Issue 362: Containers for IP assignment to different devices

Signed-off-by: shubhangi_srivastava <shubhangi_srivastava@dell.com>

control_plane/roles/control_plane_common/tasks/docker_installation.yml

@@ -1,86 +0,0 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
-#
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
----
-
-- name: Add docker repo
-  get_url:
-    url: "{{ docker_repo_url }}"
-    dest: "{{ docker_repo_dest }}"
-  tags: install
-
-- name: Enable docker edge and test repo
-  ini_file:
-    dest: "{{ docker_repo_dest }}"
-    section: "{{ item }}"
-    option: enabled
-    value: "{{ success }}"
-  with_items: ['docker-ce-test', 'docker-ce-edge']
-  tags: install
-
-- name: Install docker
-  package:
-    name: "{{ container_repo_install }}"
-    state: present
-  become: yes
-  tags: install
-
-- name: Start services
-  service:
-    name: "{{ container_type }}"
-    state: started
-    enabled: yes
-  become: yes
-  tags: install
-
-- name: Uninstall docker-py using pip
-  pip:
-    name: ['docker-py','docker']
-    state: absent
-  tags: install
-
-- name: Install docker using pip
-  pip:
-    name: docker
-    state: present
-  tags: install
-
-- name: Update pip
-  command: pip3 install --upgrade pip
-  changed_when: false
-
-- name: Installation using python3
-  pip:
-    name: "{{ docker_compose }}"
-    executable: pip3
-  tags: install
-
-- name: Versionlock docker
-  command: "yum versionlock '{{ item }}'"
-  args:
-    warn: false
-  with_items:
-    - "{{ container_repo_install }}"
-  changed_when: true
-  tags: install
-
-- name: Configure docker
-  copy:
-    src: daemon.json
-    dest: "{{ daemon_dest }}"
-  tags: install
-
-- name: Restart docker
-  service:
-    name: docker
-    state: restarted

control_plane/roles/control_plane_common/tasks/fetch_base_inputs.yml

@@ -34,20 +34,17 @@
       mngmnt_network_dhcp_end_range | length < 1 or
       host_network_nic | length < 1 or
       host_network_dhcp_start_range | length < 1 or
-      host_network_dhcp_end_range | length < 1 or
-      dhcp_gateway | length < 1 or
-      dhcp_dns1 | length < 1 or
-      dhcp_dns2 | length < 1
-
-- name: Validate infiniband base_vars are not empty
-  fail:
-    msg: "{{ input_base_failure_msg }} for infiniBand as ib_switch_support is true"
-  register: ib_check
-  when:
-    - ib_network_nic | length < 1 or
-      ib_network_dhcp_start_range | length < 1 or
-      ib_network_dhcp_end_range | length < 1
-  when: ib_switch_support
+      host_network_dhcp_end_range | length < 1
+
+#- name: Validate infiniband base_vars are not empty
+#  fail:
+#    msg: "{{ input_base_failure_msg }} for infiniBand as ib_switch_support is true"
+#  register: ib_check
+#  when:
+#    - ib_network_nic | length < 1 or
+#      ib_network_dhcp_start_range | length < 1 or
+#      ib_network_dhcp_end_range | length < 1
+#  when: ib_switch_support
 
 - name: Set facts to validate snmp support
   set_fact:
@@ -194,12 +191,12 @@
   when: ( result_path_iso_file.stat.exists ) and ( ".iso" not in iso_file_path )
 
 ####management_net_dhcp_start_end_range
-- name: Assert management network nic
-  assert:
-    that:
-      - mngmnt_network_nic in nic_addr_up.stdout
-    success_msg: "{{ success_msg_mngmnt_network_nic }}"
-    fail_msg: "{{ fail_msg_mngmnt_network_nic }}"
+#- name: Assert management network nic
+#  assert:
+#    that:
+#      - mngmnt_network_nic in nic_addr_up.stdout
+#    success_msg: "{{ success_msg_mngmnt_network_nic }}"
+#    fail_msg: "{{ fail_msg_mngmnt_network_nic }}"
 
 - name: Fetch the management network ip, netmask and subnet
   set_fact:
@@ -273,12 +270,12 @@
 #########
 
 ###Host network####
-- name: Assert host network nic
-  assert:
-    that:
-      - host_network_nic in nic_addr_up.stdout
-    success_msg: "{{ success_msg_host_network_nic }}"
-    fail_msg: "{{ fail_msg_host_network_nic }}"
+#- name: Assert host network nic
+#  assert:
+#    that:
+#      - host_network_nic in nic_addr_up.stdout
+#    success_msg: "{{ success_msg_host_network_nic }}"
+#    fail_msg: "{{ fail_msg_host_network_nic }}"
 
 - name: Fetch the host network ip, netmask and subnet
   set_fact:
@@ -360,13 +357,13 @@
     fail_msg: "{{ fail_msg_different_nics }}"
 
 ########
-- name: Assert infiniband network nic
-  assert:
-    that:
-      - ib_network_nic in nic_addr_up.stdout
-    success_msg: "{{ success_msg_ib_network_nic }}"
-    fail_msg: "{{ fail_msg_ib_network_nic }}"
-  when: ib_switch_support
+#- name: Assert infiniband network nic
+#  assert:
+#    that:
+#      - ib_network_nic in nic_addr_up.stdout
+#    success_msg: "{{ success_msg_ib_network_nic }}"
+#    fail_msg: "{{ fail_msg_ib_network_nic }}"
+#  when: ib_switch_support
 
 - name: Fetch the infiniband network ip, netmask and subnet
   set_fact:
@@ -453,4 +450,4 @@
       - ib_network_nic != host_network_nic
     success_msg: "{{ success_msg_different_nics_ib }}"
     fail_msg: "{{ fail_msg_different_nics_ib }}"
-  when: ib_switch_support
+  when: ib_switch_support

control_plane/roles/control_plane_common/tasks/fetch_sm_inputs.yml

@@ -0,0 +1,57 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check that the ib_vars.yml exists
+  stat:
+    path: "{{ ib_config_file }}"
+  register: stat_result
+  tags: install
+
+- name: Fail if config file doesn't exist
+  fail:
+    msg: "{{ fail_msg_config_file }}"
+  when: not stat_result.stat.exists
+  tags: install
+
+- name: Check that the opensm.conf exists
+  stat:
+    path: "{{ opensm_conf_file }}"
+  register: stat_result
+  tags: install
+
+- name: Fail if opensm.conf file doesn't exist
+  fail:
+    msg: "{{ fail_msg_opensm_config_file }}"
+  when: not stat_result.stat.exists
+  tags: install
+
+- name: Include infiniband variable file
+  include_vars: "{{ ib_config_file }}"
+  tags: install
+
+- name: Validate directory input definition
+  fail:
+    msg: "{{ fail_msg_ib_input_definition }}"
+  when:
+    - subnet_manager.cache_directory is not defined or subnet_manager.log_directory is not defined
+  tags: install
+
+- name: Validate directory input
+  fail:
+    msg: "{{ fail_msg_ib_input }}"
+  when:
+    - subnet_manager.cache_directory |length < 1
+    - subnet_manager.log_directory |length < 1
+  tags: install

control_plane/roles/control_plane_common/tasks/main.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -31,11 +31,9 @@
 - name: Credentials Configuration
   import_tasks: password_config.yml
 
-- name: Omnia inputs validation
+- name: omnia inputs validation
   import_tasks: verify_omnia_params.yml
 
-- name: Docker installation and configuration
-  import_tasks: docker_installation.yml
-
-- name: Docker volume creation
-  import_tasks: docker_volume.yml
+- name: Subnet manager inputs validation
+  import_tasks: fetch_sm_inputs.yml
+  when: ib_switch_support

control_plane/roles/control_plane_common/tasks/package_installation.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -18,7 +18,7 @@
     name: "{{ common_packages }}"
     state: present
   tags: install
-
+  
 - name: Install netaddr
   command: pip3 install netaddr
   tags: install

control_plane/roles/control_plane_common/tasks/password_config.yml

@@ -1,16 +1,16 @@
-# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#      http://www.apache.org/licenses/LICENSE-2.0
 #
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
 ---
 
 - name: Check login_vars file is encrypted

control_plane/roles/control_plane_common/tasks/pre_requisite.yml

@@ -29,6 +29,7 @@
     path: "{{ default_ansible_config_file_path }}"
     regexp: '#log_path = /var/log/ansible.log'
     replace: 'log_path = /var/log/omnia.log'
+  when: file_exists.stat.exists
   tags: install
 
 - name: Check OS support
@@ -41,6 +42,7 @@
 - name: Fetch SElinux mode
   command: sestatus
   register: sestatus_current
+  changed_when: false
 
 - name: Disable SElinux
   replace:

control_plane/roles/control_plane_common/tasks/verify_omnia_params.yml

@@ -85,4 +85,4 @@
   command: >-
     ansible-vault encrypt {{ role_path }}/../../../{{ config_filename }}
     --vault-password-file {{ role_path }}/../../../{{ config_vaultname }}
-  changed when: false
+  changed_when: false

control_plane/roles/control_plane_common/vars/main.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -40,30 +40,14 @@ internet_timeout: 10
 hostname: github.com
 port_no: 22
 os_name: CentOS
-os_version: '8.3' 
+os_version: '8.3'
 internet_status: "Failed. No Internet connection. Make sure network is up."
 os_status: "Unsupported OS or OS version. OS should be {{ os_name }} and Version should be {{ os_version }} or more"
 selinux_status: "SElinux is not disabled. Disable it in /etc/sysconfig/selinux and reboot the system"
-iso_name: CentOS-7-x86_64-Minimal-2009.iso
-iso_fail: "Iso file not found. Download and copy the iso file to omnia/control_plane/roles/provision_cobbler/files"
 ansible_python_version_status: "For CentOS 8.3, python bindings of firewalld, dnf, selinux are not available if python is installed from source and not from dnf. So please make sure python3.6 is installed using dnf. And ansible uses the python version 3.6 installed using dnf"
 python_version_support: '3.6.8'
 default_ansible_config_file_path: /etc/ansible/ansible.cfg
 
-# Usage: docker_installation.yml
-docker_repo_url: https://download.docker.com/linux/centos/docker-ce.repo
-docker_repo_dest: /etc/yum.repos.d/docker-ce.repo
-success: '0'
-container_type: docker
-container_repo_install:
-  - docker-ce-cli-20.10.2
-  - docker-ce-20.10.2
-docker_compose: docker-compose
-daemon_dest: /etc/docker/
-
-# Usage: docker_volume.yml
-docker_volume_name: omnia-storage
-
 # Usage: password_config.yml
 login_vars_filename: "input_params/login_vars.yml"
 vault_filename: input_params/.login_vault_key
@@ -145,4 +129,14 @@ invalid_mapping_file_path: "Incorrect mapping_file_path provided in base_vars.ym
 success_msg_different_nics: "The nics of different containers and public nic are not the same - Validated"
 fail_msg_different_nics: "Failed. Incorrect nic information. public nic, management network nic and host network nic should not be the same"
 success_msg_different_nics_ib: "The nics of different containers and public nic are not the same as infiniband nic- Validated"
-fail_msg_different_nics_ib: "Failed. Infiniband nic cannot be the same as other nics"
+fail_msg_different_nics_ib: "Failed. Infiniband nic cannot be the same as other nics"
+
+# Usage: fetch_sm_inputs.yml
+ib_config_file: "{{ role_path }}/../../input_params/ib_vars.yml"
+opensm_conf_file: "{{ role_path }}/../../input_params/opensm.conf"
+
+fail_msg_config_file: ib_vars.yml file doesn't exist.
+fail_msg_opensm_config_file: opensm.conf file doesn't exist.
+
+fail_msg_ib_input_definition: Infiniband config directories must be defined.
+fail_msg_ib_input: Infiniband config directories can't be left empty.

