Merge pull request #760 from abhishek-sa1/control_plane_tag

Issue #735: Tags for control_plane roles

control_plane/control_plane.yml

@@ -17,16 +17,40 @@
   hosts: localhost
   connection: local
   roles:
-    - control_plane_common
-    - control_plane_k8s
-    - control_plane_device
-    - provision_cobbler
-    - webui_awx
-    - webui_grafana
-    - control_plane_ib
-    - control_plane_sm
-    - control_plane_customiso
-    - control_plane_repo
-    - control_plane_security
-    - control_plane_monitoring
-    - deploy_job_templates
+    - role: control_plane_common
+
+    - role: control_plane_k8s
+      tags: init
+
+    - role: control_plane_device
+      tags: network-device
+
+    - role: provision_cobbler
+      tags: pxe
+
+    - role: webui_awx
+      tags: awx
+
+    - role: webui_grafana
+      tags: monitoring
+
+    - role: control_plane_ib
+      tags: network-ib
+
+    - role: control_plane_sm
+      tags: network-ib
+
+    - role: control_plane_customiso
+      tags: idrac
+
+    - role: control_plane_repo
+      tags: firmware-repo
+
+    - role: control_plane_security
+      tags: security
+
+    - role: control_plane_monitoring
+      tags: monitoring
+
+    - role: deploy_job_templates
+      tags: templates

control_plane/roles/control_plane_repo/files/poweredge_models.txt

@@ -14,4 +14,4 @@ R750
 R750xa
 R840
 R940
-R940xa
+R940xa

control_plane/roles/control_plane_common/tasks/count_component_roles.yml

@@ -1,4 +1,4 @@
-# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,22 +16,18 @@
   set_fact:
     count_of_manager: "{{ count_of_manager| int + 1 }}"
   when: item == group_name_manager
-  tags: install
 
 - name: Count of compute nodes defined
   set_fact:
     count_of_compute: "{{ count_of_compute| int + 1 }}"
   when: item == group_name_compute
-  tags: install
 
 - name: Count of login nodes defined
   set_fact:
     count_of_login: "{{ count_of_login| int + 1 }}"
   when: item == group_name_login
-  tags: install
 
 - name: Count of NFS nodes defined
   set_fact:
     count_of_nfs_node: "{{ count_of_nfs_node| int + 1 }}"
   when: item == group_name_nfs
-  tags: install

control_plane/roles/control_plane_common/tasks/fetch_base_inputs.yml

@@ -16,11 +16,13 @@
 - name: Include base variable file base_vars.yml
   include_vars: "{{ base_vars_filename }}"
   no_log: true
+  tags: init
 
 - name: Validate input parameters of base_vars are not empty
   fail:
     msg: "{{ input_base_failure_msg }}"
   register: input_base_check
+  tags: validate
   when:
     - ansible_conf_file_path | length < 1 or
       public_nic | length < 1 or
@@ -49,10 +51,12 @@
       - default_lease_time|int >= 21600
     success_msg: "{{ success_msg_lease_time }}"
     fail_msg: "{{ fail_msg_lease_time }}"
+  tags: [ validate, pxe, network-device, network-ib ]
 
 - name: Calculate max lease time
   set_fact:
     max_lease_time: "{{ default_lease_time|int + 10000 }}"
+  tags: [ init, pxe, network-device, network-ib ]
 
 - name: Validate infiniband base_vars are not empty
   assert:
@@ -64,18 +68,21 @@
     fail_msg: "{{ fail_msg_ib }}"
   register: ib_check
   when: ib_switch_support
+  tags: [ validate, network-ib ]
 
 - name: Set facts to validate snmp support
   set_fact:
     snmp_enabled: false   
     mngmnt_mapping_file: false
     host_mapping_file: false
+  tags: init
 
 - name: Verify snmp_trap_destination IP address
   set_fact:
     snmp_enabled: true
   when: snmp_trap_destination | length > 1
-
+  tags: init
+  
 - name: Assert snmp trap destination address
   assert:
     that:
@@ -85,6 +92,7 @@
     success_msg: "{{ success_snmp_trap_dest }}"
     fail_msg: "{{ fail_snmp_trap_dest }}"
   when: snmp_enabled
+  tags: [ validate, idrac, network-device, network-ib ]
 
 - name: Assert snmp community string
   assert:
@@ -94,11 +102,13 @@
     success_msg: "{{ success_snmp_comm_msg }}"
     fail_msg: "{{ fail_snmp_comm_msg }}"
   when: snmp_enabled
+  tags: [ validate, idrac, network-device, network-ib ]
 
 - name: Check whether ansible config file exists
   stat:
     path: "{{ ansible_conf_file_path }}/ansible.cfg"
   register: ansible_conf_exists
+  tags: init
 
 - name: Create the directory if it does not exist
   file:
@@ -107,6 +117,7 @@
     mode: "{{ file_perm }}"
   when: not ansible_conf_exists.stat.exists
   changed_when: false
+  tags: init
 
 - name: Create ansible config file if it does not exist
   copy:
@@ -116,6 +127,7 @@
       [defaults]
       log_path = /var/log/omnia.log
   when: not ansible_conf_exists.stat.exists
+  tags: init
 
 - name: Assert ethernet_switch_support
   assert:
@@ -123,6 +135,7 @@
       - ethernet_switch_support == true or ethernet_switch_support == false
     success_msg: "{{ ethernet_switch_support_success_msg }}"
     fail_msg: "{{ ethernet_switch_support_fail_msg }}"
+  tags: [ validate, init ]
 
 - name: Assert ib_switch_support
   assert:
@@ -130,6 +143,7 @@
       - ib_switch_support == true or ib_switch_support == false
     success_msg: "{{ ib_switch_support_success_msg }}"
     fail_msg: "{{ ib_switch_support_fail_msg }}"
+  tags: [ validate, init ]
 
 - name: Assert powervault_support
   assert:
@@ -137,6 +151,7 @@
       - powervault_support == true or powervault_support == false
     success_msg: "{{ powervault_support_success_msg }}"
     fail_msg: "{{ powervault_support_fail_msg }}"
+  tags: [ validate, init ]
 
 - name: Assert enable_security_support
   assert:
@@ -144,23 +159,8 @@
       - enable_security_support == true or enable_security_support == false
     success_msg: "{{ enable_security_support_success_msg }}"
     fail_msg: "{{ enable_security_support_fail_msg }}"
-
-- name: Fetch the network interfaces in UP state in the system
-  shell: set -o pipefail && ip a | awk '/state UP/{print $2}'
-  register: nic_addr_up
-  changed_when: false
-
-- name: Assert public nic
-  assert:
-    that:
-      - public_nic in nic_addr_up.stdout
-    success_msg: "{{ success_msg_public_nic }}"
-    fail_msg: "{{ fail_msg_public_nic }}"
-
-- name: Fetch the system public IP
-  set_fact:
-    public_ip: "{{ lookup('vars','ansible_'+public_nic).ipv4.address }}"
-
+  tags: [ validate, init ]
+  
 - name: Assert kubernetes pod network CIDR
   assert:
     that:
@@ -169,8 +169,9 @@
       - '"/" in appliance_k8s_pod_net_cidr '
     success_msg: "{{ success_msg_k8s_pod_network_cidr }}"
     fail_msg: "{{ fail_msg_k8s_pod_network_cidr }}"
+  tags: [ validate, init ]
 
-- name: Assert Organization in awx
+- name: Assert organization in awx
   assert:
     that:
       - awx_organization | length >= min_username_length
@@ -181,6 +182,7 @@
       - " \"'\" not in awx_organization "
     success_msg: "{{ success_awx_organization }}"
     fail_msg: "{{ fail_awx_organization }}"
+  tags: [ validate, awx ]
 
 - name: Make mount directory for grafana if it doesnt exist
   file:
@@ -189,300 +191,11 @@
     mode: "{{ mount_dir_perm }}"
     group: root
     owner: root
+  tags: [ init, monitoring ]
 
