Issue #193: Omnia playbooks dependent on mariadb_password in appliance

Signed-off-by: sakshiarora13 <sakshi_arora1@dell.com>

appliance/input_config.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -23,22 +23,20 @@ provision_password: ""
 # The password must not contain -,\, ',"
 awx_password: ""
 
-# Password used for Slurm database.
-# The Length of the password should be atleast 8.
-# The password must not contain -,\, ',"
-mariadb_password: ""
-
 # The nic/ethernet card that needs to be connected to the HPC switch.
 # This nic will be configured by Omnia for the DHCP server.
 # Default value of nic is em1.
 hpc_nic: "em1"
 
-# The nic card that needs to be connected to the public internet.
-# The public_nic should be em2, em1 or em3
-# Default value of nic is em2.
+# The nic/ethernet card that will be connected to the public internet.
+# Default value of nic is em2
 public_nic: "em2"
 
-# Kubernetes SDN network.
-# Options: calico/flannel.
-# Default value is calico.
-k8s_cni: "calico"
+# The mapping file consists of the MAC address and its respective IP address and hostname.
+# If user wants to provide a mapping file, set this value to "true"
+# The format of mapping file should be MAC,hostname,IP and must be a CSV file.
+mapping_file_exists: ""
+
+# The dhcp range for assigning the IP address to the baremetal nodes.
+dhcp_start_ip_range: ""
+dhcp_end_ip_range: ""

appliance/roles/web_ui/tasks/ui_accessibility.yml

@@ -74,7 +74,7 @@
             return_content: yes
           register: register_error
           until: awx_ui_msg in register_error.content
-          retries: 20
+          retries: 30
           delay: 10
           changed_when: no
           no_log: True

appliance/tools/passwordless_ssh.yml

@@ -0,0 +1,40 @@
+# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Fetch provision_password
+  hosts: localhost
+  connection: local
+  gather_facts: no
+  roles:
+    - fetch_password
+
+- name: Prepare the cluster with passwordless ssh from manager to compute
+  hosts: manager
+  gather_facts: false
+  pre_tasks:
+    - name: Set Fact
+      set_fact:
+        ssh_to: "{{ groups['compute'] }}"
+  roles:
+    - cluster_preperation
+
+- name: Prepare the cluster with passwordless ssh from compute to manager
+  hosts: compute
+  gather_facts: false
+  pre_tasks:
+    - name: Set Fact
+      set_fact:
+        ssh_to: "{{ groups['manager'] }}"
+  roles:
+    - cluster_preperation

appliance/tools/roles/fetch_password/tasks/main.yml

@@ -0,0 +1,42 @@
+#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+- name: Include variables from common role
+  include_vars: "{{ role_path }}/../../../roles/common/vars/main.yml"
+  no_log: True
+
+- name: Check input config file is encrypted
+  command: cat {{ role_path }}/../../../{{ input_config_filename }}
+  changed_when: false
+  register: config_content
+
+- name: Decrpyt appliance_config.yml
+  command: >-
+    ansible-vault decrypt {{ role_path }}/../../../{{ input_config_filename }}
+    --vault-password-file {{ role_path }}/../../../{{ vault_filename }}
+  changed_when: false
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+
+- name: Include variable file appliance_config.yml
+  include_vars: "{{ role_path }}/../../../{{ input_config_filename }}"
+
+- name: Save input variables from file
+  set_fact:
+    cobbler_password: "{{ provision_password }}"
+
+- name: Encrypt input config file
+  command: >-
+    ansible-vault encrypt {{ role_path }}/../../../{{ input_config_filename }}
+    --vault-password-file {{ role_path }}/../../../{{ vault_filename }}
+  changed_when: false

omnia.yml

@@ -123,24 +123,4 @@
 # gather_facts: false
 # roles:
 #   - slurm_exporter
-# tags: slurm
-
-- name: Prepare the cluster with passwordless ssh from manager to compute
-  hosts: manager
-  gather_facts: false
-  pre_tasks:
-    - name: Set Fact
-      set_fact:
-        ssh_to: "{{ groups['compute'] }}"
-  roles:
-    - cluster_preperation
-
-- name: Prepare the cluster with passwordless ssh from compute to manager
-  hosts: compute
-  gather_facts: false
-  pre_tasks:
-    - name: Set Fact
-      set_fact:
-        ssh_to: "{{ groups['manager'] }}"
-  roles:
-    - cluster_preperation
+# tags: slurm

