David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 1 | --- |
David K. Bainbridge | 8db2f30 | 2016-05-19 23:41:13 -0700 | [diff] [blame] | 2 | - name: Verify Manditory Variables |
| 3 | fail: msg="Variable '{{ item }}' is not defined" |
| 4 | when: item not in hostvars[inventory_hostname] |
| 5 | with_items: |
| 6 | - fabric_ip |
| 7 | tags: |
| 8 | - interface_config |
| 9 | |
David K. Bainbridge | d4a63e0 | 2016-09-14 12:28:00 -0700 | [diff] [blame] | 10 | - name: Verify Network Bits on Network Specifications |
| 11 | fail: msg="Network specification '{{ item }}' must include network bits" |
| 12 | when: "item != 'dhcp' and item != 'manual' and item | match('^([0-9]{1,3}.){3}[0-9]{1,3}$')" |
| 13 | with_items: |
| 14 | - "{{ compute_node.addresses.fabric }}" |
| 15 | - "{{ compute_node.addresses.management }}" |
| 16 | - "{{ compute_node.addresses.external }}" |
| 17 | |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 18 | - name: Applications |
| 19 | become: yes |
David K. Bainbridge | 17248c0 | 2016-08-29 17:04:34 -0700 | [diff] [blame] | 20 | apt: name={{ item }} state=present force=yes |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 21 | with_items: |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 22 | - whois |
David K. Bainbridge | 17248c0 | 2016-08-29 17:04:34 -0700 | [diff] [blame] | 23 | - build-essential=11.6* |
| 24 | - git=1:1.9.* |
| 25 | - python-pip=1.5.4* |
| 26 | - ifenslave-2.6=2.4* |
| 27 | - bridge-utils=1.5-* |
| 28 | - ethtool=1:3.13* |
| 29 | - minicom=2.7* |
| 30 | - curl=7.35.* |
Andy Bavier | d1ff927 | 2016-09-08 17:11:54 -0400 | [diff] [blame] | 31 | - jq=1.3* |
David K. Bainbridge | e9f284d | 2016-05-18 14:13:43 -0700 | [diff] [blame] | 32 | |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 33 | - name: Validate Encyrpted Compute Node Password |
| 34 | set_fact: |
| 35 | already_encrypted: "{{compute_node.password.startswith('enc:')}}" |
| 36 | |
| 37 | # If the compute_node.password begins with 'enc:' then it is an |
| 38 | # encyrpted password, which is what we need so we are done. Thus |
| 39 | # if it is not encrypted then we have to encrypt it |
| 40 | |
| 41 | - name: Encyrpt Compute Node Password |
| 42 | command: "mkpasswd --method=sha-512 {{compute_node.password}}" |
| 43 | register: encrypted |
| 44 | changed_when: false |
| 45 | when: "not already_encrypted" |
| 46 | |
| 47 | - name: Update Compute Node Password |
| 48 | set_fact: |
| 49 | compute_node_update: |
| 50 | password: "enc:{{encrypted.stdout}}" |
| 51 | when: "not already_encrypted" |
| 52 | |
| 53 | - name: Merge Compute Node Properties |
| 54 | set_fact: |
| 55 | compute_node: "{{compute_node|combine(compute_node_update,recursive=True)}}" |
| 56 | when: "not already_encrypted" |
| 57 | |
David K. Bainbridge | 589a08f | 2016-06-15 18:14:18 -0700 | [diff] [blame] | 58 | - name: Ensure Docker Insecure Repository |
| 59 | become: yes |
| 60 | lineinfile: |
| 61 | dest: /etc/default/docker |
| 62 | line: 'DOCKER_OPTS="$DOCKER_OPTS --insecure-registry docker-registry:5000"' |
| 63 | insertafter: '^DOCKER_OPTS' |
| 64 | register: docker_config |
| 65 | |
David K. Bainbridge | fac79ca | 2016-07-28 10:00:44 -0700 | [diff] [blame] | 66 | - name: Ensure Docker Registry Mirror |
| 67 | become: yes |
| 68 | lineinfile: |
| 69 | dest: /etc/default/docker |
| 70 | line: 'DOCKER_OPTS="$DOCKER_OPTS --registry-mirror=http://docker-registry:5001"' |
| 71 | insertafter: '^DOCKER_OPTS' |
| 72 | register: docker_config_mirror |
| 73 | |
David K. Bainbridge | 589a08f | 2016-06-15 18:14:18 -0700 | [diff] [blame] | 74 | - name: Docker Restart |
| 75 | become: yes |
| 76 | service: |
| 77 | name=docker |
| 78 | state=restarted |
David K. Bainbridge | fac79ca | 2016-07-28 10:00:44 -0700 | [diff] [blame] | 79 | when: docker_config.changed or docker_config_mirror.changed |
David K. Bainbridge | 589a08f | 2016-06-15 18:14:18 -0700 | [diff] [blame] | 80 | |
