Jonathan Hart | 93956f5 | 2017-08-22 13:12:42 -0700 | [diff] [blame] | 1 | |
| 2 | # Copyright 2017-present Open Networking Foundation |
| 3 | # |
| 4 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | # you may not use this file except in compliance with the License. |
| 6 | # You may obtain a copy of the License at |
| 7 | # |
| 8 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | # See the License for the specific language governing permissions and |
| 14 | # limitations under the License. |
| 15 | |
| 16 | |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 17 | --- |
David K. Bainbridge | 8db2f30 | 2016-05-19 23:41:13 -0700 | [diff] [blame] | 18 | - name: Verify Manditory Variables |
| 19 | fail: msg="Variable '{{ item }}' is not defined" |
| 20 | when: item not in hostvars[inventory_hostname] |
| 21 | with_items: |
| 22 | - fabric_ip |
| 23 | tags: |
| 24 | - interface_config |
| 25 | |
David K. Bainbridge | d4a63e0 | 2016-09-14 12:28:00 -0700 | [diff] [blame] | 26 | - name: Verify Network Bits on Network Specifications |
| 27 | fail: msg="Network specification '{{ item }}' must include network bits" |
| 28 | when: "item != 'dhcp' and item != 'manual' and item | match('^([0-9]{1,3}.){3}[0-9]{1,3}$')" |
| 29 | with_items: |
| 30 | - "{{ compute_node.addresses.fabric }}" |
| 31 | - "{{ compute_node.addresses.management }}" |
| 32 | - "{{ compute_node.addresses.external }}" |
| 33 | |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 34 | - name: Applications |
| 35 | become: yes |
David K. Bainbridge | 17248c0 | 2016-08-29 17:04:34 -0700 | [diff] [blame] | 36 | apt: name={{ item }} state=present force=yes |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 37 | with_items: |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 38 | - whois |
David K. Bainbridge | 17248c0 | 2016-08-29 17:04:34 -0700 | [diff] [blame] | 39 | - build-essential=11.6* |
| 40 | - git=1:1.9.* |
| 41 | - python-pip=1.5.4* |
| 42 | - ifenslave-2.6=2.4* |
| 43 | - bridge-utils=1.5-* |
| 44 | - ethtool=1:3.13* |
| 45 | - minicom=2.7* |
| 46 | - curl=7.35.* |
Andy Bavier | d1ff927 | 2016-09-08 17:11:54 -0400 | [diff] [blame] | 47 | - jq=1.3* |
David K. Bainbridge | e9f284d | 2016-05-18 14:13:43 -0700 | [diff] [blame] | 48 | |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 49 | - name: Validate Encyrpted Compute Node Password |
| 50 | set_fact: |
| 51 | already_encrypted: "{{compute_node.password.startswith('enc:')}}" |
| 52 | |
| 53 | # If the compute_node.password begins with 'enc:' then it is an |
| 54 | # encyrpted password, which is what we need so we are done. Thus |
| 55 | # if it is not encrypted then we have to encrypt it |
| 56 | |
| 57 | - name: Encyrpt Compute Node Password |
| 58 | command: "mkpasswd --method=sha-512 {{compute_node.password}}" |
| 59 | register: encrypted |
| 60 | changed_when: false |
| 61 | when: "not already_encrypted" |
| 62 | |
Andy Bavier | 2ebe6ef | 2018-03-29 14:17:13 -0700 | [diff] [blame] | 63 | - name: Extract Encrypted Compute Node Password |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 64 | set_fact: |
Andy Bavier | 2ebe6ef | 2018-03-29 14:17:13 -0700 | [diff] [blame] | 65 | encrypted_password: "enc:{{encrypted.stdout}}" |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 66 | when: "not already_encrypted" |
| 67 | |
Andy Bavier | 2ebe6ef | 2018-03-29 14:17:13 -0700 | [diff] [blame] | 68 | - name: Copy Encrypted Compute Node Password |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 69 | set_fact: |
Andy Bavier | 2ebe6ef | 2018-03-29 14:17:13 -0700 | [diff] [blame] | 70 | encrypted_password: "{{compute_node.password}}" |
| 71 | when: "already_encrypted" |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 72 | |
David K. Bainbridge | 589a08f | 2016-06-15 18:14:18 -0700 | [diff] [blame] | 73 | - name: Ensure Docker Insecure Repository |
| 74 | become: yes |
| 75 | lineinfile: |
| 76 | dest: /etc/default/docker |
| 77 | line: 'DOCKER_OPTS="$DOCKER_OPTS --insecure-registry docker-registry:5000"' |
| 78 | insertafter: '^DOCKER_OPTS' |
| 79 | register: docker_config |
| 80 | |
David K. Bainbridge | fac79ca | 2016-07-28 10:00:44 -0700 | [diff] [blame] | 81 | - name: Ensure Docker Registry Mirror |
| 82 | become: yes |
| 83 | lineinfile: |
| 84 | dest: /etc/default/docker |
| 85 | line: 'DOCKER_OPTS="$DOCKER_OPTS --registry-mirror=http://docker-registry:5001"' |
