Merge pull request #2018 from dellhpc/devel-1.4.2.1

merge devel-1.4.2.1 to main

.github/workflows/ansible-lint.yml

@@ -9,6 +9,7 @@ on:
       - release-1.4.1
       - release-1.4.2
       - devel-1.4.2
+      - devel-1.4.2.1
       - devel-1.5
 
 jobs:

CONTRIBUTING.md

@@ -44,7 +44,7 @@ Contributions to Omnia are made through [Pull Requests (PRs)](https://help.githu
 ## Omnia Branches and Contribution Flow
 The diagram below describes the contribution flow. Omnia has two lifetime branches: `devel` and `release`. The `release` branch is reserved for releases and their associated tags. The `devel` branch is where all development work occurs. The `devel` branch is also the default branch for the project.
 
-![Omnia Branch Flowchart](docs/images/omnia-branch-structure.png "Flowchart of Omnia branches")
+![Omnia Branch Flowchart](docs/source/images/omnia-branch-structure.png "Flowchart of Omnia branches")
 
 ## Developer Certificate of Origin
 Contributions to Omnia must be signed with the [Developer Certificate of Origin (DCO)](https://developercertificate.org/):

accelerator/roles/repo_validation/vars/main.yml

@@ -14,7 +14,7 @@
 ---
 
 # Usage: repo_check.yml, repo_file_check.yml
-search_string: ['AppStream', 'BaseOS', 'CodeReadyBuilder']
+search_string: ['AppStream', 'BaseOS', 'CRB']
 
 # Usage: repo_check.yml
 xcat_repo_success_msg: "BaseOS, AppStream and CodeReady Builder repos validated successfully."

airgap/roles/airgap_validation/tasks/include_provision_config.yml

@@ -0,0 +1,76 @@
+# Copyright 2023 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Fetch ansible-vault path
+  ansible.builtin.command: whereis ansible-vault
+  changed_when: false
+  register: ansible_vault_path
+  tags: init
+
+- name: Check provision_config.yml file is encrypted
+  ansible.builtin.command: cat {{ provision_config_filename }}
+  changed_when: false
+  register: provision_config_content
+  no_log: true
+  tags: init
+
+- name: Decrpyt provision_config.yml
+  ansible.builtin.command: >-
+    {{ ansible_vault_path.stdout.split(' ')[1] }} decrypt {{ provision_config_filename }}
+    --vault-password-file {{ provision_vault_path }}
+  changed_when: false
+  when: ansible_vault_search_key in provision_config_content.stdout
+  tags: init
+
+- name: Include provision_config.yml
+  block:
+    - name: Include provision_config.yml
+      ansible.builtin.include_vars: "{{ provision_config_filename }}"
+      register: include_provision_config
+      no_log: true
+      tags: init
+  rescue:
+    - name: Failed to include_provision_config.yml
+      ansible.builtin.fail:
+        msg: "{{ provision_config_syntax_fail_msg }} Error: {{ include_provision_config.message }}"
+
+- name: Create ansible vault key
+  ansible.builtin.set_fact:
+    provision_vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
+  when: ansible_vault_search_key not in provision_config_content.stdout
+  tags: init
+
+- name: Save vault key to provision_vault_path
+  ansible.builtin.lineinfile:
+    path: "{{ provision_vault_path }}"
+    line: "{{ provision_vault_key }}"
+    mode: "{{ conf_file_mode }}"
+    owner: root
+    create: true
+  when: ansible_vault_search_key not in provision_config_content.stdout
+  tags: init
+
+- name: Encrypt provision_config.yml
+  ansible.builtin.command: >-
+    {{ ansible_vault_path.stdout.split(' ')[1] }} encrypt {{ provision_config_filename }}
+    --vault-password-file {{ provision_vault_path }}
+  changed_when: false
+  tags: init
+
+- name: Update provision_config.yml permission
+  ansible.builtin.file:
+    path: "{{ provision_config_filename }}"
+    mode: "{{ conf_file_mode }}"
+  tags: init

airgap/roles/airgap_validation/tasks/main.yml

@@ -13,7 +13,6 @@
 # limitations under the License.
 ---
 
-
 - name: Include provision configuration variables and validate them
   ansible.builtin.include_tasks: validate_provision_config.yml
 