David K. Bainbridge | e9f284d | 2016-05-18 14:13:43 -0700 | [diff] [blame] | 81 | - name: Ensure Docker Ansible Support |
| 82 | become: yes |
| 83 | pip: |
Zack Williams | 6fe4637 | 2017-06-29 08:30:21 -0700 | [diff] [blame] | 84 | name: "docker==2.4.2" |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 85 | |
| 86 | - name: Set Default Password |
| 87 | become: yes |
| 88 | user: |
Zack Williams | 642388d | 2017-04-12 22:39:15 -0700 | [diff] [blame] | 89 | name: "{{ ansible_user_id }}" |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 90 | password: "{{compute_node.password.split(':',1)[1]}}" |
Zack Williams | 642388d | 2017-04-12 22:39:15 -0700 | [diff] [blame] | 91 | when: '"{{ ansible_user_id }}" == "ubuntu"' |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 92 | tags: |
| 93 | - set_compute_node_password |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 94 | |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 95 | - name: Authorize SSH Key |
| 96 | become: yes |
| 97 | authorized_key: |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 98 | key: "{{ pub_ssh_key }}" |
Zack Williams | 642388d | 2017-04-12 22:39:15 -0700 | [diff] [blame] | 99 | user: "{{ ansible_user_id }}" |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 100 | state: present |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 101 | |
| 102 | - name: Verify Private SSH Key |
| 103 | become: yes |
| 104 | stat: |
Zack Williams | 642388d | 2017-04-12 22:39:15 -0700 | [diff] [blame] | 105 | path=/home/{{ ansible_user_id }}/.ssh/id_rsa |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 106 | register: private_key |
| 107 | |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 108 | - name: Ensure SSH Key Pair |
| 109 | become: yes |
| 110 | copy: |
| 111 | src: "/etc/maas/.ssh/{{item.src}}" |
| 112 | dest: "{{ansible_env['PWD']}}/.ssh/{{item.dest}}" |
Zack Williams | 642388d | 2017-04-12 22:39:15 -0700 | [diff] [blame] | 113 | owner: "{{ ansible_user_id }}" |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 114 | group: "docker" |
| 115 | mode: "0600" |
| 116 | with_items: |
| 117 | - { "src": "cord_rsa", "dest": "id_rsa" } |
| 118 | - { "src": "cord_rsa.pub", "dest": "id_rsa.pub" } |
| 119 | |
| 120 | - name: Ensure SSH config |
Zack Williams | e2212a5 | 2017-04-28 12:36:25 -0700 | [diff] [blame] | 121 | become: yes |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 122 | copy: |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 123 | src: "files/{{item}}" |
| 124 | dest: "{{ansible_env['PWD']}}/.ssh/{{item}}" |
Zack Williams | 642388d | 2017-04-12 22:39:15 -0700 | [diff] [blame] | 125 | owner: "{{ ansible_user_id }}" |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 126 | mode: "0600" |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 127 | with_items: |
David K. Bainbridge | 81bda33 | 2016-06-14 22:58:41 -0700 | [diff] [blame] | 128 | - config |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 129 | |
| 130 | - name: Ensure CORD SUDO |
| 131 | become: yes |
| 132 | copy: |
| 133 | src=files/99-cord-sudoers |
| 134 | dest=/etc/sudoers.d/99-cord-sudoers |
| 135 | owner=root |
| 136 | group=root |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 137 | mode="0600" |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 138 | |
David K. Bainbridge | f307101 | 2016-08-04 09:29:55 -0700 | [diff] [blame] | 139 | - name: Ensure Utility Scripts |
| 140 | become: yes |
| 141 | copy: |
| 142 | src=files/{{ item }} |
| 143 | dest=/usr/local/bin/{{ item }} |
| 144 | owner=root |
| 145 | group=root |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 146 | mode="0755" |
David K. Bainbridge | f307101 | 2016-08-04 09:29:55 -0700 | [diff] [blame] | 147 | with_items: |
| 148 | - delete-fabric-config |
| 149 | - delete-node-prov-state |
| 150 | - docker-ip |
| 151 | - fabric-pingall |
| 152 | - get-fabric-config |
| 153 | - get-node-prov-state |
| 154 | - remove-xos-components |
