Issue #442: Enhance security and validation changes in common role of control_plane.yml

Signed-off-by: sakshiarora13 <sakshi_arora1@dell.com>

.all-contributorsrc

@@ -161,6 +161,15 @@
       "contributions": [
         "code"
       ]
+    },
+    {
+      "login": "ishitadatta",
+      "name": "Ishita Datta",
+      "avatar_url": "https://avatars.githubusercontent.com/u/48859631?v=4",
+      "profile": "https://rb.gy/ndlbhv",
+      "contributions": [
+        "doc"
+      ]
     }
   ],
   "contributorsPerLine": 7,

README.md

@@ -49,6 +49,7 @@ Thanks goes to everyone who makes Omnia possible ([emoji key](https://allcontrib
   </tr>
   <tr>
     <td align="center"><a href="https://github.com/VishnupriyaKrish"><img src="https://avatars.githubusercontent.com/u/72784834?v=4?s=100" width="100px;" alt=""/><br /><sub><b>VishnupriyaKrish</b></sub></a><br /><a href="https://github.com/dellhpc/omnia/commits?author=VishnupriyaKrish" title="Code">💻</a></td>
+    <td align="center"><a href="https://rb.gy/ndlbhv"><img src="https://avatars.githubusercontent.com/u/48859631?v=4?s=100" width="100px;" alt=""/><br /><sub><b>Ishita Datta</b></sub></a><br /><a href="https://github.com/dellhpc/omnia/commits?author=ishitadatta" title="Documentation">📖</a></td>
   </tr>
 </table>
 

control_plane/input_params/base_vars.yml

@@ -118,10 +118,6 @@ host_network_nic: "eno3"
 host_network_dhcp_start_range: ""
 host_network_dhcp_end_range: ""
 
-dhcp_gateway: ""
-dhcp_dns1: ""
-dhcp_dns2: ""
-
 # The mapping file consists of the MAC address and its respective IP address and hostname.
 # The format of mapping file should be MAC,hostname,IP and must be a CSV file.
 # Eg: xx:yy:zz:aa:bb,server,172.17.0.5
@@ -133,8 +129,8 @@ host_mapping_file_path: ""
 
 # The nic/ethernet card that needs to be connected to configure infiniband switch
 # This nic will be configured by Omnia for the DHCP server.
-# Default value of nic is ib0
-ib_network_nic: "ib0"
+# Default value of nic is ib1
+ib_network_nic: "ib1"
 
 # The dhcp range for assigning the IPv4 address
 # Example: 172.17.0.1

control_plane/input_params/login_vars.yml

@@ -29,6 +29,18 @@ provision_password: ""
 # Mandatory value required
 cobbler_password: ""
 
+### Usage: provision_idrac ###
+
+# The username for idrac
+# The username must not contain -,\, ',"
+# Mandatory value required
+idrac_username: ""
+
+# Password used for idrac
+# The password must not contain -,\, ',"
+# Mandatory value required
+idrac_password: ""
+
 ### Usage: webui_awx ###
 
 # Password used for awx UI
@@ -43,7 +55,6 @@ cobbler_password: ""
 ethernet_switch_username: ""
 
 # Password used for ethernet switch
-# The Length of the password should be at least 8.
 # The password must not contain -,\, ',"
 ethernet_switch_password: ""
 
@@ -54,23 +65,9 @@ ethernet_switch_password: ""
 ib_username: ""
 
 # Password used for infiniband switch
-# The Length of the password should be at least 8.
 # The password must not contain -,\, ',"
 ib_password: ""
 
-### Usage: provision_idrac ###
-
-# The username for idrac
-# The username must not contain -,\, ',"
-# Mandatory value required
-idrac_username: ""
-
-# Password used for idrac
-# The Length of the password should be at least 8.
-# The password must not contain -,\, ',"
-# Mandatory value required
-idrac_password: ""
-
 ### Usage: powervault_me4 ###
 
