Merge pull request #376 from abhishek-s-a/devel

Issue #375: Provision PowerEdge iDRAC Servers

control_plane/roles/control_plane_customiso/files/add_nfs_client.yml

@@ -0,0 +1,54 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Add nfs client entries
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Include control_plane_repo vars
+      include_vars: ../../control_plane_repo/vars/main.yml
+
+    - name: Check if idrac inventory file exists
+      stat:
+        path: "../../collect_device_info/files/idrac_inventory"
+      register: provisioned_file_result
+
+    - name: Check {{ exports_file_path }}
+      command: cat {{ exports_file_path }}
+      register: exports_file_check
+      changed_when: false
+      when: provisioned_file_result.stat.exists
+
+    - name: Adding NFS share entries in {{ exports_file_path }}
+      lineinfile:
+        path: "{{ exports_file_path }}"
+        line: "{{ nfs_share_offline_repo }} {{ item }}(rw,sync,no_root_squash)"
+      when:
+        - provisioned_file_result.stat.exists
+        - item not in exports_file_check.stdout
+      loop: "{{ lookup('file', '../../collect_device_info/files/idrac_inventory').splitlines() }}"
+
+    - name: Exporting the shared directories
+      command: /usr/sbin/exportfs -r
+      changed_when: true
+      when: provisioned_file_result.stat.exists
+
+    - name: Copy exports file to custom_iso role
+      copy:
+        src: "{{ exports_file_path }}"
+        dest: "{{ playbook_dir }}/exports"
+        mode: preserve
+      when: provisioned_file_result.stat.exists

control_plane/roles/control_plane_customiso/files/temp_centos7.cfg

@@ -0,0 +1,56 @@
+# Install OS instead of upgrade
+install
+
+# SELinux configuration
+selinux --disabled
+
+# Firewall configuration
+firewall --disabled
+
+# text install
+text
+
+# Do not configure the X Window System
+skipx
+
+ignoredisk --only-use=sda
+
+# Keyboard layouts
+keyboard us
+
+# System language
+lang ks_language
+
+# Network information
+network  --bootproto=dhcp --device=ks_nic --onboot=on
+
+# Root password
+rootpw --iscrypted ks_password
+
+# System services
+services --enabled="chronyd"
+
+# System timezone
+timezone --utc ks_timezone
+
+# System bootloader configuration
+bootloader --location=mbr --boot-drive=sda
+
+# Partition clearing information
+clearpart --all --initlabel --drives=sda
+
+# Clear the Master Boot Record
+zerombr
+
+# Disk Partitioning
+partition /boot/efi --asprimary --fstype=vfat --label EFI  --size=200
+partition /boot     --asprimary --fstype=ext4 --label BOOT --size=500
+partition /         --asprimary --fstype=ext4 --label ROOT --size=4096 --grow
+
+# Reboot after installation
+reboot
+
+%packages
+@core
+net-tools
+%end

control_plane/roles/control_plane_customiso/tasks/check_prerequisites.yml

@@ -0,0 +1,46 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Install genisoimage package
+  package:
+    name: genisoimage
+    state: present
+  tags: install
+
+- name: Install ansible-galaxy modules
+  command: ansible-galaxy collection install {{ item }}
+  changed_when: true
+  with_items:
+   - community.general
+   - dellemc.openmanage
+
+- name: Install omsdk using pip
+  pip:
+    name: omsdk
+    state: present
+  tags: install
+
+- name: Check iso mount folder
+  stat:
+    path: "{{ iso_mount_path }}{{ isolinux_cfg_path }}"
+  register: check_mount_iso
+  tags: install
+
+- name: Incorrect iso mount
+  fail:
+    msg: "{{ iso_mount_check_fail_msg }}"
+  when: not check_mount_iso.stat.exists
+  register: iso_mount_fail
+  tags: install

