CRLF termination fix

Signed-off-by: abhishek-sa1 <abhishek.sa3@dell.com>

control_plane/input_params/ib_vars_edr.yml

@@ -1,200 +1,200 @@
-# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-
-
-# Default configurations written for :
-  # ----Switch-IB(TM) 2 based EDR InfiniBand 1U Switch, 36 QSFP28 ports----
-# Change the configurations as per the switch model to avoid failures
-
-# Subnet Manager: centralized resource used by infiniband
-# to handle the management of the fabric.
-# Cache and Log directories of subnet manager
-# container are mounted to below mentioned path on host.
-
-# cache_directory: opensm stores certain data to the disk such that
-# subsequent runs are consistent. The default directory used is /var/cache/opensm.
-# The following files are included in it: guid2lid, guid2mkey, neighbors
-
-# log_directory: controls the directory in which the temporary files
-# generated by opensm are created. These files are: opensm-subnet.lst,
-# opensm.fdbs, and opensm.log. By default, this directory is /var/log.
-
-subnet_manager:
-  cache_directory: /var/cache/opensm
-  log_directory: /var/log
-
-# mellanox_switch_config: list of configuration lines to apply to the switch.
-  # Example:
-    # mellanox_switch_config:
-      # - Command 1
-      # - Command 2
-  # By default, the list is empty.
-mellanox_switch_config:
-
-# mellanox_switch_interface_config: contains interface configuration.
-  # It is a dict mapping switch interface names to configuration dicts.
-  # Each dict may contain the following items:
-    # description - a description to apply to the interface.
-    # config - a list of per-interface configuration.
-mellanox_switch_interface_config:
-  ib 1/1:
-    description: port 1
-    config:
-      - "no shutdown"
-  ib 1/2:
-    description: port 2
-    config:
-      - "no shutdown"
-  ib 1/3:
-    description: port 3
-    config:
-      - "no shutdown"
-  ib 1/4:
-    description: port 4
-    config:
-      - "no shutdown"
-  ib 1/5:
-    description: port 5
-    config:
-      - "no shutdown"
-  ib 1/6:
-    description: port 6
-    config:
-      - "no shutdown"
-  ib 1/7:
-    description: port 7
-    config:
-      - "no shutdown"
-  ib 1/8:
-    description: port 8
-    config:
-      - "no shutdown"
-  ib 1/9:
-    description: port 9
-    config:
-      - "no shutdown"
-  ib 1/10:
-    description: port 10
-    config:
-      - "no shutdown"
-  ib 1/11:
-    description: port 11
-    config:
-      - "no shutdown"
-  ib 1/12:
-    description: port 12
-    config:
-      - "no shutdown"
-  ib 1/13:
-    description: port 13
-    config:
-      - "no shutdown"
-  ib 1/14:
-    description: port 14
-    config:
-      - "no shutdown"
-  ib 1/15:
-    description: port 15
-    config:
-      - "no shutdown"
-  ib 1/16:
-    description: port 16
-    config:
-      - "no shutdown"
-  ib 1/17:
-    description: port 17
-    config:
-      - "no shutdown"
-  ib 1/18:
-    description: port 18
-    config:
-      - "no shutdown"
-  ib 1/19:
-    description: port 19
-    config:
-      - "no shutdown"
-  ib 1/20:
-    description: port 20
-    config:
-      - "no shutdown"
-  ib 1/21:
-    description: port 21
-    config:
-      - "no shutdown"
-  ib 1/22:
-    description: port 22
-    config:
-      - "no shutdown"
-  ib 1/23:
-    description: port 23
-    config:
-      - "no shutdown"
-  ib 1/24:
-    description: port 24
-    config:
-      - "no shutdown"
-  ib 1/25:
-    description: port 25
-    config:
-      - "no shutdown"
-  ib 1/26:
-    description: port 26
-    config:
-      - "no shutdown"
-  ib 1/27:
-    description: port 27
-    config:
-      - "no shutdown"
-  ib 1/28:
-    description: port 28
-    config:
-      - "no shutdown"
-  ib 1/29:
-    description: port 29
-    config:
-      - "no shutdown"
-  ib 1/30:
-    description: port 30
-    config:
-      - "no shutdown"
-  ib 1/31:
-    description: port 31
-    config:
-      - "no shutdown"
-  ib 1/32:
-    description: port 32
-    config:
-      - "no shutdown"
-  ib 1/33:
-    description: port 33
-    config:
-      - "no shutdown"
-  ib 1/34:
-    description: port 34
-    config:
-      - "no shutdown"
-  ib 1/35:
-    description: port 35
-    config:
-      - "no shutdown"
-  ib 1/36:
-    description: port 36
-    config:
-      - "no shutdown"
-
-# save_changes_to_startup: is a boolean flag. By default, this option is set to false.
-# When set to true, it will save the switch's running configuration to the startup configuration file
-# after the role applies its configuration. This will allow the configuration to persist after a
