Merge pull request #179 from Shubhangi-dell/devel

Issue #153: Bare metal provisioning using cobbler

appliance/input_config.yml

@@ -0,0 +1,39 @@
+#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# Password used while deploying OS on bare metal servers and for Cobbler UI.
+# The Length of the password should be atleast 8.
+# The password must not contain -,\, ',"
+provision_password: ""
+
+# Password used for the AWX UI.
+# The Length of the password should be atleast 8.
+# The password must not contain -,\, ',"
+awx_password: ""
+
+# Password used for Slurm database.
+# The Length of the password should be atleast 8.
+# The password must not contain -,\, ',"
+mariadb_password: ""
+
+# The nic/ethernet card that needs to be connected to the HPC switch.
+# This nic will be configured by Omnia for the DHCP server.
+# Default value of nic is em1.
+hpc_nic: "em1"
+
+# The nic card that needs to be connected to the public internet.
+# The public_nic should be em2, em1 or em3
+# Default value of nic is em2.
+public_nic: "em2"

appliance/roles/common/tasks/docker_installation.yml

@@ -30,8 +30,8 @@
 
 - name: Install docker
   package:
-    name: "{{ container_repo_install }}" 
-    state: latest
+    name: "{{ container_repo_install }}"
+    state: present
   become: yes
   tags: install
 
@@ -43,6 +43,18 @@
   become: yes
   tags: install
 
+- name: Uninstall docker-py using pip
+  pip:
+    name: ['docker-py','docker']
+    state: absent
+  tags: install
+
+- name: Install docker using pip
+  pip:
+    name: docker
+    state: present
+  tags: install
+
 - name: Installation using python3
   pip:
     name: "{{ docker_compose }}"
@@ -57,5 +69,5 @@
 
 - name: Restart docker
   service:
-    name: docker 
+    name: docker
     state: restarted

appliance/roles/common/tasks/main.yml

@@ -12,6 +12,9 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
+- name: Mount Path
+  set_fact:
+    mount_path: "{{ role_path + '/../../..'  }}"
 
 - name: Pre-requisite validation
   import_tasks: pre_requisite.yml
@@ -26,4 +29,7 @@
   import_tasks: docker_installation.yml
 
 - name: Docker volume creation
-  import_tasks: docker_volume.yml
+  import_tasks: docker_volume.yml
+
+- name: Basic Configuration
+  import_tasks: password_config.yml

appliance/roles/common/tasks/package_installation.yml

@@ -16,5 +16,5 @@
 - name: Install packages
   package:
     name: "{{ common_packages }}"
-    state: latest
+    state: present
   tags: install

