Merge pull request #10 from shahaan/mcc-nectar-karaage

Mcc nectar karaage

buildKaraage3.x.yml

+---
+- 
+  hosts: karaage-server
+  remote_user: ec2-user
+  roles:
+    - karaage3.1.17
+  sudo: true

headNode.yaml

+--- 
+description: " A simple template to boot a 3 node cluster"
+heat_template_version: 2013-05-23
+parameters:
+ image_id:
+  type: string
+  label: Image ID
+  description: Image to be used for compute instance
+  default: a5e74703-f343-415a-aa23-bd0f0aacfc9e
+ key_name:
+  type: string
+  label: Key Name
+  description: Name of key-pair to be used for compute instance
+  default: shahaan
+ availability_z:
+  type: string
+  label: Availability Zone
+  description: Availability Zone to be used for launching compute instance
+  default: monash-01
+resources:
+  headNode:
+   type: "OS::Nova::Server"
+   properties:
+    availability_zone: { get_param: availability_z }
+    flavor: m1.small
+    image: { get_param: image_id }
+    key_name: { get_param: key_name }
+    security_groups: [OpenVPN, NSF, default]
+    metadata:
+     ansible_host_group: headNode
+     ansible_ssh_user: ec2-user
+     ansible_ssh_private_key_file: /home/sgeadmin/.ssh/shahaan.pem
+  headVolume:
+   type: OS::Cinder::Volume
+   properties:
+    availability_zone: { get_param: availability_z }
+    description: Volume that will attach the headNode
+    name: headNodeVolume
+    size: 50
+  volumeAttachment:
+   type: OS::Cinder::VolumeAttachment
+   properties:
+    instance_uuid: { get_resource: headNode }
+    volume_id: { get_resource: headVolume }

installNFS.yml

@@ -3,10 +3,7 @@
   hosts: openvpn-servers
   remote_user: ec2-user
   roles:
-    - easy-rsa-common
-    - easy-rsa-CA
-    - easy-rsa-certificate
-    - OpenVPN-Server 
+    #- OpenVPN-Server 
     - nfs-server
   sudo: true
   vars: 
@@ -15,9 +12,9 @@
   hosts: openvpn-clients
   remote_user: ec2-user
   roles:
-    - easy-rsa-common
-    - easy-rsa-certificate 
-    - OpenVPN-Client
+    #- easy-rsa-common
+    #- easy-rsa-certificate 
+    #- OpenVPN-Client
     - syncExports
     - nfs-client
   sudo: true