-- name: Check timezone file
-  command: grep -Fx "{{ timezone }}" {{ role_path }}/files/timezone.txt
-  failed_when: false
-  register: timezone_out
-  changed_when: false
-
-- name: Assert timezone
-  assert:
-    that: timezone in timezone_out.stdout
-    success_msg: "{{ success_timezone_msg }}"
-    fail_msg: "{{ fail_timezone_msg }}"
-  register: timezone_check
-
-- name: Assert language for provisioning nodes
-  fail:
-    msg: "{{ fail_language }}"
-  when: '"en-US" not in language'
-
-- name: Assert provisioning method
-  assert:
-    that:
-      - provision_method == "PXE" or provision_method == "idrac"
-    success_msg: "{{ success_provision_method }}"
-    fail_msg: "{{ fail_provision_method }}"
-
-- name: Assert provision_state
-  assert:
-    that: 
-      - provision_state == "stateful"
-    fail_msg: "{{ provision_state_fail_msg }}"
-    success_msg: "{{ provision_state_success_msg }}"
-
-- name: Assert operating system
-  assert:
-    that:
-      - provision_os == os_supported_centos or 
-        provision_os == os_supported_rocky or
-        provision_os == os_supported_leap
-    fail_msg: "{{ provision_os_fail_msg }}"
-    success_msg: "{{ provision_os_success_msg }}"
-
-- name: Verify the iso_file_path
-  stat:
-    path: "{{ iso_file_path }}"
-  register: result_path_iso_file
-
-- name : Assert iso_file_path location
-  fail:
-    msg: "{{ missing_iso_file_path }}"
-  when: not result_path_iso_file.stat.exists
-
-- name: Validate iso_file_path name
-  assert:
-    that:
-      - result_path_iso_file.stat.exists
-      - '".iso" in iso_file_path'
-      - provision_os in iso_file_path | lower
-    fail_msg: "{{ invalid_iso_file_path }}"
-    success_msg:  "{{ valid_iso_file_path }}"
-
-#### management_net_dhcp_start_end_range
-- name: Assert management network nic
-  assert:
-    that:
-      - mngmnt_network_nic in nic_addr_up.stdout
-    success_msg: "{{ success_msg_mngmnt_network_nic }}"
-    fail_msg: "{{ fail_msg_mngmnt_network_nic }}"
-
-- name: Fetch the management network ip, netmask and subnet
-  set_fact:
-    mngmnt_network_ip: "{{ lookup('vars','ansible_'+mngmnt_network_nic).ipv4.address }}"
-    mngmnt_network_netmask: "{{ lookup('vars','ansible_'+mngmnt_network_nic).ipv4.netmask }}"
-    mngmnt_network_subnet: "{{ lookup('vars','ansible_'+mngmnt_network_nic).ipv4.network }}"
-
-- name: Check the subnet of management network dhcp start range
-  shell: |
-    IFS=. read -r i1 i2 i3 i4 <<< "{{ mngmnt_network_dhcp_start_range }}"
-    IFS=. read -r m1 m2 m3 m4 <<< "{{ mngmnt_network_netmask }}"
-    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
-  args:
-    warn: no
-  register: dhcp_start_mgmnt_result
-  changed_when: false
-
-- name: Set the start dhcp subnet for management network
-  set_fact:
-    dhcp_start_mgmnt: "{{ dhcp_start_mgmnt_result.stdout }}"
-
-- name: Check the subnet of dhcp end range for management network
-  shell: |
-    IFS=. read -r i1 i2 i3 i4 <<< "{{ mngmnt_network_dhcp_end_range }}"
-    IFS=. read -r m1 m2 m3 m4 <<< "{{ mngmnt_network_netmask }}"
-    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
-  register: dhcp_end_mgmnt_result
-  changed_when: false
-
-- name: Set the end dhcp subnet for management network
-  set_fact:
-    dhcp_end_mgmnt: "{{ dhcp_end_mgmnt_result.stdout }}"
-
-- name: Assert management_net_dhcp_start_range
-  assert:
-    that:
-      - mngmnt_network_dhcp_start_range |  length > 1
-      - mngmnt_network_dhcp_start_range | ipv4
-      - mngmnt_network_dhcp_start_range != mngmnt_network_ip
-      - mngmnt_network_dhcp_start_range != mngmnt_network_dhcp_end_range
-      - dhcp_start_mgmnt == mngmnt_network_subnet
-      - dhcp_start_mgmnt == dhcp_end_mgmnt
-    success_msg: "{{ success_dhcp_range }} for management network"
-    fail_msg: "{{ fail_dhcp_range }} for management network"
-
-- name: Assert management_net_dhcp_end_range
-  assert:
-    that:
-      - mngmnt_network_dhcp_end_range |  length > 1
-      - mngmnt_network_dhcp_end_range | ipv4
-      - mngmnt_network_dhcp_end_range != mngmnt_network_ip
-      - mngmnt_network_dhcp_start_range != mngmnt_network_dhcp_end_range
-      - dhcp_end_mgmnt == mngmnt_network_subnet
-      - dhcp_start_mgmnt == dhcp_end_mgmnt
-    success_msg: "{{ success_dhcp_range }} for management network"
-    fail_msg: "{{ fail_dhcp_range }} for management network"
-
-- name: Set the mapping file value for management network
-  set_fact:
-    mngmnt_mapping_file: true
-  when: mngmnt_mapping_file_path | length > 0
-
-- name: Assert valid mngmnt_mapping_file_path
-  stat:
-    path: "{{ mngmnt_mapping_file_path }}"
-  when: mngmnt_mapping_file
-  register: result_mngmnt_mapping_file
-
-- name : Valid mngmnt_mapping_file_path
-  fail:
-    msg: "{{ invalid_mapping_file_path }} for management network"
-  when: mngmnt_mapping_file and not result_mngmnt_mapping_file.stat.exists
-#########
-
-###Host network####
-- name: Fetch the host network ip, netmask and subnet
-  set_fact:
-    hpc_ip: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.address }}"
-    netmask: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.netmask }}"
-    subnet: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.network }}"
-
-- name: Check the subnet of host network dhcp start range
-  shell: |
-    IFS=. read -r i1 i2 i3 i4 <<< "{{ host_network_dhcp_start_range }}"
-    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
-    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
-  args:
-    warn: no
-  register: dhcp_start_host_result
-  changed_when: false
-
-- name: Set the start dhcp subnet for host network
-  set_fact:
-    dhcp_start_host: "{{ dhcp_start_host_result.stdout }}"
-
-- name: Check the subnet of dhcp end range for host network
-  shell: |
-    IFS=. read -r i1 i2 i3 i4 <<< "{{ host_network_dhcp_end_range }}"
-    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
-    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
-  register: dhcp_end_host_result
-  changed_when: false
-
-- name: Set the end dhcp subnet for host network
-  set_fact:
-    dhcp_end_host: "{{ dhcp_end_host_result.stdout }}"
-
-- name: Assert host_network_dhcp_start_range
-  assert:
-    that:
-      - host_network_dhcp_start_range | length > 1
-      - host_network_dhcp_start_range | ipv4
-      - host_network_dhcp_start_range != hpc_ip
-      - host_network_dhcp_start_range != host_network_dhcp_end_range
-      - dhcp_start_host == subnet
-      - dhcp_start_host == dhcp_end_host
-    success_msg: "{{ success_dhcp_range }} for host network"
-    fail_msg: "{{ fail_dhcp_range }} for host network"
-
-- name: Assert host_network_dhcp_end_range
-  assert:
-    that:
-      - host_network_dhcp_end_range | length > 1
-      - host_network_dhcp_end_range | ipv4
-      - host_network_dhcp_end_range != hpc_ip
-      - host_network_dhcp_start_range != host_network_dhcp_end_range
-      - dhcp_end_host == subnet
-      - dhcp_start_host == dhcp_end_host
-    success_msg: "{{ success_dhcp_range }} for host network"
-    fail_msg: "{{ fail_dhcp_range }} for host network"
-
-- name: Set the mapping file value for host network
-  set_fact:
-    host_mapping_file: true
-  when: host_mapping_file_path | length > 0
-  
-- name: Assert valid mapping_file_path
-  stat: 
-    path: "{{ host_mapping_file_path }}"
-  when: host_mapping_file
-  register: result_host_mapping_file
-  
-- name: Valid mapping_file_path
-  fail:
-    msg: "{{ invalid_mapping_file_path }} for host_network"
-  when: host_mapping_file and not result_host_mapping_file.stat.exists
-
-- name: Verify different nics
-  assert:
-    that:
-      - public_nic != mngmnt_network_nic
-      - mngmnt_network_nic != host_network_nic
-      - public_nic != host_network_nic
-    success_msg: "{{ success_msg_different_nics }}"
-    fail_msg: "{{ fail_msg_different_nics }}"
+- name: Validate provision paramters
+  import_tasks: validate_provision_vars.yml
+  tags: [ validate, idrac, pxe ]
 