-# restart or power failure.
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+
+# Default configurations written for :
+  # ----Switch-IB(TM) 2 based EDR InfiniBand 1U Switch, 36 QSFP28 ports----
+# Change the configurations as per the switch model to avoid failures
+
+# Subnet Manager: centralized resource used by infiniband
+# to handle the management of the fabric.
+# Cache and Log directories of subnet manager
+# container are mounted to below mentioned path on host.
+
+# cache_directory: opensm stores certain data to the disk such that
+# subsequent runs are consistent. The default directory used is /var/cache/opensm.
+# The following files are included in it: guid2lid, guid2mkey, neighbors
+
+# log_directory: controls the directory in which the temporary files
+# generated by opensm are created. These files are: opensm-subnet.lst,
+# opensm.fdbs, and opensm.log. By default, this directory is /var/log.
+
+subnet_manager:
+  cache_directory: /var/cache/opensm
+  log_directory: /var/log
+
+# mellanox_switch_config: list of configuration lines to apply to the switch.
+  # Example:
+    # mellanox_switch_config:
+      # - Command 1
+      # - Command 2
+  # By default, the list is empty.
+mellanox_switch_config:
+
+# mellanox_switch_interface_config: contains interface configuration.
+  # It is a dict mapping switch interface names to configuration dicts.
+  # Each dict may contain the following items:
+    # description - a description to apply to the interface.
+    # config - a list of per-interface configuration.
+mellanox_switch_interface_config:
+  ib 1/1:
+    description: port 1
+    config:
+      - "no shutdown"
+  ib 1/2:
+    description: port 2
+    config:
+      - "no shutdown"
+  ib 1/3:
+    description: port 3
+    config:
+      - "no shutdown"
+  ib 1/4:
+    description: port 4
+    config:
+      - "no shutdown"
+  ib 1/5:
+    description: port 5
+    config:
+      - "no shutdown"
+  ib 1/6:
+    description: port 6
+    config:
+      - "no shutdown"
+  ib 1/7:
+    description: port 7
+    config:
+      - "no shutdown"
+  ib 1/8:
+    description: port 8
+    config:
+      - "no shutdown"
+  ib 1/9:
+    description: port 9
+    config:
+      - "no shutdown"
+  ib 1/10:
+    description: port 10
+    config:
+      - "no shutdown"
+  ib 1/11:
+    description: port 11
+    config:
+      - "no shutdown"
+  ib 1/12:
+    description: port 12
+    config:
+      - "no shutdown"
+  ib 1/13:
+    description: port 13
+    config:
+      - "no shutdown"
+  ib 1/14:
+    description: port 14
+    config:
+      - "no shutdown"
+  ib 1/15:
+    description: port 15
+    config:
+      - "no shutdown"
+  ib 1/16:
+    description: port 16
+    config:
+      - "no shutdown"
+  ib 1/17:
+    description: port 17
+    config:
+      - "no shutdown"
+  ib 1/18:
+    description: port 18
+    config:
+      - "no shutdown"
+  ib 1/19:
+    description: port 19
+    config:
+      - "no shutdown"
+  ib 1/20:
+    description: port 20
+    config:
+      - "no shutdown"
+  ib 1/21:
+    description: port 21
+    config:
+      - "no shutdown"
+  ib 1/22:
+    description: port 22
+    config:
+      - "no shutdown"
+  ib 1/23:
+    description: port 23
+    config:
+      - "no shutdown"
+  ib 1/24:
+    description: port 24
+    config:
+      - "no shutdown"
+  ib 1/25:
+    description: port 25
+    config:
+      - "no shutdown"
+  ib 1/26:
+    description: port 26
+    config:
+      - "no shutdown"
+  ib 1/27:
+    description: port 27
+    config:
+      - "no shutdown"
+  ib 1/28:
+    description: port 28
+    config:
+      - "no shutdown"
+  ib 1/29:
+    description: port 29
+    config:
+      - "no shutdown"
+  ib 1/30:
+    description: port 30
+    config:
+      - "no shutdown"
+  ib 1/31:
+    description: port 31
+    config:
+      - "no shutdown"
+  ib 1/32:
+    description: port 32
+    config:
+      - "no shutdown"
+  ib 1/33:
+    description: port 33
+    config:
+      - "no shutdown"
+  ib 1/34:
+    description: port 34
+    config:
+      - "no shutdown"
+  ib 1/35:
+    description: port 35
+    config:
+      - "no shutdown"
+  ib 1/36:
+    description: port 36
+    config:
+      - "no shutdown"
+
+# save_changes_to_startup: is a boolean flag. By default, this option is set to false.
+# When set to true, it will save the switch's running configuration to the startup configuration file
+# after the role applies its configuration. This will allow the configuration to persist after a
+# restart or power failure.
 save_changes_to_startup: false

