Merge pull request #553 from ptrinesh/awx_one_touch

Issue #552: AWX code changes and one-touch implementation

control_plane/roles/deploy_job_templates/tasks/group_inventory.yml

@@ -0,0 +1,32 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Get the hosts in node_inventory
+  command: >-
+    awx --conf.host {{ awx_host }} --conf.username {{ awx_admin_user }} --conf.password {{ awx_password }}
+    --conf.insecure hosts list --inventory {{ node_inventory }} -f human --filter "name"
+  changed_when: false
+  no_log: true
+  register: hosts_list
+
+- name: Add the host to the group in node_inventory if present
+  awx.awx.tower_group:
+    name: "{{ item.split(',')[3] }}"
+    inventory: "{{ node_inventory }}"
+    hosts:
+      - "{{ item.split(',')[2] }}"
+    tower_config_file: "{{ tower_config_file }}"
+  when:
+    - item.split(',')[2] != "IP"
+    - item.split(',')[2] in hosts_list.stdout

control_plane/roles/deploy_job_templates/tasks/main.yml

@@ -0,0 +1,232 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Check if {{ tower_config_file }} file is encrypted
+  command: cat {{ tower_config_file }}
+  changed_when: false
+  no_log: true
+  register: config_content
+
+- name: Decrpyt {{ tower_config_file }}
+  command: >-
+    ansible-vault decrypt {{ tower_config_file }}
+    --vault-password-file {{ tower_vault_file }}
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+  changed_when: false
+
+- name: Change file permissions
+  file:
+    path: "{{ tower_config_file }}"
+    mode: "{{ file_perm }}"
+
+- name: Fetch awx host
+  command: grep "host:" "{{ tower_config_file }}"
+  changed_when: false
+  register: fetch_awx_host
+
+- name: Fetch awx password
+  command: grep "password:" "{{ tower_config_file }}"
+  changed_when: false
+  no_log: true
+  register: fetch_awx_password
+
+- name: Set awx variables
+  set_fact:
+    awx_host: "{{ fetch_awx_host.stdout | regex_replace('host: ','') }}"
+    awx_password: "{{ fetch_awx_password.stdout | regex_replace('password: ','') }}"
+  no_log: true
+
+- name: Launch dynamic inventory
+  block:
+    - name: Launch device inventory job template
+      awx.awx.tower_job_launch:
+        job_template: "{{ device_inventory_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+        timeout: "{{ awx_max_wait_time }}"
+      register: inventory_job_status
+  rescue:
+    - name: Restart awx pod
+      command: kubectl rollout restart deployment awx -n awx
+      changed_when: false
+      when:
+        - inventory_job_status.status is defined
+        - '"pending" in inventory_job_status.status'
+
+    - name: Wait for the awx pod to be up and running
+      wait_for:
+        timeout: "{{ pod_restart_time }}"
+      when:
+        - inventory_job_status.status is defined
+        - '"pending" in inventory_job_status.status'
+
+    - name: Launch device inventory job template
+      awx.awx.tower_job_launch:
+        job_template: "{{ device_inventory_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+        timeout: "{{ awx_max_wait_time }}"
+      when:
+        - inventory_job_status.status is defined
+        - '"pending" in inventory_job_status.status'
+
+    - name: Warning message for device inventory template
+      debug:
+        msg: "{{ device_inventory_template_warn_msg }}"
+      when:
+        - inventory_job_status.status is defined
+        - '"pending" not in inventory_job_status.status'
+
+- name: Configure TOR Switches
+  block:
+    - name: Launch ethernet job template for TOR switches
+      awx.awx.tower_job_launch:
+        job_template: "{{ ethernet_job_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+        timeout: "{{ awx_max_wait_time }}"
+      register: ethernet_job_status
+  rescue:
+    - name: Warning message for ethernet template
+      debug:
+        msg: "{{ ethernet_template_warn_msg }}"
+  when: ethernet_switch_support
+
+- name: Wait for 15 mins for DHCP to assign IP to devices
+  wait_for:
+    timeout: "{{ dhcp_wait_time }}"
+
+- name: Launch device inventory job template
+  awx.awx.tower_job_launch:
+    job_template: "{{ device_inventory_template }}"
+    tower_config_file: "{{ tower_config_file }}"
+    wait: yes
+    timeout: "{{ awx_max_wait_time }}"
+  register: inventory_job_status
+
+- name: Execute ethernet template
+  block:
+    - name: Launch ethernet job template for all switches
+      awx.awx.tower_job_launch:
+        job_template: "{{ ethernet_job_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+        timeout: "{{ awx_max_wait_time }}"
+      register: ethernet_job_status
+  rescue:
+    - name: Warning message for ethernet template
+      debug:
+        msg: "{{ ethernet_template_warn_msg }}"
+  when: ethernet_switch_support
+
+- name: Execute infiniband template
+  block:
+    - name: Launch infiniband job template
+      awx.awx.tower_job_launch:
+        job_template: "{{ infiniband_job_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+        timeout: "{{ awx_max_wait_time }}"
+      register: ib_job_status
+  rescue:
+    - name: Warning message for infiniband template
+      debug:
+        msg: "{{ infiniband_template_warn_msg }}"
+  when: ib_switch_support
+
+- name: Execute powervault_me4 template
+  block:
+    - name: Launch powervault_me4 job template
+      awx.awx.tower_job_launch:
+        job_template: "{{ powervault_me4_job_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+        timeout: "{{ awx_max_wait_time }}"
+      register: powervault_job_status
+  rescue:
+    - name: Warning message for powervault_me4 template
+      debug:
+        msg: "{{ powervault_template_warn_msg }}"
+  when: powervault_support
+
+- name: Execute idrac template
+  block:
+    - name: Launch idrac job template
+      awx.awx.tower_job_launch:
+        job_template: "{{ idrac_job_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+      register: idrac_job_status
+  rescue:
+    - name: Warning message for idrac template
+      debug:
+        msg: "{{ idrac_template_warn_msg }}"
+
+- name: Wait for 30 mins for idrac provisioning to be completed and inventory to be updated in AWX
+  wait_for:
+    timeout: "{{ provisioning_wait_time }}"
+  when: host_mapping_file
+
+- name: Check the host_mapping_file_path output
+  command: cat {{ host_mapping_file_path }}
+  changed_when: false
+  register: mapping_file
+  when: host_mapping_file
+
+- name: Group the hosts in node_inventory when mapping file is present
+  include_tasks: "{{ role_path }}/tasks/group_inventory.yml"
+  with_items: "{{ mapping_file.stdout_lines }}"
+  when: host_mapping_file and component_role_support
+
+- name: Launch deploy_omnia job template
+  awx.awx.tower_job_launch:
+    job_template: "{{ component_role_job_template }}"
+    tower_config_file: "{{ tower_config_file }}"
+    wait: yes
+  register: component_role_job_status
+  when: host_mapping_file and component_role_support
+
+- name: Create awx job template for configuring new devices
+  awx.awx.tower_job_template:
+    name: "{{ item.name }}"
+    job_type: "run"
+    organization: "{{ awx_organization }}"
+    inventory: "{{ item.inventory }}"
+    project: "{{ project_name }}"
+    playbook: "{{ item.playbook }}"
+    credentials:
+     - "{{ item.credential }}"
+    state: present
+    tower_config_file: "{{ tower_config_file }}"
+  loop: "{{ job_template_details }}"
+
+- name: Build a schedule for configure new devices
+  awx.awx.tower_schedule:
+    name: "{{ item.name }}"
+    unified_job_template: "{{ item.template }}"
+    rrule: "{{ item.rrule }}"
+    state: present
+    tower_config_file: "{{ tower_config_file }}"
+  loop: "{{ scheduled_template }}"
+
+- name: Encrypt {{ tower_config_file }}
+  command: >-
+    ansible-vault encrypt {{ tower_config_file }}
+    --vault-password-file {{ tower_vault_file }}
+  changed_when: false
+
+- name: Change file permissions
+  file:
+    path: "{{ tower_config_file }}"
+    mode: "{{ file_perm }}"

