Issue #189: AWX UI modifications

Signed-off-by: sakshiarora13 <sakshi_arora1@dell.com>

appliance/input_config.yml

@@ -36,4 +36,9 @@ hpc_nic: "em1"
 # The nic card that needs to be connected to the public internet.
 # The public_nic should be em2, em1 or em3
 # Default value of nic is em2.
-public_nic: "em2"
+public_nic: "em2"
+
+# Kubernetes SDN network.
+# Options: calico/flannel.
+# Default value is calico.
+k8s_cni: "calico"

appliance/roles/inventory/files/add_host.yml

@@ -14,7 +14,7 @@
 ---
 
 - name: Check if host already exists
-  command: awk "{{ '/'+ item + '/' }}" inventory
+  command: awk "{{ '/'+ item + '/' }}" /root/inventory
   register: check_host
   changed_when: no
 
@@ -27,13 +27,13 @@
     host_description: "CPU:{{ hostvars[item]['ansible_processor_count'] }}
     Cores:{{ hostvars[item]['ansible_processor_cores'] }}
     Memory:{{ hostvars[item]['ansible_memtotal_mb'] }}MB
-    BIOS:{{ hostvars[item]['ansible_bios_version']}}"
-  changed_when: no
+    BIOS:{{ hostvars[item]['ansible_bios_version'] }}"
+  when: not check_host.stdout | regex_search(item)
   ignore_errors: yes
 
 - name: Add host
   lineinfile:
-    path:  "inventory"
+    path:  "/root/inventory"
     line: "    {{ item }}:\n      _awx_description: {{ host_description }}"
   when: not check_host.stdout | regex_search(item)
 

appliance/roles/inventory/files/create_inventory.yml

@@ -46,6 +46,7 @@
   vars:
     ansible_password: "{{ cobbler_password }}"
     ansible_become_pass: "{{ cobbler_password }}"
+    ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
   tasks:
     - name: Setup
       setup:
@@ -53,28 +54,16 @@
 
     - name: Set the system hostname
       hostname:
-        name: "compute{{ inventory_hostname.split('.')[-2] + '.' + inventory_hostname.split('.')[-1] }}"
+        name: "compute{{ inventory_hostname.split('.')[-2] + '-' + inventory_hostname.split('.')[-1] }}"
       register: result_name
 
     - name: Add new hostname to /etc/hosts
       lineinfile:
         dest: /etc/hosts
         regexp: '^127\.0\.0\.1[ \t]+localhost'
-        line: "127.0.0.1 localhost 'compute{{ inventory_hostname.split('.')[-1] }}'"
+        line: "127.0.0.1 localhost 'compute{{ inventory_hostname.split('.')[-2] + '-' + inventory_hostname.split('.')[-1] }}'"
         state: present
 
-    - name: Ensure networking connection
-      command: nmcli networking off
-      changed_when: false
-
-    - name: Ensure networking connection
-      command: nmcli networking on
-      changed_when: false
-
-    - name: Ensure networking connection
-      command: nmcli networking on
-      changed_when: false
-
 - name: Update inventory
   hosts: localhost
   connection: local

appliance/roles/inventory/files/inventory

@@ -1,3 +0,0 @@
----
-all:
-  hosts:

appliance/roles/inventory/tasks/main.yml

@@ -16,18 +16,6 @@
   set_fact:
     ansible_ssh_common_args: '-o StrictHostKeyChecking=no'
 
-- name: Disable key host checking
-  replace:
-    path: /etc/ansible/ansible.cfg
-    regexp: '#host_key_checking = False'
-    replace: 'host_key_checking = False'
-
-- name: Disable host key checking
-  replace:
-    path: /etc/ssh/ssh_config
-    regexp: '#   StrictHostKeyChecking ask'
-    replace: 'StrictHostKeyChecking no'
-
 - name: Check if provisioned host file exists
   stat:
     path: "{{ role_path }}/files/provisioned_hosts.yml"
@@ -35,39 +23,72 @@
 
 - name: Include vars file of common role
   include_vars: "{{ role_path }}/../common/vars/main.yml"
+  no_log: True
 
 - name: Include vars file of web_ui role
   include_vars: "{{ role_path }}/../web_ui/vars/main.yml"
+  no_log: True
 