airgap/roles/airgap_validation/tasks/set_reposync_status.yml

@@ -0,0 +1,50 @@
+# Copyright 2023 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Initialize reposync_status and set update_repos to lowercase
+  ansible.builtin.set_fact:
+    reposync_status: false
+    update_repos: "{{ update_repos | lower }}"
+
+- name: Verify the value of update_repos
+  ansible.builtin.assert:
+    that:
+      - update_repos == true or update_repos == false
+    success_msg: "{{ update_repos_success_msg }}"
+    fail_msg: "{{ update_repos_fail_msg }}"
+
+- name: Check for CRB repo directory
+  ansible.builtin.stat:
+    path: "{{ crb_dir }}"
+  register: crb_dir_status
+
+- name: Set reposync_status to true
+  ansible.builtin.set_fact:
+    reposync_status: true
+  when:
+    - not crb_dir_status.stat.exists or
+      update_repos
+
+- name: Reposync will be executed for the repos
+  ansible.builtin.pause:
+    seconds: "{{ warning_wait_time }}"
+    prompt: "{{ reposync_execution_msg }}"
+  when: reposync_status
+
+- name: Reposync will be skipped for the repos
+  ansible.builtin.pause:
+    seconds: "{{ warning_wait_time }}"
+    prompt: "{{ reposync_skip_msg }}"
+  when: not reposync_status

airgap/roles/airgap_validation/tasks/validate_cp_compatibility.yml

@@ -13,9 +13,10 @@
 # limitations under the License.
 ---
 
-- name: Check control plane OS when compute node is rhel
+- name: Check control plane OS when provision_os is rhel
   ansible.builtin.fail:
     msg: "{{ compatibility_msg }}"
   when:
     - compute_os_rhel_status
-    - not os_supported_rhel in ansible_facts['distribution'] | lower
+    - os_supported_rhel not in control_plane_os
+    - not rhel_repo_path_status

airgap/roles/airgap_validation/tasks/validate_provision_config.yml

@@ -13,60 +13,30 @@
 # limitations under the License.
 ---
 
-- name: Fetch ansible-vault path
-  ansible.builtin.command: whereis ansible-vault
-  changed_when: false
-  register: ansible_vault_path
-  tags: init
-
-- name: Check provision_config.yml file is encrypted
-  ansible.builtin.command: cat {{ provision_config_filename }}
-  changed_when: false
-  register: provision_config_content
-  no_log: true
-  tags: init
-
-- name: Decrpyt provision_config.yml
-  ansible.builtin.command: >-
-    {{ ansible_vault_path.stdout.split(' ')[1] }} decrypt {{ provision_config_filename }}
-    --vault-password-file {{ provision_vault_path }}
-  changed_when: false
-  when: ansible_vault_search_key in provision_config_content.stdout
-  tags: init
-
-- name: Include provision_config.yml
-  ansible.builtin.include_vars: "{{ provision_config_filename }}"
-  no_log: true
-  tags: init
-
-- name: Create ansible vault key
+- name: Set validation_status
   ansible.builtin.set_fact:
-    provision_vault_key: "{{ lookup('password', '/dev/null chars=ascii_letters') }}"
-  when: ansible_vault_search_key not in provision_config_content.stdout
-  tags: init
+    validation_status: false
+  when: validation_status is not defined
 
-- name: Save vault key to provision_vault_path
-  ansible.builtin.lineinfile:
-    path: "{{ provision_vault_path }}"
-    line: "{{ provision_vault_key }}"
-    mode: "{{ conf_file_mode }}"
-    owner: root
-    create: true
-  when: ansible_vault_search_key not in provision_config_content.stdout
-  tags: init
-
-- name: Encrypt provision_config.yml
-  ansible.builtin.command: >-
-    {{ ansible_vault_path.stdout.split(' ')[1] }} encrypt {{ provision_config_filename }}
-    --vault-password-file {{ provision_vault_path }}
-  changed_when: false
-  tags: init
-
-- name: Update provision_config.yml permission
-  ansible.builtin.file:
-    path: "{{ provision_config_filename }}"
-    mode: "{{ conf_file_mode }}"
-  tags: init
+- name: Set repo_validation_status
+  ansible.builtin.set_fact:
+    repo_validation_status: false
+  when: repo_validation_status is not defined
+
+- name: Include provision configuration variables
+  ansible.builtin.include_tasks: include_provision_config.yml
+  when:
+    - not validation_status
+    - not repo_validation_status
+
+- name: Set reposync_status for downloading repos
+  ansible.builtin.include_tasks: set_reposync_status.yml
+
+- name: Validate rhel_repo_path
+  ansible.builtin.include_tasks: validate_repo_path.yml
+  when:
+    - not validation_status
+    - not repo_validation_status
 
 - name: Initialise variables
   ansible.builtin.set_fact:

airgap/roles/airgap_validation/tasks/validate_repo_path.yml

@@ -0,0 +1,105 @@
+# Copyright 2023 Dell Inc. or its subsidiaries. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+
+- name: Set control_plane_os and rhel_repo_alphabetical_folders to lowercase
+  ansible.builtin.set_fact:
+    control_plane_os: "{{ ansible_distribution | lower }}"
+    rhel_repo_alphabetical_folders: "{{ rhel_repo_alphabetical_folders | lower }}"
+
+- name: Verify the value of rhel_repo_alphabetical_folders
+  ansible.builtin.assert:
+    that:
+      - rhel_repo_alphabetical_folders == true or rhel_repo_alphabetical_folders == false
+    success_msg: "{{ rhel_repo_folders_success_msg }}"
+    fail_msg: "{{ rhel_repo_folders_fail_msg }}"
+
+- name: Initialize rhel_repo_path_status
+  ansible.builtin.set_fact:
+    rhel_repo_path_status: false
+
+- name: Validate rhel_repo_local_path when provision os is rhel
+  when: provision_os | lower == provision_os_rhel
+  block:
+    - name: Fetch redhat subscription status
+      ansible.builtin.command: subscription-manager list
+      changed_when: false
+      register: rhsm_status
+      when: control_plane_os_redhat in control_plane_os
+
+    - name: Set rhel_repo_path_status to true
+      ansible.builtin.set_fact:
+        rhel_repo_path_status: true
+      when:
+        - rhel_repo_local_path[0].repo | default("", true) | length > 1
+        - rhel_repo_local_path[1].repo | default("", true) | length > 1
+        - rhel_repo_local_path[2].repo | default("", true) | length > 1
+        - rhel_repo_local_path[0].repo_url | default("", true) | length > 1
+        - rhel_repo_local_path[1].repo_url | default("", true) | length > 1
+        - rhel_repo_local_path[2].repo_url | default("", true) | length > 1
+        - rhel_repo_local_path[0].repo_name | default("", true) | length > 1
+        - rhel_repo_local_path[1].repo_name | default("", true) | length > 1
+        - rhel_repo_local_path[2].repo_name | default("", true) | length > 1
+
+    - name: Validate rhel_repo_local_path
+      when: rhel_repo_path_status
+      block:
+        - name: Validate rhel_repo_local_path
+          ansible.builtin.assert:
+            that: rhel_repo_local_path | length == 3
+            success_msg: "{{ repo_path_count_success_msg }}"
+            fail_msg: "{{ repo_path_count_fail_msg }}"
+
+        - name: Validate repo, repo_url and repo_name is not empty
+          ansible.builtin.assert:
+            that:
+              - item.repo | default("", true) | length > 1
+              - item.repo == rhel_repo_search_key[0] or item.repo == rhel_repo_search_key[1] or item.repo == rhel_repo_search_key[2]
+              - item.repo_url | default("", true) | length > 1
+              - item.repo_name | default("", true) | length > 1
+              - '".repo" in item.repo_url'
+            success_msg: "{{ repo_path_success_msg }}"
+            fail_msg: "{{ repo_path_fail_msg }}"
+          with_items: "{{ rhel_repo_local_path }}"
+
+        - name: Warning - redhat subscription not enabled
+          ansible.builtin.pause:
+            seconds: "{{ warning_wait_time }}"
+            prompt: "{{ rhel_subscription_warning_msg }}"
+          when:
+            - control_plane_os_redhat in control_plane_os
+            - subscription_check_key not in rhsm_status.stdout
+
+    - name: Check subscription repos configured
+      when:
+        - control_plane_os_redhat in control_plane_os
+        - not rhel_repo_path_status
+      block:
+        - name: Subscription is not enabled
+          ansible.builtin.fail:
+            msg: "{{ rhel_subscription_fail_msg }}"
+          when: subscription_check_key not in rhsm_status.stdout
+
+        - name: Fetch redhat enabled repo list
+          ansible.builtin.command: subscription-manager repos --list-enabled
+          changed_when: false
+          register: rhsm_repo_list
+
+        - name: Check redhat enabled repos
+          ansible.builtin.assert:
+            that:
+              - rhel_repo_search_key[0] | lower in rhsm_repo_list.stdout | lower
+              - rhel_repo_search_key[1] | lower in rhsm_repo_list.stdout | lower
+            success_msg: "{{ subscription_repo_success_msg }}"
+            fail_msg: "{{ subscription_repo_fail_msg }}"