Gitiles
Code Review Sign In
gerrit.opencord.org / maas / 71a945bc819c956fa48a4fd427af3e7bd6c9d12b / . / roles / compute-node / tasks / main.yml
blob: 8ee67f2d5f89c29c9fc98cd900f5b6347e190a43 [file] [log] [blame]
Jonathan Hart93956f52017-08-22 13:12:42 -0700[diff] [blame]1
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]17---
David K. Bainbridge8db2f302016-05-19 23:41:13 -0700[diff] [blame]18- name: Verify Manditory Variables
19 fail: msg="Variable '{{ item }}' is not defined"
20 when: item not in hostvars[inventory_hostname]
21 with_items:
22 - fabric_ip
23 tags:
24 - interface_config
25
David K. Bainbridged4a63e02016-09-14 12:28:00 -0700[diff] [blame]26- name: Verify Network Bits on Network Specifications
27 fail: msg="Network specification '{{ item }}' must include network bits"
28 when: "item != 'dhcp' and item != 'manual' and item | match('^([0-9]{1,3}.){3}[0-9]{1,3}$')"
29 with_items:
30 - "{{ compute_node.addresses.fabric }}"
31 - "{{ compute_node.addresses.management }}"
32 - "{{ compute_node.addresses.external }}"
33
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]34- name: Applications
35 become: yes
David K. Bainbridge17248c02016-08-29 17:04:34 -0700[diff] [blame]36 apt: name={{ item }} state=present force=yes
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]37 with_items:
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]38 - whois
David K. Bainbridge17248c02016-08-29 17:04:34 -0700[diff] [blame]39 - build-essential=11.6*
40 - git=1:1.9.*
41 - python-pip=1.5.4*
42 - ifenslave-2.6=2.4*
43 - bridge-utils=1.5-*
44 - ethtool=1:3.13*
45 - minicom=2.7*
46 - curl=7.35.*
Andy Bavierd1ff9272016-09-08 17:11:54 -0400[diff] [blame]47 - jq=1.3*
David K. Bainbridgee9f284d2016-05-18 14:13:43 -0700[diff] [blame]48
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]49- name: Validate Encyrpted Compute Node Password
50 set_fact:
51 already_encrypted: "{{compute_node.password.startswith('enc:')}}"
52
53# If the compute_node.password begins with 'enc:' then it is an
54# encyrpted password, which is what we need so we are done. Thus
55# if it is not encrypted then we have to encrypt it
56
57- name: Encyrpt Compute Node Password
58 command: "mkpasswd --method=sha-512 {{compute_node.password}}"
59 register: encrypted
60 changed_when: false
61 when: "not already_encrypted"
62
63- name: Update Compute Node Password
64 set_fact:
65 compute_node_update:
66 password: "enc:{{encrypted.stdout}}"
67 when: "not already_encrypted"
68
69- name: Merge Compute Node Properties
70 set_fact:
71 compute_node: "{{compute_node|combine(compute_node_update,recursive=True)}}"
72 when: "not already_encrypted"
73
David K. Bainbridge589a08f2016-06-15 18:14:18 -0700[diff] [blame]74- name: Ensure Docker Insecure Repository
75 become: yes
76 lineinfile:
77 dest: /etc/default/docker
78 line: 'DOCKER_OPTS="$DOCKER_OPTS --insecure-registry docker-registry:5000"'
79 insertafter: '^DOCKER_OPTS'
80 register: docker_config
81
David K. Bainbridgefac79ca2016-07-28 10:00:44 -0700[diff] [blame]82- name: Ensure Docker Registry Mirror
83 become: yes
84 lineinfile:
85 dest: /etc/default/docker
86 line: 'DOCKER_OPTS="$DOCKER_OPTS --registry-mirror=http://docker-registry:5001"'
87 insertafter: '^DOCKER_OPTS'
88 register: docker_config_mirror
89
David K. Bainbridge589a08f2016-06-15 18:14:18 -0700[diff] [blame]90- name: Docker Restart
91 become: yes
92 service:
93 name=docker
94 state=restarted
David K. Bainbridgefac79ca2016-07-28 10:00:44 -0700[diff] [blame]95 when: docker_config.changed or docker_config_mirror.changed
