diff options
Diffstat (limited to 'sw_config/bmra')
-rw-r--r-- | sw_config/bmra/ansible.cfg | 15 | ||||
-rw-r--r-- | sw_config/bmra/patched_rhel_packages.yml | 226 | ||||
-rw-r--r-- | sw_config/bmra/patched_vfio.yml | 38 |
3 files changed, 272 insertions, 7 deletions
diff --git a/sw_config/bmra/ansible.cfg b/sw_config/bmra/ansible.cfg new file mode 100644 index 0000000..1808b58 --- /dev/null +++ b/sw_config/bmra/ansible.cfg @@ -0,0 +1,15 @@ +[ssh_connection] +pipelining=True +ssh_args = -o ControlMaster=auto -o ControlPersist=30m -o ConnectionAttempts=100 -o UserKnownHostsFile=/dev/null -o ServerAliveInterval=60 -o ServerAliveCountMax=10 + +[defaults] +force_valid_group_names = ignore +display_skipped_hosts = no +host_key_checking = False +gathering = smart + +fact_caching = jsonfile +fact_caching_connection = /tmp +fact_caching_timeout = 7200 + +action_plugins=./action_plugins:~/.ansible/plugins/action:/usr/share/ansible/plugins/action diff --git a/sw_config/bmra/patched_rhel_packages.yml b/sw_config/bmra/patched_rhel_packages.yml new file mode 100644 index 0000000..7e65484 --- /dev/null +++ b/sw_config/bmra/patched_rhel_packages.yml @@ -0,0 +1,226 @@ +## +## Copyright (c) 2020-2021 Intel Corporation. +## +## Licensed under the Apache License, Version 2.0 (the "License"); +## you may not use this file except in compliance with the License. +## You may obtain a copy of the License at +## +## http://www.apache.org/licenses/LICENSE-2.0 +## +## Unless required by applicable law or agreed to in writing, software +## distributed under the License is distributed on an "AS IS" BASIS, +## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +## See the License for the specific language governing permissions and +## limitations under the License. +## +--- +- name: enable PowerTools repository on CentOS >= 8 and < 8.3 +# noqa 303 - yum is called intenionallly here + command: yum config-manager --set-enabled PowerTools + when: + - ansible_distribution == "CentOS" + - ansible_distribution_version >= '8' and ansible_distribution_version < '8.3' + +- name: enable PowerTools repository on CentOS >= 8.3 +# noqa 303 - yum is called intenionallly here + command: yum config-manager --set-enabled powertools + when: + - ansible_distribution == "CentOS" + - ansible_distribution_version >= '8.3' + +- name: enable CodeReady Linux Builder repository on RHEL 8 + rhsm_repository: + name: codeready-builder-for-rhel-8-x86_64-rpms + when: + - ansible_distribution == "RedHat" + - ansible_distribution_version >= '8' + +- name: install epel-release on CentOS + package: + name: epel-release + when: + - ansible_distribution == "CentOS" + +- name: obtain EPEL GPG key on RHEL8 + rpm_key: + state: present + key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8 + when: + - ansible_distribution == "RedHat" + - ansible_distribution_version >= '8' + +- name: install epel-release on RHEL8 + package: + name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm + when: + - ansible_distribution == "RedHat" + - ansible_distribution_version >= '8' + +- name: get full distribution versions + command: cat /etc/redhat-release + register: release + changed_when: true + +- name: set full distribution version + set_fact: + full_dist_version: "{{ release.stdout | regex_replace('.*(\\d+.\\d+.\\d\\d\\d\\d).*', '\\1') }}" + +- name: update CentOS Vault yum repository on CentOS 7 + yum_repository: + name: C{{ full_dist_version }}-base + description: CentOS-{{ full_dist_version }} - Base + file: CentOS-Vault + baseurl: http://vault.centos.org/{{ full_dist_version }}/os/$basearch/ + gpgcheck: yes + gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-{{ ansible_distribution_major_version }} + enabled: yes + when: + - ansible_distribution == "CentOS" + - ansible_distribution_version < '7.9' + - not update_kernel + +#- name: update CentOS Vault yum repository on CentOS 8 +# yum_repository: +# name: C{{ full_dist_version }}-base +# description: CentOS-{{ full_dist_version }} - Base +# file: CentOS-Vault +# baseurl: http://vault.centos.org/{{ full_dist_version }}/BaseOS/$basearch/os/ +# baseurl: http://vault.centos.org/{{ full_dist_version }}/BaseOS/Source/ +# gpgcheck: yes +# gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial +# enabled: yes +# when: +# - ansible_distribution == "CentOS" +# - ansible_distribution_version >= '8' and ansible_distribution_version < '8.3' +# - not update_kernel + +# CentOS-Vault repo not working for CentOS 8, so install kernel headers directly +- name: pull matching kernel headers on CentOS 8.2 + package: + name: "{{ item }}" + state: present + register: source_status + with_items: + - "https://vault.centos.org/8.2.2004/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-193.el8.x86_64.rpm" + - "https://vault.centos.org/8.2.2004/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-193.el8.x86_64.rpm" + when: + - ansible_distribution == "CentOS" + - ansible_distribution_version == '8.2' + - not update_kernel + +- name: pull matching kernel headers on CentOS 8.3 + package: + name: "{{ item }}" + state: present + register: source_status + with_items: + - "http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-240.el8.x86_64.rpm" + - "http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-240.el8.x86_64.rpm" +# - "https://vault.centos.org/8.3.2011/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-240.el8.x86_64.rpm" +# - "https://vault.centos.org/8.3.2011/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-240.el8.x86_64.rpm" + when: + - ansible_distribution == "CentOS" + - ansible_distribution_version == '8.3' + - not update_kernel + +# pull the matching kernel headers if kernel is not updated +- name: pull matching kernel headers from configured repos +# noqa 503 - more than one condition, can't be a handler + package: + name: + - kernel-headers-{{ ansible_kernel }} + - kernel-devel-{{ ansible_kernel }} + register: kernel_source + retries: 3 + until: kernel_source is success + when: + - not source_status.changed + - ansible_os_family == "RedHat" + - not update_kernel + +- name: install the 'Development tools' package group + package: + name: "@Development tools" + when: + - ansible_os_family == "RedHat" + +- name: install pip + package: + name: python-pip + when: + - ansible_distribution in ["RedHat", "CentOS"] + - ansible_distribution_version < '8' + +- name: install pip + package: + name: python3-pip + when: + - ansible_distribution in ["RedHat", "CentOS"] + - ansible_distribution_version >= '8' + +- name: update all packages + package: + name: '*' + state: latest # noqa 403 + exclude: kernel* + when: + - ansible_os_family == "RedHat" + - update_all_packages | default(false) + +- name: update to the latest kernel and kernel headers on the Red Hat OS family + package: + name: + - kernel + - kernel-devel + state: latest # noqa 403 + notify: + - reboot server + when: + - ansible_os_family == "RedHat" + - update_kernel | default(false) + +#note(przemeklal): fixes issue with missing selinux in packet.net CentOS 7 images +- name: ensure selinux is installed on CentOS/RHEL 7 + package: + name: + - policycoreutils + - policycoreutils-python + - selinux-policy + - selinux-policy-targeted + - libselinux-utils + - setools + - setools-console + - shtool + - lshw + state: present + when: + - ansible_distribution in ["RedHat", "CentOS"] + - ansible_distribution_version < '8' + +# Workaround for Equinix Metal CentOS 7 +- name: set selinux to permissive + lineinfile: + path: "/etc/sysconfig/selinux" + regexp: '^SELINUX=enforcing' + line: 'SELINUX=permissive' + when: + - ansible_distribution in ["RedHat", "CentOS"] + - ansible_distribution_version < '8' + +- name: Set python is python3 + alternatives: + name: python + path: /usr/bin/python3 + link: /usr/bin/python + when: + - ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' + - ansible_distribution_version >= '8' + +- name: install command line tools to collect hardware details + package: + name: + - hwinfo + - inxi + - jq + state: present + when: ansible_distribution in ["RedHat", "CentOS"] diff --git a/sw_config/bmra/patched_vfio.yml b/sw_config/bmra/patched_vfio.yml index c0a6e25..81d4ab5 100644 --- a/sw_config/bmra/patched_vfio.yml +++ b/sw_config/bmra/patched_vfio.yml @@ -1,5 +1,5 @@ ## -## Copyright (c) 2020 Intel Corporation. +## Copyright (c) 2020-2021 Intel Corporation. ## ## Licensed under the Apache License, Version 2.0 (the "License"); ## you may not use this file except in compliance with the License. @@ -18,17 +18,41 @@ - name: Check that selected driver module is available # if modinfo fails, lookup loaded modules as modinfo might return error # for igb_uio and potentially other modules not included with the kernel - shell: "modinfo {{ vf_driver }} || grep {{ vf_driver }} /proc/modules || grep {{ vf_driver }} /lib/modules/$(uname -r)/modules.builtin" + shell: "modinfo {{ vf_driver.value }} || grep {{ vf_driver.value }} /proc/modules || grep {{ vf_driver.value }} /lib/modules/$(uname -r)/modules.builtin" register: shell_result ignore_errors: yes failed_when: no changed_when: no + with_dict: "{{ item.sriov_vfs | default({}) | combine({'default': item.default_vf_driver}) }}" + loop_control: + loop_var: vf_driver + +- name: pre-create empty dict for VFs + set_fact: + vfs_acc: {} + +- name: populate VFs dict with values + set_fact: + vfs_acc: "{{ vfs_acc | combine({idx : item.default_vf_driver}) }}" + loop: "{{ range(item.sriov_numvfs | default(0) | int) | list }}" + loop_control: + index_var: idx + loop_var: vf_default + +- name: update VFs dict with default drivers + set_fact: + vfs_acc: "{{ vfs_acc | combine({vf.key | regex_replace('.*_(\\d*)', '\\1') | int : vf.value}) }}" + loop: "{{ item.sriov_vfs | default({}) | dict2items | sort(attribute='key') }}" + loop_control: + loop_var: vf + extended: yes + when: ansible_loop.index < (item.sriov_numvfs | default(0) | int ) # get a list of VFs PCI addresses and save the configuration - name: attach VFs driver block: - name: fetch VFs pci addresses for a PF - shell: "for vf in /sys/class/net/{{ pfname }}/device/virtfn*;do basename $(readlink -f $vf);done" + shell: "for vf in /sys/class/net/{{ item.name }}/device/virtfn*;do basename $(readlink -f $vf);done | sort" register: vf_pciids args: executable: /bin/bash @@ -37,16 +61,16 @@ - name: save VF driver binding lineinfile: path: "{{ sriov_config_path }}/bmra_interfaces" - line: "{{ this_item }} {{ vf_driver }}" - regexp: "^{{ this_item }}" + line: "{{ this_item[0] }} {{ this_item[1].value }}" + regexp: "^{{ this_item[0] }}" create: yes owner: root group: root mode: '0600' - loop: "{{ vf_pciids.stdout_lines }}" + loop: "{{ vf_pciids.stdout_lines | zip(vfs_acc | dict2items) | list }}" loop_control: loop_var: this_item when: - vf_pciids.stderr|length == 0 - vf_pciids.stdout_lines|length > 0 - when: shell_result.rc == 0 + when: shell_result.results | sum(attribute='rc') == 0 |