control_plane/roles/deploy_job_templates/vars/main.yml

@@ -0,0 +1,44 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+base_vars_file: "{{ role_path }}/../../input_params/base_vars.yml"
+awx_namespace: awx
+awx_admin_user: admin
+awx_port: 8052
+tower_config_file: "{{ role_path }}/../../roles/webui_awx/files/.tower_cli.cfg"
+tower_vault_file: "{{ role_path }}/../../roles/webui_awx/files/.tower_vault_key"
+ethernet_inventory: "ethernet_inventory"
+node_inventory: "node_inventory"
+device_inventory_template: "device_inventory_job"
+idrac_job_template: "idrac_template"
+ethernet_job_template: "ethernet_template"
+infiniband_job_template: "infiniband_template"
+powervault_me4_job_template: "powervault_me4_template"
+component_role_job_template: "deploy_omnia_template"
+job_execution_success_msg: "Job execution is successful"
+job_execution_failure_msg: "Job execution is failed!"
+device_inventory_template_warn_msg: "Device inventory template execution didn't exit successfully. Detailed output can be viewed on AWX UI"
+ethernet_template_warn_msg: "Ethernet template execution didn't exit successfully. Detailed output can be viewed on AWX UI"
+infiniband_template_warn_msg: "Infiniband template execution didn't exit successfully. Detailed output can be viewed on AWX UI"
+powervault_template_warn_msg: "Powervault_me4 template execution didn't exit successfully. Detailed output can be viewed on AWX UI"
+idrac_template_warn_msg: "idrac template execution didn't exit successfully. Detailed output can be viewed on AWX UI"
+provisioning_wait_time: 1800
+dhcp_wait_time: 900
+awx_max_wait_time: 900
+pod_restart_time: 90
+project_name: 'omnia'
+job_template_details:
+  - { name: configure_new_devices_job, inventory: idrac_inventory, playbook: control_plane/tools/configure_new_devices.yml, credential: idrac_credential }
+scheduled_template:
+  - { name: ConfigureNewDeviceSchedule, template: configure_new_devices_job, rrule: "DTSTART:20210729T063000Z RRULE:FREQ=DAILY;INTERVAL=1" }

control_plane/roles/webui_awx/files/awx_ee.yml

@@ -5,14 +5,16 @@ USER root
 # add Ansible galaxy dependencies
 ADD requirements.yml /tmp/requirements.yml
 
-# install omsdk
-RUN pip install omsdk --upgrade
+# install packages
+RUN pip install --upgrade \
+omsdk \
+netaddr
 
 # install Ansible Galaxy collections
 RUN ansible-galaxy collection install -r /tmp/requirements.yml --collections-path /usr/share/ansible/collections
 
 # add certificates
 RUN update-ca-trust force-enable
-RUN chmod -R 0777 /usr/share/ansible/collections
+RUN chmod -R 0777 /usr/share/ansible/collections 
 
 USER 1000

control_plane/roles/webui_awx/tasks/awx_configuration.yml

@@ -12,6 +12,20 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
+- name: Check if {{ tower_config_file }} file is encrypted
+  command: cat {{ tower_config_file }}
+  changed_when: false
+  no_log: true
+  register: config_content
+  run_once: true
+
+- name: Decrpyt {{ tower_config_file }}
+  command: >-
+    ansible-vault decrypt {{ tower_config_file }}
+    --vault-password-file {{ tower_vault_file }}
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+  changed_when: false
+  run_once: true
 
