David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 1 | --- |
David K. Bainbridge | 8db2f30 | 2016-05-19 23:41:13 -0700 | [diff] [blame] | 2 | - name: Verify Manditory Variables |
| 3 | fail: msg="Variable '{{ item }}' is not defined" |
| 4 | when: item not in hostvars[inventory_hostname] |
| 5 | with_items: |
| 6 | - fabric_ip |
| 7 | tags: |
| 8 | - interface_config |
| 9 | |
David K. Bainbridge | d4a63e0 | 2016-09-14 12:28:00 -0700 | [diff] [blame] | 10 | - name: Verify Network Bits on Network Specifications |
| 11 | fail: msg="Network specification '{{ item }}' must include network bits" |
| 12 | when: "item != 'dhcp' and item != 'manual' and item | match('^([0-9]{1,3}.){3}[0-9]{1,3}$')" |
| 13 | with_items: |
| 14 | - "{{ compute_node.addresses.fabric }}" |
| 15 | - "{{ compute_node.addresses.management }}" |
| 16 | - "{{ compute_node.addresses.external }}" |
| 17 | |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 18 | - name: Applications |
| 19 | become: yes |
David K. Bainbridge | 17248c0 | 2016-08-29 17:04:34 -0700 | [diff] [blame] | 20 | apt: name={{ item }} state=present force=yes |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 21 | with_items: |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 22 | - whois |
David K. Bainbridge | 17248c0 | 2016-08-29 17:04:34 -0700 | [diff] [blame] | 23 | - build-essential=11.6* |
| 24 | - git=1:1.9.* |
| 25 | - python-pip=1.5.4* |
| 26 | - ifenslave-2.6=2.4* |
| 27 | - bridge-utils=1.5-* |
| 28 | - ethtool=1:3.13* |
| 29 | - minicom=2.7* |
| 30 | - curl=7.35.* |
Andy Bavier | d1ff927 | 2016-09-08 17:11:54 -0400 | [diff] [blame] | 31 | - jq=1.3* |
David K. Bainbridge | e9f284d | 2016-05-18 14:13:43 -0700 | [diff] [blame] | 32 | |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 33 | - name: Validate Encyrpted Compute Node Password |
| 34 | set_fact: |
| 35 | already_encrypted: "{{compute_node.password.startswith('enc:')}}" |
| 36 | |
| 37 | # If the compute_node.password begins with 'enc:' then it is an |
| 38 | # encyrpted password, which is what we need so we are done. Thus |
| 39 | # if it is not encrypted then we have to encrypt it |
| 40 | |
| 41 | - name: Encyrpt Compute Node Password |
| 42 | command: "mkpasswd --method=sha-512 {{compute_node.password}}" |
| 43 | register: encrypted |
| 44 | changed_when: false |
| 45 | when: "not already_encrypted" |
| 46 | |
| 47 | - name: Update Compute Node Password |
| 48 | set_fact: |
| 49 | compute_node_update: |
| 50 | password: "enc:{{encrypted.stdout}}" |
| 51 | when: "not already_encrypted" |
| 52 | |
| 53 | - name: Merge Compute Node Properties |
| 54 | set_fact: |
| 55 | compute_node: "{{compute_node|combine(compute_node_update,recursive=True)}}" |
| 56 | when: "not already_encrypted" |
| 57 | |
David K. Bainbridge | 589a08f | 2016-06-15 18:14:18 -0700 | [diff] [blame] | 58 | - name: Ensure Docker Insecure Repository |
| 59 | become: yes |
| 60 | lineinfile: |
| 61 | dest: /etc/default/docker |
| 62 | line: 'DOCKER_OPTS="$DOCKER_OPTS --insecure-registry docker-registry:5000"' |
| 63 | insertafter: '^DOCKER_OPTS' |
| 64 | register: docker_config |
| 65 | |
David K. Bainbridge | fac79ca | 2016-07-28 10:00:44 -0700 | [diff] [blame] | 66 | - name: Ensure Docker Registry Mirror |
| 67 | become: yes |
| 68 | lineinfile: |
| 69 | dest: /etc/default/docker |
| 70 | line: 'DOCKER_OPTS="$DOCKER_OPTS --registry-mirror=http://docker-registry:5001"' |
| 71 | insertafter: '^DOCKER_OPTS' |
| 72 | register: docker_config_mirror |
| 73 | |
David K. Bainbridge | 589a08f | 2016-06-15 18:14:18 -0700 | [diff] [blame] | 74 | - name: Docker Restart |
| 75 | become: yes |
| 76 | service: |
| 77 | name=docker |
| 78 | state=restarted |
David K. Bainbridge | fac79ca | 2016-07-28 10:00:44 -0700 | [diff] [blame] | 79 | when: docker_config.changed or docker_config_mirror.changed |
