blob: fe2b1ae148c910967b2dd8d0a7e75bde8c714975 [file] [log] [blame]
David K. Bainbridge317e7d72016-05-11 08:31:44 -07001---
David K. Bainbridge8db2f302016-05-19 23:41:13 -07002- name: Verify Manditory Variables
3 fail: msg="Variable '{{ item }}' is not defined"
4 when: item not in hostvars[inventory_hostname]
5 with_items:
6 - fabric_ip
7 tags:
8 - interface_config
9
David K. Bainbridged4a63e02016-09-14 12:28:00 -070010- name: Verify Network Bits on Network Specifications
11 fail: msg="Network specification '{{ item }}' must include network bits"
12 when: "item != 'dhcp' and item != 'manual' and item | match('^([0-9]{1,3}.){3}[0-9]{1,3}$')"
13 with_items:
14 - "{{ compute_node.addresses.fabric }}"
15 - "{{ compute_node.addresses.management }}"
16 - "{{ compute_node.addresses.external }}"
17
David K. Bainbridge317e7d72016-05-11 08:31:44 -070018- name: Applications
19 become: yes
David K. Bainbridge17248c02016-08-29 17:04:34 -070020 apt: name={{ item }} state=present force=yes
David K. Bainbridge317e7d72016-05-11 08:31:44 -070021 with_items:
David K. Bainbridge8b179042016-11-30 15:38:42 -080022 - whois
David K. Bainbridge17248c02016-08-29 17:04:34 -070023 - build-essential=11.6*
24 - git=1:1.9.*
25 - python-pip=1.5.4*
26 - ifenslave-2.6=2.4*
27 - bridge-utils=1.5-*
28 - ethtool=1:3.13*
29 - minicom=2.7*
30 - curl=7.35.*
Andy Bavierd1ff9272016-09-08 17:11:54 -040031 - jq=1.3*
David K. Bainbridgee9f284d2016-05-18 14:13:43 -070032
David K. Bainbridge8b179042016-11-30 15:38:42 -080033- name: Validate Encyrpted Compute Node Password
34 set_fact:
35 already_encrypted: "{{compute_node.password.startswith('enc:')}}"
36
37# If the compute_node.password begins with 'enc:' then it is an
38# encyrpted password, which is what we need so we are done. Thus
39# if it is not encrypted then we have to encrypt it
40
41- name: Encyrpt Compute Node Password
42 command: "mkpasswd --method=sha-512 {{compute_node.password}}"
43 register: encrypted
44 changed_when: false
45 when: "not already_encrypted"
46
47- name: Update Compute Node Password
48 set_fact:
49 compute_node_update:
50 password: "enc:{{encrypted.stdout}}"
51 when: "not already_encrypted"
52
53- name: Merge Compute Node Properties
54 set_fact:
55 compute_node: "{{compute_node|combine(compute_node_update,recursive=True)}}"
56 when: "not already_encrypted"
57
David K. Bainbridge589a08f2016-06-15 18:14:18 -070058- name: Ensure Docker Insecure Repository
59 become: yes
60 lineinfile:
61 dest: /etc/default/docker
62 line: 'DOCKER_OPTS="$DOCKER_OPTS --insecure-registry docker-registry:5000"'
63 insertafter: '^DOCKER_OPTS'
64 register: docker_config
65
David K. Bainbridgefac79ca2016-07-28 10:00:44 -070066- name: Ensure Docker Registry Mirror
67 become: yes
68 lineinfile:
69 dest: /etc/default/docker
70 line: 'DOCKER_OPTS="$DOCKER_OPTS --registry-mirror=http://docker-registry:5001"'
71 insertafter: '^DOCKER_OPTS'
72 register: docker_config_mirror
73
David K. Bainbridge589a08f2016-06-15 18:14:18 -070074- name: Docker Restart
75 become: yes
76 service:
77 name=docker
78 state=restarted
David K. Bainbridgefac79ca2016-07-28 10:00:44 -070079 when: docker_config.changed or docker_config_mirror.changed
David K. Bainbridge589a08f2016-06-15 18:14:18 -070080
David K. Bainbridgee9f284d2016-05-18 14:13:43 -070081- name: Ensure Docker Ansible Support
82 become: yes
83 pip:
Zack Williams6fe46372017-06-29 08:30:21 -070084 name: "docker==2.4.2"
David K. Bainbridge317e7d72016-05-11 08:31:44 -070085
86- name: Set Default Password
87 become: yes
88 user:
Zack Williams642388d2017-04-12 22:39:15 -070089 name: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -080090 password: "{{compute_node.password.split(':',1)[1]}}"
Zack Williams642388d2017-04-12 22:39:15 -070091 when: '"{{ ansible_user_id }}" == "ubuntu"'
David K. Bainbridge8b179042016-11-30 15:38:42 -080092 tags:
93 - set_compute_node_password
David K. Bainbridge317e7d72016-05-11 08:31:44 -070094
David K. Bainbridge39d0c782016-05-11 13:27:57 -070095- name: Authorize SSH Key
96 become: yes
97 authorized_key:
David K. Bainbridge8b179042016-11-30 15:38:42 -080098 key: "{{ pub_ssh_key }}"
Zack Williams642388d2017-04-12 22:39:15 -070099 user: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800100 state: present
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700101
102- name: Verify Private SSH Key
103 become: yes
104 stat:
Zack Williams642388d2017-04-12 22:39:15 -0700105 path=/home/{{ ansible_user_id }}/.ssh/id_rsa
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700106 register: private_key
107
David K. Bainbridge8b179042016-11-30 15:38:42 -0800108- name: Ensure SSH Key Pair
109 become: yes
110 copy:
111 src: "/etc/maas/.ssh/{{item.src}}"
112 dest: "{{ansible_env['PWD']}}/.ssh/{{item.dest}}"