control_plane/roles/control_plane_device/files/Dockerfile

@@ -0,0 +1,37 @@
+# Dockerfile for creating the management network container
+
+FROM centos:7
+
+# RPM REPOs
+RUN yum install -y \
+    epel-release \
+    && yum clean all \
+    && rm -rf /var/cache/yum
+
+RUN yum update -y \
+    && yum clean all \
+    && rm -rf /var/cache/yum
+
+RUN yum install -y \
+  ansible \
+  cronie \
+  tftp\
+  tftp-server\
+  dhcp \
+  xinetd \
+  net-tools \
+  && yum clean all \
+  &&  rm -rf /var/cache/yum
+
+RUN mkdir /root/omnia
+
+#Copy Configuration files
+COPY dhcpd.conf  /etc/dhcp/dhcpd.conf
+COPY tftp /etc/xinetd.d/tftp
+COPY mngmnt_container_configure.yml /root/
+
+RUN systemctl enable tftp
+RUN systemctl enable dhcpd
+
+CMD ["sbin/init"]
+

control_plane/roles/control_plane_device/files/dhcpd.conf

@@ -0,0 +1,48 @@
+
+# ******************************************************************
+# Cobbler managed dhcpd.conf file
+#
+# generated from cobbler dhcp.conf template ($date)
+# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
+# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
+# overwritten.
+#
+# ******************************************************************
+
+ddns-update-style interim;
+
+allow booting;
+allow bootp;
+
+ignore client-updates;
+set vendorclass = option vendor-class-identifier;
+
+option pxe-system-type code 93 = unsigned integer 16;
+
+subnet 172.17.0.0 netmask 255.255.0.0 {
+option subnet-mask 255.255.0.0;
+range dynamic-bootp 172.17.0.10 172.17.0.100;
+default-lease-time  21600;
+max-lease-time  43200;
+next-server 172.17.0.1;
+#insert the static DHCP leases for configuration here
+
+
+     class "pxeclients" {
+          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
+          if option pxe-system-type = 00:02 {
+                  filename "ia64/elilo.efi";
+          } else if option pxe-system-type = 00:06 {
+                  filename "grub/grub-x86.efi";
+          } else if option pxe-system-type = 00:07 {
+                  filename "grub/grub-x86_64.efi";
+          } else if option pxe-system-type = 00:09 {
+                  filename "grub/grub-x86_64.efi";
+          } else {
+                  filename "pxelinux.0";
+          }
+     }
+
+}
+
+#end for

control_plane/roles/control_plane_device/files/k8s_mngmnt_network.yml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mngmnt-network-container
+  namespace: network-config
+  labels:
+    app: mngmnt-network
+spec:
+  selector:
+    matchLabels:
+      app: mngmnt-network
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: mngmnt-network
+    spec:
+      hostNetwork: true
+      volumes:
+        - name: omnia-storage
+          hostPath:
+            path: /home/omnia/
+            type: Directory
+      containers:
+        - name: mngmnt-network-container
+          image: 'localhost/mngmnt_network_container:latest'
+          imagePullPolicy: Never
+          command:
+            - /sbin/init
+          volumeMounts:
+            - name: omnia-storage
+              mountPath: /root/omnia
+          securityContext:
+            privileged: true

control_plane/roles/control_plane_device/files/mngmnt_container_configure.yml

@@ -0,0 +1,70 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Initial  setup
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+  - name: Change mode of tftpboot
+    file:
+      path: /var/lib/tftpboot
+      mode: 0777
+
+  - name: Link for tftp services
+    shell: cp -v /usr/lib/systemd/system/tftp.service /etc/systemd/system/tftp-server.service
+
+  - name: Link for tftp services
+    shell: cp -v /usr/lib/systemd/system/tftp.socket /etc/systemd/system/tftp-server.socket
+
+  - name: Edit the tftp-server service file
+    replace:
+      path: /etc/systemd/system/tftp-server.service
+      regexp: ^Requires=tftp.socket
+      replace: Requires=tftp-server.socket
+
+  - name: Edit the tftp-server service file
+    replace:
+      path: /etc/systemd/system/tftp-server.service
+      regexp: ^ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot
+      replace: ExecStart=/usr/sbin/in.tftpd -c -p -s /var/lib/tftpboot
+
+  - name: Edit the tftp-server service file
+    replace:
+      path: /etc/systemd/system/tftp-server.service
+      regexp: ^Also=tftp.socket
+      replace: Also=tftp.socket
+
+  - name: Edit the tftp-server service file
+    lineinfile:
+      path: /etc/systemd/system/tftp-server.service
+      insertafter: '^[Install]'
+      line: 'WantedBy=multi-user.target'
+
+  - name: Edit the tftp-server socket file
+    lineinfile:
+      path: /etc/systemd/system/tftp-server.socket
+      line: "BindIPv6Only=both"
+      insertafter: [Socket]
+
+  - name: Start tftp services
+    service:
+      name: tftp-server
+      state: started
+
+  - name: Start dhcpd services
+    service:
+      name: dhcpd
+      state: started

control_plane/roles/control_plane_common/tasks/docker_volume.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,8 +13,11 @@
 #  limitations under the License.
 ---
 
-- name: Create a docker volume
-  docker_volume:
-    name: "{{ docker_volume_name }}"
-  vars:
-    ansible_python_interpreter: "/usr/bin/python3"
+- name: Start mngmnt_network on reboot
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Wait for 2 minutes
+      pause:
+        minutes: 2

control_plane/roles/control_plane_device/files/temp_dhcp.template

@@ -0,0 +1,48 @@
+
+# ******************************************************************
+# Cobbler managed dhcpd.conf file
+#
+# generated from cobbler dhcp.conf template ($date)
+# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
+# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
+# overwritten.
+#
+# ******************************************************************
+
+ddns-update-style interim;
+
+allow booting;
+allow bootp;
+
+ignore client-updates;
+set vendorclass = option vendor-class-identifier;
+
+option pxe-system-type code 93 = unsigned integer 16;
+
+subnet subnet_mask netmask net_mask {
+option subnet-mask net_mask;
+range dynamic-bootp start end;
+default-lease-time  21600;
+max-lease-time  43200;
+next-server next_server;
+#insert the static DHCP leases for configuration here
+
+
+     class "pxeclients" {
+          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
+          if option pxe-system-type = 00:02 {
+                  filename "ia64/elilo.efi";
+          } else if option pxe-system-type = 00:06 {
+                  filename "grub/grub-x86.efi";
+          } else if option pxe-system-type = 00:07 {
+                  filename "grub/grub-x86_64.efi";
+          } else if option pxe-system-type = 00:09 {
+                  filename "grub/grub-x86_64.efi";
+          } else {
+                  filename "pxelinux.0";
+          }
+     }
+
+}
+
+#end for

control_plane/roles/control_plane_device/files/tftp

@@ -0,0 +1,20 @@
+# default: off
+# description: The tftp server serves files using the trivial file transfer \
+#       protocol.  The tftp protocol is often used to boot diskless \
+#       workstations, download configuration files to network-aware printers, \
+#       and to start the installation process for some operating systems.
+service tftp
+{
+        socket_type             = dgram
+        protocol                = udp
+        wait                    = yes
+        user                    = root
+        server                  = /usr/sbin/in.tftpd
+        server_args             = -s /var/lib/tftpboot
+        disable                 = no
+        per_source              = 11
+        cps                     = 100 2
+        flags                   = IPv4
+}
+
+

control_plane/roles/control_plane_device/tasks/check_prerequisites.yml

@@ -0,0 +1,72 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Initialize variables
+  set_fact:
+    mngmnt_network_container_status: false
+    mngmnt_network_container_image_status: false
+    mngmnt_network_container_config_status: false
+    backup_map_status: false
+    new_node_status: false
+  tags: install
+
+- name: Check if any backup file exists
+  block:
+  - name: Check status of backup file
+    stat:
+      path: "{{ role_path }}/files/backup_mapping_file.csv"
+    register: backup_map
+
+  - name: Set status for backup file
+    set_fact:
+      backup_map_status: true
+    when: backup_map.stat.exists == true  
+  rescue:
+  - name: Message
+    debug:
+      msg: "All nodes are new"
+      verbosity: 2
+
+- name: Inspect the mngmnt_network_container image
+  command: "buildah images {{ mngmnt_network_image_name }}"
+  register: mngmnt_network_container_image_result
+  ignore_errors: true
+  changed_when: false
+  tags: install
+
+- name: Check mngmnt_network_container status on the machine
+  command: kubectl get pods -n network-config
+  register: mngmnt_network_container_result
+  ignore_errors: true
+  changed_when: false
+  tags: install
+
+- name: Update mngmnt_network_container image status
+  set_fact:
+    mngmnt_network_container_image_status: true
+  when: "'No such image' not in mngmnt_network_container_image_result.stderr"
+  tags: install
+
+- name: Update mngmnt_network_container container status
+  set_fact:
+    mngmnt_network_container_status: true
+  when: "'mngmnt-network-container' in mngmnt_network_container_result.stdout"
+  tags: install
+
+- name: Update mngmnt_network_container  status
+  set_fact:
+    mngmnt_network_container_config_status: true
+  when:
+    - mngmnt_network_container_status == true

control_plane/roles/control_plane_device/tasks/configure_mngmnt_network_container.yml

@@ -0,0 +1,52 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check mngmnt_network pod status
+  command: kubectl get pods -n network-config
+  changed_when: false
+  register: mngmnt_network_pod_status
+  ignore_errors: true
+
+- name: Deploy mngmnt_network pod
+  command: "kubectl apply -f {{ role_path }}/files/k8s_mngmnt_network.yml"
+  changed_when: true
+  tags: install
+  when: mngmnt_network_container_status == true and  mngmnt_network_container_config_status == false
+
+- name: Wait for mngmnt_network pod to come to ready state
+  command: kubectl wait --for=condition=ready -n network-config pod -l app=mngmnt-network
+  changed_when: false
+  tags: install
+
+- name: Get mngmnt_network pod name
+  command: 'kubectl get pod -n network-config -l app=mngmnt-network -o jsonpath="{.items[0].metadata.name}"'
+  changed_when: false
+  register: mngmnt_network_pod_name
+  tags: install
+
+- name: Configuring mngmnt_network container
+  command: 'kubectl exec --stdin --tty -n network-config {{ mngmnt_network_pod_name.stdout }} \
+    -- ansible-playbook /root/omnia/control_plane/roles/control_plane_device/files/mngmnt_container_configure.yml'
+  changed_when: false
+  tags: install
+  when: mngmnt_network_container_config_status == false
+
+- name: Schedule task
+  cron:
+    name: "start mngmnt_network_container on reboot"
+    special_time: reboot
+    job: "ansible-playbook {{ role_path }}/files/start_mngmnt_container.yml"
+  tags: install
+  #when: mngmnt_network_container_config_status == false