omnia_config.yml

@@ -0,0 +1,24 @@
+# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# Password used for Slurm database.
+# The Length of the password should be atleast 8.
+# The password must not contain -,\, ',"
+mariadb_password: "password"
+
+# Kubernetes SDN network.
+# It can either be "calico" or "flannel".
+# Default value assigned is "calico".
+k8s_cni: "calico"

roles/cluster_validation/tasks/fetch_password.yml

@@ -12,31 +12,75 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
-- name: Check if input config file is encrypted
-  command: cat {{ role_path }}/../../appliance/{{ input_config_filename }}
+- name: Check if omnia_vault_key exists
+  stat:
+    path: "{{ role_path }}/../../{{ config_vaultname }}"
+  register: vault_key_result
+
+- name: Create ansible vault key if it does not exist
+  set_fact:
+    vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
+  when: not vault_key_result.stat.exists
+
+- name: Save vault key
+  copy:
+    dest: "{{ role_path }}/../../{{ config_vaultname }}"
+    content: |
+      {{ vault_key }}
+    owner: root
+    force: yes
+  when: not vault_key_result.stat.exists
+
+- name: Check if omnia config file is encrypted
+  command: cat {{ role_path }}/../../{{ config_filename }}
   changed_when: false
   register: config_content
   no_log: True
 
-- name: Decrpyt input_config.yml
+- name: Decrpyt omnia_config.yml
   command: >-
-    ansible-vault decrypt {{ role_path }}/../../appliance/{{ input_config_filename }}
-    --vault-password-file {{ role_path }}/../../appliance/roles/common/files/{{ vault_filename }}
+    ansible-vault decrypt {{ role_path }}/../../{{ config_filename }}
+    --vault-password-file {{ role_path }}/../../{{ config_vaultname }}
   when: "'$ANSIBLE_VAULT;' in config_content.stdout"
 
-- name: Include variable file input_config.yml
-  include_vars: "{{ role_path }}/../../appliance/{{ input_config_filename }}"
+- name: Include variable file omnia_config.yml
+  include_vars: "{{ role_path }}/../../{{ config_filename }}"
   no_log: True
 
+- name: Validate input parameters are not empty
+  fail:
+    msg: "{{ input_config_failure_msg }}"
+  register: input_config_check
+  when:
+    - mariadb_password | length < 1 or
+      k8s_cni | length < 1
+
+- name: Assert mariadb_password
+  assert:
+    that:
+        - mariadb_password | length > min_length | int - 1
+        - mariadb_password | length < max_length | int + 1
+        - '"-" not in mariadb_password '
+        - '"\\" not in mariadb_password '
+        - '"\"" not in mariadb_password '
+        - " \"'\" not in mariadb_password "
+    success_msg: "{{ success_msg_mariadb_password }}"
+    fail_msg: "{{ fail_msg_mariadb_password }}"
+
+- name: Assert kubernetes cni
+  assert:
+    that: "('calico' in k8s_cni) or ('flannel' in k8s_cni)"
+    success_msg: "{{ success_msg_k8s_cni }}"
+    fail_msg: "{{ fail_msg_k8s_cni }}"
+
 - name: Save input variables from file
   set_fact:
-    cobbler_password: "{{ provision_password }}"
     db_password: "{{ mariadb_password }}"
     k8s_cni: "{{ k8s_cni }}"
   no_log: True
 
 - name: Encrypt input config file
   command: >-
-    ansible-vault encrypt {{ role_path }}/../../appliance/{{ input_config_filename }}
-    --vault-password-file {{ role_path }}/../../appliance/roles/common/files/{{ vault_filename }}
+    ansible-vault encrypt {{ role_path }}/../../{{ config_filename }}
+    --vault-password-file {{ role_path }}/../../{{ config_vaultname }}
   when: "'$ANSIBLE_VAULT;' not in config_content.stdout"

roles/cluster_validation/tasks/main.yml

@@ -12,11 +12,8 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
-- name: Include vars file of common role
-  include_vars: "{{ role_path }}/../../appliance/roles/common/vars/main.yml"
-
 - name: Perform validations
   include_tasks: validations.yml
 