-########
-- name: Fetch the infiniband network ip, netmask and subnet
-  set_fact:
-    ib_ip: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.address }}"
-    ib_netmask: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.netmask }}"
-    ib_subnet: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.network }}"
-  when: ib_switch_support
-
-- name: Check the subnet of infiniband network dhcp start range
-  shell: |
-    IFS=. read -r i1 i2 i3 i4 <<< "{{ ib_network_dhcp_start_range }}"
-    IFS=. read -r m1 m2 m3 m4 <<< "{{ ib_netmask }}"
-    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
-  args:
-    warn: no
-  register: dhcp_start_ib_result
-  when: ib_switch_support
-  changed_when: false
-
-- name: Set the start dhcp subnet for infiniband network
-  set_fact:
-    dhcp_start_ib: "{{ dhcp_start_ib_result.stdout }}"
-  when: ib_switch_support
-
-- name: Check the subnet of dhcp end range for infiniband network
-  shell: |
-    IFS=. read -r i1 i2 i3 i4 <<< "{{ ib_network_dhcp_end_range }}"
-    IFS=. read -r m1 m2 m3 m4 <<< "{{ ib_netmask }}"
-    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
-  register: dhcp_end_ib_result
-  when: ib_switch_support
-  changed_when: false
-
-- name: Set the end dhcp subnet for infiniband network
-  set_fact:
-    dhcp_end_ib: "{{ dhcp_end_ib_result.stdout }}"
-  when: ib_switch_support
-
-- name: Assert infiniband_net_dhcp_start_range
-  assert:
-    that:
-      - ib_network_dhcp_start_range | length > 1
-      - ib_network_dhcp_start_range | ipv4
-      - ib_network_dhcp_start_range != ib_ip
-      - ib_network_dhcp_start_range != ib_network_dhcp_end_range
-      - dhcp_start_ib == ib_subnet
-      - dhcp_start_ib == dhcp_end_ib
-    success_msg: "{{ success_dhcp_range }} for infiniband network"
-    fail_msg: "{{ fail_dhcp_range }} for infiniband network"
-  when: ib_switch_support
-
-- name: Assert infiniband_net_dhcp_end_range
-  assert:
-    that:
-      - ib_network_dhcp_end_range | length > 1
-      - ib_network_dhcp_end_range | ipv4
-      - ib_network_dhcp_end_range != ib_ip
-      - ib_network_dhcp_start_range != ib_network_dhcp_end_range
-      - dhcp_end_ib == ib_subnet
-      - dhcp_start_ib == dhcp_end_ib
-    success_msg: "{{ success_dhcp_range }} for infiniband network"
-    fail_msg: "{{ fail_dhcp_range }} for infiniband network"
-  when: ib_switch_support
-
-- name: Verify different nics with infiniband nic
-  assert:
-    that:
-      - public_nic != ib_network_nic
-      - mngmnt_network_nic != ib_network_nic
-      - ib_network_nic != host_network_nic
-    success_msg: "{{ success_msg_different_nics_ib }}"
-    fail_msg: "{{ fail_msg_different_nics_ib }}"
-  when: ib_switch_support
+- name: Validate NIC parameters
+  import_tasks: validate_nic_vars.yml

control_plane/roles/control_plane_common/tasks/fetch_security_inputs.yml

@@ -16,11 +16,13 @@
 - name: Include security variable file security_vars.yml
   include_vars: "{{ security_vars_filename }}"
   no_log: true
+  tags: init
 
 - name: Validate input parameters of base_vars are not empty
   fail:
     msg: "{{ input_security_failure_msg }}"
   register: input_base_check
+  tags: [ validate, security ]
   when:
     - domain_name | length < 1 or
       realm_name | length < 1
@@ -31,6 +33,7 @@
       - domain_name is regex("^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,}$")
     success_msg: "{{ dom_name_success_msg }}"
     fail_msg: "{{ dom_name_fail_msg }}"
+  tags: [ validate, security ]
 
 - name: Validate the realm name
   assert:
@@ -38,4 +41,5 @@
       - realm_name is regex("^(?!-)[A-Z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Z]{2,}$")
       - '"." in realm_name'
     success_msg: "{{ realm_success_msg }}"
-    fail_msg: "{{ realm_fail_msg }}"
+    fail_msg: "{{ realm_fail_msg }}"
+  tags: [ validate, security ]

control_plane/roles/control_plane_common/tasks/fetch_sm_inputs.yml

@@ -1,4 +1,4 @@
-# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,41 +17,41 @@
   stat:
     path: "{{ ib_config_file }}"
   register: stat_result
-  tags: install
+  tags: init
 
 - name: Fail if config file doesn't exist
   fail:
     msg: "{{ fail_msg_config_file }}"
   when: not stat_result.stat.exists
-  tags: install
+  tags: init
 
 - name: Check that the opensm.conf exists
   stat:
     path: "{{ opensm_conf_file }}"
   register: stat_result
-  tags: install
+  tags: init
 
 - name: Fail if opensm.conf file doesn't exist
   fail:
     msg: "{{ fail_msg_opensm_config_file }}"
   when: not stat_result.stat.exists
-  tags: install
+  tags: init
 
 - name: Include infiniband variable file
   include_vars: "{{ ib_config_file }}"
-  tags: install
+  tags: init
 
 - name: Validate directory input definition
   fail:
     msg: "{{ fail_msg_ib_input_definition }}"
+  tags: [ validate, network-ib ]
   when:
     - subnet_manager.cache_directory is not defined or subnet_manager.log_directory is not defined
-  tags: install
 
 - name: Validate directory input
   fail:
     msg: "{{ fail_msg_ib_input }}"
+  tags: [ validate, network-ib ]
   when:
-    - subnet_manager.cache_directory |length < 1
-    - subnet_manager.log_directory |length < 1
-  tags: install
+    - subnet_manager.cache_directory | length < 1
+    - subnet_manager.log_directory | length < 1

control_plane/roles/control_plane_common/tasks/internet_validation.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -22,4 +22,3 @@
     timeout: "{{ internet_timeout }}"
     msg: "{{ internet_status }}"
   register: internet_value
-  tags: install

control_plane/roles/control_plane_common/tasks/main.yml

@@ -12,46 +12,53 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
-- name: Mount Path
-  set_fact:
-    mount_path: "{{ role_path + '/../../..'  }}"
 
 - name: Pre-requisite validation
   import_tasks: pre_requisite.yml
+  tags: init
 
 - name: Internet validation
   import_tasks: internet_validation.yml
+  tags: init
 
 - name: Common packages installation
   import_tasks: package_installation.yml
+  tags: init
 
-- name: Basic Configuration
+- name: Basic configuration
   import_tasks: fetch_base_inputs.yml
 
-- name: Credentials Configuration
-  import_tasks: password_config.yml
-
-- name: omnia inputs validation
+- name: Omnia inputs validation
   import_tasks: verify_omnia_params.yml
 
+- name: Credentials inputs validation
+  import_tasks: verify_login_inputs.yml
+
+- name: iDRAC inputs validation
+  import_tasks: validate_idrac_vars.yml
+
 - name: Subnet manager inputs validation
   import_tasks: fetch_sm_inputs.yml
   when: ib_switch_support
 
+- name: Security inputs validation
+  import_tasks: fetch_security_inputs.yml
+  when: enable_security_support
+
 - name: Host mapping file validation
   import_tasks: validate_host_mapping_file.yml
-  when: host_mapping_file_path |length >0
+  when: host_mapping_file_path | length > 0
+  tags: [ validate, pxe ]
 
 - name: Device mapping file validation
   import_tasks: validate_device_mapping_file.yml
-  when: mngmnt_mapping_file_path |length >0
+  when: mngmnt_mapping_file_path | length > 0
+  tags: [ validate, network-device ]
 
 - name: Encrypt idrac_tools_vars.yml
   import_tasks: encrypt_idrac_tools_vars.yml
+  tags: init
 
