Merge branch 'devel' into issue-258

control_plane/roles/control_plane_customiso/files/add_nfs_client.yml

@@ -0,0 +1,54 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Add nfs client entries
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Include control_plane_repo vars
+      include_vars: ../../control_plane_repo/vars/main.yml
+
+    - name: Check if idrac inventory file exists
+      stat:
+        path: "../../collect_device_info/files/idrac_inventory"
+      register: provisioned_file_result
+
+    - name: Check {{ exports_file_path }}
+      command: cat {{ exports_file_path }}
+      register: exports_file_check
+      changed_when: false
+      when: provisioned_file_result.stat.exists
+
+    - name: Adding NFS share entries in {{ exports_file_path }}
+      lineinfile:
+        path: "{{ exports_file_path }}"
+        line: "{{ nfs_share_offline_repo }} {{ item }}(rw,sync,no_root_squash)"
+      when:
+        - provisioned_file_result.stat.exists
+        - item not in exports_file_check.stdout
+      loop: "{{ lookup('file', '../../collect_device_info/files/idrac_inventory').splitlines() }}"
+
+    - name: Exporting the shared directories
+      command: /usr/sbin/exportfs -r
+      changed_when: true
+      when: provisioned_file_result.stat.exists
+
+    - name: Copy exports file to custom_iso role
+      copy:
+        src: "{{ exports_file_path }}"
+        dest: "{{ playbook_dir }}/exports"
+        mode: preserve
+      when: provisioned_file_result.stat.exists

control_plane/roles/control_plane_customiso/files/temp_centos7.cfg

@@ -0,0 +1,56 @@
+# Install OS instead of upgrade
+install
+
+# SELinux configuration
+selinux --disabled
+
+# Firewall configuration
+firewall --disabled
+
+# text install
+text
+
+# Do not configure the X Window System
+skipx
+
+ignoredisk --only-use=sda
+
+# Keyboard layouts
+keyboard us
+
+# System language
+lang ks_language
+
+# Network information
+network  --bootproto=dhcp --device=ks_nic --onboot=on
+
+# Root password
+rootpw --iscrypted ks_password
+
+# System services
+services --enabled="chronyd"
+
+# System timezone
+timezone --utc ks_timezone
+
+# System bootloader configuration
+bootloader --location=mbr --boot-drive=sda
+
+# Partition clearing information
+clearpart --all --initlabel --drives=sda
+
+# Clear the Master Boot Record
+zerombr
+
+# Disk Partitioning
+partition /boot/efi --asprimary --fstype=vfat --label EFI  --size=200
+partition /boot     --asprimary --fstype=ext4 --label BOOT --size=500
+partition /         --asprimary --fstype=ext4 --label ROOT --size=4096 --grow
+
+# Reboot after installation
+reboot
+
+%packages
+@core
+net-tools
+%end

control_plane/roles/control_plane_customiso/tasks/check_prerequisites.yml

@@ -0,0 +1,46 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Install genisoimage package
+  package:
+    name: genisoimage
+    state: present
+  tags: install
+
+- name: Install ansible-galaxy modules
+  command: ansible-galaxy collection install {{ item }}
+  changed_when: true
+  with_items:
+   - community.general
+   - dellemc.openmanage
+
+- name: Install omsdk using pip
+  pip:
+    name: omsdk
+    state: present
+  tags: install
+
+- name: Check iso mount folder
+  stat:
+    path: "{{ iso_mount_path }}{{ isolinux_cfg_path }}"
+  register: check_mount_iso
+  tags: install
+
+- name: Incorrect iso mount
+  fail:
+    msg: "{{ iso_mount_check_fail_msg }}"
+  when: not check_mount_iso.stat.exists
+  register: iso_mount_fail
+  tags: install

control_plane/roles/control_plane_customiso/tasks/create_unattended_iso.yml

@@ -0,0 +1,64 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Create custom ISO
+  command: >-
+    mkisofs -o {{ role_path }}/files/{{ unattended_iso_filename }} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4
+    -boot-info-table -eltorito-alt-boot -e images/efiboot.img -no-emul-boot -J -R -V "CentOS 7 x86_64"  {{ tmp_iso_dir }}
+  changed_when: true
+  register: custom_iso_status
+  tags: install
+  args:
+    chdir: "{{ tmp_iso_dir }}"
+
+- name: Custom ISO creation status check
+  assert:
+    that:
+      - "'Total directory bytes:' in custom_iso_status.stderr"
+      - "'Path table size(bytes):' in custom_iso_status.stderr"
+      - "'Max brk space used' in custom_iso_status.stderr"
+      - "'extents written' in custom_iso_status.stderr"
+    success_msg: "{{ custom_iso_success_msg }}"
+    fail_msg: "{{ custom_iso_fail_msg }}"
+  register: iso_success_check
+
+- name: Remove the kickstart file
+  file:
+    path: "{{ role_path }}/files/{{ kickstart_file }}"
+    state: absent
+  tags: install
+
+- name: Include control_plane_repo vars
+  include_vars: ../../control_plane_repo/vars/main.yml
+
+- name: Copy ISO file to nfs share
+  copy:
+    src: "{{ role_path }}/files/{{ unattended_iso_filename }}"
+    dest: "{{ nfs_share_offline_repo }}/{{ unattended_iso_filename }}"
+    mode: preserve
+  tags: install
+
+- name: Fetch ansible-playbook location
+  command: whereis ansible-playbook
+  changed_when: false
+  register: ansible_playbook_location
+  tags: install
+
+- name: Schedule task
+  cron:
+    name: "Add idrac IP to nfs exports"
+    minute: "*/10"
+    job: "if ! out=`{{ ansible_playbook_location.stdout.split(' ')[1] }} {{ role_path }}/files/add_nfs_client.yml`; then echo $out >> {{ cron_error_log }}; fi"
+  tags: install

