Merge pull request #357 from DeepikaKrishnaiah/devel

Issue#356: Modification and validation of input parameters for control_plane

control_plane/appliance_config.yml

@@ -1,64 +0,0 @@
-# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
----
-
-# Password used while deploying OS on bare metal servers and for Cobbler UI.
-# The Length of the password should be at least 8.
-# The password must not contain -,\, ',"
-provision_password: ""
-
-# Password used for the AWX UI.
-# The Length of the password should be at least 8.
-# The password must not contain -,\, ',"
-awx_password: ""
-
-# The nic/ethernet card that needs to be connected to the HPC switch.
-# This nic will be configured by Omnia for the DHCP server.
-# Default value of nic is em1.
-hpc_nic: "em1"
-
-# The nic/ethernet card that will be connected to the public internet.
-# Default value of nic is em2
-public_nic: "em2"
-
-# This is the  path where user has kept the iso image that needs to be provisioned in target nodes.
-# The iso file should be CentOS7-2009-minimal edition.
-# Other iso file not supported.
-iso_file_path: ""
-
-# The mapping file consists of the MAC address and its respective IP address and hostname.
-# The format of mapping file should be MAC,hostname,IP and must be a CSV file.
-# A template for mapping file exists in omnia/examples and is named as mapping_file.csv.
-# This depicts the path where user has kept the mapping file for DHCP configurations.
-mapping_file_path: ""
-
-# The dhcp range for assigning the IPv4 address to the baremetal nodes.
-# Example: 10.1.23.1
-dhcp_gateway: ""
-dhcp_dns1: ""
-dhcp_dns2: ""
-dhcp_start_ip_range: ""
-dhcp_end_ip_range: ""
-
-# This is the timezone that will be set during provisioning of OS
-# Available timezone are provided in list control_plane/control_plane_common/files/timezone.txt
-# Default timezone will be set to "GMT"
-# Some of the other available timezone are EST,CET,MST,CST6CDT,PST8PDT
-timezone: "GMT"
-
-# Path to directory hosting ansible config file (ansible.cfg file)
-# Default value is "/etc/ansible"
-# This directory is on the host running ansible, if ansible is installed using dnf
-# If ansible is installed using pip, this path should be set
-ansible_config_file_path: /etc/ansible

control_plane/input_params/base_vars.yml

@@ -12,3 +12,138 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
+##All variables except mapping_file_path are mandatory##
+
+###default###
+
+# Path to directory hosting ansible config file (ansible.cfg file)
+# Default value is /etc/ansible
+# This directory is on the host running ansible, if ansible is installed using dnf
+# If ansible is installed using pip, this path should be set
+ansible_conf_file_path: /etc/ansible
+
+# This variable is used to enable ethernet switch configuration
+# It accepts boolean values "true" or "false". 
+# By default its value is "false".
+# If ethernet switch support is needed set this to "true"
+ethernet_switch_support: false
+
+# This variable is used to enable infiniband switch configuration
+# It accepts boolean values "true" or "false". 
+# By default its value is "false".
+# If infiniband configuration is needed set this to "true"
+ib_switch_support: false
+
+# This variable is used to enable powervault configuration
+# It accepts boolean values "true" or "false". 
+# By default its value is "false".
+# If powervault configuration is needed set this to "true"
+powervault_support: false
+
+# The nic/ethernet card that will be connected to the public internet.
+# Default value of nic is eno2
+public_nic: "eno2"
+
+# Kubernetes pod network CIDR for appliance k8s network
+# Make sure this value does not overlap with any of the host networks.
+# Default value is "192.168.0.0/16"
+appliance_k8s_pod_net_cidr: "192.168.0.0/16"
+
+### Usage: provision_idrac, network_ib, network_ethernet, powervault_me4 ###
+
+# The trap destination IP address is the IP address of the SNMP Server where the trap will be sent
+# If this variable is left blank, it means SNMP will be disabled
+# Provide a valid SNMP server IP
+snmp_trap_destination: ""
+
+# Provide the snmp community name needed
+# By default this is set to "public"
+snmp_community_name: "public"
+
+### Usage: webui_awx ###
+
+# Organization name that is created in AWX.
+# The default value is “DellEMC”
+awx_organization: "DellEMC"
+
+### Usage: provision_cobbler, provision_idrac ###
+
+# This is the timezone that will be set during provisioning of OS
+# Available timezones are provided in control_plane/common/files/timezone.txt
+# Default timezone will be "GMT"
+# Some of the other available timezones are EST,CET,MST,CST6CDT,PST8PDT
+timezone: "GMT"
+
+# This is the language that will be set during provisioning of the OS
+# Default language supported is "en-US"
+language: "en-US"
+
+# This is the path where the user has to place the iso image that needs to be provisioned in target nodes.
+# The iso file should be CentOS7-2009-minimal edition.
+# Other iso files are not supported.
+# Mandatory value required
+iso_file_path: ""
+
+### Usage: control_plane_device ###
+
+# The nic/ethernet card that needs to be connected to provision 
+# the fabric, idrac and powervault.
+# This nic will be configured by Omnia for the DHCP server.
+# Default value of nic is eno1
+mngmnt_network_nic: "eno1"
+
+# The dhcp range for assigning the IPv4 address
+# Example: 172.17.0.1
+# Mandatory value required
+mngmnt_network_dhcp_start_range: ""
+mngmnt_network_dhcp_end_range: ""
+
+# The mapping file consists of the MAC address and its respective IP address and hostname.
+# The format of mapping file should be MAC,hostname,IP and must be a CSV file.
+# Eg: xx:yy:zz:aa:bb,server,172.17.0.5
+# A template for mapping file exists in omnia/examples and is named as mapping_file.csv.
+# This depicts the path where user has kept the mapping file for DHCP configurations.
+mngmnt_mapping_file_path: ""
+
+### Usage: provision_cobbler ###
+
+# The nic/ethernet card that needs to be connected to provision the OS of bare metal servers
+# This nic will be configured by Omnia for the DHCP server.
+# Default value of nic is eno3
+host_network_nic: "eno3"
+
+# The dhcp range for assigning the IPv4 address
+# Example: 172.17.0.1
+# Mandatory value required
+host_network_dhcp_start_range: ""
+host_network_dhcp_end_range: ""
+
+dhcp_gateway: ""
+dhcp_dns1: ""
+dhcp_dns2: ""
+
+# The mapping file consists of the MAC address and its respective IP address and hostname.
+# The format of mapping file should be MAC,hostname,IP and must be a CSV file.
+# Eg: xx:yy:zz:aa:bb,server,172.17.0.5
+# A template for mapping file exists in omnia/examples and is named as mapping_file.csv.
+# This depicts the path where user has kept the mapping file for DHCP configurations.
+host_mapping_file_path: ""
+
+### Usage: control_plane_ib ###
+
+# The nic/ethernet card that needs to be connected to configure infiniband switch
+# This nic will be configured by Omnia for the DHCP server.
+# Default value of nic is ib0
+ib_network_nic: "ib0"
+
+# The dhcp range for assigning the IPv4 address
+# Example: 172.17.0.1
+ib_network_dhcp_start_range: ""
+ib_network_dhcp_end_range: ""
+
+# The mapping file consists of the MAC address and its respective IP address and hostname.
+# The format of mapping file should be MAC,hostname,IP and must be a CSV file.
+# Eg: xx:yy:zz:aa:bb,server,172.17.0.5
+# A template for mapping file exists in omnia/examples and is named as mapping_file.csv.
+# This depicts the path where user has kept the mapping file for DHCP configurations.
+ib_mapping_file_path: ""

