diff --git a/.yamllint.yml b/.yamllint.yml index 6d1476a8b..ee4457cfd 100644 --- a/.yamllint.yml +++ b/.yamllint.yml @@ -1,3 +1,4 @@ +# SPDX-License-Identifier: Apache-2.0 --- # Based on ansible-lint config extends: default diff --git a/docs/README.md b/docs/README.md index 040360fcd..b71bedb27 100644 --- a/docs/README.md +++ b/docs/README.md @@ -90,13 +90,13 @@ N.B. The Ansible Collection works with SLES from version 15 SP3 and upwards, for ### Execution/Controller host - Operating System requirements Execution of Ansible Playbooks using this Ansible Collection have been tested with: -- Python 3.9.7 and above (i.e. CPython distribution) -- Ansible Core 2.12.0 and above _(included with optional installation of Ansible Community Edition 5.0 and above)_ +- Python 3.10.14 and above (i.e. CPython distribution) +- Ansible Core 2.16.9 and above _(included with optional installation of Ansible Community Edition 5.0 and above)_ - OS: macOS with Homebrew, RHEL, SLES, and containers in Task Runners (e.g. Azure DevOps) #### Ansible Core version -This Ansible Collection was designed for maximum backwards compatibility, with full compatibility starting from Ansible Core 2.12.0 and above. +This Ansible Collection was designed for maximum backwards compatibility, with full compatibility starting from Ansible Core 2.16.9 and above. **Note 1:** Ansible 2.9 was the last release before the Ansible project was split into Ansible Core and Ansible Community Edition, and was before Ansible Collections functionality was introduced. This Ansible Collection should execute when Ansible 2.9 is used, but it is not recommended and errors should be expected (and will not be resolved). diff --git a/playbooks/sample-sap-storage-prep.yml b/playbooks/sample-sap-storage-prep.yml deleted file mode 100644 index 6a8cac0a6..000000000 --- a/playbooks/sample-sap-storage-prep.yml +++ /dev/null @@ -1,20 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -# Experimental Ansible Role, do not suggest using this - -- hosts: all - become: true - pre_tasks: -# - include_vars: ./vars/sample-variables-sap-storage-lvm.yml -# - include_vars: ./vars/sample-variables-sap-storage-lvm-stripes.yml - - tasks: - - - name: SAP storage preparation - vars: - sap_storage_cloud_type: 'generic' - sap_storage_sap_type: 'sap_onehost' - sap_storage_action: 'prepare' - include_role: - name: ../roles/sap_storage_setup diff --git a/playbooks/sample-sap-storage-setup_sap_s4hana_distributed.yml b/playbooks/sample-sap-storage-setup_sap_s4hana_distributed.yml new file mode 100644 index 000000000..4cdcf423a --- /dev/null +++ b/playbooks/sample-sap-storage-setup_sap_s4hana_distributed.yml @@ -0,0 +1,162 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Complete Infrastructure setup + hosts: hana_primary, nwas_ascs, nwas_pas, nwas_aas + become: true + any_errors_fatal: true + + vars: + + sap_system_sid: "S01" + sap_system_hana_db_sid: "H01" + sap_system_nwas_abap_ascs_instance_nr: "00" + sap_system_nwas_abap_pas_instance_nr: "01" + sap_system_nwas_abap_aas_instance_nr: "11" + + aws_nfs_mount_point: "fs-1234567890.efs.eu-west-2.amazonaws.com:/" + aws_nfs_mount_point_separate_sap_transport_dir: "fs-0987654321.efs.eu-west-2.amazonaws.com:/" + aws_nfs_mount_point_type: nfs4 + aws_nfs_mount_point_opts: nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,acl,noauto # should include noauto to avoid /etc/fstab mount on boot, when Linux Pacemaker should control mount + + aws_host_specifications_dictionary: + + hana-p: + sap_storage_setup_sid: "{{ sap_system_hana_db_sid }}" + sap_storage_setup_host_type: + - hana_primary + sap_storage_setup_definition: + - name: hana_data + mountpoint: /hana/data + disk_size: 384 # size in GB, integer + filesystem_type: xfs # default: xfs + - name: hana_log + mountpoint: /hana/log + disk_size: 128 # size in GB, integer + filesystem_type: xfs # default: xfs + - name: hana_shared + mountpoint: /hana/shared + disk_size: 320 # size in GB, integer + filesystem_type: xfs # default: xfs + - name: swap + swap_path: /swapfile # use swap file on root disk, instead of creating LVM LV for swap + disk_size: 2 + filesystem_type: swap # must be swap filesystem + - name: software + mountpoint: /software + disk_size: 100 # size in GB, integer + filesystem_type: xfs # default: xfs + + + nw-ascs: + sap_storage_setup_sid: "{{ sap_system_sid }}" + sap_storage_setup_nwas_abap_ascs_instance_nr: "{{ sap_system_nwas_abap_ascs_instance_nr }}" + sap_storage_setup_host_type: + - nwas_abap_ascs + sap_storage_setup_definition: + - name: usr_sap + mountpoint: /usr/sap + nfs_path: /usr/sap # subdirectory path on the NFS server + nfs_server: "{{ aws_nfs_mount_point | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} + nfs_filesystem_type: "{{ aws_nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} + nfs_mount_options: "{{ aws_nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} + - name: usr_sap_trans + mountpoint: /usr/sap/trans + nfs_path: /usr/sap/trans # subdirectory path on the NFS server + nfs_server: "{{ aws_nfs_mount_point_separate_sap_transport_dir | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} + nfs_filesystem_type: "{{ aws_nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} + nfs_mount_options: "{{ aws_nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} + - name: sapmnt + mountpoint: /sapmnt + nfs_path: /sapmnt # subdirectory path on the NFS server + nfs_server: "{{ aws_nfs_mount_point | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} + nfs_filesystem_type: "{{ aws_nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} + nfs_mount_options: "{{ aws_nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} + - name: swap + disk_size: 96 + filesystem_type: swap # must be swap filesystem + - name: software + mountpoint: /software + disk_size: 100 # size in GB, integer + filesystem_type: xfs # default: xfs + + + nw-pas: + sap_storage_setup_sid: "{{ sap_system_sid }}" + sap_storage_setup_nwas_abap_pas_instance_nr: "{{ sap_system_nwas_abap_pas_instance_nr }}" + sap_storage_setup_host_type: + - nwas_abap_pas + sap_storage_setup_definition: + - name: usr_sap + mountpoint: /usr/sap + nfs_path: /usr/sap # subdirectory path on the NFS server + nfs_server: "{{ aws_nfs_mount_point | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} + nfs_filesystem_type: "{{ aws_nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} + nfs_mount_options: "{{ aws_nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} + - name: usr_sap_trans + mountpoint: /usr/sap/trans + nfs_path: /usr/sap/trans # subdirectory path on the NFS server + nfs_server: "{{ aws_nfs_mount_point_separate_sap_transport_dir | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} + nfs_filesystem_type: "{{ aws_nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} + nfs_mount_options: "{{ aws_nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} + - name: sapmnt + mountpoint: /sapmnt + nfs_path: /sapmnt # subdirectory path on the NFS server + nfs_server: "{{ aws_nfs_mount_point | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} + nfs_filesystem_type: "{{ aws_nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} + nfs_mount_options: "{{ aws_nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} + - name: swap + disk_size: 96 + filesystem_type: swap # must be swap filesystem + - name: software + mountpoint: /software + disk_size: 100 # size in GB, integer + filesystem_type: xfs # default: xfs + + + nw-aas: + sap_storage_setup_sid: "{{ sap_system_sid }}" + sap_storage_setup_nwas_abap_aas_instance_nr: "{{ sap_system_nwas_abap_aas_instance_nr }}" + sap_storage_setup_host_type: + - nwas_abap_aas + sap_storage_setup_definition: + - name: usr_sap + mountpoint: /usr/sap + nfs_path: /usr/sap # subdirectory path on the NFS server + nfs_server: "{{ aws_nfs_mount_point | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} + nfs_filesystem_type: "{{ aws_nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} + nfs_mount_options: "{{ aws_nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} + - name: usr_sap_trans + mountpoint: /usr/sap/trans + nfs_path: /usr/sap/trans # subdirectory path on the NFS server + nfs_server: "{{ aws_nfs_mount_point_separate_sap_transport_dir | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} + nfs_filesystem_type: "{{ aws_nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} + nfs_mount_options: "{{ aws_nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} + - name: sapmnt + mountpoint: /sapmnt + nfs_path: /sapmnt # subdirectory path on the NFS server + nfs_server: "{{ aws_nfs_mount_point | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} + nfs_filesystem_type: "{{ aws_nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} + nfs_mount_options: "{{ aws_nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} + - name: swap + disk_size: 96 + filesystem_type: swap # must be swap filesystem + - name: software + mountpoint: /software + disk_size: 100 # size in GB, integer + filesystem_type: xfs # default: xfs + + + tasks: + + - name: Execute Ansible Role sap_storage_setup + ansible.builtin.include_role: + name: community.sap_install.sap_storage_setup + vars: + sap_storage_setup_sid: "{{ aws_host_specifications_dictionary[ansible_hostname].sap_storage_setup_sid | default('') }}" + sap_storage_setup_host_type: "{{ aws_host_specifications_dictionary[ansible_hostname].sap_storage_setup_host_type | list }}" + sap_storage_setup_definition: "{{ aws_host_specifications_dictionary[ansible_hostname].sap_storage_setup_definition | list }}" + sap_storage_setup_nwas_abap_ascs_instance_nr: "{{ aws_host_specifications_dictionary[ansible_hostname].sap_storage_setup_nwas_abap_ascs_instance_nr | default(omit) }}" + sap_storage_setup_nwas_abap_ers_instance_nr: "{{ aws_host_specifications_dictionary[ansible_hostname].sap_storage_setup_nwas_abap_ers_instance_nr | default(omit) }}" + sap_storage_setup_nwas_abap_pas_instance_nr: "{{ aws_host_specifications_dictionary[ansible_hostname].sap_storage_setup_nwas_abap_pas_instance_nr | default(omit) }}" + sap_storage_setup_nwas_abap_aas_instance_nr: "{{ aws_host_specifications_dictionary[ansible_hostname].sap_storage_setup_nwas_abap_aas_instance_nr | default(omit) }}" diff --git a/playbooks/sample-storage_sap_s4hana_distributed.yml b/playbooks/sample-storage_sap_s4hana_distributed.yml deleted file mode 100644 index 6e5b65d7a..000000000 --- a/playbooks/sample-storage_sap_s4hana_distributed.yml +++ /dev/null @@ -1,206 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -- name: Complete Infrastructure setup - hosts: hana_primary, nwas_ascs, nwas_pas, nwas_aas - become: true - any_errors_fatal: true - - vars: - - sap_system_sid: "S01" - sap_system_hana_db_sid: "H01" - sap_system_hana_db_instance_nr: "90" - sap_system_nwas_abap_ascs_instance_nr: "00" - sap_system_nwas_abap_pas_instance_nr: "01" - sap_system_nwas_abap_aas_instance_nr: "11" - - nfs_mount_point: "fs-1234567890.efs.eu-west-2.amazonaws.com:/" - nfs_mount_point_separate_sap_transport_dir: "fs-0987654321.efs.eu-west-2.amazonaws.com:/" - nfs_mount_point_type: nfs4 - nfs_mount_point_opts: nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport,acl,noauto # should include noauto to avoid /etc/fstab mount on boot, when Linux Pacemaker should control mount - - host_specifications_dictionary: - - hana-p: # hostname - # hana_primary, hana_secondary, nwas_abap_ascs, nwas_abap_ers, nwas_abap_pas, nwas_abap_aas, nwas_java_scs, nwas_java_ers - sap_storage_setup_host_type: - - hana_primary - - storage_definition: - - # Commented out variables are the same for each filesystem, only shown once below to ease readability - - name: hana_data - mountpoint: /hana/data - disk_size: 384 # size in GB, integer - filesystem_type: xfs # default: xfs - #lvm_lv_name: # default: lv_ - #lvm_lv_stripes: 2 # default: null, number of disks to stripe over - #lvm_lv_stripe_size: 128K # default: 64K, defined by the OS. Akin to Virtualized Block Size - #lvm_vg_name: # default: vg_ - #lvm_vg_options: # default: none, additional LVM VG options as string in LVM options syntax (e.g. "--dataalignment XX ..." to override MiB offset from disk start before first LVM VG Physical Extent) - #lvm_vg_physical_extent_size: # default: 4, uses 4 MiB default and difficult to change once set. Akin to Physical Block Size - #lvm_pv_device: # default: discovered ansible_devices matching the target size - #lvm_pv_options: # default: none, additional LVM PV options as string in LVM options syntax (e.g. "--dataalignment XX ..." to override MiB offset from disk start before first LVM PV Physical Extent) - #nfs_path: # subdirectory path on the NFS server - #nfs_server: # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} - #nfs_filesystem_type: # default: {{ sap_storage_setup_nfs_filesystem_type }} - #nfs_mount_options: # default: {{ sap_storage_setup_nfs_mount_options }} - - - name: hana_log - mountpoint: /hana/log - disk_size: 128 # size in GB, integer - filesystem_type: xfs # default: xfs - - - name: hana_shared - mountpoint: /hana/shared - disk_size: 320 # size in GB, integer - filesystem_type: xfs # default: xfs - - - name: swap - swap_path: /swapfile # use swap file on root disk, instead of creating LVM LV for swap - disk_size: 2 - filesystem_type: swap # must be swap filesystem - - - name: software - mountpoint: /software - disk_size: 100 # size in GB, integer - filesystem_type: xfs # default: xfs - - - nw-ascs: # hostname - sap_storage_setup_sid: "{{ sap_system_sid }}" - sap_storage_setup_nwas_abap_ascs_instance_nr: "{{ sap_system_nwas_abap_ascs_instance_nr }}" - - # hana_primary, hana_secondary, nwas_abap_ascs, nwas_abap_ers, nwas_abap_pas, nwas_abap_aas, nwas_java_scs, nwas_java_ers - sap_storage_setup_host_type: - - nwas_abap_ascs - - storage_definition: - - - name: usr_sap - mountpoint: /usr/sap - nfs_path: /usr/sap # subdirectory path on the NFS server - nfs_server: "{{ nfs_mount_point | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} - nfs_filesystem_type: "{{ nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} - nfs_mount_options: "{{ nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} - - - name: usr_sap_trans - mountpoint: /usr/sap/trans - nfs_path: /usr/sap/trans # subdirectory path on the NFS server - nfs_server: "{{ nfs_mount_point_separate_sap_transport_dir | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} - nfs_filesystem_type: "{{ nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} - nfs_mount_options: "{{ nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} - - - name: sapmnt - mountpoint: /sapmnt - nfs_path: /sapmnt # subdirectory path on the NFS server - nfs_server: "{{ nfs_mount_point | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} - nfs_filesystem_type: "{{ nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} - nfs_mount_options: "{{ nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} - - - name: swap - disk_size: 96 - filesystem_type: swap # must be swap filesystem - - - name: software - mountpoint: /software - disk_size: 100 # size in GB, integer - filesystem_type: xfs # default: xfs - - - nw-pas: # hostname - sap_storage_setup_sid: "{{ sap_system_sid }}" - sap_storage_setup_nwas_abap_pas_instance_nr: "{{ sap_system_nwas_abap_pas_instance_nr }}" - - # hana_primary, hana_secondary, nwas_abap_ascs, nwas_abap_ers, nwas_abap_pas, nwas_abap_aas, nwas_java_scs, nwas_java_ers - sap_storage_setup_host_type: - - nwas_abap_pas - - storage_definition: - - - name: usr_sap - mountpoint: /usr/sap - nfs_path: /usr/sap # subdirectory path on the NFS server - nfs_server: "{{ nfs_mount_point | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} - nfs_filesystem_type: "{{ nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} - nfs_mount_options: "{{ nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} - - - name: usr_sap_trans - mountpoint: /usr/sap/trans - nfs_path: /usr/sap/trans # subdirectory path on the NFS server - nfs_server: "{{ nfs_mount_point_separate_sap_transport_dir | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} - nfs_filesystem_type: "{{ nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} - nfs_mount_options: "{{ nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} - - - name: sapmnt - mountpoint: /sapmnt - nfs_path: /sapmnt # subdirectory path on the NFS server - nfs_server: "{{ nfs_mount_point | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} - nfs_filesystem_type: "{{ nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} - nfs_mount_options: "{{ nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} - - - name: swap - disk_size: 96 - filesystem_type: swap # must be swap filesystem - - - name: software - mountpoint: /software - disk_size: 100 # size in GB, integer - filesystem_type: xfs # default: xfs - - - nw-aas: # hostname - sap_storage_setup_sid: "{{ sap_system_sid }}" - sap_storage_setup_nwas_abap_aas_instance_nr: "{{ sap_system_nwas_abap_aas_instance_nr }}" - - # hana_primary, hana_secondary, nwas_abap_ascs, nwas_abap_ers, nwas_abap_pas, nwas_abap_aas, nwas_java_scs, nwas_java_ers - sap_storage_setup_host_type: - - nwas_abap_aas - - storage_definition: - - - name: usr_sap - mountpoint: /usr/sap - nfs_path: /usr/sap # subdirectory path on the NFS server - nfs_server: "{{ nfs_mount_point | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} - nfs_filesystem_type: "{{ nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} - nfs_mount_options: "{{ nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} - - - name: usr_sap_trans - mountpoint: /usr/sap/trans - nfs_path: /usr/sap/trans # subdirectory path on the NFS server - nfs_server: "{{ nfs_mount_point_separate_sap_transport_dir | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} - nfs_filesystem_type: "{{ nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} - nfs_mount_options: "{{ nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} - - - name: sapmnt - mountpoint: /sapmnt - nfs_path: /sapmnt # subdirectory path on the NFS server - nfs_server: "{{ nfs_mount_point | default('') }}" # NFS server and parent directory (e.g. nfs.com:/share1). default: {{ sap_storage_setup_nfs_server }} - nfs_filesystem_type: "{{ nfs_mount_point_type | default('') }}" # default: {{ sap_storage_setup_nfs_filesystem_type }} - nfs_mount_options: "{{ nfs_mount_point_opts | default('') }}" # default: {{ sap_storage_setup_nfs_mount_options }} - - - name: swap - disk_size: 96 - filesystem_type: swap # must be swap filesystem - - - name: software - mountpoint: /software - disk_size: 100 # size in GB, integer - filesystem_type: xfs # default: xfs - - - tasks: - - - name: Execute Ansible Role sap_storage_setup - ansible.builtin.include_role: - name: { role: community.sap_install.sap_storage_setup } - vars: - sap_storage_setup_sid: "{{ host_specifications_dictionary[ansible_hostname].sap_storage_setup_sid | default('') }}" - sap_storage_setup_nwas_abap_ascs_instance_nr: "{{ host_specifications_dictionary[ansible_hostname].sap_storage_setup_nwas_abap_ascs_instance_nr | default('') }}" - sap_storage_setup_nwas_abap_ers_instance_nr: "{{ host_specifications_dictionary[ansible_hostname].sap_storage_setup_nwas_abap_ers_instance_nr | default('') }}" - sap_storage_setup_nwas_abap_pas_instance_nr: "{{ host_specifications_dictionary[ansible_hostname].sap_storage_setup_nwas_abap_pas_instance_nr | default('') }}" - sap_storage_setup_nwas_abap_aas_instance_nr: "{{ host_specifications_dictionary[ansible_hostname].sap_storage_setup_nwas_abap_aas_instance_nr | default('') }}" - sap_storage_setup_host_type: "{{ host_specifications_dictionary[ansible_hostname].sap_storage_setup_host_type | list }}" - sap_storage_setup_definition: "{{ host_specifications_dictionary[ansible_hostname].storage_definition | list }}" diff --git a/requirements-workflow.txt b/requirements-workflow.txt index b3d9256a4..559499b7c 100644 --- a/requirements-workflow.txt +++ b/requirements-workflow.txt @@ -1,4 +1,4 @@ -ansible==9.1.0 -ansible-compat==4.1.10 -ansible-core==2.16.2 -ansible-lint==6.22.1 +ansible==9.5.1 +ansible-compat==24.7.0 +ansible-core==2.16.9 +ansible-lint==24.7.0 diff --git a/roles/sap_anydb_install_oracle/.yamllint.yml b/roles/sap_anydb_install_oracle/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_anydb_install_oracle/.yamllint.yml +++ b/roles/sap_anydb_install_oracle/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/sap_general_preconfigure/.yamllint.yml b/roles/sap_general_preconfigure/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_general_preconfigure/.yamllint.yml +++ b/roles/sap_general_preconfigure/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml index 610ad2dda..9e96a2657 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml @@ -16,7 +16,7 @@ - name: Import role sap_maintain_etc_hosts ansible.builtin.import_role: - name: sap_maintain_etc_hosts + name: 'community.sap_install.sap_maintain_etc_hosts' vars: sap_maintain_etc_hosts_list: - node_ip: "{{ sap_general_preconfigure_ip }}" diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml index ecf8866b3..1a22f7c6b 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml @@ -16,7 +16,7 @@ - name: Import role sap_maintain_etc_hosts ansible.builtin.import_role: - name: sap_maintain_etc_hosts + name: 'community.sap_install.sap_maintain_etc_hosts' vars: sap_maintain_etc_hosts_list: - node_ip: "{{ sap_general_preconfigure_ip }}" diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml index 0b2e96d04..fab19c6b6 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml @@ -16,7 +16,7 @@ - name: Import role sap_maintain_etc_hosts ansible.builtin.import_role: - name: sap_maintain_etc_hosts + name: 'community.sap_install.sap_maintain_etc_hosts' vars: sap_maintain_etc_hosts_list: - node_ip: "{{ sap_general_preconfigure_ip }}" diff --git a/roles/sap_ha_install_anydb_ibmdb2/.yamllint.yml b/roles/sap_ha_install_anydb_ibmdb2/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_ha_install_anydb_ibmdb2/.yamllint.yml +++ b/roles/sap_ha_install_anydb_ibmdb2/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/sap_ha_install_hana_hsr/.yamllint.yml b/roles/sap_ha_install_hana_hsr/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_ha_install_hana_hsr/.yamllint.yml +++ b/roles/sap_ha_install_hana_hsr/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/sap_ha_pacemaker_cluster/.yamllint.yml b/roles/sap_ha_pacemaker_cluster/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_ha_pacemaker_cluster/.yamllint.yml +++ b/roles/sap_ha_pacemaker_cluster/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/sap_ha_pacemaker_cluster/README.md b/roles/sap_ha_pacemaker_cluster/README.md index 206377818..de8c02791 100644 --- a/roles/sap_ha_pacemaker_cluster/README.md +++ b/roles/sap_ha_pacemaker_cluster/README.md @@ -13,8 +13,8 @@ This Ansible Role provides: - setup and instantiation of Linux Pacemaker cluster (using `ha_cluster` Linux System Role) This Ansible Role has been tested for the following SAP Software Solution scenario deployments: -- SAP HANA Scale-up High Availability -- `Beta:` SAP NetWeaver (ABAP) AS ASCS and ERS High Availability +- SAP HANA Scale-up High Availability (SAPHanaSR Classic and SAPHanaSR-angi) +- SAP NetWeaver (ABAP) AS ASCS and ERS High Availability - `Experimental:` SAP NetWeaver (ABAP) AS PAS and AAS High Availability - `Experimental:` SAP NetWeaver (JAVA) AS SCS and ERS High Availability @@ -71,8 +71,8 @@ The Ansible Control System (where Ansible is executed from) must have: - Ansible Core 2.9+ - Access to dependency Ansible Collections and Ansible Roles: - **Upstream**: - - Ansible Collection [`community.sap_install` from Ansible Galaxy](https://galaxy.ansible.com/community/sap_install) version `1.3.0` or later - - Ansible Collection [`fedora.linux_system_roles` from Ansible Galaxy](https://galaxy.ansible.com/fedora/linux_system_roles) version `1.20.0` or later + - Ansible Collection [`community.sap_install` from Ansible Galaxy](https://galaxy.ansible.com/community/sap_install) version `1.4.1` or later + - Ansible Collection [`fedora.linux_system_roles` from Ansible Galaxy](https://galaxy.ansible.com/fedora/linux_system_roles) version `1.82.0` or later - **Supported (Downstream)** via Red Hat Ansible Automation Platform (AAP) license: - Ansible Collection [`redhat.sap_install` from Red Hat Ansible Automation Platform Hub](https://console.redhat.com/ansible/automation-hub/repo/published/redhat/sap_install) version `1.3.0` or later - Ansible Collection [`redhat.rhel_system_roles` from Red Hat Ansible Automation Platform Hub](https://console.redhat.com/ansible/automation-hub/repo/published/redhat/rhel_system_roles) version `1.20.0` or later @@ -146,7 +146,18 @@ Additional minimum requirements depend on the type of cluster setup and on the t - _Type:_ `string` AWS access key to allow control of instances (for example for fencing operations).
-Mandatory for the cluster nodes setup on AWS EC2 instances.
+Mandatory for the cluster nodes setup on AWS EC2 instances, when:
+1. IAM Role or Instance profile is not attached to EC2 instance.
+2. `sap_ha_pacemaker_cluster_aws_credentials_setup` is `true`
+ +### sap_ha_pacemaker_cluster_aws_credentials_setup + +- _Type:_ `string` + +Set this parameter to 'true' to store AWS credentials into /root/.aws/credentials.
+Requires: `sap_ha_pacemaker_cluster_aws_access_key_id` and `sap_ha_pacemaker_cluster_aws_secret_access_key`
+Mandatory for the cluster nodes setup on AWS EC2 instances, when:
+1. IAM Role or Instance profile is not attached to EC2 instance.
### sap_ha_pacemaker_cluster_aws_region @@ -160,7 +171,9 @@ Mandatory for cluster nodes setup on AWS EC2 instances.
- _Type:_ `string` AWS secret key, paired with the access key for instance control.
-Mandatory for the cluster setup on AWS EC2 instances.
+Mandatory for the cluster nodes setup on AWS EC2 instances, when:
+1. IAM Role or Instance profile is not attached to EC2 instance.
+2. `sap_ha_pacemaker_cluster_aws_credentials_setup` is `true`
### sap_ha_pacemaker_cluster_aws_vip_update_rt @@ -259,19 +272,14 @@ Set this parameter to 'false' if the SAP HA interface should not be installed an Additional extra packages to be installed, for instance specific resource packages.
For SAP clusters configured by this role, the relevant standard packages for the target scenario are automatically included.
-### sap_ha_pacemaker_cluster_fence_agent_minimal_packages - -- _Type:_ `list` -- _Default:_ `['fence-agents-all']` - -The minimal set of fence agent packages that will be installed.
- ### sap_ha_pacemaker_cluster_fence_agent_packages - _Type:_ `list` Additional fence agent packages to be installed.
-This is automatically combined with `sap_ha_pacemaker_cluster_fence_agent_minimal_packages`.
+This is automatically combined with default packages in:
+`__sap_ha_pacemaker_cluster_fence_agent_packages_minimal`
+`__sap_ha_pacemaker_cluster_fence_agent_packages_platform`
### sap_ha_pacemaker_cluster_gcp_project @@ -460,7 +468,7 @@ When set to "true" (default) a failover to secondary will be initiated on resour - _Default:_ `msl_SAPHana__HDB` Customize the cluster resource name of the SAP HANA DB resource master slave clone.
-Master Slave clone is specific to SAPHana resource on SUSE.
+Master Slave clone is specific to Classic SAPHana resource on SUSE (non-angi).
### sap_ha_pacemaker_cluster_hana_resource_clone_name @@ -849,32 +857,132 @@ sap_ha_pacemaker_cluster_resource_defaults: Disabling this variable enables to use Classic SAPHanaSR agents even on server, with SAPHanaSR-angi is available.
+### sap_ha_pacemaker_cluster_sbd_devices + +- _Type:_ `list` + +Required if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled.
+Provide list of block devices for Stonith SBD agent
+ +Example: + +```yaml +sap_ha_pacemaker_cluster_sbd_devices: +- /dev/disk/by-id/scsi-3600 +``` + +### sap_ha_pacemaker_cluster_sbd_enabled + +- _Type:_ `bool` + +Set this parameter to 'true' to enable workflow to add Stonith SBD resource.
+Stonith SBD resource has to be provided as part of `sap_ha_pacemaker_cluster_stonith_custom`.
+Default SBD agents are: stonith:external/sbd for SLES and stonith:fence_sbd for RHEL
+ +Example: + +```yaml +sap_ha_pacemaker_cluster_sbd_devices: +- /dev/disk/by-id/scsi-3600 +sap_ha_pacemaker_cluster_sbd_enabled: true +sap_ha_pacemaker_cluster_stonith_custom: +- agent: stonith:external/sbd + id: stonith_sbd + instance_attrs: + - attrs: + - name: pcmk_delay_max + value: 15 +``` + +### sap_ha_pacemaker_cluster_sbd_options + +- _Type:_ `list` + +Optional if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled.
+Provide list of SBD specific options that are added into SBD configuration file.
