Skip to content

IBM Cloud Classic baremetal and VM config and roles #9384

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 8 commits into
base: development
Choose a base branch
from
Draft

IBM Cloud Classic baremetal and VM config and roles #9384

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
46c245c
Refactor XClarity power management role task organization
Jun 30, 2025
fef8b05
Adding xclarity cloud provider
Jul 8, 2025
bcbf039
add new ibm cloud classic vm and bare metal cloud provider and roles
Jul 10, 2025
47fff7a
remove xclarity words from most things, remove extra file
Jul 10, 2025
cc3db4c
fixed up lifecycle for optimization
Jul 11, 2025
fc430b8
fix destroy
Jul 11, 2025
f6635d2
clean up final info, add route53 dns entries
Jul 11, 2025
075e68c
removed some debugging
Jul 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 92 additions & 0 deletions ansible/cloud_providers/redfish_baremetal_destroy_env.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
---
- name: Step 000.0 Restore output directory archive
hosts: localhost
connection: local
gather_facts: false
become: false
tasks:
- name: Restore output_dir archive
when: agnosticd_save_output_dir_archive is defined
ansible.builtin.include_role:
name: agnosticd_restore_output_dir

- name: Step 001.1 Gather Baremetal Server Information
hosts: localhost
connection: local
gather_facts: false
become: false
tasks:
- name: Validate IBM Cloud server ID is provided
ansible.builtin.fail:
msg: "ibm_cloud_server_id is required. Please provide it as an extra var: -e ibm_cloud_server_id=YOUR_SERVER_ID"
when: ibm_cloud_server_id is not defined or ibm_cloud_server_id == ""

- name: Run baremetal info role
include_role:
name: "infra-ibm-cloud-classic-bm-info"
vars:
ibm_cloud_server_id: "{{ ibm_cloud_server_id }}"
save_to_file: false
display_results: false

- name: Step 001.2 BMC Operations run from Bastion
hosts: bastions[0]
gather_facts: false
become: false
vars:
ansible_python_interpreter: /usr/bin/python3
tasks:
- name: Remove console user
include_role:
name: "infra-redfish-user-management"
vars:
# BMC connection parameters
bmc_hostname: "{{ hostvars['localhost']['bm_server_info']['remote_mgmt_ip'] }}"
bmc_username: "{{ hostvars['localhost']['bm_server_info']['remote_mgmt_user'] }}"
bmc_password: "{{ hostvars['localhost']['bm_server_info']['remote_mgmt_password'] }}"
# User management parameters (no recursion)
target_username: "console"
user_action: "delete"
user_role: "PowerUser"
enable_user: false
when:
- cleanup_users | default(true) | bool
- hostvars['localhost']['bm_server_info'] is defined
- hostvars['localhost']['bm_server_info']['remote_mgmt_ip'] != ""

- name: Force power off servers before cleanup
include_role:
name: "infra-redfish-power-management"
vars:
# BMC connection parameters
bmc_hostname: "{{ hostvars['localhost']['bm_server_info']['remote_mgmt_ip'] }}"
bmc_username: "{{ hostvars['localhost']['bm_server_info']['remote_mgmt_user'] }}"
bmc_password: "{{ hostvars['localhost']['bm_server_info']['remote_mgmt_password'] }}"
# Force power off during destroy
power_action: "force_off"
enable_pxe_boot_and_reset: false
when:
- hostvars['localhost']['bm_server_info'] is defined
- hostvars['localhost']['bm_server_info']['remote_mgmt_ip'] != ""

- name: Step 001.3 Destroy IBM Cloud Classic VM Resources
hosts: localhost
connection: local
gather_facts: false
become: false
tasks:
- name: Destroy IBM Cloud Classic VMs and Security Groups
include_role:
name: "infra-ibm-cloud-classic-manage-vms"
vars:
ACTION: "destroy"
ibm_cloud_api_key: "{{ ibm_cloud_api_key }}"
output_dir: "{{ output_dir }}"
guid: "{{ guid }}"

