Merge pull request #539 from sakshiarora13/update_common

Issue #538: Update common role with missing validations tasks and comments in base_vars.yml

control_plane/input_params/base_vars.yml

@@ -12,9 +12,6 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
-##All variables except mapping_file_path are mandatory##
-
-###default###
 
 # Path to directory hosting ansible config file (ansible.cfg file)
 # Default value is /etc/ansible
@@ -26,13 +23,13 @@ ansible_conf_file_path: /etc/ansible
 # It accepts boolean values "true" or "false". 
 # By default its value is "false".
 # If ethernet switch support is needed set this to "true"
-ethernet_switch_support: false
+ethernet_switch_support: true
 
 # This variable is used to enable infiniband switch configuration
 # It accepts boolean values "true" or "false". 
 # By default its value is "false".
 # If infiniband configuration is needed set this to "true"
-ib_switch_support: false
+ib_switch_support: true
 
 # This variable is used to enable powervault configuration
 # It accepts boolean values "true" or "false". 
@@ -89,7 +86,7 @@ language: "en-US"
 # The iso file should be CentOS7-2009-minimal edition.
 # Other iso files are not supported.
 # Mandatory value required
-iso_file_path: ""
+iso_file_path: "/root/CentOS-7-x86_64-Minimal-2009.iso"
 
 ### Usage: control_plane_device ###
 
@@ -102,13 +99,13 @@ mngmnt_network_nic: "eno1"
 # The dhcp range for assigning the IPv4 address
 # Example: 172.17.0.1
 # Mandatory value required
-mngmnt_network_dhcp_start_range: ""
-mngmnt_network_dhcp_end_range: ""
+mngmnt_network_dhcp_start_range: "172.19.0.100"
+mngmnt_network_dhcp_end_range: "172.19.0.200"
 
-# The mapping file consists of the MAC address and its respective IP address and hostname.
-# The format of mapping file should be MAC,hostname,IP and must be a CSV file.
-# Eg: xx:yy:zz:aa:bb,server,172.17.0.5
-# A template for mapping file exists in omnia/examples and is named as mapping_file.csv.
+# The mapping file consists of the MAC address and its respective IP address.
+# The format of mapping file should be MAC,IP and must be a CSV file.
+# Eg: xx:yy:zz:aa:bb,172.17.0.5
+# A template for mapping file exists in omnia/examples and is named as mapping_device_file.csv.
 # This depicts the path where user has kept the mapping file for DHCP configurations.
 mngmnt_mapping_file_path: ""
 
@@ -122,13 +119,18 @@ host_network_nic: "eno3"
 # The dhcp range for assigning the IPv4 address
 # Example: 172.17.0.1
 # Mandatory value required
-host_network_dhcp_start_range: ""
-host_network_dhcp_end_range: ""
-
-# The mapping file consists of the MAC address and its respective IP address and hostname.
-# The format of mapping file should be MAC,hostname,IP and must be a CSV file.
-# Eg: xx:yy:zz:aa:bb,server,172.17.0.5
-# A template for mapping file exists in omnia/examples and is named as mapping_file.csv.
+host_network_dhcp_start_range: "172.17.0.100"
+host_network_dhcp_end_range: "172.17.0.200"
+
+# The mapping file consists of the MAC address and its respective IP address and Hostname and Component_role(if any)
+# 2 Formats are supported for host mapping files:
+# If user wants one-touch provisioning of omnia cluster, format of csv: MAC,Hostname,IP,Component_role
+# Component_role can take values: manager, compute, login_node, nfs_node
+# Ex. xx:yy:zz:aa:bb,server,172.17.0.5,manager.
+# A templates for mapping file exists in omnia/examples and is named as host_mapping_file_one_touch.csv
+# If user wants to skip one touch deployment and only static IP assignment is required, format of csv: MAC,Hostname,IP
+# Ex. xx:yy:zz:aa:bb,server,172.17.0.5
+# A templates for mapping file exists in omnia/examples and is named as host_mapping_file_os_provisioning.csv
 # This depicts the path where user has kept the mapping file for DHCP configurations.
 host_mapping_file_path: ""
 