control_plane/roles/control_plane_device/tasks/dhcp_configure.yml

@@ -0,0 +1,46 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Create the dhcp template
+  copy:
+    src: "{{ role_path }}/files/temp_dhcp.template"
+    dest: "{{ role_path }}/files/dhcpd.conf"
+    mode: 0775
+  tags: install
+
+- name: Assign subnet and netmask
+  replace:
+    path: "{{ role_path }}/files/dhcpd.conf"
+    regexp: '^subnet subnet_mask netmask net_mask {'
+    replace: 'subnet {{ mngmnt_network_subnet }} netmask {{ mngmnt_network_netmask }} {'
+  tags: install
+
+- name: Assign netmask
+  replace:
+    path: "{{ role_path }}/files/dhcpd.conf"
+    regexp: '^option subnet-mask net_mask;'
+    replace: 'option subnet-mask {{ mngmnt_network_netmask }};'
+
+- name: Assign DHCP range
+  replace:
+    path: "{{ role_path }}/files/dhcpd.conf"
+    regexp: '^range dynamic-bootp start end;'
+    replace: 'range dynamic-bootp {{ mngmnt_network_dhcp_start_range }} {{ mngmnt_network_dhcp_end_range }};'
+
+- name: Assign next server range
+  replace:
+    path: "{{ role_path }}/files/dhcpd.conf"
+    regexp: '^next-server next_server;'
+    replace: 'next-server {{ mngmnt_network_ip }};'

control_plane/roles/control_plane_device/tasks/firewall_settings.yml

@@ -0,0 +1,29 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+#Tasks for modifying firewall configurations for mngmnt_network_container
+
+- name: Permit traffic in default zone for tftp service
+  firewalld:
+    service: tftp
+    permanent: yes
+    state: enabled
+  tags: install
+
+- name: Reboot firewalld
+  systemd:
+    name: firewalld
+    state: reloaded
+  tags: install

control_plane/roles/control_plane_device/tasks/main.yml

@@ -1,4 +1,4 @@
-# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,7 +13,53 @@
 #  limitations under the License.
 ---
 
-# Will be updated later in each PR
-- name: Pass
-  debug:
-    msg: "Pass"
+# Tasks file for mngmnt_network
+
+- name: Check mngmnt_network_container status on machine
+  include_tasks: check_prerequisites.yml
+
+- name: Modify firewall settings for mngmnt_network_container
+  import_tasks: firewall_settings.yml
+  when: not mngmnt_network_container_status
+
+- name: Include common variables
+  include_vars:  ../../control_plane_common/vars/main.yml
+  when: not mngmnt_network_container_status
+
+- name: Internet validation
+  include_tasks: ../../control_plane_common/tasks/internet_validation.yml
+  when: not mngmnt_network_container_status
+
+- name: Include variable file base_vars.yml
+  include_vars: "{{ mngmnt_base_file }}"
+
+#- name: Fetch base inputs
+#  include_tasks: ../../control_plane_common/tasks/fetch_base_inputs.yml
+#  when: not mngmnt_network_container_status
+
+- name: Dhcp Configuration
+  import_tasks: dhcp_configure.yml
+  when: (not mngmnt_network_container_image_status) or ( backup_map_status == true)
+
+#- name: Mapping file validation
+#  import_tasks: mapping_file.yml
+#  when: (not mngmnt_network_container_image_status) and (mapping_file == true) or ( backup_map_status == true)
+
+- name: mngmnt_network_container image creation
+  import_tasks: mngmnt_network_container_image.yml
+  when: not mngmnt_network_container_status
+
+- name: mngmnt_network_container configuration
+  import_tasks: configure_mngmnt_network_container.yml
+
+- name: mngmnt_network_container container status message
+  block:
+    - debug:
+        msg: "{{ message_skipped }}"
+        verbosity: 2
+      when: mngmnt_network_container_status
+    - debug:
+        msg: "{{ message_installed }}"
+        verbosity: 2
+      when: not mngmnt_network_container_status
+  tags: install

control_plane/roles/control_plane_device/tasks/mngmnt_network_container_image.yml

@@ -0,0 +1,38 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Image creation (It may take 5-10 mins)
+  command: "buildah bud -t {{ mngmnt_network_image_name }}:{{ mngmnt_network_image_tag }} --network host ."
+  changed_when: true
+  args:
+    chdir: "{{ role_path }}/files/"
+  tags: install
+
+- name: Update image name in k8s_mngmnt_network.yml
+  replace:
+    path: "{{ role_path }}/files/k8s_mngmnt_network.yml"
+    regexp: 'localhost/mngmnt_network_container:latest'
+    replace: "localhost/{{ mngmnt_network_image_name }}:{{ mngmnt_network_image_tag }}"
+
+- name: Update omnia project path in k8s_mngmnt_network.yml
+  replace:
+    path: "{{ role_path }}/files/k8s_mngmnt_network.yml"
+    regexp: 'path: /root/omnia'
+    replace: "path: {{ role_path.split('control_plane')[0] }}"
+
+- name: Deploy mngmnt_network pod
+  command: "kubectl apply -f {{ role_path }}/files/k8s_mngmnt_network.yml"
+  changed_when: true
+  tags: install

control_plane/roles/control_plane_device/vars/main.yml

@@ -0,0 +1,24 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+# vars file for mngmnt_network
+
+# Usage: check_prerequisites.yml, mngmnt_network_container_image.yml
+mngmnt_network_image_name: mngmnt_network_container
+mngmnt_network_image_tag: latest
+mount_path: /root/omnia
+message_skipped: "The container is already present"
+message_installed: "The container is installed"
+mngmnt_base_file: "{{ role_path }}/../../input_params/base_vars.yml"

control_plane/roles/control_plane_ib/files/Dockerfile

@@ -0,0 +1,31 @@
+# Dockerfile for creating the management network container
+
+FROM centos:7
+
+# RPM REPOs
+RUN yum install -y \
+    epel-release \
+    && yum clean all \
+    && rm -rf /var/cache/yum
+
+RUN yum update -y \
+    && yum clean all \
+    && rm -rf /var/cache/yum
+
+RUN yum install -y \
+  ansible \
+  cronie \
+  dhcp \
+  net-tools \
+  && yum clean all \
+  &&  rm -rf /var/cache/yum
+
+RUN mkdir /root/omnia
+
+#Copy Configuration files
+COPY dhcpd.conf  /etc/dhcp/dhcpd.conf
+#COPY mngmnt_container_configure.yml /root/
+
+RUN systemctl enable dhcpd
+
+CMD ["sbin/init"]

control_plane/roles/control_plane_ib/files/dhcpd.conf

@@ -0,0 +1,48 @@
+
+# ******************************************************************
+# Cobbler managed dhcpd.conf file
+#
+# generated from cobbler dhcp.conf template ($date)
+# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
+# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
+# overwritten.
+#
+# ******************************************************************
+
+ddns-update-style interim;
+
+allow booting;
+allow bootp;
+
+ignore client-updates;
+set vendorclass = option vendor-class-identifier;
+
+option pxe-system-type code 93 = unsigned integer 16;
+
+subnet 172.25.0.0 netmask 255.255.0.0 {
+option subnet-mask 255.255.0.0;
+range dynamic-bootp 172.25.0.10 172.25.0.100;
+default-lease-time  21600;
+max-lease-time  43200;
+next-server 172.25.0.1;
+#insert the static DHCP leases for configuration here
+
+
+     class "pxeclients" {
+          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
+          if option pxe-system-type = 00:02 {
+                  filename "ia64/elilo.efi";
+          } else if option pxe-system-type = 00:06 {
+                  filename "grub/grub-x86.efi";
+          } else if option pxe-system-type = 00:07 {
+                  filename "grub/grub-x86_64.efi";
+          } else if option pxe-system-type = 00:09 {
+                  filename "grub/grub-x86_64.efi";
+          } else {
+                  filename "pxelinux.0";
+          }
+     }
+
+}
+
+#end for

control_plane/roles/control_plane_ib/files/infiniband_container_configure.yml

@@ -0,0 +1,24 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Initial  setup
+  hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+  - name: Start dhcpd services
+    service:
+      name: dhcpd
+      state: started

control_plane/roles/control_plane_ib/files/infiniband_inventory_creation.yml

@@ -0,0 +1,43 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- hosts: localhost
+  connection: local
+  gather_facts: false
+  tasks:
+    - name: Read dhcp file
+      set_fact:
+        var: "{{ lookup('file', '/var/lib/dhcpd/dhcpd.leases').split()| unique | select| list }}"
+
+    - name: Filter the ip
+      set_fact:
+        vars_new: "{{ var| ipv4('address')| to_nice_yaml}}"
+
+    - name: Create the static ip
+      shell: awk -F',' 'NR >1{print $3}' omnia/appliance/roles/provision/files/new_mapping_file.csv > static_hosts.yml
+      changed_when: false
+      ignore_errors: true
+
+    - name: Create the dynamic inventory
+      shell: |
+        echo "[all]" >  omnia/appliance/roles/inventory/files/provisioned_hosts.yml
+        echo "{{ vars_new }}" > temp.txt
+        egrep -o '[1-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' temp.txt >>dynamic_hosts.yml
+      changed_when: false
+      ignore_errors: true
+
+    - name: Final inventory
+      shell: cat dynamic_hosts.yml static_hosts.yml| sort -ur  >> omnia/appliance/roles/inventory/files/provisioned_hosts.yml
+      changed_when: false

control_plane/roles/control_plane_ib/files/k8s_infiniband.yml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: infiniband-container
+  namespace: network-config
+  labels:
+    app: infiniband
+spec:
+  selector:
+    matchLabels:
+      app: infiniband
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: infiniband
+    spec:
+      hostNetwork: true
+      volumes:
+        - name: omnia-storage
+          hostPath:
+            path: /home/omnia/
+            type: Directory
+      containers:
+        - name: infiniband-container
+          image: 'localhost/infiniband_container:latest'
+          imagePullPolicy: Never
+          command:
+            - /sbin/init
+          volumeMounts:
+            - name: omnia-storage
+              mountPath: /root/omnia
+          securityContext:
+            privileged: true

control_plane/roles/control_plane_ib/files/temp_dhcp.template

@@ -0,0 +1,48 @@
+
+# ******************************************************************
+# Cobbler managed dhcpd.conf file
+#
+# generated from cobbler dhcp.conf template ($date)
+# Do NOT make changes to /etc/dhcpd.conf. Instead, make your changes
+# in /etc/cobbler/dhcp.template, as /etc/dhcpd.conf will be
+# overwritten.
+#
+# ******************************************************************
+
+ddns-update-style interim;
+
+allow booting;
+allow bootp;
+
+ignore client-updates;
+set vendorclass = option vendor-class-identifier;
+
+option pxe-system-type code 93 = unsigned integer 16;
+
+subnet subnet_mask netmask net_mask {
+option subnet-mask net_mask;
+range dynamic-bootp start end;
+default-lease-time  21600;
+max-lease-time  43200;
+next-server next_server;
+#insert the static DHCP leases for configuration here
+
+
+     class "pxeclients" {
+          match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
+          if option pxe-system-type = 00:02 {
+                  filename "ia64/elilo.efi";
+          } else if option pxe-system-type = 00:06 {
+                  filename "grub/grub-x86.efi";
+          } else if option pxe-system-type = 00:07 {
+                  filename "grub/grub-x86_64.efi";
+          } else if option pxe-system-type = 00:09 {
+                  filename "grub/grub-x86_64.efi";
+          } else {
+                  filename "pxelinux.0";
+          }
+     }
+
+}
+
+#end for