appliance/roles/common/tasks/password_config.yml

@@ -0,0 +1,117 @@
+# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check input config file is encrypted
+  command: cat {{ input_config_filename }}
+  changed_when: false
+  register: config_content
+
+- name: Decrpyt input_config.yml
+  command: ansible-vault decrypt {{ input_config_filename }} --vault-password-file {{ role_path }}/files/{{ vault_filename }}
+  changed_when: false
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+
+- name: Include variable file input_config.yml
+  include_vars: "{{ input_config_filename }}"
+
+- name: Validate input parameters are not empty
+  fail:
+    msg: "{{ input_config_failure_msg }}"
+  register: input_config_check
+  when: (provision_password | length < 1) or (awx_password | length < 1) or (mariadb_password | length < 1) or (hpc_nic | length < 1) or (public_nic | length < 1)
+
+- name: Save input variables from file
+  set_fact:
+    cobbler_password: "{{ provision_password }}"
+    admin_password: "{{ awx_password }}"
+    input_mariadb_password: "{{ mariadb_password }}"
+    nic:  "{{ hpc_nic }}"
+    internet_nic: "{{ public_nic }}"
+
+- name: Assert provision_password
+  assert:
+    that:
+      - cobbler_password | length > min_length | int - 1
+      - cobbler_password | length < max_length | int + 1
+      - '"-" not in cobbler_password '
+      - '"\\" not in cobbler_password '
+      - '"\"" not in cobbler_password '
+      - " \"'\" not in cobbler_password "
+    success_msg: "{{ success_msg_provision_password }}"
+    fail_msg: "{{ fail_msg_provision_password }}"
+  register: cobbler_password_check
+
+- name: Assert awx_password
+  assert:
+    that:
+        - admin_password | length > min_length | int - 1
+        - admin_password | length < max_length | int + 1
+        - '"-" not in admin_password '
+        - '"\\" not in admin_password '
+        - '"\"" not in admin_password '
+        - " \"'\" not in admin_password "
+    success_msg: "{{ success_msg_awx_password }}"
+    fail_msg: "{{ fail_msg_awx_password }}"
+  register: awx_password_check
+
+- name: Assert mariadb_password
+  assert:
+    that:
+        - input_mariadb_password | length > min_length | int - 1
+        - input_mariadb_password | length < max_length | int + 1
+        - '"-" not in input_mariadb_password '
+        - '"\\" not in input_mariadb_password '
+        - '"\"" not in input_mariadb_password '
+        - " \"'\" not in input_mariadb_password "
+    success_msg: "{{ success_msg_mariadb_password }}"
+    fail_msg: "{{ fail_msg_mariadb_password }}"
+  register: mariadb_password_check
+
+- name: Assert hpc_nic
+  assert:
+    that:
+      - nic | length > nic_min_length | int - 1
+      - nic != internet_nic
+    success_msg: "{{ success_msg_hpc_nic }}"
+    fail_msg: "{{ fail_msg_hpc_nic }}"
+  register: hpc_nic_check
+
+- name: Assert public_nic
+  assert:
+    that:
+      - internet_nic | length > nic_min_length | int - 1
+      - nic != internet_nic
+      - "('em1' in internet_nic) or ('em2' in internet_nic) or ('em3' in internet_nic)"
+    success_msg: "{{ success_msg_public_nic }}"
+    fail_msg: "{{ fail_msg_public_nic }}"
+  register: public_nic_check
+
+- name: Create ansible vault key
+  set_fact:
+    vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
+  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
+
+- name: Save vault key
+  copy:
+    dest: "{{ role_path }}/files/{{ vault_filename }}"
+    content: |
+      {{ vault_key }}
+    owner: root
+    force: yes
+  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
+
+- name: Encrypt input config file
+  command: ansible-vault encrypt {{ input_config_filename }} --vault-password-file {{ role_path }}/files/{{ vault_filename }}
+  changed_when: false

appliance/roles/common/tasks/pre_requisite.yml

@@ -20,8 +20,8 @@
     replace: 'log_path = /var/log/omnia.log'
   tags: install
 
-- name: Check OS support 
-  fail: 
+- name: Check OS support
+  fail:
     msg: "{{ os_status }}"
   when: not(ansible_distribution == os_name and ansible_distribution_version >= os_version)
   register: os_value
@@ -33,7 +33,7 @@
   tags: install
 
 - name: Status of SElinux
-  fail: 
+  fail:
     msg: "{{ selinux_status }}"
   when: ansible_selinux.status != 'disabled'
   register: selinux_value

appliance/roles/common/vars/main.yml

@@ -15,7 +15,7 @@
 
 # vars file for common
 
-# Usage: tasks/package_installation.yml
+# Usage: package_installation.yml
 common_packages:
   - epel-release
   - yum-utils
@@ -25,23 +25,27 @@ common_packages:
   - nodejs
   - device-mapper-persistent-data
   - bzip2
+  - python2-pip
   - python3-pip
   - nano
   - lvm2
   - gettext
+  - python-docker
 
-# Usage: tasks/pre_requisite.yml
+# Usage: pre_requisite.yml
 internet_delay: 0
 internet_timeout: 1
 hostname: github.com
 port_no: 22
 os_name: CentOS
-os_version: '8' 
-internet_status: "Failed:No Internet connection.Connect to Internet."
+os_version: '7.9' 
+internet_status: "Failed: No Internet connection.Connect to Internet."
 os_status: "Unsupported OS or OS version.OS must be {{ os_name }} and Version must be {{ os_version }} or more"
 selinux_status: "SElinux is not disabled. Disable it in /etc/sysconfig/selinux and reboot the system"
+iso_name: CentOS-7-x86_64-Minimal-2009.iso
+iso_fail: "Iso file absent: Download and copy the iso file in omnia/appliance/roles/provision/files"
 