control_plane/roles/control_plane_customiso/tasks/create_unattended_iso.yml

@@ -0,0 +1,64 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Create custom ISO
+  command: >-
+    mkisofs -o {{ role_path }}/files/{{ unattended_iso_filename }} -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4
+    -boot-info-table -eltorito-alt-boot -e images/efiboot.img -no-emul-boot -J -R -V "CentOS 7 x86_64"  {{ tmp_iso_dir }}
+  changed_when: true
+  register: custom_iso_status
+  tags: install
+  args:
+    chdir: "{{ tmp_iso_dir }}"
+
+- name: Custom ISO creation status check
+  assert:
+    that:
+      - "'Total directory bytes:' in custom_iso_status.stderr"
+      - "'Path table size(bytes):' in custom_iso_status.stderr"
+      - "'Max brk space used' in custom_iso_status.stderr"
+      - "'extents written' in custom_iso_status.stderr"
+    success_msg: "{{ custom_iso_success_msg }}"
+    fail_msg: "{{ custom_iso_fail_msg }}"
+  register: iso_success_check
+
+- name: Remove the kickstart file
+  file:
+    path: "{{ role_path }}/files/{{ kickstart_file }}"
+    state: absent
+  tags: install
+
+- name: Include control_plane_repo vars
+  include_vars: ../../control_plane_repo/vars/main.yml
+
+- name: Copy ISO file to nfs share
+  copy:
+    src: "{{ role_path }}/files/{{ unattended_iso_filename }}"
+    dest: "{{ nfs_share_offline_repo }}/{{ unattended_iso_filename }}"
+    mode: preserve
+  tags: install
+
+- name: Fetch ansible-playbook location
+  command: whereis ansible-playbook
+  changed_when: false
+  register: ansible_playbook_location
+  tags: install
+
+- name: Schedule task
+  cron:
+    name: "Add idrac IP to nfs exports"
+    minute: "*/10"
+    job: "if ! out=`{{ ansible_playbook_location.stdout.split(' ')[1] }} {{ role_path }}/files/add_nfs_client.yml`; then echo $out >> {{ cron_error_log }}; fi"
+  tags: install

control_plane/roles/control_plane_customiso/tasks/edit_iso_config.yml

@@ -0,0 +1,112 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Create iso directory
+  file:
+    path: "{{ tmp_iso_dir }}"
+    state: directory
+    mode: "{{ file_permission }}"
+  tags: install
+
+- name: Copy files to tmpiso folder
+  copy:
+    src: "{{ iso_mount_path }}"
+    dest: "{{ tmp_iso_dir }}"
+    mode: preserve
+  tags: install
+
+- name: Edit isolinux.cfg
+  replace:
+    path: "{{ tmp_iso_dir }}{{ isolinux_cfg_path }}"
+    regexp: "{{ item.regexp }}"
+    replace: "{{ item.replace }}"
+  with_items:
+      - { regexp: "append initrd=initrd.img", replace: "append initrd=initrd.img ks=cdrom:/{{ kickstart_file }}" }
+      - { regexp: "rd.live.check quiet", replace: "" }
+  tags: install
+
+- name: Edit grub.cfg
+  replace:
+    path: "{{ tmp_iso_dir }}{{ grub_cfg_path }}"
+    regexp: "{{ item.regexp }}"
+    replace: "{{ item.replace }}"
+  with_items:
+      - { regexp: "kernel /images/pxeboot/vmlinuz", replace: "kernel /images/pxeboot/vmlinuz ks=cdrom:/{{ kickstart_file }}" }
+      - { regexp: "linuxefi /images/pxeboot/vmlinuz", replace: "linuxefi /images/pxeboot/vmlinuz ks=cdrom:/{{ kickstart_file }}" }
+      - { regexp: "rd.live.check quiet", replace: "" }
+  tags: install
+
+- name: Remove the kickstart file if exists
+  file:
+    path: "{{ role_path }}/files/{{ kickstart_file }}"
+    state: absent
+  tags: install
+
+- name: Create the kickstart file
+  copy:
+    src: "{{ role_path }}/files/temp_centos7.cfg"
+    dest: "{{ role_path }}/files/{{ kickstart_file }}"
+    mode: "{{ file_permission }}"
+  tags: install
+
+- name: Random phrase generation
+  command: openssl rand -base64 12
+  changed_when: false
+  register: generate_random_phrase
+  tags: install
+  no_log: true
+
+- name: Encrypt login password
+  command: openssl passwd -1 -salt {{ generate_random_phrase.stdout }} {{ provision_password }}
+  no_log: true
+  changed_when: false
+  register: encrypt_login_pass
+  tags: install
+
+- name: Configure kickstart file - Password
+  replace:
+    path: "{{ role_path }}/files/{{ kickstart_file }}"
+    regexp: '^rootpw --iscrypted ks_password'
+    replace: 'rootpw --iscrypted {{ encrypt_login_pass.stdout }}'
+  no_log: true
+  tags: install
+
+- name: Configure kickstart file - nic
+  replace:
+    path: "{{ role_path }}/files/{{ kickstart_file }}"
+    regexp: '^network  --bootproto=dhcp --device=ks_nic --onboot=on'
+    replace: 'network  --bootproto=dhcp --device={{ host_network_nic }} --onboot=on'
+  tags: install
+
+- name: Configure kickstart file - timezone
+  replace:
+    path: "{{ role_path }}/files/{{ kickstart_file }}"
+    regexp: '^timezone --utc ks_timezone'
+    replace: 'timezone --utc {{ timezone }}'
+  tags: install
+
+- name: Configure kickstart file - language
+  replace:
+    path: "{{ role_path }}/files/{{ kickstart_file }}"
+    regexp: '^lang ks_language'
+    replace: 'lang {{ language }}'
+  tags: install
+
+- name: Copy kickstart file to iso mount path
+  copy:
+    src: "{{ role_path }}/files/{{ kickstart_file }}"
+    dest: "/tmp/tmpiso/{{ kickstart_file }}"
+    mode: preserve
+  tags: install

control_plane/roles/control_plane_customiso/tasks/main.yml

@@ -1,4 +1,4 @@
-# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,7 +13,13 @@
 #  limitations under the License.
 ---
 