 - name: NFS Server setup for offline repo and awx
   import_tasks: nfs_server_setup.yml
-
-- name: Security Inputs Validation
-  import_tasks: fetch_security_inputs.yml
-  when: enable_security_support
+  tags: init

control_plane/roles/control_plane_common/tasks/package_installation.yml

@@ -1,4 +1,4 @@
-#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -12,23 +12,20 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
-- name: Install packages
+- name: Install packages - leap
   zypper:
     name: "{{ common_packages_leap }}"
     state: present
-  tags: install
   when: ( os_supported_leap in mgmt_os ) and ( ansible_distribution_version >= os_supported_leap_version )
 
-- name: Install packages
+- name: Install packages - rocky
   package:
     name: "{{ common_packages }}"
     state: present
-  tags: install
   when:
     - ( mgmt_os == os_supported_centos ) and ( ansible_distribution_version >= os_supported_centos_version ) or
       ( mgmt_os == os_supported_rocky ) and ( ansible_distribution_version >= os_supported_rocky_version )
 
 - name: Install netaddr
   command: pip3 install netaddr
-  tags: install
-  changed_when: false
+  changed_when: false

control_plane/roles/control_plane_common/tasks/pre_requisite.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,6 +13,16 @@
 #  limitations under the License.
 ---
 
+- name: Validate run tags
+  fail:
+    msg: "{{ invalid_tag_msg }}"
+  when: '"init" not in ansible_run_tags'
+  tags: [ init, network-device, pxe, awx, network-ib, idrac, monitoring, security, firmware-repo, templates ]
+
+- name: Mount Path
+  set_fact:
+    mount_path: "{{ role_path + '/../../..'  }}"
+    
 - name: Collecting ansible python version
   shell:
     cmd: ansible --version | grep "python version" | cut -d ' ' -f 6
@@ -29,7 +39,6 @@
   when:
     - ansible_python_version.stdout != python_version_leap
     - ansible_python_version.stdout != python_version_support
-  tags: install
 
 - name: Verify whether ansible configuration file exists
   stat:
@@ -42,7 +51,6 @@
     regexp: '#log_path = /var/log/ansible.log'
     replace: 'log_path = /var/log/omnia.log'
   when: file_exists.stat.exists
-  tags: install
 
 - name: Check OS support
   assert:
@@ -53,7 +61,6 @@
     fail_msg: "{{ fail_os_status }}"
     success_msg: "{{ success_os_status }}"
   register: os_value
-  tags: install
 
 - block:
     - name: Fetch SElinux mode
@@ -67,14 +74,12 @@
         regexp: 'SELINUX=[a-z]+'
         replace: 'SELINUX=disabled'
       when: '"SELinux status: enabled" in sestatus_current.stdout_lines'
-      tags: install
 
     - name: Status of SElinux
       fail:
         msg: "{{ selinux_status }}"
       when: '"SELinux status: enabled" in sestatus_current.stdout_lines'
       register: selinux_value
-      tags: install
   when:
     - ( mgmt_os == os_supported_centos ) and ( ansible_distribution_version >= os_supported_centos_version ) or
       ( mgmt_os == os_supported_rocky ) and ( ansible_distribution_version >= os_supported_rocky_version )
@@ -83,4 +88,4 @@
   service:
     name: firewalld
     state: started
-    enabled: yes
+    enabled: yes

control_plane/roles/control_plane_common/tasks/validate_device_mapping_file.yml

@@ -11,17 +11,16 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # limitations under the License.
 ---
+
 - name: Check that device mapping file exists at mentioned path
   stat:
     path: "{{ mngmnt_mapping_file_path }}"
   register: stat_result
-  tags: install
 
 - name: Fail if config file doesn't exist
   fail:
     msg: "{{ fail_msg_mapping_file + mngmnt_mapping_file_path }}"
   when: not stat_result.stat.exists
-  tags: install
 
 - name: Read device mapping file from CSV file and return a dictionary
   read_csv:
@@ -29,38 +28,32 @@
     key: "{{ mapping_file_key }}"
   register: device_mapping_file
   delegate_to: localhost
-  tags: install
 
 - name: Check if header is present in mapping file
   shell:  set -o pipefail && awk 'NR==1 { print $1}' "{{ mngmnt_mapping_file_path }}"
   register: mngmnt_header
   changed_when: false
-  tags: install
 
 - name: Fail if header not in correct format
   fail:
     msg: "{{ fail_device_mapping_file_header }}"
   when: mngmnt_header.stdout !=  device_mapping_header_format
-  tags: install
 
 - name: Check if mapping file is comma seperated
   shell: awk -F\, '{print NF-1}' "{{ mngmnt_mapping_file_path }}"
   register: mngmnt_comma_seperated
   changed_when: false
-  tags: install
 
 - name: Fail if not comma seperated or if all fields are not given
   fail:
     msg: "{{ fail_mapping_file_field_seperation }}"
   when: not(item =="1")
   with_items: "{{ mngmnt_comma_seperated.stdout_lines }}"
-  tags: install
 
 - name: Initialize count variables
   set_fact:
     list_of_ips: []
     count_total_items: "{{ device_mapping_file.dict |length }}"
-  tags: install
 
 - name: Create list of IPs in mapping file
   set_fact:
@@ -68,15 +61,12 @@
   loop: "{{ device_mapping_file.dict | dict2items }}"
   loop_control:
     label: "{{ item.value.MAC }}"
-  tags: install
 
 - name: Find count of unique IPs
   set_fact:
     count_of_unique_ip : "{{ list_of_ips| unique| length }}"
-  tags: install
 
 - name: Validation to check if unique IPs are provided for each node
   fail:
     msg: "{{ fail_mapping_file_duplicate_ip + mngmnt_mapping_file_path }}"
   when: not(count_of_unique_ip|int == count_total_items|int)
-  tags: install

control_plane/roles/control_plane_common/tasks/validate_host_mapping_file.yml

@@ -11,17 +11,16 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # limitations under the License.
 ---
+
 - name: Check that host mapping file exists at mentioned path
   stat:
     path: "{{ host_mapping_file_path }}"
   register: stat_result
-  tags: install
 
 - name: Fail if config file doesn't exist
   fail:
     msg: "{{ fail_msg_mapping_file + host_mapping_file_path }}"
   when: not stat_result.stat.exists
-  tags: install
 
 - name: Read host mapping file from CSV file and return a dictionary
   read_csv:
@@ -29,50 +28,42 @@
     key: "{{ mapping_file_key }}"
   register: mapping_file
   delegate_to: localhost
-  tags: install
 
 - name: Initialize variable for role support in mapping file
   set_fact:
     component_role_support: false
-  tags: install
 
 - name: Check if header is present in mapping file
   shell:  set -o pipefail && awk 'NR==1 { print $1}' "{{ host_mapping_file_path }}"
   register: mngmnt_header
   changed_when: false
-  tags: install
 
 - name: Fail if header not in correct format
   assert:
     that: (mngmnt_header.stdout ==  host_mapping_header_format) or (mngmnt_header.stdout == host_mapping_header_with_role_format)
     fail_msg: "{{ fail_mapping_file_header }}"
-  tags: install
 
 - name: Check if mapping file is comma seperated
   shell: awk -F\, '{print NF-1}' "{{ host_mapping_file_path }}"
   register: mngmnt_comma_seperated
   changed_when: false
-  tags: install
 
 - name: Set variable if component roles given in mapping file
   set_fact:
     component_role_support: true
   when: mngmnt_header.stdout == host_mapping_header_with_role_format
-  tags: install
 
 - name: Fail if not comma seperated or if all fields are not given for MAC,Hostname,IP,Component_role
   fail:
     msg: "{{ fail_mapping_file_field_seperation }}"
   when: not(item =="3") and not (item == "-1") and component_role_support
   with_items: "{{ mngmnt_comma_seperated.stdout_lines }}"
-  tags: install
 
 - name: Fail if not comma seperated or if all fields are not given for MAC,Hostname,IP
   fail:
     msg: "{{ fail_mapping_file_field_seperation }}"
   when: not(item =="2") and not (item == "-1") and not(component_role_support)
   with_items: "{{ mngmnt_comma_seperated.stdout_lines }}"
-  tags: install
 