control_plane/input_params/idrac_vars.yml

@@ -12,3 +12,35 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
+
+### Usage: provision_idrac ###
+
+# This indicates the system profile name used for BIOS configuration of the server
+# The values supported are - "Performance", "PerformancePerWatt(DAPC)", "PerformancePerWatt(OS)", "WorkstationPerformance".
+# The default value is "Performance"
+idrac_system_profile: "Performance"
+
+# Boolean value indicating whether OMNIA should perform firmware update or not
+# It takes values "true" or "false" indicating required and not required cases respectively.
+# Default value is "true"
+firmware_update_required: true
+
+#****Security Requirements Configuration****#
+###Enable the security parameters listed below only if you want to configure the security settings in idrac###
+###This feature will be enabled in all the servers (hpc nodes) listed in the idrac inventory###
+###To apply these settings please execute appropriate files in control_plane/tools directory###
+
+### Usage: idrac_secure_boot ###
+
+# Specify whether the secure boot mode to be enabled
+# By default secure boot will be "disabled"
+# If required it can be "enabled"
+uefi_secure_boot: "disabled"
+
+### Usage: idrac_system_lockdown ###
+
+# Specify whether the system lockdown to be enabled
+# By default system lockdown will be "disabled"
+# If required it can be "enabled"
+# Make sure system_lockdown is enabled only after OS provisioning is completed
+system_lockdown: "disabled"

control_plane/input_params/login_vars.yml

@@ -12,3 +12,72 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
+
+### Usage: provision_cobbler, provison_idrac ###
+
+# Password used while deploying OS on bare metal servers.
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+# Mandatory value required
+provision_password: ""
+
+### Usage: provision_cobbler ###
+
+# Password used for cobbler
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+# Mandatory value required
+cobbler_password: ""
+
+### Usage: webui_awx ###
+
+# Password used for awx UI
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+#awx_password: ""
+
+### Usage: network_ethernet ###
+
+# The username for ethernet switch
+# The username must not contain -,\, ',"
+ethernet_switch_username: ""
+
+# Password used for ethernet switch
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+ethernet_switch_password: ""
+
+### Usage: network_ib ###
+
+# The username for infiniband switch
+# The username must not contain -,\, ',"
+ib_username: ""
+
+# Password used for infiniband switch
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+ib_password: ""
+
+### Usage: provision_idrac ###
+
+# The username for idrac
+# The username must not contain -,\, ',"
+# Mandatory value required
+idrac_username: ""
+
+# Password used for idrac
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+# Mandatory value required
+idrac_password: ""
+
+### Usage: powervault_me4 ###
+
+# The username for powervault_me4
+# The username must not contain -,\, ',"
+powervault_me4_username: ""
+
+# Password used for powervault_me4
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+powervault_me4_password: ""

control_plane/input_params/powervault_me4_vars.yml

@@ -12,3 +12,71 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
+
+### Usage: powervault_me4 ###
+
+# User type of powervault_me4
+# The vaules supported are "standard" and "SNMPv3"
+# The default value is "standard"
+powervault_me4_usertype: "standard"
+
+# The user roles for managing and monitoring powervault_me4
+# The values supported are "monitor" and "manage"
+# The default value is "manage"
+# Only "manage" role allows - Addition of disk groups and creation of volumes 
+powervault_me4_roles: "manage"
+
+# This variable indicates the language selection
+# Currently only "English" is supported
+locale: "English"
+
+# Specify the system name to identify the system
+# By default it is set to "Uninitialized Name"
+powervault_me4_system_name: "Unintialized Name"
+
+# Specify the snmp notification level
+# critical: Sends notifications for Critical events only.
+# error: Sends notifications for Error and Critical events.
+# warn: Sends notifications for Warning, Error, and Critical events.
+# resolved: Sends notifications for Resolved, Warning, Error, and Critical events.
+# info: Sends notifications for all events.
+# none: All events are excluded from trap notification and traps are disabled. 
+# However, Critical events and managed-logs events 400–402 are sent regardless of the notification setting.
+# Default value is "none"
+powervault_me4_snmp_notify_level: "none"
+
+# Specify the disk group name
+# If left blank, system automatically assigns the name
+powervault_me4_disk_group_name: ""
+
+# Specify the disk type
+# Values supported are "Virtual" and "Read Cache"
+powervault_me4_disk_type: "Virtual"
+
+# Specify the required RAID Level
+# The different RAID levels and the min and max number of disks supported for each RAID are
+# RAID1: 2
+# RAID5: 3-16
+# RAID6: 4-16
+# RAID10: 4-16
+# ADAPT: 12-128
+# Default value is "RAID1"
+# If Type "Read Cache" is selected, then RAID levels are not required
+powervault_me4_raid_levels: "RAID1"
+
+# Specify the range of disks
+# Select a range of disks within an enclosure by entering a comma-separated list that contains 
+# the enclosure number and disk range in the Enter Range of Disks text box. 
+# Use the format enclosure-number.disk-range,enclosure-number.disk-range. 
+# For example, to select disks 3-12 in enclosure 1 and 5-23 in enclosure 2, enter 1.3-12,2.5-23.
+# For ME4012 - 0.0-0.11,1.0-1.11 are the allowed values
+powervault_me4_disk_range: ""
+
+# Specify the volume name
+# Cannot be left blank
+# the default value is "pv_omnia"
+powervault_me4_volume_name: "pv_omnia"
+
+# Specify the volume size
+# Format: 100GB <SizeGB>
+powervault_me4_volume_size: "100GB"