-# Will be updated later in each PR
-- name: Pass
-  debug:
-    msg: "Pass"
+# tasks file for control_plane_customiso
+
+- name: Check iso mount path
+  include_tasks: check_prerequisites.yml
+
+- name: Edit iso config files
+  include_tasks: edit_iso_config.yml
+
+- name: Create unattended iso file
+  include_tasks: create_unattended_iso.yml

control_plane/roles/control_plane_customiso/vars/main.yml

@@ -0,0 +1,33 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+# vars file for control_plane_customiso
+
+#Usage: check_prerequisites.yml
+iso_mount_path: /mnt/iso/
+iso_mount_check_fail_msg: "ISO file not mounted. Ensure /mnt/iso path is mounted with centos ISO file."
+
+#Usage: edit_iso_config.yml
+tmp_iso_dir: /tmp/tmpiso/
+kickstart_file: centos7.cfg
+file_permission: 0744
+isolinux_cfg_path: isolinux/isolinux.cfg
+grub_cfg_path: EFI/BOOT/grub.cfg
+
+#Usage: create_unattended_iso.yml
+unattended_iso_filename: unattended_centos7.iso
+custom_iso_success_msg: "Unattended ISO file created successfully"
+custom_iso_fail_msg: "Unattended ISO file creation failed. Ensure /mnt/iso path is mounted with valid centos minimal ISO file."
+cron_error_log: /var/log/nfs_cron_error.log

control_plane/roles/provision_idrac/files/temp_scp.xml

@@ -0,0 +1,13 @@
+<SystemConfiguration>
+<Component FQDD="BIOS.Setup.1-1">
+  <Attribute Name="BootMode">Uefi</Attribute>
+  <Attribute Name="BootSeqRetry">Enabled</Attribute>
+</Component>
+<Component FQDD="iDRAC.Embedded.1">
+  <Attribute Name="SNMP.1#AgentEnable">Enabled</Attribute>
+  <Attribute Name="SNMP.1#TrapFormat">SNMPv1</Attribute>
+  <Attribute Name="SNMP.1#SNMPProtocol">All</Attribute>
+  <Attribute Name="SNMP.1#DiscoveryPort">161</Attribute>
+  <Attribute Name="SNMP.1#AlertPort">162</Attribute>
+</Component>
+</SystemConfiguration>

