RONCC
/
Dell-Omnia-Clusters-HPC-AI


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
							# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
---

- name: Include security variable file security_vars.yml
  include_vars: "{{ security_vars_filename }}"
  no_log: true
  tags: init

- name: Validate input parameters of security vars are not empty
  fail:
    msg: "{{ input_security_failure_msg }}"
  register: input_base_check
  tags: [ validate, security ]
  when:
    - domain_name | length < 1 or
      realm_name | length < 1

- name: Validate the domain name
  assert:
    that:
      - domain_name is regex("^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,}$")
    success_msg: "{{ dom_name_success_msg }}"
    fail_msg: "{{ dom_name_fail_msg }}"
  tags: [ validate, security ]

- name: Validate the realm name
  assert:
    that:
      - realm_name is regex("^(?!-)[A-Z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Z]{2,}$")
      - '"." in realm_name'
    success_msg: "{{ realm_success_msg }}"
    fail_msg: "{{ realm_fail_msg }}"
  tags: [ validate, security ]
  
- name: Fetch the short hostname
  command: hostname -s
  register: short_hostname
  changed_when: false
  tags: [ validate, security ]

- name: Verify the hostname is not blank in hostname
  fail:
    msg: " {{ hostname_blank_msg }}"
  when: short_hostname.stdout | length < 1
  tags: [ validate, security ]

- name: Validate the host name
  assert:
    that:
      - short_hostname.stdout is regex(("^(([a-z]|[a-z][a-z0-9\-]*[a-z0-9])\.)*([a-z]|[a-z][a-z0-9\-]*[a-z0-9])$"))
      - short_hostname.stdout != "localhost"
    success_msg: "{{ server_hostname_success }}"
    fail_msg: "{{ server_hostname_fail }}"
  tags: [ validate, security ]

- name: Fetch the domain name
  command: hostname -d
  register: domain_name_set
  changed_when: false
  tags: [ validate, security ]

- name: Verify the domain name is not blank in hostname
  fail:
    msg: " {{ domain_name_blank_msg }}"
  when: domain_name_set.stdout | length < 1
  tags: [ validate, security ]

- name: Set fact for the domain name in hostname
  set_fact:
    ms_domain_name: "{{ domain_name_set.stdout }}"
  tags: [ validate, security ]

- name: Validate the domain name set on the host
  assert:
    that:
      - domain_name == ms_domain_name
    success_msg: "{{ server_domain_name_success }}"
    fail_msg: "{{ server_domain_name_fail }}"
  tags: [ validate, security ]

- name: Get the hostname
  command: hostname
  register: machine_hostname
  changed_when: false
  tags: [ validate, security ]

- name: Add host name in hosts file
  lineinfile:
    dest: "{{ hosts_file_path }}"
    line: "{{ public_ip }} {{ machine_hostname.stdout }}"
    state: present
    create: yes
    mode: "{{ hosts_file_mode }}"
  tags: [ validate, security ]

- name: Validate max_failures
  assert:
    that:
      - max_failures | int == max_failures_default_value
    success_msg: "{{ max_failures_success_msg }}"
    fail_msg: "{{ max_failures_fail_msg }}"
  tags: [ validate, security ]

- name: Validate failure_reset_interval
  assert:
    that:
      - failure_reset_interval | int
      - failure_reset_interval | int <= failure_reset_interval_max_value
      - failure_reset_interval | int >= failure_reset_interval_min_value
    success_msg: "{{ failure_reset_interval_success_msg }}"
    fail_msg: "{{ failure_reset_interval_fail_msg }}"
  tags: [ validate, security ]

- name: Validate lockout_duration
  assert:
    that:
      - lockout_duration | int
      - lockout_duration | int <= lockout_duration_max_value
      - lockout_duration | int >= lockout_duration_min_value
    success_msg: "{{ lockout_duration_success_msg }}"
    fail_msg: "{{ lockout_duration_fail_msg }}"
  tags: [ validate, security ]

- name: Validate session_timeout
  assert:
    that:
      - session_timeout | int
      - session_timeout | int <= session_timeout_max_value
      - session_timeout | int >= session_timeout_min_value
    success_msg: "{{ session_timeout_success_msg }}"
    fail_msg: "{{ session_timeout_fail_msg }}"
  tags: [ validate, security ]

- name: Validate alert_email_address
  assert:
    that:
      - email_search_key in alert_email_address
      - alert_email_address | length < email_max_length
    success_msg: "{{ alert_email_success_msg }}"
    fail_msg: "{{ alert_email_fail_msg }}"
  tags: [ validate, security ]
  when: alert_email_address | length > 1

- name: Warning - alert_email_address is empty
  debug:
    msg: "{{ alert_email_warning_msg }}"
  tags: security
  when: alert_email_address | length < 1