control_plane/roles/control_plane_common/tasks/fetch_base_inputs.yml

@@ -0,0 +1,456 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Include base variable file base_vars.yml
+  include_vars: "{{ base_vars_filename }}"
+  no_log: true
+
+- name: Validate input parameters of base_vars are not empty
+  fail:
+    msg: "{{ input_base_failure_msg }}"
+  register: input_base_check
+  when:
+    - ansible_conf_file_path | length < 1 or
+      public_nic | length < 1 or
+      appliance_k8s_pod_net_cidr | length < 1 or
+      awx_organization | length < 1 or
+      timezone | length < 1 or
+      language | length < 1 or
+      iso_file_path | length < 1 or
+      mngmnt_network_nic | length < 1 or
+      mngmnt_network_dhcp_start_range | length < 1 or
+      mngmnt_network_dhcp_end_range | length < 1 or
+      host_network_nic | length < 1 or
+      host_network_dhcp_start_range | length < 1 or
+      host_network_dhcp_end_range | length < 1 or
+      dhcp_gateway | length < 1 or
+      dhcp_dns1 | length < 1 or
+      dhcp_dns2 | length < 1
+
+- name: Validate infiniband base_vars are not empty
+  fail:
+    msg: "{{ input_base_failure_msg }} for infiniBand as ib_switch_support is true"
+  register: ib_check
+  when:
+    - ib_network_nic | length < 1 or
+      ib_network_dhcp_start_range | length < 1 or
+      ib_network_dhcp_end_range | length < 1
+  when: ib_switch_support
+
+- name: Set facts to validate snmp support
+  set_fact:
+    snmp_enabled: false   
+    mngmnt_mapping_file: false
+    host_mapping_file: false
+    ib_mapping_file: false
+
+- name: Verify snmp_trap_destination IP address
+  set_fact:
+    snmp_enabled: true
+  when: snmp_trap_destination | length > 1
+
+- name: Assert snmp trap destination address
+  assert:
+    that:
+      - snmp_enabled
+      - snmp_trap_destination | length > 7
+      - snmp_trap_destination | ipv4
+    success_msg: "{{ success_snmp_trap_dest }}"
+    fail_msg: "{{ fail_snmp_trap_dest }}"
+  when: snmp_enabled
+
+- name: Assert snmp community string
+  assert:
+    that:
+      - snmp_enabled
+      - snmp_community_name
+    success_msg: "{{ success_snmp_comm_msg }}"
+    fail_msg: "{{ fail_snmp_comm_msg }}"
+  when: snmp_enabled
+
+- name: Check whether ansible config file exists
+  stat:
+    path: "{{ ansible_conf_file_path }}/ansible.cfg"
+  register: ansible_conf_exists
+
+- name: Create the directory if it does not exist
+  file:
+    path: "{{ ansible_conf_file_path }}"
+    state: directory
+    mode: "{{ file_perm }}"
+  when: not ansible_conf_exists.stat.exists
+  changed_when: false
+
+- name: Create ansible config file if it does not exist
+  copy:
+    dest: '{{ ansible_conf_file_path }}/ansible.cfg'
+    mode: "{{ file_perm }}"
+    content: |
+      [defaults]
+      log_path = /var/log/omnia.log
+  when: not ansible_conf_exists.stat.exists
+
+- name: Assert ethernet_switch_support
+  assert:
+    that:
+      - ethernet_switch_support == true or ethernet_switch_support == false
+    success_msg: "{{ ethernet_switch_support_success_msg }}"
+    fail_msg: "{{ ethernet_switch_support_fail_msg }}"
+
+- name: Assert ib_switch_support
+  assert:
+    that:
+      - ib_switch_support == true or ib_switch_support == false
+    success_msg: "{{ ib_switch_support_success_msg }}"
+    fail_msg: "{{ ib_switch_support_fail_msg }}"
+
+- name: Assert powervault_support
+  assert:
+    that:
+      - powervault_support == true or powervault_support == false
+    success_msg: "{{ powervault_support_success_msg }}"
+    fail_msg: "{{ powervault_support_fail_msg }}"
+
+- name: Fetch the network interfaces in UP state in the system
+  shell: set -o pipefail && ip a | awk '/state UP/{print $2}'
+  register: nic_addr_up
+  changed_when: false
+  
+- name: Assert public nic
+  assert:
+    that:
+      - public_nic in nic_addr_up.stdout
+    success_msg: "{{ success_msg_public_nic }}"
+    fail_msg: "{{ fail_msg_public_nic }}"
+
+- name: Fetch the system public IP
+  set_fact:
+    public_ip: "{{ lookup('vars','ansible_'+public_nic).ipv4.address }}"
+
+- name: Assert kubernetes pod network CIDR
+  assert:
+    that:
+      - appliance_k8s_pod_net_cidr | ipv4
+      - appliance_k8s_pod_net_cidr | length > 9
+      - '"/" in appliance_k8s_pod_net_cidr '
+    success_msg: "{{ success_msg_k8s_pod_network_cidr }}"
+    fail_msg: "{{ fail_msg_k8s_pod_network_cidr }}"
+
+- name: Assert Organization in awx
+  assert:
+    that:
+      - awx_organization | length >= min_username_length
+      - awx_organization | length < max_length
+      - '"-" not in awx_organization '
+      - '"\\" not in awx_organization '
+      - '"\"" not in awx_organization '
+      - " \"'\" not in awx_organization "
+    success_msg: "{{ success_awx_organization }}"
+    fail_msg: "{{ fail_awx_organization }}"
+
+- name: Check timezone file
+  command: grep -Fx "{{ timezone }}" {{ role_path }}/files/timezone.txt
+  ignore_errors: yes
+  register: timezone_out
+  changed_when: false
+
+- name: Assert timezone
+  assert:
+    that: timezone in timezone_out.stdout
+    success_msg: "{{ success_timezone_msg }}"
+    fail_msg: "{{ fail_timezone_msg }}"
+  register: timezone_check
+
+- name: Assert language for provisioning nodes
+  fail:
+    msg: "{{ fail_language }}"
+  when: '"en-US" not in language'
+
+- name: Verify the iso_file_path
+  stat:
+    path: "{{ iso_file_path }}"
+  register: result_path_iso_file
+
+- name : Assert iso_file_path
+  fail:
+    msg: "{{ invalid_iso_file_path }}"
+  when: ( not result_path_iso_file.stat.exists ) and ( ".iso" not in  iso_file_path )
+
+- name: Fail when iso path valid but image not right
+  fail:
+    msg: "{{ invalid_iso_file_path }}"
+  when: ( result_path_iso_file.stat.exists ) and ( ".iso" not in iso_file_path )
+
+####management_net_dhcp_start_end_range
+- name: Assert management network nic
+  assert:
+    that:
+      - mngmnt_network_nic in nic_addr_up.stdout
+    success_msg: "{{ success_msg_mngmnt_network_nic }}"
+    fail_msg: "{{ fail_msg_mngmnt_network_nic }}"
+
+- name: Fetch the management network ip, netmask and subnet
+  set_fact:
+    mngmnt_network_ip: "{{ lookup('vars','ansible_'+mngmnt_network_nic).ipv4.address }}"
+    mngmnt_network_netmask: "{{ lookup('vars','ansible_'+mngmnt_network_nic).ipv4.netmask }}"
+    mngmnt_network_subnet: "{{ lookup('vars','ansible_'+mngmnt_network_nic).ipv4.network }}"
+
+- name: Check the subnet of management network dhcp start range
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ mngmnt_network_dhcp_start_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ mngmnt_network_netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  args:
+    warn: no
+  register: dhcp_start_mgmnt_result
+  changed_when: false
+
+- name: Set the start dhcp subnet for management network
+  set_fact:
+    dhcp_start_mgmnt: "{{ dhcp_start_mgmnt_result.stdout }}"
+
+- name: Check the subnet of dhcp end range for management network
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ mngmnt_network_dhcp_end_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ mngmnt_network_netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  register: dhcp_end_mgmnt_result
+  changed_when: false
+
+- name: Set the end dhcp subnet for management network
+  set_fact:
+    dhcp_end_mgmnt: "{{ dhcp_end_mgmnt_result.stdout }}"
+
+- name: Assert management_net_dhcp_start_range
+  assert:
+    that:
+      - mngmnt_network_dhcp_start_range
+      - mngmnt_network_dhcp_start_range | ipv4