- name: Destroy SSH key in IBM Cloud Classic
include_role:
name: "infra-ibm-cloud-classic-ssh-key"
vars:
ACTION: "destroy"
ibm_cloud_classic_api_key: "{{ ibm_cloud_api_key }}"
293 changes: 293 additions & 0 deletions ansible/cloud_providers/redfish_baremetal_infrastructure_deployment.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,293 @@
---
- name: Step 001.1 Deploy Redfish Baremetal Infrastructure
hosts: localhost
connection: local
gather_facts: false
become: false
tasks:
- name: Validate IBM Cloud server ID is provided
ansible.builtin.fail:
msg: "ibm_cloud_server_id is required. Please provide it as an extra var: -e ibm_cloud_server_id=YOUR_SERVER_ID"
when: ibm_cloud_server_id is not defined or ibm_cloud_server_id == ""

- name: Validate IBM Cloud API key is provided
ansible.builtin.fail:
msg: "ibm_cloud_api_key is required. Please provide it as an extra var: -e ibm_cloud_api_key=YOUR_API_KEY"
when: ibm_cloud_api_key is not defined or ibm_cloud_api_key == ""

- name: Generate secure password if not provided
ansible.builtin.set_fact:
generated_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters,digits') }}"

- name: Ensure generated password contains at least one number
ansible.builtin.set_fact:
generated_password: "{{ generated_password[:-1] + (range(0, 10) | random | string) }}"
when: not (generated_password | regex_search('[0-9]'))

- name: Ensure generated password contains at least one letter
ansible.builtin.set_fact:
generated_password: "{{ generated_password[:-1] + ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'] | random }}"
when: not (generated_password | regex_search('[A-Za-z]'))

- name: Run baremetal info role
ansible.builtin.include_role:
name: "infra-ibm-cloud-classic-bm-info"
vars:
ibm_cloud_server_id: "{{ ibm_cloud_server_id }}"
ibm_cloud_api_key: "{{ ibm_cloud_api_key }}"
save_to_file: false
display_results: true

- name: Create SSH provision key
ansible.builtin.include_role:
name: "create_ssh_provision_key"
when:
- ssh_provision_key_name is undefined

- name: Locate environment authorized key
ansible.builtin.include_role:
name: "locate_env_authorized_key"

- name: Create SSH key in IBM Cloud Classic
ansible.builtin.include_role:
name: "infra-ibm-cloud-classic-ssh-key"
vars:
ibm_cloud_classic_api_key: "{{ ibm_cloud_api_key }}"

- name: Store variables for PXE server setup on bastion
ansible.builtin.set_fact:
pxe_server_vars:
bm_server_info: "{{ bm_server_info }}"
rhel_iso_url: "{{ rhel_iso_url }}"
rhel_iso_username: "{{ rhel_iso_username | default(omit) }}"
rhel_iso_password: "{{ rhel_iso_password | default(omit) }}"
generated_password: "{{ generated_password }}"
domain_name: "{{ domain_name | default(cluster_dns_zone | default('example.com')) }}"
kickstart_ssh_key: "{{ ssh_provision_pubkey_content | default(ansible_ssh_user_public_key | default('')) }}"
pxe_server_private_interface: "{{ pxe_server_private_interface | default('eth0') }}"
kickstart_satellite_url: "{{ kickstart_satellite_url | default('') }}"
kickstart_activation_key: "{{ kickstart_activation_key | default('') }}"
kickstart_auth_token: "{{ kickstart_auth_token | default('') }}"
bm_server_private_netmask: "{{ bm_server_private_netmask | default('255.255.255.0') }}"
bm_server_public_netmask: "{{ bm_server_public_netmask | default('255.255.255.0') }}"
bm_server_public_gateway: "{{ bm_server_public_gateway | default('') }}"
bm_server_bonded_network: "{{ bm_server_bonded_network | default(false) }}"
baremetal_user_name: "{{ baremetal_user_name | default('cloud-user') }}"
when:
- setup_pxe_server | default(false)
- rhel_iso_url is defined
- bm_server_info is defined