 # The username for powervault_me4
@@ -78,6 +75,7 @@ idrac_password: ""
 powervault_me4_username: ""
 
 # Password used for powervault_me4
-# The Length of the password should be at least 8.
-# The password must not contain -,\, ',"
+# The password should have atleast one uppercase character, one lowercase character,
+# one numeric character and one non-alphanumeric character.
+# The password must not contain -,\, ',", . , < , comma(,)
 powervault_me4_password: ""

control_plane/input_params/powervault_me4_vars.yml

@@ -15,27 +15,18 @@
 
 ### Usage: powervault_me4 ###
 
-# User type of powervault_me4
-# The vaules supported are "standard" and "SNMPv3"
-# The default value is "standard"
-powervault_me4_usertype: "standard"
-
-# The user roles for managing and monitoring powervault_me4
-# The values supported are "monitor" and "manage"
-# The default value is "manage"
-# Only "manage" role allows - Addition of disk groups and creation of volumes 
-powervault_me4_roles: "manage"
-
 # This variable indicates the language selection
 # Currently only "English" is supported
 locale: "English"
 
 # Specify the system name to identify the system
-# By default it is set to "Uninitialized Name"
-powervault_me4_system_name: "Unintialized Name"
+# By default it is set to "Uninitialized_Name"
+# Length should be less than 30 and it should not contain space.
+# This is "optional"
+powervault_me4_system_name: "Unintialized_Name"
 
 # Specify the snmp notification level
-# critical: Sends notifications for Critical events only.
+# crit: Sends notifications for Critical events only.
 # error: Sends notifications for Error and Critical events.
 # warn: Sends notifications for Warning, Error, and Critical events.
 # resolved: Sends notifications for Resolved, Warning, Error, and Critical events.
@@ -43,26 +34,19 @@ powervault_me4_system_name: "Unintialized Name"
 # none: All events are excluded from trap notification and traps are disabled. 
 # However, Critical events and managed-logs events 400–402 are sent regardless of the notification setting.
 # Default value is "none"
+# Compulsory
 powervault_me4_snmp_notify_level: "none"
 
-# Specify the disk group name
-# If left blank, system automatically assigns the name
-powervault_me4_disk_group_name: ""
-
-# Specify the disk type
-# Values supported are "Virtual" and "Read Cache"
-powervault_me4_disk_type: "Virtual"
-
 # Specify the required RAID Level
 # The different RAID levels and the min and max number of disks supported for each RAID are
-# RAID1: 2
-# RAID5: 3-16
-# RAID6: 4-16
-# RAID10: 4-16
-# ADAPT: 12-128
-# Default value is "RAID1"
-# If Type "Read Cache" is selected, then RAID levels are not required
-powervault_me4_raid_levels: "RAID1"
+# r1/raid1: 2
+# r5/raid5: 3-16
+# r6/raid6: 4-16
+# r10/raid10: 4-16
+# adapt: 12-128
+# Default value is "raid1"
+# Compulsory
+powervault_me4_raid_levels: "raid1"
 
 # Specify the range of disks
 # Select a range of disks within an enclosure by entering a comma-separated list that contains 
@@ -70,13 +54,37 @@ powervault_me4_raid_levels: "RAID1"
 # Use the format enclosure-number.disk-range,enclosure-number.disk-range. 
 # For example, to select disks 3-12 in enclosure 1 and 5-23 in enclosure 2, enter 1.3-12,2.5-23.
 # For ME4012 - 0.0-0.11,1.0-1.11 are the allowed values
-powervault_me4_disk_range: ""
+# Default value is 0.1-2
+# Compulsory
+powervault_me4_disk_range: "0.1-2"
 
-# Specify the volume name
+# Specify the volume names
 # Cannot be left blank
-# the default value is "pv_omnia"
-powervault_me4_volume_name: "pv_omnia"
+# the default value is "k8s_volume" and "slurm_volume"
+# Compulsory
+powervault_me4_k8s_volume_name: "k8s_volume"
+powervault_me4_slurm_volume_name: "slurm_volume"
+
+# Specify the disk group name
+# If left blank, system automatically assigns the name
+powervault_me4_disk_group_name: "omnia"
+
+# Specify the percentage for partition in disk
+# Default value is "60%"
+# Compulsory
+powervault_me4_disk_partition_size: "60"
 