+      - mngmnt_network_dhcp_start_range != mngmnt_network_dhcp_end_range
+      - dhcp_start_mgmnt == mngmnt_network_subnet
+      - dhcp_start_mgmnt == dhcp_end_mgmnt
+    success_msg: "{{ success_dhcp_range }} for management network"
+    fail_msg: "{{ fail_dhcp_range }} for management network"
+
+- name: Assert management_net_dhcp_end_range
+  assert:
+    that:
+      - mngmnt_network_dhcp_end_range
+      - mngmnt_network_dhcp_end_range | ipv4
+      - mngmnt_network_dhcp_start_range != mngmnt_network_dhcp_end_range
+      - dhcp_end_mgmnt == mngmnt_network_subnet
+      - dhcp_start_mgmnt == dhcp_end_mgmnt
+    success_msg: "{{ success_dhcp_range }} for management network"
+    fail_msg: "{{ fail_dhcp_range }} for management network"
+
+- name: Set the mapping file value for management network
+  set_fact:
+    mngmnt_mapping_file: true
+  when: mngmnt_mapping_file_path | length > 0
+
+- name: Assert valid mngmnt_mapping_file_path
+  stat:
+    path: "{{ mngmnt_mapping_file_path }}"
+  when: mngmnt_mapping_file
+  register: result_mngmnt_mapping_file
+
+- name : Valid mngmnt_mapping_file_path
+  fail:
+    msg: "{{ invalid_mapping_file_path }} for management network"
+  when: mngmnt_mapping_file and not result_mngmnt_mapping_file.stat.exists
+#########
+
+###Host network####
+- name: Assert host network nic
+  assert:
+    that:
+      - host_network_nic in nic_addr_up.stdout
+    success_msg: "{{ success_msg_host_network_nic }}"
+    fail_msg: "{{ fail_msg_host_network_nic }}"
+
+- name: Fetch the host network ip, netmask and subnet
+  set_fact:
+    hpc_ip: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.address }}"
+    netmask: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.netmask }}"
+    subnet: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.network }}"
+
+- name: Check the subnet of host network dhcp start range
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ host_network_dhcp_start_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  args:
+    warn: no
+  register: dhcp_start_host_result
+  changed_when: false
+
+- name: Set the start dhcp subnet for host network
+  set_fact:
+    dhcp_start_host: "{{ dhcp_start_host_result.stdout }}"
+
+- name: Check the subnet of dhcp end range for host network
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ host_network_dhcp_end_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  register: dhcp_end_host_result
+  changed_when: false
+
+- name: Set the end dhcp subnet for host network
+  set_fact:
+    dhcp_end_host: "{{ dhcp_end_host_result.stdout }}"
+
+- name: Assert host_network_dhcp_start_range
+  assert:
+    that:
+      - host_network_dhcp_start_range
+      - host_network_dhcp_start_range | ipv4
+      - host_network_dhcp_start_range != host_network_dhcp_end_range
+      - dhcp_start_host == subnet
+      - dhcp_start_host == dhcp_end_host
+    success_msg: "{{ success_dhcp_range }} for host network"
+    fail_msg: "{{ fail_dhcp_range }} for host network"
+
+- name: Assert host_network_dhcp_end_range
+  assert:
+    that:
+      - host_network_dhcp_end_range
+      - host_network_dhcp_end_range | ipv4
+      - host_network_dhcp_start_range != host_network_dhcp_end_range
+      - dhcp_end_host == subnet
+      - dhcp_start_host == dhcp_end_host
+    success_msg: "{{ success_dhcp_range }} for host network"
+    fail_msg: "{{ fail_dhcp_range }} for host network"
+
+- name: Set the mapping file value for host network
+  set_fact:
+    host_mapping_file: true
+  when: host_mapping_file_path | length > 0
+  
+- name: Assert valid mapping_file_path
+  stat: 
+    path: "{{ host_mapping_file_path }}"
+  when: host_mapping_file
+  register: result_host_mapping_file
+  
+- name: Valid mapping_file_path
+  fail:
+    msg: "{{ invalid_mapping_file_path }} for host_network"
+  when: host_mapping_file and not result_host_mapping_file.stat.exists
+
+- name: Verify different nics
+  assert:
+    that:
+      - public_nic != mngmnt_network_nic
+      - mngmnt_network_nic != host_network_nic
+      - public_nic != host_network_nic
+    success_msg: "{{ success_msg_different_nics }}"
+    fail_msg: "{{ fail_msg_different_nics }}"
+
+########
+- name: Assert infiniband network nic
+  assert:
+    that:
+      - ib_network_nic in nic_addr_up.stdout
+    success_msg: "{{ success_msg_ib_network_nic }}"
+    fail_msg: "{{ fail_msg_ib_network_nic }}"
+  when: ib_switch_support
+
+- name: Fetch the infiniband network ip, netmask and subnet
+  set_fact:
+    ib_ip: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.address }}"
+    ib_netmask: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.netmask }}"
+    ib_subnet: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.network }}"
+  when: ib_switch_support
+
+- name: Check the subnet of infiniband network dhcp start range
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ ib_network_dhcp_start_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ ib_netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  args:
+    warn: no
+  register: dhcp_start_ib_result
+  when: ib_switch_support
+  changed_when: false
+
+- name: Set the start dhcp subnet for infiniband network
+  set_fact:
+    dhcp_start_ib: "{{ dhcp_start_ib_result.stdout }}"
+  when: ib_switch_support
+
+- name: Check the subnet of dhcp end range for infiniband network
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ ib_network_dhcp_end_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ ib_netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  register: dhcp_end_ib_result
+  when: ib_switch_support
+  changed_when: false
+
+- name: Set the end dhcp subnet for infiniband network
+  set_fact:
+    dhcp_end_ib: "{{ dhcp_end_ib_result.stdout }}"
+  when: ib_switch_support
+
+- name: Assert infiniband_net_dhcp_start_range
+  assert:
+    that:
+      - ib_network_dhcp_start_range
+      - ib_network_dhcp_start_range | ipv4
+      - ib_network_dhcp_start_range != ib_network_dhcp_end_range
+      - dhcp_start_ib == ib_subnet
+      - dhcp_start_ib == dhcp_end_ib
+    success_msg: "{{ success_dhcp_range }} for infiniband network"
+    fail_msg: "{{ fail_dhcp_range }} for infiniband network"
+  when: ib_switch_support
+
+- name: Assert infiniband_net_dhcp_end_range
+  assert:
+    that:
+      - ib_network_dhcp_end_range
+      - ib_network_dhcp_end_range | ipv4
+      - ib_network_dhcp_start_range != ib_network_dhcp_end_range
+      - dhcp_end_ib == ib_subnet
+      - dhcp_start_ib == dhcp_end_ib
+    success_msg: "{{ success_dhcp_range }} for infiniband network"
+    fail_msg: "{{ fail_dhcp_range }} for infiniband network"
+  when: ib_switch_support
+
+- name: Set the mapping file value for infiniband
+  set_fact:
+    ib_mapping_file: true
+  when: (ib_switch_support) and (ib_mapping_file_path | length > 0)
+
+- name: Assert valid infiniband_mapping_file_path
+  stat:
+    path: "{{ ib_mapping_file_path }}"
+  when: ib_switch_support and ib_mapping_file
+  register: result_ib_mapping_file
+
+- name : Valid infiniband_mapping_file_path
+  fail:
+    msg: "{{ invalid_mapping_file_path }} for infiniBand network configuration"
+  when: ib_mapping_file and (not result_ib_mapping_file.stat.exists)
+
+- name: Verify different nics with infiniband nic
+  assert:
+    that:
+      - public_nic != ib_network_nic
+      - mngmnt_network_nic != ib_network_nic
+      - ib_network_nic != host_network_nic
+    success_msg: "{{ success_msg_different_nics_ib }}"
+    fail_msg: "{{ fail_msg_different_nics_ib }}"
+  when: ib_switch_support