control_plane/roles/provision_idrac/tasks/check_prerequisites.yml

@@ -0,0 +1,156 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Include control_plane_repo vars
+  include_vars: ../../control_plane_repo/vars/main.yml
+  run_once: true
+
+- name: Include custom_iso vars
+  include_vars: ../../control_plane_customiso/vars/main.yml
+  run_once: true
+
+- name: Check unattended ISO file
+  stat:
+    path: "{{ role_path }}/../control_plane_customiso/files/{{ unattended_iso_filename }}"
+  register: custom_iso_check
+  run_once: true
+
+- name: Custom ISO file not present
+  fail:
+    msg: "{{ custom_iso_check_fail_msg }}"
+  when: not custom_iso_check.stat.exists
+  register: custom_iso_fail
+
+- name: Adding NFS share entries in {{ exports_file_path }}
+  lineinfile:
+    path: "{{ exports_file_path }}"
+    line: "{{ nfs_share_offline_repo }} {{ inventory_hostname }}(rw,sync,no_root_squash)"
+  when: '"awx-" not in hostname.stdout'
+
+- name: Exporting the shared directories
+  command: exportfs -r
+  changed_when: true
+  when: '"awx-" not in hostname.stdout'
+  run_once: true
+
+- name: Check nfs exports file present
+  stat:
+    path: "{{ role_path }}/../control_plane_customiso/files/exports"
+  register: nfs_exports_present
+  when: '"awx-" in hostname.stdout'
+  run_once: true
+
+- name: Check nfs exports file content
+  command: cat "{{ role_path }}/../control_plane_customiso/files/exports"
+  changed_when: false
+  register: check_exports_path
+  run_once: true
+  when:
+    - '"awx-" in hostname.stdout'
+    - nfs_exports_present.stat.exists
+
+- name: Missing entries in nfs exports
+  fail:
+    msg: "{{ missing_exports_fail_msg }}"
+  when:
+    - '"awx-" in hostname.stdout'
+    - not nfs_exports_present.stat.exists or
+      check_exports_path.rc == 1 or
+      inventory_hostname not in check_exports_path.stdout
+
+- name: Fetch management station ip from exports file
+  shell: awk 'FNR==1' {{ role_path }}/../control_plane_customiso/files/exports | awk '{print $2}'
+  changed_when: false
+  register: fetch_public_ip
+  when: '"awx-" in hostname.stdout'
+
+- name: Set public ip
+  set_fact:
+    public_ip: "{{ fetch_public_ip.stdout.split(\"(\")[0] }}"
+  when: '"awx-" in hostname.stdout'
+
+- name: Initialize variables
+  set_fact:
+    raid_type: false
+    raid_controller_sensor: ""
+    raid_enclosure_name: ""
+    drives_id: ""
+    enterprise_license: false
+    datacenter_license: false
+    provision_status: false
+
+- name: Check provisioned_idrac_ip.yml file present
+  stat:
+    path: "{{ role_path }}/files/provisioned_idrac_ip.yml"
+  register: provisioned_file_present
+  run_once: true
+
+- name: Check idrac server is already provisioned
+  command: cat {{ role_path }}/files/provisioned_idrac_ip.yml
+  changed_when: false
+  register: check_provision_status
+  when: provisioned_file_present.stat.exists
+  run_once: true
+
+- name: Removing hosts already provisioned
+  fail:
+    msg: "{{ provision_fail_msg }}"
+  when:
+    - provisioned_file_present.stat.exists
+    - inventory_hostname in check_provision_status.stdout
+
+- name: Show status of the Lifecycle Controller
+  dellemc.openmanage.idrac_lifecycle_controller_status_info:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+  register: lc_check_status
+
+- name: LC not available
+  fail:
+    msg: "{{ lc_check_fail_msg }}"
+  when: not lc_check_status.lc_status_info.LCReady
+  register: lc_fail
+
+- name: Get system inventory
+  dellemc.openmanage.idrac_system_info:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+  register: idrac_info
+
+- name: Set enterprise license status
+  set_fact:
+    enterprise_license: true
+  with_items: "{{ idrac_info.system_info.License }}"
+  when:
+    - '"iDRAC" in idrac_info.system_info.License[my_idx1].LicenseDescription'
+    - '"Enterprise" in idrac_info.system_info.License[my_idx1].LicenseDescription'
+    - '"License" in idrac_info.system_info.License[my_idx1].LicenseDescription'
+    - '"Healthy" in idrac_info.system_info.License[my_idx1].PrimaryStatus'
+  loop_control:
+    index_var: my_idx1
+
+- name: Set datacenter license status
+  set_fact:
+    datacenter_license: true
+  with_items: "{{ idrac_info.system_info.License }}"
+  when:
+    - '"iDRAC" in idrac_info.system_info.License[my_idx2].LicenseDescription'
+    - '"Datacenter" in idrac_info.system_info.License[my_idx2].LicenseDescription'
+    - '"License" in idrac_info.system_info.License[my_idx2].LicenseDescription'
+    - '"Healthy" in idrac_info.system_info.License[my_idx2].PrimaryStatus'
+  loop_control:
+    index_var: my_idx2

control_plane/roles/provision_idrac/tasks/create_vd.yml

@@ -0,0 +1,58 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Set RAID status
+  set_fact:
+    raid_type: true
+    raid_controller_sensor: "{{ idrac_info.system_info.ControllerSensor[my_idx3].FQDD }}"
+    raid_enclosure_name: "Enclosure.Internal.0-1:{{ idrac_info.system_info.ControllerSensor[my_idx3].FQDD }}"
+    raid_vd_status: "{{ idrac_info.system_info.VirtualDisk is defined and idrac_info.system_info.VirtualDisk[0].Name == \"omnia_vd\" }}"
+  with_items: "{{ idrac_info.system_info.Controller }}"
+  loop_control:
+    index_var: my_idx3
+  when: '"RAID" in idrac_info.system_info.ControllerSensor[my_idx3].FQDD'
+
+- name: View existing storage details
+  dellemc.openmanage.dellemc_idrac_storage_volume:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+    state: "view"
+  register: idrac_volume_list
+  when: raid_type and not raid_vd_status
+
+- name: Set drives details
+  set_fact:
+    drives_id: "{{ idrac_volume_list.storage_status.Message.Controller[raid_controller_sensor].Enclosure[raid_enclosure_name].PhysicalDisk }}"
+    drives_count: "{{ idrac_volume_list.storage_status.Message.Controller[raid_controller_sensor].Enclosure[raid_enclosure_name].PhysicalDisk | length }}"
+  when: raid_type and not raid_vd_status
+
+- name: Create VD
+  dellemc.openmanage.dellemc_idrac_storage_volume:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+    state: "create"
+    controller_id: "{{ raid_controller_sensor }}"
+    raid_reset_config: "True"
+    volume_type: "{{ raid_level }}"
+    raid_init_operation: "Fast"
+    volumes:
+      - name: "omnia_vd"
+        span_length: "{{ drives_count }}"
+        drives:
+          id: "{{ drives_id }}"
+  register: create_vd_status
+  when: raid_type and not raid_vd_status

