Merge branch 'devel' into bugfix

.github/ISSUE_TEMPLATE/bug_report.md

@@ -2,7 +2,7 @@
 name: Bug report
 about: Create a report to help us improve
 title: ''
-labels: ''
+labels: bug
 assignees: ''
 
 ---

.github/ISSUE_TEMPLATE/logo_community.md

@@ -0,0 +1,11 @@
+---
+name: Add organization logo to the Omnia community list
+about: Display your organization's logo on the Omnia website
+title: 'Add logo to Omnia community list'
+labels: 'logo'
+assignees: ''
+
+---
+
+**Permanent link to your organization's logo:** 
+_Please replace this text with a permanent URL to your organization's logo. Logos will be automatically resized to fit._

.github/pull_request_template.md

@@ -0,0 +1,10 @@
+### Issues Resolved by this Pull Request
+Please be sure to associate your pull request with one or more open issues. Use the word _Fixes_ as well as a hashtag (_#_) prior to the issue number in order to automatically resolve associated issues (e.g., _Fixes #100_).
+
+Fixes #
+
+### Description of the Solution
+Please describe the solution provided and how it resolves the associated issues.
+
+### Suggested Reviewers
+If you wish to suggest specific reviewers for this solution, please include them in this section. Be sure to include the _@_ before the GitHub username.

.github/stale.yml

@@ -0,0 +1,17 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 60
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 14
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: stale
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false

.metadata/omnia_version

@@ -1 +1 @@
-Omnia version 1.0.0
+Omnia version devel

README.md

@@ -1,12 +1,15 @@
 <img src="docs/images/omnia-logo.png" width="500px">
 
-![GitHub](https://img.shields.io/github/license/dellhpc/omnia) ![GitHub issues](https://img.shields.io/github/issues-raw/dellhpc/omnia) ![GitHub release (latest by date including pre-releases)](https://img.shields.io/github/v/release/dellhpc/omnia?include_prereleases) ![GitHub last commit (branch)](https://img.shields.io/github/last-commit/dellhpc/omnia/devel) ![GitHub commits since tagged version](https://img.shields.io/github/commits-since/dellhpc/omnia/v1.0.2/devel) 
+
+![GitHub](https://img.shields.io/github/license/dellhpc/omnia) ![GitHub release (latest by date including pre-releases)](https://img.shields.io/github/v/release/dellhpc/omnia?include_prereleases) ![GitHub last commit (branch)](https://img.shields.io/github/last-commit/dellhpc/omnia/devel) ![GitHub commits since tagged version](https://img.shields.io/github/commits-since/dellhpc/omnia/v1.0.2/devel) 
 
 ![GitHub contributors](https://img.shields.io/github/contributors-anon/dellhpc/omnia) ![GitHub forks](https://img.shields.io/github/forks/dellhpc/omnia) ![GitHub Repo stars](https://img.shields.io/github/stars/dellhpc/omnia) ![GitHub all releases](https://img.shields.io/github/downloads/dellhpc/omnia/total)
 
-#### Ansible playbook-based deployment of Slurm and Kubernetes on Dell EMC PowerEdge servers running an RPM-based Linux OS
+![GitHub issues](https://img.shields.io/github/issues-raw/dellhpc/omnia) ![GitHub Discussions](https://img.shields.io/github/discussions/dellhpc/omnia) [<img src="https://img.shields.io/badge/slack-dellhpc-blue.svg?logo=slack">](https://app.slack.com/client/TH80K68HY/C018L5109PW)
+
+#### Ansible playbook-based deployment of Slurm and Kubernetes on servers running an RPM-based Linux OS
 
-Omnia (Latin: all or everything) is a deployment tool to turn Dell EMC PowerEdge servers with RPM-based Linux images into a functioning Slurm/Kubernetes cluster.
+Omnia (Latin: all or everything) is a deployment tool to turn servers with RPM-based Linux images into functioning Slurm/Kubernetes clusters.
 
 ## Omnia Documentation
 For Omnia documentation, including installation and contribution instructions, please see the [website](https://dellhpc.github.io/omnia).
@@ -15,5 +18,5 @@ For Omnia documentation, including installation and contribution instructions, p
 * Lucas A. Wilson (Dell Technologies)
 * John Lockman (Dell Technologies)
 
-## Omnia Contributors:
-<img src="docs/images/delltech.jpg" height="150px" alt="Dell Technologies"> <img src="docs/images/pisa.png" height="150px" alt="Universita di Pisa">
+## Omnia Community Members:
+<img src="docs/images/delltech.jpg" height="75px" alt="Dell Technologies"> <img src="docs/images/pisa.png" height="80px" alt="Universita di Pisa"> <img src="https://user-images.githubusercontent.com/83095575/117071024-64956c80-ace3-11eb-9d90-2dac7daef11c.png" height="75px"> <img src="https://www.vizias.com/uploads/1/1/8/9/118906653/published/thick-blue-white-ring-letters-full.png" height="65px" alt="Vizias">

appliance/appliance_config.yml

@@ -1,55 +0,0 @@
-# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
----
-
-# Password used while deploying OS on bare metal servers and for Cobbler UI.
-# The Length of the password should be at least 8.
-# The password must not contain -,\, ',"
-provision_password: ""
-
-# Password used for the AWX UI.
-# The Length of the password should be at least 8.
-# The password must not contain -,\, ',"
-awx_password: ""
-
-# The nic/ethernet card that needs to be connected to the HPC switch.
-# This nic will be configured by Omnia for the DHCP server.
-# Default value of nic is em1.
-hpc_nic: "em1"
-
-# The nic/ethernet card that will be connected to the public internet.
-# Default value of nic is em2
-public_nic: "em2"
-
-# This is the  path where user has kept the iso image that needs to be provisioned in target nodes.
-# The iso file should be CentOS7-2009-minimal edition.
-# Other iso file not supported.
-iso_file_path: ""
-
-# The mapping file consists of the MAC address and its respective IP address and hostname.
-# The format of mapping file should be MAC,hostname,IP and must be a CSV file.
-# A template for mapping file exists in omnia/examples and is named as mapping_file.csv.
-# This depicts the path where user has kept the mapping file for DHCP configurations.
-mapping_file_path: ""
-
-# The dhcp range for assigning the IPv4 address to the baremetal nodes.
-# Example: 10.1.23.1
-dhcp_start_ip_range: ""
-dhcp_end_ip_range: ""
-
-# This is the timezone that will be set during provisioning of OS
-# Available timezone are provided in list appliance/common/files/timezone.txt
-# Default timezone will be set to "GMT"
-# Some of the other available timezone are EST,CET,MST,CST6CDT,PST8PDT
-timezone: "GMT"

appliance/roles/common/tasks/docker_installation.yml

@@ -1,86 +0,0 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
----
-
-- name: Add docker repo
-  get_url:
-    url: "{{ docker_repo_url }}"
-    dest: "{{ docker_repo_dest }}"
-  tags: install
-
-- name: Enable docker edge and test repo
-  ini_file:
-    dest: "{{ docker_repo_dest }}"
-    section: "{{ item }}"
-    option: enabled
-    value: "{{ success }}"
-  with_items: ['docker-ce-test', 'docker-ce-edge']
-  tags: install
-
-- name: Install docker
-  package:
-    name: "{{ container_repo_install }}"
-    state: present
-  become: yes
-  tags: install
-
-- name: Start services
-  service:
-    name: "{{ container_type }}"
-    state: started
-    enabled: yes
-  become: yes
-  tags: install
-
-- name: Uninstall docker-py using pip
-  pip:
-    name: ['docker-py','docker']
-    state: absent
-  tags: install
-
-- name: Install docker using pip
-  pip:
-    name: docker
-    state: present
-  tags: install
-
-- name: Update pip
-  command: pip3 install --upgrade pip
-  changed_when: false
-
-- name: Installation using python3
-  pip:
-    name: "{{ docker_compose }}"
-    executable: pip3
-  tags: install
-
-- name: Versionlock docker
-  command: "yum versionlock '{{ item }}'"
-  args:
-    warn: false
-  with_items:
-    - "{{ container_repo_install }}"
-  changed_when: true
-  tags: install
-
-- name: Configure docker
-  copy:
-    src: daemon.json
-    dest: "{{ daemon_dest }}"
-  tags: install
-
-- name: Restart docker
-  service:
-    name: docker
-    state: restarted

