Dell-Omnia-Clusters-HPC-AI/control_plane/roles/collect_device_info/files/create_inventory.yml

# Copyright 2022 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.​0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---

# This role will not group the devices if user provides invalid credentials

- name: Create inventory in awx
  hosts: device_inventory
  connection: local
  gather_facts: false
  tasks:
    - name: Include collect_device_info vars
      include_vars: "{{ playbook_dir }}/../vars/main.yml"
      run_once: true

    - name: Include variable file base_vars.yml
      include_vars: "{{ base_vars_file }}"
      run_once: true

    - name: Check if tower_config_file file is encrypted
      command: cat "{{ playbook_dir }}/../../webui_awx/files/.tower_cli.cfg"
      changed_when: false
      no_log: true
      register: tower_config_content
      run_once: true

    - name: Decrypt tower_config_file
      command: >-
        ansible-vault decrypt "{{ playbook_dir }}/../../webui_awx/files/.tower_cli.cfg"
        --vault-password-file "{{ playbook_dir }}/../../webui_awx/files/.tower_vault_key"
      changed_when: false
      when: "'$ANSIBLE_VAULT;' in tower_config_content.stdout"
      run_once: true

    - name: Change file permissions
      file:
        path: "{{ playbook_dir }}/../../webui_awx/files/.tower_cli.cfg"
        mode: "{{ file_perm }}"
      run_once: true

    - name: Fetch awx host
      command: grep "host:" "{{ playbook_dir }}/../../webui_awx/files/.tower_cli.cfg"
      register: fetch_awx_host
      changed_when: false
      run_once: true

    - name: Fetch awx username
      command: grep "username:" "{{ playbook_dir }}/../../webui_awx/files/.tower_cli.cfg"
      register: fetch_awx_username
      changed_when: false
      run_once: true
      no_log: true

    - name: Fetch awx password
      command: grep "password:" "{{ playbook_dir }}/../../webui_awx/files/.tower_cli.cfg"
      register: fetch_awx_password
      changed_when: false
      run_once: true
      no_log: true

    - name: Set awx variables
      set_fact:
        awx_host: "{{ fetch_awx_host.stdout | regex_replace('host: ','') }}"
        awx_username: "{{ fetch_awx_username.stdout | regex_replace('username: ','') }}"
        awx_password: "{{ fetch_awx_password.stdout | regex_replace('password: ','') }}"
      no_log: true

    - name: Encrypt tower_config_file
      command: >-
        ansible-vault encrypt "{{ playbook_dir }}/../../webui_awx/files/.tower_cli.cfg"
        --vault-password-file "{{ playbook_dir }}/../../webui_awx/files/.tower_vault_key"
      changed_when: false
      when: "'$ANSIBLE_VAULT;' in tower_config_content.stdout"
      run_once: true

    - name: Change file permissions
      file:
        path: "{{ playbook_dir }}/../../webui_awx/files/.tower_cli.cfg"
        mode: "{{ file_perm }}"
      run_once: true

    - name: Check if {{ login_vars_file }} file is encrypted
      command: cat {{ login_vars_file }}
      changed_when: false
      no_log: true
      register: config_content
      run_once: true

    - name: Decrpyt {{ login_vars_file }}
      command: >-
        ansible-vault decrypt {{ login_vars_file }}
        --vault-password-file {{ login_vault_file }}
      when: "'$ANSIBLE_VAULT;' in config_content.stdout"
      changed_when: false
      run_once: true

    - name: Include variable file {{ login_vars_file }}
      include_vars: "{{ login_vars_file }}"
      no_log: true
      run_once: true

    - name: Encrypt {{ login_vars_file }}
      command: >-
        ansible-vault encrypt {{ login_vars_file }}
        --vault-password-file {{ login_vault_file }}
      changed_when: false
      when: "'$ANSIBLE_VAULT;' in config_content.stdout"
      run_once: true

    - name: Install paramiko
      command: pip3 install paramiko -i http://pypi.douban.com/simple/ --trusted-host pypi.douban.com
      delegate_to: localhost
      run_once: true
      changed_when: false

    - name: Initialize variables
      set_fact:
        idrac_inventory_status: false
        ethernet_inventory_status: false
        ib_inventory_status: false
        powervault_me4_status: false