control_plane/roles/control_plane_ib/tasks/check_prerequisites.yml

@@ -0,0 +1,72 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Initialize variables
+  set_fact:
+    infiniband_container_status: false
+    infiniband_container_image_status: false
+    infiniband_container_config_status: false
+    infiniband_backup_map_status: false
+    infiniband_new_node_status: false
+  tags: install
+
+- name: Check if any backup file exists
+  block:
+  - name: Check status of backup file
+    stat:
+      path: "{{ role_path }}/files/backup_mapping_file.csv"
+    register: infiniband_backup_map
+
+  - name: Set status for backup file
+    set_fact:
+      infiniband_backup_map_status: true
+    when: infiniband_backup_map.stat.exists == true  
+  rescue:
+  - name: Message
+    debug:
+      msg: "All nodes are new"
+      verbosity: 2
+
+- name: Inspect the infiniband_container image
+  command: "buildah images {{ infiniband_image_name }}"
+  register: infiniband_container_image_result
+  ignore_errors: true
+  changed_when: false
+  tags: install
+
+- name: Check infiniband_container status on the machine
+  command: kubectl get pods -n network-config
+  register: infiniband_container_result
+  ignore_errors: true
+  changed_when: false
+  tags: install
+
+- name: Update infiniband_container image status
+  set_fact:
+    infiniband_container_image_status: true
+  when: "'No such image' not in infiniband_container_image_result.stderr"
+  tags: install
+
+- name: Update infiniband_container container status
+  set_fact:
+    infiniband_container_status: true
+  when: "'infiniband-container' in infiniband_container_result.stdout"
+  tags: install
+
+- name: Update infiniband_container  status
+  set_fact:
+    infiniband_container_config_status: true
+  when:
+    - infiniband_container_status == true

control_plane/roles/control_plane_ib/tasks/configure_infiniband_container.yml

@@ -0,0 +1,44 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Check infiniband pod status
+  command: kubectl get pods -n network-config
+  changed_when: false
+  register: infiniband_pod_status
+  ignore_errors: true
+
+- name: Deploy infiniband pod
+  command: "kubectl apply -f {{ role_path }}/files/k8s_infiniband.yml"
+  changed_when: true
+  tags: install
+  when: infiniband_container_status == true and  infiniband_container_config_status == false
+
+- name: Wait for infiniband pod to come to ready state
+  command: kubectl wait --for=condition=ready -n network-config pod -l app=infiniband
+  changed_when: false
+  tags: install
+
+- name: Get infiniband pod name
+  command: 'kubectl get pod -n network-config -l app=infiniband -o jsonpath="{.items[0].metadata.name}"'
+  changed_when: false
+  register: infiniband_pod_name
+  tags: install
+
+- name: Configuring infiniband container
+  command: 'kubectl exec --stdin --tty -n network-config {{ infiniband_pod_name.stdout }} \
+    -- ansible-playbook /root/omnia/control_plane/roles/control_plane_ib/files/infiniband_container_configure.yml'
+  changed_when: false
+  tags: install
+#  when: infiniband_container_config_status == false

control_plane/roles/control_plane_ib/tasks/dhcp_configure.yml

@@ -0,0 +1,46 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Create the dhcp template
+  copy:
+    src: "{{ role_path }}/files/temp_dhcp.template"
+    dest: "{{ role_path }}/files/dhcpd.conf"
+    mode: 0775
+  tags: install
+
+- name: Assign subnet and netmask
+  replace:
+    path: "{{ role_path }}/files/dhcpd.conf"
+    regexp: '^subnet subnet_mask netmask net_mask {'
+    replace: 'subnet {{ ib_subnet }} netmask {{ ib_netmask }} {'
+  tags: install
+
+- name: Assign netmask
+  replace:
+    path: "{{ role_path }}/files/dhcpd.conf"
+    regexp: '^option subnet-mask net_mask;'
+    replace: 'option subnet-mask {{ ib_netmask }};'
+
+- name: Assign DHCP range
+  replace:
+    path: "{{ role_path }}/files/dhcpd.conf"
+    regexp: '^range dynamic-bootp start end;'
+    replace: 'range dynamic-bootp {{ ib_network_dhcp_start_range }} {{ ib_network_dhcp_end_range }};'
+
+- name: Assign next server range
+  replace:
+    path: "{{ role_path }}/files/dhcpd.conf"
+    regexp: '^next-server next_server;'
+    replace: 'next-server {{ ib_ip }};'

control_plane/roles/control_plane_ib/tasks/infiniband_container_image.yml

@@ -0,0 +1,38 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Image creation (It may take 5-10 mins)
+  command: "buildah bud -t {{ infiniband_image_name }}:{{ infiniband_image_tag }} --network host ."
+  changed_when: true
+  args:
+    chdir: "{{ role_path }}/files/"
+  tags: install
+
+- name: Update image name in k8s_infiniband.yml
+  replace:
+    path: "{{ role_path }}/files/k8s_infiniband.yml"
+    regexp: 'localhost/infiniband-container:latest'
+    replace: "localhost/{{ infiniband_image_name }}:{{ infiniband_image_tag }}"
+
+- name: Update omnia project path in k8s_infiniband.yml
+  replace:
+    path: "{{ role_path }}/files/k8s_infiniband.yml"
+    regexp: 'path: /root/omnia'
+    replace: "path: {{ role_path.split('control_plane')[0] }}"
+
+- name: Deploy infiniband pod
+  command: "kubectl apply -f {{ role_path }}/files/k8s_infiniband.yml"
+  changed_when: true
+  tags: install

control_plane/roles/control_plane_ib/tasks/main.yml

@@ -1,4 +1,4 @@
-# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,7 +13,49 @@
 #  limitations under the License.
 ---
 
-# Will be updated later in each PR
-- name: Pass
-  debug:
-    msg: "Pass"
+# Tasks file for infiniband
+
+- name: Check infiniband_container status on machine
+  include_tasks: check_prerequisites.yml
+
+- name: Include common variables
+  include_vars:  ../../control_plane_common/vars/main.yml
+  when: not infiniband_container_status
+
+- name: Internet validation
+  include_tasks:  ../../control_plane_common/tasks/internet_validation.yml
+  when: not infiniband_container_status
+
+#- name: Fetch base inputs
+#  include_tasks: ../../control_plane_common/tasks/fetch_base_inputs.yml
+#  when: not infiniband_container_status
+
+- name: Include variable file base_vars.yml
+  include_vars: "{{ ib_base_file }}"
+
+- name: Dhcp Configuration
+  import_tasks: dhcp_configure.yml
+  when: (not infiniband_container_image_status) or ( infiniband_backup_map_status == true)
+
+#- name: Mapping file validation
+#  import_tasks: mapping_file.yml
+#  when: (not infiniband_container_image_status) and (mapping_file == true) or ( backup_map_status == true)
+
+- name: infiniband_container image creation
+  import_tasks: infiniband_container_image.yml
+  when: not infiniband_container_status
+
+- name: infiniband_container configuration
+  import_tasks: configure_infiniband_container.yml
+
+- name: infiniband_container container status message
+  block:
+    - debug:
+        msg: "{{ infiniband_message_skipped }}"
+        verbosity: 2
+      when: infiniband_container_status
+    - debug:
+        msg: "{{ infiniband_message_installed }}"
+        verbosity: 2
+      when: not infiniband_container_status
+  tags: install

control_plane/roles/control_plane_ib/vars/main.yml

@@ -0,0 +1,24 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+# vars file for infiniband
+
+# Usage: infiniband_container_image.yml
+infiniband_image_name: infiniband_container
+infiniband_image_tag: latest
+mount_path: /root/omnia
+infiniband_message_skipped: "The container is already present"
+infiniband_message_installed: "The container is installed"
+ib_base_file: "{{ role_path }}/../../input_params/base_vars.yml" 

control_plane/roles/control_plane_k8s/files/crio.conf

@@ -0,0 +1,2 @@
+overlay
+br_netfilter

control_plane/roles/control_plane_k8s/files/k8s-crio.conf

@@ -0,0 +1,3 @@
+net.bridge.bridge-nf-call-ip6tables = 1
+net.ipv4.ip_forward                 = 1
+net.bridge.bridge-nf-call-iptables  = 1

control_plane/roles/control_plane_k8s/files/k8s.conf

@@ -0,0 +1 @@
+br_netfilter

control_plane/roles/control_plane_k8s/files/k8s_dashboard_admin.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: admin-user
+  namespace: kubernetes-dashboard

control_plane/roles/control_plane_k8s/files/metal-config.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: metallb-system
+  name: config
+data:
+  config: |
+    address-pools:
+    - name: default
+      protocol: layer2
+      addresses:

control_plane/roles/control_plane_k8s/files/metallb.yaml

@@ -0,0 +1,223 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: metallb-system
+  labels:
+    app: metallb
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: metallb-system
+  name: controller
+  labels:
+    app: metallb
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: metallb-system
+  name: speaker
+  labels:
+    app: metallb
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metallb-system:controller
+  labels:
+    app: metallb
+rules:
+- apiGroups: [""]
+  resources: ["services"]
+  verbs: ["get", "list", "watch", "update"]
+- apiGroups: [""]
+  resources: ["services/status"]
+  verbs: ["update"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["create", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metallb-system:speaker
+  labels:
+    app: metallb
+rules:
+- apiGroups: [""]
+  resources: ["services", "endpoints", "nodes"]
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: metallb-system
+  name: config-watcher
+  labels:
+    app: metallb
+rules:
+- apiGroups: [""]
+  resources: ["configmaps"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["create"]
+---
+
+## Role bindings
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metallb-system:controller
+  labels:
+    app: metallb
+subjects:
+- kind: ServiceAccount
+  name: controller
+  namespace: metallb-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metallb-system:controller
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metallb-system:speaker
+  labels:
+    app: metallb
+subjects:
+- kind: ServiceAccount
+  name: speaker
+  namespace: metallb-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metallb-system:speaker
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  namespace: metallb-system
+  name: config-watcher
+  labels:
+    app: metallb
+subjects:
+- kind: ServiceAccount
+  name: controller
+- kind: ServiceAccount
+  name: speaker
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: config-watcher
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  namespace: metallb-system
+  name: speaker
+  labels:
+    app: metallb
+    component: speaker
+spec:
+  selector:
+    matchLabels:
+      app: metallb
+      component: speaker
+  template:
+    metadata:
+      labels:
+        app: metallb
+        component: speaker
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "metallb_container_port"
+    spec:
+      serviceAccountName: speaker
+      terminationGracePeriodSeconds: 0
+      hostNetwork: true
+      containers:
+      - name: speaker
+        image: metallb/speaker:v0.7.3
+        imagePullPolicy: IfNotPresent
+        args:
+        - --port=metallb_container_port
+        - --config=config
+        env:
+        - name: METALLB_NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        ports:
+        - name: monitoring
+          containerPort: metallb_container_port
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          capabilities:
+            drop:
+            - all
+            add:
+            - net_raw
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: metallb-system
+  name: controller
+  labels:
+    app: metallb
+    component: controller
+spec:
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app: metallb
+      component: controller
+  template:
+    metadata:
+      labels:
+        app: metallb
+        component: controller
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "metallb_container_port"
+    spec:
+      serviceAccountName: controller
+      terminationGracePeriodSeconds: 0
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: metallb_run_as_user_port # nobody
+      containers:
+      - name: controller
+        image: metallb/controller:v0.7.3
+        imagePullPolicy: IfNotPresent
+        args:
+        - --port=metallb_container_port
+        - --config=config
+        ports:
+        - name: monitoring
+          containerPort: metallb_container_port
+        resources:
+          limits:
+            cpu: 100m
+            memory: 100Mi
+
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - all
+          readOnlyRootFilesystem: true
+
+---