appliance/roles/common/tasks/password_config.yml

@@ -1,351 +0,0 @@
-# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
----
-
-- name: Check input config file is encrypted
-  command: cat {{ input_config_filename }}
-  changed_when: false
-  register: config_content
-
-- name: Decrpyt appliance_config.yml
-  command: >-
-    ansible-vault decrypt {{ input_config_filename }}
-    --vault-password-file {{ vault_filename }}
-  changed_when: false
-  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
-
-- name: Include variable file appliance_config.yml
-  include_vars: "{{ input_config_filename }}"
-  no_log: true
-
-- name: Validate input parameters are not empty
-  fail:
-    msg: "{{ input_config_failure_msg }}"
-  register: input_config_check
-  when:
-    - provision_password | length < 1 or
-      awx_password | length < 1 or
-      hpc_nic | length < 1 or
-      public_nic | length < 1 or
-      iso_file_path | length < 1 or
-      dhcp_start_ip_range | length < 1 or
-      dhcp_end_ip_range | length < 1 or
-      timezone | length < 1
-
-- name: Save input variables from file
-  set_fact:
-    cobbler_password: "{{ provision_password }}"
-    admin_password: "{{ awx_password }}"
-    nic:  "{{ hpc_nic }}"
-    internet_nic: "{{ public_nic }}"
-    path_for_iso_file: "{{ iso_file_path }}"
-    dhcp_start_ip: "{{ dhcp_start_ip_range | ipv4 }}"
-    dhcp_end_ip: "{{ dhcp_end_ip_range | ipv4 }}"
-    mapping_file: false
-    path_for_mapping_file: "{{ mapping_file_path }}"
-    ks_timezone: "{{ timezone }}"
-  no_log: true
-
-- name: Get the system hpc ip
-  shell:  "ifconfig {{ hpc_nic }} | grep 'inet' |cut -d: -f2 |  awk '{ print $2}'"
-  register: ip
-  changed_when: false
-
-- name: Get the system public ip
-  shell:  "ifconfig {{ internet_nic }} | grep 'inet' |cut -d: -f2 |  awk '{ print $2}'"
-  register: internet_ip
-  changed_when: false
-
-- name: Get the system netmask
-  shell:  "ifconfig {{ hpc_nic }} | grep 'inet' |cut -d: -f2 |  awk '{ print $4}'"
-  register: net
-  changed_when: false
-
-- name: HPC nic IP
-  set_fact:
-    hpc_ip: "{{ ip.stdout }}"
-    public_ip: "{{ internet_ip.stdout }}"
-
-- name:  Netmask
-  set_fact:
-    netmask: "{{ net.stdout }}"
-
-- name: shell try
-  shell: |
-    IFS=. read -r i1 i2 i3 i4 <<< "{{ hpc_ip }}"
-    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
-    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
-  register: sub_result
-  changed_when: false
-
-- name: Subnet
-  set_fact:
-    subnet: "{{ sub_result.stdout }}"
-
-- name: Assert provision_password
-  assert:
-    that:
-      - cobbler_password | length > min_length | int - 1
-      - cobbler_password | length < max_length | int + 1
-      - '"-" not in cobbler_password '
-      - '"\\" not in cobbler_password '
-      - '"\"" not in cobbler_password '
-      - " \"'\" not in cobbler_password "
-    success_msg: "{{ success_msg_provision_password }}"
-    fail_msg: "{{ fail_msg_provision_password }}"
-  no_log: true
-  register: cobbler_password_check
-
-- name: Assert awx_password
-  assert:
-    that:
-        - admin_password | length > min_length | int - 1
-        - admin_password | length < max_length | int + 1
-        - '"-" not in admin_password '
-        - '"\\" not in admin_password '
-        - '"\"" not in admin_password '
-        - " \"'\" not in admin_password "
-    success_msg: "{{ success_msg_awx_password }}"
-    fail_msg: "{{ fail_msg_awx_password }}"
-  no_log: true
-  register: awx_password_check
-
-- name: Assert hpc_ip
-  assert:
-    that:
-      - hpc_ip | length > 7
-    success_msg: "{{ success_hpc_ip }}"
-    fail_msg: "{{ fail_hpc_ip }}"
-  register: hpc_ip_check
-
-- name: Assert public_ip
-  assert:
-    that:
-      - public_ip | length > 7
-    success_msg: "{{ success_hpc_ip }}"
-    fail_msg: "{{ fail_hpc_ip }}"
-  register: public_ip_check
-
-- name: Assert hpc_nic
-  assert:
-    that:
-      - nic | length > nic_min_length | int - 1
-      - nic != internet_nic
-    success_msg: "{{ success_msg_hpc_nic }}"
-    fail_msg: "{{ fail_msg_hpc_nic }}"
-  register: hpc_nic_check
-
-- name: Assert public_nic
-  assert:
-    that:
-      - internet_nic | length > nic_min_length | int - 1
-      - nic != internet_nic
-    success_msg: "{{ success_msg_public_nic }}"
-    fail_msg: "{{ fail_msg_public_nic }}"
-  register: public_nic_check
-
-- name: Assert mapping_file_exists
-  assert:
-    that:
-      - "( mapping_file == true ) or ( mapping_file == false )"
-    success_msg: "{{ success_mapping_file }}"
-    fail_msg: "{{ fail_mapping_file }}"
-
-- name: Set the mapping file value
-  set_fact:
-    mapping_file: true
-  when: path_for_mapping_file != ""
-  
-- name: Assert valid mapping_file_path
-  stat: 
-    path: "{{ path_for_mapping_file }}"
-  when: mapping_file == true
-  register: result_path_mapping_file
-  
-- name : Valid mapping_file_path
-  fail:
-    msg: "{{ invalid_mapping_file_path }}"
-  when: ( mapping_file == true ) and ( result_path_mapping_file.stat.exists == false )
-
-- name: Assert valid iso_file_path
-  stat:
-    path: "{{ path_for_iso_file }}"
-  register: result_path_iso_file
-
-- name : Incorrect iso_file_path
-  fail:
-    msg: "{{ invalid_iso_file_path }}"
-  when: ( result_path_iso_file.stat.exists == false ) and ( ".iso" not in  path_for_iso_file )
-
-- name: Fail when iso path valid but image not right
-  fail:
-    msg: "{{ invalid_iso_file_path }}"
-  when: ( result_path_iso_file.stat.exists == true ) and ( ".iso" not in path_for_iso_file )
-
-- name: Check the subnet of dhcp start range
-  shell: |
-    IFS=. read -r i1 i2 i3 i4 <<< "{{ dhcp_start_ip }}"
-    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
-    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
-  args:
-    warn: no
-  register: dhcp_start_sub_result
-  changed_when: false
-  when: dhcp_start_ip != "false"
-
-- name: Set the start dhcp subnet
-  set_fact:
-    dhcp_start_sub: "{{ dhcp_start_sub_result.stdout }}"
-  when: dhcp_start_ip != "false"
-
-- name: Check the subnet of dhcp end range
-  shell: |
-    IFS=. read -r i1 i2 i3 i4 <<< "{{ dhcp_end_ip }}"
-    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
-    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
-  register: dhcp_end_sub_result
-  when: dhcp_end_ip != "false"
-  changed_when: false
-
-- name: Set the end dhcp subnet
-  set_fact:
-    dhcp_end_sub: "{{ dhcp_end_sub_result.stdout }}"
-  when: dhcp_end_ip != "false"
-
-- name: Assert dhcp_start_ip_range
-  assert:
-    that:
-      - dhcp_start_ip != "false"
-      - dhcp_start_ip != dhcp_end_ip
-      - dhcp_start_sub == subnet
-      - dhcp_start_sub == dhcp_end_sub
-    success_msg: "{{ success_dhcp_range }}"
-    fail_msg: "{{ fail_dhcp_range }}"
-  register: dhcp_start_ip_check
-
-- name: Assert dhcp_end_ip_range
-  assert:
-    that:
-      - dhcp_end_ip != "false"
-      - dhcp_start_ip != dhcp_end_ip
-      - dhcp_end_sub == subnet
-      - dhcp_start_sub == dhcp_end_sub
-    success_msg: "{{ success_dhcp_range }}"
-    fail_msg: "{{ fail_dhcp_range }}"
-  register: dhcp_end_ip_check
-
-- name: Check timezone file
-  command: grep -Fx "{{ ks_timezone }}" {{ role_path }}/files/timezone.txt
-  ignore_errors: yes
-  register: timezone_out
-
-- name: Assert timezone
-  assert:
-    that: ks_timezone in timezone_out.stdout
-    success_msg: "{{ success_timezone }}"
-    fail_msg: "{{ fail_timezone }}"
-  register: timezone_check
-
-- name: Create ansible vault key
-  set_fact:
-    vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
-  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
-
-- name: Save vault key
-  copy:
-    dest: "{{ vault_filename }}"
-    content: |
-      {{ vault_key }}
-    owner: root
-    force: yes
-  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
-
-- name: Encrypt input config file
-  command: >-
-    ansible-vault encrypt {{ input_config_filename }}
-    --vault-password-file {{ vault_filename }}
-  changed_when: false
-
-- name: Check if omnia_vault_key exists
-  stat:
-    path: "{{ role_path }}/../../../{{ config_vaultname }}"
-  register: vault_key_result
-
-- name: Create ansible vault key if it does not exist
-  set_fact:
-    vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
-  when: not vault_key_result.stat.exists
-
-- name: Save vault key
-  copy:
-    dest: "{{ role_path }}/../../../{{ config_vaultname }}"
-    content: |
-      {{ vault_key }}
-    owner: root
-    force: yes
-  when: not vault_key_result.stat.exists
-
-- name: Check if omnia config file is encrypted
-  command: cat {{ role_path }}/../../../{{ config_filename }}
-  changed_when: false
-  register: config_content
-  no_log: True
-
-- name: Decrpyt omnia_config.yml
-  command: >-
-    ansible-vault decrypt {{ role_path }}/../../../{{ config_filename }}
-    --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
-  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
-
-- name: Include variable file omnia_config.yml
-  include_vars: "{{ role_path }}/../../../{{ config_filename }}"
-  no_log: True
-
-- name: Validate input parameters are not empty
-  fail:
-    msg: "{{ input_config_failure_msg }}"
-  register: input_config_check
-  when:
-    - mariadb_password | length < 1 or
-      k8s_cni | length < 1
-
-- name: Assert mariadb_password
-  assert:
-    that:
-        - mariadb_password | length > min_length | int - 1
-        - mariadb_password | length < max_length | int + 1
-        - '"-" not in mariadb_password '
-        - '"\\" not in mariadb_password '
-        - '"\"" not in mariadb_password '
-        - " \"'\" not in mariadb_password "
-    success_msg: "{{ success_msg_mariadb_password }}"
-    fail_msg: "{{ fail_msg_mariadb_password }}"
-
-- name: Assert kubernetes cni
-  assert:
-    that: "('calico' in k8s_cni) or ('flannel' in k8s_cni)"
-    success_msg: "{{ success_msg_k8s_cni }}"
-    fail_msg: "{{ fail_msg_k8s_cni }}"
-
-- name: Save input variables from file
-  set_fact:
-    db_password: "{{ mariadb_password }}"
-    k8s_cni: "{{ k8s_cni }}"
-  no_log: True
-
-- name: Encrypt input config file
-  command: >-
-    ansible-vault encrypt {{ role_path }}/../../../{{ config_filename }}
-    --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
-  changed_when: false

appliance/roles/common/vars/main.yml

@@ -1,96 +0,0 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
----
-
-# vars file for common
-
-# Usage: package_installation.yml
-common_packages:
-  - epel-release
-  - yum-utils
-  - git
-  - gcc
-  - gcc-c++
-  - nodejs
-  - device-mapper-persistent-data
-  - bzip2
-  - python2-pip
-  - python3-pip
-  - nano
-  - lvm2
-  - gettext
-  - python-docker
-  - net-tools
-  - python-netaddr
-  - yum-plugin-versionlock
-
-# Usage: pre_requisite.yml
-internet_delay: 0
-internet_timeout: 10
-hostname: github.com
-port_no: 22
-os_name: CentOS
-os_version: '7.9' 
-internet_status: "Failed. No Internet connection. Make sure network is up."
-os_status: "Unsupported OS or OS version. OS should be {{ os_name }} and Version should be {{ os_version }} or more"
-selinux_status: "SElinux is not disabled. Disable it in /etc/sysconfig/selinux and reboot the system"
-iso_name: CentOS-7-x86_64-Minimal-2009.iso
-iso_fail: "Iso file not found. Download and copy the iso file to omnia/appliance/roles/provision/files"
-
-# Usage: docker_installation.yml
-docker_repo_url: https://download.docker.com/linux/centos/docker-ce.repo
-docker_repo_dest: /etc/yum.repos.d/docker-ce.repo
-success: '0'
-container_type: docker
-container_repo_install:
-  - docker-ce-cli-20.10.2
-  - docker-ce-20.10.2
-docker_compose: docker-compose
-daemon_dest: /etc/docker/
-
-# Usage: docker_volume.yml
-docker_volume_name: omnia-storage
-
-# Usage: password_config.yml
-input_config_filename: "appliance_config.yml"
-fail_msg_provision_password: "Failed. Incorrect provision_password format provided in appliance_config.yml file"
-success_msg_provision_password: "provision_password validated"
-fail_msg_awx_password: "Failed. Incorrect awx_password format provided in appliance_config.yml file"
-success_msg_awx_password: "awx_password validated"
-fail_msg_hpc_nic: "Failed. Incorrect hpc_nic format provided in appliance_config.yml file"
-success_msg_hpc_nic: "hpc_nic validated"
-fail_msg_public_nic: "Failed. Incorrect public_nic format provided in appliance_config.yml file"
-success_msg_public_nic: "public_nic validated"
-success_mapping_file: "mapping_file_exists validated"
-fail_mapping_file: "Failed. Incorrect mapping_file_exists value in appliance_config.yml. It should be either true or false"
-input_config_failure_msg: "Please provide all the required parameters in appliance_config.yml"
-success_dhcp_range: "Dhcp_range validated"
-fail_dhcp_range: "Failed. Incorrect range assigned for dhcp"
-success_hpc_ip: "IP validated"
-fail_hpc_ip: "Failed. Nic should be configured"
-fail_mapping_file_path: "Failed. Mapping_file_path input is empty in appliance_config.yml. Either set mapping_file_exists to false or provide a path for a valid mapping file."
-invalid_mapping_file_path: "Incorrect mapping_file_path provided in appliance_config.yml"
-invalid_iso_file_path: "Incorrect iso_file_path provided in appliance_config.yml."
-min_length: 8
-max_length: 30
-nic_min_length: 3
-vault_filename: .vault_key
-config_filename: "omnia_config.yml"
-config_vaultname: .omnia_vault_key
-fail_msg_mariadb_password: "Failed. Incorrect mariadb_password format provided in omnia_config.yml file"
-success_msg_mariadb_password: "mariadb_password validated"
-success_msg_k8s_cni: "Kubernetes CNI Validated"
-fail_msg_k8s_cni: "Failed. Kubernetes CNI is incorrect in omnia_config.yml"
-success_timezone: "timezone validated"
-fail_timezone: "Failed. Incorrect timezone provided. Please check the file timezone.txt in appliance/roles/common/files/ folder"

cobbler_utils/create_system_profiles.sh

@@ -0,0 +1,44 @@
+#!/bin/bash
+
+if [ $# -lt 1 ] ; then
+    echo -e "\nNeed mapping file\n"
+    echo -e "e.g. $(basename $0) mapping.csv\n"
+    exit 1
+fi
+
+MAPPING=$1
+
+if [ ! -e $MAPPING ] ; then
+    echo -e "\nMapping file $MAPPING does not exist\n"
+    exit 1
+fi
+
+if [ ! -d profiles ] ; then
+	mkdir profiles
+fi
+
+echo -e "#!/bin/bash\n" > profiles/addall.sh
+
+for profile in $(cat $MAPPING | grep -v ^MAC) ; do
+
+    MAC=$(echo $profile | cut -d "," -f 1 )
+    HOSTNAME=$(echo $profile | cut -d "," -f 2 )
+    IPADDR=$(echo $profile | cut -d "," -f 3 )
+    OUTFILE=${HOSTNAME}.sh
+
+    cat template.sh \
+    | sed -e "s/^HOSTNAME=/HOSTNAME=\"$HOSTNAME\"/" \
+    -e "s/^IPADDR=/IPADDR=\"$IPADDR\"/" \
+    -e "s/^MAC=/MAC=\"$MAC\"/" > profiles/$OUTFILE
+
+    echo "./$OUTFILE" >> profiles/addall.sh
+
+    chmod 755 profiles/$OUTFILE
+
+done
+
+echo -e "\ncobbler sync\n" >> profiles/addall.sh
+
+chmod 755 profiles/addall.sh
+
+

cobbler_utils/template.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+HOSTNAME=
+IPADDR=
+MAC=
+INTERFACE="em1"
+PROFILE="CentOS7-x86_64"
+
+cobbler system remove --name=$HOSTNAME 2>&1 > /dev/null
+
+cobbler system add --name=$HOSTNAME --hostname=$HOSTNAME --profile=$PROFILE
+
+cobbler system edit --name=$HOSTNAME --interface=$INTERFACE --mac=$MAC
+
+cobbler system edit --name=$HOSTNAME --kopts="ksdevice=$MAC nomodeset consoleblank=0"
+
+cobbler system edit --name=$HOSTNAME --kopts-post="nomodeset consoleblank=0"
+
+#cobbler sync
+

control_plane/collect_device_info.yml

@@ -0,0 +1,20 @@
+# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Dynamic Inventory
+  hosts: localhost
+  connection: local
+  gather_facts: no
+  roles:
+    - collect_device_info

appliance/inventory.yml

@@ -17,4 +17,4 @@
   connection: local
   gather_facts: no
   roles:
-    - inventory
+    - collect_node_info

control_plane/control_plane.yml

@@ -0,0 +1,28 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Executing omnia roles
+  hosts: localhost
+  connection: local
+  roles:
+    - control_plane_common
+    - control_plane_repo
+    - control_plane_k8s
+    - control_plane_device
+    - provision_cobbler
+    - control_plane_ib
+    - control_plane_sm
+    - control_plane_customiso
+    - webui_awx