| 86 | insertafter: '^DOCKER_OPTS' |
| 87 | register: docker_config_mirror |
| 88 | |
David K. Bainbridge | 589a08f | 2016-06-15 18:14:18 -0700 | [diff] [blame] | 89 | - name: Docker Restart |
| 90 | become: yes |
| 91 | service: |
| 92 | name=docker |
| 93 | state=restarted |
David K. Bainbridge | fac79ca | 2016-07-28 10:00:44 -0700 | [diff] [blame] | 94 | when: docker_config.changed or docker_config_mirror.changed |
David K. Bainbridge | 589a08f | 2016-06-15 18:14:18 -0700 | [diff] [blame] | 95 | |
David K. Bainbridge | e9f284d | 2016-05-18 14:13:43 -0700 | [diff] [blame] | 96 | - name: Ensure Docker Ansible Support |
| 97 | become: yes |
| 98 | pip: |
Zack Williams | 537bf9c | 2018-04-02 11:55:04 -0700 | [diff] [blame] | 99 | name: "docker==3.2.1" |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 100 | |
| 101 | - name: Set Default Password |
| 102 | become: yes |
| 103 | user: |
Zack Williams | 642388d | 2017-04-12 22:39:15 -0700 | [diff] [blame] | 104 | name: "{{ ansible_user_id }}" |
Andy Bavier | 2ebe6ef | 2018-03-29 14:17:13 -0700 | [diff] [blame] | 105 | password: "{{encrypted_password.split(':',1)[1]}}" |
Zack Williams | 642388d | 2017-04-12 22:39:15 -0700 | [diff] [blame] | 106 | when: '"{{ ansible_user_id }}" == "ubuntu"' |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 107 | tags: |
| 108 | - set_compute_node_password |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 109 | |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 110 | - name: Authorize SSH Key |
| 111 | become: yes |
| 112 | authorized_key: |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 113 | key: "{{ pub_ssh_key }}" |
Zack Williams | 642388d | 2017-04-12 22:39:15 -0700 | [diff] [blame] | 114 | user: "{{ ansible_user_id }}" |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 115 | state: present |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 116 | |
| 117 | - name: Verify Private SSH Key |
| 118 | become: yes |
| 119 | stat: |
Zack Williams | 642388d | 2017-04-12 22:39:15 -0700 | [diff] [blame] | 120 | path=/home/{{ ansible_user_id }}/.ssh/id_rsa |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 121 | register: private_key |
| 122 | |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 123 | - name: Ensure SSH Key Pair |
| 124 | become: yes |
| 125 | copy: |
David K. Bainbridge | 0a7cdbb | 2017-07-14 11:36:13 -0700 | [diff] [blame] | 126 | src: "{{pub_ssh_key_file_location}}/{{item.src}}" |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 127 | dest: "{{ansible_env['PWD']}}/.ssh/{{item.dest}}" |
Zack Williams | 642388d | 2017-04-12 22:39:15 -0700 | [diff] [blame] | 128 | owner: "{{ ansible_user_id }}" |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 129 | group: "docker" |
| 130 | mode: "0600" |
| 131 | with_items: |
Andy Bavier | 4ae79c9 | 2017-07-27 13:02:11 -0700 | [diff] [blame] | 132 | - { "src": "cord_rsa", "dest": "cord_rsa" } |
| 133 | - { "src": "cord_rsa.pub", "dest": "cord_rsa.pub" } |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 134 | |
| 135 | - name: Ensure SSH config |
Zack Williams | e2212a5 | 2017-04-28 12:36:25 -0700 | [diff] [blame] | 136 | become: yes |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 137 | copy: |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 138 | src: "files/{{item}}" |
| 139 | dest: "{{ansible_env['PWD']}}/.ssh/{{item}}" |
Zack Williams | 642388d | 2017-04-12 22:39:15 -0700 | [diff] [blame] | 140 | owner: "{{ ansible_user_id }}" |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 141 | mode: "0600" |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 142 | with_items: |
David K. Bainbridge | 81bda33 | 2016-06-14 22:58:41 -0700 | [diff] [blame] | 143 | - config |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 144 | |
| 145 | - name: Ensure CORD SUDO |
| 146 | become: yes |
| 147 | copy: |
| 148 | src=files/99-cord-sudoers |
| 149 | dest=/etc/sudoers.d/99-cord-sudoers |
| 150 | owner=root |
| 151 | group=root |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 152 | mode="0600" |
David K. Bainbridge | 39d0c78 | 2016-05-11 13:27:57 -0700 | [diff] [blame] | 153 | |
David K. Bainbridge | f307101 | 2016-08-04 09:29:55 -0700 | [diff] [blame] | 154 | - name: Ensure Utility Scripts |
| 155 | become: yes |
| 156 | copy: |
| 157 | src=files/{{ item }} |
| 158 | dest=/usr/local/bin/{{ item }} |
| 159 | owner=root |
| 160 | group=root |
