Issue #552: AWX code changes and one-touch implementation

control_plane/roles/deploy_job_templates/tasks/group_inventory.yml

@@ -0,0 +1,32 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Get the hosts in node_inventory
+  command: >-
+    awx --conf.host {{ awx_host }} --conf.username {{ awx_admin_user }} --conf.password {{ awx_password }}
+    --conf.insecure hosts list --inventory {{ node_inventory }} -f human --filter "name"
+  changed_when: false
+  no_log: true
+  register: hosts_list
+
+- name: Add the host to the group in node_inventory if present
+  awx.awx.tower_group:
+    name: "{{ item.split(',')[3] }}"
+    inventory: "{{ node_inventory }}"
+    hosts:
+      - "{{ item.split(',')[2] }}"
+    tower_config_file: "{{ tower_config_file }}"
+  when:
+    - item.split(',')[2] != "IP"
+    - item.split(',')[2] in hosts_list.stdout

control_plane/roles/deploy_job_templates/tasks/main.yml

@@ -0,0 +1,232 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+- name: Check if {{ tower_config_file }} file is encrypted
+  command: cat {{ tower_config_file }}
+  changed_when: false
+  no_log: true
+  register: config_content
+
+- name: Decrpyt {{ tower_config_file }}
+  command: >-
+    ansible-vault decrypt {{ tower_config_file }}
+    --vault-password-file {{ tower_vault_file }}
+  when: "'$ANSIBLE_VAULT;' in config_content.stdout"
+  changed_when: false
+
+- name: Change file permissions
+  file:
+    path: "{{ tower_config_file }}"
+    mode: "{{ file_perm }}"
+
+- name: Fetch awx host
+  command: grep "host:" "{{ tower_config_file }}"
+  changed_when: false
+  register: fetch_awx_host
+
+- name: Fetch awx password
+  command: grep "password:" "{{ tower_config_file }}"
+  changed_when: false
+  no_log: true
+  register: fetch_awx_password
+
+- name: Set awx variables
+  set_fact:
+    awx_host: "{{ fetch_awx_host.stdout | regex_replace('host: ','') }}"
+    awx_password: "{{ fetch_awx_password.stdout | regex_replace('password: ','') }}"
+  no_log: true
+
+- name: Launch dynamic inventory
+  block:
+    - name: Launch device inventory job template
+      awx.awx.tower_job_launch:
+        job_template: "{{ device_inventory_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+        timeout: "{{ awx_max_wait_time }}"
+      register: inventory_job_status
+  rescue:
+    - name: Restart awx pod
+      command: kubectl rollout restart deployment awx -n awx
+      changed_when: false
+      when:
+        - inventory_job_status.status is defined
+        - '"pending" in inventory_job_status.status'
+
+    - name: Wait for the awx pod to be up and running
+      wait_for:
+        timeout: "{{ pod_restart_time }}"
+      when:
+        - inventory_job_status.status is defined
+        - '"pending" in inventory_job_status.status'
+
+    - name: Launch device inventory job template
+      awx.awx.tower_job_launch:
+        job_template: "{{ device_inventory_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+        timeout: "{{ awx_max_wait_time }}"
+      when:
+        - inventory_job_status.status is defined
+        - '"pending" in inventory_job_status.status'
+
+    - name: Warning message for device inventory template
+      debug:
+        msg: "{{ device_inventory_template_warn_msg }}"
+      when:
+        - inventory_job_status.status is defined
+        - '"pending" not in inventory_job_status.status'
+
+- name: Configure TOR Switches
+  block:
+    - name: Launch ethernet job template for TOR switches
+      awx.awx.tower_job_launch:
+        job_template: "{{ ethernet_job_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+        timeout: "{{ awx_max_wait_time }}"
+      register: ethernet_job_status
+  rescue:
+    - name: Warning message for ethernet template
+      debug:
+        msg: "{{ ethernet_template_warn_msg }}"
+  when: ethernet_switch_support
+
+- name: Wait for 15 mins for DHCP to assign IP to devices
+  wait_for:
+    timeout: "{{ dhcp_wait_time }}"
+
+- name: Launch device inventory job template
+  awx.awx.tower_job_launch:
+    job_template: "{{ device_inventory_template }}"
+    tower_config_file: "{{ tower_config_file }}"
+    wait: yes
+    timeout: "{{ awx_max_wait_time }}"
+  register: inventory_job_status
+
+- name: Execute ethernet template
+  block:
+    - name: Launch ethernet job template for all switches
+      awx.awx.tower_job_launch:
+        job_template: "{{ ethernet_job_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+        timeout: "{{ awx_max_wait_time }}"
+      register: ethernet_job_status
+  rescue:
+    - name: Warning message for ethernet template
+      debug:
+        msg: "{{ ethernet_template_warn_msg }}"
+  when: ethernet_switch_support
+
+- name: Execute infiniband template
+  block:
+    - name: Launch infiniband job template
+      awx.awx.tower_job_launch:
+        job_template: "{{ infiniband_job_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+        timeout: "{{ awx_max_wait_time }}"
+      register: ib_job_status
+  rescue:
+    - name: Warning message for infiniband template
+      debug:
+        msg: "{{ infiniband_template_warn_msg }}"
+  when: ib_switch_support
+
+- name: Execute powervault_me4 template
+  block:
+    - name: Launch powervault_me4 job template
+      awx.awx.tower_job_launch:
+        job_template: "{{ powervault_me4_job_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+        timeout: "{{ awx_max_wait_time }}"
+      register: powervault_job_status
+  rescue:
+    - name: Warning message for powervault_me4 template
+      debug:
+        msg: "{{ powervault_template_warn_msg }}"
+  when: powervault_support
+
+- name: Execute idrac template
+  block:
+    - name: Launch idrac job template
+      awx.awx.tower_job_launch:
+        job_template: "{{ idrac_job_template }}"
+        tower_config_file: "{{ tower_config_file }}"
+        wait: yes
+      register: idrac_job_status
+  rescue:
+    - name: Warning message for idrac template
+      debug:
+        msg: "{{ idrac_template_warn_msg }}"
+
+- name: Wait for 30 mins for idrac provisioning to be completed and inventory to be updated in AWX
+  wait_for:
+    timeout: "{{ provisioning_wait_time }}"
+  when: host_mapping_file
+
+- name: Check the host_mapping_file_path output
+  command: cat {{ host_mapping_file_path }}
+  changed_when: false
+  register: mapping_file
+  when: host_mapping_file
+
+- name: Group the hosts in node_inventory when mapping file is present
+  include_tasks: "{{ role_path }}/tasks/group_inventory.yml"
+  with_items: "{{ mapping_file.stdout_lines }}"
+  when: host_mapping_file and component_role_support
+
+- name: Launch deploy_omnia job template
+  awx.awx.tower_job_launch:
+    job_template: "{{ component_role_job_template }}"
+    tower_config_file: "{{ tower_config_file }}"
+    wait: yes
+  register: component_role_job_status
+  when: host_mapping_file and component_role_support
+
+- name: Create awx job template for configuring new devices
+  awx.awx.tower_job_template:
+    name: "{{ item.name }}"
+    job_type: "run"
+    organization: "{{ awx_organization }}"
+    inventory: "{{ item.inventory }}"
+    project: "{{ project_name }}"
+    playbook: "{{ item.playbook }}"
+    credentials:
+     - "{{ item.credential }}"
+    state: present
+    tower_config_file: "{{ tower_config_file }}"
+  loop: "{{ job_template_details }}"
+
+- name: Build a schedule for configure new devices
+  awx.awx.tower_schedule:
+    name: "{{ item.name }}"
+    unified_job_template: "{{ item.template }}"
+    rrule: "{{ item.rrule }}"
+    state: present
+    tower_config_file: "{{ tower_config_file }}"
+  loop: "{{ scheduled_template }}"
+
+- name: Encrypt {{ tower_config_file }}
+  command: >-
+    ansible-vault encrypt {{ tower_config_file }}
+    --vault-password-file {{ tower_vault_file }}
+  changed_when: false
+
+- name: Change file permissions
+  file:
+    path: "{{ tower_config_file }}"
+    mode: "{{ file_perm }}"