 - name: Update inventory file
   block:
+    - name: Check if input config file is encrypted
+      command: cat {{ input_config_filename }}
+      changed_when: false
+      register: config_content
+
     - name: Decrpyt input_config.yml
       command: >-
         ansible-vault decrypt {{ input_config_filename }}
         --vault-password-file roles/common/files/{{ vault_filename }}
-      changed_when: false
+      when: "'$ANSIBLE_VAULT;' in config_content.stdout"
 
     - name: Include variable file input_config.yml
       include_vars: "{{ input_config_filename }}"
+      no_log: True
 
     - name: Save input variables from file
       set_fact:
         cobbler_password: "{{ provision_password }}"
+      no_log: True
 
     - name: Encrypt input config file
       command: >-
         ansible-vault encrypt {{ input_config_filename }}
         --vault-password-file roles/common/files/{{ vault_filename }}
+      when: "'$ANSIBLE_VAULT;' not in config_content.stdout"
 
-    - name: add hosts with description to inventory file
-      command: >-
-        ansible-playbook -i {{ role_path }}/files/provisioned_hosts.yml
-        {{ role_path }}/files/create_inventory.yml
-        --extra-vars "cobbler_username={{ cobbler_username }} cobbler_password={{ cobbler_password }}"
-      ignore_errors: yes
+    - name: Check if inventory file already exists
+      stat:
+        path: "/root/inventory"
+      register: stat_result
+
+    - name: Create inventory file if doesnt exist
+      copy:
+        dest:  "/root/inventory"
+        content: |
+          ---
+          all:
+            hosts:
+        owner: root
+        mode: 0775
+      when: not stat_result.stat.exists
+
+    - name: Add inventory playbook
+      block:
+        - name: add hosts with description to inventory file
+          command: >-
+            ansible-playbook -i {{ role_path }}/files/provisioned_hosts.yml
+            {{ role_path }}/files/create_inventory.yml
+            --extra-vars "cobbler_username={{ cobbler_username }} cobbler_password={{ cobbler_password }}"
+          no_log: True
+          register: register_error
+      rescue:
+        - name: Fail if host addition was not successful
+          fail:
+            msg: "{{ register_error.stdout | regex_replace(cobbler_username) | regex_replace(cobbler_password) }}"
 
   when: provisioned_file_result.stat.exists
 
 - name: push inventory to AWX
-  command: awx-manage inventory_import --inventory-name {{ omnia_inventory_name }} --source {{ role_path }}/files/inventory
+  command: awx-manage inventory_import --inventory-name {{ omnia_inventory_name }} --source /root/inventory
   changed_when: no

appliance/roles/web_ui/tasks/awx_configuration.yml

@@ -14,174 +14,271 @@
 ---
 
 # Get Current AWX configuration
-- name: Get organization list
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    organizations list -f human
-  register: organizations_list
-  changed_when: no
-
-- name: Get project list
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    projects list -f human
-  register: projects_list
-  changed_when: no
-
-- name: Get inventory list
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    inventory list -f human
-  register: inventory_list
-  changed_when: no
-
-- name: Get credentials list
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    credentials list -f human
-  register: credentials_list
-  changed_when: no
-
-- name: Get template list
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    job_templates list -f human
-  register: job_templates_list
-  changed_when: no
-
-- name: If omnia-inventory exists, fetch group names in the inventory
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    groups list --inventory "{{ omnia_inventory_name }}" -f human
-  register: groups_list
-  when: omnia_inventory_name in inventory_list.stdout
-
-- name: Get schedules list
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    schedules list -f human
-  register: schedules_list
-  changed_when: no
+- name: Waiting for 30 seconds for UI components to be accessible
+  wait_for:
+    timeout: 30
 
-# Delete Default Configurations
-- name: Delete default organization
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    organizations delete "{{ default_org }}"
-  when: default_org in organizations_list.stdout
-
-- name: Delete default job template
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    job_templates delete "{{ default_template }}"
-  when: default_template in job_templates_list.stdout
-
-- name: Delete default project
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    projects delete "{{ default_projects }}"
-  when: default_projects in projects_list.stdout
-
-- name: Delete default credential
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    credentials delete "{{ default_credentials }}"
-  when: default_credentials in credentials_list.stdout
+- name: Organization list
+  block:
+    - name: Get organization list
+      command: >-
+        awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+        organizations list -f human
+      register: organizations_list
+      changed_when: no
+      no_log: True
+  rescue:
+    - name: Message
+      fail:
+        msg: "{{ organizations_list.stderr | regex_replace(awx_user) | regex_replace(admin_password) }}"
 
