Merge branch 'devel' into devel

appliance/input_config.yml

@@ -0,0 +1,39 @@
+#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# Password used while deploying OS on bare metal servers and for Cobbler UI.
+# The Length of the password should be atleast 8.
+# The password must not contain -,\, ',"
+provision_password: ""
+
+# Password used for the AWX UI.
+# The Length of the password should be atleast 8.
+# The password must not contain -,\, ',"
+awx_password: ""
+
+# Password used for Slurm database.
+# The Length of the password should be atleast 8.
+# The password must not contain -,\, ',"
+mariadb_password: ""
+
+# The nic/ethernet card that needs to be connected to the HPC switch.
+# This nic will be configured by Omnia for the DHCP server.
+# Default value of nic is em1.
+hpc_nic: "em1"
+
+# The nic card that needs to be connected to the public internet.
+# The public_nic should be em2, em1 or em3
+# Default value of nic is em2.
+public_nic: "em2"

appliance/roles/common/tasks/docker_installation.yml

@@ -30,8 +30,8 @@
 
 - name: Install docker
   package:
-    name: "{{ container_repo_install }}" 
-    state: latest
+    name: "{{ container_repo_install }}"
+    state: present
   become: yes
   tags: install
 
@@ -43,6 +43,18 @@
   become: yes
   tags: install
 
+- name: Uninstall docker-py using pip
+  pip:
+    name: ['docker-py','docker']
+    state: absent
+  tags: install
+
+- name: Install docker using pip
+  pip:
+    name: docker
+    state: present
+  tags: install
+
 - name: Installation using python3
   pip:
     name: "{{ docker_compose }}"
@@ -57,5 +69,5 @@
 
 - name: Restart docker
   service:
-    name: docker 
+    name: docker
     state: restarted

appliance/roles/common/tasks/main.yml

@@ -12,6 +12,9 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
+- name: Mount Path
+  set_fact:
+    mount_path: "{{ role_path + '/../../..'  }}"
 
 - name: Pre-requisite validation
   import_tasks: pre_requisite.yml
@@ -26,4 +29,7 @@
   import_tasks: docker_installation.yml
 
 - name: Docker volume creation
-  import_tasks: docker_volume.yml
+  import_tasks: docker_volume.yml
+
+- name: Basic Configuration
+  import_tasks: password_config.yml

appliance/roles/common/tasks/package_installation.yml

@@ -16,5 +16,5 @@
 - name: Install packages
   package:
     name: "{{ common_packages }}"
-    state: latest
+    state: present
   tags: install