playbook/cvl2.yml

+---
+- hosts: all 
+  vars_files:
+    - massive_var/main.yml
+  vars:
+    x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+    openvpn_servers: "{{ groups['ManagementNodes'] }}"
+    slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+    slurmqueues:
+      - {name: batch, group: ComputeNodes, default: true}
+  roles:
+    - { role: etcHosts,  domain: "{{ ldapDomain }}" }
+
+- hosts: 'ManagementNodes'
+  vars_files:
+    - massive_var/main.yml
+    - massive_var/package.yml
+    - massive_var/passwords.yml
+  vars:
+    x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+    openvpn_servers: "{{ groups['ManagementNodes'] }}"
+    slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+    slurmqueues:
+      - {name: batch, group: ComputeNodes, default: true}
+  roles:
+    - { role: easy-rsa-CA }
+    - { role: OpenVPN-Server, configDiskDevice: true, mkFileSystems: {fstype : 'ext4', dev: '/dev/vdc', opts: 'defaults,nofail'} }
+    - { role: ntp }
+    - { role: openLdapClient }
+    - { role: slurm-build }
+    - { role: nfs-server, configDiskDevice: false }
+    - { role: slurm, slurm_use_vpn: true}
+    - { role: installPackage, yumGroupPackageList: ['CVL Pre-installation', 'CVL Base Packages'], cliCopy: {'run': 'cp -r /usr/local/Modules/modulefiles/cvl /usr/local/Modules/modulefiles/massive', 'check': '/usr/local/Modules/modulefiles/massive'} }
+  tasks:
+    setup:
+
+- hosts: all 
+  vars_files:
+    - massive_var/main.yml
+  roles:
+    - { role: etcHosts, domain: "{{ ldapDomain }}" }
+
+- hosts: 'ComputeNodes'
+  vars_files:
+    - massive_var/main.yml
+    - massive_var/passwords.yml
+    - massive_var/package.yml
+  vars:
+    x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+    openvpn_servers: "{{ groups['ManagementNodes'] }}"
+    slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+    slurmqueues:
+      - {name: batch, group: ComputeNodes, default: true}
+    nfs_server: "{{ groups['ManagementNodes'][0] }}"
+    groupList:
+      - { name : 'ComputeNodes', interface : 'tun0' }
+  roles:
+    - { role: OpenVPN-Client, x509_ca_server: "cvlm2management1" }
+    - { role: ntp }
+    - { role: openLdapClient }
+    - { role: syncExports, nfs_server: "cvlm2management1", exportList: [{ name: '/', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', nfsServerIp: "{{ hostvars['cvlm2management1']['ansible_tun0']['ipv4']['address'] }}", srvopts: 'ro,fsid=0,sync' }] }
+    - { role: nfs-client, exportList: "[{ 'name': '/home', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,nofail', 'nfsServerIp': '{{ nfsServerIpAddress }}', 'nfsClientIp': '{{ ansible_tun0.ipv4.address }}', 'srvopts': 'rw,root_squash,fsid=0,sync' }]" }
+    - { role: nfs-client, exportList: "[ { 'name': '/usr/local', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,ro,nofail', 'nfsServerIp': '{{ hostvars[nfs_server]['ansible_tun0']['ipv4']['address'] }}', 'srvopts': 'ro,fsid=0,sync' }]" }
+    - { role: slurm, slurm_use_vpn: true}
+    - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }
+
+- hosts: all 
+  vars_files:
+    - massive_var/main.yml
+  roles:
+    - { role: etcHosts, domain: "{{ ldapDomain }}" }
+
+- hosts: 'ComputeNodesLarge'
+  vars_files:
+    - massive_var/main.yml
+    - massive_var/passwords.yml
+    - massive_var/package.yml
+  vars:
+    x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+    openvpn_servers: "{{ groups['ManagementNodes'] }}"
+    slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+    slurmqueues:
+      - {name: multicore, group: ComputeNodesLarge, default: true}
+    nfs_server: "{{ groups['ManagementNodes'][0] }}"
+    groupList:
+      - { name : 'ComputeNodes', interface : 'tun0' }
+  roles:
+    - { role: OpenVPN-Client, x509_ca_server: "cvlm2management1" }
+    - { role: ntp }
+    - { role: openLdapClient }
+    - { role: syncExports, nfs_server: "cvlm2management1", exportList: [{ name: '/', src: '/usr/local', fstype: 'nfs4', opts: 'defaults,ro,nofail', nfsServerIp: "{{ hostvars['cvlm2management1']['ansible_tun0']['ipv4']['address'] }}", srvopts: 'ro,fsid=0,sync' }] }
+    - { role: nfs-client, exportList: "[{ 'name': '/home', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,nofail', 'nfsServerIp': '{{ nfsServerIpAddress }}', 'nfsClientIp': '{{ ansible_tun0.ipv4.address }}', 'srvopts': 'rw,root_squash,fsid=0,sync' }]" }
+    - { role: nfs-client, exportList: "[ { 'name': '/usr/local', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,ro,nofail', 'nfsServerIp': '{{ hostvars[nfs_server]['ansible_tun0']['ipv4']['address'] }}', 'srvopts': 'ro,fsid=0,sync' }]" }
+    - { role: slurm, slurm_use_vpn: true}
+    - { role: installPackage, preInstallation: "umount /usr/local", postInstallation: "mount /usr/local", yumGroupPackageList: ["CVL Pre-installation", "CVL Base Packages"], cliFileCopy: {'src': '/tmp/gconf_path', 'dest': '/etc/gconf/2/path'} }
+
+- hosts: all 
+  vars_files:
+    - massive_var/main.yml
+  roles:
+    - { role: etcHosts, domain: "{{ ldapDomain }}" }
+
+- hosts: 'LoginNodes'
+  vars_files:
+    - massive_var/main.yml
+    - massive_var/passwords.yml
+  vars:
+    groupList:
+      - { name : 'ComputeNodes', interface : 'tun0' }
+    x509_ca_server: "{{ groups['ManagementNodes'][0] }}"
+    openvpn_servers: "{{ groups['ManagementNodes'] }}"
+    slurmctrl: "{{ groups['ManagementNodes'][0] }}"
+    slurmqueues:
+      - {name: batch, group: ComputeNodes, default: true}
+#      - {name: vis, group: ComputeNodes, default: false}
+  roles:
+    - { role: OpenVPN-Client }
+    - { role: ntp }
+    - { role: openLdapClient }
+    - { role: nfs-client, exportList: "[{ 'name': '/home', 'src': '/', 'fstype': 'nfs4', 'opts': 'defaults,nofail', 'nfsServerIp': '{{ nfsServerIpAddress }}', 'nfsClientIp': '{{ ansible_tun0.ipv4.address }}', 'srvopts': 'rw,root_squash,fsid=0,sync' }]" }
+    - { role: slurm, slurm_use_vpn: true}
+    - { role: installPackage, importRepo: { command: "wget http://cvlrepo.massive.org.au/repo/cvl.repo -O", destination: "/etc/yum.repos.d/cvl.repo" }, yumGroupPackageList: ['CVL Pre-installation', 'CVL Base Packages'], cliCopy: {'run': 'cp -r /usr/local/Modules/modulefiles/cvl /usr/local/Modules/modulefiles/massive', 'check': '/usr/local/Modules/modulefiles/massive'} }
+