David K. Bainbridge589a08f2016-06-15 18:14:18 -0700[diff] [blame]96
David K. Bainbridgee9f284d2016-05-18 14:13:43 -0700[diff] [blame]97- name: Ensure Docker Ansible Support
98 become: yes
99 pip:
Zack Williams6fe46372017-06-29 08:30:21 -0700[diff] [blame]100 name: "docker==2.4.2"
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]101
102- name: Set Default Password
103 become: yes
104 user:
Zack Williams642388d2017-04-12 22:39:15 -0700[diff] [blame]105 name: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]106 password: "{{compute_node.password.split(':',1)[1]}}"
Zack Williams642388d2017-04-12 22:39:15 -0700[diff] [blame]107 when: '"{{ ansible_user_id }}" == "ubuntu"'
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]108 tags:
109 - set_compute_node_password
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]110
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]111- name: Authorize SSH Key
112 become: yes
113 authorized_key:
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]114 key: "{{ pub_ssh_key }}"
Zack Williams642388d2017-04-12 22:39:15 -0700[diff] [blame]115 user: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]116 state: present
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]117
118- name: Verify Private SSH Key
119 become: yes
120 stat:
Zack Williams642388d2017-04-12 22:39:15 -0700[diff] [blame]121 path=/home/{{ ansible_user_id }}/.ssh/id_rsa
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]122 register: private_key
123
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]124- name: Ensure SSH Key Pair
125 become: yes
126 copy:
David K. Bainbridge0a7cdbb2017-07-14 11:36:13 -0700[diff] [blame]127 src: "{{pub_ssh_key_file_location}}/{{item.src}}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]128 dest: "{{ansible_env['PWD']}}/.ssh/{{item.dest}}"
Zack Williams642388d2017-04-12 22:39:15 -0700[diff] [blame]129 owner: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]130 group: "docker"
131 mode: "0600"
132 with_items:
Andy Bavier4ae79c92017-07-27 13:02:11 -0700[diff] [blame]133 - { "src": "cord_rsa", "dest": "cord_rsa" }
134 - { "src": "cord_rsa.pub", "dest": "cord_rsa.pub" }
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]135
136- name: Ensure SSH config
Zack Williamse2212a52017-04-28 12:36:25 -0700[diff] [blame]137 become: yes
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]138 copy:
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]139 src: "files/{{item}}"
140 dest: "{{ansible_env['PWD']}}/.ssh/{{item}}"
Zack Williams642388d2017-04-12 22:39:15 -0700[diff] [blame]141 owner: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]142 mode: "0600"
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]143 with_items:
David K. Bainbridge81bda332016-06-14 22:58:41 -0700[diff] [blame]144 - config
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]145
146- name: Ensure CORD SUDO
147 become: yes
148 copy:
149 src=files/99-cord-sudoers
150 dest=/etc/sudoers.d/99-cord-sudoers
151 owner=root
152 group=root
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]153 mode="0600"
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]154
David K. Bainbridgef3071012016-08-04 09:29:55 -0700[diff] [blame]155- name: Ensure Utility Scripts
156 become: yes
157 copy:
158 src=files/{{ item }}
159 dest=/usr/local/bin/{{ item }}
160 owner=root
161 group=root
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]162 mode="0755"
David K. Bainbridgef3071012016-08-04 09:29:55 -0700[diff] [blame]163 with_items:
164 - delete-fabric-config
165 - delete-node-prov-state
