Merge pull request #72 from sap-linuxlab/dev

release: v1.1.0

CHANGELOG.rst

@@ -4,6 +4,43 @@ community.sap_infrastructure Release Notes
 
 .. contents:: Topics
 
+v1.1.0
+======
+
+Release Summary
+---------------
+
+| Release Date: 2024-12-01
+| sap_hypervisor_node_preconfigure: OCPv improve auth and add namespace targets
+| sap_hypervisor_node_preconfigure: OCPv update default vars and var prefixes
+| sap_hypervisor_node_preconfigure: OCPv add waits for resource readiness
+| sap_hypervisor_node_preconfigure: OCPv improve SR-IOV handling
+| sap_vm_provision: update platform guidance document
+| sap_vm_provision: remove AWS CLI and GCloud CLI dependency
+| sap_vm_provision: add spread placement strategy for AWS, GCP, IBM Cloud, MS Azure, IBM PowerVM
+| sap_vm_provision: add AWS Route53 record overwrite
+| sap_vm_provision: add IBM Cloud Private DNS Custom Resolver for IBM Power VS
+| sap_vm_provision: add var for Virtual IP handling across multiple roles
+| sap_vm_provision: fix /etc/hosts for Virtual IPs
+| sap_vm_provision: add var for Load Balancer naming on GCP, IBM Cloud, MS Azure
+| sap_vm_provision: update OS Images for AWS, GCP, IBM Cloud, MS Azure
+| sap_vm_provision: add vars for Kubevirt VM
+| sap_vm_provision: fix OS Subscription registration logic and BYOL/BYOS
+| sap_vm_provision: improve Web Proxy logic
+| sap_vm_provision: fix handling of nested variables within host_specifications_dictionary
+| sap_vm_provision: fix handling of custom IOPS on AWS, GCP, IBM Cloud
+| sap_vm_provision: fix handling of AWS IAM Policy for HA
+| sap_vm_provision: fix handling of MS Azure IAM Role for HA
+| sap_vm_provision: add google-guest-agent service for load balancer config
+| sap_vm_provision: add readiness for AnyDB HA (e.g. IBM Db2 HADR)
+| sap_vm_provision: update IBM Power VS locations lookup list
+| sap_vm_provision: update logic for IBM Power VS Workspace with latest backend routing (PER)
+| sap_vm_provision: update logic for IBM Cloud Virtual Network Interfaces (VNI)
+| sap_vm_provision: fix Ansible to Terraform copy to working directory logic and note
+| sap_vm_provision: update embedded Terraform Template with updated var names for imported Terraform Modules
+| sap_vm_temp_vip: overhaul replace all shell logic with Ansible Modules and use special vars to determine OS network devices reliably
+| sap_vm_temp_vip: overhaul documentation
+
 v1.0.1
 ======
 

galaxy.yml

@@ -10,7 +10,7 @@ namespace: community
 name: sap_infrastructure
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.0.1
+version: 1.1.0
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
@@ -20,6 +20,7 @@ authors:
   - Sean Freeman <sean.freeman(at)uk.ibm.com>
   - Janine Fuchs <jfuchs(at)redhat.com>
   - Nils Koenig <nkoenig(at)redhat.com>
+  - Marcel Mamula <marcel.mamula(at)suse.com>
 
 ### OPTIONAL but strongly recommended
 # A short summary description of the collection
@@ -40,6 +41,10 @@ tags:
   - database
   - application
   - sap
+  - infrastructure
+  - provision
+  - cloud
+  - hypervisor
 
 # Collections that this collection requires to be installed for it to be usable. The key of the dict is the
 # collection label 'namespace.name'. The value is a version range

playbooks/sample-sap-hypervisor-redhat-ocp-virt-preconfigure.yml

@@ -1,19 +1,105 @@
 ---
-
-- name: Ansible Play to run sap_hypervisor_node_preconfigure Ansible Role
+- name: Ansible Play to run sap_hypervisor_node_preconfigure Ansible Role for Red Hat OpenShift
   hosts: all
-  gather_facts: true
-  serial: 1
-
+  gather_facts: false
   vars:
-    sap_hypervisor_node_platform: redhat_ocp_virt
-    sap_hypervisor_node_kubeconfig: "{{ lookup( 'ansible.builtin.env', 'KUBECONFIG') }}"
+    sap_hypervisor_node_preconfigure_platform: redhat_ocp_virt
+  tasks:
 
