Merge branch 'dellhpc:devel' into omnia_security

control_plane/roles/control_plane_common/tasks/main.yml

@@ -24,6 +24,10 @@
   import_tasks: package_installation.yml
   tags: init
 
+- name: Set the docker os version
+  import_tasks: set_docker_os.yml
+  tags: init
+  
 - name: Basic configuration
   import_tasks: fetch_base_inputs.yml
 

control_plane/roles/control_plane_common/tasks/set_docker_os.yml

@@ -0,0 +1,39 @@
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Replace the rocky os version in dockerfile
+  replace:
+    path: "{{ item.path }}"
+    regexp: '^FROM rockylinux/rockylinux:docker_os'
+    replace: 'FROM rockylinux/rockylinux:{{ docker_rocky_os_version }}'
+  with_items:
+    - { path: "{{ cobbler_rocky_dockerfile_path }}"}
+    - { path: "{{ ib_dockerfile_path }}"}
+
+- name: Replace the leap os version in dockerfile
+  replace:
+    path: "{{ item.path }}"
+    regexp: '^FROM registry.opensuse.org/opensuse/leap:docker_os'
+    replace: 'FROM registry.opensuse.org/opensuse/leap:{{ docker_leap_os_version }}'
+  with_items:
+    - { path: "{{ cobbler_leap_dockerfile_path }}"}
+
+- name: Replace the alpine os version in dockerfile
+  replace:
+    path: "{{ item.path }}"
+    regexp: '^FROM alpine:docker_os'
+    replace: 'FROM alpine:{{ docker_alpine_os_version }}'
+  with_items:
+    - { path: "{{ mgmnt_dockerfile_path }}"}

control_plane/roles/control_plane_common/vars/main.yml

@@ -40,6 +40,15 @@ common_packages_rocky:
   - device-mapper-persistent-data
   - yum-plugin-versionlock
 
+# Usage: set_docker_os.yml
+docker_rocky_os_version: "8"
+docker_leap_os_version: "15.3"
+docker_alpine_os_version: "3.15"
+cobbler_rocky_dockerfile_path: "{{ playbook_dir }}/roles/provision_cobbler/files/Dockerfile_rocky"
+cobbler_leap_dockerfile_path: "{{ playbook_dir }}/roles/provision_cobbler/files/Dockerfile_leap"
+ib_dockerfile_path: "{{ playbook_dir }}/roles/control_plane_ib/files/Dockerfile"
+mgmnt_dockerfile_path: "{{ playbook_dir }}/roles/control_plane_device/files/Dockerfile"
+
 # Usage: pre_requisite.yml
 internet_delay: 0
 internet_timeout: 10

control_plane/roles/control_plane_device/files/Dockerfile

@@ -1,5 +1,5 @@
 # Dockerfile for creating the management network container
-FROM alpine:latest
+FROM alpine:docker_os
 
 #Installing packages
 RUN apk add dhcp

control_plane/roles/control_plane_ib/files/Dockerfile

@@ -1,4 +1,4 @@
-FROM rockylinux/rockylinux:8.5
+FROM rockylinux/rockylinux:docker_os
 
 RUN dnf install -y epel-release
 RUN dnf install dhcp-server -y \

control_plane/roles/control_plane_ib/files/infiniband_container_configure.yml

@@ -1,4 +1,4 @@
- Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

control_plane/roles/provision_cobbler/files/Dockerfile_leap

@@ -1,4 +1,4 @@
-FROM registry.opensuse.org/opensuse/leap:15.3
+FROM registry.opensuse.org/opensuse/leap:docker_os
 
 #Enable all repose
 RUN zypper mr -ea
@@ -67,4 +67,4 @@ VOLUME [ "/srv/www/cobbler", "/var/lib/cobbler/backup", "/mnt" ]
 
 RUN systemctl enable dhcpd
 
-CMD ["sbin/init"]
+CMD ["sbin/init"]

control_plane/roles/provision_cobbler/files/Dockerfile_rocky

@@ -1,4 +1,4 @@
-FROM rockylinux/rockylinux:8.5
+FROM rockylinux/rockylinux:docker_os
 