docs/FAQ.md

@@ -189,4 +189,7 @@ Potential Cause: Your Docker pull limit has been exceeded. For more information,
 ## Can Cobbler deploy both Rocky and CentOS at the same time?
 No. During Cobbler based deployment, only one OS is supported at a time. If the user would like to deploy both, please deploy one first, **unmount `/mnt/iso`** and then re-run cobbler for the second OS.
 
+## Why do Firmware Updates fail for some components with Omnia 1.1.1?
+Due to the latest `catalog.xml` file, Firmware updates fail for some components on server models R640 and R740. Omnia execution doesn't get interrupted but an error gets logged. For now, please download those individual updates manually.
+
 

docs/README.md

@@ -198,6 +198,7 @@ If hosts are listed, then an IP address has been assigned to them by DHCP. Howev
 * **Issue**: Decomissioned compute nodes do not get deleted automatically from the awx UI.
 	**Resolution**: Once a node is decommisioned, ensure that the user manually deletes decomissioned hosts from the awx UI.
 
+
 # [Frequently asked questions](FAQ.md)
 
 # Limitations
@@ -209,6 +210,8 @@ If hosts are listed, then an IP address has been assigned to them by DHCP. Howev
 * To change the Kubernetes version from 1.16 to 1.19 or 1.19 to 1.16, you must redeploy the entire cluster.  
 * The Kubernetes pods will not be able to access the Internet or start when firewalld is enabled on the node. This is a limitation in Kubernetes. So, the firewalld daemon will be disabled on all the nodes as part of omnia.yml execution.
 * Only one storage instance (Powervault) is currently supported in the HPC cluster.
+* With the latest `catalog.xml` file, firmware updates of a few components might fail for server models: R640 and R740. Note that Omnia doesn't halt or get interrupted despite these failures. (Fix Expected by 17th December 2021)
+
 
 # Contributing to Omnia
 The Omnia project was started to give members of the [Dell Technologies HPC Community](https://dellhpc.org) a way to easily set up clusters of Dell EMC servers, and to contribute useful tools, fixes, and functionality back to the HPC Community.