David K. Bainbridge | a677d4e | 2016-09-11 20:01:32 -0700 | [diff] [blame] | 155 | - remove-maas-components |
David K. Bainbridge | 1e4142d | 2016-08-04 10:01:58 -0700 | [diff] [blame] | 156 | - post-fabric-config |
David K. Bainbridge | e80fd39 | 2016-08-19 15:46:19 -0700 | [diff] [blame] | 157 | - pull-latest-docker-images |
David K. Bainbridge | f307101 | 2016-08-04 09:29:55 -0700 | [diff] [blame] | 158 | |
Amir Zeidner | 34380a5 | 2017-04-26 10:48:44 +0300 | [diff] [blame] | 159 | - name: Verify Mellanox NICs |
| 160 | shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c Mellanox || true |
| 161 | register: mlnx_nic_present |
David K. Bainbridge | 0820cab | 2016-06-02 17:43:32 -0700 | [diff] [blame] | 162 | changed_when: False |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 163 | |
| 164 | - name: Verify Intel 40Gb NIC |
breezestars | d625aba | 2016-11-21 06:44:38 +0800 | [diff] [blame] | 165 | shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c -E "XL710 for 40GbE QSFP+|X710 for 10GbE SFP+" || true |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 166 | register: intel_nic_present |
David K. Bainbridge | 0820cab | 2016-06-02 17:43:32 -0700 | [diff] [blame] | 167 | changed_when: False |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 168 | |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 169 | - name: Verify i40e Driver |
| 170 | command: modinfo --field=version i40e |
| 171 | register: i40e_version |
David K. Bainbridge | 10a8b98 | 2016-06-28 10:43:44 -0700 | [diff] [blame] | 172 | when: intel_nic_present.stdout != "0" |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 173 | changed_when: False |
David K. Bainbridge | b541504 | 2016-05-13 17:06:10 -0700 | [diff] [blame] | 174 | failed_when: False |
David K. Bainbridge | 4ec841c | 2016-05-11 22:10:15 -0700 | [diff] [blame] | 175 | tags: |
| 176 | - interface_config |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 177 | |
Amir Zeidner | 34380a5 | 2017-04-26 10:48:44 +0300 | [diff] [blame] | 178 | - name: Verify Mellanox Driver |
| 179 | command: modinfo --field=version mlx5_core |
| 180 | register: mlnx5_version |
| 181 | when: mlnx_nic_present.stdout != "0" |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 182 | changed_when: False |
| 183 | failed_when: False |
| 184 | tags: |
| 185 | - interface_config |
| 186 | |
Amir Zeidner | 34380a5 | 2017-04-26 10:48:44 +0300 | [diff] [blame] | 187 | - name: Update Mellanox Driver |
| 188 | include: mlnx_driver.yml |
| 189 | when: mlnx_nic_present.stdout != "0" and mlnx5_version.stdout != '4.0-2.0.0' |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 190 | tags: |
| 191 | - interface_config |
| 192 | |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 193 | - name: Update i40e Driver |
David K. Bainbridge | 17248c0 | 2016-08-29 17:04:34 -0700 | [diff] [blame] | 194 | include: i40e_driver.yml |
David K. Bainbridge | 10a8b98 | 2016-06-28 10:43:44 -0700 | [diff] [blame] | 195 | when: intel_nic_present.stdout != "0" and i40e_version.stdout != '1.4.25' |
David K. Bainbridge | 4ec841c | 2016-05-11 22:10:15 -0700 | [diff] [blame] | 196 | tags: |
| 197 | - interface_config |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 198 | |
alshabib | 54cdbb2 | 2016-06-03 16:37:01 -0700 | [diff] [blame] | 199 | - name: Load modules at boot |
| 200 | become: yes |
| 201 | lineinfile: |
| 202 | dest: /etc/modules |
| 203 | line: "{{ item }}" |
| 204 | with_items: |
| 205 | - lp |
| 206 | - loop |
| 207 | - rtc |
| 208 | - bonding |
| 209 | |
David K. Bainbridge | a677d4e | 2016-09-11 20:01:32 -0700 | [diff] [blame] | 210 | - name: Ensure Network Configuration |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 211 | become: yes |
David K. Bainbridge | a677d4e | 2016-09-11 20:01:32 -0700 | [diff] [blame] | 212 | include: networking.yml |
David K. Bainbridge | 4ec841c | 2016-05-11 22:10:15 -0700 | [diff] [blame] | 213 | tags: |
| 214 | - interface_config |