 # Deleting the defaults
 - name: Delete machine credential
@@ -19,25 +33,29 @@
     name: "{{ default_credential }}"
     credential_type: "{{ default_credential_type }}"
     state: absent
-    tower_config_file: "~/.tower_cli.cfg"
+    tower_config_file: "{{ tower_config_file }}"
+  register: delete_credential
+  until: not delete_credential.failed
+  retries: "{{ max_retries }}"
+  delay: "{{ max_delay }}"
 
 - name: Delete job template
   awx.awx.tower_job_template:
     name: "{{ default_template }}"
     state: absent
-    tower_config_file: "~/.tower_cli.cfg"
+    tower_config_file: "{{ tower_config_file }}"
     
 - name: Delete project
   awx.awx.tower_project:
     name: "{{ default_project }}"
     state: absent
-    tower_config_file: "~/.tower_cli.cfg"
+    tower_config_file: "{{ tower_config_file }}"
 
 - name: Delete organization
   awx.awx.tower_organization:
     name: "{{ default_org }}"
     state: absent
-    tower_config_file: "~/.tower_cli.cfg"
+    tower_config_file: "{{ tower_config_file }}"
 
 # Configuration begins
 - name: Create organization
@@ -45,7 +63,7 @@
     name: "{{ awx_organization }}"
     description: "Name of organization using this product"
     state: present
-    tower_config_file: "~/.tower_cli.cfg"
+    tower_config_file: "{{ tower_config_file }}"
 
 - name: Create awx inventories
   awx.awx.tower_inventory:
@@ -53,7 +71,7 @@
     description: "{{ item.description }}"
     organization: "{{ awx_organization }}"
     state: present
-    tower_config_file: "~/.tower_cli.cfg"
+    tower_config_file: "{{ tower_config_file }}"
   loop: "{{ inventory_names }}"
   when: item.flag
 
@@ -63,7 +81,7 @@
     description: "{{ item.description }}"
     inventory: "node_inventory"
     state: present
-    tower_config_file: "~/.tower_cli.cfg"
+    tower_config_file: "{{ tower_config_file }}"
   loop: "{{ group_names }}"
 
 - name: Add project
@@ -73,9 +91,9 @@
     organization: "{{ awx_organization }}"
     scm_type: manual
     local_path: "{{ role_path.split('/')[-4] }}"
-    default_environment: "custom-awx-ee"
+    default_environment: custom-awx-ee
     state: present
-    tower_config_file: "~/.tower_cli.cfg"
+    tower_config_file: "{{ tower_config_file }}"
 
 - name: Add awx credentials
   awx.awx.tower_credential:
@@ -86,12 +104,13 @@
       username: "{{ item.username }}"
       password: "{{ item.password }}"
     state: present
-    tower_config_file: "~/.tower_cli.cfg"
+    tower_config_file: "{{ tower_config_file }}"
   loop: "{{ credential_details }}"
+  no_log: true
   changed_when: true
   when: item.flag
 
-- name: Create awx job templates
+- name: Create awx job templates for network devices, inventories, storage and idrac
   awx.awx.tower_job_template:
     name: "{{ item.name }}"
     job_type: "run"
@@ -102,11 +121,11 @@
     credentials:
       - "{{ item.credential }}"
     state: present
-    tower_config_file: "~/.tower_cli.cfg"
+    tower_config_file: "{{ tower_config_file }}"
   loop: "{{ job_template_details }}"
   when: item.flag
 
-- name: Create deploy_omnia_template
+- name: Create awx job template for deploying omnia
   awx.awx.tower_job_template:
     name: "{{ item.name }}"
     job_type: "run"
@@ -114,19 +133,30 @@
     inventory: "{{ item.inventory }}"
     project: "{{ project_name }}"
     playbook: "{{ item.playbook }}"
+    ask_skip_tags_on_launch: true
     credentials:
       - "{{ item.credential }}"
-    ask_skip_tags_on_launch: true
     state: present
-    tower_config_file: "~/.tower_cli.cfg"
-  loop: "{{ deploy_omnia_details }}"
+    tower_config_file: "{{ tower_config_file }}"
+  loop: "{{ omnia_job_template_details }}"
 