control_plane/roles/control_plane_k8s/tasks/k8s_firewalld.yml

@@ -0,0 +1,56 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Install firewalld
+  package:
+    name: firewalld
+    state: present
+
+- name: Start and enable firewalld
+  service:
+    name: firewalld
+    state: started
+    enabled: yes
+
+- name: Configure firewalld on master nodes
+  firewalld:
+    port: "{{ item }}/tcp"
+    permanent: yes
+    state: enabled
+  with_items: '{{ k8s_master_ports }}'
+
+- name: Open calico UDP ports on the firewall
+  firewalld:
+    port: "{{ item }}/udp"
+    permanent: yes
+    state: enabled
+  with_items: "{{ calico_udp_ports }}"
+
+- name: Open calico TCP ports on the firewall
+  firewalld:
+    port: "{{ item }}/tcp"
+    permanent: yes
+    state: enabled
+  with_items: "{{ calico_tcp_ports }}"
+
+- name: Reload firewalld
+  command: firewall-cmd --reload
+  changed_when: true
+
+- name: Stop and disable firewalld
+  service:
+    name: firewalld
+    state: stopped
+    enabled: no

control_plane/roles/control_plane_k8s/tasks/k8s_helm.yml

@@ -0,0 +1,41 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Create directory for helm installer file
+  file:
+    path: "{{ helm_installer_file_directory }}"
+    state: directory
+    mode: "{{ helm_installer_file_directory_mode }}"
+
+- name: Get helm installer
+  get_url:
+    url: "{{ helm_installer_url }}"
+    dest: "{{ helm_installer_file_dest }}"
+    mode: "{{ helm_installer_file_mode }}"
+  register: helm_installer_result
+  until: helm_installer_result is not failed
+  retries: 20
+
+- name: Install helm
+  command: "/bin/bash {{ helm_installer_file_dest }}"
+  changed_when: true
+
+- name: Helm - add stable repo
+  command: "helm repo add stable '{{ helm_stable_repo_url }}'"
+  changed_when: true
+
+- name: Helm - update repo
+  command: helm repo update
+  changed_when: true

control_plane/roles/control_plane_k8s/tasks/k8s_init.yml

@@ -0,0 +1,126 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Disable SWAP (1/2)
+  command: /usr/sbin/swapoff -a
+  changed_when: true
+  tags: init
+
+- name: Disable SWAP in fstab (2/2)
+  replace:
+    path: /etc/fstab
+    regexp: '^([^#].*?\sswap\s+.*)$'
+    replace: '# \1'
+
+- name: Get K8s nodes status
+  command: kubectl get nodes
+  changed_when: false
+  ignore_errors: True
+  register: k8s_nodes
+
+- name: Get K8s pods status
+  command: kubectl get pods --all-namespaces
+  changed_when: false
+  ignore_errors: True
+  register: k8s_pods
+
+- name: Initialize kubeadm
+  block:
+    - name: Initialize kubeadm
+      command: "/bin/kubeadm init --pod-network-cidr='{{ appliance_k8s_pod_net_cidr }}' \
+        --apiserver-advertise-address='{{ ansible_default_ipv4.address }}'"
+      changed_when: true
+      register: init_output
+  rescue:
+    - name: Reset kubeadm
+      command: "kubeadm reset -f"
+      changed_when: true
+
+    - name: Initialize kubeadm
+      command: "/bin/kubeadm init --pod-network-cidr='{{ k8s_pod_network_cidr }}' \
+          --apiserver-advertise-address='{{ ansible_default_ipv4.address }}'"
+      changed_when: true
+      register: init_output
+
+    - name: Get K8s pods status
+      command: kubectl get pods --all-namespaces
+      changed_when: false
+      ignore_errors: True
+      register: k8s_pods
+  when: "'master' not in k8s_nodes.stdout"
+
+- name: Setup directory for Kubernetes environment for root
+  file:
+    path: "{{ k8s_root_directory }}"
+    state: directory
+    mode: "{{ k8s_root_directory_mode }}"
+
+- name: Copy Kubernetes config for root
+  copy:
+    src: "{{ k8s_config_src }}"
+    dest: "{{ k8s_config_dest }}"
+    owner: root
+    group: root
+    mode: "{{ k8s_config_file_mode }}"
+    remote_src: yes
+
+- name: Update the kubernetes config file permissions
+  shell: "chown $(id -u):$(id -g) '{{ k8s_config_dest }}'"
+  args:
+    warn: false
+  changed_when: true
+
+- name: Cluster token
+  shell: >
+    set -o pipefail && \
+      kubeadm token list | cut -d ' ' -f1 | sed -n '2p'
+  changed_when: false
+  register: K8S_TOKEN
+
+- name: CA Hash
+  shell: >
+    set -o pipefail && \
+      openssl x509 -pubkey -in {{ k8s_cert_path }} | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
+  changed_when: false
+  register: K8S_MANAGER_CA_HASH
+
+- name: Add K8S Manager IP, Token, and Hash to dummy host
+  add_host:
+    name:   "K8S_TOKEN_HOLDER"
+    token:  "{{ K8S_TOKEN.stdout }}"
+    hash:   "{{ K8S_MANAGER_CA_HASH.stdout }}"
+    ip:     "{{ ansible_default_ipv4.address }}"
+
+- name: Create yaml repo for setup
+  file:
+    path: "{{ yaml_repo_dir_path }}"
+    state: directory
+    mode: "{{ yaml_repo_dir_mode }}"
+
+- name: Setup Calico SDN network - tigera-operator
+  command: "kubectl create -f {{ tigera_operator_url }}"
+  changed_when: true
+  when: "'tigera-operator' not in k8s_pods.stdout"
+
+- name: Setup Calico SDN network - custom-resources
+  command: "kubectl create -f {{ calico_yml_url }}"
+  changed_when: true
+  ignore_errors: True
+  when: "'calico-system' not in k8s_pods.stdout"
+
+- name: Edge / Workstation Install allows pods to schedule on manager
+  command: kubectl taint nodes --all node-role.kubernetes.io/master-
+  changed_when: true
+  ignore_errors: True

control_plane/roles/control_plane_k8s/tasks/k8s_installation.yml

@@ -0,0 +1,123 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Permanently Disable swap
+  mount:
+    name: "swap"
+    fstype: swap
+    state: absent
+
+- name: Disable selinux
+  selinux:
+    state: disabled
+
+- name: Copy k8s.conf file
+  copy:
+    src: k8s.conf
+    dest: "{{ k8s_conf_dest }}"
+    owner: root
+    group: root
+    mode: "{{ conf_file_mode }}"
+
+- name: Copy crio.conf file
+  copy:
+    src: crio.conf
+    dest: "{{ crio_conf_dest }}"
+    owner: root
+    group: root
+    mode: "{{ conf_file_mode }}"
+
+- name: Enable the kernel modules overlay and br_netfilter
+  modprobe:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - overlay
+    - br_netfilter
+
+- name: Update sysctl to handle incorrectly routed traffic when iptables is bypassed
+  copy:
+    src: k8s-crio.conf
+    dest: "{{ k8s_crio_conf_dest }}"
+    owner: root
+    group: root
+    mode: "{{ conf_file_mode }}"
+
+- name: Update sysctl
+  command: /sbin/sysctl --system
+  changed_when: true
+
+- name: Add CRI-O repo (1/2)
+  get_url:
+    url: "{{ crio_repo1_url }}"
+    dest: "{{ crio_repo1_dest }}"
+  register: crio_repo1_result
+  until: crio_repo1_result is not failed
+  retries: 20
+
+- name: Add CRI-O repo (2/2)
+  get_url:
+    url: "{{ crio_repo2_url }}"
+    dest: "{{ crio_repo2_dest }}"
+  register: crio_repo2_result
+  until: crio_repo2_result is not failed
+  retries: 20
+
+- name: Add kubernetes repo
+  yum_repository:
+    name: kubernetes
+    description: kubernetes
+    baseurl: https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+    enabled: yes
+    gpgcheck: no
+    repo_gpgcheck: no
+    gpgkey:
+      - https://packages.cloud.google.com/yum/doc/yum-key.gpg
+      - https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+
+- name: Install common packages
+  package:
+    name: "{{ common_packages }}"
+    state: present
+
+- name: Install k8s packages
+  package:
+    name: "{{ k8s_packages }}"
+    state: present
+
+- name: Versionlock kubernetes
+  command: "yum versionlock '{{ item }}'"
+  args:
+    warn: false
+  with_items:
+    - "{{ k8s_packages }}"
+  changed_when: true
+
+- name: Start and enable crio
+  service:
+    name: crio
+    state: restarted
+    daemon_reload: yes
+    enabled: yes
+
+- name: Start and enable kubernetes - kubelet
+  service:
+    name: kubelet
+    state: restarted
+    enabled: yes
+
+- name: Wait for 30sec for kubelet to get things ready
+  pause:
+    seconds: 30

control_plane/roles/control_plane_k8s/tasks/k8s_services.yml

@@ -0,0 +1,129 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Wait for CoreDNS to restart
+  command: kubectl rollout status deployment/coredns -n kube-system
+  changed_when: false
+  ignore_errors: True
+
+- name: Get K8s pods
+  command: kubectl get pods --all-namespaces
+  changed_when: false
+  register: k8s_pods
+
+- name: Deploy MetalLB
+  command: "kubectl apply -f '{{ metallb_yaml_url }}'"
+  changed_when: true
+  when: "'metallb' not in k8s_pods.stdout"
+
+- name: Create MetalLB Setup Config Files
+  copy:
+    src: metal-config.yaml
+    dest: "{{ metallb_config_file_dest }}"
+    owner: root
+    group: root
+    mode: "{{ metallb_config_file_mode }}"
+
+- name: Replace metallb_addresses
+  replace:
+    path: "{{ metallb_config_file_dest }}"
+    regexp: 'addresses:'
+    replace: "{{ metallb_addresses }}"
+
+- name: Remove ^M characters from metal-config file
+  shell: 'sed -e "s/\r//g" {{ metallb_config_file_dest }} > {{ metallb_config_updated_file_dest }}'
+  args:
+    warn: false
+  changed_when: true
+
+- name: Update metal-config file permissions
+  file:
+    path: "{{ metallb_config_updated_file_dest }}"
+    owner: root
+    group: root
+    mode: "{{ metallb_config_file_mode }}"
+
+- name: Remove old metallb-config file
+  file:
+    path: "{{ metallb_config_file_dest }}"
+    state: absent
+
+- name: Create MetalLB Setup Deployment Files
+  copy:
+    src: metallb.yaml
+    dest: "{{ metallb_deployment_file_dest }}"
+    owner: root
+    group: root
+    mode: "{{ metallb_deployment_file_mode }}"
+
+- name: Replace metallb_container_port
+  replace:
+    path: "{{ metallb_deployment_file_dest }}"
+    regexp: 'metallb_container_port'
+    replace: "{{ metallb_container_port }}"
+
+- name: Replace metallb_container_port
+  replace:
+    path: "{{ metallb_deployment_file_dest }}"
+    regexp: 'metallb_run_as_user_port'
+    replace: "{{ metallb_run_as_user_port }}"
+
+- name: Deploy MetalLB
+  command: "kubectl apply -f '{{ metallb_deployment_file_dest }}'"
+  changed_when: true
+  when: "'metallb' not in k8s_pods.stdout"
+
+- name: Create default setup for MetalLB
+  command: "kubectl apply -f '{{ metallb_config_updated_file_dest }}'"
+  changed_when: true
+  when: "'metallb' not in k8s_pods.stdout"
+
+- name: Deploy K8s dashboard
+  command: "kubectl apply -f {{ k8s_dashboard_yaml_url }}"
+  changed_when: true
+  when: "'kubernetes-dashboard' not in k8s_pods.stdout"
+
+- name: Copy k8s_dashboard_admin.yml file
+  copy:
+    src: k8s_dashboard_admin.yaml
+    dest: "{{ k8s_dashboard_admin_file_dest }}"
+    owner: root
+    group: root
+    mode: "{{ k8s_dashboard_admin_file_mode }}"
+
+- name: Create admin user for K8s dashboard
+  command: "kubectl apply -f {{ k8s_dashboard_admin_file_dest }}"
+  changed_when: true
+
+- name: Start NFS Client Provisioner
+  command: "helm install stable/nfs-client-provisioner --set nfs.server='{{ ansible_default_ipv4.address }}' --set nfs.path='{{ nfs_path }}' --generate-name"
+  changed_when: true
+  when: "'nfs-client-provisioner' not in k8s_pods.stdout"
+
+- name: Set NFS-Client Provisioner as DEFAULT StorageClass
+  shell: >
+    kubectl patch storageclasses.storage.k8s.io nfs-client \
+    -p '{ "metadata": { "annotations":{ "storageclass.kubernetes.io/is-default-class":"true" }}}'
+  changed_when: true
+
+- name: Get K8s namespaces
+  command: kubectl get namespaces
+  changed_when: false
+  register: k8s_namespaces
+
+- name: Create namespace network-config
+  command: kubectl create namespace network-config
+  changed_when: true
+  when: "'network-config' not in k8s_namespaces.stdout"