 # Specify the volume size
 # Format: 100GB <SizeGB>
-powervault_me4_volume_size: "100GB"
+# Compulsory
+powervault_me4_volume_size: "100GB"
+
+#Specify the pool for volume
+# Pool can either be  a/A or b/B.
+# Compulsory
+powervault_me4_pool: "a"
+
+# Specify the nic of the server with which Powervault is connected.
+# Default value is eno1.
+# Compulsory
+powervault_me4_server_nic: "eno1"

control_plane/roles/control_plane_common/tasks/password_config.yml

@@ -40,167 +40,140 @@
       idrac_username | length < 1 or
       idrac_password | length < 1
 
-- name: Assert provision_password
-  assert:
-    that:
-      - provision_password | length > min_length | int - 1
-      - provision_password | length < max_length | int + 1
-      - '"-" not in provision_password '
-      - '"\\" not in provision_password '
-      - '"\"" not in provision_password '
-      - " \"'\" not in provision_password "
-    success_msg: "{{ success_msg_provision_password }}"
-    fail_msg: "{{ fail_msg_provision_password }}"
-  register: provision_password_check
-
-- name: Assert cobbler_password
-  assert:
-    that:
-      - cobbler_password | length > min_length | int - 1
-      - cobbler_password | length < max_length | int + 1
-      - '"-" not in cobbler_password '
-      - '"\\" not in cobbler_password '
-      - '"\"" not in cobbler_password '
-      - " \"'\" not in cobbler_password "
-    success_msg: "{{ success_msg_cobbler_password }}"
-    fail_msg: "{{ fail_msg_cobbler_password }}"
-  register: cobbler_password_check
-
-- name: Assert idrac_username
-  assert:
-    that:
-      - idrac_username | length >= min_username_length
-      - idrac_username | length < max_length
-      - '"-" not in idrac_username '
-      - '"\\" not in idrac_username '
-      - '"\"" not in idrac_username '
-      - " \"'\" not in idrac_username "
-    success_msg: "{{ success_idrac_username }}"
-    fail_msg: "{{ fail_idrac_username }}"
-
-- name: Assert idrac_password
-  assert:
-    that:
-      - idrac_password | length > min_username_length | int - 1
-      - idrac_password | length < max_length | int + 1
-      - '"-" not in idrac_password '
-      - '"\\" not in idrac_password '
-      - '"\"" not in idrac_password '
-      - " \"'\" not in idrac_password "
-    success_msg: "{{ success_msg_idrac_password }}"
-    fail_msg: "{{ fail_msg_idrac_password }}"
-  register: idrac_password_check
-
-- name: Verify ethernet_switch_username and ethernet_switch_password are not empty
-  assert:
-    that:
-      - ethernet_switch_username | length > 0
-      - ethernet_switch_password | length > 0
-    success_msg: "{{ ethernet_params_success_msg }}"
-    fail_msg: "{{ ethernet_params_empty_fail_msg }}"
-  when: ethernet_switch_support
-
-- name: Assert ethernet_switch_username
-  assert:
-    that:
-      - ethernet_switch_username | length >= min_username_length
-      - ethernet_switch_username | length < max_length
-      - '"-" not in ethernet_switch_username '
-      - '"\\" not in ethernet_switch_username '
-      - '"\"" not in ethernet_switch_username '
-      - " \"'\" not in ethernet_switch_username "
-    success_msg: "{{ success_ethernet_switch_username }}"
-    fail_msg: "{{ fail_ethernet_switch_username }}"
-  when: ethernet_switch_support
-
-- name: Assert ethernet_switch_password
-  assert:
-    that:
-      - ethernet_switch_password | length > min_username_length | int - 1
-      - ethernet_switch_password | length < max_length | int + 1
-      - '"-" not in ethernet_switch_password '
-      - '"\\" not in ethernet_switch_password '
-      - '"\"" not in ethernet_switch_password '
-      - " \"'\" not in ethernet_switch_password "
-    success_msg: "{{ success_msg_ethernet_switch_password }}"
-    fail_msg: "{{ fail_msg_ethernet_switch_password }}"
+- name: Assert provision credentials
+  block:
+    - name: Assert provision_password
+      assert:
+        that:
+          - provision_password | length > min_length | int - 1