+ +Example: + +```yaml +sap_ha_pacemaker_cluster_sbd_options: +- name: startmode + value: clean +``` + +### sap_ha_pacemaker_cluster_sbd_watchdog + +- _Type:_ `str` +- _Default:_ `/dev/watchdog` + +Optional if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled.
+Provide watchdog name to override default /dev/watchdog
+ +### sap_ha_pacemaker_cluster_sbd_watchdog_modules + +- _Type:_ `list` + +Optional if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled.
+Provide list of watchdog kernel modules to be loaded (creates /dev/watchdog* devices).
+ +Example: + +```yaml +sap_ha_pacemaker_cluster_sbd_watchdog_modules: +- softdog +``` + ### sap_ha_pacemaker_cluster_stonith_custom - _Type:_ `list` Custom list of STONITH resource(s) to be configured in the cluster.
This definition override any defaults the role would apply otherwise.
+Definition follows structure of ha_cluster_resource_primitives in linux-system-roles/ha_cluster
- **agent**
Resource agent name, must contain the prefix "stonith:" to avoid mismatches or failures. +- **id**
+ Parameter `id` is required.
Name that will be used as the resource ID (name). +- **instance_attrs**
+ Defines resource agent params as list of name/value pairs.
Requires the mandatory options for the particular stonith resource agent to be defined, otherwise the setup will fail.
Example: stonith:fence_sbd agent requires devices option with list of SBD disks.
Example: stonith:external/sbd agent does not require devices option, but `sap_ha_pacemaker_cluster_sbd_devices`. +- **meta_attrs**
+ Defines meta attributes as list of name/value pairs. - **name**
- Name that will be used as the resource ID (name). + WARNING! This option will be removed in future release. +- **operations**
+ Defines list of resource agent operations. - **options**
- The resource options listed in dictionary format, one option per line.
Requires the mandatory options for the particular stonith resource agent to be defined, otherwise the setup will fail. + WARNING! This option will be removed in future release. Example: ```yaml sap_ha_pacemaker_cluster_stonith_custom: - agent: stonith:fence_rhevm - name: my-fence-resource - options: - ip: rhevm-server - password: login-user-password - pcmk_host_list: node1,node2 - power_wait: 3 - username: login-user + id: my-fence-resource + instance_attrs: + - attrs: + - name: ip + value: rhevm-server + - name: username + value: login-user + - name: password + value: login-user-password + - name: pcmk_host_list + value: node1,node2 + - name: power_wait + value: 3 + meta_attrs: + - attrs: + - name: target-role + value: Started + operations: + - action: start + attrs: + - name: interval + value: 0 + - name: timeout + value: 180 ``` ### sap_ha_pacemaker_cluster_storage_definition diff --git a/roles/sap_ha_pacemaker_cluster/defaults/main.yml b/roles/sap_ha_pacemaker_cluster/defaults/main.yml index 94efa79d8..959800add 100644 --- a/roles/sap_ha_pacemaker_cluster/defaults/main.yml +++ b/roles/sap_ha_pacemaker_cluster/defaults/main.yml @@ -365,6 +365,7 @@ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name: >- # sap_ha_pacemaker_cluster_aws_access_key_id # sap_ha_pacemaker_cluster_aws_secret_access_key # sap_ha_pacemaker_cluster_aws_region +# sap_ha_pacemaker_cluster_aws_credentials_setup: false ## Google Cloud platform, Compute Engine Virtual Machines # sap_ha_pacemaker_cluster_gcp_project diff --git a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml index 4ea9ecc51..365675987 100644 --- a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml +++ b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml @@ -102,12 +102,6 @@ argument_specs: node_ip: 192.168.5.1 - hana_site: DC02 - sap_ha_pacemaker_cluster_fence_agent_minimal_packages: - type: list - default: ['fence-agents-all'] - description: - - The minimal set of fence agent packages that will be installed. - sap_ha_pacemaker_cluster_resource_defaults: type: dict default: @@ -166,33 +160,138 @@ argument_specs: description: - Custom list of STONITH resource(s) to be configured in the cluster. - This definition override any defaults the role would apply otherwise. + - Definition follows structure of ha_cluster_resource_primitives in linux-system-roles/ha_cluster elements: dict options: - name: + id: + type: str description: + - Parameter `id` is required. - Name that will be used as the resource ID (name). - required: true + # TODO: Enable to remove Tech debt after name and options are removed! + # required: true agent: + type: str description: - Resource agent name, must contain the prefix "stonith:" to avoid mismatches or failures. required: true - options: + instance_attrs: + type: list description: - - The resource options listed in dictionary format, one option per line. + - Defines resource agent params as list of name/value pairs. - Requires the mandatory options for the particular stonith resource agent to be defined, otherwise the setup will fail. - required: true + - "Example: stonith:fence_sbd agent requires devices option with list of SBD disks." + - "Example: stonith:external/sbd agent does not require devices option, but `sap_ha_pacemaker_cluster_sbd_devices`." + operations: + type: list + description: + - Defines list of resource agent operations. + action: + description: + - Name of resource agent operation. + attrs: + description: + - Defines operation parameters as list of name/value pairs. + meta_attrs: + type: list + description: + - Defines meta attributes as list of name/value pairs. + # TODO: Tech Debt: Remove name and options in next release + name: + type: str + description: + - WARNING! This option will be removed in future release. + # TODO: Tech Debt: Remove name and options in next release + options: + type: dict + description: + - WARNING! This option will be removed in future release. example: sap_ha_pacemaker_cluster_stonith_custom: - - name: "my-fence-resource" + - id: "my-fence-resource" agent: "stonith:fence_rhevm" - options: - ip: rhevm-server - username: login-user - password: login-user-password - pcmk_host_list: node1,node2 - power_wait: 3 + instance_attrs: + - attrs: + - name: ip + value: rhevm-server + - name: username + value: login-user + - name: password + value: login-user-password + - name: pcmk_host_list + value: node1,node2 + - name: power_wait + value: 3 + meta_attrs: + - attrs: + - name: target-role + value: Started + operations: + - action: start + attrs: + - name: interval + value: 0 + - name: timeout + value: 180 + + sap_ha_pacemaker_cluster_sbd_enabled: + type: bool + description: + - Set this parameter to 'true' to enable workflow to add Stonith SBD resource. + - Stonith SBD resource has to be provided as part of `sap_ha_pacemaker_cluster_stonith_custom`. + - "Default SBD agents are: stonith:external/sbd for SLES and stonith:fence_sbd for RHEL" + + example: + sap_ha_pacemaker_cluster_sbd_enabled: true + sap_ha_pacemaker_cluster_stonith_custom: + - id: stonith_sbd + agent: stonith:external/sbd + instance_attrs: + - attrs: + - name: pcmk_delay_max + value: 15 + sap_ha_pacemaker_cluster_sbd_devices: + - /dev/disk/by-id/scsi-3600 + + sap_ha_pacemaker_cluster_sbd_devices: + type: list + description: + - Required if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled. + - Provide list of block devices for Stonith SBD agent + + example: + sap_ha_pacemaker_cluster_sbd_devices: + - /dev/disk/by-id/scsi-3600 + + sap_ha_pacemaker_cluster_sbd_options: + type: list + description: + - Optional if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled. + - Provide list of SBD specific options that are added into SBD configuration file. + + example: + sap_ha_pacemaker_cluster_sbd_options: + - name: startmode + value: clean + + sap_ha_pacemaker_cluster_sbd_watchdog: + type: str + default: /dev/watchdog + description: + - Optional if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled. + - Provide watchdog name to override default /dev/watchdog + + sap_ha_pacemaker_cluster_sbd_watchdog_modules: + type: list + description: + - Optional if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled. + - Provide list of watchdog kernel modules to be loaded (creates /dev/watchdog* devices). + + example: + sap_ha_pacemaker_cluster_sbd_watchdog_modules: + - softdog sap_ha_pacemaker_cluster_cluster_properties: type: dict @@ -251,7 +350,9 @@ argument_specs: type: list description: - Additional fence agent packages to be installed. - - This is automatically combined with `sap_ha_pacemaker_cluster_fence_agent_minimal_packages`. + - "This is automatically combined with default packages in:" + - "`__sap_ha_pacemaker_cluster_fence_agent_packages_minimal`" + - "`__sap_ha_pacemaker_cluster_fence_agent_packages_platform`" sap_ha_pacemaker_cluster_hacluster_user_password: description: @@ -321,7 +422,7 @@ argument_specs: default: "msl_SAPHana__HDB" description: - Customize the cluster resource name of the SAP HANA DB resource master slave clone. - - Master Slave clone is specific to SAPHana resource on SUSE. + - Master Slave clone is specific to Classic SAPHana resource on SUSE (non-angi). sap_ha_pacemaker_cluster_hanacontroller_resource_name: default: "rsc_SAPHanaCon__HDB" @@ -791,13 +892,23 @@ argument_specs: sap_ha_pacemaker_cluster_aws_access_key_id: description: - AWS access key to allow control of instances (for example for fencing operations). - - Mandatory for the cluster nodes setup on AWS EC2 instances. + - "Mandatory