From 54e1e6d2c4bd5924dc04f4ab799d011c838d8b16 Mon Sep 17 00:00:00 2001 From: Jennifer-John Date: Wed, 15 May 2024 11:22:43 +0530 Subject: [PATCH 1/3] [Roles][BugFix] Add fix for mdm cluster connect --- roles/powerflex_config/tasks/main.yml | 8 ++ roles/powerflex_lia/tasks/install_lia.yml | 24 ++++ .../tasks/install_powerflex4x_mdm.yml | 7 + roles/powerflex_sdr/tasks/add_sdr.yml | 10 +- roles/powerflex_sdr/tasks/remove_sdr.yml | 43 ++++-- roles/powerflex_sds/tasks/install_sds.yml | 8 ++ .../tasks/connect_mdm_cluster.yml | 132 ++++++++++++++++++ roles/powerflex_tb/tasks/install_tb4x.yml | 7 + roles/powerflex_tb/tasks/set_tb_ips.yml | 18 ++- 9 files changed, 241 insertions(+), 16 deletions(-) create mode 100644 roles/powerflex_tb/tasks/connect_mdm_cluster.yml diff --git a/roles/powerflex_config/tasks/main.yml b/roles/powerflex_config/tasks/main.yml index 67bad80..f1611a6 100644 --- a/roles/powerflex_config/tasks/main.yml +++ b/roles/powerflex_config/tasks/main.yml @@ -46,6 +46,14 @@ delegate_to: "{{ powerflex_config_mdm_primary_hostname }}" when: powerflex_config_array_version == '4' +- name: Add certificate file for PowerFlex version 4.x + ansible.builtin.command: scli --add_certificate --certificate_file /opt/emc/scaleio/mdm/cfg/mgmt_ca.pem + run_once: true + register: powerflex_config_add_certificate + changed_when: powerflex_config_add_certificate.rc == 0 + delegate_to: "{{ powerflex_config_mdm_primary_hostname }}" + when: powerflex_config_array_version == '4' + - name: Login to MDM for PowerFlex version 4.x ansible.builtin.command: scli --login --p12_path /opt/emc/scaleio/mdm/cfg/cli_certificate.p12 --p12_password {{ password }} run_once: true diff --git a/roles/powerflex_lia/tasks/install_lia.yml b/roles/powerflex_lia/tasks/install_lia.yml index 4b987b8..f5aca70 100644 --- a/roles/powerflex_lia/tasks/install_lia.yml +++ b/roles/powerflex_lia/tasks/install_lia.yml @@ -20,3 +20,27 @@ - name: Include install_powerflex.yml ansible.builtin.include_tasks: ../../powerflex_common/tasks/install_powerflex.yml + +- name: Check if /opt/emc/scaleio/lia/cfg/conf.txt exists + ansible.builtin.stat: + path: /opt/emc/scaleio/lia/cfg/conf.txt + register: powerflex_lia_conf_file_stat + +- name: Update lia_mtls_only + ansible.builtin.lineinfile: + path: /opt/emc/scaleio/lia/cfg/conf.txt + regexp: '^lia_mtls_only=1$' + state: absent + when: powerflex_lia_conf_file_stat.stat.exists + +- name: Replace lia_token value + ansible.builtin.replace: + path: /opt/emc/scaleio/lia/cfg/conf.txt + regexp: '^lia_token=.*$' + replace: 'lia_token={{ powerflex_lia_token }}' + when: powerflex_lia_conf_file_stat.stat.exists + +- name: PKill LIA for config changes effect + ansible.builtin.command: pkill lia + register: powerflex_lia_pkill_ouput + changed_when: powerflex_lia_pkill_ouput.rc == 0 diff --git a/roles/powerflex_mdm/tasks/install_powerflex4x_mdm.yml b/roles/powerflex_mdm/tasks/install_powerflex4x_mdm.yml index 6716433..5a36649 100644 --- a/roles/powerflex_mdm/tasks/install_powerflex4x_mdm.yml +++ b/roles/powerflex_mdm/tasks/install_powerflex4x_mdm.yml @@ -51,6 +51,13 @@ run_once: true delegate_to: "{{ powerflex_mdm_primary_hostname }}" +- name: Add certificate file for PowerFlex version 4.x + ansible.builtin.command: scli --add_certificate --certificate_file /opt/emc/scaleio/mdm/cfg/mgmt_ca.pem + run_once: true + register: powerflex_mdm_add_certificate + changed_when: powerflex_mdm_add_certificate.rc == 0 + delegate_to: "{{ powerflex_mdm_primary_hostname }}" + - name: Login to primary MDM node register: powerflex_mdm_secondary_login ansible.builtin.command: > diff --git a/roles/powerflex_sdr/tasks/add_sdr.yml b/roles/powerflex_sdr/tasks/add_sdr.yml index f7cbfa3..ba365ce 100644 --- a/roles/powerflex_sdr/tasks/add_sdr.yml +++ b/roles/powerflex_sdr/tasks/add_sdr.yml @@ -54,7 +54,7 @@ rescue: - name: Generate login certificate using primary_mdm_ip ansible.builtin.command: > - scli --generate_login_certificate --management_system_ip {{ powerflex_sdr_primary_mdm_ip }} --username {{ username }} + scli --generate_login_certificate --management_system_ip {{ powerflex_sdr_mdm_primary_ip }} --username {{ username }} --password {{ password }} --p12_path /opt/emc/scaleio/mdm/cfg/cli_certificate.p12 --p12_password {{ password }} --insecure run_once: true register: powerflex_sdr_generate_login_certificate_mdm_ip @@ -62,6 +62,14 @@ delegate_to: "{{ powerflex_sdr_mdm_primary_hostname }}" when: powerflex_sdr_array_version != "3" +- name: Add certificate file for PowerFlex version 4.x + ansible.builtin.command: scli --add_certificate --certificate_file /opt/emc/scaleio/mdm/cfg/mgmt_ca.pem + run_once: true + register: powerflex_sdr_add_certificate + changed_when: powerflex_sdr_add_certificate.rc == 0 + delegate_to: "{{ powerflex_sdr_mdm_primary_hostname }}" + when: powerflex_sdr_array_version != '3' + - name: Login to MDM for PowerFlex version 4.x ansible.builtin.command: scli --login --p12_path /opt/emc/scaleio/mdm/cfg/cli_certificate.p12 --p12_password {{ password }} run_once: true diff --git a/roles/powerflex_sdr/tasks/remove_sdr.yml b/roles/powerflex_sdr/tasks/remove_sdr.yml index 3bf33b6..17ec575 100644 --- a/roles/powerflex_sdr/tasks/remove_sdr.yml +++ b/roles/powerflex_sdr/tasks/remove_sdr.yml @@ -29,17 +29,42 @@ no_log: true when: powerflex_sdr_array_version == "3" -- name: Login to mdm for PowerFlex version 4.x - ansible.builtin.command: > - scli --login --management_system_ip {{ hostname }} - --username admin - --password "{{ password }}" - --approve_certificate +- name: Generate login certificate for PowerFlex version 4.x + block: + - name: Generate login certificate using management_system_ip + ansible.builtin.command: > + scli --generate_login_certificate --management_system_ip {{ hostname }} --username {{ username }} --password {{ password }} + --p12_path /opt/emc/scaleio/mdm/cfg/cli_certificate.p12 --p12_password {{ password }} --insecure + run_once: true + register: powerflex_sdr_generate_login_certificate + changed_when: powerflex_sdr_generate_login_certificate.rc == 0 + delegate_to: "{{ powerflex_sdr_mdm_primary_hostname }}" + when: powerflex_sdr_array_version != "3" + rescue: + - name: Generate login certificate using primary_mdm_ip + ansible.builtin.command: > + scli --generate_login_certificate --management_system_ip {{ powerflex_sdr_mdm_primary_ip }} --username {{ username }} + --password {{ password }} --p12_path /opt/emc/scaleio/mdm/cfg/cli_certificate.p12 --p12_password {{ password }} --insecure + run_once: true + register: powerflex_sdr_generate_login_certificate_mdm_ip + changed_when: powerflex_sdr_generate_login_certificate_mdm_ip.rc == 0 + delegate_to: "{{ powerflex_sdr_mdm_primary_hostname }}" + when: powerflex_sdr_array_version != "3" + +- name: Add certificate file for PowerFlex version 4.x + ansible.builtin.command: scli --add_certificate --certificate_file /opt/emc/scaleio/mdm/cfg/mgmt_ca.pem run_once: true - register: powerflex_initial_login + register: powerflex_sdr_add_certificate + changed_when: powerflex_sdr_add_certificate.rc == 0 + delegate_to: "{{ powerflex_sdr_mdm_primary_hostname }}" + when: powerflex_sdr_array_version != '3' + +- name: Login to MDM for PowerFlex version 4.x + ansible.builtin.command: scli --login --p12_path /opt/emc/scaleio/mdm/cfg/cli_certificate.p12 --p12_password {{ password }} + run_once: true + register: powerflex_sdr_login_output + changed_when: powerflex_sdr_login_output.rc == 0 delegate_to: "{{ powerflex_sdr_mdm_primary_hostname }}" - changed_when: powerflex_initial_login.rc == 0 - no_log: true when: powerflex_sdr_array_version != "3" - name: Output msg of previous task login to mdm diff --git a/roles/powerflex_sds/tasks/install_sds.yml b/roles/powerflex_sds/tasks/install_sds.yml index 010aee0..e6abdbd 100644 --- a/roles/powerflex_sds/tasks/install_sds.yml +++ b/roles/powerflex_sds/tasks/install_sds.yml @@ -59,6 +59,14 @@ delegate_to: "{{ powerflex_sds_primary_mdm_hostname }}" when: powerflex_sds_array_version != "3" +- name: Add certificate file for PowerFlex version 4.x + ansible.builtin.command: scli --add_certificate --certificate_file /opt/emc/scaleio/mdm/cfg/mgmt_ca.pem + run_once: true + register: powerflex_sds_add_certificate + changed_when: powerflex_sds_add_certificate.rc == 0 + delegate_to: "{{ powerflex_sds_primary_mdm_hostname }}" + when: powerflex_sds_array_version != '3' + - name: Login to MDM for PowerFlex version 4.x ansible.builtin.command: scli --login --p12_path /opt/emc/scaleio/mdm/cfg/cli_certificate.p12 --p12_password {{ password }} run_once: true diff --git a/roles/powerflex_tb/tasks/connect_mdm_cluster.yml b/roles/powerflex_tb/tasks/connect_mdm_cluster.yml new file mode 100644 index 0000000..b424b1f --- /dev/null +++ b/roles/powerflex_tb/tasks/connect_mdm_cluster.yml @@ -0,0 +1,132 @@ +--- +- name: Get login token + ansible.builtin.uri: + url: "https://{{ hostname }}:{{ port }}/api/gatewayLogin" + validate_certs: "{{ validate_certs }}" + user: "{{ username }}" + password: "{{ password }}" + method: GET + force_basic_auth: true + delegate_to: "{{ lookup('ansible.builtin.env', 'RUNON', default='localhost') }}" + run_once: true + no_log: true + register: powerflex_tb_login_token_response + +- name: Get LIA credentials + ansible.builtin.uri: + url: "https://{{ hostname }}:{{ port }}/api/V1/Credential?filter=eq,label,DELL_POWERFLEX_LIA" + method: GET + validate_certs: "{{ validate_certs }}" + headers: + Authorization: "Bearer {{ powerflex_tb_login_token_response.json }}" + delegate_to: "{{ lookup('ansible.builtin.env', 'RUNON', default='localhost') }}" + run_once: true + register: powerflex_tb_lia_credentials + +- name: Set credential ID + ansible.builtin.set_fact: + powerflex_tb_lia_credential_id: "{{ powerflex_tb_lia_credentials.json.credentialList[0].credential.id }}" + when: powerflex_tb_lia_credentials is defined and powerflex_tb_lia_credentials.json.credentialList | length > 0 + +- name: Create LIA credentials if not exists + when: powerflex_tb_lia_credentials.json.credentialList | length == 0 + block: + - name: Create LIA credentials payload + ansible.builtin.set_fact: + powerflex_tb_lia_credential: + credential: + type: "ManagementSystemCredential" + label: "DELL_POWERFLEX_LIA" + username: "{{ username }}" + password: "{{ password }}" + liaPassword: "{{ powerflex_lia_token }}" + + - name: Create LIA credentials + ansible.builtin.uri: + url: "https://{{ hostname }}:{{ port }}/api/V1/Credential" + validate_certs: "{{ validate_certs }}" + method: POST + headers: + Authorization: "Bearer {{ powerflex_tb_login_token_response.json }}" + Content-Type: "application/json" + body: "{{ powerflex_tb_lia_credential | to_json }}" + register: powerflex_tb_lia_create_credentials + delegate_to: "{{ lookup('ansible.builtin.env', 'RUNON', default='localhost') }}" + run_once: true + changed_when: powerflex_tb_lia_create_credentials.status == 200 + + - name: Set credential ID + ansible.builtin.set_fact: + powerflex_tb_lia_credential_id: "{{ powerflex_tb_lia_create_credentials.json.credential.id }}" + when: powerflex_tb_lia_create_credentials is defined + +- name: Set discovery request payload + ansible.builtin.set_fact: + discovery_request_payload: + discoveryRequestList: + DiscoverIPRangeDeviceRequest: + - deviceManagementSystemCredRef: "{{ powerflex_tb_lia_credential_id }}" + deviceManagementSystemIPAddress: "{{ powerflex_tb_device_management_system_ip_address }}" + deviceManagementSystemId: "{{ powerflex_tb_system_id }}" + deviceType: "powerflex_management_system" + hostName: "block-legacy-gateway" + unmanaged: false + reserved: false + serverPoolId: "" + autoConfigureAlerts: true + snmpConfigure: true + when: powerflex_tb_lia_credentials is defined + +- name: Create connect mdm cluster payload + ansible.builtin.uri: + url: "https://{{ hostname }}:{{ port }}/api/V1/DiscoveryRequest" + validate_certs: "{{ validate_certs }}" + method: POST + headers: + Authorization: "Bearer {{ powerflex_tb_login_token_response.json }}" + Content-Type: "application/json" + body: "{{ discovery_request_payload | to_json }}" + status_code: 202 + when: powerflex_tb_lia_credentials is defined + delegate_to: "{{ lookup('ansible.builtin.env', 'RUNON', default='localhost') }}" + run_once: true + register: powerflex_tb_connect_mdm_cluster_output + changed_when: powerflex_tb_connect_mdm_cluster_output.status == 202 + +- name: Extract Job ID from connect mdm cluster output + ansible.builtin.set_fact: + powerflex_tb_connect_mdm_cluster_job_id: "{{ powerflex_tb_connect_mdm_cluster_output.link | regex_search('Job-[a-zA-Z0-9-]+') }}" + when: powerflex_tb_connect_mdm_cluster_output is defined + +- name: Track job + register: powerflex_tb_connect_mdm_cluster_job_status + ansible.builtin.uri: + url: "https://{{ hostname }}:{{ port }}/API/V1/JobHistory/{{ powerflex_tb_connect_mdm_cluster_job_id }}/status" + validate_certs: "{{ validate_certs }}" + method: GET + headers: + Authorization: "Bearer {{ powerflex_tb_login_token_response.json }}" + status_code: 200 + run_once: true + retries: 5 + delay: 10 + delegate_to: "{{ lookup('ansible.builtin.env', 'RUNON', default='localhost') }}" + when: powerflex_tb_connect_mdm_cluster_job_id is defined + until: powerflex_tb_connect_mdm_cluster_job_status.json != "IN_PROGRESS" + failed_when: powerflex_tb_connect_mdm_cluster_job_status.json == "FAILED" + changed_when: powerflex_tb_connect_mdm_cluster_job_status.json == "SUCCEESSFUL" + +- name: Wait for API login call to be successful + register: powerflex_tb_api_login + ansible.builtin.uri: + url: "https://{{ hostname }}:{{ port }}/api/login" + user: "{{ username }}" + password: "{{ password }}" + validate_certs: "{{ validate_certs }}" + method: GET + delegate_to: "{{ lookup('ansible.builtin.env', 'RUNON', default='localhost') }}" + run_once: true + ignore_errors: true + retries: 5 + delay: 10 + until: powerflex_tb_api_login.status == 200 diff --git a/roles/powerflex_tb/tasks/install_tb4x.yml b/roles/powerflex_tb/tasks/install_tb4x.yml index d34857b..9ae3bc1 100644 --- a/roles/powerflex_tb/tasks/install_tb4x.yml +++ b/roles/powerflex_tb/tasks/install_tb4x.yml @@ -20,6 +20,10 @@ changed_when: powerflex_tb_login_output.rc == 0 delegate_to: "{{ powerflex_tb_mdm_primary_hostname }}" +- name: Extract System ID + ansible.builtin.set_fact: + powerflex_tb_system_id: "{{ powerflex_tb_login_output.stdout | regex_search('System ID is (\\w+)', '\\1') | first }}" + - name: Add primary TB ansible.builtin.command: > scli --add_standby_mdm @@ -67,3 +71,6 @@ changed_when: powerflex_tb_cluster_to_five_output.rc == 0 delegate_to: "{{ powerflex_tb_mdm_primary_hostname }}" when: powerflex_tb_mdm_cluster_mode[0] != "5_node" and powerflex_tb_cluster_mode == "FiveNodes" + +- name: Connect MDM cluster + ansible.builtin.include_tasks: connect_mdm_cluster.yml diff --git a/roles/powerflex_tb/tasks/set_tb_ips.yml b/roles/powerflex_tb/tasks/set_tb_ips.yml index 34c0144..f2c534f 100644 --- a/roles/powerflex_tb/tasks/set_tb_ips.yml +++ b/roles/powerflex_tb/tasks/set_tb_ips.yml @@ -11,19 +11,25 @@ powerflex_tb_mdm_secondary_ip: "{{ hostvars[groups['mdm'][1]]['ansible_host'] }}" powerflex_tb_mdm_secondary_hostname: "{{ hostvars[groups['mdm'][1]]['inventory_hostname'] }}" -- name: Set fact - powerflex_tb_mdm_tertiary_ip - ansible.builtin.set_fact: - powerflex_tb_mdm_tertiary_ip: "{{ hostvars[groups['tb'][2]]['ansible_host'] }}" - powerflex_tb_mdm_tertiary_hostname: "{{ hostvars[groups['tb'][2]]['inventory_hostname'] }}" - when: "powerflex_tb_mdm_count | int > 2" - - name: Set fact - powerflex_tb_primary ansible.builtin.set_fact: powerflex_tb_primary_ip: "{{ hostvars[groups['tb'][0]]['ansible_host'] }}" powerflex_tb_primary_hostname: "{{ hostvars[groups['tb'][0]]['inventory_hostname'] }}" +- name: Set fact - powerflex_tb_device_management_system_ip_address + ansible.builtin.set_fact: + powerflex_tb_device_management_system_ip_address: "{{ powerflex_tb_mdm_primary_ip }}, {{ powerflex_tb_mdm_secondary_ip }}, {{ powerflex_tb_primary_ip }}" + - name: Set fact - powerflex_tb_primary ansible.builtin.set_fact: powerflex_tb_secondary_ip: "{{ hostvars[groups['tb'][1]]['ansible_host'] }}" powerflex_tb_secondary_hostname: "{{ hostvars[groups['tb'][1]]['inventory_hostname'] }}" + powerflex_tb_device_management_system_ip_address: "{{ powerflex_tb_device_management_system_ip_address }}, {{ powerflex_tb_secondary_ip }}" when: "powerflex_tb_count | int > 1" + +- name: Set fact - powerflex_tb_mdm_tertiary_ip + ansible.builtin.set_fact: + powerflex_tb_mdm_tertiary_ip: "{{ hostvars[groups['tb'][2]]['ansible_host'] }}" + powerflex_tb_mdm_tertiary_hostname: "{{ hostvars[groups['tb'][2]]['inventory_hostname'] }}" + powerflex_tb_device_management_system_ip_address: "{{ powerflex_tb_device_management_system_ip_address }}, {{ powerflex_tb_mdm_tertiary_ip }}" + when: "powerflex_tb_mdm_count | int > 2" From fb1317a28bd591884277a406c30b294d37f1cddd Mon Sep 17 00:00:00 2001 From: Jennifer-John Date: Wed, 15 May 2024 15:51:07 +0530 Subject: [PATCH 2/3] fix payload --- roles/powerflex_tb/tasks/connect_mdm_cluster.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/roles/powerflex_tb/tasks/connect_mdm_cluster.yml b/roles/powerflex_tb/tasks/connect_mdm_cluster.yml index b424b1f..e166a93 100644 --- a/roles/powerflex_tb/tasks/connect_mdm_cluster.yml +++ b/roles/powerflex_tb/tasks/connect_mdm_cluster.yml @@ -37,8 +37,7 @@ credential: type: "ManagementSystemCredential" label: "DELL_POWERFLEX_LIA" - username: "{{ username }}" - password: "{{ password }}" + password: "{{ powerflex_lia_token }}" liaPassword: "{{ powerflex_lia_token }}" - name: Create LIA credentials From 64b3827801130462146fbd74673247a52e0cc144 Mon Sep 17 00:00:00 2001 From: Jennifer-John Date: Tue, 21 May 2024 11:06:43 +0530 Subject: [PATCH 3/3] Fix lint issues --- roles/powerflex_gateway/tasks/install_keepalived.yml | 2 +- roles/powerflex_sdc/tasks/install_sdc.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/powerflex_gateway/tasks/install_keepalived.yml b/roles/powerflex_gateway/tasks/install_keepalived.yml index df6fd9d..9b106ab 100644 --- a/roles/powerflex_gateway/tasks/install_keepalived.yml +++ b/roles/powerflex_gateway/tasks/install_keepalived.yml @@ -25,4 +25,4 @@ mode: '0600' owner: root group: root - notify: restart keepalived + notify: Restart keepalived diff --git a/roles/powerflex_sdc/tasks/install_sdc.yml b/roles/powerflex_sdc/tasks/install_sdc.yml index 27c82db..25c6e81 100644 --- a/roles/powerflex_sdc/tasks/install_sdc.yml +++ b/roles/powerflex_sdc/tasks/install_sdc.yml @@ -70,6 +70,6 @@ mode: "0600" owner: "root" group: "root" - notify: restart scini + notify: Restart scini when: - ansible_distribution not in ['WindowsOS', 'SLES', 'VMkernel']