+          - provision_password | length < max_length | int + 1
+          - '"-" not in provision_password '
+          - '"\\" not in provision_password '
+          - '"\"" not in provision_password '
+          - " \"'\" not in provision_password "
+      no_log: true
+  rescue:
+    - name: Provision password validation check
+      fail:
+        msg: "{{ fail_msg_provision_password }}"
+
+- name: Assert cobbler credentials
+  block:
+    - name: Assert cobbler_password
+      assert:
+        that:
+          - cobbler_password | length > min_length | int - 1
+          - cobbler_password | length < max_length | int + 1
+          - '"-" not in cobbler_password '
+          - '"\\" not in cobbler_password '
+          - '"\"" not in cobbler_password '
+          - " \"'\" not in cobbler_password "
+      no_log: true
+  rescue:
+    - name: Cobbler password validation check
+      fail:
+        msg: "{{ fail_msg_cobbler_password }}"
+
+- name: Assert idrac credentials
+  block:
+    - name: Assert idrac_username and idrac_password
+      assert:
+        that:
+          - idrac_username | length >= min_username_length
+          - idrac_username | length < max_length
+          - '"-" not in idrac_username '
+          - '"\\" not in idrac_username '
+          - '"\"" not in idrac_username '
+          - " \"'\" not in idrac_username "
+          - idrac_password | length > min_username_length | int - 1
+          - idrac_password | length < max_length | int + 1
+          - '"-" not in idrac_password '
+          - '"\\" not in idrac_password '
+          - '"\"" not in idrac_password '
+          - " \"'\" not in idrac_password "
+      no_log: true
+  rescue:
+    - name: idrac credentials validation check
+      fail:
+        msg: "{{ fail_msg_idrac_credentials }}"
+
+- name: Assert username and password for ethernet switches
+  block:
+    - name: Verify ethernet_switch_username and ethernet_switch_password are not empty
+      assert:
+        that:
+          - ethernet_switch_username | length >= min_username_length
+          - ethernet_switch_username | length < max_length
+          - '"-" not in ethernet_switch_username '
+          - '"\\" not in ethernet_switch_username '
+          - '"\"" not in ethernet_switch_username '
+          - " \"'\" not in ethernet_switch_username "
+          - ethernet_switch_password | length > min_username_length | int - 1
+          - ethernet_switch_password | length < max_length | int + 1
+          - '"-" not in ethernet_switch_password '
+          - '"\\" not in ethernet_switch_password '
+          - '"\"" not in ethernet_switch_password '
+          - " \"'\" not in ethernet_switch_password "
+      no_log: true
+  rescue:
+    - name: ethernet switch credentials validation check
+      fail:
+        msg: "{{ fail_msg_ethernet_credentials }}"
   when: ethernet_switch_support
 
-- name: Verify ib_username and ib_password are not empty
-  assert:
-    that:
-      - ib_username | length > 0
-      - ib_password | length > 0
-    success_msg: "{{ ib_params_success_msg }}"
-    fail_msg: "{{ ib_params_empty_fail_msg }}"
+- name: Assert username and password for IB switches
+  block:
+    - name: Assert ib_username and ib_password
+      assert:
+        that:
+          - ib_username | length >= min_username_length
+          - ib_username | length < max_length
+          - '"-" not in ib_username '
+          - '"\\" not in ib_username '
+          - '"\"" not in ib_username '
+          - " \"'\" not in ib_username "
+          - ib_password | length > min_username_length | int - 1
+          - ib_password | length < max_length | int + 1
+          - '"-" not in ib_password '
+          - '"\\" not in ib_password '
+          - '"\"" not in ib_password '
+          - " \"'\" not in ib_password "
+      no_log: true
+  rescue:
+    - name: IB switch credentials validation check
+      fail:
+        msg: "{{ fail_msg_ib_credentials }}"
   when: ib_switch_support
 
