Merge branch 'dellhpc:devel' into devel

control_plane/input_params/base_vars.yml

@@ -153,6 +153,12 @@ host_network_nic: "eno3"
 host_network_dhcp_start_range: "172.17.0.100"
 host_network_dhcp_end_range: "172.17.0.200"
 
+# The DNS servers IP address for the internet access of compute nodes(through DHCP routing using cobbler)
+# If this variable is empty, a separate public internet nic should be present in compute nodes for internet access.
+# Optional field
+primary_dns: ""
+secondary_dns: ""
+
 # The mapping file consists of the MAC address and its respective IP address and Hostname and Component_role(if any)
 # 2 Formats are supported for host mapping files:
 # If user wants one-touch provisioning of omnia cluster, format of csv: MAC,Hostname,IP,Component_role
@@ -175,4 +181,4 @@ ib_network_nic: "ib0"
 # The dhcp range for assigning the IPv4 address
 # Example: 172.17.0.1
 ib_network_dhcp_start_range: "172.25.0.100"
-ib_network_dhcp_end_range: "172.25.0.200"
+ib_network_dhcp_end_range: "172.25.0.200"

control_plane/roles/control_plane_common/tasks/validate_provision_vars.yml

@@ -79,3 +79,61 @@
       - provision_os in iso_file_path | lower
     fail_msg: "{{ invalid_iso_file_path }}"
     success_msg:  "{{ valid_iso_file_path }}"
+
+- name: Warning - waiting for 30 seconds
+  pause:
+    seconds: 30
+    prompt: "{{ dns_empty_warning_msg }}"
+  when: 
+     - primary_dns | length < 1
+     - secondary_dns | length < 1  
+
+- name: Validate primary_dns is not empty when secondary_dns provided
+  fail:
+    msg: "{{ primary_dns_empty_msg }}"
+  when: 
+    - primary_dns | length < 1
+    - secondary_dns | length >1
+
+- name: Validate dns inputs
+  block:
+    - name: Assert primary_dns when not empty
+      assert:
+        that:
+          - primary_dns | ipv4
+        success_msg: "{{ primary_dns_success_msg }}"
+        fail_msg: "{{ primary_dns_fail_msg }}"
+
+    - name: Test reachability of primary_dns
+      command: ping -c3 {{ primary_dns }}
+      failed_when: false
+      changed_when: false
+      register: primary_dns_check
+
+    - name: Verify primary_dns is reachable
+      fail:
+        msg: "{{ primary_dns_not_reachable_msg }}"
+      when: ping_search_key in primary_dns_check.stdout
+
+    - name: Validate secondary_dns inputs
+      block:
+        - name: Assert secondary_dns when not empty
+          assert:
+            that:
+              - secondary_dns | ipv4
+              - secondary_dns != primary_dns
+            success_msg: "{{ secondary_dns_success_msg }}"
+            fail_msg: "{{ secondary_dns_fail_msg }}"
+
+        - name: Test reachability of secondary_dns
+          command: ping -c3 {{ secondary_dns }}
+          failed_when: false
+          changed_when: false
+          register: secondary_dns_check
+
+        - name: Verify secondary_dns is reachable
+          debug:
+            msg: "{{ secondary_dns_not_reachable_msg }}"
+          when: ping_search_key in secondary_dns_check.stdout    
+      when: secondary_dns | length > 1
+  when: primary_dns | length > 1

control_plane/roles/control_plane_common/vars/main.yml

@@ -158,6 +158,15 @@ provision_state_success_msg: "provision_state validated"
 provision_state_fail_msg: "Failed. Incorrect provision_state selected. Supported only stateful"
 enable_security_support_success_msg: "enable_security_support validated"
 enable_security_support_fail_msg: "Failed. enable_security_support only accepts boolean values true or false"
+dns_empty_warning_msg: "[WARNING] primary_dns and secondary_dns is empty. DHCP routing in compute nodes for internet access won't be configured. Stop and re-run control_plane.yml, if DHCP routing is required."
+primary_dns_empty_msg: "primary_dns is empty and secondary_dns provided. If one dns entry present, provide primary_dns only."
+primary_dns_success_msg: "primary_dns successfully validated"
+primary_dns_fail_msg: "Failed. Incorrect primary_dns provided in base_vars.yml"
+primary_dns_not_reachable_msg: "Failed. primary_dns is not reachable. Provide valid dns"
+secondary_dns_success_msg: "secondary_dns successfully validated"
+secondary_dns_fail_msg: "Failed. Incorrect secondary_dns provided in base_vars.yml"
+secondary_dns_not_reachable_msg: "[WARNING] secondary_dns is not reachable"
+ping_search_key: "100% packet loss"
 