 - name: Initialize count variables
   set_fact:
@@ -84,7 +75,6 @@
     count_of_nfs_node: 0
     count_of_login: 0
     count_total_items: "{{ mapping_file.dict |length }}"
-  tags: install
 
 - name: Create list of IPs and component roles and hostnames defined in mapping file
   set_fact:
@@ -93,7 +83,6 @@
   loop: "{{ mapping_file.dict | dict2items }}"
   loop_control:
     label: "{{ item.value.MAC }}"
-  tags: install
 
 - name: Create list of component roles defined in mapping file
   set_fact:
@@ -102,7 +91,6 @@
   loop_control:
     label: "{{ item.value.MAC }}"
   when: component_role_support
-  tags: install
 
 - name: Assert hostnames
   assert:
@@ -113,35 +101,29 @@
     quiet: yes
     fail_msg: "{{ fail_mapping_file_hostname_chars + item }}"
   with_items: "{{ list_of_hostnames }}"
-  tags: install
 
 - name: Find count of unique IPs
   set_fact:
     count_of_unique_ip : "{{ list_of_ips| unique| length }}"
-  tags: install
 
 - name: Validation to check if unique IPs are provided for each node
   fail:
     msg: "{{ fail_mapping_file_duplicate_ip + host_mapping_file_path }}"
   when: not(count_of_unique_ip|int == count_total_items|int)
-  tags: install
 
 - name: Find count of unique hostnames
   set_fact:
     count_of_unique_hostnames : "{{ list_of_hostnames | unique | length }}"
-  tags: install
 
 - name: Validation to check if unique hostnames are provided for each node
   fail:
     msg: "{{ fail_mapping_file_duplicate_hostname }}"
   when: not(count_of_unique_hostnames|int == count_total_items| int)
-  tags: install
 
 - name: Find count of each component role defined in mapping file
   include_tasks: count_component_roles.yml
   loop: "{{ list_of_roles }}"
   when: component_role_support
-  tags: install
 
 - block:
   - name: Validation to check if component roles for each node is defined
@@ -168,12 +150,10 @@
     fail:
       msg: "{{ fail_mapping_file_nfs_role }}"
     when: (not (count_of_nfs_node|int == 1) and powervault_support) or ((count_of_nfs_node|int == 1) and not powervault_support)
-  tags: install
 
   rescue:
   - name: Count of roles defined
     fail:
       msg: "{{ count_of_roles_defined }}"
-    tags: install
 
   when: component_role_support

control_plane/roles/control_plane_common/tasks/validate_idrac_vars.yml

@@ -0,0 +1,45 @@
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Include variable file idrac_vars.yml
+  include_vars: "{{ idrac_input_filename }}"
+  run_once: true
+  tags: init
+
+- name: Assert firmware_update_required value
+  assert:
+    that:
+      - firmware_update_required == true or firmware_update_required == false
+    success_msg: "{{ firmware_update_success_msg }}"
+    fail_msg: "{{ firmware_update_fail_msg }}"
+  tags: [ validate, firmware-repo ]
+
+- name: Read poweredge_model file
+  command: cat {{ role_path }}/files/poweredge_models.txt
+  failed_when: false
+  register: poweredge_models_file_output
+  changed_when: false
+  tags: [ validate, firmware-repo ]
+
+- name: Assert poweredge_model value
+  assert:
+    that:
+      - item | length > 1
+      - item in poweredge_models_file_output.stdout
+    success_msg: "{{ poweredge_model_success_msg }}"
+    fail_msg: "{{ poweredge_model_fail_msg }}"
+  when: firmware_update_required
+  with_items: "{{ poweredge_model.split(',') | map('trim') }}"
+  tags: [ validate, firmware-repo ]