platforms/roles/kubeflow/tasks/deploy_kubeflow.yml

@@ -1,141 +1,141 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
----
-
-- name: Download kfctl release from the Kubeflow releases page
-  unarchive:
-    src: "{{ kfctl_download_url }}"
-    dest: "{{ kfctl_download_dest_path }}"
-    mode: "{{ kfctl_download_file_mode }}"
-    remote_src: yes
-
-- name: Delete omnia kubeflow directory if exists
-  file:
-    path: "{{ omnia_kubeflow_dir_path }}"
-    state: absent
-
-- name: Create omnia kubeflow directory
-  file:
-    path: "{{ omnia_kubeflow_dir_path }}"
-    state: directory
-    mode: "{{ omnia_kubeflow_dir_mode }}"
-    recurse: yes
-
-- name: Build kubeflow configuration
-  command:
-    cmd: /usr/bin/kfctl build -V -f "{{ kubeflow_config_yaml_url }}"
-    chdir: "{{ omnia_kubeflow_dir_path }}"
-  changed_when: true
-
-- name: Modify CPU limit for istio-ingressgateway-service-account
-  replace:
-    path: "{{ istio_noauth_yaml_file_path }}"
-    after: 'serviceAccountName: istio-ingressgateway-service-account'
-    before: '---'
-    regexp: 'cpu: 100m'
-    replace: 'cpu: 2'
-
-- name: Modify memory limit for istio-ingressgateway-service-account
-  replace:
-    path: "{{ istio_noauth_yaml_file_path }}"
-    after: 'serviceAccountName: istio-ingressgateway-service-account'
-    before: '---'
-    regexp: 'memory: 128Mi'
-    replace: 'memory: 512Mi'
-
-- name: Modify CPU request for istio-ingressgateway-service-account
-  replace:
-    path: "{{ istio_noauth_yaml_file_path }}"
-    after: 'serviceAccountName: istio-ingressgateway-service-account'
-    before: '---'
-    regexp: 'cpu: 10m'
-    replace: 'cpu: 1'
-
-- name: Modify memory request for istio-ingressgateway-service-account
-  replace:
-    path: "{{ istio_noauth_yaml_file_path }}"
-    after: 'serviceAccountName: istio-ingressgateway-service-account'
-    before: '---'
-    regexp: 'memory: 40Mi'
-    replace: 'memory: 256Mi'
-
-- name: Modify memory request for istio-engressgateway-service-account
-  replace:
-    path: "{{ istio_noauth_yaml_file_path }}"
-    after: 'serviceAccountName: istio-egressgateway-service-account'
-    before: '---'
-    regexp: 'memory: 128Mi'
-    replace: 'memory: 256Mi'
-
-- name: Modify memory request for istio-engressgateway-service-account
-  replace:
-    path: "{{ istio_noauth_yaml_file_path }}"
-    after: 'serviceAccountName: istio-egressgateway-service-account'
-    before: '---'
-    regexp: 'memory: 40Mi'
-    replace: 'memory: 128Mi'
-
-- name: Modify CPU limit for kfserving-gateway
-  replace:
-    path: "{{ kfserving_gateway_yaml_file_path }}"
-    after: 'serviceAccountName: istio-ingressgateway-service-account'
-    before: 'env:'
-    regexp: 'cpu: 100m'
-    replace: 'cpu: 2'
-
-- name: Modify memory limit for kfserving-gateway
-  replace:
-    path: "{{ kfserving_gateway_yaml_file_path }}"
-    after: 'serviceAccountName: istio-ingressgateway-service-account'
-    before: 'env:'
-    regexp: 'memory: 128Mi'
-    replace: 'memory: 512Mi'
-
-- name: Modify CPU request for kfserving-gateway
-  replace:
-    path: "{{ kfserving_gateway_yaml_file_path }}"
-    after: 'serviceAccountName: istio-ingressgateway-service-account'
-    before: 'env:'
-    regexp: 'cpu: 10m'
-    replace: 'cpu: 1'
-
-- name: Modify memory request for kfserving-gateway
-  replace:
-    path: "{{ kfserving_gateway_yaml_file_path }}"
-    after: 'serviceAccountName: istio-ingressgateway-service-account'
-    before: 'env:'
-    regexp: 'memory: 40Mi'
-    replace: 'memory: 256Mi'
-
-- name: Change argo base service from NodePort to LoadBalancer
-  replace:
-    path: "{{ argo_yaml_file_path }}"
-    regexp: 'NodePort'
-    replace: 'LoadBalancer'
-
-- name: Change istio-install base istio-noauth service from NodePort to LoadBalancer
-  replace:
-    path: "{{ istio_noauth_yaml_file_path }}"
-    regexp: 'NodePort'
-    replace: 'LoadBalancer'
-
-- name: Apply kubeflow configuration
-  command:
-    cmd: "/usr/bin/kfctl apply -V -f '{{ kubeflow_config_file }}'"
-    chdir: "{{ omnia_kubeflow_dir_path }}"
-  changed_when: true
-  register: apply_kubeflow_config
-  until: apply_kubeflow_config is not failed