control_plane/roles/control_plane_customiso/tasks/edit_iso_config.yml

@@ -0,0 +1,112 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Create iso directory
+  file:
+    path: "{{ tmp_iso_dir }}"
+    state: directory
+    mode: "{{ file_permission }}"
+  tags: install
+
+- name: Copy files to tmpiso folder
+  copy:
+    src: "{{ iso_mount_path }}"
+    dest: "{{ tmp_iso_dir }}"
+    mode: preserve
+  tags: install
+
+- name: Edit isolinux.cfg
+  replace:
+    path: "{{ tmp_iso_dir }}{{ isolinux_cfg_path }}"
+    regexp: "{{ item.regexp }}"
+    replace: "{{ item.replace }}"
+  with_items:
+      - { regexp: "append initrd=initrd.img", replace: "append initrd=initrd.img ks=cdrom:/{{ kickstart_file }}" }
+      - { regexp: "rd.live.check quiet", replace: "" }
+  tags: install
+
+- name: Edit grub.cfg
+  replace:
+    path: "{{ tmp_iso_dir }}{{ grub_cfg_path }}"
+    regexp: "{{ item.regexp }}"
+    replace: "{{ item.replace }}"
+  with_items:
+      - { regexp: "kernel /images/pxeboot/vmlinuz", replace: "kernel /images/pxeboot/vmlinuz ks=cdrom:/{{ kickstart_file }}" }
+      - { regexp: "linuxefi /images/pxeboot/vmlinuz", replace: "linuxefi /images/pxeboot/vmlinuz ks=cdrom:/{{ kickstart_file }}" }
+      - { regexp: "rd.live.check quiet", replace: "" }
+  tags: install
+
+- name: Remove the kickstart file if exists
+  file:
+    path: "{{ role_path }}/files/{{ kickstart_file }}"
+    state: absent
+  tags: install
+
+- name: Create the kickstart file
+  copy:
+    src: "{{ role_path }}/files/temp_centos7.cfg"
+    dest: "{{ role_path }}/files/{{ kickstart_file }}"
+    mode: "{{ file_permission }}"
+  tags: install
+
+- name: Random phrase generation
+  command: openssl rand -base64 12
+  changed_when: false
+  register: generate_random_phrase
+  tags: install
+  no_log: true
+
+- name: Encrypt login password
+  command: openssl passwd -1 -salt {{ generate_random_phrase.stdout }} {{ provision_password }}
+  no_log: true
+  changed_when: false
+  register: encrypt_login_pass
+  tags: install
+
+- name: Configure kickstart file - Password
+  replace:
+    path: "{{ role_path }}/files/{{ kickstart_file }}"
+    regexp: '^rootpw --iscrypted ks_password'
+    replace: 'rootpw --iscrypted {{ encrypt_login_pass.stdout }}'
+  no_log: true
+  tags: install
+
+- name: Configure kickstart file - nic
+  replace:
+    path: "{{ role_path }}/files/{{ kickstart_file }}"
+    regexp: '^network  --bootproto=dhcp --device=ks_nic --onboot=on'
+    replace: 'network  --bootproto=dhcp --device={{ host_network_nic }} --onboot=on'
+  tags: install
+
+- name: Configure kickstart file - timezone
+  replace:
+    path: "{{ role_path }}/files/{{ kickstart_file }}"
+    regexp: '^timezone --utc ks_timezone'
+    replace: 'timezone --utc {{ timezone }}'
+  tags: install
+
+- name: Configure kickstart file - language
+  replace:
+    path: "{{ role_path }}/files/{{ kickstart_file }}"
+    regexp: '^lang ks_language'
+    replace: 'lang {{ language }}'
+  tags: install
+
+- name: Copy kickstart file to iso mount path
+  copy:
+    src: "{{ role_path }}/files/{{ kickstart_file }}"
+    dest: "/tmp/tmpiso/{{ kickstart_file }}"
+    mode: preserve
+  tags: install

control_plane/roles/control_plane_customiso/tasks/main.yml

@@ -1,4 +1,4 @@
-# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,7 +13,13 @@
 #  limitations under the License.
 ---
 