control_plane/ethernet.yml

@@ -0,0 +1,23 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+-  name: Ethernet Configuration 
+   hosts: all
+   gather_facts: false
+   connection: network_cli
+   vars:
+     ansible_network_os: dellemc.os10.os10
+   roles:
+    - network_ethernet

control_plane/idrac.yml

@@ -0,0 +1,20 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Deploy OS via idrac
+  hosts: all
+  connection: local
+  roles:
+    - provision_idrac

control_plane/inifiniband.yml

@@ -0,0 +1,21 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Infiniband Configuration
+  hosts: all
+  gather_facts: false
+  connection: local
+  roles:
+    - network_ib

control_plane/input_params/base_vars.yml

@@ -0,0 +1,149 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+##All variables except mapping_file_path are mandatory##
+
+###default###
+
+# Path to directory hosting ansible config file (ansible.cfg file)
+# Default value is /etc/ansible
+# This directory is on the host running ansible, if ansible is installed using dnf
+# If ansible is installed using pip, this path should be set
+ansible_conf_file_path: /etc/ansible
+
+# This variable is used to enable ethernet switch configuration
+# It accepts boolean values "true" or "false". 
+# By default its value is "false".
+# If ethernet switch support is needed set this to "true"
+ethernet_switch_support: false
+
+# This variable is used to enable infiniband switch configuration
+# It accepts boolean values "true" or "false". 
+# By default its value is "false".
+# If infiniband configuration is needed set this to "true"
+ib_switch_support: false
+
+# This variable is used to enable powervault configuration
+# It accepts boolean values "true" or "false". 
+# By default its value is "false".
+# If powervault configuration is needed set this to "true"
+powervault_support: false
+
+# The nic/ethernet card that will be connected to the public internet.
+# Default value of nic is eno2
+public_nic: "eno2"
+
+# Kubernetes pod network CIDR for appliance k8s network
+# Make sure this value does not overlap with any of the host networks.
+# Default value is "192.168.0.0/16"
+appliance_k8s_pod_net_cidr: "192.168.0.0/16"
+
+### Usage: provision_idrac, network_ib, network_ethernet, powervault_me4 ###
+
+# The trap destination IP address is the IP address of the SNMP Server where the trap will be sent
+# If this variable is left blank, it means SNMP will be disabled
+# Provide a valid SNMP server IP
+snmp_trap_destination: ""
+
+# Provide the snmp community name needed
+# By default this is set to "public"
+snmp_community_name: "public"
+
+### Usage: webui_awx ###
+
+# Organization name that is created in AWX.
+# The default value is “DellEMC”
+awx_organization: "DellEMC"
+
+### Usage: provision_cobbler, provision_idrac ###
+
+# This is the timezone that will be set during provisioning of OS
+# Available timezones are provided in control_plane/common/files/timezone.txt
+# Default timezone will be "GMT"
+# Some of the other available timezones are EST,CET,MST,CST6CDT,PST8PDT
+timezone: "GMT"
+
+# This is the language that will be set during provisioning of the OS
+# Default language supported is "en-US"
+language: "en-US"
+
+# This is the path where the user has to place the iso image that needs to be provisioned in target nodes.
+# The iso file should be CentOS7-2009-minimal edition.
+# Other iso files are not supported.
+# Mandatory value required
+iso_file_path: ""
+
+### Usage: control_plane_device ###
+
+# The nic/ethernet card that needs to be connected to provision 
+# the fabric, idrac and powervault.
+# This nic will be configured by Omnia for the DHCP server.
+# Default value of nic is eno1
+mngmnt_network_nic: "eno1"
+
+# The dhcp range for assigning the IPv4 address
+# Example: 172.17.0.1
+# Mandatory value required
+mngmnt_network_dhcp_start_range: ""
+mngmnt_network_dhcp_end_range: ""
+
+# The mapping file consists of the MAC address and its respective IP address and hostname.
+# The format of mapping file should be MAC,hostname,IP and must be a CSV file.
+# Eg: xx:yy:zz:aa:bb,server,172.17.0.5
+# A template for mapping file exists in omnia/examples and is named as mapping_file.csv.
+# This depicts the path where user has kept the mapping file for DHCP configurations.
+mngmnt_mapping_file_path: ""
+
+### Usage: provision_cobbler ###
+
+# The nic/ethernet card that needs to be connected to provision the OS of bare metal servers
+# This nic will be configured by Omnia for the DHCP server.
+# Default value of nic is eno3
+host_network_nic: "eno3"
+
+# The dhcp range for assigning the IPv4 address
+# Example: 172.17.0.1
+# Mandatory value required
+host_network_dhcp_start_range: ""
+host_network_dhcp_end_range: ""
+
+dhcp_gateway: ""
+dhcp_dns1: ""
+dhcp_dns2: ""
+
+# The mapping file consists of the MAC address and its respective IP address and hostname.
+# The format of mapping file should be MAC,hostname,IP and must be a CSV file.
+# Eg: xx:yy:zz:aa:bb,server,172.17.0.5
+# A template for mapping file exists in omnia/examples and is named as mapping_file.csv.
+# This depicts the path where user has kept the mapping file for DHCP configurations.
+host_mapping_file_path: ""
+
+### Usage: control_plane_ib ###
+
+# The nic/ethernet card that needs to be connected to configure infiniband switch
+# This nic will be configured by Omnia for the DHCP server.
+# Default value of nic is ib0
+ib_network_nic: "ib0"
+
+# The dhcp range for assigning the IPv4 address
+# Example: 172.17.0.1
+ib_network_dhcp_start_range: ""
+ib_network_dhcp_end_range: ""
+
+# The mapping file consists of the MAC address and its respective IP address and hostname.
+# The format of mapping file should be MAC,hostname,IP and must be a CSV file.
+# Eg: xx:yy:zz:aa:bb,server,172.17.0.5
+# A template for mapping file exists in omnia/examples and is named as mapping_file.csv.
+# This depicts the path where user has kept the mapping file for DHCP configurations.
+ib_mapping_file_path: ""

control_plane/input_params/ethernet_vars.yml

@@ -0,0 +1,14 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---

control_plane/input_params/ib_vars.yml

@@ -0,0 +1,14 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---

control_plane/input_params/idrac_vars.yml

@@ -0,0 +1,46 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+### Usage: provision_idrac ###
+
+# This indicates the system profile name used for BIOS configuration of the server
+# The values supported are - "Performance", "PerformancePerWatt(DAPC)", "PerformancePerWatt(OS)", "WorkstationPerformance".
+# The default value is "Performance"
+idrac_system_profile: "Performance"
+
+# Boolean value indicating whether OMNIA should perform firmware update or not
+# It takes values "true" or "false" indicating required and not required cases respectively.
+# Default value is "true"
+firmware_update_required: true
+
+#****Security Requirements Configuration****#
+###Enable the security parameters listed below only if you want to configure the security settings in idrac###
+###This feature will be enabled in all the servers (hpc nodes) listed in the idrac inventory###
+###To apply these settings please execute appropriate files in control_plane/tools directory###
+
+### Usage: idrac_secure_boot ###
+
+# Specify whether the secure boot mode to be enabled
+# By default secure boot will be "disabled"
+# If required it can be "enabled"
+uefi_secure_boot: "disabled"
+
+### Usage: idrac_system_lockdown ###
+
+# Specify whether the system lockdown to be enabled
+# By default system lockdown will be "disabled"
+# If required it can be "enabled"
+# Make sure system_lockdown is enabled only after OS provisioning is completed
+system_lockdown: "disabled"

control_plane/input_params/login_vars.yml

@@ -0,0 +1,83 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+### Usage: provision_cobbler, provison_idrac ###
+
+# Password used while deploying OS on bare metal servers.
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+# Mandatory value required
+provision_password: ""
+
+### Usage: provision_cobbler ###
+
+# Password used for cobbler
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+# Mandatory value required
+cobbler_password: ""
+
+### Usage: webui_awx ###
+
+# Password used for awx UI
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+#awx_password: ""
+
+### Usage: network_ethernet ###
+
+# The username for ethernet switch
+# The username must not contain -,\, ',"
+ethernet_switch_username: ""
+
+# Password used for ethernet switch
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+ethernet_switch_password: ""
+
+### Usage: network_ib ###
+
+# The username for infiniband switch
+# The username must not contain -,\, ',"
+ib_username: ""
+
+# Password used for infiniband switch
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+ib_password: ""
+
+### Usage: provision_idrac ###
+
+# The username for idrac
+# The username must not contain -,\, ',"
+# Mandatory value required
+idrac_username: ""
+
+# Password used for idrac
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+# Mandatory value required
+idrac_password: ""
+
+### Usage: powervault_me4 ###
+
+# The username for powervault_me4
+# The username must not contain -,\, ',"
+powervault_me4_username: ""
+
+# Password used for powervault_me4
+# The Length of the password should be at least 8.
+# The password must not contain -,\, ',"
+powervault_me4_password: ""

control_plane/input_params/powervault_me4_vars.yml

@@ -0,0 +1,82 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+### Usage: powervault_me4 ###
+
+# User type of powervault_me4
+# The vaules supported are "standard" and "SNMPv3"
+# The default value is "standard"
+powervault_me4_usertype: "standard"
+
+# The user roles for managing and monitoring powervault_me4
+# The values supported are "monitor" and "manage"
+# The default value is "manage"
+# Only "manage" role allows - Addition of disk groups and creation of volumes 
+powervault_me4_roles: "manage"
+
+# This variable indicates the language selection
+# Currently only "English" is supported
+locale: "English"
+
+# Specify the system name to identify the system
+# By default it is set to "Uninitialized Name"
+powervault_me4_system_name: "Unintialized Name"
+
+# Specify the snmp notification level
+# critical: Sends notifications for Critical events only.
+# error: Sends notifications for Error and Critical events.
+# warn: Sends notifications for Warning, Error, and Critical events.
+# resolved: Sends notifications for Resolved, Warning, Error, and Critical events.
+# info: Sends notifications for all events.
+# none: All events are excluded from trap notification and traps are disabled. 
+# However, Critical events and managed-logs events 400–402 are sent regardless of the notification setting.
+# Default value is "none"
+powervault_me4_snmp_notify_level: "none"
+
+# Specify the disk group name
+# If left blank, system automatically assigns the name
+powervault_me4_disk_group_name: ""
+
+# Specify the disk type
+# Values supported are "Virtual" and "Read Cache"
+powervault_me4_disk_type: "Virtual"
+
+# Specify the required RAID Level
+# The different RAID levels and the min and max number of disks supported for each RAID are
+# RAID1: 2
+# RAID5: 3-16
+# RAID6: 4-16
+# RAID10: 4-16
+# ADAPT: 12-128
+# Default value is "RAID1"
+# If Type "Read Cache" is selected, then RAID levels are not required
+powervault_me4_raid_levels: "RAID1"
+
+# Specify the range of disks
+# Select a range of disks within an enclosure by entering a comma-separated list that contains 
+# the enclosure number and disk range in the Enter Range of Disks text box. 
+# Use the format enclosure-number.disk-range,enclosure-number.disk-range. 
+# For example, to select disks 3-12 in enclosure 1 and 5-23 in enclosure 2, enter 1.3-12,2.5-23.
+# For ME4012 - 0.0-0.11,1.0-1.11 are the allowed values
+powervault_me4_disk_range: ""
+
+# Specify the volume name
+# Cannot be left blank
+# the default value is "pv_omnia"
+powervault_me4_volume_name: "pv_omnia"
+
+# Specify the volume size
+# Format: 100GB <SizeGB>
+powervault_me4_volume_size: "100GB"

control_plane/powervault_me4.yml

@@ -0,0 +1,21 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Powervault Configuration
+  hosts: all
+  gather_facts: false
+  connection: local
+  roles:
+    - powervault_me4

appliance/roles/common/tasks/docker_volume.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,8 +13,7 @@
 #  limitations under the License.
 ---
 
-- name: Create a docker volume
-  docker_volume:
-    name: "{{ docker_volume_name }}"
-  vars:
-    ansible_python_interpreter: "/usr/bin/python3"
+# Will be updated later in each PR
+- name: Pass
+  debug:
+    msg: "Pass"

appliance/roles/inventory/tasks/main.yml

@@ -21,12 +21,12 @@
     path: "{{ role_path }}/files/provisioned_hosts.yml"
   register: provisioned_file_result
 
-- name: Include vars file of common role
-  include_vars: "{{ role_path }}/../common/vars/main.yml"
+- name: Include vars file of control_plane_common role
+  include_vars: "{{ role_path }}/../control_plane_common/vars/main.yml"
   no_log: True
 
-- name: Include vars file of web_ui role
-  include_vars: "{{ role_path }}/../web_ui/vars/main.yml"
+- name: Include vars file of webui_awx role
+  include_vars: "{{ role_path }}/../webui_awx/vars/main.yml"
   no_log: True
 