-- name: Assert ib_username
-  assert:
-    that:
-      - ib_username | length >= min_username_length
-      - ib_username | length < max_length
-      - '"-" not in ib_username '
-      - '"\\" not in ib_username '
-      - '"\"" not in ib_username '
-      - " \"'\" not in ib_username "
-    success_msg: "{{ success_ib_username }}"
-    fail_msg: "{{ fail_ib_username }}"
-  when: ib_switch_support
-
-- name: Assert ib_password
-  assert:
-    that:
-      - ib_password | length > min_username_length | int - 1
-      - ib_password | length < max_length | int + 1
-      - '"-" not in ib_password '
-      - '"\\" not in ib_password '
-      - '"\"" not in ib_password '
-      - " \"'\" not in ib_password "
-    success_msg: "{{ success_msg_ib_password }}"
-    fail_msg: "{{ fail_msg_ib_password }}"
-  when: ib_switch_support
-
-- name: Verify powervault_me4_username and powervault_me4_password are not empty
-  assert:
-    that:
-      - powervault_me4_username | length > 0
-      - powervault_me4_password | length > 0
-    success_msg: "{{ pv_params_success_msg }}"
-    fail_msg: "{{ pv_params_empty_fail_msg }}"
-  when: powervault_support
-
-- name: Assert powervault_me4_username
-  assert:
-    that:
-      - powervault_me4_username | length >= min_username_length
-      - powervault_me4_username | length < max_length
-      - '"-" not in powervault_me4_username '
-      - '"\\" not in powervault_me4_username '
-      - '"\"" not in powervault_me4_username '
-      - " \"'\" not in powervault_me4_username "
-    success_msg: "{{ success_powervault_me4_username }}"
-    fail_msg: "{{ fail_powervault_me4_username }}"
-  when: powervault_support
-
-- name: Assert powervault_me4_password
-  assert:
-    that:
-      - powervault_me4_password | length > min_length | int - 1
-      - powervault_me4_password | length < max_length | int + 1
-      - '"-" not in powervault_me4_password '
-      - '"," not in powervault_me4_password '
-      - '"." not in powervault_me4_password '
-      - '"<" not in powervault_me4_password '
-      - '"\\" not in powervault_me4_password '
-      - '"\"" not in powervault_me4_password '
-      - " \"'\" not in powervault_me4_password "
-      - powervault_me4_password | regex_search('^(?=.*[a-z]).+$')
-      - powervault_me4_password | regex_search('^(?=.*[A-Z]).+$')
-      - powervault_me4_password | regex_search('^(?=.*\\d).+$')
-      - powervault_me4_password | regex_search('^(?=.*[!#$%&()*+/:;=>?@^_`{} ~]).+$')
-    success_msg: "{{ success_msg_powervault_me4_password }}"
-    fail_msg: "{{ fail_msg_powervault_me4_password }}"
+- name: Assert username and password for powervault me4
+  block:
+    - name: Assert powervault_me4_username and powervault_me4_password
+      assert:
+        that:
+          - powervault_me4_username | length >= min_username_length
+          - powervault_me4_username | length < max_length
+          - '"-" not in powervault_me4_username '
+          - '"\\" not in powervault_me4_username '
+          - '"\"" not in powervault_me4_username '
+          - " \"'\" not in powervault_me4_username "
+          - powervault_me4_password | length > min_length | int - 1
+          - powervault_me4_password | length < max_length | int + 1
+          - '"-" not in powervault_me4_password '
+          - '"," not in powervault_me4_password '
+          - '"." not in powervault_me4_password '
+          - '"<" not in powervault_me4_password '
+          - '"\\" not in powervault_me4_password '
+          - '"\"" not in powervault_me4_password '
+          - " \"'\" not in powervault_me4_password "
+          - powervault_me4_password | regex_search('^(?=.*[a-z]).+$')
+          - powervault_me4_password | regex_search('^(?=.*[A-Z]).+$')
+          - powervault_me4_password | regex_search('^(?=.*\\d).+$')
+          - powervault_me4_password | regex_search('^(?=.*[!#$%&()*+/:;=>?@^_`{} ~]).+$')
+      no_log: true
+  rescue:
+    - name: Powervault me4 credentials validation check
+      fail:
+        msg: "{{ fail_msg_me4_credentials }}"
   when: powervault_support
 