control_plane/roles/deploy_job_templates/vars/main.yml

@@ -0,0 +1,44 @@
+# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+base_vars_file: "{{ role_path }}/../../input_params/base_vars.yml"
+awx_namespace: awx
+awx_admin_user: admin
+awx_port: 8052
+tower_config_file: "{{ role_path }}/../../roles/webui_awx/files/.tower_cli.cfg"
+tower_vault_file: "{{ role_path }}/../../roles/webui_awx/files/.tower_vault_key"
+ethernet_inventory: "ethernet_inventory"
+node_inventory: "node_inventory"
+device_inventory_template: "device_inventory_job"
+idrac_job_template: "idrac_template"
+ethernet_job_template: "ethernet_template"
+infiniband_job_template: "infiniband_template"
+powervault_me4_job_template: "powervault_me4_template"
+component_role_job_template: "deploy_omnia_template"
+job_execution_success_msg: "Job execution is successful"
+job_execution_failure_msg: "Job execution is failed!"
+device_inventory_template_warn_msg: "Device inventory template execution didn't exit successfully. Detailed output can be viewed on AWX UI"
+ethernet_template_warn_msg: "Ethernet template execution didn't exit successfully. Detailed output can be viewed on AWX UI"
+infiniband_template_warn_msg: "Infiniband template execution didn't exit successfully. Detailed output can be viewed on AWX UI"
+powervault_template_warn_msg: "Powervault_me4 template execution didn't exit successfully. Detailed output can be viewed on AWX UI"
+idrac_template_warn_msg: "idrac template execution didn't exit successfully. Detailed output can be viewed on AWX UI"
+provisioning_wait_time: 1800
+dhcp_wait_time: 900
+awx_max_wait_time: 900
+pod_restart_time: 90
+project_name: 'omnia'
+job_template_details:
+  - { name: configure_new_devices_job, inventory: idrac_inventory, playbook: control_plane/tools/configure_new_devices.yml, credential: idrac_credential }
+scheduled_template:
+  - { name: ConfigureNewDeviceSchedule, template: configure_new_devices_job, rrule: "DTSTART:20210729T063000Z RRULE:FREQ=DAILY;INTERVAL=1" }

control_plane/roles/webui_awx/files/awx_ee.yml

@@ -5,14 +5,16 @@ USER root
 # add Ansible galaxy dependencies
 ADD requirements.yml /tmp/requirements.yml
 
-# install omsdk
-RUN pip install omsdk --upgrade
+# install packages
+RUN pip install --upgrade \
+omsdk \
+netaddr
 
 # install Ansible Galaxy collections
 RUN ansible-galaxy collection install -r /tmp/requirements.yml --collections-path /usr/share/ansible/collections
 
 # add certificates
 RUN update-ca-trust force-enable
-RUN chmod -R 0777 /usr/share/ansible/collections
+RUN chmod -R 0777 /usr/share/ansible/collections 
 
 USER 1000