playbook/readme.txt

+Files in the playbook directory should be used as examples for the reference only.

provisionCluster.yaml

+--- 
+description: " A simple template to boot a 3 node cluster"
+heat_template_version: 2013-05-23
+parameters:
+ image_id:
+  type: string
+  label: Image ID
+  description: Image to be used for compute instance
+  default: a5e74703-f343-415a-aa23-bd0f0aacfc9e
+ key_name:
+  type: string
+  label: Key Name
+  description: Name of key-pair to be used for compute instance
+  default: shahaan
+ availability_z:
+  type: string
+  label: Availability Zone
+  description: Availability Zone to be used for launching compute instance
+  default: monash-01
+resources:
+  computeNodes:
+   type: "OS::Heat::ResourceGroup"
+   properties:
+    count: 2
+    resource_def:
+     type: "OS::Nova::Server"
+     properties:
+      availability_zone: { get_param: availability_z }
+      flavor: m1.small
+      image: { get_param: image_id }
+      key_name: { get_param: key_name }
+      metadata:
+       ansible_host_group: computeNodes
+       ansible_ssh_user: ec2-user
+       ansible_ssh_private_key_file: /home/sgeadmin/.ssh/shahaan.pem
+  headNodes:
+    type: "OS::Heat::ResourceGroup"
+    properties:
+      count: 1
+      resource_def: 
+       type: headNode.yaml

roles/OpenVPN-Client/vars/main.yml

+readme.txt
\ No newline at end of file

roles/OpenVPN-Server/tasks/installOpenVPN.yml

@@ -4,6 +4,12 @@
   notify: "restart openvpn"
   sudo: true
 
+- name: Create path
+  shell: mkdir -p {{ dhparms_file | dirname }}
+  args:
+    creates: "{{ dhparms_file | dirname }}"
+  sudo: true
+
 - name: "Generate DH parameters"
   shell: openssl dhparam -out {{ dhparms_file }} 512
   args:

roles/OpenVPN-Server/vars/main.yml

+readme.txt
\ No newline at end of file

roles/easy-rsa-certificate/tasks/buildCert.yml

@@ -50,20 +50,21 @@
   when: needcert
   sudo: true
 
-- name: "Copy CSR to ansible host"
-  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr dest=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr fail_on_missing=yes validate_md5=yes flat=yes"
-  sudo: true
-  when: needcert
-
 - name: "Create node tmp directory"
   delegate_to: 127.0.0.1
   shell: "mkdir -p /tmp/{{ inventory_hostname }} ; chmod 755 /tmp/{{ inventory_hostname }}"
+  when: x509_ca_server != inventory_hostname
+
+- name: "Copy CSR to ansible host"
+  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr dest=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr fail_on_missing=yes validate_md5=yes flat=yes"
+  sudo: true
+  when: needcert and x509_ca_server != inventory_hostname
 
 - name: "Copy CSR to CA"
   remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
   delegate_to: "{{ x509_ca_server }}"
   copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr dest=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr force=yes"
-  when: needcert
+  when: needcert and x509_ca_server != inventory_hostname
   sudo: true
 
 - name: "Sign Certificate"
@@ -78,35 +79,35 @@
   delegate_to: "{{ x509_ca_server }}"
   fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.crt dest=/tmp/{{ inventory_hostname }}/{{ x509_common_name }}.crt fail_on_missing=yes validate_md5=yes flat=yes"
   sudo: true
-  when: needcert
+  when: needcert and x509_ca_server != inventory_hostname
 
 - name: "Copy the CA Certificate to the ansible host"
   remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
   delegate_to: "{{ x509_ca_server }}"
   fetch: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/tmp/{{ inventory_hostname }}/ca.crt fail_on_missing=yes validate_md5=yes flat=yes"
   sudo: true
-  when: "ca_cert.stat.exists == false"
+  when: ca_cert.stat.exists == false and x509_ca_server != inventory_hostname
 
 - name: "Make sure the path to the certificate exists"
   shell: "mkdir -p `dirname {{ x509_cert_file }}` ; chmod 755  `dirname {{ x509_cert_file }}`"
-  sudo: true
+  sudo: true 
 
 - name: "Copy the certificate to the node"
   copy: "src=/tmp/{{ inventory_hostname }}/{{ x509_common_name }}.crt dest=/tmp/{{ x509_common_name }}.crt force=yes"
   sudo: true
-  when: needcert
+  when: needcert and x509_ca_server != inventory_hostname
 
 - name: "Copy the certificate to the right location"
   shell: "cp -f /tmp/{{ x509_common_name }}.crt {{ x509_cert_file }}"
   sudo: true
-  when: needcert
+  when: needcert and x509_ca_server != inventory_hostname
 
 - name: "Copy the CA certificate to the node"
   copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest={{ x509_cacert_file }}"
   sudo: true
-  when: "ca_cert.stat.exists == false"
+  when: ca_cert.stat.exists == false and x509_ca_server != inventory_hostname
 
 - name: "Copy the key to the correct location"
   shell: "mkdir -p `dirname {{ x509_key_file }}` ; chmod 700 `dirname {{ x509_key_file }}` ; cp /etc/easy-rsa/2.0/keys/{{ x509_common_name }}.key {{ x509_key_file }}"
   sudo: true
-  when: needcert
+  when: needcert and x509_ca_server != inventory_hostname