David K. Bainbridge | 8b17904 | 2016-11-30 15:38:42 -0800 | [diff] [blame] | 161 | mode="0755" |
David K. Bainbridge | f307101 | 2016-08-04 09:29:55 -0700 | [diff] [blame] | 162 | with_items: |
| 163 | - delete-fabric-config |
| 164 | - delete-node-prov-state |
| 165 | - docker-ip |
| 166 | - fabric-pingall |
| 167 | - get-fabric-config |
| 168 | - get-node-prov-state |
| 169 | - remove-xos-components |
David K. Bainbridge | a677d4e | 2016-09-11 20:01:32 -0700 | [diff] [blame] | 170 | - remove-maas-components |
David K. Bainbridge | 1e4142d | 2016-08-04 10:01:58 -0700 | [diff] [blame] | 171 | - post-fabric-config |
David K. Bainbridge | e80fd39 | 2016-08-19 15:46:19 -0700 | [diff] [blame] | 172 | - pull-latest-docker-images |
David K. Bainbridge | f307101 | 2016-08-04 09:29:55 -0700 | [diff] [blame] | 173 | |
Amir Zeidner | 34380a5 | 2017-04-26 10:48:44 +0300 | [diff] [blame] | 174 | - name: Verify Mellanox NICs |
| 175 | shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c Mellanox || true |
| 176 | register: mlnx_nic_present |
David K. Bainbridge | 0820cab | 2016-06-02 17:43:32 -0700 | [diff] [blame] | 177 | changed_when: False |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 178 | |
| 179 | - name: Verify Intel 40Gb NIC |
breezestars | d625aba | 2016-11-21 06:44:38 +0800 | [diff] [blame] | 180 | shell: /usr/bin/lspci | grep "Ethernet controller" | grep -c -E "XL710 for 40GbE QSFP+|X710 for 10GbE SFP+" || true |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 181 | register: intel_nic_present |
David K. Bainbridge | 0820cab | 2016-06-02 17:43:32 -0700 | [diff] [blame] | 182 | changed_when: False |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 183 | |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 184 | - name: Verify i40e Driver |
| 185 | command: modinfo --field=version i40e |
| 186 | register: i40e_version |
David K. Bainbridge | 10a8b98 | 2016-06-28 10:43:44 -0700 | [diff] [blame] | 187 | when: intel_nic_present.stdout != "0" |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 188 | changed_when: False |
David K. Bainbridge | b541504 | 2016-05-13 17:06:10 -0700 | [diff] [blame] | 189 | failed_when: False |
David K. Bainbridge | 4ec841c | 2016-05-11 22:10:15 -0700 | [diff] [blame] | 190 | tags: |
| 191 | - interface_config |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 192 | |
Amir Zeidner | 34380a5 | 2017-04-26 10:48:44 +0300 | [diff] [blame] | 193 | - name: Verify Mellanox Driver |
| 194 | command: modinfo --field=version mlx5_core |
| 195 | register: mlnx5_version |
| 196 | when: mlnx_nic_present.stdout != "0" |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 197 | changed_when: False |
| 198 | failed_when: False |
| 199 | tags: |
| 200 | - interface_config |
| 201 | |
Amir Zeidner | 34380a5 | 2017-04-26 10:48:44 +0300 | [diff] [blame] | 202 | - name: Update Mellanox Driver |
| 203 | include: mlnx_driver.yml |
| 204 | when: mlnx_nic_present.stdout != "0" and mlnx5_version.stdout != '4.0-2.0.0' |
alshabib | e16ef4c | 2016-05-27 17:13:23 -0700 | [diff] [blame] | 205 | tags: |
| 206 | - interface_config |
| 207 | |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 208 | - name: Update i40e Driver |
David K. Bainbridge | 17248c0 | 2016-08-29 17:04:34 -0700 | [diff] [blame] | 209 | include: i40e_driver.yml |
David K. Bainbridge | 10a8b98 | 2016-06-28 10:43:44 -0700 | [diff] [blame] | 210 | when: intel_nic_present.stdout != "0" and i40e_version.stdout != '1.4.25' |
David K. Bainbridge | 4ec841c | 2016-05-11 22:10:15 -0700 | [diff] [blame] | 211 | tags: |
| 212 | - interface_config |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 213 | |
alshabib | 54cdbb2 | 2016-06-03 16:37:01 -0700 | [diff] [blame] | 214 | - name: Load modules at boot |
| 215 | become: yes |
| 216 | lineinfile: |
| 217 | dest: /etc/modules |
| 218 | line: "{{ item }}" |
| 219 | with_items: |
| 220 | - lp |
| 221 | - loop |
| 222 | - rtc |
| 223 | - bonding |
| 224 | |
David K. Bainbridge | a677d4e | 2016-09-11 20:01:32 -0700 | [diff] [blame] | 225 | - name: Ensure Network Configuration |
David K. Bainbridge | 317e7d7 | 2016-05-11 08:31:44 -0700 | [diff] [blame] | 226 | become: yes |
David K. Bainbridge | a677d4e | 2016-09-11 20:01:32 -0700 | [diff] [blame] | 227 | include: networking.yml |
David K. Bainbridge | 4ec841c | 2016-05-11 22:10:15 -0700 | [diff] [blame] | 228 | tags: |
| 229 | - interface_config |