summaryrefslogtreecommitdiffstats
path: root/sw_config/bmra
diff options
context:
space:
mode:
Diffstat (limited to 'sw_config/bmra')
-rw-r--r--sw_config/bmra/ansible.cfg15
-rw-r--r--sw_config/bmra/patched_rhel_packages.yml226
-rw-r--r--sw_config/bmra/patched_vfio.yml38
3 files changed, 272 insertions, 7 deletions
diff --git a/sw_config/bmra/ansible.cfg b/sw_config/bmra/ansible.cfg
new file mode 100644
index 0000000..1808b58
--- /dev/null
+++ b/sw_config/bmra/ansible.cfg
@@ -0,0 +1,15 @@
+[ssh_connection]
+pipelining=True
+ssh_args = -o ControlMaster=auto -o ControlPersist=30m -o ConnectionAttempts=100 -o UserKnownHostsFile=/dev/null -o ServerAliveInterval=60 -o ServerAliveCountMax=10
+
+[defaults]
+force_valid_group_names = ignore
+display_skipped_hosts = no
+host_key_checking = False
+gathering = smart
+
+fact_caching = jsonfile
+fact_caching_connection = /tmp
+fact_caching_timeout = 7200
+
+action_plugins=./action_plugins:~/.ansible/plugins/action:/usr/share/ansible/plugins/action
diff --git a/sw_config/bmra/patched_rhel_packages.yml b/sw_config/bmra/patched_rhel_packages.yml
new file mode 100644
index 0000000..7e65484
--- /dev/null
+++ b/sw_config/bmra/patched_rhel_packages.yml
@@ -0,0 +1,226 @@
+##
+## Copyright (c) 2020-2021 Intel Corporation.
+##
+## Licensed under the Apache License, Version 2.0 (the "License");
+## you may not use this file except in compliance with the License.
+## You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+##
+---
+- name: enable PowerTools repository on CentOS >= 8 and < 8.3
+# noqa 303 - yum is called intenionallly here
+ command: yum config-manager --set-enabled PowerTools
+ when:
+ - ansible_distribution == "CentOS"
+ - ansible_distribution_version >= '8' and ansible_distribution_version < '8.3'
+
+- name: enable PowerTools repository on CentOS >= 8.3
+# noqa 303 - yum is called intenionallly here
+ command: yum config-manager --set-enabled powertools
+ when:
+ - ansible_distribution == "CentOS"
+ - ansible_distribution_version >= '8.3'
+
+- name: enable CodeReady Linux Builder repository on RHEL 8
+ rhsm_repository:
+ name: codeready-builder-for-rhel-8-x86_64-rpms
+ when:
+ - ansible_distribution == "RedHat"
+ - ansible_distribution_version >= '8'
+
+- name: install epel-release on CentOS
+ package:
+ name: epel-release
+ when:
+ - ansible_distribution == "CentOS"
+
+- name: obtain EPEL GPG key on RHEL8
+ rpm_key:
+ state: present
+ key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
+ when:
+ - ansible_distribution == "RedHat"
+ - ansible_distribution_version >= '8'
+
+- name: install epel-release on RHEL8
+ package:
+ name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
+ when:
+ - ansible_distribution == "RedHat"
+ - ansible_distribution_version >= '8'
+
+- name: get full distribution versions
+ command: cat /etc/redhat-release
+ register: release
+ changed_when: true
+
+- name: set full distribution version
+ set_fact:
+ full_dist_version: "{{ release.stdout | regex_replace('.*(\\d+.\\d+.\\d\\d\\d\\d).*', '\\1') }}"
+
+- name: update CentOS Vault yum repository on CentOS 7
+ yum_repository:
+ name: C{{ full_dist_version }}-base
+ description: CentOS-{{ full_dist_version }} - Base
+ file: CentOS-Vault
+ baseurl: http://vault.centos.org/{{ full_dist_version }}/os/$basearch/
+ gpgcheck: yes
+ gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-{{ ansible_distribution_major_version }}
+ enabled: yes
+ when:
+ - ansible_distribution == "CentOS"
+ - ansible_distribution_version < '7.9'
+ - not update_kernel
+
+#- name: update CentOS Vault yum repository on CentOS 8
+# yum_repository:
+# name: C{{ full_dist_version }}-base
+# description: CentOS-{{ full_dist_version }} - Base
+# file: CentOS-Vault
+# baseurl: http://vault.centos.org/{{ full_dist_version }}/BaseOS/$basearch/os/
+# baseurl: http://vault.centos.org/{{ full_dist_version }}/BaseOS/Source/
+# gpgcheck: yes
+# gpgkey: file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
+# enabled: yes
+# when:
+# - ansible_distribution == "CentOS"
