input_params/base_vars.yml
, input_params/login_vars.yml
and idrac_vars.yml
per the provided Input Parameter Guides.kubectl get svc -n awx
.kubectl get secret awx-admin-password -n awx -o jsonpath="{.data.password}" | base64 --decode
.http://<IP>:8052
, where IP is the awx-ui IP address and 8052 is the awx-ui port number. Log in to the AWX UI using the username as admin
and the retrieved password.Omnia role used to provision custom ISO on PowerEdge Servers using iDRAC: provision_idrac
For the idrac.yml
file to successfully provision the custom ISO on the PowerEdge Servers, ensure that the following prerequisites are met:
provision_method
is set to PXE in base_vars.yml
, ensure that all PXE devices have a configured, active NIC. To verify/ configure NIC availability: On the server, go to BIOS Setup -> Network Settings -> PXE Device
. For each listed device (typically 4), configure/ check for an active NIC under PXE device settings
The provision_idrac file configures and validates the following:
After the configurations are validated, the provision_idrac file provisions the custom ISO on the PowerEdge Servers. After the OS is provisioned successfully, iDRAC IP addresses are updated in the provisioned_idrac_inventory in AWX.
Note:
- The
idrac.yml
file initiates the provisioning of custom ISO on the PowerEdge servers. Wait for some time for the node inventory to be updated on the AWX UI.- Due to the latest
catalog.xml
file, Firmware updates may fail for certain components. Omnia execution doesn't get interrupted but an error gets logged on AWX. For now, please download those individual updates manually.
To provision newly added servers, wait till the iDRAC IP addresses are automatically added to the idrac_inventory. After the iDRAC IP addresses are added, launch the iDRAC template on the AWX UI to provision CentOS custom OS on the servers.
If you want to re-provision all the servers in the cluster or any of the faulty servers, you must remove the respective iDRAC IP addresses from provisioned_idrac_inventory on AWX UI and then launch the iDRAC template. If required, you can delete the provisioned_idrac_inventory from the AWX UI to remove the IP addresses of provisioned servers. After the servers are provisioned, provisioned_idrac_inventory is created and updated on the AWX UI.
Omnia role used: provision_cobbler
Ports used by Cobbler:
To create the Cobbler image, Omnia configures the following:
To access the Cobbler dashboard, enter https://<IP>/cobbler_web
where <IP>
is the Global IP address of the control plane. For example, enter
https://100.98.24.225/cobbler_web
to access the Cobbler dashboard.
Note: After the Cobbler Server provisions the operating system on the servers, IP addresses and hostnames are assigned by the DHCP service.
- If a mapping file is not provided, the hostname to the server is provided based on the following format: computexxx-xxx where "xxx-xxx" is the last two octets of the Host IP address. For example, if the Host IP address is 172.17.0.11 then the assigned hostname by Omnia is compute0-11.
- If a mapping file is provided, the hostnames follow the format provided in the mapping file.
Note: If you want to add more nodes, append the new nodes in the existing mapping file. However, do not modify the previous nodes in the mapping file as it may impact the existing cluster.
Note: With the addition of Multiple profiles, the cobbler container dynamically updates the mount point based on the value of
provision_os
inbase_vars.yml
.
Omnia now supports DHCP routing via Cobbler. To enable routing, update the primary_dns
and secondary_dns
in base_vars
with the appropriate IPs (hostnames are currently not supported). For compute nodes that are not directly connected to the internet (ie only host network is configured), this configuration allows for internet connectivity.
Omnia provides the following options to enhance security on the provisioned PowerEdge servers:
idrac_vars.yml
file.idrac_vars.yml
file.2-factor authentication (2FA): To enable the 2FA on iDRAC, set the two_factor_authentication variable to "enabled" in the idrac_vars.yml
file.
WARNING: If 2FA is enabled on iDRAC, you must manually disable 2FA on iDRAC by setting the Easy 2FA State to "Disabled" for the user specified in the login_vars.yml
file to run other iDRAC playbooks.
Before executing the idrac_2fa.yml, you must edit the idrac_tools_vars.yml
by running the following command: ansible-vault edit idrac_tools_vars.yml --vault-password-file .idrac_vault_key
.
Provide the relevant details in the idrac_2fa.yml file. (Information provided in the Parameter Guide)
Note: 2FA will be enabled on the iDRAC only if SMTP server details are valid and a test email notification is working using SMTP.
LDAP Directory Services: To enable or disable the LDAP directory services, set the ldap_directory_services variable to "enabled" in the idrac_vars.yml
file.
Before executing the idrac_ldap.yml file, you must edit idrac_tools_vars.yml
by running the following command: ansible-vault edit idrac_tools_vars.yml --vault-password-file .idrac_vault_key
.
* Provide the following values in the **idrac_ldap.yml** file.
* To view the `idrac_tools_vars.yml` file, run the following command: `ansible-vault view idrac_tools_vars.yml --vault-password-file .idrac_vault_key`
Note: It is suggested that you use the ansible-vault view or edit commands and that you do not use the ansible-vault decrypt or encrypt commands. If you have used the ansible-vault decrypt or encrypt commands, provide 644 permission to
idrac_tools_vars.yml
.
On the AWX Dashboard, select the respective security requirement playbook and launch the iDRAC template by performing the following steps.