feat: fill bmc_fw_update role

Signed-off-by: Boris Glimcher <[email protected]>

Dockerfile

@@ -1,2 +1,2 @@
 FROM python:3.11
-RUN pip install --no-cache-dir ansible
+RUN pip install --no-cache-dir ansible==9.2

galaxy.yml

@@ -35,7 +35,7 @@ license_file: ''
 
 # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
 # requirements as 'namespace' and 'name'
-tags: [opi, dpu, redfish, automation, devops]
+tags: [opi, dpu, redfish, automation, devops, infrastructure]
 
 # Collections that this collection requires to be installed for it to be usable. The key of the dict is the
 # collection label 'namespace.name'. The value is a version range
@@ -70,4 +70,3 @@ build_ignore:
 # 'omit_default_directives' is a boolean that controls whether the default directives are used. Mutually exclusive
 # with 'build_ignore'
 # manifest: null
-

playbooks/firmware.yml

@@ -0,0 +1,5 @@
+- name: Update DPU Firmware
+  hosts: all
+  gather_facts: false
+  roles:
+    - bmc_fw_update

roles/bmc_factory_reset/meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
-  author: your name
-  description: your role description
-  company: your company (optional)
+  author: OPI Memebers <[email protected]>
+  description: Factory reset BMC
+  company: https://opiproject.org/
 
   # If the issue tracker for your role is not on github, uncomment the
   # next line and provide a value
@@ -14,9 +14,9 @@ galaxy_info:
   # - GPL-3.0-only
   # - Apache-2.0
   # - CC-BY-4.0
-  license: license (GPL-2.0-or-later, MIT, etc)
+  license: Apache-2.0
 
-  min_ansible_version: 2.1
+  min_ansible_version: "2.1"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:

roles/bmc_fw_update/meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
-  author: your name
-  description: your role description
-  company: your company (optional)
+  author: OPI Memebers <[email protected]>
+  description: Update BMC firmware
+  company: https://opiproject.org/
 
   # If the issue tracker for your role is not on github, uncomment the
   # next line and provide a value
@@ -14,9 +14,9 @@ galaxy_info:
   # - GPL-3.0-only
   # - Apache-2.0
   # - CC-BY-4.0
-  license: license (GPL-2.0-or-later, MIT, etc)
+  license: Apache-2.0
 
-  min_ansible_version: 2.1
+  min_ansible_version: "2.1"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:
@@ -47,6 +47,7 @@ galaxy_info:
     # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
     #       Maximum 20 tags per role.
 
-dependencies: []
+dependencies:
+  - role: bmc_reboot
   # List your role dependencies here, one per line. Be sure to remove the '[]' above,
   # if you add dependencies to this list.

roles/bmc_fw_update/tasks/main.yml

@@ -1,2 +1,82 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2022-2024 Dell Inc, or its subsidiaries.
+
 ---
 # tasks file for bmc_fw_update
+
+- name: Get Firmware Inventory
+  ansible.builtin.include_role:
+    name: get_bmc_facts
+  register: fw_inventory_before
+
+- name: Print BMC Version
+  ansible.builtin.debug:
+    msg: "{{ fw_inventory_before.redfish_facts.firmware.entries[0].Version }}"
+
+- name: Download firmware image {{ firmware.bmc }}
+  ansible.builtin.get_url:
+    url: "{{ firmware.url }}/{{ firmware.bmc }}"
+    dest: /tmp/{{ firmware.bmc }}
+    mode: '0440'
+  delegate_to: localhost
+
+- name: Update BMC firmware of DPU
+  community.general.redfish_command:
+    category: Update
+    command: MultipartHTTPPushUpdate
+    baseuri: "{{ inventory_hostname }}"
+    username: "{{ dpu_bmc_username }}"
+    password: "{{ dpu_bmc_password }}"
+    timeout: 600
+    update_image_file: "/tmp/{{ firmware.bmc }}"
+  register: result_update_task
+  delegate_to: localhost
+
+- name: Extract task id from update task
+  ansible.builtin.set_fact:
+    bmc_firmware_update_taskid: "{{ result_update_task.return_values.update_status.handle }}"
+
+- name: Print TASK id for tracking
+  ansible.builtin.debug:
+    msg: "{{ result_update_task.return_values.update_status.handle }}"
+
+- name: Pause for 10 seconds for BMC to start task
+  ansible.builtin.pause:
+    seconds: 10
+
+- name: Get the status of an update operation in a loop
+  community.general.redfish_info:
+    category: Update
+    command: GetUpdateStatus
+    baseuri: "{{ inventory_hostname }}"
+    username: "{{ dpu_bmc_username }}"
+    password: "{{ dpu_bmc_password }}"
+    update_handle: "{{ result_update_task.return_values.update_status.handle }}"
+  register: update_progress
+  until: update_progress.redfish_facts.update_status.status != 'Running'
+  retries: 60
+  delay: 30
+  delegate_to: localhost
+
+- name: Validate task was completed
+  ansible.builtin.assert: { that: "update_progress.redfish_facts.update_status.status == 'Completed'" }
+
+- name: Reboot BMC to apply new firmware of DPU
+  ansible.builtin.include_role:
+    name: bmc_reboot
+
+- name: Pause for 60 seconds for BMC to Reboot
+  ansible.builtin.pause:
+    seconds: 60
+
+- name: Get Firmware Inventory
+  ansible.builtin.include_role:
+    name: get_bmc_facts
+  register: fw_inventory_after
+
+- name: Print BMC Version
+  ansible.builtin.debug:
+    msg: "{{ fw_inventory_after.redfish_facts.firmware.entries[0].Version }}"
+
+- name: Validate fw image changed from before
+  ansible.builtin.assert: { that: "fw_inventory_before.redfish_facts.firmware.entries[0].Version != fw_inventory_after.redfish_facts.firmware.entries[0].Version" }