-# Usage: tasks/docker_installation.yml
+# Usage: docker_installation.yml
 docker_repo_url: https://download.docker.com/linux/centos/docker-ce.repo
 docker_repo_dest: /etc/yum.repos.d/docker-ce.repo
 success: '0'
@@ -50,5 +54,23 @@ container_repo_install: docker-ce
 docker_compose: docker-compose
 daemon_dest: /etc/docker/
 
-# Usage: tasks/docker_volume.yml
-docker_volume_name: omnia-storage
+# Usage: docker_volume.yml
+docker_volume_name: omnia-storage
+
+# Usage: password_config.yml
+input_config_filename: "input_config.yml"
+fail_msg_provision_password: "Failed. Incorrect provision_password format provided in input_config.yml file"
+success_msg_provision_password: "provision_password validated"
+fail_msg_awx_password: "Failed. Incorrect awx_password format provided in input_config.yml file"
+success_msg_awx_password: "awx_password validated"
+fail_msg_mariadb_password: "Failed. Incorrect mariadb_password format provided in input_config.yml file"
+success_msg_mariadb_password: "mariadb_password validated"
+fail_msg_hpc_nic: "Failed. Incorrect hpc_nic format provided in input_config.yml file"
+success_msg_hpc_nic: "hpc_nic validated"
+fail_msg_public_nic: "Failed. Incorrect public_nic format provided in input_config.yml file"
+success_msg_public_nic: "public_nic validated"
+input_config_failure_msg: "Please provide all the required parameters in input_config.yml"
+min_length: 8
+max_length: 30
+nic_min_length: 3
+vault_filename: .vault_key

appliance/roles/provision/files/.users.digest

@@ -1 +0,0 @@
-cobbler:Cobbler:

appliance/roles/provision/files/Dockerfile

@@ -15,12 +15,12 @@ RUN yum install -y \
   cobbler-web \
   ansible \
   pykickstart \
+  cronie \
   debmirror \
   curl \
-  wget \
   rsync \
   httpd\
-  dhcp\
+  dhcp \
   dnsmasq\
   xinetd \
   net-tools \
@@ -28,6 +28,8 @@ RUN yum install -y \
   && yum clean all \
   &&  rm -rf /var/cache/yum
 
+RUN mkdir /root/omnia
+
 #Copy Configuration files
 COPY settings /etc/cobbler/settings
 COPY dhcp.template  /etc/cobbler/dhcp.template
@@ -36,7 +38,9 @@ COPY modules.conf  /etc/cobbler/modules.conf
 COPY tftp /etc/xinetd.d/tftp
 COPY .users.digest /etc/cobbler/users.digest
 COPY kickstart.yml /root
-COPY centos8.ks /var/lib/cobbler/kickstarts
+COPY tftp.yml /root
+COPY inventory_creation.yml /root
+COPY centos7.ks /var/lib/cobbler/kickstarts
 COPY first-sync.sh /usr/local/bin/first-sync.sh
 
 EXPOSE 69 80 443 25151
@@ -48,6 +52,4 @@ RUN systemctl enable httpd
 RUN systemctl enable rsyncd
 RUN systemctl enable dnsmasq
 
-#RUN ansible-playbook /root/kickstart.yml
-
 CMD ["sbin/init"]

appliance/roles/provision/files/ifcfg-eno1

@@ -9,9 +9,9 @@ IPV6_AUTOCONF=yes
 IPV6_DEFROUTE=yes
 IPV6_FAILURE_FATAL=no
 IPV6_ADDR_GEN_MODE=stable-privacy
-NAME=eno1
-UUID=468847a9-d146-4062-813b-85f74ffd6e2a
-DEVICE=eno1
+NAME=em1
+UUID=485d7133-2c49-462d-bbb4-b854fe98e0fe
+DEVICE=em1
 ONBOOT=yes
 IPV6_PRIVACY=no
 IPADDR=172.17.0.1