-# Will be updated later in each PR
-- name: Pass
-  debug:
-    msg: "Pass"
+# tasks file for control_plane_customiso
+
+- name: Check iso mount path
+  include_tasks: check_prerequisites.yml
+
+- name: Edit iso config files
+  include_tasks: edit_iso_config.yml
+
+- name: Create unattended iso file
+  include_tasks: create_unattended_iso.yml

control_plane/roles/control_plane_customiso/vars/main.yml

@@ -0,0 +1,33 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+# vars file for control_plane_customiso
+
+#Usage: check_prerequisites.yml
+iso_mount_path: /mnt/iso/
+iso_mount_check_fail_msg: "ISO file not mounted. Ensure /mnt/iso path is mounted with centos ISO file."
+
+#Usage: edit_iso_config.yml
+tmp_iso_dir: /tmp/tmpiso/
+kickstart_file: centos7.cfg
+file_permission: 0744
+isolinux_cfg_path: isolinux/isolinux.cfg
+grub_cfg_path: EFI/BOOT/grub.cfg
+
+#Usage: create_unattended_iso.yml
+unattended_iso_filename: unattended_centos7.iso
+custom_iso_success_msg: "Unattended ISO file created successfully"
+custom_iso_fail_msg: "Unattended ISO file creation failed. Ensure /mnt/iso path is mounted with valid centos minimal ISO file."
+cron_error_log: /var/log/nfs_cron_error.log

control_plane/roles/provision_idrac/files/temp_scp.xml

@@ -0,0 +1,13 @@
+<SystemConfiguration>
+<Component FQDD="BIOS.Setup.1-1">
+  <Attribute Name="BootMode">Uefi</Attribute>
+  <Attribute Name="BootSeqRetry">Enabled</Attribute>
+</Component>
+<Component FQDD="iDRAC.Embedded.1">
+  <Attribute Name="SNMP.1#AgentEnable">Enabled</Attribute>
+  <Attribute Name="SNMP.1#TrapFormat">SNMPv1</Attribute>
+  <Attribute Name="SNMP.1#SNMPProtocol">All</Attribute>
+  <Attribute Name="SNMP.1#DiscoveryPort">161</Attribute>
+  <Attribute Name="SNMP.1#AlertPort">162</Attribute>
+</Component>
+</SystemConfiguration>

control_plane/roles/provision_idrac/tasks/check_prerequisites.yml

@@ -0,0 +1,156 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Include control_plane_repo vars
+  include_vars: ../../control_plane_repo/vars/main.yml
+  run_once: true
+
+- name: Include custom_iso vars
+  include_vars: ../../control_plane_customiso/vars/main.yml
+  run_once: true
+
+- name: Check unattended ISO file
+  stat:
+    path: "{{ role_path }}/../control_plane_customiso/files/{{ unattended_iso_filename }}"
+  register: custom_iso_check
+  run_once: true
+
+- name: Custom ISO file not present
+  fail:
+    msg: "{{ custom_iso_check_fail_msg }}"
+  when: not custom_iso_check.stat.exists
+  register: custom_iso_fail
+
+- name: Adding NFS share entries in {{ exports_file_path }}
+  lineinfile:
+    path: "{{ exports_file_path }}"
+    line: "{{ nfs_share_offline_repo }} {{ inventory_hostname }}(rw,sync,no_root_squash)"
+  when: '"awx-" not in hostname.stdout'
+
+- name: Exporting the shared directories
+  command: exportfs -r
+  changed_when: true
+  when: '"awx-" not in hostname.stdout'
+  run_once: true
+
+- name: Check nfs exports file present
+  stat:
+    path: "{{ role_path }}/../control_plane_customiso/files/exports"
+  register: nfs_exports_present
+  when: '"awx-" in hostname.stdout'
+  run_once: true
+
+- name: Check nfs exports file content
+  command: cat "{{ role_path }}/../control_plane_customiso/files/exports"
+  changed_when: false
+  register: check_exports_path
+  run_once: true
+  when:
+    - '"awx-" in hostname.stdout'
+    - nfs_exports_present.stat.exists
+
+- name: Missing entries in nfs exports
+  fail:
+    msg: "{{ missing_exports_fail_msg }}"
+  when:
+    - '"awx-" in hostname.stdout'
+    - not nfs_exports_present.stat.exists or
+      check_exports_path.rc == 1 or
+      inventory_hostname not in check_exports_path.stdout
+
+- name: Fetch management station ip from exports file
+  shell: awk 'FNR==1' {{ role_path }}/../control_plane_customiso/files/exports | awk '{print $2}'
+  changed_when: false
+  register: fetch_public_ip
+  when: '"awx-" in hostname.stdout'
+
+- name: Set public ip
+  set_fact:
+    public_ip: "{{ fetch_public_ip.stdout.split(\"(\")[0] }}"
+  when: '"awx-" in hostname.stdout'
+
+- name: Initialize variables
+  set_fact:
+    raid_type: false
+    raid_controller_sensor: ""
+    raid_enclosure_name: ""
+    drives_id: ""
+    enterprise_license: false
+    datacenter_license: false
+    provision_status: false
+
+- name: Check provisioned_idrac_ip.yml file present
+  stat:
+    path: "{{ role_path }}/files/provisioned_idrac_ip.yml"
+  register: provisioned_file_present
+  run_once: true
+
+- name: Check idrac server is already provisioned
+  command: cat {{ role_path }}/files/provisioned_idrac_ip.yml
+  changed_when: false
+  register: check_provision_status
+  when: provisioned_file_present.stat.exists
+  run_once: true
+
+- name: Removing hosts already provisioned
+  fail:
+    msg: "{{ provision_fail_msg }}"
+  when:
+    - provisioned_file_present.stat.exists
+    - inventory_hostname in check_provision_status.stdout
+
+- name: Show status of the Lifecycle Controller
+  dellemc.openmanage.idrac_lifecycle_controller_status_info:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+  register: lc_check_status
+
+- name: LC not available
+  fail:
+    msg: "{{ lc_check_fail_msg }}"
+  when: not lc_check_status.lc_status_info.LCReady
+  register: lc_fail
+
+- name: Get system inventory
+  dellemc.openmanage.idrac_system_info:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+  register: idrac_info
+
+- name: Set enterprise license status
+  set_fact:
+    enterprise_license: true
+  with_items: "{{ idrac_info.system_info.License }}"
+  when:
+    - '"iDRAC" in idrac_info.system_info.License[my_idx1].LicenseDescription'
+    - '"Enterprise" in idrac_info.system_info.License[my_idx1].LicenseDescription'
+    - '"License" in idrac_info.system_info.License[my_idx1].LicenseDescription'
+    - '"Healthy" in idrac_info.system_info.License[my_idx1].PrimaryStatus'
+  loop_control:
+    index_var: my_idx1
+
+- name: Set datacenter license status
+  set_fact:
+    datacenter_license: true
+  with_items: "{{ idrac_info.system_info.License }}"
+  when:
+    - '"iDRAC" in idrac_info.system_info.License[my_idx2].LicenseDescription'
+    - '"Datacenter" in idrac_info.system_info.License[my_idx2].LicenseDescription'
+    - '"License" in idrac_info.system_info.License[my_idx2].LicenseDescription'
+    - '"Healthy" in idrac_info.system_info.License[my_idx2].PrimaryStatus'
+  loop_control:
+    index_var: my_idx2