-# Create required configuration if not present
-- name: Create organisation
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    organizations create --name "{{ organization_name }}"
-  when: organization_name not in organizations_list.stdout
-
-- name: Create new project
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    projects create --name "{{ project_name }}" --organization "{{ organization_name }}"
-    --local_path "{{ dir_name }}"
-  when: project_name not in projects_list.stdout
-
-- name: Create new omnia inventory
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    inventory create --name "{{ omnia_inventory_name }}" --organization "{{ organization_name }}"
-  when: omnia_inventory_name not in inventory_list.stdout
-
-- name: Create groups in omnia inventory
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    groups create --name "{{ item }}" --inventory "{{ omnia_inventory_name }}"
-  when: omnia_inventory_name not in inventory_list.stdout or item not in groups_list.stdout
-  loop: "{{ group_names }}"
-
-- name: Create credentials for omnia
-  command: >-
-    awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-    credentials create --name "{{ credential_name }}" --organization "{{ organization_name }}"
-    --credential_type "{{ credential_type }}"
-    --inputs '{"username": "{{ cobbler_username }}", "password": "{{ cobbler_password }}"}'
-  when: credential_name not in credentials_list.stdout
-
-- name: DeployOmnia Template
+- name: Project list
+  block:
+    - name: Get project list
+      command: >-
+        awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+        projects list -f human
+      register: projects_list
+      changed_when: no
+      no_log: True
+  rescue:
+    - name: Message
+      fail:
+        msg: "{{ projects_list.stderr | regex_replace(awx_user) | regex_replace(admin_password) }}"
+
+- name: Inventory list
+  block:
+    - name: Get inventory list
+      command: >-
+        awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+        inventory list -f human
+      register: inventory_list
+      changed_when: no
+      no_log: True
+  rescue:
+    - name: Message
+      fail:
+        msg: "{{ inventory_list.stderr | regex_replace(awx_user) | regex_replace(admin_password) }}"
+
+- name: Credential list
+  block:
+    - name: Get credentials list
+      command: >-
+        awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+        credentials list -f human
+      register: credentials_list
+      changed_when: no
+      no_log: True
+  rescue:
+    - name: Message
+      fail:
+        msg: "{{ credentials_list.stderr | regex_replace(awx_user) | regex_replace(admin_password) }}"
+
+- name: Template List
   block:
-    - name: Create template to deploy omnia
+    - name: Get template list
       command: >-
         awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-        job_templates create
-        --name "{{ omnia_template_name }}"
-        --job_type run
-        --inventory "{{ omnia_inventory_name }}"
-        --project "{{ project_name }}"
-        --playbook "{{ omnia_playbook }}"
-        --verbosity "{{ playbooks_verbosity }}"
-        --ask_skip_tags_on_launch true
+        job_templates list -f human
+      register: job_templates_list
+      changed_when: no
+      no_log: True
+  rescue:
+    - name: Message
+      fail:
+        msg: "{{ job_templates_list.stderr | regex_replace(awx_user) | regex_replace(admin_password) }}"
 
-    - name: Associate credential
+- name: Group names
+  block:
+    - name: If omnia-inventory exists, fetch group names in the inventory
       command: >-
         awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-        job_templates associate "{{ omnia_template_name }}"
-        --credential ""{{ credential_name }}""
+        groups list --inventory "{{ omnia_inventory_name }}" -f human
+      register: groups_list
+      when: omnia_inventory_name in inventory_list.stdout
+      no_log: True
+  rescue:
+    - name: Message
+      fail:
+        msg: "{{ groups_list.stderr | regex_replace(awx_user) | regex_replace(admin_password) }}"
 
-  when: omnia_template_name not in job_templates_list.stdout
+- name: Schedules list
+  block:
+    - name: Get schedules list
+      command: >-
+        awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+        schedules list -f human
+      register: schedules_list
+      changed_when: no
+      no_log: True
+  rescue:
+    - name: Message
+      fail:
+        msg: "{{ schedules_list.stderr | regex_replace(awx_user) | regex_replace(admin_password) }}"
 
