Gitiles
Code Review Sign In
gerrit.opencord.org / maas / 34380a55a5cafb9c3008f27dc927da4d974a178c / . / roles / compute-node / tasks / main.yml
blob: 57c120fd70a7ee6e0e5d1ab83082adbe5e539654 [file] [log] [blame]
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]1---
David K. Bainbridge8db2f302016-05-19 23:41:13 -0700[diff] [blame]2- name: Verify Manditory Variables
3 fail: msg="Variable '{{ item }}' is not defined"
4 when: item not in hostvars[inventory_hostname]
5 with_items:
6 - fabric_ip
7 tags:
8 - interface_config
9
David K. Bainbridged4a63e02016-09-14 12:28:00 -0700[diff] [blame]10- name: Verify Network Bits on Network Specifications
11 fail: msg="Network specification '{{ item }}' must include network bits"
12 when: "item != 'dhcp' and item != 'manual' and item | match('^([0-9]{1,3}.){3}[0-9]{1,3}$')"
13 with_items:
14 - "{{ compute_node.addresses.fabric }}"
15 - "{{ compute_node.addresses.management }}"
16 - "{{ compute_node.addresses.external }}"
17
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]18- name: Applications
19 become: yes
David K. Bainbridge17248c02016-08-29 17:04:34 -0700[diff] [blame]20 apt: name={{ item }} state=present force=yes
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]21 with_items:
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]22 - whois
David K. Bainbridge17248c02016-08-29 17:04:34 -0700[diff] [blame]23 - build-essential=11.6*
24 - git=1:1.9.*
25 - python-pip=1.5.4*
26 - ifenslave-2.6=2.4*
27 - bridge-utils=1.5-*
28 - ethtool=1:3.13*
29 - minicom=2.7*
30 - curl=7.35.*
Andy Bavierd1ff9272016-09-08 17:11:54 -0400[diff] [blame]31 - jq=1.3*
David K. Bainbridgee9f284d2016-05-18 14:13:43 -0700[diff] [blame]32
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]33- name: Validate Encyrpted Compute Node Password
34 set_fact:
35 already_encrypted: "{{compute_node.password.startswith('enc:')}}"
36
37# If the compute_node.password begins with 'enc:' then it is an
38# encyrpted password, which is what we need so we are done. Thus
39# if it is not encrypted then we have to encrypt it
40
41- name: Encyrpt Compute Node Password
42 command: "mkpasswd --method=sha-512 {{compute_node.password}}"
43 register: encrypted
44 changed_when: false
45 when: "not already_encrypted"
46
47- name: Update Compute Node Password
48 set_fact:
49 compute_node_update:
50 password: "enc:{{encrypted.stdout}}"
51 when: "not already_encrypted"
52
53- name: Merge Compute Node Properties
54 set_fact:
55 compute_node: "{{compute_node|combine(compute_node_update,recursive=True)}}"
56 when: "not already_encrypted"
57
David K. Bainbridge589a08f2016-06-15 18:14:18 -0700[diff] [blame]58- name: Ensure Docker Insecure Repository
59 become: yes
60 lineinfile:
61 dest: /etc/default/docker
62 line: 'DOCKER_OPTS="$DOCKER_OPTS --insecure-registry docker-registry:5000"'
63 insertafter: '^DOCKER_OPTS'
64 register: docker_config
65
David K. Bainbridgefac79ca2016-07-28 10:00:44 -0700[diff] [blame]66- name: Ensure Docker Registry Mirror
67 become: yes
68 lineinfile:
69 dest: /etc/default/docker
70 line: 'DOCKER_OPTS="$DOCKER_OPTS --registry-mirror=http://docker-registry:5001"'
71 insertafter: '^DOCKER_OPTS'
72 register: docker_config_mirror
73
David K. Bainbridge589a08f2016-06-15 18:14:18 -0700[diff] [blame]74- name: Docker Restart
75 become: yes
76 service:
77 name=docker
78 state=restarted
David K. Bainbridgefac79ca2016-07-28 10:00:44 -0700[diff] [blame]79 when: docker_config.changed or docker_config_mirror.changed
David K. Bainbridge589a08f2016-06-15 18:14:18 -0700[diff] [blame]80
David K. Bainbridgee9f284d2016-05-18 14:13:43 -0700[diff] [blame]81- name: Ensure Docker Ansible Support
82 become: yes
83 pip:
84 name=docker-py
David K. Bainbridge2dd2ddd2016-09-06 08:22:52 -0700[diff] [blame]85 version=1.9
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]86
87- name: Set Default Password
88 become: yes
89 user:
Zack Williams642388d2017-04-12 22:39:15 -0700[diff] [blame]90 name: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]91 password: "{{compute_node.password.split(':',1)[1]}}"
Zack Williams642388d2017-04-12 22:39:15 -0700[diff] [blame]92 when: '"{{ ansible_user_id }}" == "ubuntu"'
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]93 tags:
94 - set_compute_node_password
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]95
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]96- name: Authorize SSH Key
97 become: yes
98 authorized_key:
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]99 key: "{{ pub_ssh_key }}"
Zack Williams642388d2017-04-12 22:39:15 -0700[diff] [blame]100 user: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]101 state: present
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]102
103- name: Verify Private SSH Key
104 become: yes
105 stat:
Zack Williams642388d2017-04-12 22:39:15 -0700[diff] [blame]106 path=/home/{{ ansible_user_id }}/.ssh/id_rsa
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]107 register: private_key
108
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]109- name: Ensure SSH Key Pair
110 become: yes
111 copy:
112 src: "/etc/maas/.ssh/{{item.src}}"
113 dest: "{{ansible_env['PWD']}}/.ssh/{{item.dest}}"