 # RPM REPOs
 RUN dnf install -y \
@@ -66,4 +66,4 @@ VOLUME [ "/var/www/cobbler", "/var/lib/cobbler/backup", "/mnt" ]
 
 RUN systemctl enable dhcpd
 
-CMD ["sbin/init"]
+CMD ["sbin/init"]

control_plane/roles/webui_awx/tasks/check_prerequisites.yml

@@ -55,6 +55,7 @@
 - block:
     - name: Get awx-service cluster-ip
       command: "kubectl get svc {{ awx_service_name }} -n {{ awx_namespace }} -o jsonpath='{.spec.clusterIP}'"
+      changed_when: false
       register: awx_cluster_ip
 
     - name: Get AWX admin password
@@ -62,6 +63,7 @@
         set -o pipefail && \
         kubectl get secret awx-admin-password -n {{ awx_namespace }} -o jsonpath='{.data.password}' | base64 --decode
       no_log: true
+      changed_when: false
       register: awx_admin_password
 
     - name: Waiting for the AWX UI to be up
@@ -93,10 +95,12 @@
     - block:
          - name: Fetching Schedule from AWX UI
            command: awx schedules list --all --conf.host http://{{ awx_cluster_ip.stdout }}:{{ awx_port }} --conf.username admin --conf.password {{ awx_admin_password.stdout }} -f human --filter "name"
+           changed_when: false
            register: awx_schedule_list
 
          - name: Fetching job_templates from AWX UI
            command: awx job_templates list --all --conf.host http://{{ awx_cluster_ip.stdout }}:{{ awx_port }} --conf.username admin --conf.password {{ awx_admin_password.stdout }} -f human --filter "name"
+           changed_when: false
            register: awx_job_templates_list
 
          - name: Updating awx_configuration_status

control_plane/roles/webui_awx/tasks/configure_settings.yml

@@ -1,4 +1,4 @@
-# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -117,6 +117,8 @@
 
 - name: Waiting for AWX UI
   wait_for:
+    host: "{{ awx_cluster_ip.stdout }}"
+    port: "{{ awx_port }}"
     timeout: "{{ awx_ui_wait_time }}"
 
 - name: Waiting for the AWX UI to be up

control_plane/roles/webui_awx/tasks/install_awx.yml

@@ -20,36 +20,6 @@
   changed_when: false
   register: namespaces
 
-- name: Creating directory for deploying awx-operator
-  file:
-    path: "{{ awx_operator_folder }}"
-    state: directory
-    mode: "{{ file_perm }}"
-
-- name: Check for awx-operator status
-  stat:
-    path: "{{ awx_manager_file }}"
-  register: awx_operator_repo
-
-- name: Cloning awx-operator from github
-  git:
-    repo: "{{ awx_operator_link }}"
-    dest: "{{ awx_operator_folder }}"
-    version: "{{ awx_tag }}"
-  when: not awx_operator_repo.stat.exists
-
-- name: Modifying livenessprobe value
-  replace:
-    path: "{{ awx_manager_file }}"
-    regexp: "{{ liveness_probe_initial }}"
-    replace: "{{ liveness_probe_final }}"
-
-- name: Modifying readinessprobe value
-  replace:
-    path: "{{ awx_manager_file }}"
-    regexp: "{{ readiness_probe_initial }}"
-    replace: "{{ readiness_probe_final }}"
-
 - name: Create namespace
   command: "kubectl create namespace {{ awx_namespace }}"
   changed_when: true
@@ -64,17 +34,86 @@
     name: jq
     state: present
 
