Issue #210: omnia_config.yml does not work properly from AWX container

Signed-off-by: sakshiarora13 <sakshi_arora1@dell.com>

appliance/roles/common/tasks/password_config.yml

@@ -17,7 +17,7 @@
   command: cat {{ input_config_filename }}
   changed_when: false
   register: config_content
-S
+
 - name: Decrpyt appliance_config.yml
   command: >-
     ansible-vault decrypt {{ input_config_filename }}
@@ -229,3 +229,76 @@ S
     ansible-vault encrypt {{ input_config_filename }}
     --vault-password-file {{ vault_filename }}
   changed_when: false
+
+- name: Check if omnia_vault_key exists
+  stat:
+    path: "{{ role_path }}/../../../{{ config_vaultname }}"
+  register: vault_key_result
+
+- name: Create ansible vault key if it does not exist
+  set_fact:
+    vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
+  when: not vault_key_result.stat.exists
+
+- name: Save vault key
+  copy:
+    dest: "{{ role_path }}/../../../{{ config_vaultname }}"
+    content: |
+      {{ vault_key }}
+    owner: root
+    force: yes
+  when: not vault_key_result.stat.exists
+
+- name: Check if omnia config file is encrypted
+  command: cat {{ role_path }}/../../../{{ config_filename }}
+  changed_when: false
+  register: config_content
+  no_log: True
+
+- name: Decrpyt omnia_config.yml
+  command: >-
+    ansible-vault decrypt {{ role_path }}/../../../{{ config_filename }}
+    --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+
+- name: Include variable file omnia_config.yml
+  include_vars: "{{ role_path }}/../../../{{ config_filename }}"
+  no_log: True
+
+- name: Validate input parameters are not empty
+  fail:
+    msg: "{{ input_config_failure_msg }}"
+  register: input_config_check
+  when:
+    - mariadb_password | length < 1 or
+      k8s_cni | length < 1
+
+- name: Assert mariadb_password
+  assert:
+    that:
+        - mariadb_password | length > min_length | int - 1
+        - mariadb_password | length < max_length | int + 1
+        - '"-" not in mariadb_password '
+        - '"\\" not in mariadb_password '
+        - '"\"" not in mariadb_password '
+        - " \"'\" not in mariadb_password "
+    success_msg: "{{ success_msg_mariadb_password }}"
+    fail_msg: "{{ fail_msg_mariadb_password }}"
+
+- name: Assert kubernetes cni
+  assert:
+    that: "('calico' in k8s_cni) or ('flannel' in k8s_cni)"
+    success_msg: "{{ success_msg_k8s_cni }}"
+    fail_msg: "{{ fail_msg_k8s_cni }}"
+
+- name: Save input variables from file
+  set_fact:
+    db_password: "{{ mariadb_password }}"
+    k8s_cni: "{{ k8s_cni }}"
+  no_log: True
+
+- name: Encrypt input config file
+  command: >-
+    ansible-vault encrypt {{ role_path }}/../../../{{ config_filename }}
+    --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
+  changed_when: false

appliance/roles/common/vars/main.yml

@@ -80,3 +80,9 @@ min_length: 8
 max_length: 30
 nic_min_length: 3
 vault_filename: .vault_key
+config_filename: "omnia_config.yml"
+config_vaultname: .omnia_vault_key
+fail_msg_mariadb_password: "maria_db password not given in correct format."
+success_msg_mariadb_password: "mariadb_password validated"
+success_msg_k8s_cni: "Kubernetes CNI Validated"
+fail_msg_k8s_cni: "Kubernetes CNI not correct."

appliance/roles/inventory/files/add_host.yml

@@ -35,9 +35,13 @@
   lineinfile:
     path:  "/root/inventory"
     line: "    {{ item }}:\n      _awx_description: {{ host_description }}"
-  when: not check_host.stdout | regex_search(item)
+  when:
+    - not check_host.stdout | regex_search(item)
+    - host_description != "Description Unavailable"
 
 - name: Host added msg
   debug:
     msg: "{{ host_added_msg + item }}"
-  when: not check_host.stdout | regex_search(item)
+  when:
+    - not check_host.stdout | regex_search(item)
+    - host_description != "Description Unavailable"

appliance/roles/inventory/files/create_inventory.yml

@@ -47,45 +47,57 @@
 - name: Set hostname on reachable nodes and gather facts
   hosts: reachable
   gather_facts: False
+  ignore_unreachable: true
   remote_user: "{{ cobbler_username }}"
   vars:
     ansible_password: "{{ cobbler_password }}"
     ansible_become_pass: "{{ cobbler_password }}"
     ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
+    mapping_file_present: ""
   tasks:
     - name: Setup
       setup:
        filter: ansible_*
-    
+
     - name: Check hostname of server
       command: hostname
       register: hostname_check
-      changed_when: false     
+      changed_when: false
+      ignore_errors: true
 
     - name: Check if IP present in mapping file
-      shell: grep "{{ inventory_hostname }}" {{ role_path }}/files/new_mapping_file.csv
+      command: grep "{{ inventory_hostname }}" ../../provision/files/new_mapping_file.csv
       delegate_to: localhost
       register: file_present
-      changed_when: false
+      when: mapping_file == "true"
+      ignore_errors: true
+
+    - name: Set fact if mapping file present
+      set_fact:
+        mapping_file_present: file_present.stdout
+      when: mapping_file == "true"
+      ignore_errors: true
 