- name: Set instances configuration for bastion host
ansible.builtin.set_fact:
instances:
- name: "bastion-{{ guid }}"
datacenter: "{{ bm_server_info.datacenter }}"
count: 1
cores: 1
memory: 2048
rootfs_size: 100
image: "REDHAT_9_64"
public_security_group_rules:
- name: "ssh"
description: "SSH access from anywhere"
rule_type: "ingress"
ether_type: "IPv4"
from_port: 22
to_port: 22
protocol: "tcp"
cidr: "0.0.0.0/0"
- name: "https"
description: "HTTPS access from anywhere"
rule_type: "ingress"
ether_type: "IPv4"
from_port: 443
to_port: 443
protocol: "tcp"
cidr: "0.0.0.0/0"
- name: "console-access"
description: "Console access port"
rule_type: "ingress"
ether_type: "IPv4"
from_port: 3900
to_port: 3900
protocol: "tcp"
cidr: "0.0.0.0/0"
- name: "all-egress-tcp"
description: "All tcp outbound traffic"
rule_type: "egress"
ether_type: "IPv4"
protocol: "tcp"
cidr: "0.0.0.0/0"
- name: "all-egress-udp"
description: "All udp outbound traffic"
rule_type: "egress"
ether_type: "IPv4"
protocol: "udp"
cidr: "0.0.0.0/0"
tags:
- "ansible_group:bastions"
- "guid:{{ guid }}"
ssh_key_ids:
- "{{ ssh_key_id }}"
user_metadata: "{{ guid }}"
notes: "Bastion host for {{ guid }}"
when:
- bm_server_info.private_vlan_id is defined
- bm_server_info.private_vlan_id != ""
- ssh_key_id is defined

- name: Deploy IBM Cloud Classic bastion host
ansible.builtin.include_role:
name: "infra-ibm-cloud-classic-manage-vms"
vars:
ibm_cloud_api_key: "{{ ibm_cloud_api_key }}"
private_vlan_id: "{{ bm_server_info.private_vlan_id }}"
ssh_private_key_path: "{{ env_authorized_key_path }}"
domain: "{{ cluster_dns_zone | default('example.com') }}"
when:
- bm_server_info.private_vlan_id is defined
- bm_server_info.private_vlan_id != ""

- name: Create in-memory inventory for deployed VMs
ansible.builtin.include_role:
name: "infra-ibm-cloud-classic-vm-inventory"
vars:
ssh_private_key_path: "{{ env_authorized_key_path }}"

- name: Step 001.1.1 Install packages on deployed VMs
hosts: all:!localhost
gather_facts: false
become: true
vars:
ansible_python_interpreter: /usr/bin/python3
ansible_ssh_private_key_file: "{{ hostvars['localhost']['env_authorized_key_path'] }}"
tasks:
- name: Install common packages on deployed VMs
ansible.builtin.dnf:
name: "{{ common_packages }}"
state: present
when:
- common_packages is defined
- common_packages | length > 0

- name: Install common pip packages on deployed VMs
ansible.builtin.pip:
name: "{{ common_pip_packages }}"
executable: pip3
state: present
when:
- common_pip_packages is defined
- common_pip_packages | length > 0