 - name: Create ansible vault key

control_plane/roles/control_plane_common/tasks/verify_omnia_params.yml

@@ -91,6 +91,14 @@
     docker_password: "{{ docker_password }}"
   no_log: True
 
+- name: Validate the domain name
+  assert:
+    that:
+      - domain_name is regex("^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,6}$")
+    success_msg: "{{ domain_name_success_msg }}"
+    fail_msg: "{{ domain_name_fail_msg }}"
+  when: domain_name | length > 0
+
 - name: Encrypt input config file
   command: >-
     ansible-vault encrypt {{ role_path }}/../../../{{ config_filename }}

control_plane/roles/control_plane_common/vars/main.yml

@@ -59,31 +59,11 @@ vault_file_perm: '0644'
 nic_min_length: 3
 input_config_failure_msg: "Please provide all the required parameters in login_vars.yml"
 fail_msg_provision_password: "Failed. Incorrect provision_password format provided in login_vars.yml"
-success_msg_provision_password: "provision_password validated"
 fail_msg_cobbler_password: "Failed. Incorrect cobbler_password format provided in login_vars.yml file"
-success_msg_cobbler_password: "cobbler_password validated"
-success_idrac_username: "idrac username validated"
-fail_idrac_username: "Failed. Incorrect idrac_username format provided in base_vars.yml"
-success_msg_idrac_password: "idrac password validated"
-fail_msg_idrac_password: "Failed. Incorrect idrac_password format provided in base_vars.yml"
-ethernet_params_success_msg: "Ethernet switch username and password are not blank"
-ethernet_params_empty_fail_msg: "Failed. ethernet switch username or password cannot be empty when ethernet_switch_support is true"
-success_ethernet_switch_username: "Ethernet switch username validated"
-fail_ethernet_switch_username: "Failed. Incorrect ethernet_switch_username format provided in base_vars.yml"
-success_msg_ethernet_switch_password: "Ethernet password validated"
-fail_msg_ethernet_switch_password: "Failed. Incorrect ethernet_switch_password format provided in base_vars.yml"
-ib_params_success_msg: "InfiniBand switch username and password are not blank"
-ib_params_empty_fail_msg: "Failed. InfiniBand username or password cannot be empty when ib_switch_support is true"
-success_ib_username: "ib username validated"
-fail_ib_username: "Failed. Incorrect ib_username format provided in base_vars.yml"
-success_msg_ib_password: "ib password validated"
-fail_msg_ib_password: "Failed. Incorrect ib_password format provided in base_vars.yml"
-pv_params_success_msg: "Powervault switch username and password are not blank"
-pv_params_empty_fail_msg: "Failed. Powervault username or password cannot be empty when powervault_support is true"
-success_powervault_me4_username: "powervault username validated"
-fail_powervault_me4_username: "Failed. Incorrect powervault_username format provided in base_vars.yml"
-success_msg_powervault_me4_password: "powervault password validated"
-fail_msg_powervault_me4_password: "Failed. Incorrect powervault_password format provided in base_vars.yml"
+fail_msg_idrac_credentials: "Failed. Incorrect idrac_username or idrac_password format provided in login_vars.yml"
+fail_msg_ethernet_credentials: "Failed. Incorrect ethernet_switch_username or ethernet_switch_password format provided in login_vars.yml"
+fail_msg_ib_credentials: "Failed. Incorrect ib_username or ib_password format provided in login_vars.yml"
+fail_msg_me4_credentials: "Failed. Incorrect powervault_me4_username or powervault_me4_password format provided in login_vars.yml"
 