-- name: Deploying awx-operator
-  command: make deploy
-  changed_when: false
-  args:
-    chdir: "{{ awx_operator_folder }}"
-  environment:
-    NAMESPACE: "{{ awx_namespace }}"
+- name: Creating and deploying AWX operator
+  block:
+    - name: Creating directory for deploying awx-operator
+      file:
+        path: "{{ awx_operator_folder }}"
+        state: directory
+        mode: "{{ file_perm }}"
+
+    - name: Check for awx-operator status
+      stat:
+        path: "{{ awx_manager_file }}"
+      register: awx_operator_repo
+
+    - name: Cloning awx-operator from github
+      git:
+        repo: "{{ awx_operator_link }}"
+        dest: "{{ awx_operator_folder }}"
+        version: "{{ awx_operator_version }}"
+      when: not awx_operator_repo.stat.exists
+
+    - name: Modifying livenessprobe value
+      replace:
+        path: "{{ awx_manager_file }}"
+        regexp: "{{ liveness_probe_initial }}"
+        replace: "{{ liveness_probe_final }}"
+
+    - name: Modifying readinessprobe value
+      replace:
+        path: "{{ awx_manager_file }}"
+        regexp: "{{ readiness_probe_initial }}"
+        replace: "{{ readiness_probe_final }}"
+
+    - name: Deploying awx-operator
+      command: make deploy
+      changed_when: false
+      args:
+        chdir: "{{ awx_operator_folder }}"
+      environment:
+        NAMESPACE: "{{ awx_namespace }}"
+  rescue:
+    - name: Cleaning awx-operator folder
+      file:
+        path: "{{ awx_operator_folder }}"
+        state: absent
+    
+    - name: Creating directory for deploying awx-operator
+      file:
+        path: "{{ awx_operator_folder }}"
+        state: directory
+        mode: "{{ file_perm }}"
+
+    - name: Cloning awx-operator from github
+      git:
+        repo: "{{ awx_operator_link }}"
+        dest: "{{ awx_operator_folder }}"
+        version: "{{ awx_operator_version }}"
+
+    - name: Modifying livenessprobe value
+      replace:
+        path: "{{ awx_manager_file }}"
+        regexp: "{{ liveness_probe_initial }}"
+        replace: "{{ liveness_probe_final }}"
+
+    - name: Modifying readinessprobe value
+      replace:
+        path: "{{ awx_manager_file }}"
+        regexp: "{{ readiness_probe_initial }}"
+        replace: "{{ readiness_probe_final }}"
+
+    - name: Deploying awx-operator
+      command: make deploy
+      changed_when: false
+      args:
+        chdir: "{{ awx_operator_folder }}"
+      environment:
+        NAMESPACE: "{{ awx_namespace }}"
 
-- name: Waiting for awx operator deployment {This might take 10-15 minutes}
+- name: Waiting for awx operator deployment
   block:
-    - name: Waiting for awx-operator deployment to be up and running
+    - name: Waiting for awx-operator deployment to be up and running (This might take 10-15 minutes)
       command: kubectl wait --for=condition=available deployment awx-operator-controller-manager -n {{ awx_namespace }} --timeout={{ awx_operator_time }}
       changed_when: false 
   rescue:
@@ -125,7 +164,7 @@
   changed_when: true
   when: not k8s_pods.stdout | regex_search('awx-([A-Za-z0-9]{10})-([A-Za-z0-9]{5})')
 
-- name: Wait for awx pods to get created
+- name: Wait for awx pods to get created (This will take 10min)
   wait_for:
     timeout: "{{ awx_wait_time }}"
   when: not k8s_pods.stdout | regex_search('awx-([A-Za-z0-9]{10})-([A-Za-z0-9]{5})')

control_plane/roles/webui_awx/vars/main.yml

@@ -24,9 +24,9 @@ awx_yml_file_path: "{{ role_path }}/files/awx.yml"
 postgres_storage_class: nfs-client
 projects_existing_claim: awx-pv-claim
 awx_version: 19.4.0
-awx_tag: 0.14.0
+awx_operator_version: 0.17.0
 file_perm: '0644'
-awx_wait_time: 90
+awx_wait_time: 600
 deployment_failure_msg: "Deployment failed due to docker pull rate limit"
 awx_operator_link: "https://github.com/ansible/awx-operator.git"
 awx_manager_file: '/root/awx-operator/config/manager/manager.yaml'
@@ -53,9 +53,9 @@ awx_tcp_ports:
   - 30000-32767
 awx_ui_msg: "AWX Upgrading"
 return_status: 200
-max_retries: 20
+max_retries: 25
 max_delay: 15
-awx_ui_wait_time: 200
+awx_ui_wait_time: 900
 
 # Usage: check_prerequisites.yml
 min_retries: 2
@@ -102,4 +102,4 @@ omnia_job_template_details:
   - { name: deploy_omnia_template, inventory: node_inventory, playbook: omnia.yml, credential: node_credential }
 scheduled_templates:
   - { name: NodeInventorySchedule, template: node_inventory_job, schedule_rule: "DTSTART:20210815T120000Z RRULE:FREQ=MINUTELY;INTERVAL=10", flag: true }
-  - { name: DeviceInventorySchedule, template: device_inventory_job, schedule_rule: "DTSTART:20210815T060000Z RRULE:FREQ=DAILY;INTERVAL=1", flag: "{{ device_support_status }}"}
+  - { name: DeviceInventorySchedule, template: device_inventory_job, schedule_rule: "DTSTART:20210815T060000Z RRULE:FREQ=DAILY;INTERVAL=1", flag: "{{ device_support_status }}"}