     - name: Get the static hostname from mapping file
-      shell:  grep -Po ".* (?="{{ inventory_hostname }}")" {{ role_path }}/files/new_mapping_file.csv| awk -F',' '{print $2}'
+      shell: awk -F',' '$3 == "{{ inventory_hostname }}" { print $2 }' ../../provision/files/new_mapping_file.csv
       delegate_to: localhost
-      when: ('localhost' in hostname_check.stdout) and (file_present.stdout != "")
-      changed_when: false
+      when: ('localhost' in hostname_check.stdout) and (mapping_file_present != "" ) and ( mapping_file == "true" )
       register: host_name
+      ignore_errors: true
 
     - name: Set the hostname from mapping file
       hostname:
         name: "{{ host_name.stdout }}"
       register: result_host_name
-      when: ('localhost' in hostname_check.stdout) and (file_present.stdout != "")
+      when: ('localhost' in hostname_check.stdout) and (mapping_file_present != "" ) and  (mapping_file == "true" )
+      ignore_errors: true
 
     - name: Set the system hostname
       hostname:
         name: "compute{{ inventory_hostname.split('.')[-2] + '-' + inventory_hostname.split('.')[-1] }}"
       register: result_name
-      when: ('localhost' in hostname_check.stdout) and (file_present.stdout == "")
+      when: ('localhost' in hostname_check.stdout) and (mapping_file_present == "")
+      ignore_errors: true
 
     - name: Add new hostname to /etc/hosts
       lineinfile:
@@ -93,7 +105,8 @@
         regexp: '^127\.0\.0\.1[ \t]+localhost'
         line: "127.0.0.1 localhost {{ host_name.stdout }}"
         state: present
-      when: "'localhost' in hostname_check.stdout" and (file_present.stdout != "")
+      when: ('localhost' in hostname_check.stdout) and ( mapping_file_present != "" ) and ( mapping_file == "true" )
+      ignore_errors: true
 
     - name: Add new hostname to /etc/hosts
       lineinfile:
@@ -101,7 +114,8 @@
         regexp: '^127\.0\.0\.1[ \t]+localhost'
         line: "127.0.0.1 localhost 'compute{{ inventory_hostname.split('.')[-2] + '-' + inventory_hostname.split('.')[-1] }}'"
         state: present
-      when: "'localhost' in hostname_check.stdout" and (file_present.stdout == "" )
+      when: ('localhost' in hostname_check.stdout) and (mapping_file_present == "" )
+      ignore_errors: true
 
 - name: Update inventory
   hosts: localhost

appliance/roles/inventory/tasks/main.yml

@@ -49,13 +49,14 @@
     - name: Save input variables from file
       set_fact:
         cobbler_password: "{{ provision_password }}"
+        mapping_file: "{{ mapping_file_exists }}"
       no_log: True
 
     - name: Encrypt input config file
       command: >-
         ansible-vault encrypt {{ input_config_filename }}
         --vault-password-file {{ vault_filename }}
-      when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
+      changed_when: false
 
     - name: Check if inventory file already exists
       stat:
@@ -79,16 +80,16 @@
           command: >-
             ansible-playbook -i {{ role_path }}/files/provisioned_hosts.yml
             {{ role_path }}/files/create_inventory.yml
-            --extra-vars "cobbler_username={{ cobbler_username }} cobbler_password={{ cobbler_password }}"
+            --extra-vars "cobbler_username={{ cobbler_username }} cobbler_password={{ cobbler_password }} mapping_file={{ mapping_file }}"
           no_log: True
           register: register_error
       rescue:
         - name: Fail if host addition was not successful
           fail:
-            msg: "{{ register_error.stdout | regex_replace(cobbler_username) | regex_replace(cobbler_password) }}"
+            msg: "{{ register_error.stderr + register_error.stdout | regex_replace(cobbler_username) | regex_replace(cobbler_password) }}"
 
   when: provisioned_file_result.stat.exists
 
 - name: push inventory to AWX
   command: awx-manage inventory_import --inventory-name {{ omnia_inventory_name }} --source /root/inventory
-  when: provisioned_file_result.stat.exists
+  when: provisioned_file_result.stat.exists

appliance/roles/provision/tasks/provision_password.yml

@@ -34,7 +34,7 @@
   tags: install
 
 - name: Copy cobbler password to cobbler config file
-  shell: printf "%s:%s:%s\n" "{{ username }}" "Cobbler" "{{ encrypt_SSS.stdout }}" > "{{ role_path }}/files/.users.digest"
+  shell: printf "%s:%s:%s\n" "{{ username }}" "Cobbler" "{{ encrypt_password.stdout }}" > "{{ role_path }}/files/.users.digest"
   changed_when: false
   no_log: true
   tags: install

roles/cluster_validation/tasks/fetch_password.yml

@@ -83,4 +83,4 @@
   command: >-
     ansible-vault encrypt {{ role_path }}/../../{{ config_filename }}
     --vault-password-file {{ role_path }}/../../{{ config_vaultname }}
-  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
+  changed_when: false