control_plane/roles/provision_idrac/tasks/deploy_os.yml

@@ -0,0 +1,52 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Set one-time boot device to PXE
+  community.general.redfish_command:
+    category: Systems
+    command: SetOneTimeBoot
+    bootdevice: "Pxe"
+    baseuri: "{{ inventory_hostname }}"
+    username: "{{ idrac_username }}"
+    password: "{{ idrac_password }}"
+  when: not (enterprise_license or datacenter_license)
+
+- name: Reboot server
+  dellemc.openmanage.redfish_powerstate:
+    baseuri: "{{ inventory_hostname }}"
+    username: "{{ idrac_username }}"
+    password: "{{ idrac_password }}"
+    reset_type: ForceRestart
+  when: not (enterprise_license or datacenter_license)
+  register: deploy_os
+
+- name: Install OS using iDRAC
+  dellemc.openmanage.idrac_os_deployment:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+    share_name: "{{ public_ip }}:{{ nfs_share_offline_repo }}"
+    iso_image: "{{ unattended_iso_filename }}"
+    expose_duration: "{{ expose_duration }}"
+  register: deploy_os
+  when: enterprise_license or datacenter_license
+
+- name: Add idrac ip to provisioned_idrac_ip.yml
+  lineinfile:
+    path: "{{ role_path }}/files/provisioned_idrac_ip.yml"
+    create: yes
+    mode: "{{ file_permission }}"
+    line: "{{ inventory_hostname }}"
+  when: not deploy_os.failed

control_plane/roles/provision_idrac/tasks/fetch_idrac_credentials.yml

@@ -0,0 +1,42 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check if {{ login_input_filename }} file is encrypted
+  command: cat {{ login_input_filename }}
+  changed_when: false
+  no_log: true
+  register: config_content
+  run_once: true
+
+- name: Decrpyt {{ login_input_filename }}
+  command: >-
+    ansible-vault decrypt {{ login_input_filename }}
+    --vault-password-file {{ login_vault_filename }}
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+  changed_when: false
+  run_once: true
+
+- name: Include variable file {{ login_input_filename }}
+  include_vars: "{{ login_input_filename }}"
+  no_log: true
+  run_once: true
+
+- name: Encrypt {{ login_input_filename }}
+  command: >-
+    ansible-vault encrypt {{ login_input_filename }}
+    --vault-password-file {{ login_vault_filename }}
+  changed_when: false
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+  run_once: true