control_plane/roles/control_plane_common/tasks/validate_nic_vars.yml

@@ -0,0 +1,299 @@
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Fetch the network interfaces in UP state in the system
+  shell: set -o pipefail && ip a | awk '/state UP/{print $2}'
+  register: nic_addr_up
+  changed_when: false
+  tags: init
+
+### public network
+
+- name: Assert public nic
+  assert:
+    that:
+      - public_nic in nic_addr_up.stdout
+    success_msg: "{{ success_msg_public_nic }}"
+    fail_msg: "{{ fail_msg_public_nic }}"
+  tags: [ validate, init ]
+
+- name: Fetch the system public IP
+  set_fact:
+    public_ip: "{{ lookup('vars','ansible_'+public_nic).ipv4.address }}"
+  tags: init
+
+### management network
+
+- name: Assert management network nic
+  assert:
+    that:
+      - mngmnt_network_nic in nic_addr_up.stdout
+    success_msg: "{{ success_msg_mngmnt_network_nic }}"
+    fail_msg: "{{ fail_msg_mngmnt_network_nic }}"
+  tags: [ validate, network-device ]
+
+- name: Fetch the management network ip, netmask and subnet
+  set_fact:
+    mngmnt_network_ip: "{{ lookup('vars','ansible_'+mngmnt_network_nic).ipv4.address }}"
+    mngmnt_network_netmask: "{{ lookup('vars','ansible_'+mngmnt_network_nic).ipv4.netmask }}"
+    mngmnt_network_subnet: "{{ lookup('vars','ansible_'+mngmnt_network_nic).ipv4.network }}"
+  tags: init
+
+- name: Check the subnet of management network dhcp start range
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ mngmnt_network_dhcp_start_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ mngmnt_network_netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  args:
+    warn: no
+  register: dhcp_start_mgmnt_result
+  changed_when: false
+  tags: init
+
+- name: Set the start dhcp subnet for management network
+  set_fact:
+    dhcp_start_mgmnt: "{{ dhcp_start_mgmnt_result.stdout }}"
+  tags: init
+
+- name: Check the subnet of dhcp end range for management network
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ mngmnt_network_dhcp_end_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ mngmnt_network_netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  register: dhcp_end_mgmnt_result
+  changed_when: false
+  tags: init
+
+- name: Set the end dhcp subnet for management network
+  set_fact:
+    dhcp_end_mgmnt: "{{ dhcp_end_mgmnt_result.stdout }}"
+  tags: init
+
+- name: Assert management_net_dhcp_start_range
+  assert:
+    that:
+      - mngmnt_network_dhcp_start_range |  length > 1
+      - mngmnt_network_dhcp_start_range | ipv4
+      - mngmnt_network_dhcp_start_range != mngmnt_network_ip
+      - mngmnt_network_dhcp_start_range != mngmnt_network_dhcp_end_range
+      - dhcp_start_mgmnt == mngmnt_network_subnet
+      - dhcp_start_mgmnt == dhcp_end_mgmnt
+    success_msg: "{{ success_dhcp_range }} for management network"
+    fail_msg: "{{ fail_dhcp_range }} for management network"
+  tags: [ validate, network-device ]
+
+- name: Assert management_net_dhcp_end_range
+  assert:
+    that:
+      - mngmnt_network_dhcp_end_range |  length > 1
+      - mngmnt_network_dhcp_end_range | ipv4
+      - mngmnt_network_dhcp_end_range != mngmnt_network_ip
+      - mngmnt_network_dhcp_start_range != mngmnt_network_dhcp_end_range
+      - dhcp_end_mgmnt == mngmnt_network_subnet
+      - dhcp_start_mgmnt == dhcp_end_mgmnt
+    success_msg: "{{ success_dhcp_range }} for management network"
+    fail_msg: "{{ fail_dhcp_range }} for management network"
+  tags: [ validate, network-device ]
+
+- name: Set the mapping file value for management network
+  set_fact:
+    mngmnt_mapping_file: true
+  when: mngmnt_mapping_file_path | length > 0
+  tags: init
+
+- name: Assert valid mngmnt_mapping_file_path
+  stat:
+    path: "{{ mngmnt_mapping_file_path }}"
+  when: mngmnt_mapping_file
+  register: result_mngmnt_mapping_file
+  tags: init
+
+- name : Valid mngmnt_mapping_file_path
+  fail:
+    msg: "{{ invalid_mapping_file_path }} for management network"
+  when: mngmnt_mapping_file and not result_mngmnt_mapping_file.stat.exists
+  tags: init
+
+### host network
+
+- name: Fetch the host network ip, netmask and subnet
+  set_fact:
+    hpc_ip: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.address }}"
+    netmask: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.netmask }}"
+    subnet: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.network }}"
+  tags: init
+
+- name: Check the subnet of host network dhcp start range
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ host_network_dhcp_start_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  args:
+    warn: no
+  register: dhcp_start_host_result
+  changed_when: false
+  tags: init
+
+- name: Set the start dhcp subnet for host network
+  set_fact:
+    dhcp_start_host: "{{ dhcp_start_host_result.stdout }}"
+  tags: init
+
+- name: Check the subnet of dhcp end range for host network
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ host_network_dhcp_end_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  register: dhcp_end_host_result
+  changed_when: false
+  tags: init
+
+- name: Set the end dhcp subnet for host network
+  set_fact:
+    dhcp_end_host: "{{ dhcp_end_host_result.stdout }}"
+  tags: init
+
+- name: Assert host_network_dhcp_start_range
+  assert:
+    that:
+      - host_network_dhcp_start_range | length > 1
+      - host_network_dhcp_start_range | ipv4
+      - host_network_dhcp_start_range != hpc_ip
+      - host_network_dhcp_start_range != host_network_dhcp_end_range
+      - dhcp_start_host == subnet
+      - dhcp_start_host == dhcp_end_host
+    success_msg: "{{ success_dhcp_range }} for host network"
+    fail_msg: "{{ fail_dhcp_range }} for host network"
+  tags: [ validate, pxe ]
+
+- name: Assert host_network_dhcp_end_range
+  assert:
+    that:
+      - host_network_dhcp_end_range | length > 1
+      - host_network_dhcp_end_range | ipv4
+      - host_network_dhcp_end_range != hpc_ip
+      - host_network_dhcp_start_range != host_network_dhcp_end_range
+      - dhcp_end_host == subnet
+      - dhcp_start_host == dhcp_end_host
+    success_msg: "{{ success_dhcp_range }} for host network"
+    fail_msg: "{{ fail_dhcp_range }} for host network"
+  tags: [ validate, pxe ]
+
+- name: Set the mapping file value for host network
+  set_fact:
+    host_mapping_file: true
+  when: host_mapping_file_path | length > 0
+  tags: init
+  
+- name: Assert valid mapping_file_path
+  stat: 
+    path: "{{ host_mapping_file_path }}"
+  when: host_mapping_file
+  register: result_host_mapping_file
+  tags: init
+  
+- name: Valid mapping_file_path
+  fail:
+    msg: "{{ invalid_mapping_file_path }} for host_network"
+  when: host_mapping_file and not result_host_mapping_file.stat.exists
+  tags: init
+
+- name: Verify different nics
+  assert:
+    that:
+      - public_nic != mngmnt_network_nic
+      - mngmnt_network_nic != host_network_nic
+      - public_nic != host_network_nic
+    success_msg: "{{ success_msg_different_nics }}"
+    fail_msg: "{{ fail_msg_different_nics }}"
+  tags: [ validate, pxe, network-device ]
+
+### ib network
+
+- name: Validate ib network vars
+  block:
+    - name: Fetch the infiniband network ip, netmask and subnet
+      set_fact:
+        ib_ip: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.address }}"
+        ib_netmask: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.netmask }}"
+        ib_subnet: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.network }}"
+      tags: init
+      
+    - name: Check the subnet of infiniband network dhcp start range
+      shell: |
+        IFS=. read -r i1 i2 i3 i4 <<< "{{ ib_network_dhcp_start_range }}"
+        IFS=. read -r m1 m2 m3 m4 <<< "{{ ib_netmask }}"
+        printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+      args:
+        warn: no
+      register: dhcp_start_ib_result  
+      changed_when: false
+      tags: init
+
+    - name: Set the start dhcp subnet for infiniband network
+      set_fact:
+        dhcp_start_ib: "{{ dhcp_start_ib_result.stdout }}"
+      tags: init    
+
+    - name: Check the subnet of dhcp end range for infiniband network
+      shell: |
+        IFS=. read -r i1 i2 i3 i4 <<< "{{ ib_network_dhcp_end_range }}"
+        IFS=. read -r m1 m2 m3 m4 <<< "{{ ib_netmask }}"
+        printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+      register: dhcp_end_ib_result  
+      changed_when: false
+      tags: init
+
+    - name: Set the end dhcp subnet for infiniband network
+      set_fact:
+        dhcp_end_ib: "{{ dhcp_end_ib_result.stdout }}"
+      tags: init
+
+    - name: Assert infiniband_net_dhcp_start_range
+      assert:
+        that:
+          - ib_network_dhcp_start_range | length > 1
+          - ib_network_dhcp_start_range | ipv4
+          - ib_network_dhcp_start_range != ib_ip
+          - ib_network_dhcp_start_range != ib_network_dhcp_end_range
+          - dhcp_start_ib == ib_subnet
+          - dhcp_start_ib == dhcp_end_ib
+        success_msg: "{{ success_dhcp_range }} for infiniband network"
+        fail_msg: "{{ fail_dhcp_range }} for infiniband network"
+      tags: [ validate, network-ib ]
+  
+    - name: Assert infiniband_net_dhcp_end_range
+      assert:
+        that:
+          - ib_network_dhcp_end_range | length > 1
+          - ib_network_dhcp_end_range | ipv4
+          - ib_network_dhcp_end_range != ib_ip
+          - ib_network_dhcp_start_range != ib_network_dhcp_end_range
+          - dhcp_end_ib == ib_subnet
+          - dhcp_start_ib == dhcp_end_ib
+        success_msg: "{{ success_dhcp_range }} for infiniband network"
+        fail_msg: "{{ fail_dhcp_range }} for infiniband network"
+      tags: [ validate, network-ib ]
+
+    - name: Verify different nics with infiniband nic
+      assert:
+        that:
+          - public_nic != ib_network_nic
+          - mngmnt_network_nic != ib_network_nic
+          - ib_network_nic != host_network_nic
+        success_msg: "{{ success_msg_different_nics_ib }}"
+        fail_msg: "{{ fail_msg_different_nics_ib }}"
+      tags: [ validate, pxe, network-ib, network-device ]
+  when: ib_switch_support

control_plane/roles/control_plane_common/tasks/validate_provision_vars.yml

@@ -0,0 +1,81 @@
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Convert timezone.txt to linux format
+  command: dos2unix {{ role_path }}/files/timezone.txt
+  failed_when: false
+  changed_when: false
+
+- name: Searching for timezone
+  lineinfile:
+    path: "{{ role_path }}/files/timezone.txt"
+    line: "{{ timezone }}"
+    state: present
+  check_mode: yes
+  register: timezone_search
+
+- name: Assert timezone
+  assert:
+    that: timezone_search is not changed
+    success_msg: "{{ success_timezone_msg }}"
+    fail_msg: "{{ fail_timezone_msg }}"
+  register: timezone_check
+
+- name: Assert language for provisioning nodes
+  fail:
+    msg: "{{ fail_language }}"
+  when: '"en-US" not in language'
+
+- name: Assert provisioning method
+  assert:
+    that:
+      - provision_method == "PXE" or provision_method == "idrac"
+    success_msg: "{{ success_provision_method }}"
+    fail_msg: "{{ fail_provision_method }}"
+
+- name: Assert provision_state
+  assert:
+    that: 
+      - provision_state == "stateful"
+    fail_msg: "{{ provision_state_fail_msg }}"
+    success_msg: "{{ provision_state_success_msg }}"
+
+- name: Assert operating system
+  assert:
+    that:
+      - provision_os == os_supported_centos or 
+        provision_os == os_supported_rocky or
+        provision_os == os_supported_leap
+    fail_msg: "{{ provision_os_fail_msg }}"
+    success_msg: "{{ provision_os_success_msg }}"
+
+- name: Verify the iso_file_path
+  stat:
+    path: "{{ iso_file_path }}"
+  register: result_path_iso_file
+
+- name : Assert iso_file_path location
+  fail:
+    msg: "{{ missing_iso_file_path }}"
+  when: not result_path_iso_file.stat.exists
+
+- name: Validate iso_file_path name
+  assert:
+    that:
+      - result_path_iso_file.stat.exists
+      - '".iso" in iso_file_path'
+      - provision_os in iso_file_path | lower
+    fail_msg: "{{ invalid_iso_file_path }}"
+    success_msg:  "{{ valid_iso_file_path }}"

control_plane/roles/control_plane_common/tasks/password_config.yml

@@ -18,6 +18,7 @@
   changed_when: false
   register: config_content
   no_log: true
+  tags: init
 