Zack Williams642388d2017-04-12 22:39:15 -0700[diff] [blame]114 owner: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]115 group: "docker"
116 mode: "0600"
117 with_items:
118 - { "src": "cord_rsa", "dest": "id_rsa" }
119 - { "src": "cord_rsa.pub", "dest": "id_rsa.pub" }
120
121- name: Ensure SSH config
Andy Bavierceab2302016-07-07 09:04:07 -0400[diff] [blame]122 become: no
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]123 copy:
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]124 src: "files/{{item}}"
125 dest: "{{ansible_env['PWD']}}/.ssh/{{item}}"
Zack Williams642388d2017-04-12 22:39:15 -0700[diff] [blame]126 owner: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]127 mode: "0600"
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]128 with_items:
David K. Bainbridge81bda332016-06-14 22:58:41 -0700[diff] [blame]129 - config
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]130
131- name: Ensure CORD SUDO
132 become: yes
133 copy:
134 src=files/99-cord-sudoers
135 dest=/etc/sudoers.d/99-cord-sudoers
136 owner=root
137 group=root
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]138 mode="0600"
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700[diff] [blame]139
David K. Bainbridgef3071012016-08-04 09:29:55 -0700[diff] [blame]140- name: Ensure Utility Scripts
141 become: yes
142 copy:
143 src=files/{{ item }}
144 dest=/usr/local/bin/{{ item }}
145 owner=root
146 group=root
David K. Bainbridge8b179042016-11-30 15:38:42 -0800[diff] [blame]147 mode="0755"
David K. Bainbridgef3071012016-08-04 09:29:55 -0700[diff] [blame]148 with_items:
149 - delete-fabric-config
150 - delete-node-prov-state
151 - docker-ip
152 - fabric-pingall
153 - get-fabric-config
154 - get-node-prov-state
155 - remove-xos-components
David K. Bainbridgea677d4e2016-09-11 20:01:32 -0700[diff] [blame]156 - remove-maas-components
David K. Bainbridge1e4142d2016-08-04 10:01:58 -0700[diff] [blame]157 - post-fabric-config
David K. Bainbridgee80fd392016-08-19 15:46:19 -0700[diff] [blame]158 - pull-latest-docker-images
David K. Bainbridgef3071012016-08-04 09:29:55 -0700[diff] [blame]159
Amir Zeidner34380a52017-04-26 10:48:44 +0300[diff] [blame^]160- name: Verify Mellanox NICs
161 shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c Mellanox || true
162 register: mlnx_nic_present
David K. Bainbridge0820cab2016-06-02 17:43:32 -0700[diff] [blame]163 changed_when: False
alshabibe16ef4c2016-05-27 17:13:23 -0700[diff] [blame]164
165- name: Verify Intel 40Gb NIC
breezestarsd625aba2016-11-21 06:44:38 +0800[diff] [blame]166 shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c -E "XL710 for 40GbE QSFP+|X710 for 10GbE SFP+" || true
alshabibe16ef4c2016-05-27 17:13:23 -0700[diff] [blame]167 register: intel_nic_present
David K. Bainbridge0820cab2016-06-02 17:43:32 -0700[diff] [blame]168 changed_when: False
alshabibe16ef4c2016-05-27 17:13:23 -0700[diff] [blame]169
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]170- name: Verify i40e Driver
171 command: modinfo --field=version i40e
172 register: i40e_version
David K. Bainbridge10a8b982016-06-28 10:43:44 -0700[diff] [blame]173 when: intel_nic_present.stdout != "0"
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]174 changed_when: False
David K. Bainbridgeb5415042016-05-13 17:06:10 -0700[diff] [blame]175 failed_when: False
David K. Bainbridge4ec841c2016-05-11 22:10:15 -0700[diff] [blame]176 tags:
177 - interface_config
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]178
Amir Zeidner34380a52017-04-26 10:48:44 +0300[diff] [blame^]179- name: Verify Mellanox Driver
180 command: modinfo --field=version mlx5_core
181 register: mlnx5_version
182 when: mlnx_nic_present.stdout != "0"
alshabibe16ef4c2016-05-27 17:13:23 -0700[diff] [blame]183 changed_when: False
184 failed_when: False
185 tags:
186 - interface_config
187
Amir Zeidner34380a52017-04-26 10:48:44 +0300[diff] [blame^]188- name: Update Mellanox Driver
189 include: mlnx_driver.yml
190 when: mlnx_nic_present.stdout != "0" and mlnx5_version.stdout != '4.0-2.0.0'
alshabibe16ef4c2016-05-27 17:13:23 -0700[diff] [blame]191 tags:
192 - interface_config
193
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]194- name: Update i40e Driver
David K. Bainbridge17248c02016-08-29 17:04:34 -0700[diff] [blame]195 include: i40e_driver.yml
David K. Bainbridge10a8b982016-06-28 10:43:44 -0700[diff] [blame]196 when: intel_nic_present.stdout != "0" and i40e_version.stdout != '1.4.25'
David K. Bainbridge4ec841c2016-05-11 22:10:15 -0700[diff] [blame]197 tags:
198 - interface_config
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]199
alshabib54cdbb22016-06-03 16:37:01 -0700[diff] [blame]200- name: Load modules at boot
201 become: yes
202 lineinfile:
203 dest: /etc/modules
204 line: "{{ item }}"
205 with_items:
206 - lp
207 - loop
208 - rtc
209 - bonding
210
David K. Bainbridgea677d4e2016-09-11 20:01:32 -0700[diff] [blame]211- name: Ensure Network Configuration
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700[diff] [blame]212 become: yes
David K. Bainbridgea677d4e2016-09-11 20:01:32 -0700[diff] [blame]213 include: networking.yml
David K. Bainbridge4ec841c2016-05-11 22:10:15 -0700[diff] [blame]214 tags:
215 - interface_config