David K. Bainbridge | 589a08f | 2016-06-15 18:14:18 -0700 | [diff] [blame] | 80 | |
David K. Bainbridge | e9f284d | 2016-05-18 14:13:43 -0700 | [diff] [blame] | 81 | - name: Ensure Docker Ansible Support |
| 82 | become: yes |
| 83 | pip: |
| 84 | name=docker-py |
David K. Bainbridge | 2dd2ddd | 2016-09-06 08:22:52 -0700 | [diff] [blame] | 85 | version=1.9 |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 86 | |
| 87 | - name: Set Default Password |
| 88 | become: yes |
| 89 | user: |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 90 | name: "{{ansible_user}}" |
| 91 | password: "{{compute_node.password.split(':',1)[1]}}" |
David K. Bainbridge | 2a80422 | 2016-05-16 12:36:32 -0700 | [diff] [blame] | 92 | when: '"{{ ansible_user }}" == "ubuntu"' |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 93 | tags: |
| 94 | - set_compute_node_password |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 95 | |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 96 | - name: Authorize SSH Key |
| 97 | become: yes |
| 98 | authorized_key: |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 99 | key: "{{ pub_ssh_key }}" |
| 100 | user: "{{ ansible_user }}" |
| 101 | state: present |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 102 | |
| 103 | - name: Verify Private SSH Key |
| 104 | become: yes |
| 105 | stat: |
David K. Bainbridge | b541504 | 2016-05-13 17:06:10 -0700 | [diff] [blame] | 106 | path=/home/{{ ansible_user }}/.ssh/id_rsa |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 107 | register: private_key |
| 108 | |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 109 | - name: Ensure SSH Key Pair |
| 110 | become: yes |
| 111 | copy: |
| 112 | src: "/etc/maas/.ssh/{{item.src}}" |
| 113 | dest: "{{ansible_env['PWD']}}/.ssh/{{item.dest}}" |
| 114 | owner: "{{ansible_user}}" |
| 115 | group: "docker" |
| 116 | mode: "0600" |
| 117 | with_items: |
| 118 | - { "src": "cord_rsa", "dest": "id_rsa" } |
| 119 | - { "src": "cord_rsa.pub", "dest": "id_rsa.pub" } |
| 120 | |
| 121 | - name: Ensure SSH config |
Andy Bavier | ceab230 | 2016-07-07 09:04:07 -0400 | [diff] [blame] | 122 | become: no |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 123 | copy: |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 124 | src: "files/{{item}}" |
| 125 | dest: "{{ansible_env['PWD']}}/.ssh/{{item}}" |
| 126 | owner: "{{ansible_user}}" |
| 127 | mode: "0600" |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 128 | with_items: |
David K. Bainbridge | 81bda33 | 2016-06-14 22:58:41 -0700 | [diff] [blame] | 129 | - config |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 130 | |
| 131 | - name: Ensure CORD SUDO |
| 132 | become: yes |
| 133 | copy: |
| 134 | src=files/99-cord-sudoers |
| 135 | dest=/etc/sudoers.d/99-cord-sudoers |
| 136 | owner=root |
| 137 | group=root |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 138 | mode="0600" |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 139 | |
David K. Bainbridge | f307101 | 2016-08-04 09:29:55 -0700 | [diff] [blame] | 140 | - name: Ensure Utility Scripts |
| 141 | become: yes |
| 142 | copy: |
| 143 | src=files/{{ item }} |
| 144 | dest=/usr/local/bin/{{ item }} |
| 145 | owner=root |
| 146 | group=root |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 147 | mode="0755" |
David K. Bainbridge | f307101 | 2016-08-04 09:29:55 -0700 | [diff] [blame] | 148 | with_items: |
| 149 | - delete-fabric-config |
| 150 | - delete-node-prov-state |
| 151 | - docker-ip |
| 152 | - fabric-pingall |
| 153 | - get-fabric-config |
| 154 | - get-node-prov-state |
| 155 | - remove-xos-components |
David K. Bainbridge | a677d4e | 2016-09-11 20:01:32 -0700 | [diff] [blame] | 156 | - remove-maas-components |
David K. Bainbridge | 1e4142d | 2016-08-04 10:01:58 -0700 | [diff] [blame] | 157 | - post-fabric-config |
