blob: 910e4283eb6ca03f02ab0ca73dec990bc5da0361 [file] [log] [blame]
Jonathan Hart93956f52017-08-22 13:12:42 -07001
2# Copyright 2017-present Open Networking Foundation
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8# http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15
16
David K. Bainbridge317e7d72016-05-11 08:31:44 -070017---
David K. Bainbridge8db2f302016-05-19 23:41:13 -070018- name: Verify Manditory Variables
19 fail: msg="Variable '{{ item }}' is not defined"
20 when: item not in hostvars[inventory_hostname]
21 with_items:
22 - fabric_ip
23 tags:
24 - interface_config
25
David K. Bainbridged4a63e02016-09-14 12:28:00 -070026- name: Verify Network Bits on Network Specifications
27 fail: msg="Network specification '{{ item }}' must include network bits"
28 when: "item != 'dhcp' and item != 'manual' and item | match('^([0-9]{1,3}.){3}[0-9]{1,3}$')"
29 with_items:
30 - "{{ compute_node.addresses.fabric }}"
31 - "{{ compute_node.addresses.management }}"
32 - "{{ compute_node.addresses.external }}"
33
David K. Bainbridge317e7d72016-05-11 08:31:44 -070034- name: Applications
35 become: yes
David K. Bainbridge17248c02016-08-29 17:04:34 -070036 apt: name={{ item }} state=present force=yes
David K. Bainbridge317e7d72016-05-11 08:31:44 -070037 with_items:
David K. Bainbridge8b179042016-11-30 15:38:42 -080038 - whois
David K. Bainbridge17248c02016-08-29 17:04:34 -070039 - build-essential=11.6*
40 - git=1:1.9.*
41 - python-pip=1.5.4*
42 - ifenslave-2.6=2.4*
43 - bridge-utils=1.5-*
44 - ethtool=1:3.13*
45 - minicom=2.7*
46 - curl=7.35.*
Andy Bavierd1ff9272016-09-08 17:11:54 -040047 - jq=1.3*
David K. Bainbridgee9f284d2016-05-18 14:13:43 -070048
David K. Bainbridge8b179042016-11-30 15:38:42 -080049- name: Validate Encyrpted Compute Node Password
50 set_fact:
51 already_encrypted: "{{compute_node.password.startswith('enc:')}}"
52
53# If the compute_node.password begins with 'enc:' then it is an
54# encyrpted password, which is what we need so we are done. Thus
55# if it is not encrypted then we have to encrypt it
56
57- name: Encyrpt Compute Node Password
58 command: "mkpasswd --method=sha-512 {{compute_node.password}}"
59 register: encrypted
60 changed_when: false
61 when: "not already_encrypted"
62
Andy Bavier5a3f46f2018-03-29 14:17:13 -070063- name: Extract Encrypted Compute Node Password
David K. Bainbridge8b179042016-11-30 15:38:42 -080064 set_fact:
Andy Bavier5a3f46f2018-03-29 14:17:13 -070065 encrypted_password: "enc:{{encrypted.stdout}}"
David K. Bainbridge8b179042016-11-30 15:38:42 -080066 when: "not already_encrypted"
67
Andy Bavier5a3f46f2018-03-29 14:17:13 -070068- name: Copy Encrypted Compute Node Password
David K. Bainbridge8b179042016-11-30 15:38:42 -080069 set_fact:
Andy Bavier5a3f46f2018-03-29 14:17:13 -070070 encrypted_password: "{{compute_node.password}}"
71 when: "already_encrypted"
David K. Bainbridge8b179042016-11-30 15:38:42 -080072
David K. Bainbridge589a08f2016-06-15 18:14:18 -070073- name: Ensure Docker Insecure Repository
74 become: yes
75 lineinfile:
76 dest: /etc/default/docker
77 line: 'DOCKER_OPTS="$DOCKER_OPTS --insecure-registry docker-registry:5000"'
78 insertafter: '^DOCKER_OPTS'
79 register: docker_config
80
David K. Bainbridgefac79ca2016-07-28 10:00:44 -070081- name: Ensure Docker Registry Mirror
82 become: yes
83 lineinfile:
84 dest: /etc/default/docker
85 line: 'DOCKER_OPTS="$DOCKER_OPTS --registry-mirror=http://docker-registry:5001"'