-  environment:
-    KUBECONFIG: "{{ sap_hypervisor_node_kubeconfig }}"
-    K8S_AUTH_KUBECONFIG: "{{ sap_hypervisor_node_kubeconfig }}"
+    - name: Use kubeconfig file specified in environment variable K8S_AUTH_KUBECONFIG if sap_hypervisor_node_preconfigure_ocp_kubeconfig_path is not defined
+      when: >
+        sap_hypervisor_node_preconfigure_ocp_kubeconfig_path is not defined or
+        sap_hypervisor_node_preconfigure_ocp_kubeconfig_path == None or
+        sap_hypervisor_node_preconfigure_ocp_kubeconfig_path == ''
+      ansible.builtin.set_fact:
+        sap_hypervisor_node_preconfigure_ocp_kubeconfig_path: "{{ lookup('env', 'K8S_AUTH_KUBECONFIG') | default(None) }}"
 
-  tasks:
-    - name: Include sap_hypervisor_node_preconfigure Ansible Role
-      ansible.builtin.include_role:
-        name: sap_hypervisor_node_preconfigure
+    - name: Create Tempdir on jumphost
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: "_sap_hypervisor_node_preconfigure"
+      register: __sap_hypervisor_node_preconfigure_register_tmpdir_jumphost
+
+    - name: Set kubeconfig file variable
+      ansible.builtin.set_fact:
+        __sap_hypervisor_node_preconfigure_register_kubeconfig: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir_jumphost.path }}/kubeconfig"
+
+    - name: Read content of kubeconfig file
+      ansible.builtin.set_fact:
+        sap_hypervisor_node_preconfigure_ocp_kubeconfig_data:
+          "{{ lookup('file', sap_hypervisor_node_preconfigure_ocp_kubeconfig_path) | from_yaml }}"
+
+    - name: Read cluster endpoint and CA certificate from kubeconfig if either is not defined
+      when: sap_hypervisor_node_preconfigure_ocp_extract_kubeconfig
+      block:
+
+        - name: Set sap_hypervisor_node_preconfigure_ocp_endpoint from kubeconfig
+          ansible.builtin.set_fact:
+            __sap_hypervisor_node_preconfigure_register_ocp_endpoint:
+              "{{ sap_hypervisor_node_preconfigure_ocp_kubeconfig_data['clusters'][0]['cluster']['server'] }}"
+
+        - name: Write the certificate-authority-data to temp dir on jumphost
+          ansible.builtin.copy:
+            content: "{{ sap_hypervisor_node_preconfigure_ocp_kubeconfig_data['clusters'][0]['cluster']['certificate-authority-data'] | b64decode }}"
+            dest: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir_jumphost.path }}/cluster-ca-cert.pem"
+            mode: "0666"
+
+        - name: Set CA file variable
+          ansible.builtin.set_fact:
+            __sap_hypervisor_node_preconfigure_register_ca_cert: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir_jumphost.path }}/cluster-ca-cert.pem"
+
+
+    - name: Use predefined CA cert and API endpoint
+      when: not sap_hypervisor_node_preconfigure_ocp_extract_kubeconfig
+
+      block:
+        - name: Set predefined OCP API Endpoint
+          ansible.builtin.set_fact:
+            __sap_hypervisor_node_preconfigure_register_ocp_endpoint: "{{ sap_hypervisor_node_preconfigure_ocp_endpoint }}"
+
+        - name: Set predefined CA file
+          ansible.builtin.set_fact:
+            __sap_hypervisor_node_preconfigure_register_ca_cert: "{{ sap_hypervisor_node_preconfigure_ocp_ca_cert }}"
+
+
+    - name: Log into Red Hat OpenShift cluster (obtain access token)
+      community.okd.openshift_auth:
+        host: "{{ __sap_hypervisor_node_preconfigure_register_ocp_endpoint }}"
+        username: "{{ sap_hypervisor_node_preconfigure_ocp_admin_username }}"
+        password: "{{ sap_hypervisor_node_preconfigure_ocp_admin_password }}"
+        ca_cert: "{{ __sap_hypervisor_node_preconfigure_register_ca_cert }}"
+      register: __sap_vm_provision_register_ocp_auth_results
+
+    - name: Set token in kubeconfig
+      ansible.builtin.set_fact:
+        sap_hypervisor_node_preconfigure_ocp_kubeconfig_data: >-
+          {{
+            sap_hypervisor_node_preconfigure_ocp_kubeconfig_data | combine({
+              'users':  sap_hypervisor_node_preconfigure_ocp_kubeconfig_data.users | map('combine', [{'user': {'token': __sap_vm_provision_register_ocp_auth_results.openshift_auth.api_key }}] )
+            }, recursive=True)
+          }}
+
+    - name: Write the updated kubeconfig
+      ansible.builtin.copy:
+        content: "{{ sap_hypervisor_node_preconfigure_ocp_kubeconfig_data | to_nice_yaml }}"
+        dest: "{{ __sap_hypervisor_node_preconfigure_register_kubeconfig }}"
+        mode: "0600"
+
+    - name: Invoke role with credentials set as environment variables
+      delegate_to: "{{ inventory_hostname }}"
+      delegate_facts: true
+      environment:
+        KUBECONFIG: "{{ __sap_hypervisor_node_preconfigure_register_kubeconfig }}"
+        K8S_AUTH_KUBECONFIG: "{{ __sap_hypervisor_node_preconfigure_register_kubeconfig }}"
+      block:
+
+        - name: Include sap_hypervisor_node_preconfigure Ansible Role
+          ansible.builtin.include_role:
+            name: community.sap_infrastructure.sap_hypervisor_node_preconfigure
+
+      always:
+
+        - name: Remove temporary directory
+          ansible.builtin.file:
+            state: absent
+            path: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir_jumphost.path }}"