control_plane/roles/provision_idrac/tasks/create_vd.yml

@@ -0,0 +1,58 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Set RAID status
+  set_fact:
+    raid_type: true
+    raid_controller_sensor: "{{ idrac_info.system_info.ControllerSensor[my_idx3].FQDD }}"
+    raid_enclosure_name: "Enclosure.Internal.0-1:{{ idrac_info.system_info.ControllerSensor[my_idx3].FQDD }}"
+    raid_vd_status: "{{ idrac_info.system_info.VirtualDisk is defined and idrac_info.system_info.VirtualDisk[0].Name == \"omnia_vd\" }}"
+  with_items: "{{ idrac_info.system_info.Controller }}"
+  loop_control:
+    index_var: my_idx3
+  when: '"RAID" in idrac_info.system_info.ControllerSensor[my_idx3].FQDD'
+
+- name: View existing storage details
+  dellemc.openmanage.dellemc_idrac_storage_volume:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+    state: "view"
+  register: idrac_volume_list
+  when: raid_type and not raid_vd_status
+
+- name: Set drives details
+  set_fact:
+    drives_id: "{{ idrac_volume_list.storage_status.Message.Controller[raid_controller_sensor].Enclosure[raid_enclosure_name].PhysicalDisk }}"
+    drives_count: "{{ idrac_volume_list.storage_status.Message.Controller[raid_controller_sensor].Enclosure[raid_enclosure_name].PhysicalDisk | length }}"
+  when: raid_type and not raid_vd_status
+
+- name: Create VD
+  dellemc.openmanage.dellemc_idrac_storage_volume:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+    state: "create"
+    controller_id: "{{ raid_controller_sensor }}"
+    raid_reset_config: "True"
+    volume_type: "{{ raid_level }}"
+    raid_init_operation: "Fast"
+    volumes:
+      - name: "omnia_vd"
+        span_length: "{{ drives_count }}"
+        drives:
+          id: "{{ drives_id }}"
+  register: create_vd_status
+  when: raid_type and not raid_vd_status

control_plane/roles/provision_idrac/tasks/deploy_os.yml

@@ -0,0 +1,52 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Set one-time boot device to PXE
+  community.general.redfish_command:
+    category: Systems
+    command: SetOneTimeBoot
+    bootdevice: "Pxe"
+    baseuri: "{{ inventory_hostname }}"
+    username: "{{ idrac_username }}"
+    password: "{{ idrac_password }}"
+  when: not (enterprise_license or datacenter_license)
+
+- name: Reboot server
+  dellemc.openmanage.redfish_powerstate:
+    baseuri: "{{ inventory_hostname }}"
+    username: "{{ idrac_username }}"
+    password: "{{ idrac_password }}"
+    reset_type: ForceRestart
+  when: not (enterprise_license or datacenter_license)
+  register: deploy_os
+
+- name: Install OS using iDRAC
+  dellemc.openmanage.idrac_os_deployment:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+    share_name: "{{ public_ip }}:{{ nfs_share_offline_repo }}"
+    iso_image: "{{ unattended_iso_filename }}"
+    expose_duration: "{{ expose_duration }}"
+  register: deploy_os
+  when: enterprise_license or datacenter_license
+
+- name: Add idrac ip to provisioned_idrac_ip.yml
+  lineinfile:
+    path: "{{ role_path }}/files/provisioned_idrac_ip.yml"
+    create: yes
+    mode: "{{ file_permission }}"
+    line: "{{ inventory_hostname }}"
+  when: not deploy_os.failed