@@ -141,12 +143,5 @@ ib_network_nic: "ib0"
 
 # The dhcp range for assigning the IPv4 address
 # Example: 172.17.0.1
-ib_network_dhcp_start_range: ""
-ib_network_dhcp_end_range: ""
-
-# The mapping file consists of the MAC address and its respective IP address and hostname.
-# The format of mapping file should be MAC,hostname,IP and must be a CSV file.
-# Eg: xx:yy:zz:aa:bb,server,172.17.0.5
-# A template for mapping file exists in omnia/examples and is named as mapping_file.csv.
-# This depicts the path where user has kept the mapping file for DHCP configurations.
-ib_mapping_file_path: ""
+ib_network_dhcp_start_range: "172.25.0.100"
+ib_network_dhcp_end_range: "172.25.0.200"

control_plane/roles/control_plane_common/tasks/fetch_base_inputs.yml

@@ -53,7 +53,6 @@
     snmp_enabled: false   
     mngmnt_mapping_file: false
     host_mapping_file: false
-    ib_mapping_file: false
 
 - name: Verify snmp_trap_destination IP address
   set_fact:
@@ -165,7 +164,7 @@
       - provision_method == "pxe" or provision_method == "idrac"
     success_msg: "{{ success_provision_method }}"
     fail_msg: "{{ fail_provision_method }}"
-    
+
 - name: Check timezone file
   command: grep -Fx "{{ timezone }}" {{ role_path }}/files/timezone.txt
   ignore_errors: yes
@@ -199,7 +198,7 @@
     msg: "{{ invalid_iso_file_path }}"
   when: ( result_path_iso_file.stat.exists ) and ( ".iso" not in iso_file_path )
 
-####management_net_dhcp_start_end_range
+#### management_net_dhcp_start_end_range
 - name: Assert management network nic
   assert:
     that:
@@ -244,6 +243,7 @@
     that:
       - mngmnt_network_dhcp_start_range
       - mngmnt_network_dhcp_start_range | ipv4
+      - mngmnt_network_dhcp_start_range != mngmnt_network_ip
       - mngmnt_network_dhcp_start_range != mngmnt_network_dhcp_end_range
       - dhcp_start_mgmnt == mngmnt_network_subnet
       - dhcp_start_mgmnt == dhcp_end_mgmnt
@@ -255,6 +255,7 @@
     that:
       - mngmnt_network_dhcp_end_range
       - mngmnt_network_dhcp_end_range | ipv4
+      - mngmnt_network_dhcp_end_range != mngmnt_network_ip
       - mngmnt_network_dhcp_start_range != mngmnt_network_dhcp_end_range
       - dhcp_end_mgmnt == mngmnt_network_subnet
       - dhcp_start_mgmnt == dhcp_end_mgmnt
@@ -279,13 +280,6 @@
 #########
 
 ###Host network####
-- name: Assert host network nic
-  assert:
-    that:
-      - host_network_nic in nic_addr_up.stdout
-    success_msg: "{{ success_msg_host_network_nic }}"
-    fail_msg: "{{ fail_msg_host_network_nic }}"
-
 - name: Fetch the host network ip, netmask and subnet
   set_fact:
     hpc_ip: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.address }}"
@@ -323,6 +317,7 @@
     that:
       - host_network_dhcp_start_range
       - host_network_dhcp_start_range | ipv4
+      - host_network_dhcp_start_range != hpc_ip
       - host_network_dhcp_start_range != host_network_dhcp_end_range
       - dhcp_start_host == subnet
       - dhcp_start_host == dhcp_end_host
@@ -334,6 +329,7 @@
     that:
       - host_network_dhcp_end_range
       - host_network_dhcp_end_range | ipv4
+      - host_network_dhcp_end_range != hpc_ip
       - host_network_dhcp_start_range != host_network_dhcp_end_range
       - dhcp_end_host == subnet
       - dhcp_start_host == dhcp_end_host
@@ -366,14 +362,6 @@
     fail_msg: "{{ fail_msg_different_nics }}"
 