-- name: Fetch cobbler password
+- name: Fetch passwords
   include_tasks: fetch_password.yml

roles/cluster_validation/vars/main.yml

@@ -12,7 +12,17 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
+#Usage: fetch_password.yml
+config_filename: "omnia_config.yml"
+config_vaultname: .omnia_vault_key
+min_length: 8
+max_length: 30
+fail_msg_mariadb_password: "maria_db password not given in correct format."
+success_msg_mariadb_password: "mariadb_password validated"
+success_msg_k8s_cni: "Kubernetes CNI Validated"
+fail_msg_k8s_cni: "Kubernetes CNI not correct."
 
+#Usage: validations.yml
 skip_tag_fail_msg: "Can't skip both slurm and kubernetes"
 manager_group_fail_msg: "manager group should contain exactly 1 node"
 manager_group_success_msg: "manager group check passed"

roles/slurm_common/tasks/main.yml

@@ -14,7 +14,7 @@
 ---
 
 - name: Get hostname
-  command: hostname -s
+  command: hostname
   register: host_name
   changed_when: true
 
@@ -29,7 +29,7 @@
 - name: Add host name in hosts file
   lineinfile:
     dest: "{{ hosts_dest }}"
-    line: "{{ hostvars[inventory_hostname]['ansible_default_ipv4']['address'] }} {{ host_name.stdout }}"
+    line: "{{ inventory_hostname }} {{ host_name.stdout }}"
     state: present
     create: yes
     mode: "{{ common_mode }}"
@@ -155,6 +155,15 @@
     mode: "{{ gen_mode }}"
     recurse: yes
 
+- name: Give slurm user permission to spool directory
+  file:
+    path: "{{ spool_dir }}"
+    owner: slurm
+    group: slurm
+    state: directory
+    mode: "{{ common_mode }}"
+    recurse: yes
+
 - name: Create slurm pid directory
   file:
     path: "{{ slurm_pidpth }}"

roles/slurm_common/vars/main.yml

@@ -13,8 +13,6 @@
 #  limitations under the License.
 ---
 
-epel_url: https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
-
 common_packages:
    - munge
    - munge-libs
@@ -41,6 +39,7 @@ slurm_uid: "6001"
 slurm_logpth: "/var/log/slurm/"
 slurm_pidpth: "/var/run/slurm/"
 gen_mode: "0755"
+spool_dir: "/var/spool/"
 spool_pth: "/var/spool/slurm/"
 slurmctld_pid: "/var/run/slurmctld.pid"
 slurmd_pid: "/var/run/slurmd.pid"

roles/slurm_manager/tasks/main.yml

@@ -29,7 +29,7 @@
     mode: "{{ tmp_mode }}"
     state: touch
 
-- name: Create slurmctld log file on master
+- name: Create slurmctld log file on manager
   file:
     path: "{{ slurm_logpth }}"
     owner: slurm
@@ -38,14 +38,14 @@
   with_items:
     - slurmctld.log
 
-- name: Create log files on master
+- name: Create log files on manager
   file:
     path: "{{ slurm_logpth }}"
     owner: slurm
     mode: "{{ tmp_mode }}"
     state: touch
   with_items:
-    - "{{ log_files_master }}"
+    - "{{ log_files_manager }}"
 
 - name: Install packages for slurm
   package:
@@ -86,7 +86,7 @@
     warn: no
 
 - name: Verify package md5
-  command: rpm -qa
+  shell: rpm -qa | grep slurm
   ignore_errors: true
   register: verify_result
   changed_when: no
@@ -100,9 +100,10 @@
     chdir: "{{ rpm_path }}"
     warn: no
   changed_when: true
+  when: verify_result.rc != 0
 
 - name: Get the hostname
-  command: hostname -s
+  command: hostname
   register: machine_name
   changed_when: true
 