-  retries: 20
+#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Download kfctl release from the Kubeflow releases page
+  unarchive:
+    src: "{{ kfctl_download_url }}"
+    dest: "{{ kfctl_download_dest_path }}"
+    mode: "{{ kfctl_download_file_mode }}"
+    remote_src: yes
+
+- name: Delete omnia kubeflow directory if exists
+  file:
+    path: "{{ omnia_kubeflow_dir_path }}"
+    state: absent
+
+- name: Create omnia kubeflow directory
+  file:
+    path: "{{ omnia_kubeflow_dir_path }}"
+    state: directory
+    mode: "{{ omnia_kubeflow_dir_mode }}"
+    recurse: yes
+
+- name: Build kubeflow configuration
+  command:
+    cmd: /usr/bin/kfctl build -V -f "{{ kubeflow_config_yaml_url }}"
+    chdir: "{{ omnia_kubeflow_dir_path }}"
+  changed_when: true
+
+- name: Modify CPU limit for istio-ingressgateway-service-account
+  replace:
+    path: "{{ istio_noauth_yaml_file_path }}"
+    after: 'serviceAccountName: istio-ingressgateway-service-account'
+    before: '---'
+    regexp: 'cpu: 100m'
+    replace: 'cpu: 2'
+
+- name: Modify memory limit for istio-ingressgateway-service-account
+  replace:
+    path: "{{ istio_noauth_yaml_file_path }}"
+    after: 'serviceAccountName: istio-ingressgateway-service-account'
+    before: '---'
+    regexp: 'memory: 128Mi'
+    replace: 'memory: 512Mi'
+
+- name: Modify CPU request for istio-ingressgateway-service-account
+  replace:
+    path: "{{ istio_noauth_yaml_file_path }}"
+    after: 'serviceAccountName: istio-ingressgateway-service-account'
+    before: '---'
+    regexp: 'cpu: 10m'
+    replace: 'cpu: 1'
+
+- name: Modify memory request for istio-ingressgateway-service-account
+  replace:
+    path: "{{ istio_noauth_yaml_file_path }}"
+    after: 'serviceAccountName: istio-ingressgateway-service-account'
+    before: '---'
+    regexp: 'memory: 40Mi'
+    replace: 'memory: 256Mi'
+
+- name: Modify memory request for istio-engressgateway-service-account
+  replace:
+    path: "{{ istio_noauth_yaml_file_path }}"
+    after: 'serviceAccountName: istio-egressgateway-service-account'
+    before: '---'
+    regexp: 'memory: 128Mi'
+    replace: 'memory: 256Mi'
+
+- name: Modify memory request for istio-engressgateway-service-account
+  replace:
+    path: "{{ istio_noauth_yaml_file_path }}"
+    after: 'serviceAccountName: istio-egressgateway-service-account'
+    before: '---'
+    regexp: 'memory: 40Mi'
+    replace: 'memory: 128Mi'
+
+- name: Modify CPU limit for kfserving-gateway
+  replace:
+    path: "{{ kfserving_gateway_yaml_file_path }}"
+    after: 'serviceAccountName: istio-ingressgateway-service-account'
+    before: 'env:'
+    regexp: 'cpu: 100m'
+    replace: 'cpu: 2'
+
+- name: Modify memory limit for kfserving-gateway
+  replace:
+    path: "{{ kfserving_gateway_yaml_file_path }}"
+    after: 'serviceAccountName: istio-ingressgateway-service-account'
+    before: 'env:'
+    regexp: 'memory: 128Mi'
+    replace: 'memory: 512Mi'
+
+- name: Modify CPU request for kfserving-gateway
+  replace:
+    path: "{{ kfserving_gateway_yaml_file_path }}"
+    after: 'serviceAccountName: istio-ingressgateway-service-account'
+    before: 'env:'
+    regexp: 'cpu: 10m'
+    replace: 'cpu: 1'
+
+- name: Modify memory request for kfserving-gateway
+  replace:
+    path: "{{ kfserving_gateway_yaml_file_path }}"
+    after: 'serviceAccountName: istio-ingressgateway-service-account'
+    before: 'env:'
+    regexp: 'memory: 40Mi'
+    replace: 'memory: 256Mi'
+
+- name: Change argo base service from NodePort to LoadBalancer
+  replace:
+    path: "{{ argo_yaml_file_path }}"
+    regexp: 'NodePort'
+    replace: 'LoadBalancer'
+
+- name: Change istio-install base istio-noauth service from NodePort to LoadBalancer
+  replace:
+    path: "{{ istio_noauth_yaml_file_path }}"
+    regexp: 'NodePort'
+    replace: 'LoadBalancer'
+
+- name: Apply kubeflow configuration
+  command:
+    cmd: "/usr/bin/kfctl apply -V -f '{{ kubeflow_config_file }}'"
+    chdir: "{{ omnia_kubeflow_dir_path }}"
+  changed_when: true
+  register: apply_kubeflow_config
+  until: apply_kubeflow_config is not failed
+  retries: 20
   delay: 10