appliance/roles/provision/files/inventory_creation.yml

@@ -0,0 +1,34 @@
+#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Read dhcp file
+      set_fact:
+        var: "{{ lookup('file', '/var/lib/dhcpd/dhcpd.leases').split()| unique | select| list }}"
+
+    - name: Filter the ip
+      set_fact:
+        vars_new: "{{ var| ipv4('address')| to_nice_yaml}}"
+
+    - name: Create the inventory
+      shell: |
+        echo "[all]" > omnia/appliance/roles/inventory/files/provisioned_hosts.yml
+        echo "{{ vars_new }}" > temp.txt
+        egrep -o '[1-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' temp.txt >>omnia/appliance/roles/inventory/files/provisioned_hosts.yml
+      changed_when: false
+

appliance/roles/provision/files/kickstart.yml

@@ -17,53 +17,88 @@
   connection: local
   gather_facts: false
   vars:
-    name_iso: CentOS8
-    distro_name: CentOS8-x86_64
-    kernel_path: /var/www/cobbler/ks_mirror/CentOS8-x86_64/isolinux/vmlinuz
-
+    name_iso: CentOS7
+    distro_name: CentOS7-x86_64
   tasks:
   - name: Inside cobbler container
     debug:
       msg: "Hiii! I am cobbler"
 
-  - name: Start services
+  - name: Start xinetd
     service:
       name: "{{ item }}"
       state: started
     loop:
       - cobblerd
-      - httpd
-      - rsyncd
       - xinetd
+      - rsyncd
       - tftp
+      - httpd
 
   - name: Cobbler get-loaders
     command: cobbler get-loaders
     changed_when: false
 
+  - name: Get fence agents
+    package:
+      name: fence-agents
+      state: present
+
+  - name: Replace in /etc/debian
+    replace:
+      path: "/etc/debmirror.conf"
+      regexp: "^@dists=\"sid\";"
+      replace: "#@dists=\"sid\";"
+
+  - name: Replace in /etc/debian
+    replace:
+      path: "/etc/debmirror.conf"
+      regexp: "^@arches=\"i386\";"
+      replace: "#@arches=\"i386\";"
+
+  - name: Adding curl
+    shell: export PATH="/usr/bin/curl:$PATH"
+    changed_when: true
+
   - name: Run import command
     command: cobbler import --arch=x86_64 --path=/mnt --name="{{ name_iso }}"
     changed_when: false
 
   - name: Distro list
-    command: >-
-      cobbler distro edit --name="{{ distro_name }}" --kernel="{{ kernel_path }}" --initrd=/var/www/cobbler/ks_mirror/CentOS8-x86_64/isolinux/initrd.img
+    command: cobbler distro edit --name="{{ distro_name }}" --kernel=/var/www/cobbler/ks_mirror/CentOS7-x86_64/isolinux/vmlinuz --initrd=/var/www/cobbler/ks_mirror/CentOS7-x86_64/isolinux/initrd.img
     changed_when: false
 
   - name: Kickstart profile
-    command: cobbler profile edit --name="{{ distro_name }}" --kickstart=/var/lib/cobbler/kickstarts/centos8.ks
+    command: cobbler profile edit --name="{{ distro_name }}" --kickstart=/var/lib/cobbler/kickstarts/centos7.ks
     changed_when: false
 
   - name: Syncing of cobbler
     command: cobbler sync
     changed_when: false
 
-  - name: Start xinetd
+  - name: Restart cobbler
+    service:
+      name: cobblerd
+      state: restarted
+
+  - name: Restart xinetd
     service:
       name: xinetd
       state: restarted
 
-  - name: Start dhcp
+  - name: Restart dhcpd
     service:
       name: dhcpd
       state: restarted
+
+  - name: Add tftp cron job
+    cron:
+      name: Start tftp service
+      minute: "*"
+      job: "ansible-playbook /root/tftp.yml"
+
+  - name: Add inventory cron job
+    cron:
+      name: Create inventory
+      minute: "*/5"
+      job: "ansible-playbook /root/inventory_creation.yml"

appliance/roles/provision/files/settings

@@ -98,7 +98,7 @@ default_ownership:
 # The simplest way to change the password is to run
 # openssl passwd -1
 # and put the output between the "" below.
-default_password_crypted: "$1$mF86/UHC$WvcIcX2t6crBz2onWxyac."
+default_password_crypted: "password"
 