for the cluster nodes setup on AWS EC2 instances, when:" + - "1. IAM Role or Instance profile is not attached to EC2 instance." + - "2. `sap_ha_pacemaker_cluster_aws_credentials_setup` is `true`" sap_ha_pacemaker_cluster_aws_secret_access_key: description: - AWS secret key, paired with the access key for instance control. - - Mandatory for the cluster setup on AWS EC2 instances. + - "Mandatory for the cluster nodes setup on AWS EC2 instances, when:" + - "1. IAM Role or Instance profile is not attached to EC2 instance." + - "2. `sap_ha_pacemaker_cluster_aws_credentials_setup` is `true`" + sap_ha_pacemaker_cluster_aws_credentials_setup: + description: + - Set this parameter to 'true' to store AWS credentials into /root/.aws/credentials. + - "Requires: `sap_ha_pacemaker_cluster_aws_access_key_id` and `sap_ha_pacemaker_cluster_aws_secret_access_key`" + - "Mandatory for the cluster nodes setup on AWS EC2 instances, when:" + - "1. IAM Role or Instance profile is not attached to EC2 instance." ########################################################################## # Platforms: GCP specific parameters diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml index 2367aee08..9c9af77f4 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml @@ -29,6 +29,18 @@ # __sap_ha_pacemaker_cluster_resource_primitives ha_cluster_resource_primitives # __sap_ha_pacemaker_cluster_corosync_totem ha_cluster_totem +# Combines SBD stonith options with ha_cluster if it was not imported as extra var. +- name: "SAP HA Prepare Pacemaker - (ha_cluster) Include SBD config into 'ha_cluster'" # noqa jinja[spacing] + when: + - __sap_ha_pacemaker_cluster_ha_cluster_stonith is defined and __sap_ha_pacemaker_cluster_ha_cluster_stonith | length > 0 + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_ha_cluster: >- + {%- if __sap_ha_pacemaker_cluster_ha_cluster is defined and __sap_ha_pacemaker_cluster_ha_cluster | length > 0 -%} + {{ __sap_ha_pacemaker_cluster_ha_cluster | combine(__sap_ha_pacemaker_cluster_ha_cluster_stonith) }} + {%- else -%} + {{ __sap_ha_pacemaker_cluster_ha_cluster_stonith }} + {%- endif -%} + - name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster'" when: __sap_ha_pacemaker_cluster_ha_cluster is defined ansible.builtin.set_fact: @@ -110,3 +122,13 @@ when: __sap_ha_pacemaker_cluster_corosync_totem is defined ansible.builtin.set_fact: ha_cluster_totem: "{{ __sap_ha_pacemaker_cluster_corosync_totem }}" + +- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_sbd_options'" + when: __sap_ha_pacemaker_cluster_sbd_options is defined + ansible.builtin.set_fact: + ha_cluster_sbd_options: "{{ __sap_ha_pacemaker_cluster_sbd_options }}" + +- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_sbd_enabled'" + when: __sap_ha_pacemaker_cluster_sbd_enabled is defined + ansible.builtin.set_fact: + ha_cluster_sbd_enabled: "{{ __sap_ha_pacemaker_cluster_sbd_enabled }}" diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml index 8a5bd6dc3..e34dd1584 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml @@ -22,7 +22,25 @@ __sap_ha_pacemaker_cluster_hacluster_user_password: "{{ sap_ha_pacemaker_cluster_hacluster_user_password }}" no_log: true # secure the credential +# sap_ha_pacemaker_cluster_ha_cluster -> user-defined or default inherited from {{ ha_cluster }} +- name: "SAP HA Prepare Pacemaker - Register sap_ha_pacemaker_cluster_ha_cluster" + when: + - __sap_ha_pacemaker_cluster_ha_cluster is not defined + - sap_ha_pacemaker_cluster_ha_cluster is defined + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_ha_cluster: "{{ sap_ha_pacemaker_cluster_ha_cluster }}" + +- name: "SAP HA Prepare Pacemaker - Generate default sap_ha_pacemaker_cluster_ha_cluster" + when: + - not __sap_ha_pacemaker_cluster_ha_cluster is defined + - not sap_ha_pacemaker_cluster_ha_cluster is defined + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_ha_cluster: + node_name: "{{ ansible_hostname }}" + pcs_address: "{{ ansible_default_ipv4.address }}" + +# Combine following extra packages together: # sap_ha_pacemaker_cluster_extra_packages -> user-defined, empty by global default # __sap_ha_pacemaker_cluster_sap_extra_packages -> included from vars/* # __sap_ha_pacemaker_cluster_platform_extra_packages -> included from vars/platform* @@ -36,17 +54,32 @@ | unique | select() }}" # remove duplicates and empty elements -# sap_ha_pacemaker_cluster_fence_agent_minimal_packages -> global default -# sap_ha_pacemaker_cluster_fence_agent_packages -> global default -# __sap_ha_pacemaker_cluster_fence_agent_packages -> internal default (vars/main.yml) +# Combine following fence packages together: +# __sap_ha_pacemaker_cluster_fence_agent_packages_minimal -> os default +# __sap_ha_pacemaker_cluster_fence_agent_packages_platform -> platform defaults from dict +# sap_ha_pacemaker_cluster_fence_agent_packages -> user input or default [] + +# __sap_ha_pacemaker_cluster_fence_agent_packages loaded from ha_cluster is not included, +# because it would still not be used due to precedence. +# TODO: Remove Tech debt conditionals in future for deprecated var 'sap_ha_pacemaker_cluster_fence_agent_minimal_packages' - name: "SAP HA Prepare Pacemaker - Combine fence agent packages lists" ansible.builtin.set_fact: __sap_ha_pacemaker_cluster_fence_agent_packages: "{{ - (sap_ha_pacemaker_cluster_fence_agent_minimal_packages - + sap_ha_pacemaker_cluster_fence_agent_packages - + __sap_ha_pacemaker_cluster_fence_agent_packages) + (__sap_ha_pacemaker_cluster_fence_agent_packages_minimal_combined + + __sap_ha_pacemaker_cluster_fence_agent_packages_platform + + sap_ha_pacemaker_cluster_fence_agent_packages) | unique }}" + vars: + # Tech debt for sap_ha_pacemaker_cluster_fence_agent_minimal_packages + __sap_ha_pacemaker_cluster_fence_agent_packages_minimal_combined: + "{{ __sap_ha_pacemaker_cluster_fence_agent_packages_minimal + + sap_ha_pacemaker_cluster_fence_agent_minimal_packages + if (sap_ha_pacemaker_cluster_fence_agent_minimal_packages is defined + and sap_ha_pacemaker_cluster_fence_agent_minimal_packages | length > 0 + and sap_ha_pacemaker_cluster_fence_agent_minimal_packages is iterable) + else __sap_ha_pacemaker_cluster_fence_agent_packages_minimal }}" + # Prepare corosync totem variable with either: # - User provided sap_ha_pacemaker_cluster_corosync_totem if present diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml index a525ced88..daf3c7217 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml @@ -21,17 +21,17 @@ or ( sap_ha_pacemaker_cluster_stonith_custom is not defined - and sap_ha_pacemaker_cluster_stonith_default is defined + and __sap_ha_pacemaker_cluster_stonith_default is defined and ( - sap_ha_pacemaker_cluster_stonith_default == '' - or sap_ha_pacemaker_cluster_stonith_default | length == 0 + __sap_ha_pacemaker_cluster_stonith_default == '' + or __sap_ha_pacemaker_cluster_stonith_default | length == 0 ) ) or ( sap_ha_pacemaker_cluster_stonith_custom is not defined - and sap_ha_pacemaker_cluster_stonith_default is not defined + and __sap_ha_pacemaker_cluster_stonith_default is not defined ) block: @@ -59,9 +59,9 @@ ansible.builtin.set_fact: sap_ha_pacemaker_cluster_cluster_properties: "{{ sap_ha_pacemaker_cluster_cluster_properties | combine({'priority-fencing-delay': - sap_ha_pacemaker_cluster_stonith_default.options.pcmk_delay_max | int * 2}) - if sap_ha_pacemaker_cluster_stonith_default.options.pcmk_delay_max is defined - and sap_ha_pacemaker_cluster_stonith_default.options.pcmk_delay_max | int != 0 + __sap_ha_pacemaker_cluster_stonith_default.options.pcmk_delay_max | int * 2}) + if __sap_ha_pacemaker_cluster_stonith_default.options.pcmk_delay_max is defined + and __sap_ha_pacemaker_cluster_stonith_default.options.pcmk_delay_max | int != 0 else sap_ha_pacemaker_cluster_cluster_properties }}" - name: "SAP HA Prepare Pacemaker - (STONITH) Define cluster properties" @@ -88,82 +88,148 @@ {%- endfor %} {{ attrs }} -# Combine the default stonith resource config from -# - assembled pcmk_host_map -# (see platform tasks: __sap_ha_pacemaker_cluster_pcmk_host_map) -# - fence agent specific required options -# (see platform vars: sap_ha_pacemaker_cluster_stonith_default) -# - generic pacemaker fence resource options -# (see defaults: sap_ha_pacemaker_cluster_fence_options) -# Note: the 'ha_cluster' LSR only calls the stonith creation for ONE host -# -> the definition must contain the resources for all hosts, if multiple +# Prepare default stonith method based on __sap_ha_pacemaker_cluster_stonith_default loaded +# from platform __sap_ha_pacemaker_cluster_stonith_default_dict dictionary. - name: "SAP HA Prepare Pacemaker - (STONITH) Assemble the resource definition from platform default" when: - - sap_ha_pacemaker_cluster_stonith_default is defined - - sap_ha_pacemaker_cluster_stonith_default | length > 0 + - __sap_ha_pacemaker_cluster_stonith_default is defined + - __sap_ha_pacemaker_cluster_stonith_default | length > 0 - sap_ha_pacemaker_cluster_stonith_custom is not defined - - __stonith_resource_element.id not in (__sap_ha_pacemaker_cluster_stonith_resource | default([])| map(attribute='id')) + or sap_ha_pacemaker_cluster_stonith_custom | length == 0 + - (hostvars[stonith_host_item].