From 8735b02dbece1dc969da78ed46234db9a9572cb5 Mon Sep 17 00:00:00 2001 From: mohammad Date: Fri, 20 Dec 2024 14:34:54 -0500 Subject: [PATCH 1/4] Pin kernel version and disable unattended-upgrades --- ansible/roles/host_setup/tasks/main.yml | 6 ++ ansible/roles/host_setup/tasks/pin_kernel.yml | 73 +++++++++++++++++++ ansible/roles/host_setup/vars/debian.yml | 2 + ansible/roles/host_setup/vars/ubuntu.yml | 2 + 4 files changed, 83 insertions(+) create mode 100644 ansible/roles/host_setup/tasks/pin_kernel.yml diff --git a/ansible/roles/host_setup/tasks/main.yml b/ansible/roles/host_setup/tasks/main.yml index 2e5f16a0..b92c4bd8 100644 --- a/ansible/roles/host_setup/tasks/main.yml +++ b/ansible/roles/host_setup/tasks/main.yml @@ -82,6 +82,12 @@ tags: - always +- name: Pin kernel version and disable unattended-upgrades + include_tasks: pin_kernel.yml + when: ansible_facts['os_family'] | lower == 'debian' + tags: + - always + - name: Update package cache apt: update_cache: true diff --git a/ansible/roles/host_setup/tasks/pin_kernel.yml b/ansible/roles/host_setup/tasks/pin_kernel.yml new file mode 100644 index 00000000..136a1ec0 --- /dev/null +++ b/ansible/roles/host_setup/tasks/pin_kernel.yml @@ -0,0 +1,73 @@ +--- +# Copyright 2024, Rackspace Technology, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Check Kernel Version + fail: + msg: > + Wrong kernel Version found + [ {{ ansible_facts['kernel'] }} < {{ host_required_kernel }} ] + Resolve this issue before continuing. + when: + - ansible_facts['kernel'] is version(host_required_kernel, '<') + +- name: Pin kernel packages version + copy: + dest: "{{ apt_preferences }}/pin-kernel" + content: | + Package: linux-image-{{ ansible_facts['kernel'] }} + Pin: release * + Pin-Priority: 1001 + + Package: linux-headers-{{ ansible_facts['kernel'] }} + Pin: release * + Pin-Priority: 1001 + + Package: linux-modules-{{ ansible_facts['kernel'] }} + Pin: release * + Pin-Priority: 1001 + + Package: linux-image-* + Pin: release * + Pin-Priority: -1 + + Package: linux-headers-* + Pin: release * + Pin-Priority: -1 + + Package: linux-modules-* + Pin: release * + Pin-Priority: -1 + mode: '0644' + when: + - ansible_facts['kernel'] is version(host_required_kernel, '<') + +- name: Disable unattended-upgrades + ansible.builtin.lineinfile: + path: "{{ apt_config_dir }}/20auto-upgrades" + regexp: "^APT::Periodic::{{ item.key }}" + line: "APT::Periodic::{{ item.key }} \"{{ item.value }}\";" + create: true + mode: '0644' + loop: + - { key: "Update-Package-Lists", value: "0" } + - { key: "Download-Upgradeable-Packages", value: "0" } + - { key: "AutocleanInterval", value: "0" } + - { key: "Unattended-Upgrade", value: "0" } + + +- name: Ensure unattended-upgrades package is removed + ansible.builtin.apt: + name: unattended-upgrades + state: absent diff --git a/ansible/roles/host_setup/vars/debian.yml b/ansible/roles/host_setup/vars/debian.yml index 4d7fd12d..f0bc7b73 100644 --- a/ansible/roles/host_setup/vars/debian.yml +++ b/ansible/roles/host_setup/vars/debian.yml @@ -6,6 +6,8 @@ host_sysstat_file: /etc/default/sysstat host_sysstat_cron_file: /etc/cron.d/sysstat host_cron_template: sysstat.cron.debian.j2 host_module_file: /etc/modules +apt_preferences: /etc/apt/preferences.d +apt_config_dir: /etc/apt/apt.conf.d ## Kernel modules loaded on hosts host_kernel_modules: diff --git a/ansible/roles/host_setup/vars/ubuntu.yml b/ansible/roles/host_setup/vars/ubuntu.yml index bdd0bf21..5af0bfdd 100644 --- a/ansible/roles/host_setup/vars/ubuntu.yml +++ b/ansible/roles/host_setup/vars/ubuntu.yml @@ -6,6 +6,8 @@ host_sysstat_file: /etc/default/sysstat host_sysstat_cron_file: /etc/cron.d/sysstat host_cron_template: sysstat.cron.debian.j2 host_module_file: /etc/modules +apt_preferences: /etc/apt/preferences.d +apt_config_dir: /etc/apt/apt.conf.d ## Kernel modules loaded on hosts host_kernel_modules: From fb663367d16660462776ed86dd09bc67e7ddac36 Mon Sep 17 00:00:00 2001 From: mohammad Date: Fri, 20 Dec 2024 14:35:15 -0500 Subject: [PATCH 2/4] Set CPU frequency governor to performance --- .../roles/host_setup/tasks/CPU_frequency.yml | 33 +++++++++++++++++++ ansible/roles/host_setup/tasks/main.yml | 5 ++- 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 ansible/roles/host_setup/tasks/CPU_frequency.yml diff --git a/ansible/roles/host_setup/tasks/CPU_frequency.yml b/ansible/roles/host_setup/tasks/CPU_frequency.yml new file mode 100644 index 00000000..dd7a909e --- /dev/null +++ b/ansible/roles/host_setup/tasks/CPU_frequency.yml @@ -0,0 +1,33 @@ +--- +# Copyright 2024, Rackspace Technology, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +- name: Ensure cpupower is installed + ansible.builtin.apt: + name: "linux-tools-{{ ansible_facts['kernel'] }}" + state: present + +- name: Set CPU frequency governor to performance + ansible.builtin.command: + cmd: "/usr/bin/cpupower frequency-set -g performance" + changed_when: true + when: + - ansible_facts['kernel'] is version(host_required_kernel, '>=') + +- name: Disable CPU idle state 2 + ansible.builtin.command: + cmd: "/usr/bin/cpupower idle-set -d 2" + changed_when: true + when: + - ansible_facts['kernel'] is version(host_required_kernel, '>=') diff --git a/ansible/roles/host_setup/tasks/main.yml b/ansible/roles/host_setup/tasks/main.yml index b92c4bd8..cca457cd 100644 --- a/ansible/roles/host_setup/tasks/main.yml +++ b/ansible/roles/host_setup/tasks/main.yml @@ -94,6 +94,10 @@ cache_valid_time: 600 when: ansible_facts['os_family'] | lower == 'debian' +- name: Set CPU frequency governor to performance + include_tasks: CPU_frequency.yml + when: ansible_facts['os_family'] | lower == 'debian' + - name: Install distro packages package: name: "{{ host_distro_packages }}" @@ -115,4 +119,3 @@ until: install_packages is success retries: 5 delay: 2 - From 1281392b90dcd0a226cd70703d0e97c310747301 Mon Sep 17 00:00:00 2001 From: mohammad Date: Thu, 2 Jan 2025 15:52:57 -0500 Subject: [PATCH 3/4] Use tuneD instead of cpupower for CPU governor --- .../roles/host_setup/tasks/CPU_frequency.yml | 28 +++++++++++-------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/ansible/roles/host_setup/tasks/CPU_frequency.yml b/ansible/roles/host_setup/tasks/CPU_frequency.yml index dd7a909e..c25589f5 100644 --- a/ansible/roles/host_setup/tasks/CPU_frequency.yml +++ b/ansible/roles/host_setup/tasks/CPU_frequency.yml @@ -13,21 +13,27 @@ # See the License for the specific language governing permissions and # limitations under the License. -- name: Ensure cpupower is installed +- name: Ensure TuneD is installed ansible.builtin.apt: - name: "linux-tools-{{ ansible_facts['kernel'] }}" + name: tuned state: present -- name: Set CPU frequency governor to performance +- name: Ensure TuneD service is enabled and started + ansible.builtin.systemd: + name: tuned + enabled: true + state: started + +- name: Apply throughput-performance profile using tuned-adm ansible.builtin.command: - cmd: "/usr/bin/cpupower frequency-set -g performance" + cmd: "/usr/sbin/tuned-adm profile throughput-performance" changed_when: true - when: - - ansible_facts['kernel'] is version(host_required_kernel, '>=') -- name: Disable CPU idle state 2 +- name: Verify active TuneD profile ansible.builtin.command: - cmd: "/usr/bin/cpupower idle-set -d 2" - changed_when: true - when: - - ansible_facts['kernel'] is version(host_required_kernel, '>=') + cmd: "/usr/sbin/tuned-adm active" + register: tuned_active + +- name: Show active TuneD profile + ansible.builtin.debug: + msg: "{{ tuned_active.stdout }}" From f84c0e0c31165990e9b4e71d1094608f0c5c3799 Mon Sep 17 00:00:00 2001 From: mohammad Date: Mon, 6 Jan 2025 17:17:27 -0500 Subject: [PATCH 4/4] Refresh ansible fact before pinning the kernel --- ansible/roles/host_setup/tasks/pin_kernel.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ansible/roles/host_setup/tasks/pin_kernel.yml b/ansible/roles/host_setup/tasks/pin_kernel.yml index 136a1ec0..c16d6151 100644 --- a/ansible/roles/host_setup/tasks/pin_kernel.yml +++ b/ansible/roles/host_setup/tasks/pin_kernel.yml @@ -13,6 +13,10 @@ # See the License for the specific language governing permissions and # limitations under the License. +- name: Refresh specific kernel facts + ansible.builtin.setup: + filter: "ansible_kernel" + - name: Check Kernel Version fail: msg: >