control_plane/roles/control_plane_k8s/tasks/main.yml

@@ -1,4 +1,4 @@
-# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,7 +13,17 @@
 #  limitations under the License.
 ---
 
-# Will be updated later in each PR
-- name: Pass
-  debug:
-    msg: "Pass"
+- name: Install K8s packages
+  import_tasks: k8s_installation.yml
+
+- name: Configure firewalld
+  import_tasks: k8s_firewalld.yml
+
+- name: Install helm
+  import_tasks: k8s_helm.yml
+
+- name: Initialize K8s
+  import_tasks: k8s_init.yml
+
+- name: Deploy K8s dashboard
+  import_tasks: k8s_services.yml

control_plane/roles/control_plane_k8s/vars/main.yml

@@ -0,0 +1,95 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# vars file for kubernetes
+
+# Usage: k8s_installation.yml
+common_packages:
+  - openssl
+  - bash-completion
+  - cri-o
+  - buildah
+k8s_packages:
+  - kubelet-1.21.0
+  - kubeadm-1.21.0
+  - kubectl-1.21.0
+k8s_conf_dest: /etc/modules-load.d/
+crio_conf_dest: /etc/modules-load.d/
+k8s_crio_conf_dest: /etc/sysctl.d/
+conf_file_mode: 0644
+crio_repo1_url: https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/CentOS_8/devel:kubic:libcontainers:stable.repo
+crio_repo1_dest: /etc/yum.repos.d/devel:kubic:libcontainers:stable.repo
+crio_repo2_url: https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:1.21/CentOS_8/devel:kubic:libcontainers:stable:cri-o:1.21.repo
+crio_repo2_dest: /etc/yum.repos.d/devel:kubic:libcontainers:stable:cri-o:1.21.repo
+
+# Usage: k8s_firewalld.yml
+k8s_master_ports:
+  - 6443
+  - 2379-2380
+  - 10250
+  - 10251
+  - 10252
+calico_udp_ports:
+  - 4789
+calico_tcp_ports:
+  - 5473
+  - 179
+
+# Usage: k8s_helm.yml
+helm_installer_file_directory: /root/bin
+helm_installer_file_directory_mode: 0755
+helm_installer_url: https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
+helm_installer_file_dest: /root/bin/get_helm.sh
+helm_installer_file_mode: 0700
+helm_stable_repo_url: https://charts.helm.sh/stable
+
+# Usage: k8s_init.yml
+k8s_root_directory: /root/.kube
+k8s_root_directory_mode: 0755
+k8s_config_src: /etc/kubernetes/admin.conf
+k8s_config_dest: /root/.kube/config
+k8s_config_file_mode: 0644
+k8s_cert_path: /etc/kubernetes/pki/ca.crt
+yaml_repo_dir_path: /root/k8s
+yaml_repo_dir_mode: 0755
+tigera_operator_url: https://docs.projectcalico.org/manifests/tigera-operator.yaml
+calico_yml_url: https://docs.projectcalico.org/manifests/custom-resources.yaml
+
+# Usage: k8s_services.yml
+metallb_config_file_dest: /root/k8s/metal-config.yaml
+metallb_config_updated_file_dest: /root/k8s/metal-config-updated.yaml
+metallb_config_file_mode: 0655
+metallb_deployment_file_dest: /root/k8s/metallb.yaml
+metallb_deployment_file_mode: 0655
+metallb_yaml_url: https://raw.githubusercontent.com/google/metallb/v0.8.1/manifests/metallb.yaml
+metallb_addresses: |
+  addresses:
+        - 192.168.2.150/32
+        - 192.168.2.151/32
+        - 192.168.2.151/32
+        - 192.168.2.152/32
+        - 192.168.2.153/32
+        - 192.168.2.154/32
+        - 192.168.2.155/32
+        - 192.168.2.156/32
+        - 192.168.2.157/32
+        - 192.168.2.158/32
+        - 192.168.2.159/32
+metallb_container_port: "7472"
+metallb_run_as_user_port: "65534"
+k8s_dashboard_yaml_url: https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
+k8s_dashboard_admin_file_dest: /root/k8s/k8s_dashboard_admin.yaml
+k8s_dashboard_admin_file_mode: 0655
+nfs_path: /var/nfs_awx

control_plane/roles/control_plane_repo/tasks/main.yml

@@ -1,4 +1,4 @@
-# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -13,7 +13,5 @@
 #  limitations under the License.
 ---
 
-# Will be updated later in each PR
-- name: Pass
-  debug:
-    msg: "Pass"
+- name: NFS Server setup
+  import_tasks: nfs_server_setup.yml

control_plane/roles/control_plane_repo/tasks/nfs_server_setup.yml

@@ -0,0 +1,78 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+- name: Install nfs-utils
+  package:
+    name: nfs-utils
+    state: present
+
+- name: Install firewalld
+  package:
+    name: firewalld
+    state: present
+
+- name: Start and enable firewalld
+  service:
+    name: firewalld
+    state: started
+    enabled: yes
+
+- name: Start and enable rpcbind and nfs-server service
+  service:
+    name: "{{ item }}"
+    state: restarted
+    enabled: yes
+  with_items:
+    - rpcbind
+    - nfs-server
+
+- name: Creating NFS share directory
+  file:
+    path: "{{ item }}"
+    state: directory
+    mode: "{{ nfs_share_dir_mode }}"
+  with_items:
+    - "{{ nfs_share_offline_repo }}"
+    - "{{ nfs_share_awx }}"
+
+- name: Adding NFS share entries in /etc/exports
+  lineinfile:
+    path: "{{ exports_file_path }}"
+    line: "{{ item }} {{ ansible_default_ipv4.address }}(rw,sync,no_root_squash)"
+  with_items:
+    - "{{ nfs_share_offline_repo }}"
+    - "{{ nfs_share_awx }}"
+
+- name: Exporting the shared directories
+  command: exportfs -r
+  changed_when: true
+
+- name: Configuring firewall
+  firewalld:
+    service: "{{ item }}"
+    permanent: true
+    state: enabled
+  with_items:
+    - "{{ nfs_services }}"
+
+- name: Reload firewalld
+  command: firewall-cmd --reload
+  changed_when: true
+
+- name: Stop and disable firewalld
+  service:
+    name: firewalld
+    state: stopped
+    enabled: no

control_plane/roles/control_plane_repo/vars/main.yml

@@ -0,0 +1,26 @@
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+#  Licensed under the Apache License, Version 2.0 (the "License");
+#  you may not use this file except in compliance with the License.
+#  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+---
+
+# vars file for offline_repo
+
+# Usage: nfs_server_setup.yml
+nfs_share_offline_repo: /var/nfs_repo
+nfs_share_awx: /var/nfs_awx
+nfs_share_dir_mode: 0777
+exports_file_path: /etc/exports
+nfs_services:
+  - mountd
+  - rpc-bind
+  - nfs

control_plane/roles/provision_cobbler/files/inventory_creation.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -26,18 +26,18 @@
         vars_new: "{{ var| ipv4('address')| to_nice_yaml}}"
 
     - name: Create the static ip
-      shell: awk -F',' 'NR >1{print $3}' omnia/control_plane/roles/provision/files/new_mapping_file.csv > static_hosts.yml
+      shell: awk -F',' 'NR >1{print $3}' omnia/control_plane/roles/provision_cobbler/files/new_mapping_file.csv > static_hosts.yml
       changed_when: false
       ignore_errors: true
 
     - name: Create the dynamic inventory
       shell: |
-        echo "[all]" >  omnia/control_plane/roles/collect_node_info/files/provisioned_hosts.yml
+        echo "[all]" >  omnia/control_plane/roles/inventory/files/provisioned_hosts.yml
         echo "{{ vars_new }}" > temp.txt
         egrep -o '[1-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' temp.txt >>dynamic_hosts.yml
       changed_when: false
       ignore_errors: true
 
     - name: Final inventory
-      shell: cat dynamic_hosts.yml static_hosts.yml| sort -ur  >> omnia/control_plane/roles/collect_node_info/files/provisioned_hosts.yml
-      changed_when: false     
+      shell: cat dynamic_hosts.yml static_hosts.yml| sort -ur  >> omnia/control_plane/roles/inventory/files/provisioned_hosts.yml
+      changed_when: false

control_plane/roles/provision_cobbler/files/k8s_cobbler.yml

@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cobbler
+  namespace: cobbler
+  labels:
+    app: cobbler
+spec:
+  selector:
+    matchLabels:
+      app: cobbler
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: cobbler
+    spec:
+      hostNetwork: true
+      volumes:
+        - name: omnia-storage
+          hostPath:
+            path: /home/omnia/
+            type: Directory
+        - name: mnt-iso
+          hostPath:
+            path: /mnt/iso/
+            type: Directory
+      containers:
+        - name: cobbler
+          image: 'localhost/cobbler:latest'
+          imagePullPolicy: Never
+          command:
+            - /sbin/init
+          ports:
+            - containerPort: 25151
+            - containerPort: 443
+            - containerPort: 81
+            - containerPort: 69
+              protocol: UDP
+          volumeMounts:
+            - name: mnt-iso
+              mountPath: /mnt
+            - name: omnia-storage
+              mountPath: /root/omnia
+          securityContext:
+            privileged: true

control_plane/roles/provision_cobbler/files/kickstart.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -12,6 +12,7 @@
 #  See the License for the specific language governing permissions and
 #  limitations under the License.
 ---
+
 - name: Initial cobbler setup
   hosts: localhost
   connection: local
@@ -117,4 +118,4 @@
     cron:
       name: Create inventory
       minute: "*/5"
-      job: "ansible-playbook /root/inventory_creation.yml"
+      job: "ansible-playbook /root/inventory_creation.yml"

control_plane/roles/provision_cobbler/files/start_cobbler.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -22,6 +22,11 @@
       pause:
         minutes: 2
 
+    - name: Get cobbler pod name
+      command: 'kubectl get pod -n cobbler -l app=cobbler -o jsonpath="{.items[0].metadata.name}"'
+      changed_when: false
+      register: cobbler_pod_name
+
     - name: Execute cobbler sync in cobbler container
-      command: docker exec cobbler cobbler sync
+      command: 'kubectl exec --stdin --tty -n cobbler {{ cobbler_pod_name.stdout }} -- cobbler sync'
       changed_when: true

control_plane/roles/provision_cobbler/files/temp_centos7.ks

@@ -60,11 +60,4 @@ reboot
 %packages
 @core
 net-tools
-%end
-
-%post
-$SNIPPET('post_install_kernel_options')
-$SNIPPET('cobbler_register')
-$SNIPPET('kickstart_done')
-%end
-
+%end

control_plane/roles/provision_cobbler/files/temp_dhcp.template

@@ -19,8 +19,6 @@ set vendorclass = option vendor-class-identifier;
 option pxe-system-type code 93 = unsigned integer 16;
 
 subnet subnet_mask netmask net_mask {
-option routers router-ip;
-option domain-name-servers dns1, dns2;
 option subnet-mask net_mask;
 range dynamic-bootp start end;
 default-lease-time  21600;

control_plane/roles/provision_cobbler/files/tftp.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -43,4 +43,4 @@
       command: systemctl start dhcpd.service
       args:
         warn: no
-      when: "('inactive' in dhcp_status.stdout) or ('unknown' in dhcp_status.stdout)"
+      when: "('inactive' in dhcp_status.stdout) or ('unknown' in dhcp_status.stdout)"

control_plane/roles/provision_cobbler/tasks/check_prerequisites.yml

@@ -1,4 +1,4 @@
-# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -39,53 +39,68 @@
       msg: "All nodes are new"
       verbosity: 2
 
+- name: Get K8s namespaces
+  command: kubectl get namespaces
+  changed_when: false
+  register: k8s_namespaces
+
+- name: Create namespace network-config
+  command: kubectl create namespace cobbler
+  changed_when: true
+  when: "'cobbler' not in k8s_namespaces.stdout"
+
 - name: Inspect the cobbler image
-  docker_image_info:
-    name: cobbler
+  command: "buildah images {{ cobbler_image_name }}"
   register: cobbler_image_result
+  ignore_errors: true
+  changed_when: false
   tags: install
-  vars:
-    ansible_python_interpreter: "/usr/bin/python3"
 
-- name: Check cobbler status on the machine
-  docker_container_info:
-    name: cobbler
-  register: cobbler_result
+- name: Check cobbler pod status on the machine
+  command: kubectl get pods -n cobbler
+  register: cobbler_pod_result
+  ignore_errors: true
+  changed_when: false
   tags: install
-  vars:
-    ansible_python_interpreter: "/usr/bin/python3"
 
 - name: Update cobbler image status
   set_fact:
     cobbler_image_status: true
-  when: cobbler_image_result.images| length==1
+  when: "'No such image' not in cobbler_image_result.stderr"
   tags: install
 
 - name: Update cobbler container status
   set_fact:
     cobbler_container_status: true
-  when: cobbler_result.exists
+  when: "'cobbler' in cobbler_pod_result.stdout"
+  tags: install
+
+- name: Get cobbler pod name
+  command: 'kubectl get pod -n cobbler -l app=cobbler -o jsonpath="{.items[0].metadata.name}"'
+  changed_when: false
+  register: cobbler_pod_name
+  when: cobbler_container_status
   tags: install
 
 - name: Fetch cobbler profile list
-  command: docker exec cobbler cobbler profile list
+  command: "kubectl exec --stdin --tty -n {{ cobbler_pod_name.stdout }} -- cobbler profile list"
   changed_when: false
   register: cobbler_profile_list
   ignore_errors: true
-  when: cobbler_container_status == true
+  when: cobbler_container_status
 
 - name: Check crontab list
-  command: docker exec cobbler crontab -l
+  command: "kubectl exec --stdin --tty -n {{ cobbler_pod_name.stdout }} -- crontab -l"
   changed_when: false
   register: crontab_list
   ignore_errors: true
-  when: cobbler_container_status == true
+  when: cobbler_container_status
 
-- name: Update cobbler container status
+- name: Update cobbler config status
   set_fact:
     cobbler_config_status: true
   when:
-    - cobbler_container_status == true
+    - cobbler_container_status
     - "'CentOS' in cobbler_profile_list.stdout"
     - "'* * * * * ansible-playbook /root/tftp.yml' in crontab_list.stdout"
-    - "'5 * * * * ansible-playbook /root/inventory_creation.yml' in crontab_list.stdout"
+    - "'5 * * * * ansible-playbook /root/inventory_creation.yml' in crontab_list.stdout"

control_plane/roles/provision_cobbler/tasks/cobbler_image.yml

@@ -1,4 +1,4 @@
-# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,19 +14,25 @@
 ---
 
 - name: Image creation (It may take 5-10 mins)
-  docker_image:
-    name: "{{ docker_image_name }}"
-    tag: "{{ docker_image_tag }}"
-    source: build
-    build:
-      path: "{{ role_path }}/files/"
-      network: host
-    state: present
+  command: "buildah bud -t {{ cobbler_image_name }}:{{ cobbler_image_tag }} --network host ."
+  changed_when: true
+  args:
+    chdir: "{{ role_path }}/files/"
   tags: install
-  vars:
-    ansible_python_interpreter: "/usr/bin/python3"
 
-- name: Run cobbler container
-  command: "{{ cobbler_run_command }}"
-  changed_when: false
-  tags: install
+- name: Update image name in k8s_cobbler.yml
+  replace:
+    path: "{{ role_path }}/files/k8s_cobbler.yml"
+    regexp: 'localhost/cobbler:latest'
+    replace: "localhost/{{ cobbler_image_name }}:{{ cobbler_image_tag }}"
+
+- name: Update omnia project path in k8s_cobbler.yml
+  replace:
+    path: "{{ role_path }}/files/k8s_cobbler.yml"
+    regexp: 'path: /root/omnia'
+    replace: "path: {{ role_path.split('control_plane')[0] }}"
+
+- name: Deploy cobbler pod
+  command: "kubectl apply -f {{ role_path }}/files/k8s_cobbler.yml"
+  changed_when: true
+  tags: install

control_plane/roles/provision_cobbler/tasks/configure_cobbler.yml

@@ -1,4 +1,4 @@
-# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,24 +12,29 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 ---
-- name: Delete the cobbler container if exits
-  docker_container:
-    name: cobbler
-    state: absent
+
+- name: Deploy cobbler pod
+  command: "kubectl apply -f {{ role_path }}/files/k8s_cobbler.yml"
+  changed_when: true
   tags: install
-  when: cobbler_container_status == true and cobbler_config_status == false
+  when: cobbler_container_status and not cobbler_config_status
 
-- name: Run cobbler container
-  command: "{{ cobbler_run_command }}"
+- name: Wait for cobbler pod to come to ready state
+  command: kubectl wait --for=condition=ready -n cobbler pod -l app=cobbler
   changed_when: false
   tags: install
-  when: cobbler_container_status == true and cobbler_config_status == false
 
-- name: Configuring cobbler inside container (It may take 5-10 mins)
-  command: docker exec cobbler ansible-playbook /root/kickstart.yml
+- name: Get cobbler pod name
+  command: 'kubectl get pod -n cobbler -l app=cobbler -o jsonpath="{.items[0].metadata.name}"'
   changed_when: false
+  register: cobbler_pod_name
+  tags: install
+
+- name: Configuring cobbler inside container (It may take 5-10 mins)
+  command: "kubectl exec --stdin --tty -n cobbler {{ cobbler_pod_name.stdout }} -- ansible-playbook /root/kickstart.yml"
+  changed_when: true
   tags: install
-  when: cobbler_config_status == false
+  when: not cobbler_config_status
 
 - name: Schedule task
   cron:
@@ -37,12 +42,12 @@
     special_time: reboot
     job: "ansible-playbook {{ role_path }}/files/start_cobbler.yml"
   tags: install
-  when: cobbler_config_status == false
+  when: not cobbler_config_status
 
 - name: Execute cobbler sync in cobbler container
-  command: docker exec cobbler cobbler sync
+  command: 'kubectl exec --stdin --tty -n cobbler {{ cobbler_pod_name.stdout }} -- cobbler sync'
   changed_when: true
-  when: cobbler_config_status == true
+  when: cobbler_config_status
 
 - name: Remove the files
   file:
@@ -53,4 +58,4 @@
     - "{{ role_path }}/files/dhcp.template"
     - "{{ role_path }}/files/settings"
     - "{{ role_path }}/files/centos7.ks"
-    - "{{ role_path }}/files/new_mapping_file.csv.bak"
+    - "{{ role_path }}/files/new_mapping_file.csv.bak"

control_plane/roles/provision_cobbler/tasks/dhcp_configure.yml

@@ -1,4 +1,4 @@
-# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -32,27 +32,12 @@
     path: "{{ role_path }}/files/dhcp.template"
     regexp: '^option subnet-mask net_mask;'
     replace: 'option subnet-mask {{ netmask }};'
-  tags: install
-
-- name: Assign gateway
-  replace:
-    path: "{{ role_path }}/files/dhcp.template"
-    regexp: '^option routers router-ip;'
-    replace: 'option routers {{ dhcp_gateway }};'
-  tags: install
-
-- name: Assign DNS
-  replace:
-    path: "{{ role_path }}/files/dhcp.template"
-    regexp: '^option domain-name-servers dns1, dns2;'
-    replace: 'option domain-name-servers {{ dhcp_dns1 }}, {{ dhcp_dns2 }};'
-  tags: install
 
 - name: Assign DHCP range
   replace:
     path: "{{ role_path }}/files/dhcp.template"
     regexp: '^range dynamic-bootp start end;'
-    replace: 'range dynamic-bootp {{ dhcp_start_ip }} {{ dhcp_end_ip }};'
+    replace: 'range dynamic-bootp {{ host_network_dhcp_start_range }} {{ host_network_dhcp_end_range }};'
 
 - name: Create the cobbler settings file
   copy:
@@ -71,5 +56,4 @@
   replace:
     path: "{{ role_path }}/files/settings"
     regexp: '^next_server: ip'
-    replace: 'next_server: {{ hpc_ip }}'
-
+    replace: 'next_server: {{ hpc_ip }}'

control_plane/roles/provision_cobbler/tasks/firewall_settings.yml

@@ -1,4 +1,4 @@
-# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -61,4 +61,4 @@
   systemd:
     name: firewalld
     state: reloaded
-  tags: install
+  tags: install

control_plane/roles/provision_cobbler/tasks/main.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -26,7 +26,21 @@
   import_tasks: firewall_settings.yml
   when: not cobbler_container_status
 
-- name: Include control_plane_common variables
+- name: Decrpyt login_vars.yml
+  command: >-
+    ansible-vault decrypt {{ login_file }}
+    --vault-password-file {{ login_vault_file }}
+  changed_when: false
+
+- name: Include variable file login_vars.yml
+  include_vars: "{{ login_file }}"
+#  no_log: true
+
+- name: Include variable file base_vars.yml
+  include_vars: "{{ base_file }}"
+#  no_log: true
+
+- name: Include common variables
   include_vars: ../../control_plane_common/vars/main.yml
   when: not cobbler_container_status
 
@@ -38,13 +52,19 @@
   import_tasks: provision_password.yml
   when: not cobbler_image_status
 
+- name: Encypt login file
+  command: >-
+    ansible-vault encrypt {{ login_file }}
+    --vault-password-file {{ login_vault_file }}
+  changed_when: false
+
 - name: Dhcp Configuration
   import_tasks: dhcp_configure.yml
   when: (not cobbler_image_status) or ( backup_map_status == true)
 
 - name: Mapping file validation
   import_tasks: mapping_file.yml
-  when: (not cobbler_image_status) and (mapping_file == true) or ( backup_map_status == true)
+  when: (not cobbler_image_status) and (host_mapping_file == true) or ( backup_map_status == true)
 
 - name: Cobbler image creation
   import_tasks: cobbler_image.yml

control_plane/roles/provision_cobbler/tasks/mapping_file.yml

@@ -1,4 +1,4 @@
-# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -13,7 +13,7 @@
 ---
 
 - name: Check if file is comma seperated
-  shell: awk -F\, '{print NF-1}' {{ path_for_mapping_file }}
+  shell: awk -F\, '{print NF-1}' {{ host_mapping_file_path }}
   register: comma_seperated
   changed_when: false
   tags: install
@@ -26,19 +26,19 @@
   tags: install
 
 - name: Remove blank lines
-  shell:  awk -F, 'length>NF+1' {{ path_for_mapping_file }} > {{ role_path }}/files/new_mapping_file.csv
+  shell:  awk -F, 'length>NF+1' {{ host_mapping_file_path }} > {{ role_path }}/files/new_host_mapping_file.csv
   changed_when: false
   tags: install
 
 - name: Remove blank spaces
-  shell:  sed -i.bak -E 's/(^|,)[[:blank:]]+/\1/g; s/[[:blank:]]+(,|$)/\1/g'  {{ role_path }}/files/new_mapping_file.csv
+  shell:  sed -i.bak -E 's/(^|,)[[:blank:]]+/\1/g; s/[[:blank:]]+(,|$)/\1/g'  {{ role_path }}/files/new_host_mapping_file.csv
   args:
     warn: no
   changed_when: false
   tags: install
 
 - name: Check if header present
-  shell:  awk 'NR==1 { print $1}' {{ role_path }}/files/new_mapping_file.csv
+  shell:  awk 'NR==1 { print $1}' {{ role_path }}/files/new_host_mapping_file.csv
   register: header
   changed_when: false
   tags: install
@@ -49,37 +49,37 @@
   when: header.stdout !=  valid_header
 
 - name: Count the hostname
-  shell: awk -F',' '{print $2}' {{ role_path }}/files/new_mapping_file.csv | wc -l
+  shell: awk -F',' '{print $2}' {{ role_path }}/files/new_host_mapping_file.csv | wc -l
   register: total_hostname
   changed_when: false
   tags: install
 
 - name: Count the ip
-  shell: awk -F',' '{print $3}' {{ role_path }}/files/new_mapping_file.csv | wc -l
+  shell: awk -F',' '{print $3}' {{ role_path }}/files/new_host_mapping_file.csv | wc -l
   register: total_ip
   changed_when: false
   tags: install
 
 - name: Count the macs
-  shell: awk -F',' '{print $1}' {{ role_path }}/files/new_mapping_file.csv | wc -l
+  shell: awk -F',' '{print $1}' {{ role_path }}/files/new_host_mapping_file.csv | wc -l
   register: total_mac
   changed_when: false
   tags: install
 
 - name: Check for duplicate hostname
-  shell: awk -F',' '{print $2}' {{ role_path }}/files/new_mapping_file.csv | uniq | wc -l
+  shell: awk -F',' '{print $2}' {{ role_path }}/files/new_host_mapping_file.csv | uniq | wc -l
   register: uniq_hostname
   changed_when: false
   tags: install
 
 - name: Check for duplicate ip
-  shell: awk -F',' '{print $3}' {{ role_path }}/files/new_mapping_file.csv | uniq | wc -l
+  shell: awk -F',' '{print $3}' {{ role_path }}/files/new__host_mapping_file.csv | uniq | wc -l
   register: uniq_ip
   changed_when: false
   tags: install
 
 - name: Check for duplicate mac
-  shell: awk -F',' '{print $1}' {{ role_path }}/files/new_mapping_file.csv | uniq | wc -l
+  shell: awk -F',' '{print $1}' {{ role_path }}/files/new_host_mapping_file.csv | uniq | wc -l
   register: uniq_mac
   changed_when: false
   tags: install
@@ -103,7 +103,7 @@
   tags: install
 
 - name: Check if _ or . or space present in hostname
-  shell: awk -F',' '{print $2}' {{ role_path }}/files/new_mapping_file.csv |grep -E -- '_|\.| '
+  shell: awk -F',' '{print $2}' {{ role_path }}/files/new_host_mapping_file.csv |grep -E -- '_|\.| '
   register: hostname_result
   ignore_errors: true
   changed_when: false
@@ -118,7 +118,7 @@
 - name: Compare the file for new nodes
   block:
   - name: difference
-    shell: diff {{ role_path }}/files/new_mapping_file.csv {{role_path}}/files/backup_mapping_file.csv| tr -d \>|tr -d \<| grep -E -- ', & :| '
+    shell: diff {{ role_path }}/files/new_host_mapping_file.csv {{role_path}}/files/backup_host_mapping_file.csv| tr -d \>|tr -d \<| grep -E -- ', & :| '
     register: diff_output
     when: backup_map_status == true
 
@@ -149,18 +149,28 @@
 
 - name: Create a backup file
   copy:
-    src: "{{ role_path }}/files/new_mapping_file.csv"
-    dest: "{{ role_path }}/files/backup_mapping_file.csv"
+    src: "{{ role_path }}/files/new_host_mapping_file.csv"
+    dest: "{{ role_path }}/files/backup_host_mapping_file.csv"
+
+- name: Get cobbler pod name
+  command: 'kubectl get pod -n cobbler -l app=cobbler -o jsonpath="{.items[0].metadata.name}"'
+  changed_when: false
+  register: cobbler_pod_name
+  when: cobbler_container_status
+  tags: install
 
 - name: Copy the dhcp.template inside container
-  command: docker exec cobbler cp {{ role_path }}/files/dhcp.template /etc/cobbler/dhcp.template
+  command: 'kubectl exec --stdin --tty -n cobbler {{ cobbler_pod_name.stdout }} \
+    -- cp /root/omnia/control_plane/roles/provision_cobbler/files/dhcp.template /etc/cobbler/dhcp.template'
+  changed_when: true
   when:  ( cobbler_container_status == true ) and ( new_node_status == true )
 
 - name: Cobbler sync for adding new nodes
-  command: docker exec cobbler cobbler sync
+  command: 'kubectl exec --stdin --tty -n cobbler {{ cobbler_pod_name.stdout }} -- cobbler sync'
+  changed_when: true
   when:  ( cobbler_container_status == true ) and ( new_node_status == true )
 
 - name: Restart dhcpd
-  command: docker exec cobbler systemctl restart dhcpd
-  when:  ( cobbler_container_status == true ) and ( new_node_status == true )
-
+  command: 'kubectl exec --stdin --tty -n cobbler {{ cobbler_pod_name.stdout }} -- systemctl restart dhcpd'
+  changed_when: true
+  when:  ( cobbler_container_status == true ) and ( new_node_status == true )

control_plane/roles/provision_cobbler/tasks/mount_iso.yml

@@ -1,4 +1,4 @@
-# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -19,12 +19,12 @@
 
 - name: Create iso directory
   file:
-    path: "/mnt/{{ iso_path }}"
+    path: "/mnt/{{ iso_dir_name }}"
     state: directory
   tags: install
 
 - name: Check mountpoint
-  command: mountpoint /mnt/{{ iso_path }}
+  command: mountpoint /mnt/{{ iso_dir_name }}
   changed_when: false
   register: result
   ignore_errors: yes
@@ -36,9 +36,9 @@
   tags: install
 
 - name: Mount the iso file
-  command: mount -o loop {{ path_for_iso_file }} /mnt/{{ iso_path }}
+  command: mount -o loop {{ iso_file_path }} /mnt/{{ iso_dir_name }}
   changed_when: false
   args:
     warn: no
   when: mount_check == true
-  tags: install
+  tags: install

control_plane/roles/provision_cobbler/tasks/provision_password.yml

@@ -1,4 +1,4 @@
-#  Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+#  Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 #  Licensed under the Apache License, Version 2.0 (the "License");
 #  you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@
   file:
     path: "{{ role_path }}/files/.users.digest"
     state: touch
-    mode: 0644
+    mode: "{{ user_mode }}"
   tags: install
 
 - name: Encrypt cobbler password
@@ -67,7 +67,7 @@
   no_log: true
 
 - name: Login password
-  command: openssl passwd -1 -salt {{ random_phrase }} {{ cobbler_password }}
+  command: openssl passwd -1 -salt {{ random_phrase }} {{ provision_password }}
   no_log: true
   changed_when: false
   register: login_pass
@@ -85,12 +85,12 @@
   replace:
     path: "{{ role_path }}/files/centos7.ks"
     regexp: '^network  --bootproto=dhcp --device=nic --onboot=on'
-    replace: 'network  --bootproto=dhcp --device={{ nic }} --onboot=on'
+    replace: 'network  --bootproto=dhcp --device={{ host_network_nic }} --onboot=on'
   tags: install
 
 - name: Configure kickstart file- timezone
   replace:
     path: "{{ role_path }}/files/centos7.ks"
     regexp: '^timezone --utc ks_timezone'
-    replace: 'timezone --utc {{ ks_timezone }}'
+    replace: 'timezone --utc {{ timezone }}'
   tags: install

control_plane/roles/provision_cobbler/vars/main.yml

@@ -1,4 +1,4 @@
-# Copyright 2020 Dell Inc. or its subsidiaries. All Rights Reserved.
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -26,20 +26,23 @@ not_comma_seperated: "Failed: Mapping file should be comma seperated."
 
 #Usage: check_prerequisite.yml
 iso_name: CentOS-7-x86_64-Minimal-2009.iso
-iso_fail: "Iso file not found. Download and copy the iso file to omnia/appliance/roles/provision/files"
+iso_fail: "Iso file not found. Download and copy the iso file to omnia/control_plane/roles/provision_cobbler/files"
 
 # Usage: provision_password.yml
 provision_encrypted_dest: ../files/
+login_file: "{{ role_path }}/../../input_params/login_vars.yml"
+base_file: "{{ role_path }}/../../input_params/base_vars.yml"
+login_vault_file: "{{ role_path }}/../../input_params/.login_vault_key"
 username: cobbler
+user_mode: 0644
 
 # Usage: cobbler_image.yml
-docker_image_name: cobbler
-docker_image_tag: latest
-cobbler_run_command: docker run -itd --privileged --net=host --restart=always -v {{ mount_path }}:/root/omnia  -v cobbler_www:/var/www/cobbler:Z -v cobbler_backup:/var/lib/cobbler/backup:Z -v /mnt/iso:/mnt:Z -p 69:69/udp -p 81:80 -p 443:443 -p 25151:25151 --name cobbler  cobbler:latest  /sbin/init
+cobbler_image_name: cobbler
+cobbler_image_tag: latest
 
 # Usage: main.yml
 message_skipped: "Installation Skipped: Cobbler instance is already running in your system"
 message_installed: "Installation Successful"
 
 # Usage: mount_iso.yml
-iso_path: iso
+iso_dir_name: iso