-- name: DynamicInventory template
+# Delete Default Configurations
+- name: Delete default configurations
   block:
-    - name: Create template to fetch dynamic inventory
+    - name: Delete default organization
+      command: >-
+        awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+        organizations delete "{{ default_org }}"
+      when: default_org in organizations_list.stdout
+      register: register_error
+      no_log: True
+
+    - name: Delete default job template
+      command: >-
+        awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+        job_templates delete "{{ default_template }}"
+      when: default_template in job_templates_list.stdout
+      register: register_error
+      no_log: True
+
+    - name: Delete default project
       command: >-
         awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-        job_templates create
-        --name "{{ inventory_template_name }}"
-        --job_type run
-        --inventory "{{ omnia_inventory_name }}"
-        --project "{{ project_name }}"
-        --playbook "{{ inventory_playbook }}"
-        --verbosity "{{ playbooks_verbosity }}"
-        --use_fact_cache true
+        projects delete "{{ default_projects }}"
+      when: default_projects in projects_list.stdout
+      register: register_error
+      no_log: True
 
-    - name: Associate credential
+    - name: Delete default credential
       command: >-
         awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-        job_templates associate "{{ inventory_template_name }}"
-        --credential ""{{ credential_name }}""
-  when: inventory_template_name not in job_templates_list.stdout
+        credentials delete "{{ default_credentials }}"
+      when: default_credentials in credentials_list.stdout
+      register: register_error
+      no_log: True
+
+  rescue:
+    - name: Message
+      fail:
+        msg: "{{ register_error.stderr | regex_replace(awx_user) | regex_replace(admin_password) }}"
 
-- name: Schedule dynamic inventory template
+# Create required configuration if not present
+- name: Create required configurations
   block:
-    - name: Get unified job template list
+    - name: Create organisation
+      command: >-
+        awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+        organizations create --name "{{ organization_name }}"
+      when: organization_name not in organizations_list.stdout
+      register: register_error
+      no_log: True
+
+    - name: Create new project
+      command: >-
+        awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+        projects create --name "{{ project_name }}" --organization "{{ organization_name }}"
+        --local_path "{{ dir_name }}"
+      when: project_name not in projects_list.stdout
+      register: register_error
+      no_log: True
+
+    - name: Create new omnia inventory
       command: >-
         awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-        unified_job_templates list --name "{{ inventory_template_name }}" -f human
-      register: unified_job_template_list
+        inventory create --name "{{ omnia_inventory_name }}" --organization "{{ organization_name }}"
+      when: omnia_inventory_name not in inventory_list.stdout
+      register: register_error
+      no_log: True
 
-    - name: Get job ID
-      set_fact:
-        job_id: "{{ unified_job_template_list.stdout | regex_search('[0-9]+') }}"
+    - name: Create groups in omnia inventory
+      command: >-
+        awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+        groups create --name "{{ item }}" --inventory "{{ omnia_inventory_name }}"
+      when: omnia_inventory_name not in inventory_list.stdout or item not in groups_list.stdout
+      register: register_error
+      no_log: True
+      loop: "{{ group_names }}"
 
