| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183 |
- - name: Include base variable file base_vars.yml
- include_vars: "{{ base_vars_filename }}"
- no_log: true
- - name: Check if omnia_vault_key exists
- stat:
- path: "{{ role_path }}/../../../{{ config_vaultname }}"
- register: vault_key_result
- - name: Create ansible vault key if it does not exist
- set_fact:
- vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
- when: not vault_key_result.stat.exists
- - name: Save vault key
- copy:
- dest: "{{ role_path }}/../../../{{ config_vaultname }}"
- content: |
- {{ vault_key }}
- owner: root
- force: yes
- mode: "{{ vault_file_perm }}"
- when: not vault_key_result.stat.exists
- - name: Check if omnia config file is encrypted
- command: cat {{ role_path }}/../../../{{ config_filename }}
- changed_when: false
- register: config_content
- no_log: True
- - name: Decrpyt omnia_config.yml
- command: >-
- ansible-vault decrypt {{ role_path }}/../../../{{ config_filename }}
-
- when: "'$ANSIBLE_VAULT;' in config_content.stdout"
- - name: Include variable file omnia_config.yml
- include_vars: "{{ role_path }}/../../../{{ config_filename }}"
- no_log: True
- - name: Validate input parameters are not empty
- fail:
- msg: "{{ input_omnia_failure_msg }}"
- register: input_config_check
- when:
- - mariadb_password | length < 1 or
- k8s_version | length < 1 or
- k8s_cni | length < 1 or
- domain_name | length < 1
- - name: Validate login node parameters when login_node_reqd is set to true
- fail:
- msg: "{{ omnia_input_config_failure_msg }}"
- when:
- - ( domain_name | length < 1 or
- realm_name | length < 1 or
- directory_manager_password | length < 1 or
- ipa_admin_password | length < 1 ) and
- ( login_node_required and
- host_mapping_file and
- not enable_security_support)
- - name: Assert mariadb_password
- assert:
- that:
- - mariadb_password | length > min_length | int - 1
- - mariadb_password | length < max_length | int + 1
- - '"-" not in mariadb_password '
- - '"\\" not in mariadb_password '
- - '"\"" not in mariadb_password '
- - " \"'\" not in mariadb_password "
- success_msg: "{{ success_msg_mariadb_password }}"
- fail_msg: "{{ fail_msg_mariadb_password }}"
- - name: Assert kubernetes version
- assert:
- that: "('1.16.7' in k8s_version) or ('1.19.3' in k8s_version)"
- success_msg: "{{ success_msg_k8s_version }}"
- fail_msg: "{{ fail_msg_k8s_version }}"
- - name: Assert kubernetes cni
- assert:
- that: "('calico' in k8s_cni) or ('flannel' in k8s_cni)"
- success_msg: "{{ success_msg_k8s_cni }}"
- fail_msg: "{{ fail_msg_k8s_cni }}"
- - name: Save input variables from file
- set_fact:
- db_password: "{{ mariadb_password }}"
- k8s_version: "{{ k8s_version }}"
- k8s_cni: "{{ k8s_cni }}"
- docker_username: "{{ docker_username }}"
- docker_password: "{{ docker_password }}"
- no_log: True
- - name: Verify the value of login_node_required
- assert:
- that:
- - login_node_required == true or login_node_required == false
- success_msg: "{{ login_node_required_success_msg }}"
- fail_msg: "{{ login_node_required_fail_msg }}"
- - name: Validate the domain name
- assert:
- that:
- - domain_name is regex("^(?!-)[A-Za-z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Za-z]{2,}$")
- success_msg: "{{ domain_name_success_msg }}"
- fail_msg: "{{ domain_name_fail_msg }}"
- when:
- - host_mapping_file
- - login_node_required
- - not enable_security_support
- - name: Validate the realm name
- assert:
- that:
- - realm_name is regex("^(?!-)[A-Z0-9-]+([\\-\\.]{1}[a-z0-9]+)*\\.[A-Z]{2,}$")
- - '"." in realm_name'
- success_msg: "{{ realm_name_success_msg }}"
- fail_msg: "{{ realm_name_fail_msg }}"
- when:
- - host_mapping_file
- - login_node_required
- - not enable_security_support
- - name: Assert directory_manager_password
- assert:
- that:
- - directory_manager_password | length > min_length | int - 1
- - directory_manager_password | length < max_length | int + 1
- - '"-" not in directory_manager_password '
- - '"\\" not in directory_manager_password '
- - '"\"" not in directory_manager_password '
- - " \"'\" not in directory_manager_password "
- success_msg: "{{ success_msg_directory_manager_password }}"
- fail_msg: "{{ fail_msg_directory_manager_password }}"
- when:
- - host_mapping_file
- - login_node_required
- - not enable_security_support
- - name: Assert ipa_admin_password
- assert:
- that:
- - ipa_admin_password | length > min_length | int - 1
- - ipa_admin_password | length < max_length | int + 1
- - '"-" not in ipa_admin_password '
- - '"\\" not in ipa_admin_password '
- - '"\"" not in ipa_admin_password '
- - " \"'\" not in ipa_admin_password "
- success_msg: "{{ success_msg_ipa_admin_password }}"
- fail_msg: "{{ fail_msg_ipa_admin_password }}"
- when:
- - host_mapping_file
- - login_node_required
- - not enable_security_support
- - name: Encrypt input config file
- command: >-
- ansible-vault encrypt {{ role_path }}/../../../{{ config_filename }}
-
- changed_when: false
- - name: Update omnia_config.yml permission
- file:
- path: "{{ role_path }}/../../../{{ config_filename }}"
- mode: "{{ vault_file_perm }}"
|