control_plane/roles/provision_idrac/tasks/import_scp.yml

@@ -0,0 +1,119 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Remove the scp file if exists
+  file:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    state: absent
+  run_once: true
+
+- name: Create scp file
+  copy:
+    src: "{{ role_path }}/files/temp_scp.xml"
+    dest: "{{ role_path }}/files/{{ scp_filename }}"
+    mode: preserve
+  run_once: true
+
+- name: Add system profile value Performance to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: '  <Attribute Name="SysProfile">PerfOptimized</Attribute>'
+    insertafter: '^(.*)BootSeqRetry'
+  when: idrac_system_profile == "Performance"
+  run_once: true
+
+- name: Add system profile value PerformancePerWatt(OS) to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: '  <Attribute Name="SysProfile">PerfPerWattOptimizedOs</Attribute>'
+    insertafter: '^(.*)BootSeqRetry'
+  when: idrac_system_profile == "PerformancePerWatt(OS)"
+  run_once: true
+
+- name: Add system profile value PerformancePerWatt(DAPC) to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: '  <Attribute Name="SysProfile">PerfPerWattOptimizedDapc</Attribute>'
+    insertafter: '^(.*)BootSeqRetry'
+  when: idrac_system_profile == "PerformancePerWatt(DAPC)"
+  run_once: true
+
+- name: Add system profile value WorkstationPerformance to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: '  <Attribute Name="SysProfile">PerfWorkStationOptimized</Attribute>'
+    insertafter: '^(.*)BootSeqRetry'
+  when: idrac_system_profile == "WorkstationPerformance"
+  run_once: true
+
+- name: Add PXE attributes to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: "{{ item }}"
+    insertafter: '^(.*)SysProfile'
+    with_items:
+      - '  <Attribute Name="PxeDev1VlanPriority">0</Attribute>'
+      - '  <Attribute Name="PxeDev1Interface">NIC.Integrated.1-1-1</Attribute>'
+      - '  <Attribute Name="PxeDev1VlanId">1</Attribute>'
+      - '  <Attribute Name="PxeDev1VlanEnDis">Enabled</Attribute>'
+      - '  <Attribute Name="PxeDev1Protocol">IPv4</Attribute>'
+      - '  <Attribute Name="PxeDev1EnDis">Enabled</Attribute>'
+  when: not (enterprise_license or datacenter_license)
+  run_once: true
+
+- name: Disable PXE attributes to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: '  <Attribute Name="PxeDev1EnDis">Disabled</Attribute>'
+    insertafter: '^(.*)SysProfile'
+  when: enterprise_license or datacenter_license
+  run_once: true
+
+- name: Add SNMP community name attribute to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: '  <Attribute Name="SNMP.1#AgentCommunity">{{ snmp_community_name }}</Attribute>'
+    insertafter: '^(.*)SNMP.1#AgentEnable'
+  run_once: true
+
+- name: Add SNMP trap destination attributes to scp file
+  lineinfile:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    line: "{{ item }}"
+    insertafter: '^(.*)SNMP.1#AlertPort'
+  with_items:
+    - '  <Attribute Name="SNMPAlert.1#Destination">{{ snmp_trap_destination }}</Attribute>'
+    - '  <Attribute Name="SNMPAlert.1#State">Enabled</Attribute>'
+  when: snmp_trap_status
+  run_once: true
+
+- name: Import SCP from a local path and wait for this job to get completed
+  dellemc.openmanage.idrac_server_config_profile:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+    share_name: "{{ role_path }}/files/"
+    command: "import"
+    scp_file: "{{ scp_filename }}"
+    scp_components: "ALL"
+    shutdown_type: "Graceful"
+    job_wait: "True"
+  register: import_scp_status
+
+- name: Remove the scp file
+  file:
+    path: "{{ role_path }}/files/{{ scp_filename }}"
+    state: absent
+  run_once: true

control_plane/roles/provision_idrac/tasks/main.yml

@@ -1,19 +1,31 @@
 # Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#     http://www.apache.org/licenses/LICENSE-2.0
 #
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
 ---
 
-# Will be updated later in each PR
-- name: Pass
-  debug:
-    msg: "Pass"
+# tasks file for provision_idrac
+
+- name: Validate idrac parameters
+  include_tasks: validate_idrac_vars.yml
+
+- name: Check prerequisites
+  include_tasks: check_prerequisites.yml
+
+- name: Import SCP
+  include_tasks: import_scp.yml
+
+- name: Create VD
+  include_tasks: create_vd.yml
+
+- name: Deploy OS
+  include_tasks: deploy_os.yml