86 insertafter: '^DOCKER_OPTS'
87 register: docker_config_mirror
88
David K. Bainbridge589a08f2016-06-15 18:14:18 -070089- name: Docker Restart
90 become: yes
91 service:
92 name=docker
93 state=restarted
David K. Bainbridgefac79ca2016-07-28 10:00:44 -070094 when: docker_config.changed or docker_config_mirror.changed
David K. Bainbridge589a08f2016-06-15 18:14:18 -070095
David K. Bainbridgee9f284d2016-05-18 14:13:43 -070096- name: Ensure Docker Ansible Support
97 become: yes
98 pip:
Zack Williams6fe46372017-06-29 08:30:21 -070099 name: "docker==2.4.2"
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700100
101- name: Set Default Password
102 become: yes
103 user:
Zack Williams642388d2017-04-12 22:39:15 -0700104 name: "{{ ansible_user_id }}"
Andy Bavier5a3f46f2018-03-29 14:17:13 -0700105 password: "{{encrypted_password.split(':',1)[1]}}"
Zack Williams642388d2017-04-12 22:39:15 -0700106 when: '"{{ ansible_user_id }}" == "ubuntu"'
David K. Bainbridge8b179042016-11-30 15:38:42 -0800107 tags:
108 - set_compute_node_password
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700109
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700110- name: Authorize SSH Key
111 become: yes
112 authorized_key:
David K. Bainbridge8b179042016-11-30 15:38:42 -0800113 key: "{{ pub_ssh_key }}"
Zack Williams642388d2017-04-12 22:39:15 -0700114 user: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800115 state: present
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700116
117- name: Verify Private SSH Key
118 become: yes
119 stat:
Zack Williams642388d2017-04-12 22:39:15 -0700120 path=/home/{{ ansible_user_id }}/.ssh/id_rsa
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700121 register: private_key
122
David K. Bainbridge8b179042016-11-30 15:38:42 -0800123- name: Ensure SSH Key Pair
124 become: yes
125 copy:
David K. Bainbridge0a7cdbb2017-07-14 11:36:13 -0700126 src: "{{pub_ssh_key_file_location}}/{{item.src}}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800127 dest: "{{ansible_env['PWD']}}/.ssh/{{item.dest}}"
Zack Williams642388d2017-04-12 22:39:15 -0700128 owner: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800129 group: "docker"
130 mode: "0600"
131 with_items:
Andy Bavier4ae79c92017-07-27 13:02:11 -0700132 - { "src": "cord_rsa", "dest": "cord_rsa" }
133 - { "src": "cord_rsa.pub", "dest": "cord_rsa.pub" }
David K. Bainbridge8b179042016-11-30 15:38:42 -0800134
135- name: Ensure SSH config
Zack Williamse2212a52017-04-28 12:36:25 -0700136 become: yes
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700137 copy:
David K. Bainbridge8b179042016-11-30 15:38:42 -0800138 src: "files/{{item}}"
139 dest: "{{ansible_env['PWD']}}/.ssh/{{item}}"
Zack Williams642388d2017-04-12 22:39:15 -0700140 owner: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800141 mode: "0600"
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700142 with_items:
David K. Bainbridge81bda332016-06-14 22:58:41 -0700143 - config
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700144
145- name: Ensure CORD SUDO
146 become: yes
147 copy:
148 src=files/99-cord-sudoers
149 dest=/etc/sudoers.d/99-cord-sudoers
150 owner=root
151 group=root
David K. Bainbridge8b179042016-11-30 15:38:42 -0800152 mode="0600"
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700153
David K. Bainbridgef3071012016-08-04 09:29:55 -0700154- name: Ensure Utility Scripts
155 become: yes
156 copy:
157 src=files/{{ item }}