 - name: Build a schedule for idrac job template
   awx.awx.tower_schedule:
     name: "{{ item.name }}"
     unified_job_template: "{{ item.template }}"
-    rrule: "{{ schedule_rule }}"
+    rrule: "{{ item.schedule_rule }}"
     state: present
-    tower_config_file: "~/.tower_cli.cfg"
+    tower_config_file: "{{ tower_config_file }}"
   register: result
-  loop: "{{ scheduled_templates}}"
+  loop: "{{ scheduled_templates }}"
+
+- name: Encrypt {{ tower_config_file }}
+  command: >-
+    ansible-vault encrypt {{ tower_config_file }}
+    --vault-password-file {{ tower_vault_file }}
+  changed_when: false
+
+- name: Change file permissions
+  file:
+    path: "{{ tower_config_file }}"
+    mode: "{{ file_perm }}"

control_plane/roles/webui_awx/tasks/configure_settings.yml

@@ -12,60 +12,125 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-
 # Get Current AWX configuration
 
+- name: Get the awx services
+  command: "kubectl get svc -n {{ awx_namespace }}"
+  changed_when: false
+  register: awx_services
+  
+- name: Expose the service for awx deployment on 8052 port
+  command: "kubectl expose deployment awx --type=NodePort --name={{ awx_service_name }} --port={{ awx_port }} -n {{ awx_namespace }}"
+  changed_when: false
+  when: awx_service_name not in awx_services.stdout
+
 - name: Get awx-service Cluster-IP
-  command: "kubectl get svc awx-service -n {{ awx_namespace }} -o jsonpath='{.spec.clusterIP}'"
+  command: "kubectl get svc {{ awx_service_name }} -n {{ awx_namespace }} -o jsonpath='{.spec.clusterIP}'"
   register: awx_cluster_ip
   changed_when: false
 
 - name: Get AWX admin password
-  shell: "kubectl get secret awx-admin-password -n {{ awx_namespace }} -o jsonpath='{.data.password}' | base64 --decode"
+  shell: >
+    set -o pipefail && \
+    kubectl get secret awx-admin-password -n {{ awx_namespace }} -o jsonpath='{.data.password}' | base64 --decode
   register: awx_admin_password
   changed_when: false
 
 - name: Check if config file exists
   stat:
-    path: "~/.tower_cli.cfg"
-  register: config_file_status
+    path: "{{ tower_config_file }}"
+  register: config_file
 
-- name: Create config file
+- name: Create tower config file
   copy:
-    dest:  "~/.tower_cli.cfg"
+    dest:  "{{ tower_config_file }}"
     content: |
       [general]
-      host: http://{{ awx_cluster_ip.stdout }}
+      host: http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}
       username: admin
       password: {{ awx_admin_password.stdout }}
       verify_ssl: false
       use_token: false
     owner: root
     mode: "{{ file_perm }}"
+  when: not config_file.stat.exists
+
+- name: Check if tower_vault_key exists
+  stat:
+    path: "{{ tower_vault_file }}"
+  register: tower_vault
+
+- name: Create ansible vault key if it does not exist
+  set_fact:
+    tower_vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
+  when: not tower_vault.stat.exists
+
+- name: Save vault key
+  copy:
+    dest: "{{ tower_vault_file }}"
+    content: |
+      {{ tower_vault_key }}
+    owner: root
+    force: yes
+    mode: "{{ vault_file_perm }}"
+  when: not tower_vault.stat.exists
+
+- name: Check if {{ tower_config_file }} file is encrypted
+  command: cat {{ tower_config_file }}
+  changed_when: false
+  no_log: true
+  register: config_content
+  run_once: true
+
+- name: Encrypt {{ tower_config_file }}
+  command: >-
+    ansible-vault encrypt {{ tower_config_file }}
+    --vault-password-file {{ tower_vault_file }}
+  changed_when: false
+  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
+  run_once: true
+
+- name: Change file permissions
+  file:
+    path: "{{ tower_config_file }}"
+    mode: "{{ file_perm }}"
+
+- name: Open awx TCP ports on the firewall
+  firewalld:
+    port: "{{ item }}/tcp"
+    permanent: yes
+    state: enabled
+  with_items: "{{ awx_tcp_ports }}"
+
+- name: Masquerade the firewall
+  firewalld:
+    masquerade: yes
+    permanent: yes
+    state: enabled
+    zone: public
 