control_plane/roles/provision_idrac/tasks/validate_idrac_vars.yml

@@ -0,0 +1,102 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Include variable file idrac_vars.yml
+  include_vars: "{{ idrac_input_filename }}"
+  run_once: true
+
+- name: Include variable file base_vars.yml
+  include_vars: "{{ base_input_filename }}"
+  run_once: true
+
+- name: Initialize variables
+  set_fact:
+    snmp_trap_status: false
+  run_once: true
+
+- name: Validate input parameters are not empty
+  fail:
+    msg: "{{ idrac_input_fail_msg }}"
+  register: idrac_config_check
+  when:
+    - idrac_system_profile | length < 1
+
+- name: Assert idrac_system_profile value
+  assert:
+    that:
+      - idrac_system_profile == "Performance" or idrac_system_profile == "PerformancePerWatt(DAPC)" or idrac_system_profile == "PerformancePerWatt(OS)" or idrac_system_profile == "WorkstationPerformance"
+    success_msg: "{{ idrac_system_profile_success_msg }}"
+    fail_msg: "{{ idrac_system_profile_fail_msg }}"
+
+- name: Assert firmware_update_required value
+  assert:
+    that:
+      - firmware_update_required == true or firmware_update_required == false
+    success_msg: "{{ firmware_update_success_msg }}"
+    fail_msg: "{{ firmware_update_fail_msg }}"
+
+- name: Assert snmp_community_name value
+  assert:
+    that:
+      - snmp_community_name | length > 1
+    success_msg: "{{ snmp_community_success_msg }}"
+    fail_msg: "{{ snmp_community_fail_msg }}"
+
+- name: Set snmp trap destination status
+  set_fact:
+    snmp_trap_status: true
+  when: snmp_trap_destination | length > 1
+  run_once: true
+
+- name: Assert snmp_trap_destination value
+  assert:
+    that:
+      - snmp_trap_destination | length > 6
+    success_msg: "{{ snmp_trap_dest_success_msg }}"
+    fail_msg: "{{ snmp_trap_dest_fail_msg }}"
+  when: snmp_trap_status
+
+- name: Check hostname
+  command: hostname
+  changed_when: false
+  register: hostname
+  run_once: true
+
+- name: Fetch the system public IP
+  set_fact:
+    public_ip: "{{ lookup('vars','ansible_'+public_nic).ipv4.address }}"
+  run_once: true
+  when: '"awx-" not in hostname.stdout'
+
+- name: Assert public IP
+  assert:
+    that:
+      - public_ip | length > 7
+      - public_ip | ipv4
+    success_msg: "{{ public_ip_success_msg }}"
+    fail_msg: "{{ public_ip_fail_msg }}"
+  when: '"awx-" not in hostname.stdout'
+
+- name: Fetch idrac credentials
+  include_tasks: fetch_idrac_credentials.yml
+  when: '"awx-" not in hostname.stdout'
+
+- name: Set idrac credentials
+  set_fact:
+    idrac_username: "{{ lookup('env','ANSIBLE_NET_USERNAME') }}"
+    idrac_password: "{{ lookup('env','ANSIBLE_NET_PASSWORD') }}"
+  no_log: true
+  when: '"awx-" in hostname.stdout'
+  run_once: true

control_plane/roles/provision_idrac/vars/main.yml

@@ -0,0 +1,49 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# vars file for provision_idrac
+
+# Usage: validate_idrac_vars.yml
+idrac_input_filename: input_params/idrac_vars.yml
+base_input_filename: input_params/base_vars.yml
+login_input_filename: input_params/login_vars.yml
+login_vault_filename: input_params/.login_vault_key
+idrac_input_fail_msg: "Please provide all the required parameters in idrac_vars.yml"
+idrac_system_profile_success_msg: "idrac_system_profile validated"
+idrac_system_profile_fail_msg: "Failed. Incorrect setting input for idrac_system_profile in idrac_vars.yml"
+firmware_update_success_msg: "firmware_update_required validated"
+firmware_update_fail_msg: "Failed. firmware_update_required accepts only true or false in idrac_vars.yml"
+snmp_community_success_msg: "snmp_community_name validated"
+snmp_community_fail_msg: "Failed. snmp_community_name should not be empty in base_vars.yml"
+snmp_trap_dest_success_msg: "snmp_trap_destination validated"
+snmp_trap_dest_fail_msg: "Failed. Incorrect value for snmp_trap_destination in base_vars.yml"
+public_ip_success_msg: "public_ip validated"
+public_ip_fail_msg: "Failed. Incorrect value for public_nic in base_vars.yml"
+
+# Usage: check_prerequisites.yml
+custom_iso_check_fail_msg: "Custom ISO file is not present in the device. Please run appliance.yml first to create custom iso file unattended_centos7.iso"
+missing_exports_fail_msg: "Missing iDRAC IP entry in /etc/exports file. Wait for 10 minutes and retry again"
+lc_check_fail_msg: "LC is not ready. Retry again after LC is ready"
+provision_fail_msg: "Skipping remaining tasks for already provisioned servers. To provision server again remove iDRAC IP from the file control_plane/roles/provision_idrac/files/provisioned_idrac_ip.yml"
+
+# Usage: import_scp.yml
+scp_filename: idrac_scp.yml
+
+# Usage: create_vd.yml
+raid_level: "RAID 0"
+
+# Usage: deploy_os.yml
+expose_duration: 60
+file_permission: 0644

control_plane/tools/idrac_secure_boot.yml

@@ -0,0 +1,21 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Enable/Disable secure boot in idrac servers
+  hosts: all
+  connection: local
+  gather_facts: false
+  roles:
+    - idrac_secure_boot

control_plane/tools/idrac_system_lockdown.yml

@@ -0,0 +1,21 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Enable/Disable system lockdown in idrac servers
+  hosts: all
+  connection: local
+  gather_facts: false
+  roles:
+    - idrac_system_lockdown