 - name: Update inventory file

control_plane/roles/control_plane_common/tasks/fetch_base_inputs.yml

@@ -0,0 +1,455 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Include base variable file base_vars.yml
+  include_vars: "{{ base_vars_filename }}"
+  no_log: true
+
+- name: Validate input parameters of base_vars are not empty
+  fail:
+    msg: "{{ input_base_failure_msg }}"
+  register: input_base_check
+  when:
+    - ansible_conf_file_path | length < 1 or
+      public_nic | length < 1 or
+      appliance_k8s_pod_net_cidr | length < 1 or
+      awx_organization | length < 1 or
+      timezone | length < 1 or
+      language | length < 1 or
+      iso_file_path | length < 1 or
+      mngmnt_network_nic | length < 1 or
+      mngmnt_network_dhcp_start_range | length < 1 or
+      mngmnt_network_dhcp_end_range | length < 1 or
+      host_network_nic | length < 1 or
+      host_network_dhcp_start_range | length < 1 or
+      host_network_dhcp_end_range | length < 1 or
+      dhcp_gateway | length < 1 or
+      dhcp_dns1 | length < 1 or
+      dhcp_dns2 | length < 1
+
+- name: Validate infiniband base_vars are not empty
+  fail:
+    msg: "{{ input_base_failure_msg }} for infiniBand as ib_switch_support is true"
+  register: ib_check
+  when:
+    - ib_network_nic | length < 1 or
+      ib_network_dhcp_start_range | length < 1 or
+      ib_network_dhcp_end_range | length < 1 and ib_switch_support
+
+- name: Set facts to validate snmp support
+  set_fact:
+    snmp_enabled: false   
+    mngmnt_mapping_file: false
+    host_mapping_file: false
+    ib_mapping_file: false
+
+- name: Verify snmp_trap_destination IP address
+  set_fact:
+    snmp_enabled: true
+  when: snmp_trap_destination | length > 1
+
+- name: Assert snmp trap destination address
+  assert:
+    that:
+      - snmp_enabled
+      - snmp_trap_destination | length > 7
+      - snmp_trap_destination | ipv4
+    success_msg: "{{ success_snmp_trap_dest }}"
+    fail_msg: "{{ fail_snmp_trap_dest }}"
+  when: snmp_enabled
+
+- name: Assert snmp community string
+  assert:
+    that:
+      - snmp_enabled
+      - snmp_community_name
+    success_msg: "{{ success_snmp_comm_msg }}"
+    fail_msg: "{{ fail_snmp_comm_msg }}"
+  when: snmp_enabled
+
+- name: Check whether ansible config file exists
+  stat:
+    path: "{{ ansible_conf_file_path }}/ansible.cfg"
+  register: ansible_conf_exists
+
+- name: Create the directory if it does not exist
+  file:
+    path: "{{ ansible_conf_file_path }}"
+    state: directory
+    mode: "{{ file_perm }}"
+  when: not ansible_conf_exists.stat.exists
+  changed_when: false
+
+- name: Create ansible config file if it does not exist
+  copy:
+    dest: '{{ ansible_conf_file_path }}/ansible.cfg'
+    mode: "{{ file_perm }}"
+    content: |
+      [defaults]
+      log_path = /var/log/omnia.log
+  when: not ansible_conf_exists.stat.exists
+
+- name: Assert ethernet_switch_support
+  assert:
+    that:
+      - ethernet_switch_support == true or ethernet_switch_support == false
+    success_msg: "{{ ethernet_switch_support_success_msg }}"
+    fail_msg: "{{ ethernet_switch_support_fail_msg }}"
+
+- name: Assert ib_switch_support
+  assert:
+    that:
+      - ib_switch_support == true or ib_switch_support == false
+    success_msg: "{{ ib_switch_support_success_msg }}"
+    fail_msg: "{{ ib_switch_support_fail_msg }}"
+
+- name: Assert powervault_support
+  assert:
+    that:
+      - powervault_support == true or powervault_support == false
+    success_msg: "{{ powervault_support_success_msg }}"
+    fail_msg: "{{ powervault_support_fail_msg }}"
+
+- name: Fetch the network interfaces in UP state in the system
+  shell: set -o pipefail && ip a | awk '/state UP/{print $2}'
+  register: nic_addr_up
+  changed_when: false
+  
+- name: Assert public nic
+  assert:
+    that:
+      - public_nic in nic_addr_up.stdout
+    success_msg: "{{ success_msg_public_nic }}"
+    fail_msg: "{{ fail_msg_public_nic }}"
+
+- name: Fetch the system public IP
+  set_fact:
+    public_ip: "{{ lookup('vars','ansible_'+public_nic).ipv4.address }}"
+
+- name: Assert kubernetes pod network CIDR
+  assert:
+    that:
+      - appliance_k8s_pod_net_cidr | ipv4
+      - appliance_k8s_pod_net_cidr | length > 9
+      - '"/" in appliance_k8s_pod_net_cidr '
+    success_msg: "{{ success_msg_k8s_pod_network_cidr }}"
+    fail_msg: "{{ fail_msg_k8s_pod_network_cidr }}"
+
+- name: Assert Organization in awx
+  assert:
+    that:
+      - awx_organization | length >= min_username_length
+      - awx_organization | length < max_length
+      - '"-" not in awx_organization '
+      - '"\\" not in awx_organization '
+      - '"\"" not in awx_organization '
+      - " \"'\" not in awx_organization "
+    success_msg: "{{ success_awx_organization }}"
+    fail_msg: "{{ fail_awx_organization }}"
+
+- name: Check timezone file
+  command: grep -Fx "{{ timezone }}" {{ role_path }}/files/timezone.txt
+  ignore_errors: yes
+  register: timezone_out
+  changed_when: false
+
+- name: Assert timezone
+  assert:
+    that: timezone in timezone_out.stdout
+    success_msg: "{{ success_timezone_msg }}"
+    fail_msg: "{{ fail_timezone_msg }}"
+  register: timezone_check
+
+- name: Assert language for provisioning nodes
+  fail:
+    msg: "{{ fail_language }}"
+  when: '"en-US" not in language'
+
+- name: Verify the iso_file_path
+  stat:
+    path: "{{ iso_file_path }}"
+  register: result_path_iso_file
+
+- name : Assert iso_file_path
+  fail:
+    msg: "{{ invalid_iso_file_path }}"
+  when: ( not result_path_iso_file.stat.exists ) and ( ".iso" not in  iso_file_path )
+
+- name: Fail when iso path valid but image not right
+  fail:
+    msg: "{{ invalid_iso_file_path }}"
+  when: ( result_path_iso_file.stat.exists ) and ( ".iso" not in iso_file_path )
+
+####management_net_dhcp_start_end_range
+- name: Assert management network nic
+  assert:
+    that:
+      - mngmnt_network_nic in nic_addr_up.stdout
+    success_msg: "{{ success_msg_mngmnt_network_nic }}"
+    fail_msg: "{{ fail_msg_mngmnt_network_nic }}"
+
+- name: Fetch the management network ip, netmask and subnet
+  set_fact:
+    mngmnt_network_ip: "{{ lookup('vars','ansible_'+mngmnt_network_nic).ipv4.address }}"
+    mngmnt_network_netmask: "{{ lookup('vars','ansible_'+mngmnt_network_nic).ipv4.netmask }}"
+    mngmnt_network_subnet: "{{ lookup('vars','ansible_'+mngmnt_network_nic).ipv4.network }}"
+
+- name: Check the subnet of management network dhcp start range
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ mngmnt_network_dhcp_start_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ mngmnt_network_netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  args:
+    warn: no
+  register: dhcp_start_mgmnt_result
+  changed_when: false
+
+- name: Set the start dhcp subnet for management network
+  set_fact:
+    dhcp_start_mgmnt: "{{ dhcp_start_mgmnt_result.stdout }}"
+
+- name: Check the subnet of dhcp end range for management network
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ mngmnt_network_dhcp_end_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ mngmnt_network_netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  register: dhcp_end_mgmnt_result
+  changed_when: false
+
+- name: Set the end dhcp subnet for management network
+  set_fact:
+    dhcp_end_mgmnt: "{{ dhcp_end_mgmnt_result.stdout }}"
+
+- name: Assert management_net_dhcp_start_range
+  assert:
+    that:
+      - mngmnt_network_dhcp_start_range
+      - mngmnt_network_dhcp_start_range | ipv4
+      - mngmnt_network_dhcp_start_range != mngmnt_network_dhcp_end_range
+      - dhcp_start_mgmnt == mngmnt_network_subnet
+      - dhcp_start_mgmnt == dhcp_end_mgmnt
+    success_msg: "{{ success_dhcp_range }} for management network"
+    fail_msg: "{{ fail_dhcp_range }} for management network"
+
+- name: Assert management_net_dhcp_end_range
+  assert:
+    that:
+      - mngmnt_network_dhcp_end_range
+      - mngmnt_network_dhcp_end_range | ipv4
+      - mngmnt_network_dhcp_start_range != mngmnt_network_dhcp_end_range
+      - dhcp_end_mgmnt == mngmnt_network_subnet
+      - dhcp_start_mgmnt == dhcp_end_mgmnt
+    success_msg: "{{ success_dhcp_range }} for management network"
+    fail_msg: "{{ fail_dhcp_range }} for management network"
+
+- name: Set the mapping file value for management network
+  set_fact:
+    mngmnt_mapping_file: true
+  when: mngmnt_mapping_file_path | length > 0
+
+- name: Assert valid mngmnt_mapping_file_path
+  stat:
+    path: "{{ mngmnt_mapping_file_path }}"
+  when: mngmnt_mapping_file
+  register: result_mngmnt_mapping_file
+
+- name : Valid mngmnt_mapping_file_path
+  fail:
+    msg: "{{ invalid_mapping_file_path }} for management network"
+  when: mngmnt_mapping_file and not result_mngmnt_mapping_file.stat.exists
+#########
+
+###Host network####
+- name: Assert host network nic
+  assert:
+    that:
+      - host_network_nic in nic_addr_up.stdout
+    success_msg: "{{ success_msg_host_network_nic }}"
+    fail_msg: "{{ fail_msg_host_network_nic }}"
+
+- name: Fetch the host network ip, netmask and subnet
+  set_fact:
+    hpc_ip: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.address }}"
+    netmask: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.netmask }}"
+    subnet: "{{ lookup('vars','ansible_'+host_network_nic).ipv4.network }}"
+
+- name: Check the subnet of host network dhcp start range
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ host_network_dhcp_start_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  args:
+    warn: no
+  register: dhcp_start_host_result
+  changed_when: false
+
+- name: Set the start dhcp subnet for host network
+  set_fact:
+    dhcp_start_host: "{{ dhcp_start_host_result.stdout }}"
+
+- name: Check the subnet of dhcp end range for host network
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ host_network_dhcp_end_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  register: dhcp_end_host_result
+  changed_when: false
+
+- name: Set the end dhcp subnet for host network
+  set_fact:
+    dhcp_end_host: "{{ dhcp_end_host_result.stdout }}"
+
+- name: Assert host_network_dhcp_start_range
+  assert:
+    that:
+      - host_network_dhcp_start_range
+      - host_network_dhcp_start_range | ipv4
+      - host_network_dhcp_start_range != host_network_dhcp_end_range
+      - dhcp_start_host == subnet
+      - dhcp_start_host == dhcp_end_host
+    success_msg: "{{ success_dhcp_range }} for host network"
+    fail_msg: "{{ fail_dhcp_range }} for host network"
+
+- name: Assert host_network_dhcp_end_range
+  assert:
+    that:
+      - host_network_dhcp_end_range
+      - host_network_dhcp_end_range | ipv4
+      - host_network_dhcp_start_range != host_network_dhcp_end_range
+      - dhcp_end_host == subnet
+      - dhcp_start_host == dhcp_end_host
+    success_msg: "{{ success_dhcp_range }} for host network"
+    fail_msg: "{{ fail_dhcp_range }} for host network"
+
+- name: Set the mapping file value for host network
+  set_fact:
+    host_mapping_file: true
+  when: host_mapping_file_path | length > 0
+  
+- name: Assert valid mapping_file_path
+  stat: 
+    path: "{{ host_mapping_file_path }}"
+  when: host_mapping_file
+  register: result_host_mapping_file
+  
+- name: Valid mapping_file_path
+  fail:
+    msg: "{{ invalid_mapping_file_path }} for host_network"
+  when: host_mapping_file and not result_host_mapping_file.stat.exists
+
+- name: Verify different nics
+  assert:
+    that:
+      - public_nic != mngmnt_network_nic
+      - mngmnt_network_nic != host_network_nic
+      - public_nic != host_network_nic
+    success_msg: "{{ success_msg_different_nics }}"
+    fail_msg: "{{ fail_msg_different_nics }}"
+
+########
+- name: Assert infiniband network nic
+  assert:
+    that:
+      - ib_network_nic in nic_addr_up.stdout
+    success_msg: "{{ success_msg_ib_network_nic }}"
+    fail_msg: "{{ fail_msg_ib_network_nic }}"
+  when: ib_switch_support
+
+- name: Fetch the infiniband network ip, netmask and subnet
+  set_fact:
+    ib_ip: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.address }}"
+    ib_netmask: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.netmask }}"
+    ib_subnet: "{{ lookup('vars','ansible_'+ib_network_nic).ipv4.network }}"
+  when: ib_switch_support
+
+- name: Check the subnet of infiniband network dhcp start range
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ ib_network_dhcp_start_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ ib_netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  args:
+    warn: no
+  register: dhcp_start_ib_result
+  when: ib_switch_support
+  changed_when: false
+
+- name: Set the start dhcp subnet for infiniband network
+  set_fact:
+    dhcp_start_ib: "{{ dhcp_start_ib_result.stdout }}"
+  when: ib_switch_support
+
+- name: Check the subnet of dhcp end range for infiniband network
+  shell: |
+    IFS=. read -r i1 i2 i3 i4 <<< "{{ ib_network_dhcp_end_range }}"
+    IFS=. read -r m1 m2 m3 m4 <<< "{{ ib_netmask }}"
+    printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))"
+  register: dhcp_end_ib_result
+  when: ib_switch_support
+  changed_when: false
+
+- name: Set the end dhcp subnet for infiniband network
+  set_fact:
+    dhcp_end_ib: "{{ dhcp_end_ib_result.stdout }}"
+  when: ib_switch_support
+
+- name: Assert infiniband_net_dhcp_start_range
+  assert:
+    that:
+      - ib_network_dhcp_start_range
+      - ib_network_dhcp_start_range | ipv4
+      - ib_network_dhcp_start_range != ib_network_dhcp_end_range
+      - dhcp_start_ib == ib_subnet
+      - dhcp_start_ib == dhcp_end_ib
+    success_msg: "{{ success_dhcp_range }} for infiniband network"
+    fail_msg: "{{ fail_dhcp_range }} for infiniband network"
+  when: ib_switch_support
+
+- name: Assert infiniband_net_dhcp_end_range
+  assert:
+    that:
+      - ib_network_dhcp_end_range
+      - ib_network_dhcp_end_range | ipv4
+      - ib_network_dhcp_start_range != ib_network_dhcp_end_range
+      - dhcp_end_ib == ib_subnet
+      - dhcp_start_ib == dhcp_end_ib
+    success_msg: "{{ success_dhcp_range }} for infiniband network"
+    fail_msg: "{{ fail_dhcp_range }} for infiniband network"
+  when: ib_switch_support
+
+- name: Set the mapping file value for infiniband
+  set_fact:
+    ib_mapping_file: true
+  when: (ib_switch_support) and (ib_mapping_file_path | length > 0)
+
+- name: Assert valid infiniband_mapping_file_path
+  stat:
+    path: "{{ ib_mapping_file_path }}"
+  when: ib_switch_support and ib_mapping_file
+  register: result_ib_mapping_file
+
+- name : Valid infiniband_mapping_file_path
+  fail:
+    msg: "{{ invalid_mapping_file_path }} for infiniBand network configuration"
+  when: ib_mapping_file and (not result_ib_mapping_file.stat.exists)
+
+- name: Verify different nics with infiniband nic
+  assert:
+    that:
+      - public_nic != ib_network_nic
+      - mngmnt_network_nic != ib_network_nic
+      - ib_network_nic != host_network_nic
+    success_msg: "{{ success_msg_different_nics_ib }}"
+    fail_msg: "{{ fail_msg_different_nics_ib }}"
+  when: ib_switch_support