-- name: Stop and disable firewalld
-  service:
+- name: Reload firewalld service
+  systemd:
     name: firewalld
-    state: stopped
-    enabled: no
+    state: reloaded
 
 - name: Waiting for the AWX UI to be up
   uri:
-    url: "http://{{ awx_cluster_ip.stdout }}"
+    url: "http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}"
     status_code: "{{ return_status }}"
   register: display
   until: display.status == 200
-  retries: 20
-  delay: 15
+  retries: "{{ max_retries }}"
+  delay: "{{ max_delay }}"
   changed_when: false
 
 - name: Waiting for the AWX UI to be in running state
   uri:
-    url: "http://{{ awx_cluster_ip.stdout }}"
+    url: "http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}"
     status_code: "{{ return_status }}"
     return_content: true
   register: display
   until: awx_ui_msg not in display.content
-  retries: 20
-  delay: 15
+  retries: "{{ max_retries }}"
+  delay: "{{ max_delay }}"
   changed_when: false

control_plane/roles/webui_awx/tasks/install_awx.yml

@@ -62,13 +62,13 @@
   changed_when: false
   register: docker_images
 
-- name: Build the custom-awx-ee image from the docker file
+- name: Build the custom-awx-ee image from the docker file (It may take 5-10min)
   command: "buildah bud -t custom-awx-ee {{ awx_ee_docker_file }}"
   changed_when: false
   when: "'custom-awx-ee' not in docker_images.stdout"
 
 - name: Waiting for awx-operator deployment to be up and running
-  shell: "kubectl wait --for=condition=available deployment/awx-operator -n {{ awx_namespace }} --timeout=600s"
+  command: kubectl wait --for=condition=available deployment awx-operator -n {{ awx_namespace }} --timeout=600s
   changed_when: false
 
 - name: Deploy awx
@@ -91,6 +91,13 @@
     timeout: "{{ awx_wait_time }}"
   when: not k8s_pods.stdout | regex_search('awx-([A-Za-z0-9]{10})-([A-Za-z0-9]{5})')
 
-- name: Waiting for awx deployment to be up and running
-  shell: "kubectl wait --for=condition=available deployment/awx -n {{ awx_namespace }} --timeout=1200s"
-  changed_when: false
+- name: Fails if the pods go into ImagePullBackOff state
+  block:
+    - name: Waiting for awx deployment to be up and running
+      command: kubectl wait --for=condition=available deployment awx -n {{ awx_namespace }} --timeout=1200s
+      changed_when: false
+
+  rescue:
+    - name: Display failure message
+      debug:
+        msg: "{{ deployment_failure_msg }}"

control_plane/roles/webui_awx/vars/main.yml

@@ -18,19 +18,33 @@
 awx_namespace: awx
 awx_pv_yml_file_path: "{{ role_path }}/files/awx_projects_pv.yml"
 awx_postgres_pv_file_path: "{{ role_path }}/files/awx_postgres_pv.yml"
-awx_pvc_yml_file_path: "{{ role_path }}/files/awx_projects_pvclaim.yml"
 awx_operator_yml_file_path: "{{ role_path }}/files/awx_operator.yml"
 awx_ee_docker_file: "{{ role_path }}/files/awx_ee.yml"
 awx_yml_file_path: "{{ role_path }}/files/awx.yml"
 postgres_storage_class: nfs-client
 projects_existing_claim: awx-pv-claim
 awx_version: 19.1.0
-file_perm: 644
+file_perm: '0644'
 awx_wait_time: 90
+deployment_failure_msg: "Deployment failed due to docker pull rate limit"
 