control_plane/roles/control_plane_common/tasks/main.yml

@@ -26,8 +26,14 @@
   import_tasks: package_installation.yml
 
 - name: Basic Configuration
+  import_tasks: fetch_base_inputs.yml
+
+- name: Credentials Configuration
   import_tasks: password_config.yml
 
+- name: Omnia inputs validation
+  import_tasks: verify_omnia_params.yml
+
 - name: Docker installation and configuration
   import_tasks: docker_installation.yml
 

control_plane/roles/control_plane_common/tasks/password_config.yml

@@ -13,20 +13,20 @@
 # limitations under the License.
 ---
 
-- name: Check input config file is encrypted
-  command: cat {{ input_config_filename }}
+- name: Check login_vars file is encrypted
+  command: cat {{ login_vars_filename }}
   changed_when: false
   register: config_content
 
-- name: Decrpyt appliance_config.yml
+- name: Decrpyt login_vars.yml
   command: >-
-    ansible-vault decrypt {{ input_config_filename }}
+    ansible-vault decrypt {{ login_vars_filename }}
     --vault-password-file {{ vault_filename }}
   changed_when: false
   when: "'$ANSIBLE_VAULT;' in config_content.stdout"
 
-- name: Include variable file appliance_config.yml
-  include_vars: "{{ input_config_filename }}"
+- name: Include variable file login_vars.yml
+  include_vars: "{{ login_vars_filename }}"
   no_log: true
 
 - name: Validate input parameters are not empty
@@ -35,95 +35,25 @@
   register: input_config_check
   when:
     - provision_password | length < 1 or
-      awx_password | length < 1 or
-      hpc_nic | length < 1 or
-      public_nic | length < 1 or
-      iso_file_path | length < 1 or
-      dhcp_start_ip_range | length < 1 or
-      dhcp_end_ip_range | length < 1 or
-      dhcp_gateway | length < 1 or
-      dhcp_dns1 | length < 1 or
-      dhcp_dns2 | length < 1 or
-      timezone | length < 1 or
-      ansible_config_file_path | length < 1
+      cobbler_password | length < 1 or      
+      idrac_username | length < 1 or
+      idrac_password | length < 1      
 
-- name: Save input variables from file
-  set_fact:
-    cobbler_password: "{{ provision_password }}"
-    admin_password: "{{ awx_password }}"
-    nic:  "{{ hpc_nic }}"
-    internet_nic: "{{ public_nic }}"
-    path_for_iso_file: "{{ iso_file_path }}"
-    dhcp_gateway: "{{ dhcp_gateway | ipv4 }}"
-    dhcp_dns1: "{{ dhcp_dns1 | ipv4 }}"
-    dhcp_dns2: "{{ dhcp_dns2 | ipv4 }}"
-    dhcp_start_ip: "{{ dhcp_start_ip_range | ipv4 }}"
-    dhcp_end_ip: "{{ dhcp_end_ip_range | ipv4 }}"
-    mapping_file: false
-    path_for_mapping_file: "{{ mapping_file_path }}"
-    ks_timezone: "{{ timezone }}"
-    ansible_conf_file_path: "{{ ansible_config_file_path ​}}"
+- name: Assert provision_password
+  assert:
+    that:
+      - provision_password | length > min_length | int - 1
+      - provision_password | length < max_length | int + 1
+      - '"-" not in provision_password '
+      - '"\\" not in provision_password '
+      - '"\"" not in provision_password '
+      - " \"'\" not in provision_password "
+    success_msg: "{{ success_msg_provision_password }}"
+    fail_msg: "{{ fail_msg_provision_password }}"
   no_log: true
+  register: provision_password_check
 
-- name: Check whether ansible config file exists
-  stat:
-    path: "{{ ansible_conf_file_path }}/ansible.cfg"
-  register: ansible_conf_exists
-
-- name: Create the directory if it does not exist
-  file:
-    path: "{{ ansible_conf_file_path }}"
-    state: directory
-    mode: "{{ file_perm }}"
-  when: not ansible_conf_exists.stat.exists
-  changed_when: false
-
-- name: Create ansible config file if it does not exist
-  copy:
-    dest: '{{ ansible_conf_file_path }}/ansible.cfg'
-    mode: "{{ file_perm }}"
-    content: |
-      [defaults]
-      log_path = /var/log/omnia.log
-  when: not ansible_conf_exists.stat.exists
-
-- name: Get the system hpc ip
-  shell:  "ifconfig {{ hpc_nic }} | grep 'inet' |cut -d: -f2 |  awk '{ print $2}'"
-  register: ip
-  changed_when: false
-
-- name: Get the system public ip
-  shell:  "ifconfig {{ internet_nic }} | grep 'inet' |cut -d: -f2 |  awk '{ print $2}'"
-  register: internet_ip
-  changed_when: false
-
-- name: Get the system netmask
-  shell:  "ifconfig {{ hpc_nic }} | grep 'inet' |cut -d: -f2 |  awk '{ print $4}'"
-  register: net
-  changed_when: false
-
-- name: HPC nic IP
-  set_fact:
-    hpc_ip: "{{ ip.stdout }}"
-    public_ip: "{{ internet_ip.stdout }}"
-
-- name:  Netmask
-  set_fact:
-    netmask: "{{ net.stdout }}"
-
-- name: shell try
-  shell: |
-    IFS=. read -r i1 i2 i3 i4 <<< "{{ hpc_ip }}"
-    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
-    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
-  register: sub_result
-  changed_when: false
-
-- name: Subnet
-  set_fact:
-    subnet: "{{ sub_result.stdout }}"
-
-- name: Assert provision_password
+- name: Assert cobbler_password
   assert:
     that:
       - cobbler_password | length > min_length | int - 1
@@ -132,160 +62,145 @@
       - '"\\" not in cobbler_password '
       - '"\"" not in cobbler_password '
       - " \"'\" not in cobbler_password "
-    success_msg: "{{ success_msg_provision_password }}"
-    fail_msg: "{{ fail_msg_provision_password }}"
+    success_msg: "{{ success_msg_cobbler_password }}"
+    fail_msg: "{{ fail_msg_cobbler_password }}"
   no_log: true
   register: cobbler_password_check
 
-- name: Assert awx_password
+- name: Assert idrac_username
   assert:
     that:
-        - admin_password | length > min_length | int - 1
-        - admin_password | length < max_length | int + 1
-        - '"-" not in admin_password '
-        - '"\\" not in admin_password '
-        - '"\"" not in admin_password '
-        - " \"'\" not in admin_password "
-    success_msg: "{{ success_msg_awx_password }}"
-    fail_msg: "{{ fail_msg_awx_password }}"
+      - idrac_username | length >= min_username_length
+      - idrac_username | length < max_length
+      - '"-" not in idrac_username '
+      - '"\\" not in idrac_username '
+      - '"\"" not in idrac_username '
+      - " \"'\" not in idrac_username "
+    success_msg: "{{ success_idrac_username }}"
+    fail_msg: "{{ fail_idrac_username }}"
   no_log: true
-  register: awx_password_check
 
-- name: Assert hpc_ip
+- name: Assert idrac_password
   assert:
     that:
-      - hpc_ip | length > 7
-    success_msg: "{{ success_hpc_ip }}"
-    fail_msg: "{{ fail_hpc_ip }}"
-  register: hpc_ip_check
+      - idrac_password | length > min_username_length | int - 1
+      - idrac_password | length < max_length | int + 1
+      - '"-" not in idrac_password '
+      - '"\\" not in idrac_password '
+      - '"\"" not in idrac_password '
+      - " \"'\" not in idrac_password "
+    success_msg: "{{ success_msg_idrac_password }}"
+    fail_msg: "{{ fail_msg_idrac_password }}"
+  no_log: true
+  register: idrac_password_check
 