    - name: idrac_inventory validation tasks
      block:
        - name: Fetch the hosts in idrac_inventory
          command: >-
            awx --conf.host {{ awx_host }} --conf.username {{ awx_username }} --conf.password {{ awx_password }}
            --conf.insecure hosts list --inventory idrac_inventory -f human --filter "name"
          changed_when: false
          no_log: true
          run_once: true
          register: idrac_hosts

        - name: Assert idrac IP
          dellemc.openmanage.idrac_system_info:
            idrac_ip: "{{ inventory_hostname }}"
            idrac_user: "{{ idrac_username }}"
            idrac_password: "{{ idrac_password }}"
          register: idrac_info
          when: inventory_hostname not in idrac_hosts.stdout

        - name: Set idrac_inventory_status
          set_fact:
            idrac_inventory_status: true
          when:
            - inventory_hostname not in idrac_hosts.stdout
            - idrac_search_key in idrac_info.system_info.iDRAC[0].ProductInfo
      rescue:
        - name: Failed while adding device to idrac_inventory
          debug:
            msg: "{{ idrac_inventory_fail_msg }}"
      when: not idrac_inventory_status

    - name: Add host to awx idrac_inventory
      block:
        - name: Add the host to awx idrac_inventory if not present
          command: >-
            awx --conf.host {{ awx_host }} --conf.username {{ awx_username }} --conf.password {{ awx_password }}
            --conf.insecure hosts create --name {{ inventory_hostname }} --inventory idrac_inventory
          changed_when: true
          no_log: true
      rescue:
        - name: Failed while adding device to idrac_inventory
          debug:
            msg: "{{ idrac_inventory_fail_msg }}"
      when: idrac_inventory_status

    - name: ethernet_inventory validation tasks
      block:
        - name: Fetch the hosts in ethernet inventory
          command: >-
            awx --conf.host {{ awx_host }} --conf.username {{ awx_username }} --conf.password {{ awx_password }}
            --conf.insecure hosts list --inventory ethernet_inventory -f human --filter "name"
          changed_when: false
          no_log: true
          register: ethernet_switches

        - name: Assert ethernet switch
          dellos10_command:
            provider:
              host: "{{ inventory_hostname }}"
              username: "{{ ethernet_switch_username }}"
              password: "{{ ethernet_switch_password }}"
            commands: ['show version']
          when: inventory_hostname not in ethernet_switches.stdout
          register: dellswitch_info
          no_log: true

        - name: Set ethernet_inventory_status
          set_fact:
            ethernet_inventory_status: true
          when:
            - inventory_hostname not in ethernet_switches.stdout
            - dellswitch_info.stdout | regex_search(ethernet_search_key)
      rescue:
        - name: Failed while adding device to ethernet_inventory
          debug:
            msg: "{{ ethernet_inventory_fail_msg }}"
      when:
        - not idrac_inventory_status
        - not ethernet_inventory_status
        - inventory_hostname not in idrac_hosts.stdout

    - name: Add the host to awx ethernet inventory
      block:
        - name: Add the host to awx ethernet inventory if not present
          command: >-
            awx --conf.host {{ awx_host }} --conf.username {{ awx_username }} --conf.password {{ awx_password }}
            --conf.insecure hosts create --name {{ inventory_hostname }} --inventory ethernet_inventory
          changed_when: true
          no_log: true
      rescue:
        - name: Failed while adding device to ethernet_inventory
          debug:
            msg: "{{ ethernet_inventory_fail_msg }}"
      when: ethernet_inventory_status

    - name: ib_inventory validation tasks
      block:
        - name: Fetch the hosts in infiniband inventory
          command: >-
            awx --conf.host {{ awx_host }} --conf.username {{ awx_username }} --conf.password {{ awx_password }}
            --conf.insecure hosts list --inventory infiniband_inventory -f human --filter "name"
          changed_when: false
          no_log: true
          register: infiniband_switches

        - name: Authenticate infiniband Switch
          uri:
            url: http://{{ inventory_hostname }}/admin/launch?script=rh&template=login&action=login
            method: POST
            body_format: form-urlencoded
            body:
              f_user_id: "{{ ib_username }}"
              f_password: "{{ ib_password }}"
              enter: Sign in
            status_code: "{{ infiniband_status_code }}"
          no_log: true
          register: login
          when: inventory_hostname not in infiniband_switches.stdout