appliance/roles/common/tasks/main.yml

@@ -26,10 +26,10 @@
   import_tasks: package_installation.yml
 
 - name: Basic Configuration
-  import_tasks: password_config.yml
+  import_tasks: fetch_base_inputs.yml
 
-- name: Docker installation and configuration
-  import_tasks: docker_installation.yml
+- name: Credentials Configuration
+  import_tasks: password_config.yml
 
-- name: Docker volume creation
-  import_tasks: docker_volume.yml
+- name: Omnia inputs validation
+  import_tasks: verify_omnia_params.yml

appliance/roles/common/tasks/package_installation.yml

@@ -18,3 +18,8 @@
     name: "{{ common_packages }}"
     state: present
   tags: install
+
+- name: Install netaddr
+  command: pip3 install netaddr
+  tags: install
+  changed_when: false

control_plane/roles/control_plane_common/tasks/password_config.yml

@@ -0,0 +1,224 @@
+# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check login_vars file is encrypted
+  command: cat {{ login_vars_filename }}
+  changed_when: false
+  register: config_content
+
+- name: Decrpyt login_vars.yml
+  command: >-
+    ansible-vault decrypt {{ login_vars_filename }}
+    --vault-password-file {{ vault_filename }}
+  changed_when: false
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+
+- name: Include variable file login_vars.yml
+  include_vars: "{{ login_vars_filename }}"
+  no_log: true
+
+- name: Validate input parameters are not empty
+  fail:
+    msg: "{{ input_config_failure_msg }}"
+  register: input_config_check
+  when:
+    - provision_password | length < 1 or
+      cobbler_password | length < 1 or      
+      idrac_username | length < 1 or
+      idrac_password | length < 1      
+
+- name: Assert provision_password
+  assert:
+    that:
+      - provision_password | length > min_length | int - 1
+      - provision_password | length < max_length | int + 1
+      - '"-" not in provision_password '
+      - '"\\" not in provision_password '
+      - '"\"" not in provision_password '
+      - " \"'\" not in provision_password "
+    success_msg: "{{ success_msg_provision_password }}"
+    fail_msg: "{{ fail_msg_provision_password }}"
+  no_log: true
+  register: provision_password_check
+
+- name: Assert cobbler_password
+  assert:
+    that:
+      - cobbler_password | length > min_length | int - 1
+      - cobbler_password | length < max_length | int + 1
+      - '"-" not in cobbler_password '
+      - '"\\" not in cobbler_password '
+      - '"\"" not in cobbler_password '
+      - " \"'\" not in cobbler_password "
+    success_msg: "{{ success_msg_cobbler_password }}"
+    fail_msg: "{{ fail_msg_cobbler_password }}"
+  no_log: true
+  register: cobbler_password_check
+
+- name: Assert idrac_username
+  assert:
+    that:
+      - idrac_username | length >= min_username_length
+      - idrac_username | length < max_length
+      - '"-" not in idrac_username '
+      - '"\\" not in idrac_username '
+      - '"\"" not in idrac_username '
+      - " \"'\" not in idrac_username "
+    success_msg: "{{ success_idrac_username }}"
+    fail_msg: "{{ fail_idrac_username }}"
+  no_log: true
+
+- name: Assert idrac_password
+  assert:
+    that:
+      - idrac_password | length > min_username_length | int - 1
+      - idrac_password | length < max_length | int + 1
+      - '"-" not in idrac_password '
+      - '"\\" not in idrac_password '
+      - '"\"" not in idrac_password '
+      - " \"'\" not in idrac_password "
+    success_msg: "{{ success_msg_idrac_password }}"
+    fail_msg: "{{ fail_msg_idrac_password }}"
+  no_log: true
+  register: idrac_password_check
+
+- name: Verify ethernet_switch_username and ethernet_switch_password are not empty
+  assert:
+    that:
+      - ethernet_switch_username | length > 0
+      - ethernet_switch_password | length > 0
+    success_msg: "{{ ethernet_params_success_msg }}"
+    fail_msg: "{{ ethernet_params_empty_fail_msg }}"
+  when: ethernet_switch_support
+
+- name: Assert ethernet_switch_username
+  assert:
+    that:
+      - ethernet_switch_username | length >= min_username_length
+      - ethernet_switch_username | length < max_length
+      - '"-" not in ethernet_switch_username '
+      - '"\\" not in ethernet_switch_username '
+      - '"\"" not in ethernet_switch_username '
+      - " \"'\" not in ethernet_switch_username "
+    success_msg: "{{ success_ethernet_switch_username }}"
+    fail_msg: "{{ fail_ethernet_switch_username }}"
+  when: ethernet_switch_support
+
+- name: Assert ethernet_switch_password
+  assert:
+    that:
+      - ethernet_switch_password | length > min_username_length | int - 1
+      - ethernet_switch_password | length < max_length | int + 1
+      - '"-" not in ethernet_switch_password '
+      - '"\\" not in ethernet_switch_password '
+      - '"\"" not in ethernet_switch_password '
+      - " \"'\" not in ethernet_switch_password "
+    success_msg: "{{ success_msg_ethernet_switch_password }}"
+    fail_msg: "{{ fail_msg_ethernet_switch_password }}"
+  when: ethernet_switch_support
+  no_log: true
+
+- name: Verify ib_username and ib_password are not empty
+  assert:
+    that:
+      - ib_username | length > 0
+      - ib_password | length > 0
+    success_msg: "{{ ib_params_success_msg }}"
+    fail_msg: "{{ ib_params_empty_fail_msg }}"
+  when: ib_switch_support
+
+- name: Assert ib_username
+  assert:
+    that:
+      - ib_username | length >= min_username_length
+      - ib_username | length < max_length
+      - '"-" not in ib_username '
+      - '"\\" not in ib_username '
+      - '"\"" not in ib_username '
+      - " \"'\" not in ib_username "
+    success_msg: "{{ success_ib_username }}"
+    fail_msg: "{{ fail_ib_username }}"
+  when: ib_switch_support
+
+- name: Assert ib_password
+  assert:
+    that:
+      - ib_password | length > min_username_length | int - 1
+      - ib_password | length < max_length | int + 1
+      - '"-" not in ib_password '
+      - '"\\" not in ib_password '
+      - '"\"" not in ib_password '
+      - " \"'\" not in ib_password "
+    success_msg: "{{ success_msg_ib_password }}"
+    fail_msg: "{{ fail_msg_ib_password }}"
+  when: ib_switch_support
+  no_log: true
+
+- name: Verify powervault_me4_username and powervault_me4_password are not empty
+  assert:
+    that:
+      - powervault_me4_username | length > 0
+      - powervault_me4_password | length > 0
+    success_msg: "{{ pv_params_success_msg }}"
+    fail_msg: "{{ pv_params_empty_fail_msg }}"
+  when: powervault_support
+
+- name: Assert powervault_me4_username
+  assert:
+    that:
+      - powervault_me4_username | length >= min_username_length
+      - powervault_me4_username | length < max_length
+      - '"-" not in powervault_me4_username '
+      - '"\\" not in powervault_me4_username '
+      - '"\"" not in powervault_me4_username '
+      - " \"'\" not in powervault_me4_username "
+    success_msg: "{{ success_powervault_me4_username }}"
+    fail_msg: "{{ fail_powervault_me4_username }}"
+  when: powervault_support
+
+- name: Assert powervault_me4_password
+  assert:
+    that:
+      - powervault_me4_password | length > min_username_length | int - 1
+      - powervault_me4_password | length < max_length | int + 1
+      - '"-" not in powervault_me4_password '
+      - '"\\" not in powervault_me4_password '
+      - '"\"" not in powervault_me4_password '
+      - " \"'\" not in powervault_me4_password "
+    success_msg: "{{ success_msg_powervault_me4_password }}"
+    fail_msg: "{{ fail_msg_powervault_me4_password }}"
+  when: powervault_support
+  no_log: true
+
+- name: Create ansible vault key
+  set_fact:
+    vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
+  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
+
+- name: Save vault key
+  copy:
+    dest: "{{ vault_filename }}"
+    content: |
+      {{ vault_key }}
+    owner: root
+    force: yes
+    mode: "{{ vault_file_perm }}"
+  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
+
+- name: Encrypt input config file
+  command: >-
+    ansible-vault encrypt {{ login_vars_filename }}
+    --vault-password-file {{ vault_filename }}
+  changed_when: false

appliance/roles/common/tasks/pre_requisite.yml

@@ -13,9 +13,20 @@
 #  limitations under the License.
 ---
 
+- name: Verify the ansible and python versions installed
+  fail:
+    msg: "{{ ansible_python_version_status }}"
+  when: ansible_python_version != python_version_support
+  tags: install
+
+- name: Verify whether ansible configuration file exists
+  stat:
+    path: "{{ default_ansible_config_file_path }}"
+  register: file_exists
+
 - name: Set omnia.log file
   replace:
-    path: /etc/ansible/ansible.cfg
+    path: "{{ default_ansible_config_file_path }}"
     regexp: '#log_path = /var/log/ansible.log'
     replace: 'log_path = /var/log/omnia.log'
   tags: install
@@ -27,15 +38,23 @@
   register: os_value
   tags: install
 
+- name: Fetch SElinux mode
+  command: sestatus
+  register: sestatus_current
+  changed_when: false
+
 - name: Disable SElinux
-  selinux:
-    state: disabled
+  replace:
+    path: /etc/sysconfig/selinux
+    regexp: 'SELINUX=[a-z]+'
+    replace: 'SELINUX=disabled'
+  when: '"SELinux status:                 enabled" in sestatus_current.stdout_lines'
   tags: install
 
 - name: Status of SElinux
   fail:
     msg: "{{ selinux_status }}"
-  when: ansible_selinux.status != 'disabled'
+  when: '"SELinux status:                 enabled" in sestatus_current.stdout_lines'
   register: selinux_value
   tags: install
 