control_plane/tools/roles/idrac_secure_boot/tasks/configure_secure_boot.yml

@@ -0,0 +1,41 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Assert uefi_secure_boot value
+  assert:
+    that:
+      - uefi_secure_boot | length > 1
+      - uefi_secure_boot == "enabled" or uefi_secure_boot == "disabled"
+    success_msg: "{{ secure_boot_success_msg }}"
+    fail_msg: "{{ secure_boot_fail_msg }}"
+  run_once: true
+
+- name: Enable secure boot
+  dellemc.openmanage.idrac_bios:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password:  "{{ idrac_password }}"
+    attributes:
+      SecureBoot: "Enabled"
+  when: uefi_secure_boot == "enabled"
+
+- name: Disable secure boot
+  dellemc.openmanage.idrac_bios:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password:  "{{ idrac_password }}"
+    attributes:
+      SecureBoot: "Disabled"
+  when: uefi_secure_boot == "disabled"

control_plane/tools/roles/idrac_secure_boot/tasks/main.yml

@@ -0,0 +1,20 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check prerequisites
+  include_tasks: ./../idrac_system_lockdown/tasks/check_prerequisites.yml
+
+- name: Configure secure boot
+  include_tasks: configure_secure_boot.yml

control_plane/tools/roles/idrac_secure_boot/vars/main.yml

@@ -0,0 +1,20 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+# vars file for idrac_secure_boot role
+
+# Usage: configure_secure_boot.yml
+secure_boot_success_msg: "uefi_secure_boot validated"
+secure_boot_fail_msg: "Failed. uefi_secure_boot accepts only enabled or disabled in idrac_vars.yml"

control_plane/tools/roles/idrac_system_lockdown/tasks/check_prerequisites.yml

@@ -0,0 +1,56 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Include provision_idrac vars
+  include_vars: "{{ playbook_dir }}/../roles/provision_idrac/vars/main.yml"
+  run_once: true
+
+- name: Include idrac_vars.yml
+  include_vars: "{{ playbook_dir }}/../{{ idrac_input_filename }}"
+  run_once: true
+
+- name: Check hostname
+  command: hostname
+  changed_when: false
+  register: hostname
+  run_once: true
+
+- name: Set idrac credentials
+  set_fact:
+    idrac_username: "{{ lookup('env','ANSIBLE_NET_USERNAME') }}"
+    idrac_password: "{{ lookup('env','ANSIBLE_NET_PASSWORD') }}"
+  no_log: true
+  when: '"awx-" in hostname.stdout'
+  run_once: true
+
+- name: Fetch idrac credentials
+  include_tasks: "{{ playbook_dir }}/../roles/provision_idrac/tasks/fetch_idrac_credentials.yml"
+  vars:
+    login_input_filename: "{{ playbook_dir }}/../input_params/login_vars.yml"
+    login_vault_filename: "{{ playbook_dir }}/../input_params/.login_vault_key"
+  when: '"awx-" not in hostname.stdout'
+
+- name: Show status of the Lifecycle Controller
+  dellemc.openmanage.idrac_lifecycle_controller_status_info:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+  register: lc_check_status
+
+- name: LC not available
+  fail:
+    msg: "{{ lc_check_fail_msg }}"
+  when: not lc_check_status.lc_status_info.LCReady
+  register: lc_fail

control_plane/tools/roles/idrac_system_lockdown/tasks/configure_system_lockdown.yml

@@ -0,0 +1,41 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Assert system_lockdown value
+  assert:
+    that:
+      - system_lockdown | length > 1
+      - system_lockdown == "enabled" or system_lockdown == "disabled"
+    success_msg: "{{ system_lockdown_success_msg }}"
+    fail_msg: "{{ system_lockdown_fail_msg }}"
+  run_once: true
+
+- name: Enable system lockdown
+  dellemc.openmanage.dellemc_system_lockdown_mode:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+    share_name: "{{ playbook_dir }}"
+    lockdown_mode: "Enabled"
+  when: system_lockdown == "enabled"
+
+- name: Disable system lockdown
+  dellemc.openmanage.dellemc_system_lockdown_mode:
+    idrac_ip: "{{ inventory_hostname }}"
+    idrac_user: "{{ idrac_username }}"
+    idrac_password: "{{ idrac_password }}"
+    share_name: "{{ playbook_dir }}"
+    lockdown_mode: "Disabled"
+  when: system_lockdown == "disabled"

control_plane/tools/roles/idrac_system_lockdown/tasks/main.yml

@@ -0,0 +1,20 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check prerequisites
+  include_tasks: check_prerequisites.yml
+
+- name: Configure system lockdown 
+  include_tasks: configure_system_lockdown.yml

control_plane/tools/roles/idrac_system_lockdown/vars/main.yml

@@ -0,0 +1,20 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+# vars file for idrac_system_lockdown role
+
+# Usage: configure_system_lockdown.yml
+system_lockdown_success_msg: "system_lockdown validated"
+system_lockdown_fail_msg: "Failed. system_lockdown accepts only enabled or disabled in idrac_vars.yml"