playbooks/sample-sap-vm-provision-redhat-ocpv.yml

@@ -0,0 +1,128 @@
+---
+- name: Preparation Ansible Play for SAP VM provisioning on Red Hat OpenShift Virtualization
+  hosts: all
+  gather_facts: false
+  serial: 1
+  vars:
+    sap_vm_provision_iac_type: ansible
+    sap_vm_provision_iac_platform: kubevirt_vm
+  pre_tasks:
+    # Alternative to executing ansible-playbook with -e for Ansible Extravars file
+#    - name: Include sample variables for Red Hat Openshift Virtualization
+#      ansible.builtin.include_vars: ./vars/sample-variables-sap-vm-provision-redhat-ocpv.yml
+  tasks:
+
+    - name: Save inventory_host as execution_host
+      ansible.builtin.set_fact:
+        sap_vm_provision_execution_host: "{{ inventory_hostname }}"
+
+    - name: Save ansible_user as execution_host user
+      ansible.builtin.set_fact:
+        __sap_vm_provision_kubevirt_vm_register_execution_host_user: "{{ ansible_user }}"
+
+    - name: Use kubeconfig file specified in environment variable K8S_AUTH_KUBECONFIG if sap_vm_provision_kubevirt_vm_kubeconfig_path is not defined
+      when: >
+        sap_vm_provision_kubevirt_vm_kubeconfig_path is not defined or
+        sap_vm_provision_kubevirt_vm_kubeconfig_path == None or
+        sap_vm_provision_kubevirt_vm_kubeconfig_path == ''
+      ansible.builtin.set_fact:
+        sap_vm_provision_kubevirt_vm_kubeconfig_path: "{{ lookup('env', 'K8S_AUTH_KUBECONFIG') | default(None) }}"
+
+    - name: Create Tempdir
+      ansible.builtin.tempfile:
+        state: directory
+        suffix: "_sap_vm_provision_kubevirt_vm"
+      register: __sap_vm_provision_kubevirt_vm_register_tmpdir
+
+    - name: Set kubeconfig file variable
+      ansible.builtin.set_fact:
+        __sap_vm_provision_kubevirt_vm_register_kubeconfig: "{{ __sap_vm_provision_kubevirt_vm_register_tmpdir.path }}/kubeconfig"
+
+    - name: Read content of kubeconfig file
+      ansible.builtin.set_fact:
+        __sap_vm_provision_kubevirt_vm_register_kubeconfig_data:
+          "{{ lookup('file', sap_vm_provision_kubevirt_vm_kubeconfig_path) | from_yaml }}"
+
+    - name: Read cluster endpoint and CA certificate from kubeconfig if either is not defined
+      when: sap_vm_provision_kubevirt_vm_extract_kubeconfig
+      block:
+
+        - name: Set sap_vm_provision_kubevirt_vm_api_endpoint from kubeconfig
+          ansible.builtin.set_fact:
+            __sap_vm_provision_kubevirt_vm_register_api_endpoint:
+              "{{ __sap_vm_provision_kubevirt_vm_register_kubeconfig_data['clusters'][0]['cluster']['server'] }}"
+
+        - name: Write the certificate-authority-data to temp dir
+          ansible.builtin.copy:
+            content: "{{ __sap_vm_provision_kubevirt_vm_register_kubeconfig_data['clusters'][0]['cluster']['certificate-authority-data'] | b64decode }}"
+            dest: "{{ __sap_vm_provision_kubevirt_vm_register_tmpdir.path }}/cluster-ca-cert.pem"
+            mode: "0600"
+
+        - name: Set CA file variable
+          ansible.builtin.set_fact:
+            __sap_vm_provision_kubevirt_vm_register_ca_cert: "{{ __sap_vm_provision_kubevirt_vm_register_tmpdir.path }}/cluster-ca-cert.pem"
+
+    - name: Use predefined CA cert and API endpoint
+      when: not sap_vm_provision_kubevirt_vm_extract_kubeconfig
+      block:
+        - name: Set predefined OCP API Endpoint