 ########
-- name: Assert infiniband network nic
-  assert:
-    that:
-      - ib_network_nic in nic_addr_up.stdout
-    success_msg: "{{ success_msg_ib_network_nic }}"
-    fail_msg: "{{ fail_msg_ib_network_nic }}"
-  when: ib_switch_support
-
 - name: Fetch the infiniband network ip, netmask and subnet
   set_fact:
     ib_ip: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.address }}"
@@ -416,6 +404,7 @@
     that:
       - ib_network_dhcp_start_range
       - ib_network_dhcp_start_range | ipv4
+      - ib_network_dhcp_start_range != ib_ip
       - ib_network_dhcp_start_range != ib_network_dhcp_end_range
       - dhcp_start_ib == ib_subnet
       - dhcp_start_ib == dhcp_end_ib
@@ -428,6 +417,7 @@
     that:
       - ib_network_dhcp_end_range
       - ib_network_dhcp_end_range | ipv4
+      - ib_network_dhcp_end_range != ib_ip
       - ib_network_dhcp_start_range != ib_network_dhcp_end_range
       - dhcp_end_ib == ib_subnet
       - dhcp_start_ib == dhcp_end_ib
@@ -435,22 +425,6 @@
     fail_msg: "{{ fail_dhcp_range }} for infiniband network"
   when: ib_switch_support
 
-- name: Set the mapping file value for infiniband
-  set_fact:
-    ib_mapping_file: true
-  when: (ib_switch_support) and (ib_mapping_file_path | length > 0)
-
-- name: Assert valid infiniband_mapping_file_path
-  stat:
-    path: "{{ ib_mapping_file_path }}"
-  when: ib_switch_support and ib_mapping_file
-  register: result_ib_mapping_file
-
-- name : Valid infiniband_mapping_file_path
-  fail:
-    msg: "{{ invalid_mapping_file_path }} for infiniBand network configuration"
-  when: ib_mapping_file and (not result_ib_mapping_file.stat.exists)
-
 - name: Verify different nics with infiniband nic
   assert:
     that:

control_plane/roles/control_plane_common/tasks/password_config.yml

@@ -200,4 +200,4 @@
 - name: Update login_vars.yml permission
   file:
     path: "{{ login_vars_filename }}"
-    mode: "{{ vault_file_perm }}"
+    mode: "{{ file_perm }}"

control_plane/roles/control_plane_common/tasks/verify_omnia_params.yml

@@ -56,7 +56,19 @@
   when:
     - mariadb_password | length < 1 or
       k8s_version | length < 1 or
-      k8s_cni | length < 1
+      k8s_cni | length < 1 or
+      domain_name | length < 1
+
+- name: Validate login node parameters when login_node_reqd is set to true
+  fail:
+    msg: "{{ input_config_failure_msg }} for login_node"
+  when:
+    - ( domain_name | length < 1 or
+      realm_name | length < 1 or
+      directory_manager_password | length < 1 or
+      ipa_admin_password | length < 1 ) and
+      ( login_node_required and
+      host_mapping_file )
 
 - name: Assert mariadb_password
   assert:
@@ -91,13 +103,63 @@
     docker_password: "{{ docker_password }}"
   no_log: True
 