platforms/roles/kubeflow/tasks/firewalld_config.yml

@@ -1,45 +1,45 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
----
-
-- name: Install firewalld
-  package:
-    name: firewalld
-    state: present
-  tags: firewalld
-
-- name: Start and enable firewalld
-  service:
-    name: firewalld
-    state: started
-    enabled: yes
-  tags: firewalld
-
-- name: Configure firewalld on master nodes
-  firewalld:
-    port: "{{ item }}/tcp"
-    permanent: yes
-    state: enabled
-  with_items: '{{ kubeflow_firewalld_ports }}'
-  tags: firewalld
-
-- name: Masquerade the firewall
-  command: firewall-cmd --add-masquerade --permanent
-  changed_when: true
-  tags: firewalld
-
-- name: Reload firewalld
-  command: firewall-cmd --reload
-  changed_when: true
+#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Install firewalld
+  package:
+    name: firewalld
+    state: present
+  tags: firewalld
+
+- name: Start and enable firewalld
+  service:
+    name: firewalld
+    state: started
+    enabled: yes
+  tags: firewalld
+
+- name: Configure firewalld on master nodes
+  firewalld:
+    port: "{{ item }}/tcp"
+    permanent: yes
+    state: enabled
+  with_items: '{{ kubeflow_firewalld_ports }}'
+  tags: firewalld
+
+- name: Masquerade the firewall
+  command: firewall-cmd --add-masquerade --permanent
+  changed_when: true
+  tags: firewalld
+
+- name: Reload firewalld
+  command: firewall-cmd --reload
+  changed_when: true
   tags: firewalld