roles/easy-rsa-certificate/vars/main.yml

+readme.txt
\ No newline at end of file

roles/easy-rsa-certificate/vars/meta/main.yml

+---
+allow_duplicates: yes
+dependencies:
+  - {role: easy-rsa-common }
+

roles/easy-rsa-certificate/vars/tasks/buildCert.yml

+--- 
+- name: "Check client ca certificate"
+  register: ca_cert
+  stat: "path={{ x509_cacert_file }}"
+
+- name: "Check certificate and key"
+  shell: (openssl x509 -noout -modulus -in {{ x509_cert_file }}  | openssl md5 ; openssl rsa -noout -modulus -in {{ x509_key_file }} | openssl md5) | uniq | wc -l
+  register: certcheck
+  sudo: true
+
+- name: "Check certificate"
+  register: cert
+  stat: "path={{ x509_cert_file }}"
+  sudo: true
+
+- name: "Check key"
+  register: key
+  stat: "path={{ x509_key_file }}"
+  sudo: true
+
+- name: "Default: we don't need a new certificate"
+  set_fact: needcert=False
+
+- name: "Set need cert if key is missing"
+  set_fact: needcert=True
+  when: key.stat.exists == false
+
+- name: "set needcert if cert is missing or of zero size"
+  set_fact: needcert=True
+  when: cert.stat.exists == false or cert.stat.size == 0
+
+- name: "Delete Zero Sized Ceritificates"
+  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
+  delegate_to: "{{ x509_ca_server }}"
+  shell: rm -rf /etc/easy-rsa/2.0/keys/{{ x509_common_name }}.*
+  when: cert is defined and cert.stat.size == 0
+  sudo: true
+
+- name: "set needcert if cert doesn't match key"
+  set_fact: needcert=True
+  when: certcheck.stdout == '2'
+
+
+- name: "Creating Keypair"
+  shell: "echo noop when using easy-rsa"
+  when: needcert
+
+- name: "Creating CSR"
+  shell: " cd /etc/easy-rsa/2.0; . ./vars; export EASY_RSA=\"${EASY_RSA:-.}\"; \"$EASY_RSA\"/pkitool --csr {{ x509_csr_args }} {{ x509_common_name }}"
+  when: needcert
+  sudo: true
+
+- name: "Create node tmp directory"
+  delegate_to: 127.0.0.1
+  shell: "mkdir -p /tmp/{{ inventory_hostname }} ; chmod 755 /tmp/{{ inventory_hostname }}"
+  when: x509_ca_server != inventory_hostname
+
+- name: "Copy CSR to ansible host"
+  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr dest=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr fail_on_missing=yes validate_md5=yes flat=yes"
+  sudo: true
+  when: needcert and x509_ca_server != inventory_hostname
+
+- name: "Copy CSR to CA"
+  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
+  delegate_to: "{{ x509_ca_server }}"
+  copy: "src=/tmp/{{ inventory_hostname }}/{{ inventory_hostname }}.csr dest=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.csr force=yes"
+  when: needcert and x509_ca_server != inventory_hostname
+  sudo: true
+
+- name: "Sign Certificate"
+  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
+  delegate_to: "{{ x509_ca_server }}"
+  shell:    "cd /etc/easy-rsa/2.0; . ./vars; export EASY_RSA=\"${EASY_RSA:-.}\" ;\"$EASY_RSA\"/pkitool --sign {{ x509_sign_args }} {{ x509_common_name }}"
+  when: needcert
+  sudo: true
+
+- name: "Copy the Certificate to ansible host"
+  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
+  delegate_to: "{{ x509_ca_server }}"
+  fetch: "src=/etc/easy-rsa/2.0/keys/{{ x509_common_name }}.crt dest=/tmp/{{ inventory_hostname }}/{{ x509_common_name }}.crt fail_on_missing=yes validate_md5=yes flat=yes"
+  sudo: true
+  when: needcert and x509_ca_server != inventory_hostname
+
+- name: "Copy the CA Certificate to the ansible host"
+  remote_user: "{{ hostvars[x509_ca_server]['ansible_ssh_user'] }}"
+  delegate_to: "{{ x509_ca_server }}"
+  fetch: "src=/etc/easy-rsa/2.0/keys/ca.crt dest=/tmp/{{ inventory_hostname }}/ca.crt fail_on_missing=yes validate_md5=yes flat=yes"
+  sudo: true
+  when: ca_cert.stat.exists == false and x509_ca_server != inventory_hostname
+
+- name: "Make sure the path to the certificate exists"
+  shell: "mkdir -p `dirname {{ x509_cert_file }}` ; chmod 755  `dirname {{ x509_cert_file }}`"
+  sudo: true 
+
+- name: "Copy the certificate to the node"
+  copy: "src=/tmp/{{ inventory_hostname }}/{{ x509_common_name }}.crt dest=/tmp/{{ x509_common_name }}.crt force=yes"
+  sudo: true
+  when: needcert and x509_ca_server != inventory_hostname
+
+- name: "Copy the certificate to the right location"
+  shell: "cp -f /tmp/{{ x509_common_name }}.crt {{ x509_cert_file }}"
+  sudo: true
+  when: needcert and x509_ca_server != inventory_hostname
+
+- name: "Copy the CA certificate to the node"
+  copy: "src=/tmp/{{ inventory_hostname }}/ca.crt dest={{ x509_cacert_file }}"
+  sudo: true
+  when: ca_cert.stat.exists == false and x509_ca_server != inventory_hostname
+
+- name: "Copy the key to the correct location"
+  shell: "mkdir -p `dirname {{ x509_key_file }}` ; chmod 700 `dirname {{ x509_key_file }}` ; cp /etc/easy-rsa/2.0/keys/{{ x509_common_name }}.key {{ x509_key_file }}"
+  sudo: true
+  when: needcert and x509_ca_server != inventory_hostname