 # the default template type to use in the absence of any
 # other detected template. If you do not specify the template
@@ -243,7 +243,7 @@ manage_dhcp: 1
 
 # set to 1 to enable Cobbler's DNS management features.
 # the choice of DNS mangement engine is in /etc/cobbler/modules.conf
-manage_dns: 1
+manage_dns: 0
 
 # set to path of bind chroot to create bind-chroot compatible bind
 # configuration files.  This should be automatically detected.

appliance/roles/provision/files/start_cobbler.yml

@@ -0,0 +1,27 @@
+#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Start cobbler on reboot
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Wait for 2 minutes
+      pause:
+        minutes: 2
+
+    - name: Execute cobbler sync in cobbler container
+      command: docker exec cobbler cobbler sync
+      changed_when: true

appliance/roles/provision/files/temp_centos7.ks

@@ -0,0 +1,63 @@
+#version=DEVEL
+
+# Use network installation
+url --url http://ip/cblr/links/CentOS7-x86_64/
+
+# Install OS instead of upgrade
+install
+
+# Use text install
+text
+
+# SELinux configuration
+selinux --disabled
+
+# Firewall configuration
+firewall --disabled
+
+# Do not configure the X Window System
+skipx
+
+# Run the Setup Agent on first boot
+#firstboot --enable
+ignoredisk --only-use=sda
+
+# Keyboard layouts
+keyboard us
+
+# System language
+lang en_US
+
+# Network information
+network  --bootproto=dhcp --device=nic --onboot=on
+
+# Root password
+rootpw --iscrypted password
+
+# System services
+services --enabled="chronyd"
+
+# System timezone
+timezone Asia/Kolkata --isUtc
+
+# System bootloader configuration
+bootloader --location=mbr --boot-drive=sda
+
+# Partition clearing information
+clearpart --all --initlabel --drives=sda
+
+# Clear the Master Boot Record
+zerombr
+
+# Disk Partitioning
+partition /boot/efi --asprimary --fstype=vfat --label EFI  --size=200
+partition /boot     --asprimary --fstype=ext4 --label BOOT --size=500
+partition /         --asprimary --fstype=ext4 --label ROOT --size=4096 --grow
+
+# Reboot after installation
+reboot
+
+%packages
+@core
+%end
+

appliance/roles/provision/files/temp_centos8.ks

@@ -1,51 +0,0 @@
-#platform=x86, AMD64, or Intel EM64T
-#version=DEVEL
-# Firewall configuration
-firewall --disabled
-# Install OS instead of upgrade
-install
-# Use network installation
-url --url http://ip/cblr/links/CentOS8-x86_64/
-#repo --name="CentOS" --baseurl=cdrom:sr0 --cost=100
-#Root password
-rootpw --iscrypted password
-# Use graphical install
-#graphical
-#Use text mode install
-text
-#System language
-lang en_US
-#System keyboard
-keyboard us
-#System timezone
-timezone America/Phoenix --isUtc
-# Run the Setup Agent on first boot
-#firstboot --enable
-# SELinux configuration
-selinux --disabled
-# Do not configure the X Window System
-skipx
-# Installation logging level
-#logging --level=info
-# Reboot after installation
-reboot
-# System services
-services --disabled="chronyd"
-ignoredisk --only-use=sda
-# Network information
-network  --bootproto=dhcp --device=em1 --onboot=on
-# System bootloader configuration
-bootloader --location=mbr --boot-drive=sda
-# Clear the Master Boot Record
-zerombr
-# Partition clearing information
-clearpart --all --initlabel
-# Disk partitioning information
-part /boot --fstype="xfs" --size=300
-part swap --fstype="swap" --size=2048
-part pv.01 --size=1 --grow
-volgroup root_vg01 pv.01
-logvol / --fstype xfs --name=lv_01 --vgname=root_vg01 --size=1 --grow
-%packages
-@core
-%end