 - name: Decrpyt login_vars.yml
   command: >-
@@ -25,10 +26,12 @@
     --vault-password-file {{ vault_filename }}
   changed_when: false
   when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+  tags: init
 
 - name: Include variable file login_vars.yml
   include_vars: "{{ login_vars_filename }}"
   no_log: true
+  tags: init
 
 - name: Validate input parameters are not empty
   fail:
@@ -39,10 +42,12 @@
       cobbler_password | length < 1 or      
       idrac_username | length < 1 or
       idrac_password | length < 1
+  tags: [ validate, pxe, idrac ]
 
 - name: Validate security parameters when enable_security_support is set to true
   fail:
     msg: "{{ login_input_config_failure_msg }} for ipa server installation"
+  tags: [ validate, security ]
   when:
     - ( directory_manager_password | length < 1 or
       ipa_admin_password | length < 1 ) and
@@ -64,6 +69,7 @@
     - name: Provision password validation check
       fail:
         msg: "{{ fail_msg_provision_password }}"
+  tags: [ validate, pxe, idrac ]
 
 - name: Assert cobbler credentials
   block:
@@ -81,6 +87,7 @@
     - name: Cobbler password validation check
       fail:
         msg: "{{ fail_msg_cobbler_password }}"
+  tags: [ validate, pxe ]
 
 - name: Assert idrac credentials
   block:
@@ -104,6 +111,7 @@
     - name: idrac credentials validation check
       fail:
         msg: "{{ fail_msg_idrac_credentials }}"
+  tags: [ validate, idrac ]
 
 - name: Assert grafana credentials
   block:
@@ -128,6 +136,7 @@
     - name: grafana credentials validation check
       fail:
         msg: "{{ fail_msg_grafana_credentials }}"
+  tags: [ validate, monitoring ]
 
 - name: Assert username and password for ethernet switches
   block:
@@ -152,6 +161,7 @@
       fail:
         msg: "{{ fail_msg_ethernet_credentials }}"
   when: ethernet_switch_support
+  tags: [ validate, network-device ]
 
 - name: Assert username and password for IB switches
   block:
@@ -176,6 +186,7 @@
       fail:
         msg: "{{ fail_msg_ib_credentials }}"
   when: ib_switch_support
+  tags: [ validate, network-ib ]
 
 - name: Assert username and password for powervault me4
   block:
@@ -207,6 +218,7 @@
       fail:
         msg: "{{ fail_msg_me4_credentials }}"
   when: powervault_support
+  tags: [ validate, network-device ]
 
 - name: Assert directory_manager_password
   assert:
@@ -220,6 +232,7 @@
     success_msg: "{{ success_msg_dir_manager_password }}"
     fail_msg: "{{ fail_msg_dir_manager_password }}"
   when: enable_security_support
+  tags: [ validate, security ]
 
 - name: Assert ipa_admin_password
   assert:
@@ -233,11 +246,13 @@
     success_msg: "{{ success_msg_ipa_admin_pwd }}"
     fail_msg: "{{ fail_msg_ipa_admin_pwd }}"
   when: enable_security_support
+  tags: [ validate, security ]
 
 - name: Create ansible vault key
   set_fact:
     vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
   when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
+  tags: init
 
 - name: Save vault key
   copy:
@@ -248,14 +263,17 @@
     force: yes
     mode: "{{ vault_file_perm }}"
   when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
+  tags: init
 
 - name: Encrypt input config file
   command: >-
     ansible-vault encrypt {{ login_vars_filename }}
     --vault-password-file {{ vault_filename }}
   changed_when: false
+  tags: init
 
 - name: Update login_vars.yml permission
   file:
     path: "{{ login_vars_filename }}"
     mode: "{{ file_perm }}"
+  tags: init

control_plane/roles/control_plane_common/tasks/verify_omnia_params.yml

@@ -13,19 +13,17 @@
 #  limitations under the License.
 ---
 
-- name: Include base variable file base_vars.yml
-  include_vars: "{{ base_vars_filename }}"
-  no_log: true
-
 - name: Check if omnia_vault_key exists
   stat:
     path: "{{ role_path }}/../../../{{ config_vaultname }}"
   register: vault_key_result
+  tags: init
 
 - name: Create ansible vault key if it does not exist
   set_fact:
     vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
   when: not vault_key_result.stat.exists
+  tags: init
 
 - name: Save vault key
   copy:
@@ -36,27 +34,32 @@
     force: yes
     mode: "{{ vault_file_perm }}"
   when: not vault_key_result.stat.exists
+  tags: init
 
 - name: Check if omnia config file is encrypted
   command: cat {{ role_path }}/../../../{{ config_filename }}
   changed_when: false
   register: config_content
   no_log: True
+  tags: init
 
 - name: Decrpyt omnia_config.yml
   command: >-
     ansible-vault decrypt {{ role_path }}/../../../{{ config_filename }}
     --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
   when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+  tags: init
 
 - name: Include variable file omnia_config.yml
   include_vars: "{{ role_path }}/../../../{{ config_filename }}"
   no_log: True
+  tags: init
 
 - name: Validate input parameters are not empty
   fail:
     msg: "{{ input_omnia_failure_msg }}"
   register: input_config_check
+  tags: [ validate, templates ]
   when:
     - mariadb_password | length < 1 or
       k8s_version | length < 1 or
@@ -66,6 +69,7 @@
 - name: Validate login node parameters when login_node_reqd is set to true
   fail:
     msg: "{{ omnia_input_config_failure_msg }}"
+  tags: [ validate, templates ]
   when:
     - ( domain_name | length < 1 or
       realm_name | length < 1 or
@@ -86,18 +90,21 @@
         - " \"'\" not in mariadb_password "
     success_msg: "{{ success_msg_mariadb_password }}"
     fail_msg: "{{ fail_msg_mariadb_password }}"
+  tags: [ validate, templates ]
 
 - name: Assert kubernetes version
   assert:
     that: "('1.16.7' in k8s_version) or ('1.19.3' in k8s_version)"
     success_msg: "{{ success_msg_k8s_version }}"
     fail_msg: "{{ fail_msg_k8s_version }}"
+  tags: [ validate, templates ]
 
 - name: Assert kubernetes cni
   assert:
     that: "('calico' in k8s_cni) or ('flannel' in k8s_cni)"
     success_msg: "{{ success_msg_k8s_cni }}"
     fail_msg: "{{ fail_msg_k8s_cni }}"
+  tags: [ validate, templates ]
 
 - name: Save input variables from file
   set_fact:
@@ -107,6 +114,7 @@
     docker_username: "{{ docker_username }}"
     docker_password: "{{ docker_password }}"
   no_log: True
+  tags: init
 
 - name: Verify the value of login_node_required
   assert:
@@ -114,6 +122,7 @@
       - login_node_required == true or login_node_required == false
     success_msg: "{{ login_node_required_success_msg }}"
     fail_msg: "{{ login_node_required_fail_msg }}"
+  tags: [ validate, templates ]
 
 - name: Validate the domain name
   assert:
@@ -121,6 +130,7 @@
       - domain_name is regex("^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,}$")
     success_msg: "{{ domain_name_success_msg }}"
     fail_msg: "{{ domain_name_fail_msg }}"
+  tags: [ validate, templates ]
   when:
     - host_mapping_file
     - login_node_required
@@ -133,6 +143,7 @@
       - '"." in realm_name'
     success_msg: "{{ realm_name_success_msg }}"
     fail_msg: "{{ realm_name_fail_msg }}"
+  tags: [ validate, templates ]
   when:
     - host_mapping_file
     - login_node_required
@@ -149,6 +160,7 @@
       - " \"'\" not in directory_manager_password "
     success_msg: "{{ success_msg_directory_manager_password }}"
     fail_msg: "{{ fail_msg_directory_manager_password }}"
+  tags: [ validate, templates ]
   when:
     - host_mapping_file
     - login_node_required
@@ -165,6 +177,7 @@
       - " \"'\" not in ipa_admin_password "
     success_msg: "{{ success_msg_ipa_admin_password }}"
     fail_msg: "{{ fail_msg_ipa_admin_password }}"
+  tags: [ validate, templates ]
   when:
     - host_mapping_file
     - login_node_required
@@ -175,8 +188,10 @@
     ansible-vault encrypt {{ role_path }}/../../../{{ config_filename }}
     --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
   changed_when: false
+  tags: init
 