appliance/roles/common/tasks/password_config.yml

@@ -0,0 +1,117 @@
+# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check input config file is encrypted
+  command: cat {{ input_config_filename }}
+  changed_when: false
+  register: config_content
+
+- name: Decrpyt input_config.yml
+  command: ansible-vault decrypt {{ input_config_filename }} --vault-password-file {{ role_path }}/files/{{ vault_filename }}
+  changed_when: false
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+
+- name: Include variable file input_config.yml
+  include_vars: "{{ input_config_filename }}"
+
+- name: Validate input parameters are not empty
+  fail:
+    msg: "{{ input_config_failure_msg }}"
+  register: input_config_check
+  when: (provision_password | length < 1) or (awx_password | length < 1) or (mariadb_password | length < 1) or (hpc_nic | length < 1) or (public_nic | length < 1)
+
+- name: Save input variables from file
+  set_fact:
+    cobbler_password: "{{ provision_password }}"
+    admin_password: "{{ awx_password }}"
+    input_mariadb_password: "{{ mariadb_password }}"
+    nic:  "{{ hpc_nic }}"
+    internet_nic: "{{ public_nic }}"
+
+- name: Assert provision_password
+  assert:
+    that:
+      - cobbler_password | length > min_length | int - 1
+      - cobbler_password | length < max_length | int + 1
+      - '"-" not in cobbler_password '
+      - '"\\" not in cobbler_password '
+      - '"\"" not in cobbler_password '
+      - " \"'\" not in cobbler_password "
+    success_msg: "{{ success_msg_provision_password }}"
+    fail_msg: "{{ fail_msg_provision_password }}"
+  register: cobbler_password_check
+
+- name: Assert awx_password
+  assert:
+    that:
+        - admin_password | length > min_length | int - 1
+        - admin_password | length < max_length | int + 1
+        - '"-" not in admin_password '
+        - '"\\" not in admin_password '
+        - '"\"" not in admin_password '
+        - " \"'\" not in admin_password "
+    success_msg: "{{ success_msg_awx_password }}"
+    fail_msg: "{{ fail_msg_awx_password }}"
+  register: awx_password_check
+
+- name: Assert mariadb_password
+  assert:
+    that:
+        - input_mariadb_password | length > min_length | int - 1
+        - input_mariadb_password | length < max_length | int + 1
+        - '"-" not in input_mariadb_password '
+        - '"\\" not in input_mariadb_password '
+        - '"\"" not in input_mariadb_password '
+        - " \"'\" not in input_mariadb_password "
+    success_msg: "{{ success_msg_mariadb_password }}"
+    fail_msg: "{{ fail_msg_mariadb_password }}"
+  register: mariadb_password_check
+
+- name: Assert hpc_nic
+  assert:
+    that:
+      - nic | length > nic_min_length | int - 1
+      - nic != internet_nic
+    success_msg: "{{ success_msg_hpc_nic }}"
+    fail_msg: "{{ fail_msg_hpc_nic }}"
+  register: hpc_nic_check
+
+- name: Assert public_nic
+  assert:
+    that:
+      - internet_nic | length > nic_min_length | int - 1
+      - nic != internet_nic
+      - "('em1' in internet_nic) or ('em2' in internet_nic) or ('em3' in internet_nic)"
+    success_msg: "{{ success_msg_public_nic }}"
+    fail_msg: "{{ fail_msg_public_nic }}"
+  register: public_nic_check
+
+- name: Create ansible vault key
+  set_fact:
+    vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
+  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
+
+- name: Save vault key
+  copy:
+    dest: "{{ role_path }}/files/{{ vault_filename }}"
+    content: |
+      {{ vault_key }}
+    owner: root
+    force: yes
+  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
+
+- name: Encrypt input config file
+  command: ansible-vault encrypt {{ input_config_filename }} --vault-password-file {{ role_path }}/files/{{ vault_filename }}
+  changed_when: false

appliance/roles/common/tasks/pre_requisite.yml

@@ -20,8 +20,8 @@
     replace: 'log_path = /var/log/omnia.log'
   tags: install
 
-- name: Check OS support 
-  fail: 
+- name: Check OS support
+  fail:
     msg: "{{ os_status }}"
   when: not(ansible_distribution == os_name and ansible_distribution_version >= os_version)
   register: os_value
@@ -33,7 +33,7 @@
   tags: install
 
 - name: Status of SElinux
-  fail: 
+  fail:
     msg: "{{ selinux_status }}"
   when: ansible_selinux.status != 'disabled'
   register: selinux_value

appliance/roles/common/vars/main.yml

@@ -15,7 +15,7 @@
 
 # vars file for common
 
-# Usage: tasks/package_installation.yml
+# Usage: package_installation.yml
 common_packages:
   - epel-release
   - yum-utils
@@ -25,23 +25,27 @@ common_packages:
   - nodejs
   - device-mapper-persistent-data
   - bzip2
+  - python2-pip
   - python3-pip
   - nano
   - lvm2
   - gettext
+  - python-docker
 
-# Usage: tasks/pre_requisite.yml
+# Usage: pre_requisite.yml
 internet_delay: 0
 internet_timeout: 1
 hostname: github.com
 port_no: 22
 os_name: CentOS
-os_version: '8' 
-internet_status: "Failed:No Internet connection.Connect to Internet."
+os_version: '7.9' 
+internet_status: "Failed: No Internet connection.Connect to Internet."
 os_status: "Unsupported OS or OS version.OS must be {{ os_name }} and Version must be {{ os_version }} or more"
 selinux_status: "SElinux is not disabled. Disable it in /etc/sysconfig/selinux and reboot the system"
+iso_name: CentOS-7-x86_64-Minimal-2009.iso
+iso_fail: "Iso file absent: Download and copy the iso file in omnia/appliance/roles/provision/files"
 