control_plane/roles/provision_idrac/tasks/fetch_idrac_credentials.yml

@@ -0,0 +1,42 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check if {{ login_input_filename }} file is encrypted
+  command: cat {{ login_input_filename }}
+  changed_when: false
+  no_log: true
+  register: config_content
+  run_once: true
+
+- name: Decrpyt {{ login_input_filename }}
+  command: >-
+    ansible-vault decrypt {{ login_input_filename }}
+    --vault-password-file {{ login_vault_filename }}
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+  changed_when: false
+  run_once: true
+
+- name: Include variable file {{ login_input_filename }}
+  include_vars: "{{ login_input_filename }}"
+  no_log: true
+  run_once: true
+
+- name: Encrypt {{ login_input_filename }}
+  command: >-
+    ansible-vault encrypt {{ login_input_filename }}
+    --vault-password-file {{ login_vault_filename }}
+  changed_when: false
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+  run_once: true

control_plane/roles/provision_idrac/tasks/import_scp.yml

@@ -0,0 +1,119 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Remove the scp file if exists
+  file:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    state: absent
+  run_once: true
+
+- name: Create scp file
+  copy:
+    src: "{{ role_path }}/files/temp_scp.xml"
+    dest: "{{ role_path }}/files/{{ scp_filename }}"
+    mode: preserve
+  run_once: true
+
+- name: Add system profile value Performance to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: '  <Attribute Name="SysProfile">PerfOptimized</Attribute>'
+    insertafter: '^(.*)BootSeqRetry'
+  when: idrac_system_profile == "Performance"
+  run_once: true
+
+- name: Add system profile value PerformancePerWatt(OS) to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: '  <Attribute Name="SysProfile">PerfPerWattOptimizedOs</Attribute>'
+    insertafter: '^(.*)BootSeqRetry'
+  when: idrac_system_profile == "PerformancePerWatt(OS)"
+  run_once: true
+
+- name: Add system profile value PerformancePerWatt(DAPC) to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: '  <Attribute Name="SysProfile">PerfPerWattOptimizedDapc</Attribute>'
+    insertafter: '^(.*)BootSeqRetry'
+  when: idrac_system_profile == "PerformancePerWatt(DAPC)"
+  run_once: true
+
+- name: Add system profile value WorkstationPerformance to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: '  <Attribute Name="SysProfile">PerfWorkStationOptimized</Attribute>'
+    insertafter: '^(.*)BootSeqRetry'
+  when: idrac_system_profile == "WorkstationPerformance"
+  run_once: true
+
+- name: Add PXE attributes to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: "{{ item }}"
+    insertafter: '^(.*)SysProfile'
+    with_items:
+      - '  <Attribute Name="PxeDev1VlanPriority">0</Attribute>'
+      - '  <Attribute Name="PxeDev1Interface">NIC.Integrated.1-1-1</Attribute>'
+      - '  <Attribute Name="PxeDev1VlanId">1</Attribute>'
+      - '  <Attribute Name="PxeDev1VlanEnDis">Enabled</Attribute>'
+      - '  <Attribute Name="PxeDev1Protocol">IPv4</Attribute>'
+      - '  <Attribute Name="PxeDev1EnDis">Enabled</Attribute>'
+  when: not (enterprise_license or datacenter_license)
+  run_once: true
+
+- name: Disable PXE attributes to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: '  <Attribute Name="PxeDev1EnDis">Disabled</Attribute>'
+    insertafter: '^(.*)SysProfile'
+  when: enterprise_license or datacenter_license
+  run_once: true
+
+- name: Add SNMP community name attribute to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: '  <Attribute Name="SNMP.1#AgentCommunity">{{ snmp_community_name }}</Attribute>'
+    insertafter: '^(.*)SNMP.1#AgentEnable'
+  run_once: true
+
+- name: Add SNMP trap destination attributes to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: "{{ item }}"
+    insertafter: '^(.*)SNMP.1#AlertPort'
+  with_items:
+    - '  <Attribute Name="SNMPAlert.1#Destination">{{ snmp_trap_destination }}</Attribute>'
+    - '  <Attribute Name="SNMPAlert.1#State">Enabled</Attribute>'
+  when: snmp_trap_status
+  run_once: true
+
+- name: Import SCP from a local path and wait for this job to get completed
+  dellemc.openmanage.idrac_server_config_profile:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+    share_name: "{{ role_path }}/files/"
+    command: "import"
+    scp_file: "{{ scp_filename }}"
+    scp_components: "ALL"
+    shutdown_type: "Graceful"
+    job_wait: "True"
+  register: import_scp_status
+
+- name: Remove the scp file
+  file:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    state: absent
+  run_once: true

control_plane/roles/provision_idrac/tasks/main.yml

@@ -1,19 +1,31 @@
 # Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#     http://www.apache.org/licenses/LICENSE-2.0
 #
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
 