        - name: Assert infiniband switch
          uri:
            url: http://{{ inventory_hostname }}/admin/launch?script=json
            method: POST
            body_format: json
            headers:
              Cookie: "{{ login.set_cookie.split(';')[0] }}"
            body:
              {
              "commands":
              [
                "show version"
              ]
              }
          register: infinibandswitch_info
          when:
            - inventory_hostname not in infiniband_switches.stdout
            - not login.failed

        - name: Set ib_inventory_status
          set_fact:
            ib_inventory_status: true
          when:
            - inventory_hostname not in infiniband_switches.stdout
            - not login.failed
            - (infinibandswitch_info.json.results is defined and infinibandswitch_info.json.results[0].data['Product name'] == infiniband_search_key) or (infinibandswitch_info.json.data is defined and infinibandswitch_info.json.data['Product name'] == infiniband_search_key)
      rescue:
        - name: Failed while adding device to ib_inventory
          debug:
            msg: "{{ ib_inventory_fail_msg }}"
      when:
        - not idrac_inventory_status
        - not ethernet_inventory_status
        - not ib_inventory_status
        - inventory_hostname not in idrac_hosts.stdout

    - name: Add the host to awx infiniband_inventory
      block:
        - name: Add the host to awx infiniband_inventory if not present
          command: >-
            awx --conf.host {{ awx_host }} --conf.username {{ awx_username }} --conf.password {{ awx_password }}
            --conf.insecure hosts create --name {{ inventory_hostname }} --inventory infiniband_inventory
          changed_when: true
          no_log: true
      rescue:
        - name: Failed while adding device to ib_inventory
          debug:
            msg: "{{ ib_inventory_fail_msg }}"
      when: ib_inventory_status

    - name: powervault_me4_inventory validation tasks
      block:
        - name: Fetch the hosts in powervault me4 inventory
          command: >-
            awx --conf.host {{ awx_host }} --conf.username {{ awx_username }} --conf.password {{ awx_password }}
            --conf.insecure hosts list --inventory powervault_me4_inventory -f human --filter "name"
          changed_when: false
          no_log: true
          register: me4_storage

        - name: Get auth string for powervault
          shell: echo -n {{ powervault_me4_username }}_{{ powervault_me4_password }} | sha256sum
          changed_when: false
          register: auth_string
          no_log: true
          when: inventory_hostname not in me4_storage.stdout

        - name: Get session key for powervault
          uri:
            url: https://{{ inventory_hostname }}/api/login/{{ auth_string.stdout | replace(" -", "") }}
            method: GET
            headers:
              {'datatype': 'json'}
            validate_certs: no
          register: session_key
          when: inventory_hostname not in me4_storage.stdout

        - name: Assert me4_powervault
          uri:
            url: https://{{ inventory_hostname }}/api/show/system
            method: GET
            body_format: json
            validate_certs: no
            use_proxy: no
            headers:
              {'sessionKey': "{{ session_key.json.status[0].response }}", 'datatype':'json'}
          register: system_info
          when: inventory_hostname not in me4_storage.stdout

        - name: Set powervault_me4_status
          set_fact:
            powervault_me4_status: true
          when:
            - inventory_hostname not in me4_storage.stdout
            - me4_powervault_search_key in system_info.json.system[0]['scsi-product-id']
      rescue:
        - name: Failed while adding device to powervault_me4_inventory
          debug:
            msg: "{{ powervault_me4_fail_msg }}"
      when:
        - not idrac_inventory_status
        - not ethernet_inventory_status
        - not ib_inventory_status
        - not powervault_me4_status
        - inventory_hostname not in idrac_hosts.stdout

    - name: Add the host to awx powervault_me4_inventory
      block:
        - name: Add the host to awx powervault_me4_inventory if not present
          command: >-
            awx --conf.host {{ awx_host }} --conf.username {{ awx_username }} --conf.password {{ awx_password }}
            --conf.insecure hosts create --name {{ inventory_hostname }} --inventory powervault_me4_inventory
          changed_when: true
          no_log: true
      rescue:
        - name: Failed while adding device to powervault_me4_inventory
          debug:
            msg: "{{ powervault_me4_fail_msg }}"
      when: powervault_me4_status