-# Usage: tasks/docker_installation.yml
+# Usage: docker_installation.yml
 docker_repo_url: https://download.docker.com/linux/centos/docker-ce.repo
 docker_repo_dest: /etc/yum.repos.d/docker-ce.repo
 success: '0'
@@ -50,5 +54,23 @@ container_repo_install: docker-ce
 docker_compose: docker-compose
 daemon_dest: /etc/docker/
 
-# Usage: tasks/docker_volume.yml
-docker_volume_name: omnia-storage
+# Usage: docker_volume.yml
+docker_volume_name: omnia-storage
+
+# Usage: password_config.yml
+input_config_filename: "input_config.yml"
+fail_msg_provision_password: "Failed. Incorrect provision_password format provided in input_config.yml file"
+success_msg_provision_password: "provision_password validated"
+fail_msg_awx_password: "Failed. Incorrect awx_password format provided in input_config.yml file"
+success_msg_awx_password: "awx_password validated"
+fail_msg_mariadb_password: "Failed. Incorrect mariadb_password format provided in input_config.yml file"
+success_msg_mariadb_password: "mariadb_password validated"
+fail_msg_hpc_nic: "Failed. Incorrect hpc_nic format provided in input_config.yml file"
+success_msg_hpc_nic: "hpc_nic validated"
+fail_msg_public_nic: "Failed. Incorrect public_nic format provided in input_config.yml file"
+success_msg_public_nic: "public_nic validated"
+input_config_failure_msg: "Please provide all the required parameters in input_config.yml"
+min_length: 8
+max_length: 30
+nic_min_length: 3
+vault_filename: .vault_key

appliance/roles/provision/files/Dockerfile

@@ -15,19 +15,21 @@ RUN yum install -y \
   cobbler-web \
   ansible \
   pykickstart \
+  cronie \
   debmirror \
   curl \
-  wget \
   rsync \
   httpd\
-  dhcp\
+  dhcp \
   dnsmasq\
   xinetd \
   net-tools \
   memtest86+ \
   && yum clean all \
   &&  rm -rf /var/cache/yum
 
+RUN mkdir /root/omnia
+
 #Copy Configuration files
 COPY settings /etc/cobbler/settings
 COPY dhcp.template  /etc/cobbler/dhcp.template
@@ -36,7 +38,9 @@ COPY modules.conf  /etc/cobbler/modules.conf
 COPY tftp /etc/xinetd.d/tftp
 COPY .users.digest /etc/cobbler/users.digest
 COPY kickstart.yml /root
-COPY centos8.ks /var/lib/cobbler/kickstarts
+COPY tftp.yml /root
+COPY inventory_creation.yml /root
+COPY centos7.ks /var/lib/cobbler/kickstarts
 COPY first-sync.sh /usr/local/bin/first-sync.sh
 
 EXPOSE 69 80 443 25151
@@ -48,6 +52,4 @@ RUN systemctl enable httpd
 RUN systemctl enable rsyncd
 RUN systemctl enable dnsmasq
 
-#RUN ansible-playbook /root/kickstart.yml
-
 CMD ["sbin/init"]

appliance/roles/provision/files/ifcfg-eno1 → appliance/roles/provision/files/ifcfg-em1

@@ -9,9 +9,9 @@ IPV6_AUTOCONF=yes
 IPV6_DEFROUTE=yes
 IPV6_FAILURE_FATAL=no
 IPV6_ADDR_GEN_MODE=stable-privacy
-NAME=eno1
-UUID=468847a9-d146-4062-813b-85f74ffd6e2a
-DEVICE=eno1
+NAME=em1
+UUID=485d7133-2c49-462d-bbb4-b854fe98e0fe
+DEVICE=em1
 ONBOOT=yes
 IPV6_PRIVACY=no
 IPADDR=172.17.0.1