-# Will be updated later in each PR
-- name: Pass
-  debug:
-    msg: "Pass"
+# tasks file for provision_idrac
+
+- name: Validate idrac parameters
+  include_tasks: validate_idrac_vars.yml
+
+- name: Check prerequisites
+  include_tasks: check_prerequisites.yml
+
+- name: Import SCP
+  include_tasks: import_scp.yml
+
+- name: Create VD
+  include_tasks: create_vd.yml
+
+- name: Deploy OS
+  include_tasks: deploy_os.yml

control_plane/roles/provision_idrac/tasks/validate_idrac_vars.yml

@@ -0,0 +1,102 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Include variable file idrac_vars.yml
+  include_vars: "{{ idrac_input_filename }}"
+  run_once: true
+
+- name: Include variable file base_vars.yml
+  include_vars: "{{ base_input_filename }}"
+  run_once: true
+
+- name: Initialize variables
+  set_fact:
+    snmp_trap_status: false
+  run_once: true
+
+- name: Validate input parameters are not empty
+  fail:
+    msg: "{{ idrac_input_fail_msg }}"
+  register: idrac_config_check
+  when:
+    - idrac_system_profile | length < 1
+
+- name: Assert idrac_system_profile value
+  assert:
+    that:
+      - idrac_system_profile == "Performance" or idrac_system_profile == "PerformancePerWatt(DAPC)" or idrac_system_profile == "PerformancePerWatt(OS)" or idrac_system_profile == "WorkstationPerformance"
+    success_msg: "{{ idrac_system_profile_success_msg }}"
+    fail_msg: "{{ idrac_system_profile_fail_msg }}"
+
+- name: Assert firmware_update_required value
+  assert:
+    that:
+      - firmware_update_required == true or firmware_update_required == false
+    success_msg: "{{ firmware_update_success_msg }}"
+    fail_msg: "{{ firmware_update_fail_msg }}"
+
+- name: Assert snmp_community_name value
+  assert:
+    that:
+      - snmp_community_name | length > 1
+    success_msg: "{{ snmp_community_success_msg }}"
+    fail_msg: "{{ snmp_community_fail_msg }}"
+
+- name: Set snmp trap destination status
+  set_fact:
+    snmp_trap_status: true
+  when: snmp_trap_destination | length > 1
+  run_once: true
+
+- name: Assert snmp_trap_destination value
+  assert:
+    that:
+      - snmp_trap_destination | length > 6
+    success_msg: "{{ snmp_trap_dest_success_msg }}"
+    fail_msg: "{{ snmp_trap_dest_fail_msg }}"
+  when: snmp_trap_status
+
+- name: Check hostname
+  command: hostname
+  changed_when: false
+  register: hostname
+  run_once: true
+
+- name: Fetch the system public IP
+  set_fact:
+    public_ip: "{{ lookup('vars','ansible_'+public_nic).ipv4.address }}"
+  run_once: true
+  when: '"awx-" not in hostname.stdout'
+
+- name: Assert public IP
+  assert:
+    that:
+      - public_ip | length > 7
+      - public_ip | ipv4
+    success_msg: "{{ public_ip_success_msg }}"
+    fail_msg: "{{ public_ip_fail_msg }}"
+  when: '"awx-" not in hostname.stdout'
+
+- name: Fetch idrac credentials
+  include_tasks: fetch_idrac_credentials.yml
+  when: '"awx-" not in hostname.stdout'
+
+- name: Set idrac credentials
+  set_fact:
+    idrac_username: "{{ lookup('env','ANSIBLE_NET_USERNAME') }}"
+    idrac_password: "{{ lookup('env','ANSIBLE_NET_PASSWORD') }}"
+  no_log: true
+  when: '"awx-" in hostname.stdout'
+  run_once: true

control_plane/roles/provision_idrac/vars/main.yml

@@ -0,0 +1,49 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# vars file for provision_idrac
+
+# Usage: validate_idrac_vars.yml
+idrac_input_filename: input_params/idrac_vars.yml
+base_input_filename: input_params/base_vars.yml
+login_input_filename: input_params/login_vars.yml
+login_vault_filename: input_params/.login_vault_key
+idrac_input_fail_msg: "Please provide all the required parameters in idrac_vars.yml"
+idrac_system_profile_success_msg: "idrac_system_profile validated"
+idrac_system_profile_fail_msg: "Failed. Incorrect setting input for idrac_system_profile in idrac_vars.yml"
+firmware_update_success_msg: "firmware_update_required validated"
+firmware_update_fail_msg: "Failed. firmware_update_required accepts only true or false in idrac_vars.yml"
+snmp_community_success_msg: "snmp_community_name validated"
+snmp_community_fail_msg: "Failed. snmp_community_name should not be empty in base_vars.yml"
+snmp_trap_dest_success_msg: "snmp_trap_destination validated"
+snmp_trap_dest_fail_msg: "Failed. Incorrect value for snmp_trap_destination in base_vars.yml"
+public_ip_success_msg: "public_ip validated"
+public_ip_fail_msg: "Failed. Incorrect value for public_nic in base_vars.yml"
+
+# Usage: check_prerequisites.yml
+custom_iso_check_fail_msg: "Custom ISO file is not present in the device. Please run appliance.yml first to create custom iso file unattended_centos7.iso"
+missing_exports_fail_msg: "Missing iDRAC IP entry in /etc/exports file. Wait for 10 minutes and retry again"
+lc_check_fail_msg: "LC is not ready. Retry again after LC is ready"
+provision_fail_msg: "Skipping remaining tasks for already provisioned servers. To provision server again remove iDRAC IP from the file control_plane/roles/provision_idrac/files/provisioned_idrac_ip.yml"
+
+# Usage: import_scp.yml
+scp_filename: idrac_scp.yml
+
+# Usage: create_vd.yml
+raid_level: "RAID 0"
+
+# Usage: deploy_os.yml
+expose_duration: 60
+file_permission: 0644