-- name: Assert public_ip
+- name: Verify ethernet_switch_username and ethernet_switch_password are not empty
   assert:
     that:
-      - public_ip | length > 7
-    success_msg: "{{ success_hpc_ip }}"
-    fail_msg: "{{ fail_hpc_ip }}"
-  register: public_ip_check
+      - ethernet_switch_username | length > 0
+      - ethernet_switch_password | length > 0
+    success_msg: "{{ ethernet_params_success_msg }}"
+    fail_msg: "{{ ethernet_params_empty_fail_msg }}"
+  when: ethernet_switch_support
 
-- name: Assert hpc_nic
+- name: Assert ethernet_switch_username
   assert:
     that:
-      - nic | length > nic_min_length | int - 1
-      - nic != internet_nic
-    success_msg: "{{ success_msg_hpc_nic }}"
-    fail_msg: "{{ fail_msg_hpc_nic }}"
-  register: hpc_nic_check
-
-- name: Assert public_nic
+      - ethernet_switch_username | length >= min_username_length
+      - ethernet_switch_username | length < max_length
+      - '"-" not in ethernet_switch_username '
+      - '"\\" not in ethernet_switch_username '
+      - '"\"" not in ethernet_switch_username '
+      - " \"'\" not in ethernet_switch_username "
+    success_msg: "{{ success_ethernet_switch_username }}"
+    fail_msg: "{{ fail_ethernet_switch_username }}"
+  when: ethernet_switch_support
+
+- name: Assert ethernet_switch_password
   assert:
     that:
-      - internet_nic | length > nic_min_length | int - 1
-      - nic != internet_nic
-    success_msg: "{{ success_msg_public_nic }}"
-    fail_msg: "{{ fail_msg_public_nic }}"
-  register: public_nic_check
+      - ethernet_switch_password | length > min_username_length | int - 1
+      - ethernet_switch_password | length < max_length | int + 1
+      - '"-" not in ethernet_switch_password '
+      - '"\\" not in ethernet_switch_password '
+      - '"\"" not in ethernet_switch_password '
+      - " \"'\" not in ethernet_switch_password "
+    success_msg: "{{ success_msg_ethernet_switch_password }}"
+    fail_msg: "{{ fail_msg_ethernet_switch_password }}"
+  when: ethernet_switch_support
+  no_log: true
 
-- name: Assert mapping_file_exists
+- name: Verify ib_username and ib_password are not empty
   assert:
     that:
-      - "( mapping_file == true ) or ( mapping_file == false )"
-    success_msg: "{{ success_mapping_file }}"
-    fail_msg: "{{ fail_mapping_file }}"
-
-- name: Set the mapping file value
-  set_fact:
-    mapping_file: true
-  when: path_for_mapping_file != ""
-  
-- name: Assert valid mapping_file_path
-  stat: 
-    path: "{{ path_for_mapping_file }}"
-  when: mapping_file == true
-  register: result_path_mapping_file
-  
-- name : Valid mapping_file_path
-  fail:
-    msg: "{{ invalid_mapping_file_path }}"
-  when: ( mapping_file == true ) and ( result_path_mapping_file.stat.exists == false )
-
-- name: Assert valid iso_file_path
-  stat:
-    path: "{{ path_for_iso_file }}"
-  register: result_path_iso_file
-
-- name : Incorrect iso_file_path
-  fail:
-    msg: "{{ invalid_iso_file_path }}"
-  when: ( result_path_iso_file.stat.exists == false ) and ( ".iso" not in  path_for_iso_file )
-
-- name: Fail when iso path valid but image not right
-  fail:
-    msg: "{{ invalid_iso_file_path }}"
-  when: ( result_path_iso_file.stat.exists == true ) and ( ".iso" not in path_for_iso_file )
-
-- name: Check the subnet of dhcp start range
-  shell: |
-    IFS=. read -r i1 i2 i3 i4 <<< "{{ dhcp_start_ip }}"
-    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
-    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
-  args:
-    warn: no
-  register: dhcp_start_sub_result
-  changed_when: false
-  when: dhcp_start_ip != "false"
-
-- name: Set the start dhcp subnet
-  set_fact:
-    dhcp_start_sub: "{{ dhcp_start_sub_result.stdout }}"
-  when: dhcp_start_ip != "false"
-
-- name: Check the subnet of dhcp end range
-  shell: |
-    IFS=. read -r i1 i2 i3 i4 <<< "{{ dhcp_end_ip }}"
-    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
-    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
-  register: dhcp_end_sub_result
-  when: dhcp_end_ip != "false"
-  changed_when: false
+      - ib_username | length > 0
+      - ib_password | length > 0
+    success_msg: "{{ ib_params_success_msg }}"
+    fail_msg: "{{ ib_params_empty_fail_msg }}"
+  when: ib_switch_support
 
-- name: Set the end dhcp subnet
-  set_fact:
-    dhcp_end_sub: "{{ dhcp_end_sub_result.stdout }}"
-  when: dhcp_end_ip != "false"
-
-- name: Assert dhcp_start_ip_range
+- name: Assert ib_username
   assert:
     that:
-      - dhcp_start_ip != "false"
-      - dhcp_start_ip != dhcp_end_ip
-      - dhcp_start_sub == subnet
-      - dhcp_start_sub == dhcp_end_sub
-    success_msg: "{{ success_dhcp_range }}"
-    fail_msg: "{{ fail_dhcp_range }}"
-  register: dhcp_start_ip_check
-
-- name: Assert dhcp_end_ip_range
+      - ib_username | length >= min_username_length
+      - ib_username | length < max_length
+      - '"-" not in ib_username '
+      - '"\\" not in ib_username '
+      - '"\"" not in ib_username '
+      - " \"'\" not in ib_username "
+    success_msg: "{{ success_ib_username }}"
+    fail_msg: "{{ fail_ib_username }}"
+  when: ib_switch_support
+
+- name: Assert ib_password
   assert:
     that:
-      - dhcp_end_ip != "false"
-      - dhcp_start_ip != dhcp_end_ip
-      - dhcp_end_sub == subnet
-      - dhcp_start_sub == dhcp_end_sub
-    success_msg: "{{ success_dhcp_range }}"
-    fail_msg: "{{ fail_dhcp_range }}"
-  register: dhcp_end_ip_check
+      - ib_password | length > min_username_length | int - 1
+      - ib_password | length < max_length | int + 1
+      - '"-" not in ib_password '
+      - '"\\" not in ib_password '
+      - '"\"" not in ib_password '
+      - " \"'\" not in ib_password "
+    success_msg: "{{ success_msg_ib_password }}"
+    fail_msg: "{{ fail_msg_ib_password }}"
+  when: ib_switch_support
+  no_log: true
 
-- name: Check timezone file
-  command: grep -Fx "{{ ks_timezone }}" {{ role_path }}/files/timezone.txt
-  ignore_errors: yes
-  register: timezone_out
+- name: Verify powervault_me4_username and powervault_me4_password are not empty
+  assert:
+    that:
+      - powervault_me4_username | length > 0
+      - powervault_me4_password | length > 0
+    success_msg: "{{ pv_params_success_msg }}"
+    fail_msg: "{{ pv_params_empty_fail_msg }}"
+  when: powervault_support
 