appliance/roles/provision/files/tftp.yml

@@ -0,0 +1,32 @@
+#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Start tftp
+  hosts: localhost
+  connection: local
+  tasks:
+    - name: Fetch tftp status
+      command: systemctl is-active tftp
+      args:
+        warn: no
+      register: tftp_status
+      ignore_errors: yes
+      changed_when: false
+
+    - name: Start tftp if inactive state
+      command: systemctl start tftp.service
+      args:
+        warn: no
+      when: "('inactive' in tftp_status.stdout) or ('unknown' in tftp_status.stdout)"

appliance/roles/provision/tasks/check_prerequisites.yml

@@ -13,6 +13,17 @@
 # limitations under the License.
 ---
 
+- name: Check availability of iso file
+  stat:
+    path: "{{ role_path }}/files/{{ iso_name }}"
+  register: iso_status
+
+- name: Iso file not present
+  fail:
+    msg: "{{ iso_fail }}"
+  when: iso_status.stat.exists == false
+  register: iso_file_check
+
 - name: Initialize variables
   set_fact:
     cobbler_status: false

appliance/roles/provision/tasks/configure_cobbler.yml

@@ -13,13 +13,21 @@
 # limitations under the License.
 ---
 
-- name: Stop the firewall
-  service:
-    name: firewalld
-    state: stopped
-  tags: install
-
 - name: Configuring cobbler inside container (It may take 5-10 mins)
   command: docker exec cobbler ansible-playbook /root/kickstart.yml
   changed_when: false
   tags: install
+  when: not cobbler_status
+
+- name: Schedule task
+  cron:
+    name: "start cobbler on reboot"
+    special_time: reboot
+    job: "ansible-playbook {{ role_path }}/files/start_cobbler.yml"
+  tags: install
+  when: not cobbler_status
+
+- name: Execute cobbler sync in cobbler container
+  command: docker exec cobbler cobbler sync
+  changed_when: true
+  when: cobbler_status == true

appliance/roles/provision/tasks/configure_nic.yml

@@ -15,17 +15,17 @@
 
 - name: Configure NIC-1
   copy:
-    src: "ifcfg-{{ eno }}"
-    dest: "/etc/sysconfig/network-scripts/ifcfg-{{ eno }}"
+    src: "ifcfg-{{ nic }}"
+    dest: "/etc/sysconfig/network-scripts/ifcfg-{{ nic }}"
     mode: 0644
   tags: install
 
 - name: Restart NIC
-  command: ifdown {{ eno }}
+  command: ifdown {{ nic }}
   changed_when: false
   tags: install
 
 - name: Restart NIC
-  command: ifup {{ eno }}
+  command: ifup {{ nic }}
   changed_when: false
   tags: install

appliance/roles/provision/tasks/firewall_settings.yml

@@ -45,7 +45,7 @@
 
 - name:  Permit traffic in default zone on port 69/udp
   firewalld:
-    port: 69/tcp
+    port: 69/udp
     permanent: yes
     state: enabled
   tags: install

appliance/roles/provision/tasks/main.yml

@@ -46,7 +46,6 @@
 
 - name: Cobbler configuration
   import_tasks: configure_cobbler.yml
-  when: not cobbler_status
 
 - name: Cobbler container status message
   block:
@@ -58,4 +57,4 @@
         msg: "{{ message_installed }}"
         verbosity: 2
       when: not cobbler_status
-  tags: install
+  tags: install

appliance/roles/provision/tasks/mount_iso.yml

@@ -32,13 +32,13 @@
 
 - name: Update mount status
   set_fact:
-    mount_check: result.failed
+    mount_check: "{{ result.failed }}"
   tags: install
 
 - name: Mount the iso file
-  command: mount -o loop {{ role_path }}/files/{{ iso_image }} /mnt/{{ iso_path }}
+  command: mount -o loop {{ role_path }}/files/{{ iso_name }} /mnt/{{ iso_path }}
   changed_when: false
   args:
     warn: no
-  when:  mount_check
+  when: mount_check == true
   tags: install