@@ -147,13 +148,13 @@
   when: "'manager' in group_names"
   tags: firewalld
 
-- name: Get network address/subnet mask through ipaddr
+- name: Get network address/subnet mask
   set_fact:
     network_address: "{{ (ansible_default_ipv4.network + '/' + ansible_default_ipv4.netmask) | ipaddr('network/prefix') }}"
 
 - name: Firewall rule slurm - allow all incoming traffic on internal network
   firewalld:
-    zone: internal
+    zone: public
     rich_rule: 'rule family="{{ family }}" source address="{{ network_address }}" accept'
     permanent: true
     state: enabled
@@ -172,7 +173,10 @@
   tags: install
 
 - name: Grant permissions for slurm db
-  command: mysql -u root -e "GRANT ALL ON slurm_acct_db.* TO '{{ db_user }}'@'{{ db_host }}' identified by '{{ db_password[0] }}'with grant option;"
+  command: >-
+    mysql -u root -e "GRANT ALL ON slurm_acct_db.* TO '{{ db_user }}'@'{{
+    db_host }}' identified by '{{ hostvars['127.0.0.1']['db_password'] }}'with
+    grant option;"
   tags: install
   changed_when: true
 
@@ -206,7 +210,7 @@
   lineinfile:
     path: "{{ slurmdbd_path }}"
     regexp: "StoragePass="
-    line: "StoragePass={{ db_password[0] }}"
+    line: "StoragePass={{ hostvars['127.0.0.1']['db_password'] }}"
 
 - name: Add storage user
   lineinfile:
@@ -230,4 +234,4 @@
   fetch:
     src: "{{ slurm_confpth }}"
     dest: "{{ buffer_path }}"
-    flat: true
+    flat: true

roles/slurm_manager/vars/main.yml

@@ -38,7 +38,7 @@ dev_tools:
    - ncurses-devel
    - gtk2-devel
 
-log_files_master:
+log_files_manager:
    - slurm_jobacct.log
    - slurm_jobcomp.log
 

roles/slurm_start_services/tasks/main.yml

@@ -32,7 +32,7 @@
   tags: install
 
 - name: Start slurmctld on manager
-  systemd:
+  service:
     name: slurmctld
     state: started
   tags: install
@@ -44,24 +44,22 @@
 
 - name: Create slurm cluster
   command: sacctmgr -i add cluster {{ cluster_name }}
-  when: slurm_clusterlist.stdout.find(cluster_name) == 1
+  when: not slurm_clusterlist.stdout
 
 - name: Show account
-  command: sacctmgr show account
+  command: sacctmgr show account -s
   register: account_added
   changed_when: false
 
 - name: Create default slurm group
   command: sacctmgr -i add account defaultgroup Cluster={{ cluster_name }} Description="Default Account" Organization="Default Org"
-  when: account_added.stdout.find(cluster_name) == 1
-  tags: install
+  when: account_added.rc != 0
 
 - name: Check if user exists
-  command: sacctmgr show user
+  command: sacctmgr show user -s
   register: user_added
   changed_when: false
 
 - name: Add root to the default account
   command: sacctmgr -i add user root DefaultAccount=defaultgroup
-  when: account_added.stdout.find(cluster_name) == 1
-  tags: install
+  when: user_added.rc != 0

roles/slurm_workers/tasks/main.yml

@@ -92,7 +92,7 @@
     warn: no
 
 - name: Verify package md5
-  command: rpm -qa
+  shell: rpm -qa | grep slurm
   ignore_errors: true
   register: verify_result
   changed_when: no
@@ -106,9 +106,10 @@
     chdir: "{{ rpm_path }}"
     warn: no
   changed_when: true
+  when: verify_result.rc != 0
 
 - name: Get the hostname
-  command: hostname -s
+  command: hostname
   register: machine_name
   changed_when: true
 
@@ -119,7 +120,6 @@
     line: "NodeName={{ machine_name.stdout }} Sockets={{ hostvars[inventory_hostname]['ansible_facts']['processor_count'] }}
       CoresPerSocket={{ hostvars[inventory_hostname]['ansible_facts']['processor_cores'] }}"
 
-
 - name: Save slurm conf in buffer
   fetch:
     src: "{{ slurm_confpth }}"