 # Usage: verify_omnia_params.yml
 config_filename: "omnia_config.yml"
@@ -152,7 +132,7 @@ idrac_tools_vars_filename: input_params/idrac_tools_vars.yml
 # Usage: nfs_server_setup.yml
 nfs_share_offline_repo: /var/nfs_repo
 nfs_share_awx: /var/nfs_awx
-nfs_share_dir_mode: 0644
+nfs_share_dir_mode: 0777
 exports_file_path: /etc/exports
 nfs_services:
   - mountd

control_plane/roles/control_plane_ib/tasks/main.yml

@@ -15,47 +15,47 @@
 
 # Tasks file for infiniband
 
-- name: Check infiniband_container status on machine
-  include_tasks: check_prerequisites.yml
-
-- name: Include common variables
-  include_vars:  ../../control_plane_common/vars/main.yml
-  when: not infiniband_container_status
-
-- name: Internet validation
-  include_tasks:  ../../control_plane_common/tasks/internet_validation.yml
-  when: not infiniband_container_status
-
-#- name: Fetch base inputs
-#  include_tasks: ../../control_plane_common/tasks/fetch_base_inputs.yml
-#  when: not infiniband_container_status
+- name: Check if IB switch is supported
+  block:
+    - name: Check infiniband_container status on machine
+      include_tasks: check_prerequisites.yml
 
-- name: Include variable file base_vars.yml
-  include_vars: "{{ ib_base_file }}"
+    - name: Include common variables
+      include_vars:  ../../control_plane_common/vars/main.yml
+      when: not infiniband_container_status
 
-- name: Dhcp Configuration
-  import_tasks: dhcp_configure.yml
-  when: (not infiniband_container_image_status) or ( infiniband_backup_map_status == true)
+    - name: Internet validation
+      include_tasks:  ../../control_plane_common/tasks/internet_validation.yml
+      when: not infiniband_container_status
 
-#- name: Mapping file validation
-#  import_tasks: mapping_file.yml
-#  when: (not infiniband_container_image_status) and (mapping_file == true) or ( backup_map_status == true)
+    - name: Include variable file base_vars.yml
+      include_vars: "{{ base_file }}"
 
-- name: infiniband_container image creation
-  import_tasks: infiniband_container_image.yml
-  when: not infiniband_container_status
+    - name: Dhcp Configuration
+      import_tasks: dhcp_configure.yml
+      when: (not infiniband_container_image_status) or ( infiniband_backup_map_status == true)
 
-- name: infiniband_container configuration
-  import_tasks: configure_infiniband_container.yml
+    #- name: Mapping file validation
+    #  import_tasks: mapping_file.yml
+    #  when: (not infiniband_container_image_status) and (mapping_file == true) or ( backup_map_status == true)
 
-- name: infiniband_container container status message
-  block:
-    - debug:
-        msg: "{{ infiniband_message_skipped }}"
-        verbosity: 2
-      when: infiniband_container_status
-    - debug:
-        msg: "{{ infiniband_message_installed }}"
-        verbosity: 2
+    - name: infiniband_container image creation
+      import_tasks: infiniband_container_image.yml
       when: not infiniband_container_status
-  tags: install
+
+    - name: infiniband_container configuration
+      import_tasks: configure_infiniband_container.yml
+
+    - name: infiniband_container container status message
+      block:
+        - debug:
+            msg: "{{ infiniband_message_skipped }}"
+            verbosity: 2
+          when: infiniband_container_status
+        - debug:
+            msg: "{{ infiniband_message_installed }}"
+            verbosity: 2
+          when: not infiniband_container_status
+      tags: install
+
+  when: ib_switch_support