roles/bmc_fw_update/vars/main.yml

@@ -1,2 +1,7 @@
 ---
 # vars file for bmc_fw_update
+
+firmware:
+  url: https://content.mellanox.com/BlueField/BMC/23.10-1-oct-2023
+  bmc: bf3-bmc-23.10-5_opn.fwpkg
+  cec: cec1736-ecfw-00.02.0152.0000-n02-rel-prod.fwpkg

roles/bmc_reboot/meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
-  author: your name
-  description: your role description
-  company: your company (optional)
+  author: OPI Memebers <[email protected]>
+  description: Reboot BMC
+  company: https://opiproject.org/
 
   # If the issue tracker for your role is not on github, uncomment the
   # next line and provide a value
@@ -14,9 +14,9 @@ galaxy_info:
   # - GPL-3.0-only
   # - Apache-2.0
   # - CC-BY-4.0
-  license: license (GPL-2.0-or-later, MIT, etc)
+  license: Apache-2.0
 
-  min_ansible_version: 2.1
+  min_ansible_version: "2.1"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:

roles/bmc_reboot/tasks/main.yml

@@ -1,2 +1,14 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2022-2024 Dell Inc, or its subsidiaries.
+
 ---
 # tasks file for bmc_reboot
+
+- name: Reboot BMC to apply new firmware of DPU
+  community.general.redfish_command:
+    category: Manager
+    command: GracefulRestart
+    baseuri: "{{ inventory_hostname }}"
+    username: "{{ dpu_bmc_username }}"
+    password: "{{ dpu_bmc_password }}"
+  delegate_to: localhost

roles/enable_secure_boot/meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
-  author: your name
-  description: your role description
-  company: your company (optional)
+  author: OPI Memebers <[email protected]>
+  description: Enable DPU secure boot
+  company: https://opiproject.org/
 
   # If the issue tracker for your role is not on github, uncomment the
   # next line and provide a value
@@ -14,9 +14,9 @@ galaxy_info:
   # - GPL-3.0-only
   # - Apache-2.0
   # - CC-BY-4.0
-  license: license (GPL-2.0-or-later, MIT, etc)
+  license: Apache-2.0
 
-  min_ansible_version: 2.1
+  min_ansible_version: "2.1"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:

roles/get_bmc_facts/meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
-  author: your name
-  description: your role description
-  company: your company (optional)
+  author: OPI Memebers <[email protected]>
+  description: Gather facts about BMC
+  company: https://opiproject.org/
 
   # If the issue tracker for your role is not on github, uncomment the
   # next line and provide a value
@@ -14,9 +14,9 @@ galaxy_info:
   # - GPL-3.0-only
   # - Apache-2.0
   # - CC-BY-4.0
-  license: license (GPL-2.0-or-later, MIT, etc)
+  license: Apache-2.0
 
-  min_ansible_version: 2.1
+  min_ansible_version: "2.1"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:

roles/get_bmc_facts/tasks/main.yml

@@ -1,2 +1,19 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2022-2024 Dell Inc, or its subsidiaries.
+
 ---
 # tasks file for get_bmc_facts
+
+- name: Get Firmware Inventory
+  community.general.redfish_info:
+    category: Update
+    command: GetFirmwareInventory
+    baseuri: "{{ inventory_hostname }}"
+    username: "{{ dpu_bmc_username }}"
+    password: "{{ dpu_bmc_password }}"
+  register: result
+  delegate_to: localhost
+
+- name: Extract BMC firmware version from inventory
+  ansible.builtin.set_fact:
+    bmc_firmware_version: "{{ result.redfish_facts.firmware.entries[0].Version }}"

roles/update_bmc_password/meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
-  author: your name
-  description: your role description
-  company: your company (optional)
+  author: OPI Memebers <[email protected]>
+  description: Update BMC password
+  company: https://opiproject.org/
 
   # If the issue tracker for your role is not on github, uncomment the
   # next line and provide a value
@@ -14,9 +14,9 @@ galaxy_info:
   # - GPL-3.0-only
   # - Apache-2.0
   # - CC-BY-4.0
-  license: license (GPL-2.0-or-later, MIT, etc)
+  license: Apache-2.0
 
-  min_ansible_version: 2.1
+  min_ansible_version: "2.1"
 
   # If this a Container Enabled role, provide the minimum Ansible Container version.
   # min_ansible_container_version:

roles/update_bmc_password/tasks/main.yml

@@ -1,2 +1,16 @@
+# SPDX-License-Identifier: Apache-2.0
+# Copyright (c) 2022-2024 Dell Inc, or its subsidiaries.
+
 ---
 # tasks file for update_bmc_password
+
+- name: Update user password
+  community.general.redfish_command:
+    category: Accounts
+    command: UpdateUserPassword
+    baseuri: "{{ inventory_hostname }}"
+    username: "{{ dpu_bmc_username }}"
+    password: "{{ dpu_bmc_password }}"
+    account_username: "{{ loginname }}"
+    account_password: "{{ new_pass }}"
+  delegate_to: localhost