@@ -43,4 +62,4 @@
   service:
     name: firewalld
     state: started
-    enabled: yes
+    enabled: yes

control_plane/roles/control_plane_common/tasks/verify_omnia_params.yml

@@ -0,0 +1,88 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Check if omnia_vault_key exists
+  stat:
+    path: "{{ role_path }}/../../../{{ config_vaultname }}"
+  register: vault_key_result
+
+- name: Create ansible vault key if it does not exist
+  set_fact:
+    vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
+  when: not vault_key_result.stat.exists
+
+- name: Save vault key
+  copy:
+    dest: "{{ role_path }}/../../../{{ config_vaultname }}"
+    content: |
+      {{ vault_key }}
+    owner: root
+    force: yes
+    mode: "{{ vault_file_perm }}"
+  when: not vault_key_result.stat.exists
+
+- name: Check if omnia config file is encrypted
+  command: cat {{ role_path }}/../../../{{ config_filename }}
+  changed_when: false
+  register: config_content
+  no_log: True
+
+- name: Decrpyt omnia_config.yml
+  command: >-
+    ansible-vault decrypt {{ role_path }}/../../../{{ config_filename }}
+    --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+
+- name: Include variable file omnia_config.yml
+  include_vars: "{{ role_path }}/../../../{{ config_filename }}"
+  no_log: True
+
+- name: Validate input parameters are not empty
+  fail:
+    msg: "{{ input_omnia_failure_msg }}"
+  register: input_config_check
+  when:
+    - mariadb_password | length < 1 or
+      k8s_cni | length < 1
+
+- name: Assert mariadb_password
+  assert:
+    that:
+        - mariadb_password | length > min_length | int - 1
+        - mariadb_password | length < max_length | int + 1
+        - '"-" not in mariadb_password '
+        - '"\\" not in mariadb_password '
+        - '"\"" not in mariadb_password '
+        - " \"'\" not in mariadb_password "
+    success_msg: "{{ success_msg_mariadb_password }}"
+    fail_msg: "{{ fail_msg_mariadb_password }}"
+
+- name: Assert kubernetes cni
+  assert:
+    that: "('calico' in k8s_cni) or ('flannel' in k8s_cni)"
+    success_msg: "{{ success_msg_k8s_cni }}"
+    fail_msg: "{{ fail_msg_k8s_cni }}"
+
+- name: Save input variables from file
+  set_fact:
+    db_password: "{{ mariadb_password }}"
+    k8s_cni: "{{ k8s_cni }}"
+  no_log: True
+
+- name: Encrypt input config file
+  command: >-
+    ansible-vault encrypt {{ role_path }}/../../../{{ config_filename }}
+    --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
+  changed_when: false

control_plane/roles/control_plane_common/vars/main.yml

@@ -0,0 +1,134 @@
+#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# vars file for common
+
+# Usage: package_installation.yml
+common_packages:
+  - epel-release
+  - yum-utils
+  - git
+  - gcc
+  - gcc-c++
+  - nodejs
+  - device-mapper-persistent-data
+  - bzip2
+  - python2-pip
+  - python3-pip
+  - nano
+  - lvm2
+  - gettext
+  - net-tools
+  - python3-netaddr
+  - yum-plugin-versionlock
+
+# Usage: pre_requisite.yml
+internet_delay: 0
+internet_timeout: 10
+hostname: github.com
+port_no: 22
+os_name: CentOS
+os_version: '8.3' 
+internet_status: "Failed. No Internet connection. Make sure network is up."
+os_status: "Unsupported OS or OS version. OS should be {{ os_name }} and Version should be {{ os_version }} or more"
+selinux_status: "SElinux is not disabled. Disable it in /etc/sysconfig/selinux and reboot the system"
+iso_name: CentOS-7-x86_64-Minimal-2009.iso
+iso_fail: "Iso file not found. Download and copy the iso file to omnia/control_plane/roles/provision_cobbler/files"
+ansible_python_version_status: "For CentOS 8.3, python bindings of firewalld, dnf, selinux are not available if python is installed from source and not from dnf. So please make sure python3.6 is installed using dnf. And ansible uses the python version 3.6 installed using dnf"
+python_version_support: '3.6.8'
+default_ansible_config_file_path: /etc/ansible/ansible.cfg
+
+# Usage: password_config.yml
+login_vars_filename: "input_params/login_vars.yml"
+vault_filename: input_params/.login_vault_key
+min_length: 8
+max_length: 30
+min_username_length: 4
+file_perm: '0755'
+vault_file_perm: '0600'
+nic_min_length: 3
+input_config_failure_msg: "Please provide all the required parameters in login_vars.yml"
+fail_msg_provision_password: "Failed. Incorrect provision_password format provided in login_vars.yml"
+success_msg_provision_password: "provision_password validated"
+fail_msg_cobbler_password: "Failed. Incorrect cobbler_password format provided in login_vars.yml file"
+success_msg_cobbler_password: "cobbler_password validated"
+success_idrac_username: "idrac username validated"
+fail_idrac_username: "Failed. Incorrect idrac_username format provided in base_vars.yml"
+success_msg_idrac_password: "idrac password validated"
+fail_msg_idrac_password: "Failed. Incorrect idrac_password format provided in base_vars.yml"
+ethernet_params_success_msg: "Ethernet switch username and password are not blank"
+ethernet_params_empty_fail_msg: "Failed. ethernet switch username or password cannot be empty when ethernet_switch_support is true"
+success_ethernet_switch_username: "Ethernet switch username validated"
+fail_ethernet_switch_username: "Failed. Incorrect ethernet_switch_username format provided in base_vars.yml"
+success_msg_ethernet_switch_password: "Ethernet password validated"
+fail_msg_ethernet_switch_password: "Failed. Incorrect ethernet_switch_password format provided in base_vars.yml"
+ib_params_success_msg: "InfiniBand switch username and password are not blank"
+ib_params_empty_fail_msg: "Failed. InfiniBand username or password cannot be empty when ib_switch_support is true"
+success_ib_username: "ib username validated"
+fail_ib_username: "Failed. Incorrect ib_username format provided in base_vars.yml"
+success_msg_ib_password: "ib password validated"
+fail_msg_ib_password: "Failed. Incorrect ib_password format provided in base_vars.yml"
+pv_params_success_msg: "Powervault switch username and password are not blank"
+pv_params_empty_fail_msg: "Failed. Powervault username or password cannot be empty when powervault_support is true"
+success_powervault_username: "powervault username validated"
+fail_powervault_username: "Failed. Incorrect powervault_username format provided in base_vars.yml"
+success_msg_powervault_password: "powervault password validated"
+fail_msg_powervault_password: "Failed. Incorrect powervault_password format provided in base_vars.yml"
+
+# Usage: verify_omnia_params.yml
+config_filename: "omnia_config.yml"
+config_vaultname: .omnia_vault_key
+input_omnia_failure_msg: "Please provide all the required parameters in omnia_config.yml"
+fail_msg_mariadb_password: "Failed. Incorrect mariadb_password format provided in omnia_config.yml file"
+success_msg_mariadb_password: "mariadb_password validated"
+success_msg_k8s_cni: "Kubernetes CNI Validated"
+fail_msg_k8s_cni: "Failed. Kubernetes CNI is incorrect in omnia_config.yml"
+
+# Usage: fetch_base_inputs.yml
+base_vars_filename: "input_params/base_vars.yml"
+input_base_failure_msg: "Please provide all the required parameters in base_vars.yml"
+success_snmp_trap_dest: "SNMP trap destination IP validated"
+fail_snmp_trap_dest: "Failed. Incorrect SNMP trap destination IP format provided in base_address.yml"
+success_snmp_comm_msg: "SNMP community string validated"
+fail_snmp_comm_msg: "snmp community string cannoy be blank in base_vars.yml"
+success_msg_public_nic: "Public nic successfully validated"
+fail_msg_public_nic: "Failed. Incorrect public nic provided in base_vars.yml"
+success_msg_k8s_pod_network_cidr: "Appliance k8s pod network cidr validated"
+fail_msg_k8s_pod_network_cidr: "Failed. Incorrect appliance k8s pod network cidr provided in base_vars.yml"
+success_awx_organization: "awx organization validated"
+fail_awx_organization: "Failed. Incorrect format in awx organization"
+success_timezone_msg: "timezone validated"
+fail_timezone_msg: "Failed. Incorrect timezone provided. Please check the file timezone.txt in control_plane/roles/control_plane_common/files/ folder"
+fail_language: "Failed. Only en-US(english) language supported"
+invalid_iso_file_path: "Incorrect iso_file_path provided in base_vars.yml."
+ethernet_switch_support_success_msg: "ethernet_switch_support validated"
+ethernet_switch_support_fail_msg: "Failed. ethernet_switch_support only accepts boolean values true or false"
+ib_switch_support_success_msg: "ib_switch_support validated"
+ib_switch_support_fail_msg: "Failed. ib_switch_support only accepts boolean values true or false"
+powervault_support_success_msg: "powervault_support validated"
+powervault_support_fail_msg: "Failed. power_vault_support only accepts boolean values true or false"
+success_msg_mngmnt_network_nic: "Management network nic successfully validated"
+fail_msg_mngmnt_network_nic: "Failed. Incorrect Management network nic provided in base_vars.yml"
+success_msg_host_network_nic: "Host network nic successfully validated"
+fail_msg_host_network_nic: "Failed. Incorrect host network nic provided in base_vars.yml"
+success_msg_ib_network_nic: "Infiniband network nic successfully validated"
+fail_msg_ib_network_nic: "Failed. Incorrect infiniband network nic provided in base_vars.yml"
+success_dhcp_range: "Dhcp_range validated"
+fail_dhcp_range: "Failed. Incorrect range assigned for dhcp"
+invalid_mapping_file_path: "Incorrect mapping_file_path provided in base_vars.yml"
+success_msg_different_nics: "The nics of different containers and public nic are not the same - Validated"
+fail_msg_different_nics: "Failed. Incorrect nic information. public nic, management network nic and host network nic should not be the same"
+success_msg_different_nics_ib: "The nics of different containers and public nic are not the same as infiniband nic- Validated"
+fail_msg_different_nics_ib: "Failed. Infiniband nic cannot be the same as other nics"

control_plane/roles/control_plane_customiso/tasks/main.yml

@@ -0,0 +1,19 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# Will be updated later in each PR
+- name: Pass
+  debug:
+    msg: "Pass"

control_plane/roles/control_plane_device/tasks/main.yml

@@ -0,0 +1,19 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# Will be updated later in each PR
+- name: Pass
+  debug:
+    msg: "Pass"

control_plane/roles/control_plane_ib/tasks/main.yml

@@ -0,0 +1,19 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# Will be updated later in each PR
+- name: Pass
+  debug:
+    msg: "Pass"

control_plane/roles/control_plane_k8s/files/crio.conf

@@ -0,0 +1,2 @@
+overlay
+br_netfilter

control_plane/roles/control_plane_k8s/files/k8s-crio.conf

@@ -0,0 +1,3 @@
+net.bridge.bridge-nf-call-ip6tables = 1
+net.ipv4.ip_forward                 = 1
+net.bridge.bridge-nf-call-iptables  = 1

control_plane/roles/control_plane_k8s/files/k8s.conf

@@ -0,0 +1 @@
+br_netfilter

control_plane/roles/control_plane_k8s/files/k8s_dashboard_admin.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: admin-user
+  namespace: kubernetes-dashboard

control_plane/roles/control_plane_k8s/files/metal-config.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: metallb-system
+  name: config
+data:
+  config: |
+    address-pools:
+    - name: default
+      protocol: layer2
+      addresses:

control_plane/roles/control_plane_k8s/files/metallb.yaml

@@ -0,0 +1,223 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: metallb-system
+  labels:
+    app: metallb
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: metallb-system
+  name: controller
+  labels:
+    app: metallb
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: metallb-system
+  name: speaker
+  labels:
+    app: metallb
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metallb-system:controller
+  labels:
+    app: metallb
+rules:
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "list", "watch", "update"]
+- apiGroups: [""]
+  resources: ["services/status"]
+  verbs: ["update"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["create", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metallb-system:speaker
+  labels:
+    app: metallb
+rules:
+- apiGroups: [""]
+  resources: ["services", "endpoints", "nodes"]
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: metallb-system
+  name: config-watcher
+  labels:
+    app: metallb
+rules:
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["create"]
+---
+
+## Role bindings
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metallb-system:controller
+  labels:
+    app: metallb
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: metallb-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metallb-system:controller
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metallb-system:speaker
+  labels:
+    app: metallb
+subjects:
+- kind: ServiceAccount
+  name: speaker
+  namespace: metallb-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metallb-system:speaker
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  namespace: metallb-system
+  name: config-watcher
+  labels:
+    app: metallb
+subjects:
+- kind: ServiceAccount
+  name: controller
+- kind: ServiceAccount
+  name: speaker
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: config-watcher
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  namespace: metallb-system
+  name: speaker
+  labels:
+    app: metallb
+    component: speaker
+spec:
+  selector:
+    matchLabels:
+      app: metallb
+      component: speaker
+  template:
+    metadata:
+      labels:
+        app: metallb
+        component: speaker
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "metallb_container_port"
+    spec:
+      serviceAccountName: speaker
+      terminationGracePeriodSeconds: 0
+      hostNetwork: true
+      containers:
+      - name: speaker
+        image: metallb/speaker:v0.7.3
+        imagePullPolicy: IfNotPresent
+        args:
+        - --port=metallb_container_port
+        - --config=config
+        env:
+        - name: METALLB_NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        ports:
+        - name: monitoring
+          containerPort: metallb_container_port
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          capabilities:
+            drop:
+            - all
+            add:
+            - net_raw
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: metallb-system
+  name: controller
+  labels:
+    app: metallb
+    component: controller
+spec:
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app: metallb
+      component: controller
+  template:
+    metadata:
+      labels:
+        app: metallb
+        component: controller
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "metallb_container_port"
+    spec:
+      serviceAccountName: controller
+      terminationGracePeriodSeconds: 0
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: metallb_run_as_user_port # nobody
+      containers:
+      - name: controller
+        image: metallb/controller:v0.7.3
+        imagePullPolicy: IfNotPresent
+        args:
+        - --port=metallb_container_port
+        - --config=config
+        ports:
+        - name: monitoring
+          containerPort: metallb_container_port
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - all
+          readOnlyRootFilesystem: true
+
+---