appliance/roles/provision/tasks/provision_password.yml

@@ -26,97 +26,46 @@
     mode: 0644
   tags: install
 
-- name: Take provision Password
-  block:
-  - name: Provision Password (Min length should be 8)
-    pause:
-      prompt: "{{ prompt_password }}"
-      echo: no
-    register: prompt_admin_password
-    until:
-      - prompt_admin_password.user_input | length >  min_length| int  - 1
-    retries: "{{ no_of_retry }}"
-    delay: "{{ retry_delay }}"
-    when: admin_password is not defined and no_prompt is not defined
-  rescue:
-  - name: Abort if password validation fails
-    fail:
-      msg: "{{ msg_incorrect_format }}"
-  tags: install
-
-- name: Assert admin_password if prompt not given
-  assert:
-    that:
-        - admin_password | length >  min_length| int  - 1
-    success_msg: "{{ success_msg_pwd_format }}"
-    fail_msg: "{{ fail_msg_pwd_format }}"
-  register: msg_pwd_format
-  when: admin_password is defined and no_prompt is defined
-  tags: install
-
-- name: Save admin password
-  set_fact:
-    admin_password: "{{ prompt_admin_password.user_input }}"
-  when: no_prompt is not defined
-  tags: install
-
-- name: Confirm password
-  block:
-  - name: Confirm provision password
-    pause:
-      prompt: "{{ confirm_password }}"
-      echo: no
-    register: prompt_admin_password_confirm
-    until: admin_password == prompt_admin_password_confirm.user_input
-    retries: "{{ no_of_retry }}"
-    delay: "{{ retry_delay }}"
-    when: admin_password_confirm is not defined and no_prompt is not defined
-  rescue:
-  - name: Abort if password confirmation failed
-    fail:
-      msg: "{{ msg_failed_password_confirm }}"
-  tags: install
-
-- name: Assert admin_password_confirm if prompt not given
-  assert:
-    that: admin_password == admin_password_confirm
-    success_msg: "{{ success_msg_pwd_confirm }}"
-    fail_msg: "{{ fail_msg_pwd_confirm }}"
-  register: msg_pwd_confirm
-  when: admin_password_confirm is defined and no_prompt is defined
-  tags: install
-
 - name: Encrypt cobbler password
-  shell: >
-     set -o pipefail && \
-     digest="$( printf "%s:%s:%s" {{ username }} "Cobbler" {{ admin_password }} | md5sum | awk '{print $1}' )"
-     printf "%s:%s:%s\n" "{{ username }}" "Cobbler" "$digest" > "{{ role_path }}/files/.users.digest"
-  args:
-    executable: /bin/bash
+  shell: printf "%s:%s:%s" {{ username }} "Cobbler" {{ cobbler_password }} | md5sum | awk '{print $1}'
   changed_when: false
+  register: encrypt_password
   tags: install
 
-- name: Read password file
-  set_fact:
-    var: "{{ lookup('file', role_path+'/files/.users.digest').splitlines() }}"
+- name: Copy cobbler password to cobbler config file
+  shell: printf "%s:%s:%s\n" "{{ username }}" "Cobbler" "{{ encrypt_password.stdout }}" > "{{ role_path }}/files/.users.digest"
+  changed_when: false
   tags: install
 
-- name: Get encrypted password
-  set_fact:
-    encrypted_pass: "{{ var[0].split(':')[2] }}"
-
 - name: Create the kickstart file
   copy:
-    src: "{{ role_path }}/files/temp_centos8.ks"
-    dest: "{{ role_path }}/files/centos8.ks"
+    src: "{{ role_path }}/files/temp_centos7.ks"
+    dest: "{{ role_path }}/files/centos7.ks"
     mode: 0775
   tags: install
 
 - name: Configure kickstart file
   replace:
-    path: "{{ role_path }}/files/centos8.ks"
-    regexp: '^url --url http://ip/cblr/links/CentOS8-x86_64/'
-    replace: url --url http://{{ ansible_eno2.ipv4.address }}/cblr/links/CentOS8-x86_64/
+    path: "{{ role_path }}/files/centos7.ks"
+    regexp: '^url --url http://ip/cblr/links/CentOS7-x86_64/'
+    replace: url --url http://{{ ansible_em1.ipv4.address }}/cblr/links/CentOS7-x86_64/
+  when: internet_nic == "em1"
+  tags: install
+
+- name: Configure kickstart file
+  replace:
+    path: "{{ role_path }}/files/centos7.ks"
+    regexp: '^url --url http://ip/cblr/links/CentOS7-x86_64/'
+    replace: url --url http://{{ ansible_em2.ipv4.address }}/cblr/links/CentOS7-x86_64/
+  when: internet_nic == "em2"
+  tags: install
+
+- name: Configure kickstart file
+  replace:
+    path: "{{ role_path }}/files/centos7.ks"
+    regexp: '^url --url http://ip/cblr/links/CentOS7-x86_64/'
+    replace: url --url http://{{ ansible_em3.ipv4.address }}/cblr/links/CentOS7-x86_64/
+  when: internet_nic == "em3"
   tags: install
 