 # Usage: configure_settings.yml
+awx_port: 8052
+awx_service_name: awx-ui
+tower_config_file: "{{ role_path }}/files/.tower_cli.cfg"
+tower_vault_file: "{{ role_path }}/files/.tower_vault_key"
+vault_file_perm: '0644'
+awx_tcp_ports:
+  - 80
+  - 8383
+  - 8686
+  - 5432
+  - 8052
+  - 30000-32767
 awx_ui_msg: "AWX Upgrading"
 return_status: 200
+max_retries: 20
+max_delay: 15
 
 # Usage: awx_configuration.yml
 default_org: Default
@@ -50,14 +64,14 @@ inventory_names:
 group_names:
   - { name: manager, description: "Group to store IP of head node" }
   - { name: compute, description: "Group to store IPs of compute nodes" }
-  - { name: login, description: "Group to store IP of login node" }
-  - { name: nfs, description: "Group to store IP of NFS node" }
+  - { name: login_node, description: "Group to store IP of login node" }
+  - { name: nfs_node, description: "Group to store IP of NFS node" }
 credential_details:
   - { name: idrac_credential, type: Network, username: "{{ idrac_username }}", password: "{{ idrac_password }}", flag: true }
   - { name: ethernet_credential, type: Machine, username: "{{ ethernet_switch_username }}", password: "{{ ethernet_switch_password }}", flag: "{{ ethernet_switch_support }}" }
   - { name: infiniband_credential, type: Network, username: "{{ ib_username }}", password: "{{ ib_password }}", flag: "{{ ib_switch_support }}" }
   - { name: powervault_me4_credential, type: Network, username: "{{ powervault_me4_username }}", password: "{{ powervault_me4_password }}", flag: "{{ powervault_support }}" }
-  - { name: node_credential, type: Machine, username: root, password: "{{ provision_password }}", flag: true }
+  - { name: node_credential, type: Machine, username: root, password: omnia@123, flag: true }
 job_template_details:
   - { name: idrac_template, inventory: idrac_inventory, playbook: control_plane/idrac.yml, credential: idrac_credential, flag: true }
   - { name: ethernet_template, inventory: ethernet_inventory, playbook: control_plane/ethernet.yml, credential: ethernet_credential, flag: "{{ ethernet_switch_support }}" }
@@ -65,9 +79,8 @@ job_template_details:
   - { name: powervault_me4_template, inventory: powervault_me4_inventory, playbook: control_plane/powervault_me4.yml, credential: powervault_me4_credential, flag: "{{ powervault_support }}" }
   - { name: node_inventory_job, inventory: node_inventory, playbook: control_plane/collect_node_info.yml, credential: node_credential, flag: true }
   - { name: device_inventory_job, inventory: node_inventory, playbook: control_plane/collect_device_info.yml, credential: node_credential, flag: true }
-deploy_omnia_details:
-  - { name: deploy_omnia_template, inventory: node_inventory, playbook: omnia.yml, credential: node_credential }
-schedule_rule: "DTSTART:20210608T120000Z RRULE:FREQ=MINUTELY;INTERVAL=10"
+omnia_job_template_details:
+  - { name: deploy_omnia_template, inventory: node_inventory, playbook: omnia.yml, credential: node_credential }  
 scheduled_templates:
-  - { name: NodeInventorySchedule, template: node_inventory_job }
-  - { name: DeviceInventorySchedule, template: device_inventory_job }
+  - { name: NodeInventorySchedule, template: node_inventory_job, schedule_rule: "DTSTART:20210815T120000Z RRULE:FREQ=MINUTELY;INTERVAL=10" }
+  - { name: DeviceInventorySchedule, template: device_inventory_job, schedule_rule: "DTSTART:20210815T060000Z RRULE:FREQ=DAILY;INTERVAL=1"}