control_plane/roles/control_plane_k8s/tasks/k8s_firewalld.yml

@@ -0,0 +1,56 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Install firewalld
+  package:
+    name: firewalld
+    state: present
+
+- name: Start and enable firewalld
+  service:
+    name: firewalld
+    state: started
+    enabled: yes
+
+- name: Configure firewalld on master nodes
+  firewalld:
+    port: "{{ item }}/tcp"
+    permanent: yes
+    state: enabled
+  with_items: '{{ k8s_master_ports }}'
+
+- name: Open calico UDP ports on the firewall
+  firewalld:
+    port: "{{ item }}/udp"
+    permanent: yes
+    state: enabled
+  with_items: "{{ calico_udp_ports }}"
+
+- name: Open calico TCP ports on the firewall
+  firewalld:
+    port: "{{ item }}/tcp"
+    permanent: yes
+    state: enabled
+  with_items: "{{ calico_tcp_ports }}"
+
+- name: Reload firewalld
+  command: firewall-cmd --reload
+  changed_when: true
+
+- name: Stop and disable firewalld
+  service:
+    name: firewalld
+    state: stopped
+    enabled: no

control_plane/roles/control_plane_k8s/tasks/k8s_helm.yml

@@ -0,0 +1,41 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Create directory for helm installer file
+  file:
+    path: "{{ helm_installer_file_directory }}"
+    state: directory
+    mode: "{{ helm_installer_file_directory_mode }}"
+
+- name: Get helm installer
+  get_url:
+    url: "{{ helm_installer_url }}"
+    dest: "{{ helm_installer_file_dest }}"
+    mode: "{{ helm_installer_file_mode }}"
+  register: helm_installer_result
+  until: helm_installer_result is not failed
+  retries: 20
+
+- name: Install helm
+  command: "/bin/bash {{ helm_installer_file_dest }}"
+  changed_when: true
+
+- name: Helm - add stable repo
+  command: "helm repo add stable '{{ helm_stable_repo_url }}'"
+  changed_when: true
+
+- name: Helm - update repo
+  command: helm repo update
+  changed_when: true

control_plane/roles/control_plane_k8s/tasks/k8s_init.yml

@@ -0,0 +1,126 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Disable SWAP (1/2)
+  command: /usr/sbin/swapoff -a
+  changed_when: true
+  tags: init
+
+- name: Disable SWAP in fstab (2/2)
+  replace:
+    path: /etc/fstab
+    regexp: '^([^#].*?\sswap\s+.*)$'
+    replace: '# \1'
+
+- name: Get K8s nodes status
+  command: kubectl get nodes
+  changed_when: false
+  ignore_errors: True
+  register: k8s_nodes
+
+- name: Get K8s pods status
+  command: kubectl get pods --all-namespaces
+  changed_when: false
+  ignore_errors: True
+  register: k8s_pods
+
+- name: Initialize kubeadm
+  block:
+    - name: Initialize kubeadm
+      command: "/bin/kubeadm init --pod-network-cidr='{{ appliance_k8s_pod_net_cidr }}' \
+        --apiserver-advertise-address='{{ ansible_default_ipv4.address }}'"
+      changed_when: true
+      register: init_output
+  rescue:
+    - name: Reset kubeadm
+      command: "kubeadm reset -f"
+      changed_when: true
+
+    - name: Initialize kubeadm
+      command: "/bin/kubeadm init --pod-network-cidr='{{ k8s_pod_network_cidr }}' \
+          --apiserver-advertise-address='{{ ansible_default_ipv4.address }}'"
+      changed_when: true
+      register: init_output
+
+    - name: Get K8s pods status
+      command: kubectl get pods --all-namespaces
+      changed_when: false
+      ignore_errors: True
+      register: k8s_pods
+  when: "'master' not in k8s_nodes.stdout"
+
+- name: Setup directory for Kubernetes environment for root
+  file:
+    path: "{{ k8s_root_directory }}"
+    state: directory
+    mode: "{{ k8s_root_directory_mode }}"
+
+- name: Copy Kubernetes config for root
+  copy:
+    src: "{{ k8s_config_src }}"
+    dest: "{{ k8s_config_dest }}"
+    owner: root
+    group: root
+    mode: "{{ k8s_config_file_mode }}"
+    remote_src: yes
+
+- name: Update the kubernetes config file permissions
+  shell: "chown $(id -u):$(id -g) '{{ k8s_config_dest }}'"
+  args:
+    warn: false
+  changed_when: true
+
+- name: Cluster token
+  shell: >
+    set -o pipefail && \
+      kubeadm token list | cut -d ' ' -f1 | sed -n '2p'
+  changed_when: false
+  register: K8S_TOKEN
+
+- name: CA Hash
+  shell: >
+    set -o pipefail && \
+      openssl x509 -pubkey -in {{ k8s_cert_path }} | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
+  changed_when: false
+  register: K8S_MANAGER_CA_HASH
+
+- name: Add K8S Manager IP, Token, and Hash to dummy host
+  add_host:
+    name:   "K8S_TOKEN_HOLDER"
+    token:  "{{ K8S_TOKEN.stdout }}"
+    hash:   "{{ K8S_MANAGER_CA_HASH.stdout }}"
+    ip:     "{{ ansible_default_ipv4.address }}"
+
+- name: Create yaml repo for setup
+  file:
+    path: "{{ yaml_repo_dir_path }}"
+    state: directory
+    mode: "{{ yaml_repo_dir_mode }}"
+
+- name: Setup Calico SDN network - tigera-operator
+  command: "kubectl create -f {{ tigera_operator_url }}"
+  changed_when: true
+  when: "'tigera-operator' not in k8s_pods.stdout"
+
+- name: Setup Calico SDN network - custom-resources
+  command: "kubectl create -f {{ calico_yml_url }}"
+  changed_when: true
+  ignore_errors: True
+  when: "'calico-system' not in k8s_pods.stdout"
+
+- name: Edge / Workstation Install allows pods to schedule on manager
+  command: kubectl taint nodes --all node-role.kubernetes.io/master-
+  changed_when: true
+  ignore_errors: True

control_plane/roles/control_plane_k8s/tasks/k8s_installation.yml

@@ -0,0 +1,123 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Permanently Disable swap
+  mount:
+    name: "swap"
+    fstype: swap
+    state: absent
+
+- name: Disable selinux
+  selinux:
+    state: disabled
+
+- name: Copy k8s.conf file
+  copy:
+    src: k8s.conf
+    dest: "{{ k8s_conf_dest }}"
+    owner: root
+    group: root
+    mode: "{{ conf_file_mode }}"
+
+- name: Copy crio.conf file
+  copy:
+    src: crio.conf
+    dest: "{{ crio_conf_dest }}"
+    owner: root
+    group: root
+    mode: "{{ conf_file_mode }}"
+
+- name: Enable the kernel modules overlay and br_netfilter
+  modprobe:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - overlay
+    - br_netfilter
+
+- name: Update sysctl to handle incorrectly routed traffic when iptables is bypassed
+  copy:
+    src: k8s-crio.conf
+    dest: "{{ k8s_crio_conf_dest }}"
+    owner: root
+    group: root
+    mode: "{{ conf_file_mode }}"
+
+- name: Update sysctl
+  command: /sbin/sysctl --system
+  changed_when: true
+
+- name: Add CRI-O repo (1/2)
+  get_url:
+    url: "{{ crio_repo1_url }}"
+    dest: "{{ crio_repo1_dest }}"
+  register: crio_repo1_result
+  until: crio_repo1_result is not failed
+  retries: 20
+
+- name: Add CRI-O repo (2/2)
+  get_url:
+    url: "{{ crio_repo2_url }}"
+    dest: "{{ crio_repo2_dest }}"
+  register: crio_repo2_result
+  until: crio_repo2_result is not failed
+  retries: 20
+
+- name: Add kubernetes repo
+  yum_repository:
+    name: kubernetes
+    description: kubernetes
+    baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+    enabled: yes
+    gpgcheck: no
+    repo_gpgcheck: no
+    gpgkey:
+      - https://packages.cloud.google.com/yum/doc/yum-key.gpg
+      - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+
+- name: Install common packages
+  package:
+    name: "{{ common_packages }}"
+    state: present
+
+- name: Install k8s packages
+  package:
+    name: "{{ k8s_packages }}"
+    state: present
+
+- name: Versionlock kubernetes
+  command: "yum versionlock '{{ item }}'"
+  args:
+    warn: false
+  with_items:
+    - "{{ k8s_packages }}"
+  changed_when: true
+
+- name: Start and enable crio
+  service:
+    name: crio
+    state: restarted
+    daemon_reload: yes
+    enabled: yes
+
+- name: Start and enable kubernetes - kubelet
+  service:
+    name: kubelet
+    state: restarted
+    enabled: yes
+
+- name: Wait for 30sec for kubelet to get things ready
+  pause:
+    seconds: 30

control_plane/roles/control_plane_k8s/tasks/k8s_services.yml

@@ -0,0 +1,129 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Wait for CoreDNS to restart
+  command: kubectl rollout status deployment/coredns -n kube-system
+  changed_when: false
+  ignore_errors: True
+
+- name: Get K8s pods
+  command: kubectl get pods --all-namespaces
+  changed_when: false
+  register: k8s_pods
+
+- name: Deploy MetalLB
+  command: "kubectl apply -f '{{ metallb_yaml_url }}'"
+  changed_when: true
+  when: "'metallb' not in k8s_pods.stdout"
+
+- name: Create MetalLB Setup Config Files
+  copy:
+    src: metal-config.yaml
+    dest: "{{ metallb_config_file_dest }}"
+    owner: root
+    group: root
+    mode: "{{ metallb_config_file_mode }}"
+
+- name: Replace metallb_addresses
+  replace:
+    path: "{{ metallb_config_file_dest }}"
+    regexp: 'addresses:'
+    replace: "{{ metallb_addresses }}"
+
+- name: Remove ^M characters from metal-config file
+  shell: 'sed -e "s/\r//g" {{ metallb_config_file_dest }} > {{ metallb_config_updated_file_dest }}'
+  args:
+    warn: false
+  changed_when: true
+
+- name: Update metal-config file permissions
+  file:
+    path: "{{ metallb_config_updated_file_dest }}"
+    owner: root
+    group: root
+    mode: "{{ metallb_config_file_mode }}"
+
+- name: Remove old metallb-config file
+  file:
+    path: "{{ metallb_config_file_dest }}"
+    state: absent
+
+- name: Create MetalLB Setup Deployment Files
+  copy:
+    src: metallb.yaml
+    dest: "{{ metallb_deployment_file_dest }}"
+    owner: root
+    group: root
+    mode: "{{ metallb_deployment_file_mode }}"
+
+- name: Replace metallb_container_port
+  replace:
+    path: "{{ metallb_deployment_file_dest }}"
+    regexp: 'metallb_container_port'
+    replace: "{{ metallb_container_port }}"
+
+- name: Replace metallb_container_port
+  replace:
+    path: "{{ metallb_deployment_file_dest }}"
+    regexp: 'metallb_run_as_user_port'
+    replace: "{{ metallb_run_as_user_port }}"
+
+- name: Deploy MetalLB
+  command: "kubectl apply -f '{{ metallb_deployment_file_dest }}'"
+  changed_when: true
+  when: "'metallb' not in k8s_pods.stdout"
+
+- name: Create default setup for MetalLB
+  command: "kubectl apply -f '{{ metallb_config_updated_file_dest }}'"
+  changed_when: true
+  when: "'metallb' not in k8s_pods.stdout"
+
+- name: Deploy K8s dashboard
+  command: "kubectl apply -f {{ k8s_dashboard_yaml_url }}"
+  changed_when: true
+  when: "'kubernetes-dashboard' not in k8s_pods.stdout"
+
+- name: Copy k8s_dashboard_admin.yml file
+  copy:
+    src: k8s_dashboard_admin.yaml
+    dest: "{{ k8s_dashboard_admin_file_dest }}"
+    owner: root
+    group: root
+    mode: "{{ k8s_dashboard_admin_file_mode }}"
+
+- name: Create admin user for K8s dashboard
+  command: "kubectl apply -f {{ k8s_dashboard_admin_file_dest }}"
+  changed_when: true
+
+- name: Start NFS Client Provisioner
+  command: "helm install stable/nfs-client-provisioner --set nfs.server='{{ ansible_default_ipv4.address }}' --set nfs.path='{{ nfs_path }}' --generate-name"
+  changed_when: true
+  when: "'nfs-client-provisioner' not in k8s_pods.stdout"
+
+- name: Set NFS-Client Provisioner as DEFAULT StorageClass
+  shell: >
+    kubectl patch storageclasses.storage.k8s.io nfs-client \
+    -p '{ "metadata": { "annotations":{ "storageclass.kubernetes.io/is-default-class":"true" }}}'
+  changed_when: true
+
+- name: Get K8s namespaces
+  command: kubectl get namespaces
+  changed_when: false
+  register: k8s_namespaces
+
+- name: Create namespace network-config
+  command: kubectl create namespace network-config
+  changed_when: true
+  when: "'network-config' not in k8s_namespaces.stdout"