-    - name: Schedule dynamic inventory job
+    - name: Create credentials for omnia
       command: >-
         awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-        schedules create --name "{{ schedule_name }}"
-        --unified_job_template="{{ job_id }}" --rrule="{{ schedule_rule }}"
+        credentials create --name "{{ credential_name }}" --organization "{{ organization_name }}"
+        --credential_type "{{ credential_type }}"
+        --inputs '{"username": "{{ cobbler_username }}", "password": "{{ cobbler_password }}"}'
+      when: credential_name not in credentials_list.stdout
+      register: register_error
+      no_log: True
+
+    - name: DeployOmnia Template
+      block:
+        - name: Create template to deploy omnia
+          command: >-
+            awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+            job_templates create
+            --name "{{ omnia_template_name }}"
+            --job_type run
+            --inventory "{{ omnia_inventory_name }}"
+            --project "{{ project_name }}"
+            --playbook "{{ omnia_playbook }}"
+            --verbosity "{{ playbooks_verbosity }}"
+            --ask_skip_tags_on_launch true
+          register: register_error
+          no_log: True
+
+        - name: Associate credential
+          command: >-
+            awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+            job_templates associate "{{ omnia_template_name }}"
+            --credential ""{{ credential_name }}""
+          register: register_error
+          no_log: True
+
+      when: omnia_template_name not in job_templates_list.stdout
+
+    - name: DynamicInventory template
+      block:
+        - name: Create template to fetch dynamic inventory
+          command: >-
+            awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+            job_templates create
+            --name "{{ inventory_template_name }}"
+            --job_type run
+            --inventory "{{ omnia_inventory_name }}"
+            --project "{{ project_name }}"
+            --playbook "{{ inventory_playbook }}"
+            --verbosity "{{ playbooks_verbosity }}"
+            --use_fact_cache true
+          register: register_error
+          no_log: True
+
+        - name: Associate credential
+          command: >-
+            awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+            job_templates associate "{{ inventory_template_name }}"
+            --credential ""{{ credential_name }}""
+          register: register_error
+          no_log: True
+
+      when: inventory_template_name not in job_templates_list.stdout
+
+    - name: Schedule dynamic inventory template
+      block:
+        - name: Get unified job template list
+          command: >-
+            awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+            unified_job_templates list --name "{{ inventory_template_name }}" -f human
+          no_log: True
+          register: unified_job_template_list
+
+        - name: Get job ID
+          set_fact:
+            job_id: "{{ unified_job_template_list.stdout | regex_search('[0-9]+') }}"
+
+        - name: Schedule dynamic inventory job
+          command: >-
+            awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
+            schedules create --name "{{ schedule_name }}"
+            --unified_job_template="{{ job_id }}" --rrule="{{ schedule_rule }}"
+          register: register_error
+          no_log: True
+
+      when: schedule_name not in schedules_list.stdout
 
-  when: schedule_name not in schedules_list.stdout
+  rescue:
+    - name: Message
+      fail:
+        msg: "{{ register_error.stderr | regex_replace(awx_user) | regex_replace(admin_password) }}"

appliance/roles/web_ui/tasks/clone_awx.yml

@@ -18,5 +18,5 @@
     repo: "{{ awx_git_repo }}"
     dest: "{{ awx_repo_path }}"
     force: yes
-    version: devel
+    version: 15.0.0
   tags: install

appliance/roles/web_ui/tasks/install_awx.yml

@@ -49,6 +49,7 @@
       args:
         chdir: "{{ awx_installer_path }}"
       register: awx_installation
+      no_log: True
 
   rescue:
     - name: Check AWX status on machine
@@ -56,7 +57,8 @@
 
     - name: Fail if container are not running
       fail:
-        msg: "AWX installation failed."
+        msg: "AWX installation failed with error msg:
+        {{ awx_installation.stdout | regex_replace(admin_password) }}."
       when: not awx_status
 
   tags: install

appliance/roles/web_ui/tasks/main.yml

@@ -27,7 +27,7 @@
   when: not awx_status
   tags: install
 
-- name: Get and encrypt AWX password
+- name: Clone AWX repo
   include_tasks: clone_awx.yml
   when: not awx_status
   tags: install
@@ -58,50 +58,19 @@
   include_tasks: ../../common/tasks/internet_validation.yml
   tags: install
 
-- name: Waiting for AWX UI to be accessible
-  wait_for:
-    timeout: 300
-  delegate_to: localhost
-  tags: install
-
-- name: Re-install if in migrating state
-  block:
-    - name: Check if AWX UI is accessible
-      command: >-
-        awx --conf.host "{{ awx_ip }}" --conf.username "{{ awx_user }}" --conf.password "{{ admin_password }}"
-        organizations list -f human
-      changed_when: no
-
-  rescue:
-    - name: Remove old containers
-      docker_container:
-        name: "{{ item }}"
-        state: absent
-      loop:
-        - awx_task
-        - awx_web
-
-    - name: Restart docker
-      service:
-        name: docker
-        state: restarted
-
-    - name: Run AWX install.yml file
-      command: ansible-playbook -i inventory install.yml --extra-vars "admin_password={{ admin_password }}"
-      args:
-        chdir: "{{ awx_installer_path }}"
-      ignore_errors: yes
-
-    - name: Waiting for AWX UI to be accessible
-      wait_for:
-        timeout: 150
-      delegate_to: localhost
-  tags: install
-
 - name: Install AWX-CLI
   include_tasks: install_awx_cli.yml
   tags: install
 
