomad_node_role: "client"
-nomad_node_class: "csit"
+nomad_node_class: "builder"
nomad_options:
driver.raw_exec.enable: 1
docker.cleanup.image: false
docker.privileged.enabled: true
docker.volumes.enabled: true
driver.whitelist: "docker,raw_exec,exec"
+ fingerprint.network.disallow_link_local: true
+ artifact.disable_filesystem_isolation: true
nomad_service_mgr: "systemd"
nomad_consul_use_ssl: false
nomad_use_tls: false
@@ -53,11 +45,11 @@ nomad_tls_http: false
nomad_tls_rpc: false
nomad_use_vault: false
nomad_retry_servers:
- - "10.30.51.23"
+ - "10.30.51.26"
- "10.30.51.24"
- "10.30.51.25"
nomad_servers:
- - "10.30.51.23:4647"
+ - "10.30.51.26:4647"
- "10.30.51.24:4647"
- "10.30.51.25:4647"
@@ -81,7 +73,7 @@ consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
consul_retry_join: true
consul_retry_servers:
- - "10.30.51.23"
+ - "10.30.51.26"
- "10.30.51.24"
- "10.30.51.25"
consul_service_mgr: "systemd"
@@ -91,8 +83,6 @@ vault_version: "1.17.2"
# Docker settings.
docker_daemon:
- default-shm-size: "1073741824"
dns: ["172.17.0.1"]
dns-opts: []
- dns-search: ["{{ ansible_hostname }}"]
- host: ["172.17.0.1:/var/run/docker.sock"]
+ dns-search: ["{{ansible_hostname}}"] \ No newline at end of file
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml
index 71c6522bdd..be03c8f637 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.70.yaml
@@ -1,17 +1,8 @@
---
# file: host_vars/10.30.51.70.yaml
-hostname: "s70-t13-sut1"
-grub:
- hugepagesz: "2M"
- hugepages: 32768
- iommu.passthrough: "1"
+hostname: "s70-nomad"
inventory_ipmi_hostname: "10.30.50.70"
-vfs_data_file: "csit-initialize-vfs-alt.sh"
-cpu_microarchitecture: "altra"
-
-intel_700_matrix: "dpdk22.03"
-mellanox_matrix: "dpdk23.11"
# User management.
users:
@@ -21,11 +12,8 @@ users:
ssh_key:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx"
- - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1"
- - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJIAgAKD47mDur3n5jeHXzId2uUFHKa5kBiF649YQsdBKeQyfMVysvN9immKSTvwo4BUlwqeKQq5aIWWpjKMJU2/WXe4WU1YVyKLYCAlbkYJ3WuIBKQ/fm2wb8M4oXtgkYb+wEr5RkP48WqtIo3Cm/L+1j6k5jiu5E1hKBmdaY1er5OG9nCpOHfN3e+VkWwIjqdHFphB9NIMu2X+1iKDwOq4+sIX6POweVvcGFZJ8djB4RRtnkuH5W89x7k8IM4e2w0SK/5yKfxNfN3CzWSQ1dsqpQFPbry7z8Oy+56mlRs15bv5TU9IJ78aDpp/FbSZPfVfmTfwFLUBIHMtEjLUGBrGPQN8p32ap+6a9st5Qfh7rVhIGyB/4npLmar9Nw0lJNX9nmKiD119bkwyuWZjk4s2ELvCAw9RBJCHP8AxXnLgieqkBebn00zoGL/gdQTxXKDJGe3SEbOk56AkkIynB6I7prERvnbIhGI/ObwrNKtfKliiIKq3iWTdBP6BfCgAOqgD6320G2VdZyXyh3oXyM2AlFXzuA8zc8wpZraUCX9J/iMoxhELcL0gpDFO4HUKxTt+uU45uNNK0DkXw3GDF/lr+oYvzJ45jX0qMExF6EHaKfplZxW0Nt9rPT8pKi9BC8dzdSHXuunA1PshvEfc7mLMtz0QdOXOvomtM2Jv84lw== jieqiang.wang@arm.com"
- - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPsm7Ny+8QYyJ5JEECF0sntRbsF3jRqdSItPTgcbBEFwfNBVd0ulmmkwPUVrcJRMfGuzp3vA3Ss/BgutfvNo3WD5G+WECnOWXiTzroM34oZQ6awoZujxlQsNGBRsiGTPNay6oFoS2hIaW5OB/QHZwZH8HVYcc53oyM0uC72ItnCg5cvSS5v1XaoQby0pUsu2v5uSOm35XV/N2ishcF3sxfCjTMZEODCwYdcb1xOflzIWlIk7ZSDNzOlpmG/jZNDfc7V2GHvGz7WnBFkjkcVH86SEVcQmsc7yyQD1UUG/EZ5AA75vbH4vFye4cISTWpBZik5CbkElxvX9XrfFxtYEM/ tianyu.li@arm.com"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM"
sshd_disable_password_login: true
@@ -41,13 +29,15 @@ nomad_certificates:
nomad_datacenter: "yul1"
nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}"
nomad_node_role: "client"
-nomad_node_class: "csitarm"
+nomad_node_class: "builder"
nomad_options:
driver.raw_exec.enable: 1
docker.cleanup.image: false
docker.privileged.enabled: true
docker.volumes.enabled: true
driver.whitelist: "docker,raw_exec,exec"
+ fingerprint.network.disallow_link_local: true
+ artifact.disable_filesystem_isolation: true
nomad_service_mgr: "systemd"
nomad_consul_use_ssl: false
nomad_use_tls: false
@@ -55,11 +45,11 @@ nomad_tls_http: false
nomad_tls_rpc: false
nomad_use_vault: false
nomad_retry_servers:
- - "10.30.51.23"
+ - "10.30.51.26"
- "10.30.51.24"
- "10.30.51.25"
nomad_servers:
- - "10.30.51.23:4647"
+ - "10.30.51.26:4647"
- "10.30.51.24:4647"
- "10.30.51.25:4647"
@@ -83,7 +73,7 @@ consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
consul_retry_join: true
consul_retry_servers:
- - "10.30.51.23"
+ - "10.30.51.26"
- "10.30.51.24"
- "10.30.51.25"
consul_service_mgr: "systemd"
@@ -93,8 +83,6 @@ vault_version: "1.17.2"
# Docker settings.
docker_daemon:
- default-shm-size: "1073741824"
-# dns: ["172.17.0.1"]
-# dns-opts: []
-# dns-search: ["{{ansible_hostname}}"]
-# host: ["172.17.0.1:/var/run/docker.sock"]
+ dns: ["172.17.0.1"]
+ dns-opts: []
+ dns-search: ["{{ansible_hostname}}"]
diff --git a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml
index baee725a4f..d4941242c4 100644
--- a/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml
+++ b/fdio.infra.ansible/inventories/lf_inventory/host_vars/10.30.51.71.yaml
@@ -1,17 +1,8 @@
---
# file: host_vars/10.30.51.71.yaml
-hostname: "s71-t14-sut1"
-grub:
- hugepagesz: "2M"
- hugepages: 32768
- iommu.passthrough: "1"
+hostname: "s71-nomad"
inventory_ipmi_hostname: "10.30.50.71"
-vfs_data_file: "csit-initialize-vfs-alt.sh"
-cpu_microarchitecture: "altra"
-
-intel_700_matrix: "dpdk22.03"
-mellanox_matrix: "dpdk23.11"
# User management.
users:
@@ -21,11 +12,8 @@ users:
ssh_key:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKM1D1kkGX1l7fSma1MOgw2yLI7zJHwTCcfVROQ4hh7r peter.mikus@protonmail.ch"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCG7Shfr7ASXXwpazYDGFzChGl7i4HgY9n81GTwc17B/O19IiJdrxFcBQH19HMuTFtWU4d9bQ6xgzz2pojBN13L3pEsStCHovDlEYbvfRxI2l2hcAAop1j1E4izHAS9IvCoy1AgWqBg6tsfP5mzOwGbSbcdI9ADRKIHgDTVbHg9SqKed27bNOLU0u3/5ra2Oar/tVIW37geEqFV/nHIBZ03Y/mszvXP/t/hP5bgJIGJKkzTjLd1aqEcuGmubW+wTQnVnrhFB87dw91gPj6BVyV0+7Vt1wrvPKqP2sGJhojAMSrBQBySnlrYgEg00bwDgNGFevatfG9+nTId+nhoKBkXya3MjSp4HwrGqGcij3/h7ovlau3/iRhkqlSeqenaNm4zKTAXRTnb60j2WKa6im0zdqJX98anp4mhjE8xHhmmfZV3vRT8mtY4hF/lg79miXFHpWH97bZV6r/D9qj1HWI/laJfOC5MOJdRcLETwtsUNMHeHtVnY3yu0XFYNcl2Xwajtnz3waF7vn1QHvAM9p878+JrO/IEUqEc0yZWVvlhZ7Krx1pS+APoMy8097MYDGFzFTkYSstKLGbgm/S7dEiWuSVxmMUxW7JYO3gHrQ3f1EvAYh2UFdWy76Dzr5II9UpVwOwF+HL/Oy8Sk77bPaK+tn7Kh4Tx7WWE0+EOAgElQ== ayourtch@ayourtch-lnx"
- - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXUbbhesOpvPF+KI8nq4TXvEO/Un1aU/ehZ9clCyw9C40xjDkX2BlcX8WeHxFHe7fjFaCd07Vg73rn/3M9uNDnDxvjH1GQ0twvi3iBTO4PkHBBfGF9qnE8MYzno6FvlsVKLuUuPbfm8kbOQ+ZDfdXq6gdtXh0hSYYkqC1heNPCNsqaakkB99Edyle+Ot0V7cpW+Yo2wo98KuX/cgUEhVoA8QnNVE7zaWcjSXBZEteoA4gLpAbV6p67/d6H/2ykHTidBViYTEsHco56tJoA4nTPuAupDOLBcWXgF5TAN6z1aCn2JA1DDfniLakgrZ5oVj2qHhUmbxQAtnKQfHADjqzV jlinkes@jlinkes"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0GXoSGDZ95TE/TT3kf4ZS3Tiso0UO3MVhqAqZ/F6LOvLyqnMPfhxPz1XpHsDikxvKgwhZvdBm1dWbKkPsD7jtw0PGphQO8QuEwBd2ZMvxZ4Qg6lNDUl5x3zRO2nkbKpcqnOugGLTtXP+yfw/wfQ2HNFLDP9gE90xegsPT83PmRUntQlhbS3ByHcCSUScC+Y1heZXuoKNyrmUY46lxkKsNfhx8sQKo0YhB21atV/mcAQbAaO2LggmaQYGtWizqPNGWIRsi9W8ZYnKva67c3Pbv/TTfaqmrNCwOXJ8G9oL+/3MlKbl3b5mYlTs2a/e9yVgMNwUZVX7aiHpgPgaVjL6j swdev@BradyBunch-MacMini.local"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmo2YP4t/f58AAYH72rOe5VjYjk3wb/GY3aJEd5s9WspLhnsY0xBL67C+4kMq6VmQQvg0cUB8RJSFX1tUXMHCorVWnXNHkYomx0MCPcPUpVHuRyEqczYJ2pzgZsPzoEfw9E5hTrAiGzYFNAS/NOSavapVMDZxa1zsX7+sWQvJfmVtJWpcTQb0TkoWXRsy0YM3PYfUbYvK7lR3lGwyhwCcJn0WwWGreFB7bIok0poqqX5BgJ/okZuvC8II+UfuGoBHNhg49oqST1JlNi9gRqDNmLWkHRaneWZiF+Y2hdN3PRCdkt1x3eU0R+cdi5kPKslb6P0lsjOEA7fDLlq1+T2z1"
- - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDJIAgAKD47mDur3n5jeHXzId2uUFHKa5kBiF649YQsdBKeQyfMVysvN9immKSTvwo4BUlwqeKQq5aIWWpjKMJU2/WXe4WU1YVyKLYCAlbkYJ3WuIBKQ/fm2wb8M4oXtgkYb+wEr5RkP48WqtIo3Cm/L+1j6k5jiu5E1hKBmdaY1er5OG9nCpOHfN3e+VkWwIjqdHFphB9NIMu2X+1iKDwOq4+sIX6POweVvcGFZJ8djB4RRtnkuH5W89x7k8IM4e2w0SK/5yKfxNfN3CzWSQ1dsqpQFPbry7z8Oy+56mlRs15bv5TU9IJ78aDpp/FbSZPfVfmTfwFLUBIHMtEjLUGBrGPQN8p32ap+6a9st5Qfh7rVhIGyB/4npLmar9Nw0lJNX9nmKiD119bkwyuWZjk4s2ELvCAw9RBJCHP8AxXnLgieqkBebn00zoGL/gdQTxXKDJGe3SEbOk56AkkIynB6I7prERvnbIhGI/ObwrNKtfKliiIKq3iWTdBP6BfCgAOqgD6320G2VdZyXyh3oXyM2AlFXzuA8zc8wpZraUCX9J/iMoxhELcL0gpDFO4HUKxTt+uU45uNNK0DkXw3GDF/lr+oYvzJ45jX0qMExF6EHaKfplZxW0Nt9rPT8pKi9BC8dzdSHXuunA1PshvEfc7mLMtz0QdOXOvomtM2Jv84lw== jieqiang.wang@arm.com"
- - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPsm7Ny+8QYyJ5JEECF0sntRbsF3jRqdSItPTgcbBEFwfNBVd0ulmmkwPUVrcJRMfGuzp3vA3Ss/BgutfvNo3WD5G+WECnOWXiTzroM34oZQ6awoZujxlQsNGBRsiGTPNay6oFoS2hIaW5OB/QHZwZH8HVYcc53oyM0uC72ItnCg5cvSS5v1XaoQby0pUsu2v5uSOm35XV/N2ishcF3sxfCjTMZEODCwYdcb1xOflzIWlIk7ZSDNzOlpmG/jZNDfc7V2GHvGz7WnBFkjkcVH86SEVcQmsc7yyQD1UUG/EZ5AA75vbH4vFye4cISTWpBZik5CbkElxvX9XrfFxtYEM/ tianyu.li@arm.com"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWDIudZUaHp6pPkYmBsBeEYcbUoGGZH73eB374g8e9V3dfT7BuJOMR/Z3LxCGw5GcDDgzJHLQr8AykN7lUscaux68CXSf1CAKhfBeWBOCQD4G5tpmD6610jsiBig6bFISKpGW4nLt80yt3bKEqv6ezt35QuMeh3E45uK/pCRfDcukOThbwYG44xr7TeYAyNacWuNV9HDy5DzjBelElmolTOgjtZEbedmIcUbV/gb8yekUxxBTS3d3I5qVLtNRMHPqp9xbJqteRXIphizDlHbaTHZeVy9mrwi1RuTjDSg7p1OPJ9eVIzMYzk87gbwNxZw8481Xb1WsgGmyH/mXJjD1 najoy@NAJOY-M-505G.CISCO.COM"
sshd_disable_password_login: true
@@ -41,13 +29,15 @@ nomad_certificates:
nomad_datacenter: "yul1"
nomad_node_name: "{{ hostname }}-{{ ansible_architecture }}"
nomad_node_role: "client"
-nomad_node_class: "csitarm"
+nomad_node_class: "builder"
nomad_options:
driver.raw_exec.enable: 1
docker.cleanup.image: false
docker.privileged.enabled: true
docker.volumes.enabled: true
driver.whitelist: "docker,raw_exec,exec"
+ fingerprint.network.disallow_link_local: true
+ artifact.disable_filesystem_isolation: true
nomad_service_mgr: "systemd"
nomad_consul_use_ssl: false
nomad_use_tls: false
@@ -55,11 +45,11 @@ nomad_tls_http: false
nomad_tls_rpc: false
nomad_use_vault: false
nomad_retry_servers:
- - "10.30.51.23"
+ - "10.30.51.26"
- "10.30.51.24"
- "10.30.51.25"
nomad_servers:
- - "10.30.51.23:4647"
+ - "10.30.51.26:4647"
- "10.30.51.24:4647"
- "10.30.51.25:4647"
@@ -83,7 +73,7 @@ consul_encrypt: "Y4T+5JGx1C3l2NFBBvkTWQ=="
consul_node_name: "{{ ansible_hostname }}"
consul_retry_join: true
consul_retry_servers:
- - "10.30.51.23"
+ - "10.30.51.26"
- "10.30.51.24"
- "10.30.51.25"
consul_service_mgr: "systemd"
@@ -93,8 +83,6 @@ vault_version: "1.17.2"
# Docker settings.
docker_daemon:
- default-shm-size: "1073741824"
-# dns: ["172.17.0.1"]
-# dns-opts: []
-# dns-search: ["{{ansible_hostname}}"]
-# host: ["172.17.0.1:/var/run/docker.sock"]
+ dns: ["172.17.0.1"]
+ dns-opts: []
+ dns-search: ["{{ansible_hostname}}"]
diff --git a/fdio.infra.ansible/roles/docker/defaults/main.yaml b/fdio.infra.ansible/roles/docker/defaults/main.yaml
index e0338fb5ad..bb22541f7c 100644
--- a/fdio.infra.ansible/roles/docker/defaults/main.yaml
+++ b/fdio.infra.ansible/roles/docker/defaults/main.yaml
@@ -18,18 +18,4 @@ docker_apt_repository: "deb https://download.docker.com/linux/{{ ansible_distrib
docker_apt_repository_state: present
docker_apt_ignore_key_error: true
docker_apt_gpg_key: "https://download.docker.com/linux/{{ ansible_distribution | lower }}/gpg"
-docker_apt_gpg_key_state: present
-
-# Used only for RedHat/CentOS/Fedora.