control_plane/roles/control_plane_k8s/tasks/main.yml

@@ -0,0 +1,29 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Install K8s packages
+  import_tasks: k8s_installation.yml
+
+- name: Configure firewalld
+  import_tasks: k8s_firewalld.yml
+
+- name: Install helm
+  import_tasks: k8s_helm.yml
+
+- name: Initialize K8s
+  import_tasks: k8s_init.yml
+
+- name: Deploy K8s dashboard
+  import_tasks: k8s_services.yml

control_plane/roles/control_plane_k8s/vars/main.yml

@@ -0,0 +1,95 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# vars file for kubernetes
+
+# Usage: k8s_installation.yml
+common_packages:
+  - openssl
+  - bash-completion
+  - cri-o
+  - buildah
+k8s_packages:
+  - kubelet-1.21.0
+  - kubeadm-1.21.0
+  - kubectl-1.21.0
+k8s_conf_dest: /etc/modules-load.d/
+crio_conf_dest: /etc/modules-load.d/
+k8s_crio_conf_dest: /etc/sysctl.d/
+conf_file_mode: 0644
+crio_repo1_url: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_8/devel:kubic:libcontainers:stable.repo
+crio_repo1_dest: /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo
+crio_repo2_url: https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:1.21/CentOS_8/devel:kubic:libcontainers:stable:cri-o:1.21.repo
+crio_repo2_dest: /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:1.21.repo
+
+# Usage: k8s_firewalld.yml
+k8s_master_ports:
+  - 6443
+  - 2379-2380
+  - 10250
+  - 10251
+  - 10252
+calico_udp_ports:
+  - 4789
+calico_tcp_ports:
+  - 5473
+  - 179
+
+# Usage: k8s_helm.yml
+helm_installer_file_directory: /root/bin
+helm_installer_file_directory_mode: 0755
+helm_installer_url: https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
+helm_installer_file_dest: /root/bin/get_helm.sh
+helm_installer_file_mode: 0700
+helm_stable_repo_url: https://charts.helm.sh/stable
+
+# Usage: k8s_init.yml
+k8s_root_directory: /root/.kube
+k8s_root_directory_mode: 0755
+k8s_config_src: /etc/kubernetes/admin.conf
+k8s_config_dest: /root/.kube/config
+k8s_config_file_mode: 0644
+k8s_cert_path: /etc/kubernetes/pki/ca.crt
+yaml_repo_dir_path: /root/k8s
+yaml_repo_dir_mode: 0755
+tigera_operator_url: https://docs.projectcalico.org/manifests/tigera-operator.yaml
+calico_yml_url: https://docs.projectcalico.org/manifests/custom-resources.yaml
+
+# Usage: k8s_services.yml
+metallb_config_file_dest: /root/k8s/metal-config.yaml
+metallb_config_updated_file_dest: /root/k8s/metal-config-updated.yaml
+metallb_config_file_mode: 0655
+metallb_deployment_file_dest: /root/k8s/metallb.yaml
+metallb_deployment_file_mode: 0655
+metallb_yaml_url: https://raw.githubusercontent.com/google/metallb/v0.8.1/manifests/metallb.yaml
+metallb_addresses: |
+  addresses:
+        - 192.168.2.150/32
+        - 192.168.2.151/32
+        - 192.168.2.151/32
+        - 192.168.2.152/32
+        - 192.168.2.153/32
+        - 192.168.2.154/32
+        - 192.168.2.155/32
+        - 192.168.2.156/32
+        - 192.168.2.157/32
+        - 192.168.2.158/32
+        - 192.168.2.159/32
+metallb_container_port: "7472"
+metallb_run_as_user_port: "65534"
+k8s_dashboard_yaml_url: https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
+k8s_dashboard_admin_file_dest: /root/k8s/k8s_dashboard_admin.yaml
+k8s_dashboard_admin_file_mode: 0655
+nfs_path: /var/nfs_awx

appliance/appliance.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,10 +13,5 @@
 #  limitations under the License.
 ---
 
-- name: Executing omnia roles
-  hosts: localhost
-  connection: local
-  roles:
-    - common
-    - provision
-    - web_ui
+- name: NFS Server setup
+  import_tasks: nfs_server_setup.yml

control_plane/roles/control_plane_repo/tasks/nfs_server_setup.yml

@@ -0,0 +1,78 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Install nfs-utils
+  package:
+    name: nfs-utils
+    state: present
+
+- name: Install firewalld
+  package:
+    name: firewalld
+    state: present
+
+- name: Start and enable firewalld
+  service:
+    name: firewalld
+    state: started
+    enabled: yes
+
+- name: Start and enable rpcbind and nfs-server service
+  service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: yes
+  with_items:
+    - rpcbind
+    - nfs-server
+
+- name: Creating NFS share directory
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: "{{ nfs_share_dir_mode }}"
+  with_items:
+    - "{{ nfs_share_offline_repo }}"
+    - "{{ nfs_share_awx }}"
+
+- name: Adding NFS share entries in /etc/exports
+  lineinfile:
+    path: "{{ exports_file_path }}"
+    line: "{{ item }} {{ ansible_default_ipv4.address }}(rw,sync,no_root_squash)"
+  with_items:
+    - "{{ nfs_share_offline_repo }}"
+    - "{{ nfs_share_awx }}"
+
+- name: Exporting the shared directories
+  command: exportfs -r
+  changed_when: true
+
+- name: Configuring firewall
+  firewalld:
+    service: "{{ item }}"
+    permanent: true
+    state: enabled
+  with_items:
+    - "{{ nfs_services }}"
+
+- name: Reload firewalld
+  command: firewall-cmd --reload
+  changed_when: true
+
+- name: Stop and disable firewalld
+  service:
+    name: firewalld
+    state: stopped
+    enabled: no

control_plane/roles/control_plane_repo/vars/main.yml

@@ -0,0 +1,26 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# vars file for offline_repo
+
+# Usage: nfs_server_setup.yml
+nfs_share_offline_repo: /var/nfs_repo
+nfs_share_awx: /var/nfs_awx
+nfs_share_dir_mode: 0777
+exports_file_path: /etc/exports
+nfs_services:
+  - mountd
+  - rpc-bind
+  - nfs

control_plane/roles/control_plane_sm/tasks/main.yml

@@ -0,0 +1,19 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# Will be updated later in each PR
+- name: Pass
+  debug:
+    msg: "Pass"

control_plane/roles/network_ethernet/tasks/main.yml

@@ -0,0 +1,19 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# Will be updated later in each PR
+- name: Pass
+  debug:
+    msg: "Pass"

control_plane/roles/network_ib/tasks/main.yml

@@ -0,0 +1,19 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# Will be updated later in each PR
+- name: Pass
+  debug:
+    msg: "Pass"

control_plane/roles/powervault_me4/tasks/main.yml

@@ -0,0 +1,19 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# Will be updated later in each PR
+- name: Pass
+  debug:
+    msg: "Pass"

appliance/roles/provision/files/inventory_creation.yml

@@ -26,18 +26,18 @@
         vars_new: "{{ var| ipv4('address')| to_nice_yaml}}"
 
     - name: Create the static ip
-      shell: awk -F',' 'NR >1{print $3}' omnia/appliance/roles/provision/files/new_mapping_file.csv > static_hosts.yml
+      shell: awk -F',' 'NR >1{print $3}' omnia/control_plane/roles/provision/files/new_mapping_file.csv > static_hosts.yml
       changed_when: false
       ignore_errors: true
 
     - name: Create the dynamic inventory
       shell: |
-        echo "[all]" >  omnia/appliance/roles/inventory/files/provisioned_hosts.yml
+        echo "[all]" >  omnia/control_plane/roles/collect_node_info/files/provisioned_hosts.yml
         echo "{{ vars_new }}" > temp.txt
         egrep -o '[1-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' temp.txt >>dynamic_hosts.yml
       changed_when: false
       ignore_errors: true
 
     - name: Final inventory
-      shell: cat dynamic_hosts.yml static_hosts.yml| sort -ur  >> omnia/appliance/roles/inventory/files/provisioned_hosts.yml
+      shell: cat dynamic_hosts.yml static_hosts.yml| sort -ur  >> omnia/control_plane/roles/collect_node_info/files/provisioned_hosts.yml
       changed_when: false     

appliance/roles/provision/files/kickstart.yml

@@ -40,7 +40,7 @@
     changed_when: false
 
   - name: Untar loaders
-    command: tar -xf /root/omnia/appliance/roles/provision/files/loaders.tar -C /var/lib/cobbler
+    command: tar -xf /root/omnia/control_plane/roles/provision_cobbler/files/loaders.tar -C /var/lib/cobbler
     changed_when: false
 
   - name: Replace in /etc/debian

appliance/roles/provision/files/temp_centos7.ks

@@ -60,4 +60,11 @@ reboot
 %packages
 @core
 net-tools
-%end
+%end
+
+%post
+$SNIPPET('post_install_kernel_options')
+$SNIPPET('cobbler_register')
+$SNIPPET('kickstart_done')
+%end
+

appliance/roles/provision/files/temp_dhcp.template

@@ -19,6 +19,8 @@ set vendorclass = option vendor-class-identifier;
 option pxe-system-type code 93 = unsigned integer 16;
 
 subnet subnet_mask netmask net_mask {
+option routers router-ip;
+option domain-name-servers dns1, dns2;
 option subnet-mask net_mask;
 range dynamic-bootp start end;
 default-lease-time  21600;

appliance/roles/provision/tasks/dhcp_configure.yml

@@ -32,6 +32,21 @@
     path: "{{ role_path }}/files/dhcp.template"
     regexp: '^option subnet-mask net_mask;'
     replace: 'option subnet-mask {{ netmask }};'
+  tags: install
+
+- name: Assign gateway
+  replace:
+    path: "{{ role_path }}/files/dhcp.template"
+    regexp: '^option routers router-ip;'
+    replace: 'option routers {{ dhcp_gateway }};'
+  tags: install
+
+- name: Assign DNS
+  replace:
+    path: "{{ role_path }}/files/dhcp.template"
+    regexp: '^option domain-name-servers dns1, dns2;'
+    replace: 'option domain-name-servers {{ dhcp_dns1 }}, {{ dhcp_dns2 }};'
+  tags: install
 
 - name: Assign DHCP range
   replace:

appliance/roles/provision/tasks/main.yml

@@ -26,12 +26,12 @@
   import_tasks: firewall_settings.yml
   when: not cobbler_container_status
 
-- name: Include common variables
-  include_vars: ../../common/vars/main.yml
+- name: Include control_plane_common variables
+  include_vars: ../../control_plane_common/vars/main.yml
   when: not cobbler_container_status
 
 - name: Internet validation
-  include_tasks: ../../common/tasks/internet_validation.yml
+  include_tasks: ../../control_plane_common/tasks/internet_validation.yml
   when: not cobbler_container_status
 
 - name: Provision password validation

appliance/roles/provision/tasks/mapping_file.yml

@@ -153,7 +153,7 @@
     dest: "{{ role_path }}/files/backup_mapping_file.csv"
 
 - name: Copy the dhcp.template inside container
-  command: docker exec cobbler cp /root/omnia/appliance/roles/provision/files/dhcp.template /etc/cobbler/dhcp.template
+  command: docker exec cobbler cp {{ role_path }}/files/dhcp.template /etc/cobbler/dhcp.template
   when:  ( cobbler_container_status == true ) and ( new_node_status == true )
 
 - name: Cobbler sync for adding new nodes

control_plane/roles/provision_idrac/tasks/main.yml

@@ -0,0 +1,19 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# Will be updated later in each PR
+- name: Pass
+  debug:
+    msg: "Pass"

appliance/roles/web_ui/tasks/main.yml

@@ -18,12 +18,12 @@
   include_tasks: check_awx_status.yml
   tags: install
 
-- name: Include common variables
-  include_vars: ../../common/vars/main.yml
+- name: Include control_plane_common variables
+  include_vars: ../../control_plane_common/vars/main.yml
   tags: install
 
 - name: Internet validation
-  include_tasks: ../../common/tasks/internet_validation.yml
+  include_tasks: ../../control_plane_common/tasks/internet_validation.yml
   when: not awx_status
   tags: install
 
@@ -55,7 +55,7 @@
   tags: install
 
 - name: Internet validation
-  include_tasks: ../../common/tasks/internet_validation.yml
+  include_tasks: ../../control_plane_common/tasks/internet_validation.yml
   tags: install
 
 - name: Install AWX-CLI

appliance/roles/web_ui/vars/main.yml

@@ -13,7 +13,7 @@
 # limitations under the License.
 ---
 
-# vars file for web_ui
+# vars file for webui_awx
 
 # Usage: clone_awx.yml
 awx_git_repo: "https://github.com/ansible/awx.git"
@@ -63,7 +63,7 @@ cobbler_username: root
 omnia_template_name: DeployOmnia
 omnia_playbook: omnia.yml
 inventory_template_name: DynamicInventory
-inventory_playbook: appliance/inventory.yml
+inventory_playbook: control_plane/collect_node_info.yml
 playbooks_verbosity: 0
 schedule_name: DynamicInventorySchedule
 schedule_rule: "DTSTART:20201201T000000Z RRULE:FREQ=MINUTELY;INTERVAL=10"