David K. Bainbridge | e80fd39 | 2016-08-19 15:46:19 -0700 | [diff] [blame] | 158 | - pull-latest-docker-images |
David K. Bainbridge | f307101 | 2016-08-04 09:29:55 -0700 | [diff] [blame] | 159 | |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 160 | - name: Verify Mellanox 40Gb NIC |
| 161 | shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c ConnectX-3 || true |
| 162 | register: mlx_nic_present |
David K. Bainbridge | 0820cab | 2016-06-02 17:43:32 -0700 | [diff] [blame] | 163 | changed_when: False |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 164 | |
| 165 | - name: Verify Intel 40Gb NIC |
breezestars | d625aba | 2016-11-21 06:44:38 +0800 | [diff] [blame] | 166 | shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c -E "XL710 for 40GbE QSFP+|X710 for 10GbE SFP+" || true |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 167 | register: intel_nic_present |
David K. Bainbridge | 0820cab | 2016-06-02 17:43:32 -0700 | [diff] [blame] | 168 | changed_when: False |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 169 | |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 170 | - name: Verify i40e Driver |
| 171 | command: modinfo --field=version i40e |
| 172 | register: i40e_version |
David K. Bainbridge | 10a8b98 | 2016-06-28 10:43:44 -0700 | [diff] [blame] | 173 | when: intel_nic_present.stdout != "0" |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 174 | changed_when: False |
David K. Bainbridge | b541504 | 2016-05-13 17:06:10 -0700 | [diff] [blame] | 175 | failed_when: False |
David K. Bainbridge | 4ec841c | 2016-05-11 22:10:15 -0700 | [diff] [blame] | 176 | tags: |
| 177 | - interface_config |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 178 | |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 179 | - name: Verify mlx4 Driver |
| 180 | command: modinfo --field=version mlx4_core |
| 181 | register: mlx4_version |
David K. Bainbridge | 10a8b98 | 2016-06-28 10:43:44 -0700 | [diff] [blame] | 182 | when: mlx_nic_present.stdout != "0" |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 183 | changed_when: False |
| 184 | failed_when: False |
| 185 | tags: |
| 186 | - interface_config |
| 187 | |
| 188 | - name: Update mlx4 Driver |
David K. Bainbridge | 17248c0 | 2016-08-29 17:04:34 -0700 | [diff] [blame] | 189 | include: mlx4_driver.yml |
David K. Bainbridge | 10a8b98 | 2016-06-28 10:43:44 -0700 | [diff] [blame] | 190 | when: mlx_nic_present.stdout != "0" and mlx4_version.stdout != '3.1-1.0.4' |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 191 | tags: |
| 192 | - interface_config |
| 193 | |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 194 | - name: Update i40e Driver |
David K. Bainbridge | 17248c0 | 2016-08-29 17:04:34 -0700 | [diff] [blame] | 195 | include: i40e_driver.yml |
David K. Bainbridge | 10a8b98 | 2016-06-28 10:43:44 -0700 | [diff] [blame] | 196 | when: intel_nic_present.stdout != "0" and i40e_version.stdout != '1.4.25' |
David K. Bainbridge | 4ec841c | 2016-05-11 22:10:15 -0700 | [diff] [blame] | 197 | tags: |
| 198 | - interface_config |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 199 | |
alshabib | 54cdbb2 | 2016-06-03 16:37:01 -0700 | [diff] [blame] | 200 | - name: Load modules at boot |
| 201 | become: yes |
| 202 | lineinfile: |
| 203 | dest: /etc/modules |
| 204 | line: "{{ item }}" |
| 205 | with_items: |
| 206 | - lp |
| 207 | - loop |
| 208 | - rtc |
| 209 | - bonding |
| 210 | |
David K. Bainbridge | a677d4e | 2016-09-11 20:01:32 -0700 | [diff] [blame] | 211 | - name: Ensure Network Configuration |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 212 | become: yes |
David K. Bainbridge | a677d4e | 2016-09-11 20:01:32 -0700 | [diff] [blame] | 213 | include: networking.yml |
David K. Bainbridge | 4ec841c | 2016-05-11 22:10:15 -0700 | [diff] [blame] | 214 | tags: |
| 215 | - interface_config |