control_plane/tools/idrac_secure_boot.yml

@@ -0,0 +1,21 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Enable/Disable secure boot in idrac servers
+  hosts: all
+  connection: local
+  gather_facts: false
+  roles:
+    - idrac_secure_boot

control_plane/tools/idrac_system_lockdown.yml

@@ -0,0 +1,21 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Enable/Disable system lockdown in idrac servers
+  hosts: all
+  connection: local
+  gather_facts: false
+  roles:
+    - idrac_system_lockdown

control_plane/tools/roles/idrac_secure_boot/tasks/configure_secure_boot.yml

@@ -0,0 +1,41 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Assert uefi_secure_boot value
+  assert:
+    that:
+      - uefi_secure_boot | length > 1
+      - uefi_secure_boot == "enabled" or uefi_secure_boot == "disabled"
+    success_msg: "{{ secure_boot_success_msg }}"
+    fail_msg: "{{ secure_boot_fail_msg }}"
+  run_once: true
+
+- name: Enable secure boot
+  dellemc.openmanage.idrac_bios:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password:  "{{ idrac_password }}"
+    attributes:
+      SecureBoot: "Enabled"
+  when: uefi_secure_boot == "enabled"
+
+- name: Disable secure boot
+  dellemc.openmanage.idrac_bios:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password:  "{{ idrac_password }}"
+    attributes:
+      SecureBoot: "Disabled"
+  when: uefi_secure_boot == "disabled"

control_plane/tools/roles/idrac_secure_boot/tasks/main.yml

@@ -0,0 +1,20 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check prerequisites
+  include_tasks: ./../idrac_system_lockdown/tasks/check_prerequisites.yml
+
+- name: Configure secure boot
+  include_tasks: configure_secure_boot.yml

control_plane/tools/roles/idrac_secure_boot/vars/main.yml

@@ -0,0 +1,20 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+# vars file for idrac_secure_boot role
+
+# Usage: configure_secure_boot.yml
+secure_boot_success_msg: "uefi_secure_boot validated"
+secure_boot_fail_msg: "Failed. uefi_secure_boot accepts only enabled or disabled in idrac_vars.yml"

control_plane/tools/roles/idrac_system_lockdown/tasks/check_prerequisites.yml

@@ -0,0 +1,56 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Include provision_idrac vars
+  include_vars: "{{ playbook_dir }}/../roles/provision_idrac/vars/main.yml"
+  run_once: true
+
+- name: Include idrac_vars.yml
+  include_vars: "{{ playbook_dir }}/../{{ idrac_input_filename }}"
+  run_once: true
+
+- name: Check hostname
+  command: hostname
+  changed_when: false
+  register: hostname
+  run_once: true
+
+- name: Set idrac credentials
+  set_fact:
+    idrac_username: "{{ lookup('env','ANSIBLE_NET_USERNAME') }}"
+    idrac_password: "{{ lookup('env','ANSIBLE_NET_PASSWORD') }}"
+  no_log: true
+  when: '"awx-" in hostname.stdout'
+  run_once: true
+
+- name: Fetch idrac credentials
+  include_tasks: "{{ playbook_dir }}/../roles/provision_idrac/tasks/fetch_idrac_credentials.yml"
+  vars:
+    login_input_filename: "{{ playbook_dir }}/../input_params/login_vars.yml"
+    login_vault_filename: "{{ playbook_dir }}/../input_params/.login_vault_key"
+  when: '"awx-" not in hostname.stdout'
+
+- name: Show status of the Lifecycle Controller
+  dellemc.openmanage.idrac_lifecycle_controller_status_info:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+  register: lc_check_status
+
+- name: LC not available
+  fail:
+    msg: "{{ lc_check_fail_msg }}"
+  when: not lc_check_status.lc_status_info.LCReady
+  register: lc_fail

control_plane/tools/roles/idrac_system_lockdown/tasks/configure_system_lockdown.yml

@@ -0,0 +1,41 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Assert system_lockdown value
+  assert:
+    that:
+      - system_lockdown | length > 1
+      - system_lockdown == "enabled" or system_lockdown == "disabled"
+    success_msg: "{{ system_lockdown_success_msg }}"
+    fail_msg: "{{ system_lockdown_fail_msg }}"
+  run_once: true
+
+- name: Enable system lockdown
+  dellemc.openmanage.dellemc_system_lockdown_mode:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+    share_name: "{{ playbook_dir }}"
+    lockdown_mode: "Enabled"
+  when: system_lockdown == "enabled"
+
+- name: Disable system lockdown
+  dellemc.openmanage.dellemc_system_lockdown_mode:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+    share_name: "{{ playbook_dir }}"
+    lockdown_mode: "Disabled"
+  when: system_lockdown == "disabled"

control_plane/tools/roles/idrac_system_lockdown/tasks/main.yml

@@ -0,0 +1,20 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check prerequisites
+  include_tasks: check_prerequisites.yml
+
+- name: Configure system lockdown 
+  include_tasks: configure_system_lockdown.yml

control_plane/tools/roles/idrac_system_lockdown/vars/main.yml

@@ -0,0 +1,20 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+# vars file for idrac_system_lockdown role
+
+# Usage: configure_system_lockdown.yml
+system_lockdown_success_msg: "system_lockdown validated"
+system_lockdown_fail_msg: "Failed. system_lockdown accepts only enabled or disabled in idrac_vars.yml"

docs/README.md

@@ -1,8 +1,10 @@
 **Omnia** (Latin: all or everything) is a deployment tool to configure Dell EMC PowerEdge servers running standard RPM-based Linux OS images into clusters capable of supporting HPC, AI, and data analytics workloads. It uses Slurm, Kubernetes, and other packages to manage jobs and run diverse workloads on the same converged solution. It is a collection of [Ansible](https://ansible.org) playbooks, is open source, and is constantly being extended to enable comprehensive workloads.
 
