Step 3: Provide required credentials for Omnia

Omnia provides an additional utility playbook called get_config_credentials.yml. This playbook upon execution creates an input file called omnia_config_credentials.yml in the /opt/omnia/input/project_default folder. In this input file, you can preemptively provide all types of mandatory and optional credentials required by Omnia during its execution. Otherwise, you’ll be prompted to enter them during playbook execution.

Prerequisites

  • Ensure that the omnia_core container is up and running.

  • Ensure that the /opt/omnia/input/project_default/software_config.json file is updated with the packages that you want on your cluster.

Task performed by the playbook

Creates an input file called omnia_config_credentials.yml in the /opt/omnia/input/project_default folder.

Execute the playbook

To execute the playbook, run the following command:

ssh omnia_core
cd /omnia/utils/credential_utility
ansible-playbook get_config_credentials.yml

Things to keep in mind

  • While executing any Omnia playbook which requires certain credentials, you’ll now see a prompt to enter them during playbook execution.

  • Credential fields which have the tag mandatory cannot be left empty. If the mandatory passwords are not provided or incorrect, the playbook execution will stop and exit while encrypting the credentials file in the background.

  • Credential fields which have the tag optional can be skipped. Even if no input is provided, playbook execution will continue.

  • Passwords provided by you will be hidden. You must enter the password for a second time to confirm.

  • This utility also supports using tags to provide credentials for specific features or packages. For example, you can use --tags provision while executing the playbook to only bring up the credentials required to provision the cluster nodes.

Post execution

After the playbook has been executed, verify if the omnia_config_credentials.yml input file is present in the /opt/omnia/input/project_default folder. Provide all required mandatory credentials for the cluster. See the table below to know more:

Note

By default, the omnia_config_credentials.yml input file is encrypted. Use the below command to decrypt the file:

ansible-vault view omnia_config_credentials.yml --vault-password-file .omnia_config_credentials_key
Omnia credentials

Credential Name

Mandatory or Optional

Parameter

Details

Provision password

Mandatory

provision_password

  • Password required for root users during OS provisioning on cluster nodes.

  • Length must be at least 8 characters and must not contain commas (,), hyphens (-), single quotes ('), double quotes ("), or backslashes (\\).

BMC (iDRAC) username

Mandatory

bmc_username

Username for BMC (iDRAC) access. The same credentials must be used across all servers.

BMC (iDRAC) password

Mandatory

bmc_password

  • Password required for BMC (iDRAC) access.

  • Length must be at least 3 characters and must not contain commas (,), hyphens (-), single quotes ('), double quotes ("), or backslashes (\\).

Pulp container password

Mandatory

pulp_password

  • Password required for setting up the Pulp container.

  • Length must be at least 8 characters and must not contain commas (,), hyphens (-), single quotes ('), double quotes ("), or backslashes (\\).

MySQL DB username

Mandatory

mysqldb_user

  • Username of the MySQL user.

  • This parameter is mandatory in order to set up iDRAC telemetry services.

MySQL DB password

Mandatory

mysqldb_password

  • Password of the MySQL user.

  • This parameter is mandatory in order to set up iDRAC telemetry services.

MySQL DB root password

Mandatory

mysqldb_root_password

  • Root password of the MySQL database (DB).

  • This parameter is mandatory in order to set up iDRAC telemetry services.

Docker username

Optional

docker_username

  • Username for the Dockerhub account.

  • This is used to log in to Docker and pull required packages to the cluster.

Docker password

Optional

docker_password

  • Password for Dockerhub account.

  • Must be at least 8 characters long and can contain letters, numbers, and special characters.

Slurm database password

Optional

slurm_db_password

  • Password for the Slurm database.

  • Mandatory if you want to deploy Slurm on your cluster.

  • SlurmDB password must not contain special characters like hyphens (-), single quotes ('), double quotes ("), or backslashes (\\).

OpenLDAP database username

Optional

openldap_db_username

  • Username for OpenLDAP database admin.

  • Mandatory if you want to set up OpenLDAP authentication on your cluter.

  • Must not contain semicolons (;), square brackets ([]), or backticks (`).

OpenLDAP database password

Optional

openldap_db_password

  • Password for OpenLDAP database admin.

  • Mandatory if you want to set up OpenLDAP authentication on your cluter.

  • Must not contain hyphens (-), single quotes ('), double quotes ("), at symbols (@), or backslashes (\\).

Minio S3 bucket user name

Mandatory

minio_s3_username

  • Username for Minio S3 bucket.

  • Must not contain backslashes (\), hyphens (-), single quotes (‘), or double quotes (\"). Length must be between 5 and 32 characters.”

Minio S3 bucket password

Mandatory

minio_s3_password

  • Password for Minio S3 bucket.

  • Should not be kept ‘admin. Length must be between 5 and 128 characters and must not contain backslashes (\), hyphens (-), single quotes (‘), or double quotes (\").”

Caution

Once the cluster is up and running, you may only modify the bmc_username and bmc_password fields in the omnia_config_credentials.yml input file. To make these changes, use the command provided below. Do not alter any other fields in the file, as this may lead to unexpected failures.

ansible-vault edit omnia_config_credentials.yml --vault-password-file .omnia_config_credentials_key

If you have any feedback about Omnia documentation, please reach out at omnia.readme@dell.com.