-- name: Assert timezone
+- name: Assert powervault_me4_username
   assert:
-    that: ks_timezone in timezone_out.stdout
-    success_msg: "{{ success_timezone }}"
-    fail_msg: "{{ fail_timezone }}"
-  register: timezone_check
+    that:
+      - powervault_me4_username | length >= min_username_length
+      - powervault_me4_username | length < max_length
+      - '"-" not in powervault_me4_username '
+      - '"\\" not in powervault_me4_username '
+      - '"\"" not in powervault_me4_username '
+      - " \"'\" not in powervault_me4_username "
+    success_msg: "{{ success_powervault_me4_username }}"
+    fail_msg: "{{ fail_powervault_me4_username }}"
+  when: powervault_support
+
+- name: Assert powervault_me4_password
+  assert:
+    that:
+      - powervault_me4_password | length > min_username_length | int - 1
+      - powervault_me4_password | length < max_length | int + 1
+      - '"-" not in powervault_me4_password '
+      - '"\\" not in powervault_me4_password '
+      - '"\"" not in powervault_me4_password '
+      - " \"'\" not in powervault_me4_password "
+    success_msg: "{{ success_msg_powervault_me4_password }}"
+    fail_msg: "{{ fail_msg_powervault_me4_password }}"
+  when: powervault_support
+  no_log: true
 
 - name: Create ansible vault key
   set_fact:
@@ -299,83 +214,11 @@
       {{ vault_key }}
     owner: root
     force: yes
+    mode: "{{ vault_file_perm }}"
   when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
 
 - name: Encrypt input config file
   command: >-
-    ansible-vault encrypt {{ input_config_filename }}
+    ansible-vault encrypt {{ login_vars_filename }}
     --vault-password-file {{ vault_filename }}
-  changed_when: false
-
-- name: Check if omnia_vault_key exists
-  stat:
-    path: "{{ role_path }}/../../../{{ config_vaultname }}"
-  register: vault_key_result
-
-- name: Create ansible vault key if it does not exist
-  set_fact:
-    vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
-  when: not vault_key_result.stat.exists
-
-- name: Save vault key
-  copy:
-    dest: "{{ role_path }}/../../../{{ config_vaultname }}"
-    content: |
-      {{ vault_key }}
-    owner: root
-    force: yes
-  when: not vault_key_result.stat.exists
-
-- name: Check if omnia config file is encrypted
-  command: cat {{ role_path }}/../../../{{ config_filename }}
-  changed_when: false
-  register: config_content
-  no_log: True
-
-- name: Decrpyt omnia_config.yml
-  command: >-
-    ansible-vault decrypt {{ role_path }}/../../../{{ config_filename }}
-    --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
-  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
-
-- name: Include variable file omnia_config.yml
-  include_vars: "{{ role_path }}/../../../{{ config_filename }}"
-  no_log: True
-
-- name: Validate input parameters are not empty
-  fail:
-    msg: "{{ input_config_failure_msg }}"
-  register: input_config_check
-  when:
-    - mariadb_password | length < 1 or
-      k8s_cni | length < 1
-
-- name: Assert mariadb_password
-  assert:
-    that:
-        - mariadb_password | length > min_length | int - 1
-        - mariadb_password | length < max_length | int + 1
-        - '"-" not in mariadb_password '
-        - '"\\" not in mariadb_password '
-        - '"\"" not in mariadb_password '
-        - " \"'\" not in mariadb_password "
-    success_msg: "{{ success_msg_mariadb_password }}"
-    fail_msg: "{{ fail_msg_mariadb_password }}"
-
-- name: Assert kubernetes cni
-  assert:
-    that: "('calico' in k8s_cni) or ('flannel' in k8s_cni)"
-    success_msg: "{{ success_msg_k8s_cni }}"
-    fail_msg: "{{ fail_msg_k8s_cni }}"
-
-- name: Save input variables from file
-  set_fact:
-    db_password: "{{ mariadb_password }}"
-    k8s_cni: "{{ k8s_cni }}"
-  no_log: True
-
-- name: Encrypt input config file
-  command: >-
-    ansible-vault encrypt {{ role_path }}/../../../{{ config_filename }}
-    --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
   changed_when: false

control_plane/roles/control_plane_common/tasks/verify_omnia_params.yml

@@ -0,0 +1,88 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Check if omnia_vault_key exists
+  stat:
+    path: "{{ role_path }}/../../../{{ config_vaultname }}"
+  register: vault_key_result
+
+- name: Create ansible vault key if it does not exist
+  set_fact:
+    vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
+  when: not vault_key_result.stat.exists
+
+- name: Save vault key
+  copy:
+    dest: "{{ role_path }}/../../../{{ config_vaultname }}"
+    content: |
+      {{ vault_key }}
+    owner: root
+    force: yes
+    mode: "{{ vault_file_perm }}"
+  when: not vault_key_result.stat.exists
+
+- name: Check if omnia config file is encrypted
+  command: cat {{ role_path }}/../../../{{ config_filename }}
+  changed_when: false
+  register: config_content
+  no_log: True
+
+- name: Decrpyt omnia_config.yml
+  command: >-
+    ansible-vault decrypt {{ role_path }}/../../../{{ config_filename }}
+    --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+
+- name: Include variable file omnia_config.yml
+  include_vars: "{{ role_path }}/../../../{{ config_filename }}"
+  no_log: True
+
+- name: Validate input parameters are not empty
+  fail:
+    msg: "{{ input_omnia_failure_msg }}"
+  register: input_config_check
+  when:
+    - mariadb_password | length < 1 or
+      k8s_cni | length < 1
+
+- name: Assert mariadb_password
+  assert:
+    that:
+        - mariadb_password | length > min_length | int - 1
+        - mariadb_password | length < max_length | int + 1
+        - '"-" not in mariadb_password '
+        - '"\\" not in mariadb_password '
+        - '"\"" not in mariadb_password '
+        - " \"'\" not in mariadb_password "
+    success_msg: "{{ success_msg_mariadb_password }}"
+    fail_msg: "{{ fail_msg_mariadb_password }}"
+
+- name: Assert kubernetes cni
+  assert:
+    that: "('calico' in k8s_cni) or ('flannel' in k8s_cni)"
+    success_msg: "{{ success_msg_k8s_cni }}"
+    fail_msg: "{{ fail_msg_k8s_cni }}"
+
+- name: Save input variables from file
+  set_fact:
+    db_password: "{{ mariadb_password }}"
+    k8s_cni: "{{ k8s_cni }}"
+  no_log: True
+
+- name: Encrypt input config file
+  command: >-
+    ansible-vault encrypt {{ role_path }}/../../../{{ config_filename }}
+    --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
+  changed when: false