 - name: Update omnia_config.yml permission
   file:
     path: "{{ role_path }}/../../../{{ config_filename }}"
     mode: "{{ vault_file_perm }}"
+  tags: init

control_plane/roles/control_plane_common/vars/main.yml

@@ -13,8 +13,7 @@
 #  limitations under the License.
 ---
 
-
-# vars file for common
+# vars file for control_plane_common
 
 # Usage: package_installation.yml
 common_packages_leap:
@@ -72,8 +71,9 @@ selinux_status: "SElinux is not disabled. Disable it in /etc/sysconfig/selinux a
 ansible_python_version_status: "For CentOS 8.3, python bindings of firewalld, dnf, selinux are not available if python is installed from source and not from dnf. So please make sure python3.6 is installed using dnf. And ansible uses the python version 3.6 installed using dnf"
 python_version_support: '3.6.8'
 default_ansible_config_file_path: /etc/ansible/ansible.cfg
+invalid_tag_msg: "Failed. init tag can't be skipped"
 
-# Usage: password_config.yml
+# Usage: verify_login_inputs.yml
 login_vars_filename: "input_params/login_vars.yml"
 vault_filename: input_params/.login_vault_key
 min_length: 8
@@ -233,3 +233,10 @@ dom_name_success_msg: "domain name successfully validated"
 dom_name_fail_msg: "Failed. Incorrect format provided for domain name in security_vars.yml"
 realm_success_msg: "realm_name successfully validated"
 realm_fail_msg: "Failed. Incorrect realm_name format in security_vars.yml"
+
+# Usage: validate_idrac_vars.yml
+idrac_input_filename: input_params/idrac_vars.yml
+firmware_update_success_msg: "firmware_update_required validated"
+firmware_update_fail_msg: "Failed. firmware_update_required accepts only true or false in idrac_vars.yml"
+poweredge_model_success_msg: "poweredge_model validated"
+poweredge_model_fail_msg: "Failed. poweredge_model is incorrect or unsupported. Please update the list with the supported models in the correct format"

control_plane/roles/control_plane_k8s/tasks/k8s_init.yml

@@ -1,4 +1,4 @@
-#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -16,7 +16,6 @@
 - name: Disable SWAP (1/2)
   command: /usr/sbin/swapoff -a
   changed_when: true
-  tags: init
 
 - name: Disable SWAP in fstab (2/2)
   replace:
@@ -136,4 +135,4 @@
 - name: Edge / Workstation Install allows pods to schedule on manager
   command: kubectl taint nodes --all node-role.kubernetes.io/master-
   changed_when: true
-  failed_when: false
+  failed_when: false

control_plane/roles/control_plane_k8s/tasks/k8s_installation.yml

@@ -1,4 +1,4 @@
-#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -114,7 +114,6 @@
   until: docker_repo is not failed
   retries: "{{ max_retries }}"
   delay: "{{ min_delay }}"
-  tags: install
 
 - name: Install docker-ce-cli
   package:
@@ -137,4 +136,4 @@
 
 - name: Wait for 30sec for kubelet to get things ready
   pause:
-    seconds: "{{ wait_time }}"
+    seconds: "{{ wait_time }}"

control_plane/roles/control_plane_k8s/tasks/main.yml

@@ -1,4 +1,4 @@
-#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -14,13 +14,13 @@
 ---
 
 - name: Install K8s packages
-  import_tasks: k8s_installation.yml
+  include_tasks: k8s_installation.yml
   when:
     - ( mgmt_os == os_supported_centos ) and ( ansible_distribution_version >= os_supported_centos_version ) or
       ( mgmt_os == os_supported_rocky ) and ( ansible_distribution_version >= os_supported_rocky_version )
 
 - name: Install K8s packages for leap
-  import_tasks: k8s_installation_leap.yml
+  include_tasks: k8s_installation_leap.yml
   when: ( os_supported_leap in mgmt_os ) and ( ansible_distribution_version >= os_supported_leap_version )
 
 - name: Configure firewalld
@@ -33,4 +33,4 @@
   import_tasks: k8s_init.yml
 
 - name: Deploy K8s dashboard
-  import_tasks: k8s_services.yml
+  import_tasks: k8s_services.yml

control_plane/roles/control_plane_repo/tasks/download_fmw_updates.yml

@@ -1,4 +1,4 @@
-#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.

control_plane/roles/control_plane_repo/tasks/install_dsu.yml

@@ -1,4 +1,4 @@
-#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.

control_plane/roles/control_plane_repo/tasks/main.yml

@@ -1,4 +1,4 @@
-#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,16 +13,13 @@
 #  limitations under the License.
 ---
 
-- name: Include common variables
-  include_vars:  ../../control_plane_common/vars/main.yml
+- block:
+    - name: Include common variables
+      include_vars:  ../../control_plane_common/vars/main.yml
 
-- name: Validate idrac_vars
-  include_tasks: validate_idrac_vars.yml
+    - name: Install DSU
+      include_tasks: install_dsu.yml
 
-- name: Install DSU
-  include_tasks: install_dsu.yml
+    - name: Download iDRAC firmware updates
+      include_tasks: download_fmw_updates.yml
   when: firmware_update_required
-
-- name: Download iDRAC firmware updates
-  include_tasks: download_fmw_updates.yml
-  when: firmware_update_required

control_plane/roles/control_plane_repo/vars/main.yml

@@ -1,4 +1,4 @@
-#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,18 +13,11 @@
 #  limitations under the License.
 ---
 
-# vars file for offline_repo
-
-# Usage: validate_idrac_vars.yml
-idrac_input_filename: input_params/idrac_vars.yml
-firmware_update_success_msg: "firmware_update_required validated"
-firmware_update_fail_msg: "Failed. firmware_update_required accepts only true or false in idrac_vars.yml"
-poweredge_model_success_msg: "poweredge_model validated"
-poweredge_model_fail_msg: "Failed. poweredge_model is incorrect or unsupported. Please update the list with the supported models in the correct format"
+# vars file for control_plane_repo
 
 # Usage: install_dsu.yml
 dsu_folder_dest: /root/dsu
 dsu_folder_dest_mode: 0644
 bootstrap_repo_url: https://linux.dell.com/repo/hardware/dsu/bootstrap.cgi
 dsu_rpm_url: https://linux.dell.com/repo/hardware/omnia/os_independent/x86_64/dell-omnia-system-update-1.9.2.1-21.08.00.x86_64.rpm
-dsu_rpm_file: dell-omnia-system-update-1.9.2.1-21.08.00.x86_64.rpm
+dsu_rpm_file: dell-omnia-system-update-1.9.2.1-21.08.00.x86_64.rpm

roles/k8s_start_services/tasks/configure_nginx_prom_grafana.yml

@@ -25,12 +25,6 @@
     state: present
   when: ansible_facts['distribution'] == opensuse_os_name
 
-- name: Start and enable nginx service
-  service:
-    name: nginx
-    state: restarted
-    enabled: yes
-
 - name: Get prometheus service IP
   command: kubectl get svc -l app=prometheus,component=server -o=jsonpath='{.items[0].spec.clusterIP}'
   changed_when: false

roles/slurm_exporter/tasks/install_prometheus.yml

@@ -39,26 +39,20 @@
           static_configs:
             - targets: ['localhost:{{ slurm_exporter_port }}']
 
-- name: Install & configure Nginx
+- name: Install & configure nginx
   block:
-    - name: Install Nginx
+    - name: Install nginx
       package:
         name: nginx
         state: present
       when: ansible_facts['distribution'] != opensuse_os_name
 
-    - name: Install Nginx
+    - name: Install nginx
       zypper:
         name: nginx
         state: present
       when: ansible_facts['distribution'] == opensuse_os_name
 
-    - name: Start and enable nginx service
-      service:
-        name: nginx
-        state: restarted
-        enabled: yes
-
     - name: Configure nginx.conf (1/2)
       replace:
         path: "../../k8s_start_services/templates/nginx.conf.j2"