-docker_yum_repo_url: https://download.docker.com/linux/{{ (ansible_distribution == "Fedora") | ternary("fedora","centos") }}/docker-{{ docker_edition }}.repo
-docker_yum_repo_enable_edge: "0"
-docker_yum_repo_enable_test: "0"
-docker_yum_gpg_key: https://download.docker.com/linux/centos/gpg
-
-# Proxy settings.
-docker_daemon_environment_http:
- - "HTTP_PROXY={{ proxy_env.http_proxy }}"
- - "NO_PROXY={{ proxy_env.no_proxy }}"
-docker_daemon_environment_https:
- - "HTTPS_PROXY={{ proxy_env.https_proxy }}"
- - "NO_PROXY={{ proxy_env.no_proxy }}"
+docker_apt_gpg_key_state: present \ No newline at end of file
diff --git a/fdio.infra.ansible/roles/docker/handlers/main.yaml b/fdio.infra.ansible/roles/docker/handlers/main.yaml
index c8c3328cac..a35a20b662 100644
--- a/fdio.infra.ansible/roles/docker/handlers/main.yaml
+++ b/fdio.infra.ansible/roles/docker/handlers/main.yaml
@@ -1,7 +1,7 @@
---
# file handlers/main.yaml
-- name: Restart Docker
+- name: "Restart Docker"
ansible.builtin.service:
name: "docker"
state: "{{ docker_restart_handler_state }}"
diff --git a/fdio.infra.ansible/roles/docker/meta/main.yaml b/fdio.infra.ansible/roles/docker/meta/main.yaml
index 0a1fe9787b..286406bf38 100644
--- a/fdio.infra.ansible/roles/docker/meta/main.yaml
+++ b/fdio.infra.ansible/roles/docker/meta/main.yaml
@@ -14,6 +14,7 @@ galaxy_info:
- name: "Ubuntu"
versions:
- "jammy"
+ - "noble"
- name: "Debian"
versions:
- "bookworm"
diff --git a/fdio.infra.ansible/roles/docker/tasks/main.yaml b/fdio.infra.ansible/roles/docker/tasks/main.yaml
index 4146dbbadf..25c9ea42ec 100644
--- a/fdio.infra.ansible/roles/docker/tasks/main.yaml
+++ b/fdio.infra.ansible/roles/docker/tasks/main.yaml
@@ -30,16 +30,6 @@
tags:
- docker-conf-service
-- name: "Docker Service Directory"
- ansible.builtin.file:
- path: "/etc/systemd/system/docker.service.d"
- state: "directory"
- mode: "0755"
- when:
- - docker_service_mgr == "systemd"
- tags:
- - docker-conf-service
-
- name: "Configure Docker Daemon"
ansible.builtin.template:
src: "templates/daemon.json.j2"
@@ -55,37 +45,5 @@
tags:
- docker-conf-daemon
-- name: "Configure Docker HTTP Proxy"
- ansible.builtin.template:
- src: "templates/docker.service.proxy.http"
- dest: "/etc/systemd/system/docker.service.d/http-proxy.conf"
- owner: "root"
- group: "root"
- mode: "0644"
- notify:
- - "Restart Docker"
- when: >
- proxy_env is defined and
- proxy_env.http_proxy is defined and
- docker_service_mgr == "systemd"
- tags:
- - docker-conf-service
-
-- name: "Configure Docker HTTPS Proxy"
- ansible.builtin.template:
- src: "templates/docker.service.proxy.https"
- dest: "/etc/systemd/system/docker.service.d/https-proxy.conf"
- owner: "root"
- group: "root"
- mode: "0644"
- notify:
- - "Restart Docker"
- when: >
- proxy_env is defined and
- proxy_env.https_proxy is defined and
- docker_service_mgr == "systemd"
- tags:
- - docker-conf-service
-
- name: "Meta - Flush handlers"
ansible.builtin.meta: flush_handlers
diff --git a/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.http b/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.http
deleted file mode 100644
index 73ceba3870..0000000000
--- a/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.http
+++ /dev/null
@@ -1,4 +0,0 @@
-# {{ ansible_managed }}
-
-[Service]
-Environment="{{ docker_daemon_environment_http | join('" "') }}"
diff --git a/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.https b/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.https
deleted file mode 100644
index 1c2097eb9d..0000000000
--- a/fdio.infra.ansible/roles/docker/templates/docker.service.proxy.https
+++ /dev/null
@@ -1,4 +0,0 @@
-# {{ ansible_managed }}
-
-[Service]
-Environment="{{ docker_daemon_environment_https | join('" "') }}"