 - name: Random phrase generation
@@ -131,14 +80,25 @@
   tags: install
 
 - name: Login password
-  command: openssl passwd -1 -salt {{ random_phrase }} {{ admin_password }}
+  command: openssl passwd -1 -salt {{ random_phrase }} {{ cobbler_password }}
   changed_when: false
   register: login_pass
   tags: install
 
 - name: Configure kickstart file
   replace:
-    path: "{{ role_path }}/files/centos8.ks"
+    path: "{{ role_path }}/files/centos7.ks"
     regexp: '^rootpw --iscrypted password'
     replace: 'rootpw --iscrypted {{ login_pass.stdout }}'
   tags: install
+
+- name: Configure kickstart file
+  replace:
+    path: "{{ role_path }}/files/centos7.ks"
+    regexp: '^network  --bootproto=dhcp --device=nic --onboot=on'
+    replace: 'network  --bootproto=dhcp --device={{ nic }} --onboot=on'
+  tags: install
+
+- name: Configure default password in settings
+  local_action: copy content="{{ login_pass.stdout }}" dest="{{ role_path }}/files/.node_login.digest"
+  tags: install

appliance/roles/provision/vars/main.yml

@@ -15,36 +15,23 @@
 
 # vars file for provision
 
+#Usage: check_prerequisite.yml
+iso_name: CentOS-7-x86_64-Minimal-2009.iso
+iso_fail: "Iso file absent: Download and copy the iso file in omnia/appliance/roles/provision/files"
+
 # Usage: provision_password.yml
 provision_encrypted_dest: ../files/
-min_length: 8
-no_of_retry: 3
-retry_delay: 0.001
 username: cobbler
-prompt_password: "Enter cobbler password.( Min. Length of Password should be {{ min_length| int }}." 
-confirm_password: "Confirm cobbler Password"
-msg_incorrect_format: "Failed. Incorrect format."
-msg_failed_password_confirm: "Failed. Passwords did not match"
-success_msg_pwd_format: "admin_password validated"
-fail_msg_pwd_format: "admin_password validation failed"
-success_msg_pwd_confirm: "admin_password confirmed"
-fail_msg_pwd_confirm: "admin_password confirmation failed"
-success_msg_format: "random_phrase validated"
-fail_msg_format: "random_phrase validation failed"
 
 # Usage: cobbler_image.yml
 docker_image_name: cobbler
 docker_image_tag: latest
-cobbler_run_command: docker run -itd --privileged --net=host --restart=always -v cobbler_www:/var/www/cobbler:Z -v cobbler_backup:/var/lib/cobbler/backup:Z -v /mnt/iso:/mnt:Z -p 69:69/udp -p 81:80 -p 443:443 -p 25151:25151 --name cobbler  cobbler:latest  /sbin/init
+cobbler_run_command: docker run -itd --privileged --net=host --restart=always -v {{ mount_path }}:/root/omnia  -v cobbler_www:/var/www/cobbler:Z -v cobbler_backup:/var/lib/cobbler/backup:Z -v /mnt/iso:/mnt:Z -p 69:69/udp -p 81:80 -p 443:443 -p 25151:25151 --name cobbler  cobbler:latest  /sbin/init
 
 
 # Usage: main.yml
 message_skipped: "Installation Skipped: Cobbler instance is already running on your system"
 message_installed: "Installation Successful"
 
-# Usage: os_provsion.yml
-iso_image: CentOS-8.2.2004-x86_64-minimal.iso 
+# Usage: mount_iso.yml
 iso_path: iso
-
-# Usage: configure_nic.yml
-eno: eno1