Step 4: Provide Required Credentials for Omnia

Omnia provides an additional utility playbook called get_config_credentials.yml. When executed, this playbook creates an input file called omnia_config_credentials.yml and build_stream_oauth_credentials.yml in the /opt/omnia/input/project_default folder. The build_stream_oauth_credentials.yml file is only created if BuildStreaM is enabled in the build_stream_config.yml file. In this input file, you can preemptively provide all types of mandatory and optional credentials required by Omnia during its execution. Otherwise, you’ll be prompted to enter them during playbook execution.

Prerequisites

  • Ensure that the omnia_core container is up and running.

  • Ensure that the /opt/omnia/input/project_default/software_config.json file is updated with the packages that you want on your cluster.

  • Ensure that the /opt/omnia/input/project_default/build_stream_config.yml file is updated with the BuildStreaM configuration.

Task Performed by the Playbook

Creates an input file called omnia_config_credentials.yml and build_stream_oauth_credentials.yml in the /opt/omnia/input/project_default folder.

Execute the Playbook

To execute the playbook, run the following command:

ssh omnia_core
cd /omnia/utils/credential_utility
ansible-playbook get_config_credentials.yml

Things to Keep in Mind

  • While executing any Omnia playbook which requires certain credentials, you’ll now see a prompt to enter them during playbook execution.

  • Credential fields with the mandatory tag cannot be left empty. If the mandatory passwords are not provided or incorrect, the playbook execution will stop and exit while encrypting the credentials file in the background.

  • Credential fields with the optional tag can be skipped. Even if no input is provided, playbook execution will continue.

  • Credential fields with the conditional mandatory tag are only required if the corresponding feature is enabled in the input files. For example, if you want to deploy BuildStreaM on your cluster, you must provide the BuildStreaM credentials.

  • Passwords provided by you will be hidden. You must enter the password for a second time to confirm.

  • This utility also supports using tags to provide credentials for specific features or packages. For example, you can use --tags provision while executing the playbook to only bring up the credentials required to provision the cluster nodes.

Post Execution

After the playbook has been executed, verify if the omnia_config_credentials.yml and build_stream_oauth_credentials.yml input files are present in the /opt/omnia/input/project_default folder. Provide all required mandatory credentials for the cluster. See the table below to know more:

Note

By default, the omnia_config_credentials.yml input file is encrypted. Use the below command to view the file:

ansible-vault view omnia_config_credentials.yml --vault-password-file .omnia_config_credentials_key

Note

If user is decrypting the file, then it must be encrypted again:

ansible-vault encrypt omnia_config_credentials.yml --vault-password-file .omnia_config_credentials_key

Note

By default, the build_stream_oauth_credentials.yml input file is encrypted. Use the below command to view the file:

ansible-vault view build_stream_oauth_credentials.yml --vault-password-file .build_stream_oauth_credentials_key
Omnia credentials

Credential Name

Mandatory or Optional

Parameter

Details

Provision password

Mandatory

provision_password

  • Password required for root users during OS provisioning on cluster nodes.

  • Length must be at least 8 characters and must not contain commas (,), hyphens (-), single quotes ('), double quotes ("), or backslashes (\\).

BMC (iDRAC) username

Mandatory

bmc_username

Username for BMC (iDRAC) access. The same credentials must be used across all servers.

BMC (iDRAC) password

Mandatory

bmc_password

  • Password required for BMC (iDRAC) access.

  • Length must be at least 3 characters and must not contain commas (,), hyphens (-), single quotes ('), double quotes ("), or backslashes (\\).

Pulp container password

Mandatory

pulp_password

  • Password required for setting up the Pulp container.

  • Length must be at least 8 characters and must not contain commas (,), hyphens (-), single quotes ('), double quotes ("), or backslashes (\\).

MySQL DB username

Mandatory

mysqldb_user

  • Username of the MySQL user.

  • This parameter is mandatory in order to set up iDRAC telemetry services.

MySQL DB password

Mandatory

mysqldb_password

  • Password of the MySQL user.

  • This parameter is mandatory in order to set up iDRAC telemetry services.

MySQL DB root password

Mandatory

mysqldb_root_password

  • Root password of the MySQL database (DB).

  • This parameter is mandatory in order to set up iDRAC telemetry services.

Docker username

Optional

docker_username

  • Username for the Dockerhub account.

  • This is used to log in to Docker and pull required packages to the cluster.

Docker password

Optional

docker_password

  • Password for Dockerhub account.

  • Must be at least 8 characters long and can contain letters, numbers, and special characters.

Slurm database password

Optional

slurm_db_password

  • Password for the Slurm database.

  • Mandatory if you want to deploy Slurm on your cluster.

  • SlurmDB password must not contain special characters like hyphens (-), single quotes ('), double quotes ("), or backslashes (\\).

OpenLDAP database username

Optional

openldap_db_username

  • Username for OpenLDAP database admin.

  • Mandatory if you want to set up OpenLDAP authentication on your cluster.

  • Must not contain semicolons (;), square brackets ([]), or backticks (`).

OpenLDAP database password

Optional

openldap_db_password

  • Password for OpenLDAP database admin.

  • Mandatory if you want to set up OpenLDAP authentication on your cluster.

  • Must not contain hyphens (-), single quotes ('), double quotes ("), at symbols (@), or backslashes (\\).

Minio S3 bucket password

Mandatory

minio_s3_password

  • Password for Minio S3 bucket.

  • Should not be set to admin. Length must be between 5 and 128 characters and must not contain backslashes (\), hyphens (-), single quotes (‘), or double quotes (\").”

Postgres DB username

Conditional Mandatory

postgres_db_username

  • Enter the username to connect to the Postgres DB.

  • Mandatory only if BuildStreaM is enabled in the build_stream_config.yml file.

Postgres DB password

Conditional Mandatory

postgres_db_password

  • Enter the password to connect to the Postgres DB.

  • Mandatory only if BuildStreaM is enabled in the build_stream_config.yml file.

GitLab root password

Conditional Mandatory

gitlab_root_password

  • Enter the GitLab root password for BuildStreaM.

  • Mandatory only if BuildStreaM is enabled in the build_stream_config.yml file.

Caution

Once the cluster is up and running, you may only modify the bmc_username and bmc_password fields in the omnia_config_credentials.yml input file. To make these changes, use the command provided below. Do not alter any other fields in the file, as this may lead to unexpected failures.

ansible-vault edit omnia_config_credentials.yml --vault-password-file .omnia_config_credentials_key
BuildStreaM credentials

Credential Name

Mandatory or Optional

Parameter

Details

Build StreaM username

Conditional Mandatory

build_stream_oauth_username

  • Enter the username for the BuildStreamM pipeline.

  • Mandatory only if BuildStreamM is enabled in the build_stream_config.yml file.

Build StreaM password

Conditional Mandatory

build_stream_oauth_password

  • Enter the password for the BuildStreamM pipeline.

  • Mandatory only if BuildStreamM is enabled in the build_stream_config.yml file.

If you have any feedback about Omnia documentation, please reach out at omnia.readme@dell.com.