- name: Step 001.2 Configure PXE Server on Bastion Host
hosts: bastions
gather_facts: true
become: true
tasks:
- name: Set PXE server variables
ansible.builtin.set_fact:
bm_server_info: "{{ hostvars['localhost']['pxe_server_vars']['bm_server_info'] }}"
rhel_iso_url: "{{ hostvars['localhost']['pxe_server_vars']['rhel_iso_url'] }}"
rhel_iso_username: "{{ hostvars['localhost']['pxe_server_vars']['rhel_iso_username'] | default(omit) }}"
rhel_iso_password: "{{ hostvars['localhost']['pxe_server_vars']['rhel_iso_password'] | default(omit) }}"
generated_password: "{{ hostvars['localhost']['pxe_server_vars']['generated_password'] }}"
domain_name: "{{ hostvars['localhost']['pxe_server_vars']['domain_name'] | default(hostvars['localhost']['cluster_dns_zone'] | default('example.com')) }}"
kickstart_ssh_key: "{{ hostvars['localhost']['pxe_server_vars']['kickstart_ssh_key'] | default('') }}"
pxe_server_private_interface: "{{ hostvars['localhost']['pxe_server_vars']['pxe_server_private_interface'] | default('eth0') }}"
kickstart_satellite_url: "{{ hostvars['localhost']['pxe_server_vars']['kickstart_satellite_url'] | default('') }}"
kickstart_activation_key: "{{ hostvars['localhost']['pxe_server_vars']['kickstart_activation_key'] | default('') }}"
kickstart_auth_token: "{{ hostvars['localhost']['pxe_server_vars']['kickstart_auth_token'] | default('') }}"
bm_server_private_netmask: "{{ hostvars['localhost']['pxe_server_vars']['bm_server_private_netmask'] | default('255.255.255.0') }}"
bm_server_public_netmask: "{{ hostvars['localhost']['pxe_server_vars']['bm_server_public_netmask'] | default('255.255.255.0') }}"
bm_server_public_gateway: "{{ hostvars['localhost']['pxe_server_vars']['bm_server_public_gateway'] | default('') }}"
bm_server_bonded_network: "{{ hostvars['localhost']['pxe_server_vars']['bm_server_bonded_network'] | default(false) }}"
baremetal_user_name: "{{ hostvars['localhost']['pxe_server_vars']['baremetal_user_name'] | default('cloud-user') }}"
when:
- hostvars['localhost']['setup_pxe_server'] | default(false)
- hostvars['localhost']['pxe_server_vars'] is defined
- hostvars['localhost']['pxe_server_vars']['bm_server_info'] is defined

- name: Setup PXE server on bastion host
ansible.builtin.include_role:
name: "infra-ibm-cloud-classic-bm-pxe-server"
when:
- hostvars['localhost']['setup_pxe_server'] | default(false)
- hostvars['localhost']['pxe_server_vars'] is defined
- hostvars['localhost']['pxe_server_vars']['bm_server_info'] is defined

- name: Step 001.3 Configure Redfish User Management
hosts: bastions[0]
gather_facts: false
become: false
vars:
ansible_python_interpreter: /usr/bin/python3
tasks:
- name: Run Redfish user management role
ansible.builtin.include_role:
name: "infra-redfish-user-management"
vars:
# BMC connection parameters - direct to BMC
bmc_hostname: "{{ bm_server_info.remote_mgmt_ip }}"
bmc_username: "{{ bm_server_info.remote_mgmt_user }}"
bmc_password: "{{ bm_server_info.remote_mgmt_password }}"
# User management parameters (no recursion)
target_username: "console"
target_password: "{{ generated_password }}"
user_action: "create"
user_role: "PowerUser"
enable_user: "true"
when:
- bm_server_info is defined

- name: Step 001.3.5 Check and optimize boot order
hosts: bastions[0]
gather_facts: false
become: false
vars:
ansible_python_interpreter: /usr/bin/python3
tasks:
- name: Run Redfish boot order management
ansible.builtin.include_role:
name: "infra-redfish-power-management"
vars:
# BMC connection parameters - direct to BMC
bmc_hostname: "{{ bm_server_info.remote_mgmt_ip }}"
bmc_username: "{{ bm_server_info.remote_mgmt_user }}"
bmc_password: "{{ bm_server_info.remote_mgmt_password }}"
power_action: "status"
check_boot_order: true
when:
- bm_server_info is defined

- name: Step 001.4 Enable PXE boot and reset bare metal host
hosts: bastions[0]
gather_facts: false
become: false
vars:
ansible_python_interpreter: /usr/bin/python3
tasks:
- name: Run Redfish power management role
ansible.builtin.include_role:
name: "infra-redfish-power-management"
vars:
# BMC connection parameters - direct to BMC
bmc_hostname: "{{ bm_server_info.remote_mgmt_ip }}"
bmc_username: "{{ bm_server_info.remote_mgmt_user }}"
bmc_password: "{{ bm_server_info.remote_mgmt_password }}"
power_action: "status"
enable_pxe_boot_and_reset: true
check_boot_order: false # Skip boot order check since we already did it
when:
- bm_server_info is defined

- name: Step 002.0 Save output directory archive
hosts: localhost
connection: local
gather_facts: false
become: false
tasks:
- name: Save output_dir archive
when: agnosticd_save_output_dir_archive is defined
ansible.builtin.include_role:
name: agnosticd_save_output_dir
Loading
Loading