 # Usage: fetch_sm_inputs.yml
 ib_config_file: "{{ role_path }}/../../input_params/ib_vars.yml"

control_plane/roles/provision_cobbler/tasks/dhcp_configure.yml

@@ -20,6 +20,29 @@
     mode: 0775
   tags: install
 
+- name: Configure DHCP routing settings
+  block:
+    - name: Add option routers when dns provided
+      lineinfile:
+        path: "{{ role_path }}/files/dhcp.template"
+        insertafter: "^(.*)range dynamic-bootp"
+        line: "option routers {{ hpc_ip }};"
+
+    - name: Add domain name servers when primary dns only provided
+      lineinfile:
+        path: "{{ role_path }}/files/dhcp.template"
+        insertafter: "^(.*)range dynamic-bootp"
+        line: "option domain-name-servers {{ primary_dns }};"
+      when: secondary_dns | length < 1
+
+    - name: Add domain name servers when primary and secondary dns provided
+      lineinfile:
+        path: "{{ role_path }}/files/dhcp.template"
+        insertafter: "^(.*)range dynamic-bootp"
+        line: "option domain-name-servers {{ primary_dns }}, {{ secondary_dns }};"
+      when: secondary_dns | length > 1
+  when: primary_dns | length > 1
+  
 - name: Assign subnet and netmask
   replace:
     path: "{{ role_path }}/files/dhcp.template"
@@ -103,4 +126,4 @@
         path: "{{ role_path }}/files/tftp"
         regexp: '^        server_args             = -s /var/lib/tftpboot'
         replace: '        server_args             = -s /srv/tftpboot'
-  when: os_supported_leap in mgmt_os 
+  when: os_supported_leap in mgmt_os

roles/login_node/tasks/install_snoopy.yml

@@ -0,0 +1,39 @@
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Install required packages
+  package:
+    name: "{{ snoopy_packages }}"
+    state: present
+
+- name: Download snoopy package
+  get_url:
+    url: "{{ snoopy_url }}"
+    dest: "{{ snoopy_path }}"
+
+- name: Change permissions
+  file:
+   path: "{{ snoopy_path }}"
+   mode: "{{ snoopy_mode }}"
+
+- name: Run the script
+  shell: sh ./install-snoopy.sh stable
+  args:
+   chdir: "{{ snoopy_path }}"
+  changed_when: false
+
+- name: Enable snoopy
+  command: snoopy-enable
+  changed_when: false

roles/login_node/tasks/main.yml

@@ -23,6 +23,12 @@
     - block:
         - name: FreeIPA configuration
           include_tasks: ipa_configuration.yml
+          
+        - name: Install snoopy
+          include_tasks: install_snoopy.yml
+
+        - name: Install psacct/acct
+          include_tasks: user_monitor.yml
 
         - name: Alert configuration
           include_tasks: configure_alerting.yml

roles/login_node/tasks/user_monitor.yml

@@ -0,0 +1,26 @@
+#  Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Install psacct on rocky
+  package:
+    name: "{{ psacct }}"
+    state: present
+  when: os_leap not in ansible_distribution | lower
+
+- name: Install acct on leap
+  package:
+    name: "{{ acct }}"
+    state: present
+  when: os_leap in ansible_distribution | lower

roles/login_node/vars/main.yml

@@ -46,3 +46,20 @@ mail_packages:
   - mailx
   - postfix
 alerting_file_path: /root/auth_failure_check.yml
+
+# Usage: install_snoopy.yml
+snoopy_packages:
+  - gcc
+  - gzip
+  - make
+  - procps
+  - socat
+  - tar
+  - wget
+snoopy_mode: 0755
+snoopy_url: https://github.com/a2o/snoopy/raw/install/install/install-snoopy.sh
+snoopy_path: /var/lib
+
+# Usage: user_monitor.yml
+psacct: psacct
+acct: acct