Skip to content

Instantly share code, notes, and snippets.

@noslin005

noslin005/ansible_check_system.yml

Created December 23, 2023 03:12
Show Gist options
  • Save noslin005/69cc6c1f1eba2569e59e2be3c02ad2ee to your computer and use it in GitHub Desktop.
Save noslin005/69cc6c1f1eba2569e59e2be3c02ad2ee to your computer and use it in GitHub Desktop.
Download ZIP
Ansible playbook to check system components firmwares
Raw
ansible_check_system.yml
---
- name: System Hardware and Configuration Check
hosts: grml
gather_facts: true # Enable this
vars:
cpu:
model: AMD EPYC 9554 64-Core Processor
threads: 128
memory:
total_mb: 386442
partno: M321R4GA3BB6-CQKET
megaraid:
model: 9560-16i
fw_version: 5.270.02-3937
physical_drives: 26
tasks:
- name: Check BIOS
ansible.builtin.assert:
that:
- ansible_bios_version in '1.6'
fail_msg: Incorrect BIOS version
- name: Check BMC Firmware Version
block:
- name: Get BMC firmware version
ansible.builtin.shell: ipmicfg -ver
register: ipmiver
- name: Assert Correct firmware version
ansible.builtin.assert:
that:
- (ipmiver.stdout | regex_findall("01.01.08") | length ) == 1
fail_msg: Incorrect firmware version
# Check CPU
- name: Check CPU
block:
- name: Verify CPU model
ansible.builtin.assert:
that:
- cpu.model in ansible_processor
fail_msg: 'Incorrect CPU model detected.'
- name: Check CPU cores
ansible.builtin.assert:
that:
- ansible_processor_vcpus | int == cpu.threads
fail_msg: 'Incorrect number of CPU cores detected.'
# Check memory
- name: Check memory
block:
- name: Verify total memory
ansible.builtin.assert:
that:
- ansible_memtotal_mb | int >= memory.total_mb
fail_msg: 'Insufficient memory detected.'
- name: Collect Memory modules
ansible.builtin.shell: dmidecode -t 17 |grep '{{ memory.partno }}' -c
register: memory_info
- name: Check Memory modules
ansible.builtin.assert:
that:
- memory_info.stdout | int == 12
fail_msg: Incorrect memory part number detected
- name: Check NVMe Devices
block:
- name: Collect NVMe Devices information
ansible.builtin.shell: nvme list
register: nvme_list
- name: Asset Correct Model of NVMe devices
ansible.builtin.assert:
that:
- (nvme_list.stdout | regex_findall("Micron_7450_MTFDKCC3T8TFR")| length) == 4
- name: Asset Correct Firmwares for NVMe devices
ansible.builtin.assert:
that:
- (nvme_list.stdout | regex_findall("E2MU200")| length) == 4
- name: Check Intel X710 NICS
block:
- name: Collect NIC devices
ansible.builtin.shell: ethinfo
register: ethinfo
- name: Assert 4x X710 Interfaces detected
ansible.builtin.assert:
that:
- (ethinfo.stdout | regex_findall('X710') | length) == 4
fail_msg: Incorrect number of X710 interfaces detected
- name: Assert X710 Firmwares are 9.30
ansible.builtin.assert:
that:
- (ethinfo.stdout | regex_findall('9.30') | length) == 4
fail_msg: X710 firmware verification failed
- name: Check RAID Controller
block:
- name: Collect RAID Controller Information
ansible.builtin.shell: storcli /c0 show J
register: storcli
- name: Convert storcli Output to JSON
ansible.builtin.set_fact:
storcli_json: '{{ storcli.stdout | from_json }}'
- name: Grabs the Controller information
ansible.builtin.set_fact:
controller: '{{ storcli_json["Controllers"][0]["Response Data"] }}'
- name: Assert Controller Name
ansible.builtin.assert:
that:
- megaraid.model in controller["Product Name"]
fail_msg: Incorrect Controller model
- name: Assert Check Firmware
ansible.builtin.assert:
that:
- megaraid.fw_version in controller["FW Version"]
fail_msg: Incorrect Megaraid Firmware
- name: Assert Physical Drives Count
ansible.builtin.assert:
that:
- controller["Physical Drives"] | int == megaraid.physical_drives
fail_msg: Incorrect number of Physical Drives
- name: Check RAID1
block:
- name: Grab RAID1 Virtual Drive
ansible.builtin.set_fact:
raid_one: '{{ controller["VD LIST"] | selectattr("TYPE", "equalto", "RAID1") | first }}'
- name: Gets the Status of RAID1 Virtual Drive
ansible.builtin.set_fact:
raid_one_state: '{{ raid_one["State"] }}'
raid_one_consist: '{{ raid_one["Consist"] }}'
- name: Check RAID1 State
ansible.builtin.assert:
that:
- raid_one_consist | bool == true
- raid_one_state | string == "Optl"
fail_msg: Raid1 consistency check failed
- name: Check RAID6
block:
- name: Grab RAID6 Virtual Drive
ansible.builtin.set_fact:
raid_six: '{{ controller["VD LIST"] | selectattr("TYPE", "equalto", "RAID6") | first }}'
- name: Gets the Status of RAID6 Virtual Drive
ansible.builtin.set_fact:
raid_six_state: '{{ raid_six["State"] }}'
raid_six_consist: '{{ raid_six["Consist"] | string }}'
- name: Check RAID6 State
ansible.builtin.assert:
that:
- raid_six_consist | string == "Yes"
- raid_six_state | string == "Optl"
fail_msg: Raid6 consistency check failed
- name: Check BMC Status
block:
- name: Gather IPMI ip source
ansible.builtin.shell: ipmitool raw 0x30 0x70 0x0C 0x00
register: ipmitool_lan
- name: Asset Status of LAN settings
ansible.builtin.assert:
that:
- ipmitool_lan.stdout.strip() in "02"
fail_msg: ipmi source not set to static
- name: Check BMC password
block:
- name: Check IPMI Password Set to ADMIN
ansible.builtin.shell: ipmitool user test 2 20 ADMIN
register: ipmi_user
ignore_errors: true
- name: Asset IPMI Password Set to ADMIN
ansible.builtin.assert:
that:
- ipmi_user.stdout in "Success"
fail_msg: BMC password not set to ADMIN
- name: Check DCMS Key
block:
- name: Query product keys
ansible.builtin.shell: sum -c QueryProductKey
register: product_keys
- name: Assert DCMS key is present
ansible.builtin.assert:
that:
- "'SFT-DCMS-SINGLE' in product_keys.stdout"
fail_msg: 'DCMS key is not present in the installed keys.'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment