summaryrefslogtreecommitdiffstats
path: root/sw_config
diff options
context:
space:
mode:
Diffstat (limited to 'sw_config')
-rw-r--r--sw_config/bmra/patched_k8s.yml4
-rw-r--r--sw_config/bmra/patched_preflight.yml174
-rw-r--r--sw_config/bmra/patched_rhel_packages.yml72
-rw-r--r--sw_config/bmra/patched_sriov_cni_install.yml8
-rw-r--r--sw_config/bmra/patched_vfio.yml2
5 files changed, 130 insertions, 130 deletions
diff --git a/sw_config/bmra/patched_k8s.yml b/sw_config/bmra/patched_k8s.yml
index fb0d43a..89aba6f 100644
--- a/sw_config/bmra/patched_k8s.yml
+++ b/sw_config/bmra/patched_k8s.yml
@@ -7,7 +7,7 @@
connection: local
tasks: []
roles:
- - { role: kubespray_install }
+ - {role: kubespray_install}
environment: "{{ proxy_env | d({}) }}"
any_errors_fatal: true
@@ -77,7 +77,7 @@
kubelet_node_custom_flags: "{{ kubelet_node_custom_flags_prepare | from_yaml }}"
kube_api_anonymous_auth: true
kube_feature_gates:
- - CPUManager=true # feature gate can be enabled by default, default policy is none in Kubernetes
+ - CPUManager=true # feature gate can be enabled by default, default policy is none in Kubernetes
- TopologyManager={{ topology_manager_enabled | default(true) }}
- RotateKubeletServerCertificate=true
# Kubernetes cluster hardening
diff --git a/sw_config/bmra/patched_preflight.yml b/sw_config/bmra/patched_preflight.yml
index ae401f9..c83879e 100644
--- a/sw_config/bmra/patched_preflight.yml
+++ b/sw_config/bmra/patched_preflight.yml
@@ -130,98 +130,98 @@
# Early check if SELinux is configured properly
- block:
- - name: "Collect packages facts"
- package_facts:
- - debug:
- msg:
- - "Current SELinux status:"
- - "status: {{ ansible_selinux.status | default('') }}"
- - "policy version: {{ ansible_selinux.policyvers | default('') }}"
- - "type: {{ ansible_selinux.type | default('') }}"
- - "mode: {{ ansible_selinux.mode | default('') }}"
- - "config_mode: {{ ansible_selinux.config_mode | default('') }}"
-
- - name: check selinux condition possibly causing system boot failure
- debug:
- msg:
- - "Current SELinux setup might cause the system possibly will not boot up on next reboot."
- - "Please, check SELinux settings and set it up according to the documentation."
- when:
- - "'selinux-policy' not in ansible_facts.packages"
- - "'selinux-policy-targeted' not in ansible_facts.packages"
+ - name: "Collect packages facts"
+ package_facts:
+ - debug:
+ msg:
+ - "Current SELinux status:"
+ - "status: {{ ansible_selinux.status | default('') }}"
+ - "policy version: {{ ansible_selinux.policyvers | default('') }}"
+ - "type: {{ ansible_selinux.type | default('') }}"
+ - "mode: {{ ansible_selinux.mode | default('') }}"
+ - "config_mode: {{ ansible_selinux.config_mode | default('') }}"
+
+ - name: check selinux condition possibly causing system boot failure
+ debug:
+ msg:
+ - "Current SELinux setup might cause the system possibly will not boot up on next reboot."
+ - "Please, check SELinux settings and set it up according to the documentation."
+ when:
+ - "'selinux-policy' not in ansible_facts.packages"
+ - "'selinux-policy-targeted' not in ansible_facts.packages"
when:
- ansible_os_family == "RedHat"
# STORY: "cmk requires isolcpus to be configured"
- block:
- - debug:
- msg:
- - cmk_enabled = {{ cmk_enabled }} (group_vars/all.yml)
- - cmk_use_all_hosts = {{ cmk_use_all_hosts }} (group_vars/all.yml)
- - cmk_hosts_list = {{ cmk_hosts_list | default('') }} (group_vars/all.yml)
- - cmk_shared_num_cores = {{ cmk_shared_num_cores }} (group_vars/all.yml)
- - cmk_exclusive_num_cores = {{ cmk_exclusive_num_cores }} (group_vars/all.yml)
- - isolcpus_enabled = {{ isolcpus_enabled }} (host_vars)
- - isolcpus = {{ isolcpus }} (host_vars)
- - ansible_processor_count = {{ ansible_processor_count }}
- - ansible_processor_cores = {{ ansible_processor_cores }}
- - ansible_processor_threads_per_core = {{ ansible_processor_threads_per_core }}
- - ansible_processor_vcpus = {{ ansible_processor_vcpus }}
- - CPUs Reserved for OS = 0...{{ ansible_processor_count - 1 }}
-# - CPUs Reserved for OS = {{ lookup('sequence','0-{{ ansible_processor_count - 1 }}').split(',') }} # [E207] Nested jinja pattern
-
- - name: Check Intel CMK Config
- assert:
- that: ({{ cmk_enabled }} and {{ isolcpus_enabled }} and "{{ isolcpus }}" | length > 0)
- msg:
- - Incorrect configuration pertaining Intel CMK. Conflicting or improper values detected
- - When Intel CMK is enabled, CPUs isolation ('isolcpus') must be set according to the example file for host_vars. Please correct the configuration
-
- - name: Split isolcpus Groups
- set_fact:
- isolcpus_groups: "{{ isolcpus.split(',') }}"
-
- - debug: msg="isolcpus_groups = {{ isolcpus_groups }}"
-
- - name: Filter isolcpus Ranges
- set_fact:
- isolcpus_ranges: "{{ isolcpus_ranges + [item] }}"
- with_items: "{{ isolcpus_groups }}"
- when: ("-" in item)
-
- - debug: msg="isolcpus_ranges = {{ isolcpus_ranges }}"
-
- - name: Filter isolcpus Discretes
- set_fact:
- isolcpus_discretes: "{{ isolcpus_discretes + [item] }}"
- with_items: "{{ isolcpus_groups }}"
- when: ("-" not in item)
-
- - debug: msg="isolcpus_discretes = {{ isolcpus_discretes }}"
-
- - name: Build isolcpus List
- set_fact:
- isolcpus_list: "{{ isolcpus_list | default([]) | union(isolcpus_discretes) | union([item]) }}"
- with_sequence: "{{ isolcpus_ranges }}"
-
- - debug: msg="isolcpus_list = {{ isolcpus_list }}"
-
- - name: Check isolcpus Total
- assert:
- that: "{{ isolcpus_list | length }} <= ansible_processor_vcpus"
- msg:
- - Incorrect configuration pertaining isolcpus. Conflicting or improper values detected
- - The number of isolcpus {{ isolcpus_list | length }}, exceeds total CPUs on target {{ ansible_processor_vcpus }}. Please correct the configuration
- when: isolcpus is defined
-
- - name: Check isolcpus IDs
- assert:
- that: "item | int <= ansible_processor_vcpus"
- msg:
- - Incorrect configuration pertaining isolcpus. Conflicting or improper values detected
- - The CPU ID {{ item }} set for isolcpus is NOT actually present on target. Please correct the configuration
- with_items: "{{ isolcpus_list }}"
- when: isolcpus is defined
+ - debug:
+ msg:
+ - cmk_enabled = {{ cmk_enabled }} (group_vars/all.yml)
+ - cmk_use_all_hosts = {{ cmk_use_all_hosts }} (group_vars/all.yml)
+ - cmk_hosts_list = {{ cmk_hosts_list | default('') }} (group_vars/all.yml)
+ - cmk_shared_num_cores = {{ cmk_shared_num_cores }} (group_vars/all.yml)
+ - cmk_exclusive_num_cores = {{ cmk_exclusive_num_cores }} (group_vars/all.yml)
+ - isolcpus_enabled = {{ isolcpus_enabled }} (host_vars)
+ - isolcpus = {{ isolcpus }} (host_vars)
+ - ansible_processor_count = {{ ansible_processor_count }}
+ - ansible_processor_cores = {{ ansible_processor_cores }}
+ - ansible_processor_threads_per_core = {{ ansible_processor_threads_per_core }}
+ - ansible_processor_vcpus = {{ ansible_processor_vcpus }}
+ - CPUs Reserved for OS = 0...{{ ansible_processor_count - 1 }}
+# - CPUs Reserved for OS = {{ lookup('sequence','0-{{ ansible_processor_count - 1 }}').split(',') }} # [E207] Nested jinja pattern
+
+ - name: Check Intel CMK Config
+ assert:
+ that: ({{ cmk_enabled }} and {{ isolcpus_enabled }} and "{{ isolcpus }}" | length > 0)
+ msg:
+ - Incorrect configuration pertaining Intel CMK. Conflicting or improper values detected
+ - When Intel CMK is enabled, CPUs isolation ('isolcpus') must be set according to the example file for host_vars. Please correct the configuration
+
+ - name: Split isolcpus Groups
+ set_fact:
+ isolcpus_groups: "{{ isolcpus.split(',') }}"
+
+ - debug: msg="isolcpus_groups = {{ isolcpus_groups }}"
+
+ - name: Filter isolcpus Ranges
+ set_fact:
+ isolcpus_ranges: "{{ isolcpus_ranges + [item] }}"
+ with_items: "{{ isolcpus_groups }}"
+ when: ("-" in item)
+
+ - debug: msg="isolcpus_ranges = {{ isolcpus_ranges }}"
+
+ - name: Filter isolcpus Discretes
+ set_fact:
+ isolcpus_discretes: "{{ isolcpus_discretes + [item] }}"
+ with_items: "{{ isolcpus_groups }}"
+ when: ("-" not in item)
+
+ - debug: msg="isolcpus_discretes = {{ isolcpus_discretes }}"
+
+ - name: Build isolcpus List
+ set_fact:
+ isolcpus_list: "{{ isolcpus_list | default([]) | union(isolcpus_discretes) | union([item]) }}"
+ with_sequence: "{{ isolcpus_ranges }}"
+
+ - debug: msg="isolcpus_list = {{ isolcpus_list }}"
+
+ - name: Check isolcpus Total
+ assert:
+ that: "{{ isolcpus_list | length }} <= ansible_processor_vcpus"
+ msg:
+ - Incorrect configuration pertaining isolcpus. Conflicting or improper values detected
+ - The number of isolcpus {{ isolcpus_list | length }}, exceeds total CPUs on target {{ ansible_processor_vcpus }}. Please correct the configuration
+ when: isolcpus is defined
+
+ - name: Check isolcpus IDs
+ assert:
+ that: "item | int <= ansible_processor_vcpus"
+ msg:
+ - Incorrect configuration pertaining isolcpus. Conflicting or improper values detected
+ - The CPU ID {{ item }} set for isolcpus is NOT actually present on target. Please correct the configuration
+ with_items: "{{ isolcpus_list }}"
+ when: isolcpus is defined
#TODO relationship between cmk shared/exclusive cores and isolcpus
diff --git a/sw_config/bmra/patched_rhel_packages.yml b/sw_config/bmra/patched_rhel_packages.yml
index ec54dc9..0107076 100644
--- a/sw_config/bmra/patched_rhel_packages.yml
+++ b/sw_config/bmra/patched_rhel_packages.yml
@@ -175,8 +175,8 @@
- name: update to the latest kernel and kernel headers on the Red Hat OS family
package:
name:
- - kernel
- - kernel-devel
+ - kernel
+ - kernel-devel
state: latest # noqa 403
notify:
- reboot server
@@ -188,15 +188,15 @@
- name: ensure selinux is installed on CentOS/RHEL 7
package:
name:
- - policycoreutils
- - policycoreutils-python
- - selinux-policy
- - selinux-policy-targeted
- - libselinux-utils
- - setools
- - setools-console
- - shtool
- - lshw
+ - policycoreutils
+ - policycoreutils-python
+ - selinux-policy
+ - selinux-policy-targeted
+ - libselinux-utils
+ - setools
+ - setools-console
+ - shtool
+ - lshw
state: present
when:
- ansible_distribution in ["RedHat", "CentOS"]
@@ -224,36 +224,36 @@
- name: install command line tools to collect hardware details
package:
name:
- - hwinfo
- - inxi
- - jq
+ - hwinfo
+ - inxi
+ - jq
state: present
when: ansible_distribution in ["RedHat", "CentOS"]
- name: Add kubic yum repo and install updated version of podman
block:
- - name: disable container-tools module
- # noqa 305 - shell is used intentionally here
- shell: dnf -y module disable container-tools
- - name: enable rhcontainerbot/container-selinux repository
- # noqa 305 - shell is used intentionally here
- shell: dnf -y copr enable rhcontainerbot/container-selinux
- - name: Add kubic yum repo
- yum_repository:
- name: devel_kubic_libcontainers_stable
- description: Stable Releases of Upstream github.com/containers packages (CentOS_$releasever)
- baseurl: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_$releasever/
- gpgcheck: yes
- gpgkey: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_$releasever/repodata/repomd.xml.key
- keepcache: '0'
- - name: install runc
- dnf:
- name: runc
- state: present
- - name: install podman package
- package:
- name: podman
- state: present
+ - name: disable container-tools module
+ # noqa 305 - shell is used intentionally here
+ shell: dnf -y module disable container-tools
+ - name: enable rhcontainerbot/container-selinux repository
+ # noqa 305 - shell is used intentionally here
+ shell: dnf -y copr enable rhcontainerbot/container-selinux
+ - name: Add kubic yum repo
+ yum_repository:
+ name: devel_kubic_libcontainers_stable
+ description: Stable Releases of Upstream github.com/containers packages (CentOS_$releasever)
+ baseurl: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_$releasever/
+ gpgcheck: yes
+ gpgkey: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_$releasever/repodata/repomd.xml.key
+ keepcache: '0'
+ - name: install runc
+ dnf:
+ name: runc
+ state: present
+ - name: install podman package
+ package:
+ name: podman
+ state: present
when:
- ansible_os_family == "RedHat" and ansible_distribution_version >= '8.2'
- '"docker" not in container_runtime'
diff --git a/sw_config/bmra/patched_sriov_cni_install.yml b/sw_config/bmra/patched_sriov_cni_install.yml
index ab0dc52..5ac93e5 100644
--- a/sw_config/bmra/patched_sriov_cni_install.yml
+++ b/sw_config/bmra/patched_sriov_cni_install.yml
@@ -31,10 +31,10 @@
- name: create /opt/cni/bin
file:
- path: "/opt/cni/bin"
- state: directory
- recurse: yes
- mode: 0755
+ path: "/opt/cni/bin"
+ state: directory
+ recurse: yes
+ mode: 0755
- name: install sriov-cni binary to /opt/cni/bin directory
copy:
diff --git a/sw_config/bmra/patched_vfio.yml b/sw_config/bmra/patched_vfio.yml
index f4b7a1d..e79a976 100644
--- a/sw_config/bmra/patched_vfio.yml
+++ b/sw_config/bmra/patched_vfio.yml
@@ -35,7 +35,7 @@
loop_control:
loop_var: vf
extended: yes
- when: ansible_loop.index < (item.sriov_numvfs | default(0) | int )
+ when: ansible_loop.index < (item.sriov_numvfs | default(0) | int )
# get a list of VFs PCI addresses and save the configuration
- name: attach VFs driver