+          ansible.builtin.set_fact:
+            __sap_vm_provision_kubevirt_vm_register_api_endpoint: "{{ sap_vm_provision_kubevirt_vm_api_endpoint }}"
+
+        - name: Set predefined CA file
+          ansible.builtin.set_fact:
+            __sap_vm_provision_kubevirt_vm_register_ca_cert: "{{ sap_vm_provision_kubevirt_vm_ca_cert }}"
+
+    - name: Log into Red Hat OpenShift cluster (obtain access token)
+      community.okd.openshift_auth:
+        host: "{{ __sap_vm_provision_kubevirt_vm_register_api_endpoint }}"
+        username: "{{ sap_vm_provision_kubevirt_vm_admin_username }}"
+        password: "{{ sap_vm_provision_kubevirt_vm_admin_password }}"
+        ca_cert: "{{ __sap_vm_provision_kubevirt_vm_register_ca_cert }}"
+      register: __sap_vm_provision_kubevirt_vm_register_kubevirt_vm_auth_results
+
+    - name: Set token in kubeconfig
+      ansible.builtin.set_fact:
+        __sap_vm_provision_kubevirt_vm_register_kubeconfig_data: >-
+          {{
+            __sap_vm_provision_kubevirt_vm_register_kubeconfig_data | combine({
+              'users':  __sap_vm_provision_kubevirt_vm_register_kubeconfig_data.users | map('combine', [{'user': {'token': __sap_vm_provision_kubevirt_vm_register_kubevirt_vm_auth_results.openshift_auth.api_key }}] )
+            }, recursive=True)
+          }}
+
+    - name: Write the updated kubeconfig
+      ansible.builtin.copy:
+        content: "{{ __sap_vm_provision_kubevirt_vm_register_kubeconfig_data | to_nice_yaml }}"
+        dest: "{{ __sap_vm_provision_kubevirt_vm_register_kubeconfig }}"
+        mode: "0600"
+
+    - name: Create dynamic inventory group for Ansible Role sap_vm_provision and provide execution_host and api token
+      ansible.builtin.add_host:
+        name: "{{ item }}"
+        group: sap_vm_provision_target_inventory_group
+        sap_vm_provision_execution_host: "{{ sap_vm_provision_execution_host }}"
+        __sap_vm_provision_kubevirt_vm_register_execution_host_user: "{{ __sap_vm_provision_kubevirt_vm_register_execution_host_user }}"
+        __sap_vm_provision_kubevirt_vm_register_tmpdir: "{{ __sap_vm_provision_kubevirt_vm_register_tmpdir }}"
+        __sap_vm_provision_kubevirt_vm_register_kubeconfig: "{{ __sap_vm_provision_kubevirt_vm_register_kubeconfig }}"
+      loop: "{{ sap_vm_provision_kubevirt_vm_host_specifications_dictionary[sap_vm_provision_host_specification_plan].keys() }}"
+
+- name: Ansible Play to provision VMs for SAP
+  hosts: sap_vm_provision_target_inventory_group # Ansible Play target hosts pattern, use Inventory Group created by previous Ansible Task (add_host)
+  gather_facts: false
+  environment:
+    K8S_AUTH_KUBECONFIG: "{{ __sap_vm_provision_kubevirt_vm_register_kubeconfig }}"
+  tasks:
+
+    - name: Execute Ansible Role sap_vm_provision
+      when: sap_vm_provision_iac_type == "ansible" or sap_vm_provision_iac_type == "ansible_to_terraform"
+      block:
+        - name: Include sap_vm_provision Ansible Role
+          ansible.builtin.include_role:
+            name: community.sap_infrastructure.sap_vm_provision
+
+      always:
+        - name: Remove temporary directory on execution_host
+          delegate_to: "{{ sap_vm_provision_execution_host }}"
+          ansible.builtin.file:
+            state: absent
+            path: "{{ __sap_vm_provision_kubevirt_vm_register_tmpdir.path }}"