roles/easy-rsa-certificate/vars/tasks/main.yml

+--- 
+- 
+  include: buildCert.yml

roles/easy-rsa-certificate/vars/vars/main.yml

+readme.txt
\ No newline at end of file

roles/easy-rsa-certificate/vars/vars/readme.txt

+---
+x509_key_file: "/etc/ssl/private/server.key"
+x509_cert_file: "/etc/ssl/certs/server.crt"
+x509_cacert_file: "/etc/ssl/certs/ca.crt"
+x509_csr_args: ""
+x509_sign_args: "{{ x509_csr_args }}"
+x509_common_name: "{{ ansible_fqdn }}"

roles/easy-rsa-common/defaults/main.yml

+readme.txt
\ No newline at end of file

roles/easy-rsa-common/tasks/main.yml

@@ -3,4 +3,6 @@
   include: installEasyRsa.yml
 -
   include: copyConfigurationFile.yml
+-
+  include: yumList.yml
 

roles/easy-rsa-common/tasks/yumList.yml

+---
+-
+  name: "Install these yum packages"
+  with_items:
+    - gcc
+    - make
+    - tcsh
+    - bind-utils
+  yum: "name={{ item }} state=present"
+-
+  name: "Setting hostname"
+  shell: sysctl kernel.hostname={{ inventory_hostname }} 
+
+-
+  name: "Restarting Network"
+  service: name=network state=restarted

roles/installPackage/tasks/main.yml

+---
+- name: Pre installation
+  shell: "{{ preInstallation }}" 
+  sudo: true
+  when: ansible_distribution == 'CentOS' and preInstallation is defined
+  
+- name: Add new repo file 
+  shell: "{{ importRepo.command }} {{ importRepo.destination }}"
+  sudo: true
+  run_once: true
+  args:
+    creates: "{{ importRepo.destination }}"
+  when: ansible_distribution == 'CentOS' and importRepo is defined
+
+- name: Install yum packages 
+  yum: name={{ item }} state=latest
+  with_items: yumPackageList
+  sudo: true
+  when: ansible_distribution == 'CentOS' and yumPackageList is defined
+
+- name: Install yum group packages 
+  shell: yum --setopt=protected_multilib=false -y groupinstall "{{ item }}"
+  with_items: yumGroupPackageList
+  sudo: true
+  when: ansible_distribution == 'CentOS' and yumGroupPackageList is defined
+
+- name: Post installation
+  shell: "{{ postInstallation }}" 
+  sudo: true
+  when: ansible_distribution == 'CentOS' and postInstallation is defined
+ 
+- name: conditional shell copy command 
+  shell: "{{ cliCopy.run }}"
+  sudo: true
+  run_once: true
+  args:
+    creates: "{{ cliCopy.check }}"
+  when: ansible_distribution == 'CentOS' and cliAction is defined
+
+