RONCC
/
Dell-Omnia-Clusters-HPC-AI


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236
							# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
---

- name: Check login_vars file is encrypted
  command: cat {{ login_vars_filename }}
  changed_when: false
  register: config_content

- name: Decrpyt login_vars.yml
  command: >-
    ansible-vault decrypt {{ login_vars_filename }}
    --vault-password-file {{ vault_filename }}
  changed_when: false
  when: "'$ANSIBLE_VAULT;' in config_content.stdout"

- name: Include variable file login_vars.yml
  include_vars: "{{ login_vars_filename }}"
  no_log: true

- name: Validate input parameters are not empty
  fail:
    msg: "{{ input_config_failure_msg }}"
  register: input_config_check
  when:
    - provision_password | length < 1 or
      cobbler_password | length < 1 or      
      idrac_username | length < 1 or
      idrac_password | length < 1      

- name: Assert provision_password
  assert:
    that:
      - provision_password | length > min_length | int - 1
      - provision_password | length < max_length | int + 1
      - '"-" not in provision_password '
      - '"\\" not in provision_password '
      - '"\"" not in provision_password '
      - " \"'\" not in provision_password "
    success_msg: "{{ success_msg_provision_password }}"
    fail_msg: "{{ fail_msg_provision_password }}"
  no_log: true
  register: provision_password_check

- name: Assert cobbler_password
  assert:
    that:
      - cobbler_password | length > min_length | int - 1
      - cobbler_password | length < max_length | int + 1
      - '"-" not in cobbler_password '
      - '"\\" not in cobbler_password '
      - '"\"" not in cobbler_password '
      - " \"'\" not in cobbler_password "
    success_msg: "{{ success_msg_cobbler_password }}"
    fail_msg: "{{ fail_msg_cobbler_password }}"
  no_log: true
  register: cobbler_password_check

- name: Assert idrac_username
  assert:
    that:
      - idrac_username | length >= min_username_length
      - idrac_username | length < max_length
      - '"-" not in idrac_username '
      - '"\\" not in idrac_username '
      - '"\"" not in idrac_username '
      - " \"'\" not in idrac_username "
    success_msg: "{{ success_idrac_username }}"
    fail_msg: "{{ fail_idrac_username }}"
  no_log: true

- name: Assert idrac_password
  assert:
    that:
      - idrac_password | length > min_username_length | int - 1
      - idrac_password | length < max_length | int + 1
      - '"-" not in idrac_password '
      - '"\\" not in idrac_password '
      - '"\"" not in idrac_password '
      - " \"'\" not in idrac_password "
    success_msg: "{{ success_msg_idrac_password }}"
    fail_msg: "{{ fail_msg_idrac_password }}"
  no_log: true
  register: idrac_password_check

- name: Assert docker_username and docker_password
  assert:
    that:
      - docker_username | length > min_length | int - 1
      - docker_username | length < max_length | int + 1
      - docker_password | length > min_length | int - 1
      - docker_password | length < max_length | int + 1
    success_msg: "{{ success_msg_docker_credentials }}"
    fail_msg: "{{ fail_msg_docker_credentials }}"
  when: docker_username or docker_password
  no_log: true

- name: Verify ethernet_switch_username and ethernet_switch_password are not empty
  assert:
    that:
      - ethernet_switch_username | length > 0
      - ethernet_switch_password | length > 0
    success_msg: "{{ ethernet_params_success_msg }}"
    fail_msg: "{{ ethernet_params_empty_fail_msg }}"
  when: ethernet_switch_support

- name: Assert ethernet_switch_username
  assert:
    that:
      - ethernet_switch_username | length >= min_username_length
      - ethernet_switch_username | length < max_length
      - '"-" not in ethernet_switch_username '
      - '"\\" not in ethernet_switch_username '
      - '"\"" not in ethernet_switch_username '
      - " \"'\" not in ethernet_switch_username "
    success_msg: "{{ success_ethernet_switch_username }}"
    fail_msg: "{{ fail_ethernet_switch_username }}"
  when: ethernet_switch_support

- name: Assert ethernet_switch_password
  assert:
    that:
      - ethernet_switch_password | length > min_username_length | int - 1
      - ethernet_switch_password | length < max_length | int + 1
      - '"-" not in ethernet_switch_password '
      - '"\\" not in ethernet_switch_password '
      - '"\"" not in ethernet_switch_password '
      - " \"'\" not in ethernet_switch_password "
    success_msg: "{{ success_msg_ethernet_switch_password }}"
    fail_msg: "{{ fail_msg_ethernet_switch_password }}"
  when: ethernet_switch_support
  no_log: true

- name: Verify ib_username and ib_password are not empty
  assert:
    that:
      - ib_username | length > 0
      - ib_password | length > 0
    success_msg: "{{ ib_params_success_msg }}"
    fail_msg: "{{ ib_params_empty_fail_msg }}"
  when: ib_switch_support

- name: Assert ib_username
  assert:
    that:
      - ib_username | length >= min_username_length
      - ib_username | length < max_length
      - '"-" not in ib_username '
      - '"\\" not in ib_username '
      - '"\"" not in ib_username '
      - " \"'\" not in ib_username "
    success_msg: "{{ success_ib_username }}"
    fail_msg: "{{ fail_ib_username }}"
  when: ib_switch_support

- name: Assert ib_password
  assert:
    that:
      - ib_password | length > min_username_length | int - 1
      - ib_password | length < max_length | int + 1
      - '"-" not in ib_password '
      - '"\\" not in ib_password '
      - '"\"" not in ib_password '
      - " \"'\" not in ib_password "
    success_msg: "{{ success_msg_ib_password }}"
    fail_msg: "{{ fail_msg_ib_password }}"
  when: ib_switch_support
  no_log: true

- name: Verify powervault_me4_username and powervault_me4_password are not empty
  assert:
    that:
      - powervault_me4_username | length > 0
      - powervault_me4_password | length > 0
    success_msg: "{{ pv_params_success_msg }}"
    fail_msg: "{{ pv_params_empty_fail_msg }}"
  when: powervault_support

- name: Assert powervault_me4_username
  assert:
    that:
      - powervault_me4_username | length >= min_username_length
      - powervault_me4_username | length < max_length
      - '"-" not in powervault_me4_username '
      - '"\\" not in powervault_me4_username '
      - '"\"" not in powervault_me4_username '
      - " \"'\" not in powervault_me4_username "
    success_msg: "{{ success_powervault_me4_username }}"
    fail_msg: "{{ fail_powervault_me4_username }}"
  when: powervault_support

- name: Assert powervault_me4_password
  assert:
    that:
      - powervault_me4_password | length > min_username_length | int - 1
      - powervault_me4_password | length < max_length | int + 1
      - '"-" not in powervault_me4_password '
      - '"\\" not in powervault_me4_password '
      - '"\"" not in powervault_me4_password '
      - " \"'\" not in powervault_me4_password "
    success_msg: "{{ success_msg_powervault_me4_password }}"
    fail_msg: "{{ fail_msg_powervault_me4_password }}"
  when: powervault_support
  no_log: true

- name: Create ansible vault key
  set_fact:
    vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"

- name: Save vault key
  copy:
    dest: "{{ vault_filename }}"
    content: |
      {{ vault_key }}
    owner: root
    force: yes
    mode: "{{ vault_file_perm }}"
  when: "'$ANSIBLE_VAULT;' not in config_content.stdout"

- name: Encrypt input config file
  command: >-
    ansible-vault encrypt {{ login_vars_filename }}
    --vault-password-file {{ vault_filename }}
  changed_when: false