control_plane/roles/control_plane_common/vars/main.yml

@@ -65,35 +65,84 @@ daemon_dest: /etc/docker/
 docker_volume_name: omnia-storage
 
 # Usage: password_config.yml
-input_config_filename: "appliance_config.yml"
-fail_msg_provision_password: "Failed. Incorrect provision_password format provided in appliance_config.yml file"
-success_msg_provision_password: "provision_password validated"
-fail_msg_awx_password: "Failed. Incorrect awx_password format provided in appliance_config.yml file"
-success_msg_awx_password: "awx_password validated"
-fail_msg_hpc_nic: "Failed. Incorrect hpc_nic format provided in appliance_config.yml file"
-success_msg_hpc_nic: "hpc_nic validated"
-fail_msg_public_nic: "Failed. Incorrect public_nic format provided in appliance_config.yml file"
-success_msg_public_nic: "public_nic validated"
-success_mapping_file: "mapping_file_exists validated"
-fail_mapping_file: "Failed. Incorrect mapping_file_exists value in appliance_config.yml. It should be either true or false"
-input_config_failure_msg: "Please provide all the required parameters in appliance_config.yml"
-success_dhcp_range: "Dhcp_range validated"
-fail_dhcp_range: "Failed. Incorrect range assigned for dhcp"
-success_hpc_ip: "IP validated"
-fail_hpc_ip: "Failed. Nic should be configured"
-fail_mapping_file_path: "Failed. Mapping_file_path input is empty in appliance_config.yml. Either set mapping_file_exists to false or provide a path for a valid mapping file."
-invalid_mapping_file_path: "Incorrect mapping_file_path provided in appliance_config.yml"
-invalid_iso_file_path: "Incorrect iso_file_path provided in appliance_config.yml."
+login_vars_filename: "input_params/login_vars.yml"
+vault_filename: input_params/.login_vault_key
 min_length: 8
 max_length: 30
+min_username_length: 4
+file_perm: '0755'
+vault_file_perm: '0600'
 nic_min_length: 3
-vault_filename: .vault_key
+input_config_failure_msg: "Please provide all the required parameters in login_vars.yml"
+fail_msg_provision_password: "Failed. Incorrect provision_password format provided in login_vars.yml"
+success_msg_provision_password: "provision_password validated"
+fail_msg_cobbler_password: "Failed. Incorrect cobbler_password format provided in login_vars.yml file"
+success_msg_cobbler_password: "cobbler_password validated"
+success_idrac_username: "idrac username validated"
+fail_idrac_username: "Failed. Incorrect idrac_username format provided in base_vars.yml"
+success_msg_idrac_password: "idrac password validated"
+fail_msg_idrac_password: "Failed. Incorrect idrac_password format provided in base_vars.yml"
+ethernet_params_success_msg: "Ethernet switch username and password are not blank"
+ethernet_params_empty_fail_msg: "Failed. ethernet switch username or password cannot be empty when ethernet_switch_support is true"
+success_ethernet_switch_username: "Ethernet switch username validated"
+fail_ethernet_switch_username: "Failed. Incorrect ethernet_switch_username format provided in base_vars.yml"
+success_msg_ethernet_switch_password: "Ethernet password validated"
+fail_msg_ethernet_switch_password: "Failed. Incorrect ethernet_switch_password format provided in base_vars.yml"
+ib_params_success_msg: "InfiniBand switch username and password are not blank"
+ib_params_empty_fail_msg: "Failed. InfiniBand username or password cannot be empty when ib_switch_support is true"
+success_ib_username: "ib username validated"
+fail_ib_username: "Failed. Incorrect ib_username format provided in base_vars.yml"
+success_msg_ib_password: "ib password validated"
+fail_msg_ib_password: "Failed. Incorrect ib_password format provided in base_vars.yml"
+pv_params_success_msg: "Powervault switch username and password are not blank"
+pv_params_empty_fail_msg: "Failed. Powervault username or password cannot be empty when powervault_support is true"
+success_powervault_username: "powervault username validated"
+fail_powervault_username: "Failed. Incorrect powervault_username format provided in base_vars.yml"
+success_msg_powervault_password: "powervault password validated"
+fail_msg_powervault_password: "Failed. Incorrect powervault_password format provided in base_vars.yml"
+
+# Usage: verify_omnia_params.yml
 config_filename: "omnia_config.yml"
 config_vaultname: .omnia_vault_key
+input_omnia_failure_msg: "Please provide all the required parameters in omnia_config.yml"
 fail_msg_mariadb_password: "Failed. Incorrect mariadb_password format provided in omnia_config.yml file"
 success_msg_mariadb_password: "mariadb_password validated"
 success_msg_k8s_cni: "Kubernetes CNI Validated"
 fail_msg_k8s_cni: "Failed. Kubernetes CNI is incorrect in omnia_config.yml"
-success_timezone: "timezone validated"
-fail_timezone: "Failed. Incorrect timezone provided. Please check the file timezone.txt in control_plane/roles/control_plane_common/files/ folder"
-file_perm: '0755'
+
+# Usage: fetch_base_inputs.yml
+base_vars_filename: "input_params/base_vars.yml"
+input_base_failure_msg: "Please provide all the required parameters in base_vars.yml"
+success_snmp_trap_dest: "SNMP trap destination IP validated"
+fail_snmp_trap_dest: "Failed. Incorrect SNMP trap destination IP format provided in base_address.yml"
+success_snmp_comm_msg: "SNMP community string validated"
+fail_snmp_comm_msg: "snmp community string cannoy be blank in base_vars.yml"
+success_msg_public_nic: "Public nic successfully validated"
+fail_msg_public_nic: "Failed. Incorrect public nic provided in base_vars.yml"
+success_msg_k8s_pod_network_cidr: "Appliance k8s pod network cidr validated"
+fail_msg_k8s_pod_network_cidr: "Failed. Incorrect appliance k8s pod network cidr provided in base_vars.yml"
+success_awx_organization: "awx organization validated"
+fail_awx_organization: "Failed. Incorrect format in awx organization"
+success_timezone_msg: "timezone validated"
+fail_timezone_msg: "Failed. Incorrect timezone provided. Please check the file timezone.txt in control_plane/roles/control_plane_common/files/ folder"
+fail_language: "Failed. Only en-US(english) language supported"
+invalid_iso_file_path: "Incorrect iso_file_path provided in base_vars.yml."
+ethernet_switch_support_success_msg: "ethernet_switch_support validated"
+ethernet_switch_support_fail_msg: "Failed. ethernet_switch_support only accepts boolean values true or false"
+ib_switch_support_success_msg: "ib_switch_support validated"
+ib_switch_support_fail_msg: "Failed. ib_switch_support only accepts boolean values true or false"
+powervault_support_success_msg: "powervault_support validated"
+powervault_support_fail_msg: "Failed. power_vault_support only accepts boolean values true or false"
+success_msg_mngmnt_network_nic: "Management network nic successfully validated"
+fail_msg_mngmnt_network_nic: "Failed. Incorrect Management network nic provided in base_vars.yml"
+success_msg_host_network_nic: "Host network nic successfully validated"
+fail_msg_host_network_nic: "Failed. Incorrect host network nic provided in base_vars.yml"
+success_msg_ib_network_nic: "Infiniband network nic successfully validated"
+fail_msg_ib_network_nic: "Failed. Incorrect infiniband network nic provided in base_vars.yml"
+success_dhcp_range: "Dhcp_range validated"
+fail_dhcp_range: "Failed. Incorrect range assigned for dhcp"
+invalid_mapping_file_path: "Incorrect mapping_file_path provided in base_vars.yml"
+success_msg_different_nics: "The nics of different containers and public nic are not the same - Validated"
+fail_msg_different_nics: "Failed. Incorrect nic information. public nic, management network nic and host network nic should not be the same"
+success_msg_different_nics_ib: "The nics of different containers and public nic are not the same as infiniband nic- Validated"
+fail_msg_different_nics_ib: "Failed. Infiniband nic cannot be the same as other nics"