+- name: Verify the value of login_node_required
+  assert:
+    that:
+      - login_node_required == true or login_node_required == false
+    success_msg: "{{ login_node_required_success_msg }}"
+    fail_msg: "{{ login_node_required_fail_msg }}"
+
 - name: Validate the domain name
   assert:
     that:
       - domain_name is regex("^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,6}$")
     success_msg: "{{ domain_name_success_msg }}"
     fail_msg: "{{ domain_name_fail_msg }}"
-  when: domain_name | length > 0
+  when:
+    - host_mapping_file
+    - login_node_required
+
+- name: Validate the realm name
+  assert:
+    that:
+      - realm_name is regex("^(?!-)[A-Z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Z]{2,6}$")
+      - '"." in realm_name'
+    success_msg: "{{ realm_name_success_msg }}"
+    fail_msg: "{{ realm_name_fail_msg }}"
+  when:
+    - host_mapping_file
+    - login_node_required
+
+- name: Assert directory_manager_password
+  assert:
+    that:
+      - directory_manager_password | length > min_length | int - 1
+      - directory_manager_password | length < max_length | int + 1
+      - '"-" not in directory_manager_password '
+      - '"\\" not in directory_manager_password '
+      - '"\"" not in directory_manager_password '
+      - " \"'\" not in directory_manager_password "
+    success_msg: "{{ success_msg_directory_manager_password }}"
+    fail_msg: "{{ fail_msg_directory_manager_password }}"
+  when:
+    - host_mapping_file
+     - login_node_required
+
+- name: Assert ipa_admin_password
+  assert:
+    that:
+      - ipa_admin_password | length > min_length | int - 1
+      - ipa_admin_password | length < max_length | int + 1
+      - '"-" not in ipa_admin_password '
+      - '"\\" not in ipa_admin_password '
+      - '"\"" not in ipa_admin_password '
+      - " \"'\" not in ipa_admin_password "
+    success_msg: "{{ success_msg_ipa_admin_password }}"
+    fail_msg: "{{ fail_msg_ipa_admin_password }}"
+  when:
+    - host_mapping_file
+    - login_node_required
 
 - name: Encrypt input config file
   command: >-
@@ -108,4 +170,4 @@
 - name: Update omnia_config.yml permission
   file:
     path: "{{ role_path }}/../../../{{ config_filename }}"
-    mode: "{{ vault_file_perm }}"
+    mode: "{{ vault_file_perm }}"

control_plane/roles/control_plane_common/vars/main.yml

@@ -75,6 +75,17 @@ success_msg_k8s_version: "Kubernetes Version Validated"
 fail_msg_k8s_version: "Failed. Kubernetes Version is unsupported or incorrect in omnia_config.yml"
 success_msg_k8s_cni: "Kubernetes CNI Validated"
 fail_msg_k8s_cni: "Failed. Kubernetes CNI is incorrect in omnia_config.yml"
+domain_name_success_msg: "domain name successfully validated"
+domain_name_fail_msg: "Failed. Incorrect format provided for domain name in omnia_config.yml"
+realm_name_success_msg: "realm_name successfully validated"
+realm_name_fail_msg: "Failed. Incorrect realm_name formate in omnia_config.yml"
+success_msg_directory_manager_password: "directory_manager_password successfully validated"
+fail_msg_directory_manager_password: "Failed. Incorrect format provided for directory_manager_password"
+success_msg_ipa_admin_password: "ipa_admin_password successfully validated"
+fail_msg_ipa_admin_password: "Failed. Incorrect format provided for ipa_admin_password"
+input_config_failure_msg: "Input parameters cannot be empty"
+login_node_required_success_msg: "Login_node_required successfully validated"
+login_node_required_fail_msg: "Failed. login_node_required can be either true or false"
 
 # Usage: fetch_base_inputs.yml
 base_vars_filename: "input_params/base_vars.yml"
@@ -88,9 +99,9 @@ fail_msg_public_nic: "Failed. Incorrect public nic provided in base_vars.yml"
 success_msg_k8s_pod_network_cidr: "Appliance k8s pod network cidr validated"
 fail_msg_k8s_pod_network_cidr: "Failed. Incorrect appliance k8s pod network cidr provided in base_vars.yml"
 success_awx_organization: "awx organization validated"
-fail_awx_organization: "Failed. Incorrect format in awx organization"
 success_provision_method: "Provision method validated"
 fail_provision_method: "Failed. Provision method can either be set to idrac or pxe"
+fail_awx_organization: "Failed. Incorrect format in awx organization"
 success_timezone_msg: "timezone validated"
 fail_timezone_msg: "Failed. Incorrect timezone provided. Please check the file timezone.txt in control_plane/roles/control_plane_common/files/ folder"
 fail_language: "Failed. Only en-US(english) language supported"