+- name: Check if AWX-UI is accessible
+  include_tasks: ui_accessibility.yml
+  tags: install
+
 - name: Configure AWX
-  include_tasks: awx_configuration.yml
+  block:
+    - include_tasks: awx_configuration.yml
+  rescue:
+    - name: Display msg
+      debug:
+        msg: "{{ conf_fail_msg }}"
   tags: install

appliance/roles/web_ui/tasks/ui_accessibility.yml

@@ -0,0 +1,85 @@
+# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+# Check accessibility of AWX-UI
+- name: Re-install if in migrating state
+  block:
+    - name: Wait for AWX UI to be up
+      uri:
+        url: "{{ awx_ip }}"
+        status_code: "{{ return_status }}"
+        return_content: yes
+      register: register_error
+      until: awx_ui_msg in register_error.content
+      retries: 20
+      delay: 15
+      changed_when: no
+      no_log: True
+
+  rescue:
+    - name: Starting rescue
+      debug:
+        msg: "Attempting to re-install AWX"
+
+    - name: Remove old containers
+      docker_container:
+        name: "{{ item }}"
+        state: absent
+      loop:
+        - awx_task
+        - awx_web
+
+    - name: Restart docker
+      service:
+        name: docker
+        state: restarted
+
+    - name: Re-install AWX
+      block:
+        - name: Run AWX install.yml file
+          command: ansible-playbook -i inventory install.yml --extra-vars "admin_password={{ admin_password }}"
+          args:
+            chdir: "{{ awx_installer_path }}"
+          register: awx_installation
+          no_log: True
+
+      rescue:
+        - name: Check AWX status on machine
+          include_tasks: check_awx_status.yml
+
+        - name: Fail if container are not running
+          fail:
+            msg: "AWX installation failed with error msg:
+             {{ awx_installation.stdout | regex_replace(admin_password) }}."
+          when: not awx_status
+
+    - name: Check if AWX UI is up
+      block:
+        - name: Wait for AWX UI to be up
+          uri:
+            url: "{{ awx_ip }}"
+            status_code: "{{ return_status }}"
+            return_content: yes
+          register: register_error
+          until: awx_ui_msg in register_error.content
+          retries: 20
+          delay: 10
+          changed_when: no
+          no_log: True
+      rescue:
+        - name: Message
+          fail:
+            msg: "{{ register_error | regex_replace(awx_user) | regex_replace(admin_password) }}"
+  tags: install

appliance/roles/web_ui/vars/main.yml

@@ -38,7 +38,8 @@ message_skipped: "Installation Skipped: AWX instance is already running on your
 message_installed: "Installation Successful"
 awx_ip: http://localhost:8081
 return_status: 200
-migrating_msg: "IsMigrating"
+awx_ui_msg: "Password Dialog"
+conf_fail_msg: "AWX configuration failed at the last executed task."
 
 # Usage: install_awx_cli.yml
 awx_cli_repo: "https://releases.ansible.com/ansible-tower/cli/ansible-tower-cli-centos7.repo"

omnia.yml

@@ -13,35 +13,15 @@
 # limitations under the License.
 ---
 
-#- name: Validate the cluster
-# hosts: localhost
-# connection: local
-# gather_facts: no
-# roles:
-#   - cluster_validation
+- name: Validate the cluster
+  hosts: localhost
+  connection: local
+  gather_facts: no
+  roles:
+    - cluster_validation
 
 - name: Gather facts from all the nodes
   hosts: all
-
-- name: Prepare the cluster with passwordless ssh from manager to compute
-  hosts: manager
-  gather_facts: false
-  pre_tasks:
-    - name: Set Fact
-      set_fact:
-        ssh_to: "{{ groups['compute'] }}"
-  roles:
-    - cluster_preperation
-
-- name: Prepare the cluster with passwordless ssh from compute to manager
-  hosts: compute
-  gather_facts: false
-  pre_tasks:
-    - name: Set Fact
-      set_fact:
-        ssh_to: "{{ groups['manager'] }}"
-  roles:
-    - cluster_preperation
     