+# - ansible_distribution_version >= '8' and ansible_distribution_version < '8.3'
+# - not update_kernel
+
+# CentOS-Vault repo not working for CentOS 8, so install kernel headers directly
+- name: pull matching kernel headers on CentOS 8.2
+ package:
+ name: "{{ item }}"
+ state: present
+ register: source_status
+ with_items:
+ - "https://vault.centos.org/8.2.2004/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-193.el8.x86_64.rpm"
+ - "https://vault.centos.org/8.2.2004/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-193.el8.x86_64.rpm"
+ when:
+ - ansible_distribution == "CentOS"
+ - ansible_distribution_version == '8.2'
+ - not update_kernel
+
+- name: pull matching kernel headers on CentOS 8.3
+ package:
+ name: "{{ item }}"
+ state: present
+ register: source_status
+ with_items:
+ - "http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-240.el8.x86_64.rpm"
+ - "http://mirror.centos.org/centos/8/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-240.el8.x86_64.rpm"
+# - "https://vault.centos.org/8.3.2011/BaseOS/x86_64/os/Packages/kernel-headers-4.18.0-240.el8.x86_64.rpm"
+# - "https://vault.centos.org/8.3.2011/BaseOS/x86_64/os/Packages/kernel-devel-4.18.0-240.el8.x86_64.rpm"
+ when:
+ - ansible_distribution == "CentOS"
+ - ansible_distribution_version == '8.3'
+ - not update_kernel
+
+# pull the matching kernel headers if kernel is not updated
+- name: pull matching kernel headers from configured repos
+# noqa 503 - more than one condition, can't be a handler
+ package:
+ name:
+ - kernel-headers-{{ ansible_kernel }}
+ - kernel-devel-{{ ansible_kernel }}
+ register: kernel_source
+ retries: 3
+ until: kernel_source is success
+ when:
+ - not source_status.changed
+ - ansible_os_family == "RedHat"
+ - not update_kernel
+
+- name: install the 'Development tools' package group
+ package:
+ name: "@Development tools"
+ when:
+ - ansible_os_family == "RedHat"
+
+- name: install pip
+ package:
+ name: python-pip
+ when:
+ - ansible_distribution in ["RedHat", "CentOS"]
+ - ansible_distribution_version < '8'
+
+- name: install pip
+ package:
+ name: python3-pip
+ when:
+ - ansible_distribution in ["RedHat", "CentOS"]
+ - ansible_distribution_version >= '8'
+
+- name: update all packages
+ package:
+ name: '*'
+ state: latest # noqa 403
+ exclude: kernel*
+ when:
+ - ansible_os_family == "RedHat"
+ - update_all_packages | default(false)
+
+- name: update to the latest kernel and kernel headers on the Red Hat OS family
+ package:
+ name:
+ - kernel
+ - kernel-devel
+ state: latest # noqa 403
+ notify:
+ - reboot server
+ when:
+ - ansible_os_family == "RedHat"
+ - update_kernel | default(false)
+
+#note(przemeklal): fixes issue with missing selinux in packet.net CentOS 7 images
+- name: ensure selinux is installed on CentOS/RHEL 7
+ package:
+ name:
+ - policycoreutils
+ - policycoreutils-python
+ - selinux-policy
+ - selinux-policy-targeted
+ - libselinux-utils
+ - setools
+ - setools-console
+ - shtool
+ - lshw
+ state: present
+ when:
+ - ansible_distribution in ["RedHat", "CentOS"]
+ - ansible_distribution_version < '8'
+
+# Workaround for Equinix Metal CentOS 7
+- name: set selinux to permissive
+ lineinfile:
+ path: "/etc/sysconfig/selinux"
+ regexp: '^SELINUX=enforcing'
+ line: 'SELINUX=permissive'
+ when:
+ - ansible_distribution in ["RedHat", "CentOS"]
+ - ansible_distribution_version < '8'
+
+- name: Set python is python3
+ alternatives:
+ name: python
+ path: /usr/bin/python3
+ link: /usr/bin/python
+ when:
+ - ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat'
+ - ansible_distribution_version >= '8'
+
+- name: install command line tools to collect hardware details
+ package:
+ name:
+ - hwinfo
+ - inxi
+ - jq
+ state: present
+ when: ansible_distribution in ["RedHat", "CentOS"]
diff --git a/sw_config/bmra/patched_vfio.yml b/sw_config/bmra/patched_vfio.yml
index c0a6e25..81d4ab5 100644
--- a/sw_config/bmra/patched_vfio.yml
+++ b/sw_config/bmra/patched_vfio.yml
@@ -1,5 +1,5 @@
##
-## Copyright (c) 2020 Intel Corporation.