166 - docker-ip
167 - fabric-pingall
168 - get-fabric-config
169 - get-node-prov-state
170 - remove-xos-components
David K. Bainbridgea677d4e2016-09-11 20:01:32 -0700[diff] [blame]171 - remove-maas-components
David K. Bainbridge1e4142d2016-08-04 10:01:58 -0700[diff] [blame]172 - post-fabric-config
David K. Bainbridgee80fd392016-08-19 15:46:19 -0700[diff] [blame]173 - pull-latest-docker-images
David K. Bainbridgef3071012016-08-04 09:29:55 -0700[diff] [blame]174
Amir Zeidner34380a52017-04-26 10:48:44 +0300[diff] [blame]175- name: Verify Mellanox NICs
176 shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c Mellanox || true
177 register: mlnx_nic_present
David K. Bainbridge0820cab2016-06-02 17:43:32 -0700[diff] [blame]178 changed_when: False
alshabibe16ef4c2016-05-27 17:13:23 -0700[diff] [blame]179
180- name: Verify Intel 40Gb NIC
breezestarsd625aba2016-11-21 06:44:38 +0800[diff] [blame]181 shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c -E "XL710 for 40GbE QSFP+|X710 for 10GbE SFP+" || true
alshabibe16ef4c2016-05-27 17:13:23 -0700[diff] [blame]182 register: intel_nic_present
David K. Bainbridge0820cab2016-06-02 17:43:32 -0700[diff] [blame]183 changed_when: False
alshabibe16ef4c2016-05-27 17:13:23 -0700[diff] [blame]184
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]185- name: Verify i40e Driver
186 command: modinfo --field=version i40e
187 register: i40e_version
David K. Bainbridge10a8b982016-06-28 10:43:44 -0700[diff] [blame]188 when: intel_nic_present.stdout != "0"
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]189 changed_when: False
David K. Bainbridgeb5415042016-05-13 17:06:10 -0700[diff] [blame]190 failed_when: False
David K. Bainbridge4ec841c2016-05-11 22:10:15 -0700[diff] [blame]191 tags:
192 - interface_config
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]193
Amir Zeidner34380a52017-04-26 10:48:44 +0300[diff] [blame]194- name: Verify Mellanox Driver
195 command: modinfo --field=version mlx5_core
196 register: mlnx5_version
197 when: mlnx_nic_present.stdout != "0"
alshabibe16ef4c2016-05-27 17:13:23 -0700[diff] [blame]198 changed_when: False
199 failed_when: False
200 tags:
201 - interface_config
202
Amir Zeidner34380a52017-04-26 10:48:44 +0300[diff] [blame]203- name: Update Mellanox Driver
204 include: mlnx_driver.yml
205 when: mlnx_nic_present.stdout != "0" and mlnx5_version.stdout != '4.0-2.0.0'
alshabibe16ef4c2016-05-27 17:13:23 -0700[diff] [blame]206 tags:
207 - interface_config
208
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]209- name: Update i40e Driver
David K. Bainbridge17248c02016-08-29 17:04:34 -0700[diff] [blame]210 include: i40e_driver.yml
David K. Bainbridge10a8b982016-06-28 10:43:44 -0700[diff] [blame]211 when: intel_nic_present.stdout != "0" and i40e_version.stdout != '1.4.25'
David K. Bainbridge4ec841c2016-05-11 22:10:15 -0700[diff] [blame]212 tags:
213 - interface_config
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]214
alshabib54cdbb22016-06-03 16:37:01 -0700[diff] [blame]215- name: Load modules at boot
216 become: yes
217 lineinfile:
218 dest: /etc/modules
219 line: "{{ item }}"
220 with_items:
221 - lp
222 - loop
223 - rtc
224 - bonding
225
David K. Bainbridgea677d4e2016-09-11 20:01:32 -0700[diff] [blame]226- name: Ensure Network Configuration
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]227 become: yes
David K. Bainbridgea677d4e2016-09-11 20:01:32 -0700[diff] [blame]228 include: networking.yml
David K. Bainbridge4ec841c2016-05-11 22:10:15 -0700[diff] [blame]229 tags:
230 - interface_config