158 dest=/usr/local/bin/{{ item }}
159 owner=root
160 group=root
David K. Bainbridge8b179042016-11-30 15:38:42 -0800161 mode="0755"
David K. Bainbridgef3071012016-08-04 09:29:55 -0700162 with_items:
163 - delete-fabric-config
164 - delete-node-prov-state
165 - docker-ip
166 - fabric-pingall
167 - get-fabric-config
168 - get-node-prov-state
169 - remove-xos-components
David K. Bainbridgea677d4e2016-09-11 20:01:32 -0700170 - remove-maas-components
David K. Bainbridge1e4142d2016-08-04 10:01:58 -0700171 - post-fabric-config
David K. Bainbridgee80fd392016-08-19 15:46:19 -0700172 - pull-latest-docker-images
David K. Bainbridgef3071012016-08-04 09:29:55 -0700173
Amir Zeidner34380a52017-04-26 10:48:44 +0300174- name: Verify Mellanox NICs
175 shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c Mellanox || true
176 register: mlnx_nic_present
David K. Bainbridge0820cab2016-06-02 17:43:32 -0700177 changed_when: False
alshabibe16ef4c2016-05-27 17:13:23 -0700178
179- name: Verify Intel 40Gb NIC
breezestarsd625aba2016-11-21 06:44:38 +0800180 shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c -E "XL710 for 40GbE QSFP+|X710 for 10GbE SFP+" || true
alshabibe16ef4c2016-05-27 17:13:23 -0700181 register: intel_nic_present
David K. Bainbridge0820cab2016-06-02 17:43:32 -0700182 changed_when: False
alshabibe16ef4c2016-05-27 17:13:23 -0700183
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700184- name: Verify i40e Driver
185 command: modinfo --field=version i40e
186 register: i40e_version
David K. Bainbridge10a8b982016-06-28 10:43:44 -0700187 when: intel_nic_present.stdout != "0"
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700188 changed_when: False
David K. Bainbridgeb5415042016-05-13 17:06:10 -0700189 failed_when: False
David K. Bainbridge4ec841c2016-05-11 22:10:15 -0700190 tags:
191 - interface_config
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700192
Amir Zeidner34380a52017-04-26 10:48:44 +0300193- name: Verify Mellanox Driver
194 command: modinfo --field=version mlx5_core
195 register: mlnx5_version
196 when: mlnx_nic_present.stdout != "0"
alshabibe16ef4c2016-05-27 17:13:23 -0700197 changed_when: False
198 failed_when: False
199 tags:
200 - interface_config
201
Amir Zeidner34380a52017-04-26 10:48:44 +0300202- name: Update Mellanox Driver
203 include: mlnx_driver.yml
204 when: mlnx_nic_present.stdout != "0" and mlnx5_version.stdout != '4.0-2.0.0'
alshabibe16ef4c2016-05-27 17:13:23 -0700205 tags:
206 - interface_config
207
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700208- name: Update i40e Driver
David K. Bainbridge17248c02016-08-29 17:04:34 -0700209 include: i40e_driver.yml
David K. Bainbridge10a8b982016-06-28 10:43:44 -0700210 when: intel_nic_present.stdout != "0" and i40e_version.stdout != '1.4.25'
David K. Bainbridge4ec841c2016-05-11 22:10:15 -0700211 tags:
212 - interface_config
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700213
alshabib54cdbb22016-06-03 16:37:01 -0700214- name: Load modules at boot
215 become: yes
216 lineinfile:
217 dest: /etc/modules
218 line: "{{ item }}"
219 with_items:
220 - lp
221 - loop
222 - rtc
223 - bonding
224
David K. Bainbridgea677d4e2016-09-11 20:01:32 -0700225- name: Ensure Network Configuration
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700226 become: yes
David K. Bainbridgea677d4e2016-09-11 20:01:32 -0700227 include: networking.yml
David K. Bainbridge4ec841c2016-05-11 22:10:15 -0700228 tags:
229 - interface_config