| --- |
| - name: Verify Manditory Variables |
| fail: msg="Variable '{{ item }}' is not defined" |
| when: item not in hostvars[inventory_hostname] |
| with_items: |
| - fabric_ip |
| tags: |
| - interface_config |
| |
| - name: Verify Network Bits on Network Specifications |
| fail: msg="Network specification '{{ item }}' must include network bits" |
| when: "item != 'dhcp' and item != 'manual' and item | match('^([0-9]{1,3}.){3}[0-9]{1,3}$')" |
| with_items: |
| - "{{ compute_node.addresses.fabric }}" |
| - "{{ compute_node.addresses.management }}" |
| - "{{ compute_node.addresses.external }}" |
| |
| - name: Applications |
| become: yes |
| apt: name={{ item }} state=present force=yes |
| with_items: |
| - whois |
| - build-essential=11.6* |
| - git=1:1.9.* |
| - python-pip=1.5.4* |
| - ifenslave-2.6=2.4* |
| - bridge-utils=1.5-* |
| - ethtool=1:3.13* |
| - minicom=2.7* |
| - curl=7.35.* |
| - jq=1.3* |
| |
| - name: Validate Encyrpted Compute Node Password |
| set_fact: |
| already_encrypted: "{{compute_node.password.startswith('enc:')}}" |
| |
| # If the compute_node.password begins with 'enc:' then it is an |
| # encyrpted password, which is what we need so we are done. Thus |
| # if it is not encrypted then we have to encrypt it |
| |
| - name: Encyrpt Compute Node Password |
| command: "mkpasswd --method=sha-512 {{compute_node.password}}" |
| register: encrypted |
| changed_when: false |
| when: "not already_encrypted" |
| |
| - name: Update Compute Node Password |
| set_fact: |
| compute_node_update: |
| password: "enc:{{encrypted.stdout}}" |
| when: "not already_encrypted" |
| |
| - name: Merge Compute Node Properties |
| set_fact: |
| compute_node: "{{compute_node|combine(compute_node_update,recursive=True)}}" |
| when: "not already_encrypted" |
| |
| - name: Ensure Docker Insecure Repository |
| become: yes |
| lineinfile: |
| dest: /etc/default/docker |
| line: 'DOCKER_OPTS="$DOCKER_OPTS --insecure-registry docker-registry:5000"' |
| insertafter: '^DOCKER_OPTS' |
| register: docker_config |
| |
| - name: Ensure Docker Registry Mirror |
| become: yes |
| lineinfile: |
| dest: /etc/default/docker |
| line: 'DOCKER_OPTS="$DOCKER_OPTS --registry-mirror=http://docker-registry:5001"' |
| insertafter: '^DOCKER_OPTS' |
| register: docker_config_mirror |
| |
| - name: Docker Restart |
| become: yes |
| service: |
| name=docker |
| state=restarted |
| when: docker_config.changed or docker_config_mirror.changed |
| |
| - name: Ensure Docker Ansible Support |
| become: yes |
| pip: |
| name: "docker==2.4.2" |
| |
| - name: Set Default Password |
| become: yes |
| user: |
| name: "{{ ansible_user_id }}" |
| password: "{{compute_node.password.split(':',1)[1]}}" |
| when: '"{{ ansible_user_id }}" == "ubuntu"' |
| tags: |
| - set_compute_node_password |
| |
| - name: Authorize SSH Key |
| become: yes |
| authorized_key: |
| key: "{{ pub_ssh_key }}" |
| user: "{{ ansible_user_id }}" |
| state: present |
| |
| - name: Verify Private SSH Key |
| become: yes |
| stat: |
| path=/home/{{ ansible_user_id }}/.ssh/id_rsa |
| register: private_key |
| |
| - name: Ensure SSH Key Pair |
| become: yes |
| copy: |
| src: "{{pub_ssh_key_file_location}}/{{item.src}}" |
| dest: "{{ansible_env['PWD']}}/.ssh/{{item.dest}}" |
| owner: "{{ ansible_user_id }}" |
| group: "docker" |
| mode: "0600" |
| with_items: |
| - { "src": "cord_rsa", "dest": "id_rsa" } |
| - { "src": "cord_rsa.pub", "dest": "id_rsa.pub" } |
| |
| - name: Ensure SSH config |
| become: yes |
| copy: |
| src: "files/{{item}}" |
| dest: "{{ansible_env['PWD']}}/.ssh/{{item}}" |
| owner: "{{ ansible_user_id }}" |
| mode: "0600" |
| with_items: |
| - config |
| |
| - name: Ensure CORD SUDO |
| become: yes |
| copy: |
| src=files/99-cord-sudoers |
| dest=/etc/sudoers.d/99-cord-sudoers |
| owner=root |
| group=root |
| mode="0600" |
| |
| - name: Ensure Utility Scripts |
| become: yes |
| copy: |
| src=files/{{ item }} |
| dest=/usr/local/bin/{{ item }} |
| owner=root |
| group=root |
| mode="0755" |
| with_items: |
| - delete-fabric-config |
| - delete-node-prov-state |
| - docker-ip |
| - fabric-pingall |
| - get-fabric-config |
| - get-node-prov-state |
| - remove-xos-components |
| - remove-maas-components |
| - post-fabric-config |
| - pull-latest-docker-images |
| |
| - name: Verify Mellanox NICs |
| shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c Mellanox || true |
| register: mlnx_nic_present |
| changed_when: False |
| |
| - name: Verify Intel 40Gb NIC |
| shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c -E "XL710 for 40GbE QSFP+|X710 for 10GbE SFP+" || true |
| register: intel_nic_present |
| changed_when: False |
| |
| - name: Verify i40e Driver |
| command: modinfo --field=version i40e |
| register: i40e_version |
| when: intel_nic_present.stdout != "0" |
| changed_when: False |
| failed_when: False |
| tags: |
| - interface_config |
| |
| - name: Verify Mellanox Driver |
| command: modinfo --field=version mlx5_core |
| register: mlnx5_version |
| when: mlnx_nic_present.stdout != "0" |
| changed_when: False |
| failed_when: False |
| tags: |
| - interface_config |
| |
| - name: Update Mellanox Driver |
| include: mlnx_driver.yml |
| when: mlnx_nic_present.stdout != "0" and mlnx5_version.stdout != '4.0-2.0.0' |
| tags: |
| - interface_config |
| |
| - name: Update i40e Driver |
| include: i40e_driver.yml |
| when: intel_nic_present.stdout != "0" and i40e_version.stdout != '1.4.25' |
| tags: |
| - interface_config |
| |
| - name: Load modules at boot |
| become: yes |
| lineinfile: |
| dest: /etc/modules |
| line: "{{ item }}" |
| with_items: |
| - lp |
| - loop |
| - rtc |
| - bonding |
| |
| - name: Ensure Network Configuration |
| become: yes |
| include: networking.yml |
| tags: |
| - interface_config |