diff --git a/control_plane/roles/deploy_job_templates/tasks/group_inventory.yml b/control_plane/roles/deploy_job_templates/tasks/group_inventory.yml new file mode 100644 index 0000000000..b3403720b3 --- /dev/null +++ b/control_plane/roles/deploy_job_templates/tasks/group_inventory.yml @@ -0,0 +1,32 @@ +# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Get the hosts in node_inventory + command: >- + awx --conf.host {{ awx_host }} --conf.username {{ awx_admin_user }} --conf.password {{ awx_password }} + --conf.insecure hosts list --inventory {{ node_inventory }} -f human --filter "name" + changed_when: false + no_log: true + register: hosts_list + +- name: Add the host to the group in node_inventory if present + awx.awx.tower_group: + name: "{{ item.split(',')[3] }}" + inventory: "{{ node_inventory }}" + hosts: + - "{{ item.split(',')[2] }}" + tower_config_file: "{{ tower_config_file }}" + when: + - item.split(',')[2] != "IP" + - item.split(',')[2] in hosts_list.stdout \ No newline at end of file diff --git a/control_plane/roles/deploy_job_templates/tasks/main.yml b/control_plane/roles/deploy_job_templates/tasks/main.yml new file mode 100644 index 0000000000..5a5c606169 --- /dev/null +++ b/control_plane/roles/deploy_job_templates/tasks/main.yml @@ -0,0 +1,232 @@ +# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +- name: Check if {{ tower_config_file }} file is encrypted + command: cat {{ tower_config_file }} + changed_when: false + no_log: true + register: config_content + +- name: Decrpyt {{ tower_config_file }} + command: >- + ansible-vault decrypt {{ tower_config_file }} + --vault-password-file {{ tower_vault_file }} + when: "'$ANSIBLE_VAULT;' in config_content.stdout" + changed_when: false + +- name: Change file permissions + file: + path: "{{ tower_config_file }}" + mode: "{{ file_perm }}" + +- name: Fetch awx host + command: grep "host:" "{{ tower_config_file }}" + changed_when: false + register: fetch_awx_host + +- name: Fetch awx password + command: grep "password:" "{{ tower_config_file }}" + changed_when: false + no_log: true + register: fetch_awx_password + +- name: Set awx variables + set_fact: + awx_host: "{{ fetch_awx_host.stdout | regex_replace('host: ','') }}" + awx_password: "{{ fetch_awx_password.stdout | regex_replace('password: ','') }}" + no_log: true + +- name: Launch dynamic inventory + block: + - name: Launch device inventory job template + awx.awx.tower_job_launch: + job_template: "{{ device_inventory_template }}" + tower_config_file: "{{ tower_config_file }}" + wait: yes + timeout: "{{ awx_max_wait_time }}" + register: inventory_job_status + rescue: + - name: Restart awx pod + command: kubectl rollout restart deployment awx -n awx + changed_when: false + when: + - inventory_job_status.status is defined + - '"pending" in inventory_job_status.status' + + - name: Wait for the awx pod to be up and running + wait_for: + timeout: "{{ pod_restart_time }}" + when: + - inventory_job_status.status is defined + - '"pending" in inventory_job_status.status' + + - name: Launch device inventory job template + awx.awx.tower_job_launch: + job_template: "{{ device_inventory_template }}" + tower_config_file: "{{ tower_config_file }}" + wait: yes + timeout: "{{ awx_max_wait_time }}" + when: + - inventory_job_status.status is defined + - '"pending" in inventory_job_status.status' + + - name: Warning message for device inventory template + debug: + msg: "{{ device_inventory_template_warn_msg }}" + when: + - inventory_job_status.status is defined + - '"pending" not in inventory_job_status.status' + +- name: Configure TOR Switches + block: + - name: Launch ethernet job template for TOR switches + awx.awx.tower_job_launch: + job_template: "{{ ethernet_job_template }}" + tower_config_file: "{{ tower_config_file }}" + wait: yes + timeout: "{{ awx_max_wait_time }}" + register: ethernet_job_status + rescue: + - name: Warning message for ethernet template + debug: + msg: "{{ ethernet_template_warn_msg }}" + when: ethernet_switch_support + +- name: Wait for 15 mins for DHCP to assign IP to devices + wait_for: + timeout: "{{ dhcp_wait_time }}" + +- name: Launch device inventory job template + awx.awx.tower_job_launch: + job_template: "{{ device_inventory_template }}" + tower_config_file: "{{ tower_config_file }}" + wait: yes + timeout: "{{ awx_max_wait_time }}" + register: inventory_job_status + +- name: Execute ethernet template + block: + - name: Launch ethernet job template for all switches + awx.awx.tower_job_launch: + job_template: "{{ ethernet_job_template }}" + tower_config_file: "{{ tower_config_file }}" + wait: yes + timeout: "{{ awx_max_wait_time }}" + register: ethernet_job_status + rescue: + - name: Warning message for ethernet template + debug: + msg: "{{ ethernet_template_warn_msg }}" + when: ethernet_switch_support + +- name: Execute infiniband template + block: + - name: Launch infiniband job template + awx.awx.tower_job_launch: + job_template: "{{ infiniband_job_template }}" + tower_config_file: "{{ tower_config_file }}" + wait: yes + timeout: "{{ awx_max_wait_time }}" + register: ib_job_status + rescue: + - name: Warning message for infiniband template + debug: + msg: "{{ infiniband_template_warn_msg }}" + when: ib_switch_support + +- name: Execute powervault_me4 template + block: + - name: Launch powervault_me4 job template + awx.awx.tower_job_launch: + job_template: "{{ powervault_me4_job_template }}" + tower_config_file: "{{ tower_config_file }}" + wait: yes + timeout: "{{ awx_max_wait_time }}" + register: powervault_job_status + rescue: + - name: Warning message for powervault_me4 template + debug: + msg: "{{ powervault_template_warn_msg }}" + when: powervault_support + +- name: Execute idrac template + block: + - name: Launch idrac job template + awx.awx.tower_job_launch: + job_template: "{{ idrac_job_template }}" + tower_config_file: "{{ tower_config_file }}" + wait: yes + register: idrac_job_status + rescue: + - name: Warning message for idrac template + debug: + msg: "{{ idrac_template_warn_msg }}" + +- name: Wait for 30 mins for idrac provisioning to be completed and inventory to be updated in AWX + wait_for: + timeout: "{{ provisioning_wait_time }}" + when: host_mapping_file + +- name: Check the host_mapping_file_path output + command: cat {{ host_mapping_file_path }} + changed_when: false + register: mapping_file + when: host_mapping_file + +- name: Group the hosts in node_inventory when mapping file is present + include_tasks: "{{ role_path }}/tasks/group_inventory.yml" + with_items: "{{ mapping_file.stdout_lines }}" + when: host_mapping_file and component_role_support + +- name: Launch deploy_omnia job template + awx.awx.tower_job_launch: + job_template: "{{ component_role_job_template }}" + tower_config_file: "{{ tower_config_file }}" + wait: yes + register: component_role_job_status + when: host_mapping_file and component_role_support + +- name: Create awx job template for configuring new devices + awx.awx.tower_job_template: + name: "{{ item.name }}" + job_type: "run" + organization: "{{ awx_organization }}" + inventory: "{{ item.inventory }}" + project: "{{ project_name }}" + playbook: "{{ item.playbook }}" + credentials: + - "{{ item.credential }}" + state: present + tower_config_file: "{{ tower_config_file }}" + loop: "{{ job_template_details }}" + +- name: Build a schedule for configure new devices + awx.awx.tower_schedule: + name: "{{ item.name }}" + unified_job_template: "{{ item.template }}" + rrule: "{{ item.rrule }}" + state: present + tower_config_file: "{{ tower_config_file }}" + loop: "{{ scheduled_template }}" + +- name: Encrypt {{ tower_config_file }} + command: >- + ansible-vault encrypt {{ tower_config_file }} + --vault-password-file {{ tower_vault_file }} + changed_when: false + +- name: Change file permissions + file: + path: "{{ tower_config_file }}" + mode: "{{ file_perm }}" \ No newline at end of file diff --git a/control_plane/roles/deploy_job_templates/vars/main.yml b/control_plane/roles/deploy_job_templates/vars/main.yml new file mode 100644 index 0000000000..dc64304d9e --- /dev/null +++ b/control_plane/roles/deploy_job_templates/vars/main.yml @@ -0,0 +1,44 @@ +# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +base_vars_file: "{{ role_path }}/../../input_params/base_vars.yml" +awx_namespace: awx +awx_admin_user: admin +awx_port: 8052 +tower_config_file: "{{ role_path }}/../../roles/webui_awx/files/.tower_cli.cfg" +tower_vault_file: "{{ role_path }}/../../roles/webui_awx/files/.tower_vault_key" +ethernet_inventory: "ethernet_inventory" +node_inventory: "node_inventory" +device_inventory_template: "device_inventory_job" +idrac_job_template: "idrac_template" +ethernet_job_template: "ethernet_template" +infiniband_job_template: "infiniband_template" +powervault_me4_job_template: "powervault_me4_template" +component_role_job_template: "deploy_omnia_template" +job_execution_success_msg: "Job execution is successful" +job_execution_failure_msg: "Job execution is failed!" +device_inventory_template_warn_msg: "Device inventory template execution didn't exit successfully. Detailed output can be viewed on AWX UI" +ethernet_template_warn_msg: "Ethernet template execution didn't exit successfully. Detailed output can be viewed on AWX UI" +infiniband_template_warn_msg: "Infiniband template execution didn't exit successfully. Detailed output can be viewed on AWX UI" +powervault_template_warn_msg: "Powervault_me4 template execution didn't exit successfully. Detailed output can be viewed on AWX UI" +idrac_template_warn_msg: "idrac template execution didn't exit successfully. Detailed output can be viewed on AWX UI" +provisioning_wait_time: 1800 +dhcp_wait_time: 900 +awx_max_wait_time: 900 +pod_restart_time: 90 +project_name: 'omnia' +job_template_details: + - { name: configure_new_devices_job, inventory: idrac_inventory, playbook: control_plane/tools/configure_new_devices.yml, credential: idrac_credential } +scheduled_template: + - { name: ConfigureNewDeviceSchedule, template: configure_new_devices_job, rrule: "DTSTART:20210729T063000Z RRULE:FREQ=DAILY;INTERVAL=1" } \ No newline at end of file diff --git a/control_plane/roles/webui_awx/files/awx_ee.yml b/control_plane/roles/webui_awx/files/awx_ee.yml index 12fb8f547c..05cbf1f4ba 100644 --- a/control_plane/roles/webui_awx/files/awx_ee.yml +++ b/control_plane/roles/webui_awx/files/awx_ee.yml @@ -5,14 +5,16 @@ USER root # add Ansible galaxy dependencies ADD requirements.yml /tmp/requirements.yml -# install omsdk -RUN pip install omsdk --upgrade +# install packages +RUN pip install --upgrade \ +omsdk \ +netaddr # install Ansible Galaxy collections RUN ansible-galaxy collection install -r /tmp/requirements.yml --collections-path /usr/share/ansible/collections # add certificates RUN update-ca-trust force-enable -RUN chmod -R 0777 /usr/share/ansible/collections +RUN chmod -R 0777 /usr/share/ansible/collections USER 1000 \ No newline at end of file diff --git a/control_plane/roles/webui_awx/tasks/awx_configuration.yml b/control_plane/roles/webui_awx/tasks/awx_configuration.yml index 0cb2dd8548..65334c2081 100644 --- a/control_plane/roles/webui_awx/tasks/awx_configuration.yml +++ b/control_plane/roles/webui_awx/tasks/awx_configuration.yml @@ -12,6 +12,20 @@ # See the License for the specific language governing permissions and # limitations under the License. --- +- name: Check if {{ tower_config_file }} file is encrypted + command: cat {{ tower_config_file }} + changed_when: false + no_log: true + register: config_content + run_once: true + +- name: Decrpyt {{ tower_config_file }} + command: >- + ansible-vault decrypt {{ tower_config_file }} + --vault-password-file {{ tower_vault_file }} + when: "'$ANSIBLE_VAULT;' in config_content.stdout" + changed_when: false + run_once: true # Deleting the defaults - name: Delete machine credential @@ -19,25 +33,29 @@ name: "{{ default_credential }}" credential_type: "{{ default_credential_type }}" state: absent - tower_config_file: "~/.tower_cli.cfg" + tower_config_file: "{{ tower_config_file }}" + register: delete_credential + until: not delete_credential.failed + retries: "{{ max_retries }}" + delay: "{{ max_delay }}" - name: Delete job template awx.awx.tower_job_template: name: "{{ default_template }}" state: absent - tower_config_file: "~/.tower_cli.cfg" + tower_config_file: "{{ tower_config_file }}" - name: Delete project awx.awx.tower_project: name: "{{ default_project }}" state: absent - tower_config_file: "~/.tower_cli.cfg" + tower_config_file: "{{ tower_config_file }}" - name: Delete organization awx.awx.tower_organization: name: "{{ default_org }}" state: absent - tower_config_file: "~/.tower_cli.cfg" + tower_config_file: "{{ tower_config_file }}" # Configuration begins - name: Create organization @@ -45,7 +63,7 @@ name: "{{ awx_organization }}" description: "Name of organization using this product" state: present - tower_config_file: "~/.tower_cli.cfg" + tower_config_file: "{{ tower_config_file }}" - name: Create awx inventories awx.awx.tower_inventory: @@ -53,7 +71,7 @@ description: "{{ item.description }}" organization: "{{ awx_organization }}" state: present - tower_config_file: "~/.tower_cli.cfg" + tower_config_file: "{{ tower_config_file }}" loop: "{{ inventory_names }}" when: item.flag @@ -63,7 +81,7 @@ description: "{{ item.description }}" inventory: "node_inventory" state: present - tower_config_file: "~/.tower_cli.cfg" + tower_config_file: "{{ tower_config_file }}" loop: "{{ group_names }}" - name: Add project @@ -73,9 +91,9 @@ organization: "{{ awx_organization }}" scm_type: manual local_path: "{{ role_path.split('/')[-4] }}" - default_environment: "custom-awx-ee" + default_environment: custom-awx-ee state: present - tower_config_file: "~/.tower_cli.cfg" + tower_config_file: "{{ tower_config_file }}" - name: Add awx credentials awx.awx.tower_credential: @@ -86,12 +104,13 @@ username: "{{ item.username }}" password: "{{ item.password }}" state: present - tower_config_file: "~/.tower_cli.cfg" + tower_config_file: "{{ tower_config_file }}" loop: "{{ credential_details }}" + no_log: true changed_when: true when: item.flag -- name: Create awx job templates +- name: Create awx job templates for network devices, inventories, storage and idrac awx.awx.tower_job_template: name: "{{ item.name }}" job_type: "run" @@ -102,11 +121,11 @@ credentials: - "{{ item.credential }}" state: present - tower_config_file: "~/.tower_cli.cfg" + tower_config_file: "{{ tower_config_file }}" loop: "{{ job_template_details }}" when: item.flag -- name: Create deploy_omnia_template +- name: Create awx job template for deploying omnia awx.awx.tower_job_template: name: "{{ item.name }}" job_type: "run" @@ -114,19 +133,30 @@ inventory: "{{ item.inventory }}" project: "{{ project_name }}" playbook: "{{ item.playbook }}" + ask_skip_tags_on_launch: true credentials: - "{{ item.credential }}" - ask_skip_tags_on_launch: true state: present - tower_config_file: "~/.tower_cli.cfg" - loop: "{{ deploy_omnia_details }}" + tower_config_file: "{{ tower_config_file }}" + loop: "{{ omnia_job_template_details }}" - name: Build a schedule for idrac job template awx.awx.tower_schedule: name: "{{ item.name }}" unified_job_template: "{{ item.template }}" - rrule: "{{ schedule_rule }}" + rrule: "{{ item.schedule_rule }}" state: present - tower_config_file: "~/.tower_cli.cfg" + tower_config_file: "{{ tower_config_file }}" register: result - loop: "{{ scheduled_templates}}" \ No newline at end of file + loop: "{{ scheduled_templates }}" + +- name: Encrypt {{ tower_config_file }} + command: >- + ansible-vault encrypt {{ tower_config_file }} + --vault-password-file {{ tower_vault_file }} + changed_when: false + +- name: Change file permissions + file: + path: "{{ tower_config_file }}" + mode: "{{ file_perm }}" \ No newline at end of file diff --git a/control_plane/roles/webui_awx/tasks/configure_settings.yml b/control_plane/roles/webui_awx/tasks/configure_settings.yml index 860d35399f..86add7a5d7 100644 --- a/control_plane/roles/webui_awx/tasks/configure_settings.yml +++ b/control_plane/roles/webui_awx/tasks/configure_settings.yml @@ -12,60 +12,125 @@ # See the License for the specific language governing permissions and # limitations under the License. --- - # Get Current AWX configuration +- name: Get the awx services + command: "kubectl get svc -n {{ awx_namespace }}" + changed_when: false + register: awx_services + +- name: Expose the service for awx deployment on 8052 port + command: "kubectl expose deployment awx --type=NodePort --name={{ awx_service_name }} --port={{ awx_port }} -n {{ awx_namespace }}" + changed_when: false + when: awx_service_name not in awx_services.stdout + - name: Get awx-service Cluster-IP - command: "kubectl get svc awx-service -n {{ awx_namespace }} -o jsonpath='{.spec.clusterIP}'" + command: "kubectl get svc {{ awx_service_name }} -n {{ awx_namespace }} -o jsonpath='{.spec.clusterIP}'" register: awx_cluster_ip changed_when: false - name: Get AWX admin password - shell: "kubectl get secret awx-admin-password -n {{ awx_namespace }} -o jsonpath='{.data.password}' | base64 --decode" + shell: > + set -o pipefail && \ + kubectl get secret awx-admin-password -n {{ awx_namespace }} -o jsonpath='{.data.password}' | base64 --decode register: awx_admin_password changed_when: false - name: Check if config file exists stat: - path: "~/.tower_cli.cfg" - register: config_file_status + path: "{{ tower_config_file }}" + register: config_file -- name: Create config file +- name: Create tower config file copy: - dest: "~/.tower_cli.cfg" + dest: "{{ tower_config_file }}" content: | [general] - host: http://{{ awx_cluster_ip.stdout }} + host: http://{{ awx_cluster_ip.stdout }}:{{ awx_port }} username: admin password: {{ awx_admin_password.stdout }} verify_ssl: false use_token: false owner: root mode: "{{ file_perm }}" + when: not config_file.stat.exists + +- name: Check if tower_vault_key exists + stat: + path: "{{ tower_vault_file }}" + register: tower_vault + +- name: Create ansible vault key if it does not exist + set_fact: + tower_vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}" + when: not tower_vault.stat.exists + +- name: Save vault key + copy: + dest: "{{ tower_vault_file }}" + content: | + {{ tower_vault_key }} + owner: root + force: yes + mode: "{{ vault_file_perm }}" + when: not tower_vault.stat.exists + +- name: Check if {{ tower_config_file }} file is encrypted + command: cat {{ tower_config_file }} + changed_when: false + no_log: true + register: config_content + run_once: true + +- name: Encrypt {{ tower_config_file }} + command: >- + ansible-vault encrypt {{ tower_config_file }} + --vault-password-file {{ tower_vault_file }} + changed_when: false + when: "'$ANSIBLE_VAULT;' not in config_content.stdout" + run_once: true + +- name: Change file permissions + file: + path: "{{ tower_config_file }}" + mode: "{{ file_perm }}" + +- name: Open awx TCP ports on the firewall + firewalld: + port: "{{ item }}/tcp" + permanent: yes + state: enabled + with_items: "{{ awx_tcp_ports }}" + +- name: Masquerade the firewall + firewalld: + masquerade: yes + permanent: yes + state: enabled + zone: public -- name: Stop and disable firewalld - service: +- name: Reload firewalld service + systemd: name: firewalld - state: stopped - enabled: no + state: reloaded - name: Waiting for the AWX UI to be up uri: - url: "http://{{ awx_cluster_ip.stdout }}" + url: "http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}" status_code: "{{ return_status }}" register: display until: display.status == 200 - retries: 20 - delay: 15 + retries: "{{ max_retries }}" + delay: "{{ max_delay }}" changed_when: false - name: Waiting for the AWX UI to be in running state uri: - url: "http://{{ awx_cluster_ip.stdout }}" + url: "http://{{ awx_cluster_ip.stdout }}:{{ awx_port }}" status_code: "{{ return_status }}" return_content: true register: display until: awx_ui_msg not in display.content - retries: 20 - delay: 15 + retries: "{{ max_retries }}" + delay: "{{ max_delay }}" changed_when: false \ No newline at end of file diff --git a/control_plane/roles/webui_awx/tasks/install_awx.yml b/control_plane/roles/webui_awx/tasks/install_awx.yml index b780a7867a..89126f401d 100644 --- a/control_plane/roles/webui_awx/tasks/install_awx.yml +++ b/control_plane/roles/webui_awx/tasks/install_awx.yml @@ -62,13 +62,13 @@ changed_when: false register: docker_images -- name: Build the custom-awx-ee image from the docker file +- name: Build the custom-awx-ee image from the docker file (It may take 5-10min) command: "buildah bud -t custom-awx-ee {{ awx_ee_docker_file }}" changed_when: false when: "'custom-awx-ee' not in docker_images.stdout" - name: Waiting for awx-operator deployment to be up and running - shell: "kubectl wait --for=condition=available deployment/awx-operator -n {{ awx_namespace }} --timeout=600s" + command: kubectl wait --for=condition=available deployment awx-operator -n {{ awx_namespace }} --timeout=600s changed_when: false - name: Deploy awx @@ -91,6 +91,13 @@ timeout: "{{ awx_wait_time }}" when: not k8s_pods.stdout | regex_search('awx-([A-Za-z0-9]{10})-([A-Za-z0-9]{5})') -- name: Waiting for awx deployment to be up and running - shell: "kubectl wait --for=condition=available deployment/awx -n {{ awx_namespace }} --timeout=1200s" - changed_when: false \ No newline at end of file +- name: Fails if the pods go into ImagePullBackOff state + block: + - name: Waiting for awx deployment to be up and running + command: kubectl wait --for=condition=available deployment awx -n {{ awx_namespace }} --timeout=1200s + changed_when: false + + rescue: + - name: Display failure message + debug: + msg: "{{ deployment_failure_msg }}" \ No newline at end of file diff --git a/control_plane/roles/webui_awx/vars/main.yml b/control_plane/roles/webui_awx/vars/main.yml index adaaf6ac49..9ff59dd8c5 100644 --- a/control_plane/roles/webui_awx/vars/main.yml +++ b/control_plane/roles/webui_awx/vars/main.yml @@ -18,19 +18,33 @@ awx_namespace: awx awx_pv_yml_file_path: "{{ role_path }}/files/awx_projects_pv.yml" awx_postgres_pv_file_path: "{{ role_path }}/files/awx_postgres_pv.yml" -awx_pvc_yml_file_path: "{{ role_path }}/files/awx_projects_pvclaim.yml" awx_operator_yml_file_path: "{{ role_path }}/files/awx_operator.yml" awx_ee_docker_file: "{{ role_path }}/files/awx_ee.yml" awx_yml_file_path: "{{ role_path }}/files/awx.yml" postgres_storage_class: nfs-client projects_existing_claim: awx-pv-claim awx_version: 19.1.0 -file_perm: 644 +file_perm: '0644' awx_wait_time: 90 +deployment_failure_msg: "Deployment failed due to docker pull rate limit" # Usage: configure_settings.yml +awx_port: 8052 +awx_service_name: awx-ui +tower_config_file: "{{ role_path }}/files/.tower_cli.cfg" +tower_vault_file: "{{ role_path }}/files/.tower_vault_key" +vault_file_perm: '0644' +awx_tcp_ports: + - 80 + - 8383 + - 8686 + - 5432 + - 8052 + - 30000-32767 awx_ui_msg: "AWX Upgrading" return_status: 200 +max_retries: 20 +max_delay: 15 # Usage: awx_configuration.yml default_org: Default @@ -50,14 +64,14 @@ inventory_names: group_names: - { name: manager, description: "Group to store IP of head node" } - { name: compute, description: "Group to store IPs of compute nodes" } - - { name: login, description: "Group to store IP of login node" } - - { name: nfs, description: "Group to store IP of NFS node" } + - { name: login_node, description: "Group to store IP of login node" } + - { name: nfs_node, description: "Group to store IP of NFS node" } credential_details: - { name: idrac_credential, type: Network, username: "{{ idrac_username }}", password: "{{ idrac_password }}", flag: true } - { name: ethernet_credential, type: Machine, username: "{{ ethernet_switch_username }}", password: "{{ ethernet_switch_password }}", flag: "{{ ethernet_switch_support }}" } - { name: infiniband_credential, type: Network, username: "{{ ib_username }}", password: "{{ ib_password }}", flag: "{{ ib_switch_support }}" } - { name: powervault_me4_credential, type: Network, username: "{{ powervault_me4_username }}", password: "{{ powervault_me4_password }}", flag: "{{ powervault_support }}" } - - { name: node_credential, type: Machine, username: root, password: "{{ provision_password }}", flag: true } + - { name: node_credential, type: Machine, username: root, password: omnia@123, flag: true } job_template_details: - { name: idrac_template, inventory: idrac_inventory, playbook: control_plane/idrac.yml, credential: idrac_credential, flag: true } - { name: ethernet_template, inventory: ethernet_inventory, playbook: control_plane/ethernet.yml, credential: ethernet_credential, flag: "{{ ethernet_switch_support }}" } @@ -65,9 +79,8 @@ job_template_details: - { name: powervault_me4_template, inventory: powervault_me4_inventory, playbook: control_plane/powervault_me4.yml, credential: powervault_me4_credential, flag: "{{ powervault_support }}" } - { name: node_inventory_job, inventory: node_inventory, playbook: control_plane/collect_node_info.yml, credential: node_credential, flag: true } - { name: device_inventory_job, inventory: node_inventory, playbook: control_plane/collect_device_info.yml, credential: node_credential, flag: true } -deploy_omnia_details: - - { name: deploy_omnia_template, inventory: node_inventory, playbook: omnia.yml, credential: node_credential } -schedule_rule: "DTSTART:20210608T120000Z RRULE:FREQ=MINUTELY;INTERVAL=10" +omnia_job_template_details: + - { name: deploy_omnia_template, inventory: node_inventory, playbook: omnia.yml, credential: node_credential } scheduled_templates: - - { name: NodeInventorySchedule, template: node_inventory_job } - - { name: DeviceInventorySchedule, template: device_inventory_job } \ No newline at end of file + - { name: NodeInventorySchedule, template: node_inventory_job, schedule_rule: "DTSTART:20210815T120000Z RRULE:FREQ=MINUTELY;INTERVAL=10" } + - { name: DeviceInventorySchedule, template: device_inventory_job, schedule_rule: "DTSTART:20210815T060000Z RRULE:FREQ=DAILY;INTERVAL=1"} \ No newline at end of file