Zack Williams642388d2017-04-12 22:39:15 -0700113 owner: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800114 group: "docker"
115 mode: "0600"
116 with_items:
117 - { "src": "cord_rsa", "dest": "id_rsa" }
118 - { "src": "cord_rsa.pub", "dest": "id_rsa.pub" }
119
120- name: Ensure SSH config
Zack Williamse2212a52017-04-28 12:36:25 -0700121 become: yes
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700122 copy:
David K. Bainbridge8b179042016-11-30 15:38:42 -0800123 src: "files/{{item}}"
124 dest: "{{ansible_env['PWD']}}/.ssh/{{item}}"
Zack Williams642388d2017-04-12 22:39:15 -0700125 owner: "{{ ansible_user_id }}"
David K. Bainbridge8b179042016-11-30 15:38:42 -0800126 mode: "0600"
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700127 with_items:
David K. Bainbridge81bda332016-06-14 22:58:41 -0700128 - config
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700129
130- name: Ensure CORD SUDO
131 become: yes
132 copy:
133 src=files/99-cord-sudoers
134 dest=/etc/sudoers.d/99-cord-sudoers
135 owner=root
136 group=root
David K. Bainbridge8b179042016-11-30 15:38:42 -0800137 mode="0600"
David K. Bainbridge39d0c782016-05-11 13:27:57 -0700138
David K. Bainbridgef3071012016-08-04 09:29:55 -0700139- name: Ensure Utility Scripts
140 become: yes
141 copy:
142 src=files/{{ item }}
143 dest=/usr/local/bin/{{ item }}
144 owner=root
145 group=root
David K. Bainbridge8b179042016-11-30 15:38:42 -0800146 mode="0755"
David K. Bainbridgef3071012016-08-04 09:29:55 -0700147 with_items:
148 - delete-fabric-config
149 - delete-node-prov-state
150 - docker-ip
151 - fabric-pingall
152 - get-fabric-config
153 - get-node-prov-state
154 - remove-xos-components
David K. Bainbridgea677d4e2016-09-11 20:01:32 -0700155 - remove-maas-components
David K. Bainbridge1e4142d2016-08-04 10:01:58 -0700156 - post-fabric-config
David K. Bainbridgee80fd392016-08-19 15:46:19 -0700157 - pull-latest-docker-images
David K. Bainbridgef3071012016-08-04 09:29:55 -0700158
Amir Zeidner34380a52017-04-26 10:48:44 +0300159- name: Verify Mellanox NICs
160 shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c Mellanox || true
161 register: mlnx_nic_present
David K. Bainbridge0820cab2016-06-02 17:43:32 -0700162 changed_when: False
alshabibe16ef4c2016-05-27 17:13:23 -0700163
164- name: Verify Intel 40Gb NIC
breezestarsd625aba2016-11-21 06:44:38 +0800165 shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c -E "XL710 for 40GbE QSFP+|X710 for 10GbE SFP+" || true
alshabibe16ef4c2016-05-27 17:13:23 -0700166 register: intel_nic_present
David K. Bainbridge0820cab2016-06-02 17:43:32 -0700167 changed_when: False
alshabibe16ef4c2016-05-27 17:13:23 -0700168
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700169- name: Verify i40e Driver
170 command: modinfo --field=version i40e
171 register: i40e_version
David K. Bainbridge10a8b982016-06-28 10:43:44 -0700172 when: intel_nic_present.stdout != "0"
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700173 changed_when: False
David K. Bainbridgeb5415042016-05-13 17:06:10 -0700174 failed_when: False
David K. Bainbridge4ec841c2016-05-11 22:10:15 -0700175 tags:
176 - interface_config
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700177
Amir Zeidner34380a52017-04-26 10:48:44 +0300178- name: Verify Mellanox Driver
179 command: modinfo --field=version mlx5_core
180 register: mlnx5_version
181 when: mlnx_nic_present.stdout != "0"
alshabibe16ef4c2016-05-27 17:13:23 -0700182 changed_when: False
183 failed_when: False
184 tags:
185 - interface_config
186
Amir Zeidner34380a52017-04-26 10:48:44 +0300187- name: Update Mellanox Driver
188 include: mlnx_driver.yml
189 when: mlnx_nic_present.stdout != "0" and mlnx5_version.stdout != '4.0-2.0.0'
alshabibe16ef4c2016-05-27 17:13:23 -0700190 tags:
191 - interface_config
192
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700193- name: Update i40e Driver
David K. Bainbridge17248c02016-08-29 17:04:34 -0700194 include: i40e_driver.yml
David K. Bainbridge10a8b982016-06-28 10:43:44 -0700195 when: intel_nic_present.stdout != "0" and i40e_version.stdout != '1.4.25'
David K. Bainbridge4ec841c2016-05-11 22:10:15 -0700196 tags:
197 - interface_config
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700198
alshabib54cdbb22016-06-03 16:37:01 -0700199- name: Load modules at boot
200 become: yes
201 lineinfile:
202 dest: /etc/modules
203 line: "{{ item }}"
204 with_items:
205 - lp
206 - loop
207 - rtc
208 - bonding
209
David K. Bainbridgea677d4e2016-09-11 20:01:32 -0700210- name: Ensure Network Configuration
David K. Bainbridge317e7d72016-05-11 08:31:44 -0700211 become: yes
David K. Bainbridgea677d4e2016-09-11 20:01:32 -0700212 include: networking.yml
David K. Bainbridge4ec841c2016-05-11 22:10:15 -0700213 tags:
214 - interface_config