+## Copyright (c) 2020-2021 Intel Corporation.
##
## Licensed under the Apache License, Version 2.0 (the "License");
## you may not use this file except in compliance with the License.
@@ -18,17 +18,41 @@
- name: Check that selected driver module is available
# if modinfo fails, lookup loaded modules as modinfo might return error
# for igb_uio and potentially other modules not included with the kernel
- shell: "modinfo {{ vf_driver }} || grep {{ vf_driver }} /proc/modules || grep {{ vf_driver }} /lib/modules/$(uname -r)/modules.builtin"
+ shell: "modinfo {{ vf_driver.value }} || grep {{ vf_driver.value }} /proc/modules || grep {{ vf_driver.value }} /lib/modules/$(uname -r)/modules.builtin"
register: shell_result
ignore_errors: yes
failed_when: no
changed_when: no
+ with_dict: "{{ item.sriov_vfs | default({}) | combine({'default': item.default_vf_driver}) }}"
+ loop_control:
+ loop_var: vf_driver
+
+- name: pre-create empty dict for VFs
+ set_fact:
+ vfs_acc: {}
+
+- name: populate VFs dict with values
+ set_fact:
+ vfs_acc: "{{ vfs_acc | combine({idx : item.default_vf_driver}) }}"
+ loop: "{{ range(item.sriov_numvfs | default(0) | int) | list }}"
+ loop_control:
+ index_var: idx
+ loop_var: vf_default
+
+- name: update VFs dict with default drivers
+ set_fact:
+ vfs_acc: "{{ vfs_acc | combine({vf.key | regex_replace('.*_(\\d*)', '\\1') | int : vf.value}) }}"
+ loop: "{{ item.sriov_vfs | default({}) | dict2items | sort(attribute='key') }}"
+ loop_control:
+ loop_var: vf
+ extended: yes
+ when: ansible_loop.index < (item.sriov_numvfs | default(0) | int )
# get a list of VFs PCI addresses and save the configuration
- name: attach VFs driver
block:
- name: fetch VFs pci addresses for a PF
- shell: "for vf in /sys/class/net/{{ pfname }}/device/virtfn*;do basename $(readlink -f $vf);done"
+ shell: "for vf in /sys/class/net/{{ item.name }}/device/virtfn*;do basename $(readlink -f $vf);done | sort"
register: vf_pciids
args:
executable: /bin/bash
@@ -37,16 +61,16 @@
- name: save VF driver binding
lineinfile:
path: "{{ sriov_config_path }}/bmra_interfaces"
- line: "{{ this_item }} {{ vf_driver }}"
- regexp: "^{{ this_item }}"
+ line: "{{ this_item[0] }} {{ this_item[1].value }}"
+ regexp: "^{{ this_item[0] }}"
create: yes
owner: root
group: root
mode: '0600'
- loop: "{{ vf_pciids.stdout_lines }}"
+ loop: "{{ vf_pciids.stdout_lines | zip(vfs_acc | dict2items) | list }}"
loop_control:
loop_var: this_item
when:
- vf_pciids.stderr|length == 0
- vf_pciids.stdout_lines|length > 0
- when: shell_result.rc == 0
+ when: shell_result.results | sum(attribute='rc') == 0