+<!--- Links not available for public access
 ## Blogs about Omnia
 - [Introduction to Omnia](https://infohub.delltechnologies.com/p/omnia-open-source-deployment-of-high-performance-clusters-to-run-simulation-ai-and-data-analytics-workloads/)
 - [Taming the Accelerator Cambrian Explosion with Omnia](https://infohub.delltechnologies.com/p/taming-the-accelerator-cambrian-explosion-with-omnia/)
+--->
 
 ## What Omnia does
 Omnia can build clusters which use Slurm or Kubernetes (or both!) for workload management. Omnia will install software from a variety of sources, including:

platforms/polyaxon.yml

@@ -0,0 +1,20 @@
+#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Installing Polyaxon
+  hosts: manager
+  gather_facts: false
+  roles:
+    - polyaxon

platforms/roles/polyaxon/files/polyaxon_config.yaml

@@ -0,0 +1,41 @@
+proxy:
+  secretToken: "1c8572f630701e8792bede122ec9c4179d9087f801e1a85ed32cce69887aec1b"
+
+hub:
+  cookieSecret: "1c8572f630701e8792bede122ec9c4179d9087f801e1a85ed32cce69887aec1b"
+  service:
+    type: LoadBalancer
+  db:
+    type: sqlite-pvc
+  extraConfig:
+    jupyterlab: |
+      c.Spawner.cmd = ['jupyter-labhub']
+singleuser:
+  image:
+    name: dellhpc/datasciencelab-base
+    tag: "1.0"
+  profileList:
+    - display_name: "DellHPC Improved Environment"
+      description: "Dell curated Jupyter Stacks"
+      kubespawner_override:
+        image: "dellhpc/datasciencelab-cpu:1.0"
+    - display_name: "DellHPC GPU Environment"
+      description: "Dell curated Jupyter Stacks 1 GPU"
+      kubespawner_override:
+        image: "dellhpc/datasciencelab-gpu:1.0"
+        extra_resource_limits:
+          nvidia.com/gpu: "1"
+  storage:
+    dynamic:
+      storageClass: nfs-client
+  cpu:
+    limit: 1
+  memory:
+    limit: 5G
+    guarantee: 1G
+  defaultUrl: "/lab"
+
+
+prePuller:
+  continuous:
+    enabled: true

platforms/roles/polyaxon/tasks/main.yml

@@ -0,0 +1,62 @@
+#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Helm - add Polyaxon repo
+  command: "helm repo add polyaxon '{{ polyaxon_helm_chart_repo }}'"
+  changed_when: true
+
+- name: Helm - update repo
+  command: helm repo update
+  changed_when: true
+
+#- name: Copy Polyaxon custom config file
+  #copy:
+   #src: polyaxon_config.yaml
+   #dest: "{{ polyaxon_config_file_dest }}"
+   #owner: root
+   #group: root
+   #mode: "{{ polyaxon_config_file_mode }}"
+
+- name: Polyaxon deploy
+  block:
+    - name: Polyaxon deploy
+      command: >
+        helm upgrade --cleanup-on-fail \
+        --install {{ polyaxon_namespace }} polyaxon/polyaxon \
+        --namespace {{ polyaxon_namespace }} \
+        --create-namespace \
+        --version {{ helm_chart_version }} \
+#        --values {{ polyaxon_config_file_dest }} \
+        --timeout {{ timeout_min_sec }}
+      register: deployment_output
+
+  rescue:
+    - name: Polyaxon deployment error
+      debug:
+        msg: "Previous Polyaxon deployment is in progress"
+      when: "'another operation (install/upgrade/rollback) is in progress' in deployment_output.stderr"
+
+    - name: Delete existing release
+      command: helm delete '{{ polyaxon_namespace }}'
+
+    - name: Polyaxon deploy
+      command: >
+        helm upgrade --cleanup-on-fail \
+        --install {{ polyaxon_namespace }} polyaxon/polyaxon \
+        --namespace {{ polyaxon_namespace }} \
+        --create-namespace \
+        --version {{ helm_chart_version }} \
+#        --values {{ polyaxon_config_file_dest }} \
+        --timeout {{ timeout_min_sec }}

platforms/roles/polyaxon/vars/main.yml

@@ -0,0 +1,25 @@
+#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+polyaxon_helm_chart_repo: https://charts.polyaxon.com
+polyaxon_config_file_dest: /root/k8s/polyaxon_config.yaml
+
+#jupyter_config_file_mode: 0655
+
+#helm_chart_version: 0.9.0
+
+timeout_min_sec: 60m
+
+polyaxon_namespace: polyaxon