 - name: Apply common installation and config
   hosts: manager, compute
@@ -144,3 +124,23 @@
 # roles:
 #   - slurm_exporter
 # tags: slurm
+
+- name: Prepare the cluster with passwordless ssh from manager to compute
+  hosts: manager
+  gather_facts: false
+  pre_tasks:
+    - name: Set Fact
+      set_fact:
+        ssh_to: "{{ groups['compute'] }}"
+  roles:
+    - cluster_preperation
+
+- name: Prepare the cluster with passwordless ssh from compute to manager
+  hosts: compute
+  gather_facts: false
+  pre_tasks:
+    - name: Set Fact
+      set_fact:
+        ssh_to: "{{ groups['manager'] }}"
+  roles:
+    - cluster_preperation

roles/cluster_preperation/tasks/passwordless_ssh.yml

@@ -47,19 +47,32 @@
     ssh-add "{{ rsa_id_file }}"
   when: not ssh_status
 
-- name: Create .ssh directory
-  command: >-
-    sshpass -p "{{ hostvars['127.0.0.1']['cobbler_password'] }}"
-    ssh root@"{{ current_host }}" mkdir -p /root/.ssh
-  when: not ssh_status
+- name: Post public key
+  block:
+    - name: Create .ssh directory
+      command: >-
+        sshpass -p "{{ hostvars['127.0.0.1']['cobbler_password'] }}"
+        ssh root@"{{ current_host }}" mkdir -p /root/.ssh
+      when: not ssh_status
+      no_log: True
+      register: register_error
 
-- name: Copy the public key to remote host
-  shell: >-
-    set -o pipefail && cat "{{ rsa_id_file }}".pub
-    | sshpass -p "{{ hostvars['127.0.0.1']['cobbler_password'] }}"
-    ssh root@"{{ current_host }}" 'cat >> "{{ auth_key_path }}"'
-  when: not ssh_status
+    - name: Copy the public key to remote host
+      shell: >-
+        set -o pipefail && cat "{{ rsa_id_file }}".pub
+        | sshpass -p "{{ hostvars['127.0.0.1']['cobbler_password'] }}"
+        ssh root@"{{ current_host }}" 'cat >> "{{ auth_key_path }}"'
+      when: not ssh_status
+      no_log: True
+      register: register_error
+
+    - name: Change permissions on the remote host
+      shell: sshpass -p "{{ hostvars['127.0.0.1']['cobbler_password'] }}" ssh root@"{{ current_host }}" 'chmod 700 .ssh; chmod 640 "{{ auth_key_path }}"'
+      when: not ssh_status
+      no_log: True
+      register: register_error
 
-- name: Change permissions on the remote host
-  shell: sshpass -p "{{ hostvars['127.0.0.1']['cobbler_password'] }}" ssh root@"{{ current_host }}" 'chmod 700 .ssh; chmod 640 "{{ auth_key_path }}"'
-  when: not ssh_status
+  rescue:
+    - name: Passwordless ssh failed
+      fail:
+        msg: "{{ register_error.stderr | regex_replace(hostvars['127.0.0.1']['cobbler_password']) | regex_replace(auth_key_path) }}"

roles/cluster_validation/tasks/fetch_password.yml

@@ -12,23 +12,31 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
+- name: Check if input config file is encrypted
+  command: cat {{ role_path }}/../../appliance/{{ input_config_filename }}
+  changed_when: false
+  register: config_content
+  no_log: True
 
 - name: Decrpyt input_config.yml
   command: >-
     ansible-vault decrypt {{ role_path }}/../../appliance/{{ input_config_filename }}
     --vault-password-file {{ role_path }}/../../appliance/roles/common/files/{{ vault_filename }}
-  changed_when: false
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
 
 - name: Include variable file input_config.yml
   include_vars: "{{ role_path }}/../../appliance/{{ input_config_filename }}"
+  no_log: True
 
 - name: Save input variables from file
   set_fact:
     cobbler_password: "{{ provision_password }}"
     db_password: "{{ mariadb_password }}"
+    k8s_cni: "{{ k8s_cni }}"
+  no_log: True
 
 - name: Encrypt input config file
   command: >-
     ansible-vault encrypt {{ role_path }}/../../appliance/{{ input_config_filename }}
     --vault-password-file {{ role_path }}/../../appliance/roles/common/files/{{ vault_filename }}
-  changed_when: false
+  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"