__sap_ha_pacemaker_cluster_stonith_default).id + not in (__sap_ha_pacemaker_cluster_stonith_resource | default([])| map(attribute='id')) ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_stonith_resource: "{{ __sap_ha_pacemaker_cluster_stonith_resource | default([]) + [__stonith_resource_element] }}" - vars: - __stonith_resource_element: - id: "{{ sap_ha_pacemaker_cluster_stonith_default.id + __plug_suffix }}" - agent: "{{ sap_ha_pacemaker_cluster_stonith_default.agent }}" - instance_attrs: - - attrs: >- - {% set attrs = [] -%} - {% if __sap_ha_pacemaker_cluster_pcmk_host_map | length > 0 -%} - {% set map = attrs.extend([ - { - 'name': 'pcmk_host_map', - 'value': __sap_ha_pacemaker_cluster_pcmk_host_map - }]) -%} - {%- else -%} - {% set map = attrs.extend([ - { - 'name': 'plug', - 'value': stonith_host_item - }]) -%} - {%- endif %} - {%- if sap_ha_pacemaker_cluster_stonith_default.options is defined - and sap_ha_pacemaker_cluster_stonith_default.options | length > 0 -%} - {%- for agent_opt in (sap_ha_pacemaker_cluster_stonith_default.options | default({}) | dict2items) -%} - {% set aopts = attrs.extend([ - { - 'name': agent_opt.key, - 'value': agent_opt.value - }]) -%} - {%- endfor %} - {%- endif -%} - {{ attrs }} - - __plug_suffix: >- - {%- if __sap_ha_pacemaker_cluster_pcmk_host_map | length == 0 -%} - _{{ stonith_host_item }} - {%- else %}{% endif -%} - + __sap_ha_pacemaker_cluster_stonith_resource: + "{{ __sap_ha_pacemaker_cluster_stonith_resource | default([]) + + [hostvars[stonith_host_item].__sap_ha_pacemaker_cluster_stonith_default] }}" loop: "{{ ansible_play_hosts_all }}" loop_control: loop_var: stonith_host_item label: "{{ stonith_host_item }}" +# Requirements to run SBD block: +# sap_ha_pacemaker_cluster_sbd_enabled is true +# sap_ha_pacemaker_cluster_sbd_devices is defined, list and not empty +# sap_ha_pacemaker_cluster_stonith_custom is defined, list and not empty +# __sap_ha_pacemaker_cluster_sbd_enabled is not defined +- name: "SAP HA Prepare Pacemaker - (STONITH SBD) Prepare SBD configuration" + when: + - sap_ha_pacemaker_cluster_sbd_enabled is defined + and sap_ha_pacemaker_cluster_sbd_enabled + - sap_ha_pacemaker_cluster_sbd_devices is defined + and sap_ha_pacemaker_cluster_sbd_devices | length > 0 + and sap_ha_pacemaker_cluster_sbd_devices is iterable + and sap_ha_pacemaker_cluster_sbd_devices is not string + - sap_ha_pacemaker_cluster_stonith_custom is defined + and sap_ha_pacemaker_cluster_stonith_custom | length > 0 + and sap_ha_pacemaker_cluster_stonith_custom is iterable + and sap_ha_pacemaker_cluster_stonith_custom is not string + - __sap_ha_pacemaker_cluster_sbd_enabled is not defined + block: + # Create sbd_options for ha_cluster_sbd_options when + # ha_cluster_sbd_options is not defined or it is empty or not List + # ha_cluster_sbd_options is defined but it does not contain required startmode + - name: "SAP HA Prepare Pacemaker - (STONITH SBD) Create sbd_options" + when: + - not sap_ha_pacemaker_cluster_sbd_options is defined + or sap_ha_pacemaker_cluster_sbd_options | length == 0 + or not sap_ha_pacemaker_cluster_sbd_options is iterable + or (sap_ha_pacemaker_cluster_sbd_options is defined + and sap_ha_pacemaker_cluster_sbd_options | selectattr('name', 'equalto', 'startmode') | list | length == 0) + # Skip if startmode is already present + - not (sap_ha_pacemaker_cluster_sbd_options is defined + and sap_ha_pacemaker_cluster_sbd_options | selectattr('name', 'equalto', 'startmode') | list | length > 0) + # Skip if ha_cluster_sbd_options are provided + - __sap_ha_pacemaker_cluster_sbd_options is not defined + or __sap_ha_pacemaker_cluster_sbd_options | length == 0 + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_sbd_options: >- + {%- if sap_ha_pacemaker_cluster_sbd_options is defined + and (sap_ha_pacemaker_cluster_sbd_options | selectattr('name', 'equalto', 'startmode') | list | length == 0) -%} + {{ sap_ha_pacemaker_cluster_sbd_options + [{'name': 'startmode', 'value': __sbd_startmode}]}} + {%- else -%} + {{ [{'name': 'startmode', 'value': __sbd_startmode}] }} + {%- endif -%} + vars: + __sbd_startmode: "{{ 'clean' if sap_ha_pacemaker_cluster_host_type | select('search', 'hana') | length > 0 else 'always' }}" + -- name: "SAP HA Prepare Pacemaker - (STONITH) Assemble the resources from custom definition" + # Create dictionary with SBD specific parameters for ha_cluster + # Omit parameters if they are already present in provided dictionary sap_ha_pacemaker_cluster_ha_cluster + - name: "SAP HA Prepare Pacemaker - (STONITH SBD) Create ha_cluster parameters for SBD" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_ha_cluster_stonith: >- + {{ + dict( + sbd_devices=(sap_ha_pacemaker_cluster_sbd_devices if sap_ha_pacemaker_cluster_sbd_devices is defined + and sap_ha_pacemaker_cluster_sbd_devices | length > 0 and not __sap_ha_pacemaker_cluster_ha_cluster_sbd_devices_exists + else omit), + sbd_watchdog=(sap_ha_pacemaker_cluster_sbd_watchdog if sap_ha_pacemaker_cluster_sbd_watchdog is defined + and sap_ha_pacemaker_cluster_sbd_watchdog | length > 0 and not __sap_ha_pacemaker_cluster_ha_cluster_sbd_watchdog_exists + else omit), + sbd_watchdog_modules=(sap_ha_pacemaker_cluster_sbd_watchdog_modules + if sap_ha_pacemaker_cluster_sbd_watchdog_modules is defined + and sap_ha_pacemaker_cluster_sbd_watchdog_modules | length > 0 + and not __sap_ha_pacemaker_cluster_ha_cluster_sbd_watchdog_modules_exists + else omit) + ) + }} + vars: + # Detect if parameters were already provided in sap_ha_pacemaker_cluster_ha_cluster + __sap_ha_pacemaker_cluster_ha_cluster_sbd_devices_exists: + "{{ true if __sap_ha_pacemaker_cluster_ha_cluster is defined + and __sap_ha_pacemaker_cluster_ha_cluster.sbd_devices is defined + and __sap_ha_pacemaker_cluster_ha_cluster.sbd_devices | length > 0 + and __sap_ha_pacemaker_cluster_ha_cluster.sbd_devices is iterable else false }}" + __sap_ha_pacemaker_cluster_ha_cluster_sbd_watchdog_exists: + "{{ true if __sap_ha_pacemaker_cluster_ha_cluster is defined + and __sap_ha_pacemaker_cluster_ha_cluster.sbd_watchdog is defined + and __sap_ha_pacemaker_cluster_ha_cluster.sbd_watchdog | length > 0 else false }}" + __sap_ha_pacemaker_cluster_ha_cluster_sbd_watchdog_modules_exists: + "{{ true if __sap_ha_pacemaker_cluster_ha_cluster is defined + and __sap_ha_pacemaker_cluster_ha_cluster.sbd_watchdog_modules is defined + and __sap_ha_pacemaker_cluster_ha_cluster.sbd_watchdog_modules | length > 0 + and __sap_ha_pacemaker_cluster_ha_cluster.sbd_watchdog_modules is iterable else false }}" + + + - name: "SAP HA Prepare Pacemaker - (STONITH SBD) Include sbd fence agent" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_fence_agent_packages: + "{{ __sap_ha_pacemaker_cluster_fence_agent_packages + ['sbd'] }}" + + - name: "SAP HA Prepare Pacemaker - (STONITH SBD) Set __sap_ha_pacemaker_cluster_sbd_enabled" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_sbd_enabled: true + + +# sap_ha_pacemaker_cluster_stonith_custom input was redesigned to use ha_cluster structure. +# Following task will remain until next release to ensure compatibility with previous structure. + +# TODO: Remove Tech debt task in future release, once options and name are no longer supported. +- name: "SAP HA Prepare Pacemaker - (STONITH) Assemble the resources from custom definition - Legacy" when: - sap_ha_pacemaker_cluster_stonith_custom is defined + and sap_ha_pacemaker_cluster_stonith_custom | length > 0 + and sap_ha_pacemaker_cluster_stonith_custom is iterable + and sap_ha_pacemaker_cluster_stonith_custom is not string + # Tech Debt: Execute only if name and options are provided, previously required parameters. + - stonith_item.name is defined and stonith_item.name | length > 0 + and stonith_item.options is defined and stonith_item.options | length > 0 + # Keep following conditional after removing Tech Debt - __stonith_resource_element.id not in (__sap_ha_pacemaker_cluster_stonith_resource | default([]) | map(attribute='id')) ansible.builtin.set_fact: __sap_ha_pacemaker_cluster_stonith_resource: "{{ __sap_ha_pacemaker_cluster_stonith_resource | default([]) + [__stonith_resource_element] }}" vars: __stonith_resource_element: - id: "res_{{ item.name }}" - agent: "{{ item.agent }}" + # Ensure that resource name conforms with naming convention rsc_ + id: "{{ stonith_item.name if stonith_item.name.startswith('rsc_') else 'rsc_' ~ stonith_item.name }}" # "rsc_{{ stonith_item.name }}" + agent: "{{ stonith_item.agent }}" instance_attrs: - attrs: |- {% set attrs = [] -%} - {%- for option in (item.options | dict2items) -%} + {%- for option in (stonith_item.options | dict2items) -%} {% set aopts = attrs.extend([ { 'name': option.key, @@ -174,7 +240,25 @@ {{ attrs }} loop: "{{ sap_ha_pacemaker_cluster_stonith_custom }}" loop_control: - label: "{{ item.name }}" + label: "{{ stonith_item.name if stonith_item.name is defined else stonith_item.id }}" + loop_var: stonith_item + + +- name: "SAP HA Prepare Pacemaker - (STONITH) Assemble the resources from custom definition" + when: + - sap_ha_pacemaker_cluster_stonith_custom is defined + and sap_ha_pacemaker_cluster_stonith_custom | length > 0 + and sap_ha_pacemaker_cluster_stonith_custom is iterable + and sap_ha_pacemaker_cluster_stonith_custom is not string + - stonith_item.id is defined and stonith_item.id | length > 0 + - stonith_item.id not in (__sap_ha_pacemaker_cluster_stonith_resource | default([]) | map(attribute='id')) + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_stonith_resource: + "{{ __sap_ha_pacemaker_cluster_stonith_resource | default([]) + [stonith_item] }}" + loop: "{{ sap_ha_pacemaker_cluster_stonith_custom }}" + loop_control: + label: "{{ stonith_item.name if stonith_item.name is defined else stonith_item.id }}" + loop_var: stonith_item # The STONITH resource is an element in the cluster_resource_primitives list @@ -188,4 +272,4 @@ + (__sap_ha_pacemaker_cluster_stonith_resource | from_yaml) }} - no_log: true # stonith resources usually contain secrets + no_log: true # stonith resources can contain secrets diff --git a/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml b/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml index f0905e1a6..c2fa67448 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml @@ -101,3 +101,18 @@ when: ha_cluster_totem is defined ansible.builtin.set_fact: __sap_ha_pacemaker_cluster_corosync_totem: "{{ ha_cluster_totem }}" + +# ha_cluster_sbd_options +- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_sbd_options'" + when: + - ha_cluster_sbd_options is defined + and ha_cluster_sbd_options | length > 0 + and ha_cluster_sbd_options is iterable + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_sbd_options: "{{ ha_cluster_sbd_options }}" + +# ha_cluster_sbd_enabled +- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_sbd_enabled'" + when: ha_cluster_sbd_enabled is defined and ha_cluster_sbd_enabled | bool + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_sbd_enabled: "{{ ha_cluster_sbd_enabled }}" diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/preconfigure_cloud_aws_ec2_vs.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/preconfigure_cloud_aws_ec2_vs.yml index c4f90bce1..1165a0a0f 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/preconfigure_cloud_aws_ec2_vs.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/preconfigure_cloud_aws_ec2_vs.yml @@ -20,7 +20,16 @@ owner: root path: /root/.aws/config +# New variable to disable default saving of AWS credentials file. +# Reason: It overrides attached IAM Role or IAM Instance Profile. - name: "SAP HA Prepare Pacemaker - AWS EC2 VS - Store awscli credentials" + when: + - sap_ha_pacemaker_cluster_aws_credentials_setup is defined + and sap_ha_pacemaker_cluster_aws_credentials_setup + - sap_ha_pacemaker_cluster_aws_access_key_id is defined + and sap_ha_pacemaker_cluster_aws_access_key_id | length > 0 + - sap_ha_pacemaker_cluster_aws_secret_access_key is defined + and sap_ha_pacemaker_cluster_aws_secret_access_key | length > 0 ansible.builtin.blockinfile: backup: true block: | @@ -32,3 +41,20 @@ owner: root path: /root/.aws/credentials no_log: true + +# Notification about dependency on IAM Attachment if +# sap_ha_pacemaker_cluster_aws_credentials_setup is not set to true +- name: "SAP HA Prepare Pacemaker - AWS EC2 VS - awscli credentials warning" + when: + - sap_ha_pacemaker_cluster_aws_credentials_setup is not defined + or (sap_ha_pacemaker_cluster_aws_credentials_setup is defined + and not sap_ha_pacemaker_cluster_aws_credentials_setup) + ansible.builtin.debug: + msg: "{{ __awscli_message.splitlines() }}" + vars: + __awscli_message: | + Notification: AWS CLI credentials were not stored because the variable + sap_ha_pacemaker_cluster_aws_credentials_setup is not defined or it is not true. + + Please ensure that your instances have IAM Role or Instance Profile attached, per AWS documentation + You can ignore this message if provisioning was completed using community.sap_infrastructure. diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_aws_ec2_vs.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_aws_ec2_vs.yml index 6a11f22e2..b00659f1c 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_aws_ec2_vs.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_aws_ec2_vs.yml @@ -4,37 +4,219 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: - "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_aws | default([]) }}" +# Package definition +__sap_ha_pacemaker_cluster_fence_agent_packages_platform: + "{{ __sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_aws_ec2_vs | default([]) }}" __sap_ha_pacemaker_cluster_platform_extra_packages: - "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_aws | default([]) }}" + "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_aws_ec2_vs | default([]) }}" __sap_ha_pacemaker_cluster_repos: - - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms" - name: High Availability - -# Predefine -__sap_ha_pacemaker_cluster_aws_instances: [] - -# When aws credentials and region are not defined it will -# default to using the aws cli configuration. -# The aws cli is currently configured anyway for the standard AWS VIP resource. -sap_ha_pacemaker_cluster_stonith_default: - id: "rsc_fence_aws" - # SUSE officially supports only stonith:external/ec2 for AWS. - agent: "{{ 'stonith:fence_aws' if ansible_os_family != 'Suse' else 'stonith:external/ec2' }}" - options: - # Fencing action delay is recommended. Default: 0 - pcmk_delay_max: "{{ 0 if ansible_os_family != 'Suse' else 15 }}" -# access_key: "{{ sap_ha_pacemaker_cluster_aws_access_key_id }}" -# secret_key: "{{ sap_ha_pacemaker_cluster_aws_secret_access_key }}" -# region: "{{ sap_ha_pacemaker_cluster_aws_region }}" + "{{ __sap_ha_pacemaker_cluster_repos_dict.cloud_aws_ec2_vs | default([]) }}" + + +# Stonith dictionary for default stonith agents. +# Custom stonith resource can be defined using sap_ha_pacemaker_cluster_stonith_custom +# Documentation sources: +# HANA: +# SLES: https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-stonith-device.html +# RHEL: https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-resources-1.html +# NWAS: +# SLES: https://docs.aws.amazon.com/sap/latest/sap-netweaver/sles-netweaver-ha-cluster-resources.html#create-stonith +# RHEL: https://docs.aws.amazon.com/sap/latest/sap-netweaver/rhel-netweaver-ha-cluster-resources.html#create-stonith + +__sap_ha_pacemaker_cluster_stonith_default_dict: + redhat_hana: + id: "rsc_fence_aws" + agent: "stonith:fence_aws" + instance_attrs: + - attrs: + # String of cluster hosts defined in include_vars_platform + - name: pcmk_host_map + value: "{{ __sap_ha_pacemaker_cluster_pcmk_host_map }}" + - name: pcmk_delay_max + value: 45 + - name: power_timeout + value: 600 + # It is recommended to disable default reboot action for Production environment or when manual investigation is required. + - name: pcmk_reboot_action + value: 'off' + - name: pcmk_reboot_timeout + value: 600 + - name: pcmk_reboot_retries + value: 4 + # AWS Credentials are not defined here, because they override attached + # IAM Role or IAM Instance Profile + # - name: access_key + # value: "{{ sap_ha_pacemaker_cluster_aws_access_key_id }}" + # - name: secret_key + # value: "{{ sap_ha_pacemaker_cluster_aws_secret_access_key }}" + # - name: region + # value: "{{ sap_ha_pacemaker_cluster_aws_region }}" + operations: + - action: start + attrs: + - name: timeout + value: 600 + - action: monitor + attrs: + - name: interval + value: 300 + - name: timeout + value: 60 + + redhat_nwas: + id: "rsc_fence_aws" + agent: "stonith:fence_aws" + instance_attrs: + - attrs: + # String of cluster hosts defined in include_vars_platform + - name: pcmk_host_map + value: "{{ __sap_ha_pacemaker_cluster_pcmk_host_map }}" + - name: pcmk_delay_max + value: 30 + - name: power_timeout + value: 240 + # It is recommended to disable default reboot action for Production environment or when manual investigation is required. + - name: pcmk_reboot_action + value: 'off' + - name: pcmk_reboot_timeout + value: 300 + - name: pcmk_reboot_retries + value: 2 + operations: + - action: start + attrs: + - name: timeout + value: 180 + - action: stop + attrs: + - name: timeout + value: 180 + - action: monitor + attrs: + - name: interval + value: 180 + - name: timeout + value: 60 + + # SUSE Recommends stonith:external/ec2 instead of fence_aws + suse_hana: + id: "rsc_fence_aws" + agent: "stonith:external/ec2" + instance_attrs: + - attrs: + - name: pcmk_delay_max + value: 45 + - name: tag + value: "pacemaker" # tag instance with pacemaker: {{ ansible_hostname }} + # Use AWS config profile if AWS credentials are used. + # - name: profile + # value: cluster + meta_attrs: + - attrs: + - name: target-role + value: Started + operations: + - action: start + attrs: + - name: interval + value: 0 + - name: timeout + value: 180 + - action: stop + attrs: + - name: interval + value: 0 + - name: timeout + value: 180 + - action: monitor + attrs: + - name: interval + value: 120 + - name: timeout + value: 60 + + suse_nwas: + id: "rsc_fence_aws" + agent: "stonith:external/ec2" + instance_attrs: + - attrs: + - name: pcmk_delay_max + value: 30 + - name: tag + value: "pacemaker" # tag instance with pacemaker: {{ ansible_hostname }} + # Use AWS config profile if AWS credentials are used. + # - name: profile + # value: cluster + meta_attrs: + - attrs: + - name: target-role + value: Started + operations: + - action: start + attrs: + - name: interval + value: 0 + - name: timeout + value: 180 + - action: stop + attrs: + - name: interval + value: 0 + - name: timeout + value: 180 + - action: monitor + attrs: + - name: interval + value: 120 + - name: timeout + value: 60 + +# Select __sap_ha_pacemaker_cluster_stonith_default +__sap_ha_pacemaker_cluster_stonith_default: + "{{ __sap_ha_pacemaker_cluster_stonith_default_dict[ansible_os_family | lower ~ '_hana'] + if sap_ha_pacemaker_cluster_host_type | select('search', 'hana') | length > 0 + else __sap_ha_pacemaker_cluster_stonith_default_dict[ansible_os_family | lower ~ '_nwas'] }}" + # Default corosync options - Platform specific +# These options combined with __sap_ha_pacemaker_cluster_corosync_totem_default (Same options are overwritten). +# Documentation sources: +# HANA: +# SLES: https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file +# https://documentation.suse.com/sbp/sap-15/html/SLES4SAP-hana-sr-guide-perfopt-15-aws/index.html#id-example-for-etccorosynccorosync-conf +# RHEL: https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration-1.html#sap-hana-on-aws-corosync-increase +# NWAS: +# SLES: https://docs.aws.amazon.com/sap/latest/sap-netweaver/sap-netweaver-ha-setup.html#associations +# RHEL: https://docs.aws.amazon.com/sap/latest/sap-netweaver/rhel-sap-netweaver-ha-setup.html#associations +__sap_ha_pacemaker_cluster_corosync_totem_platform_dict: + redhat_hana: + options: + token: 30000 + + redhat_nwas: + options: + token: 30000 + + suse_hana: + options: + token: 30000 + consensus: 36000 + token_retransmits_before_loss_const: 6 + clear_node_high_bit: 'yes' + + suse_nwas: + options: + token: 30000 + consensus: 36000 + clear_node_high_bit: 'yes' + __sap_ha_pacemaker_cluster_corosync_totem_platform: - options: - token: 30000 + "{{ __sap_ha_pacemaker_cluster_corosync_totem_platform_dict[ansible_os_family | lower ~ '_hana'] + if sap_ha_pacemaker_cluster_host_type | select('search', 'hana') | length > 0 + else __sap_ha_pacemaker_cluster_corosync_totem_platform_dict[ansible_os_family | lower ~ '_nwas'] }}" + # Platform specific VIP handling sap_ha_pacemaker_cluster_vip_method: aws_vpc_move_ip diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml index 24f7e4f79..cb38f9e5d 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml @@ -4,32 +4,91 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: - "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_gcp | default([]) }}" +__sap_ha_pacemaker_cluster_fence_agent_packages_platform: + "{{ __sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_gcp_ce_vm | default([]) }}" __sap_ha_pacemaker_cluster_platform_extra_packages: - "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_gcp | default([]) }}" + "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_gcp_ce_vm | default([]) }}" __sap_ha_pacemaker_cluster_repos: - - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms" - name: High Availability - -# Predefine -__sap_ha_pacemaker_cluster_gcp_hosts: [] - -sap_ha_pacemaker_cluster_stonith_default: - id: "res_fence_gce" - agent: "stonith:fence_gce" - options: - project: "{{ sap_ha_pacemaker_cluster_gcp_project }}" - zone: "{{ sap_ha_pacemaker_cluster_gcp_region_zone }}" - pcmk_reboot_timeout: 300 - pcmk_monitor_retries: 4 - pcmk_delay_max: 30 + "{{ __sap_ha_pacemaker_cluster_repos_dict.cloud_gcp_ce_vm | default([]) }}" + + +# Stonith dictionary for default stonith agents. +# Custom stonith resource can be defined using sap_ha_pacemaker_cluster_stonith_custom +# Documentation sources: +# HANA: +# SLES: https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#set_up_fencing +# RHEL: https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-rhel#set_up_fencing +# NWAS: +# SLES: https://cloud.google.com/solutions/sap/docs/netweaver-ha-config-sles#set_up_fencing +# RHEL: https://cloud.google.com/solutions/sap/docs/netweaver-ha-config-rhel#set_up_fencing +# NOTE: fence_gce parameters are identical across all listed documents. + +__sap_ha_pacemaker_cluster_stonith_default_dict: + generic: + # fence_gce agent is created for every host in cluster + id: "rsc_fence_gce_{{ ansible_hostname }}" + agent: "stonith:fence_gce" + instance_attrs: + - attrs: + # GCP does not use pcmk_host_map, instead it specifies port + # fence_gce supports plug parameter, but all documentations mention only port. + - name: port + value: "{{ ansible_hostname }}" + + - name: project + value: "{{ sap_ha_pacemaker_cluster_gcp_project }}" + - name: zone + value: "{{ sap_ha_pacemaker_cluster_gcp_region_zone }}" + - name: pcmk_delay_max + value: 30 + - name: pcmk_monitor_retries + value: 4 + - name: pcmk_reboot_timeout + value: 300 + operations: + - action: start + attrs: + - name: interval + value: 0 + - name: timeout + value: 60 + - action: monitor + attrs: + - name: interval + value: 300 + - name: timeout + value: 120 + +# Select __sap_ha_pacemaker_cluster_stonith_default +__sap_ha_pacemaker_cluster_stonith_default: + "{{ __sap_ha_pacemaker_cluster_stonith_default_dict.generic }}" + + +# Default corosync options - Platform specific +# These options combined with __sap_ha_pacemaker_cluster_corosync_totem_default (Same options are overwritten). +# Documentation sources: +# HANA: +# SLES: https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files +# RHEL: https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-rhel#edit_the_corosyncconf_default_settings +# NWAS: +# SLES: https://cloud.google.com/solutions/sap/docs/netweaver-ha-config-sles#create_the_corosync_configuration_files +# RHEL: https://cloud.google.com/solutions/sap/docs/netweaver-ha-config-rhel#update_the_corosync_configuration_files +__sap_ha_pacemaker_cluster_corosync_totem_platform_dict: + redhat: + options: + token: 20000 + token_retransmits_before_loss_const: 10 + join: 60 + max_messages: 20 + suse: + options: + token: 20000 + +__sap_ha_pacemaker_cluster_corosync_totem_platform: + "{{ __sap_ha_pacemaker_cluster_corosync_totem_platform_dict[ansible_os_family | lower] }}" -# Platform specific VIP handling -sap_ha_pacemaker_cluster_vip_method: gcp_nlb_reserved_ip_haproxy # gcp_vpc_move_route -sap_ha_pacemaker_cluster_vip_group_prefix: group_ # GCP needs haproxy and ports defined sap_ha_pacemaker_cluster_healthcheck_hana_primary_port: "620{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" @@ -42,13 +101,10 @@ sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ers_port: "620{{ sap_ha_pacemaker sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_port: "620{{ sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr }}" sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_port: "620{{ sap_ha_pacemaker_cluster_nwas_abap_aas_instance_nr }}" -# Default corosync options - Platform specific -__sap_ha_pacemaker_cluster_corosync_totem_platform: - options: - token: 20000 - token_retransmits_before_loss_const: 10 - join: 60 - max_messages: 20 + +# Platform specific VIP handling +sap_ha_pacemaker_cluster_vip_method: gcp_nlb_reserved_ip_haproxy # gcp_vpc_move_route +sap_ha_pacemaker_cluster_vip_group_prefix: group_ __sap_ha_pacemaker_cluster_available_vip_agents: diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_powervs.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_powervs.yml index ec31fda05..a1314928a 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_powervs.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_powervs.yml @@ -4,50 +4,73 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: - "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_ibmcloud_powervs | default([]) }}" +__sap_ha_pacemaker_cluster_fence_agent_packages_platform: + "{{ __sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_ibmcloud_powervs | default([]) }}" __sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_ibmcloud_powervs | default([]) }}" __sap_ha_pacemaker_cluster_repos: - - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" - name: High Availability E4S (4-Year) for Power, little endian -# - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-eus-rpms" -# name: High Availability EUS (2-Year) for Power, little endian -# - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-rpms" -# name: High Availability for Power, little endian - -# Predefine -__sap_ha_pacemaker_cluster_ibmcloud_powervs_hosts: [] - - -sap_ha_pacemaker_cluster_stonith_default: - id: "res_fence_ibm_powervs" - agent: "stonith:fence_ibm_powervs" - options: - token: "{{ sap_ha_pacemaker_cluster_ibmcloud_api_key }}" - region: "{{ sap_ha_pacemaker_cluster_ibmcloud_region }}" - crn: "{{ sap_ha_pacemaker_cluster_ibmcloud_powervs_workspace_crn }}" - - # Identified during execution initial tasks, populated when variables are imported - instance: "{{ sap_ha_pacemaker_cluster_ibmcloud_powervs_workspace_guid }}" - - # Identified during execution initial tasks, populated when variables are imported. - # Unnecessary when using pcmk_host_map. Identified during execution initial tasks, populated when variables are imported - # plug: "{{ sap_ha_pacemaker_cluster_ibmcloud_powervs_instance_id }}" - - # Dependent on network interface attachments, if no public network interface - # then 'private' value must be provided. - api-type: "{{ sap_ha_pacemaker_cluster_ibmcloud_powervs_api_type | default('public') }}" - - # Dependent on network interface attachments, if no public network interface - # then a valid HTTP Proxy URL value must be provided. - proxy: "{{ sap_ha_pacemaker_cluster_ibmcloud_powervs_forward_proxy_url | default('') }}" - - pcmk_reboot_timeout: 600 - pcmk_monitor_timeout: 600 - pcmk_status_timeout: 60 + "{{ __sap_ha_pacemaker_cluster_repos_dict.cloud_ibmcloud_powervs | default([]) }}" + + +# Stonith dictionary for default stonith agents. +# Custom stonith resource can be defined using sap_ha_pacemaker_cluster_stonith_custom +__sap_ha_pacemaker_cluster_stonith_default_dict: + generic: + id: "rsc_fence_ibm_powervs" + agent: "stonith:fence_ibm_powervs" + instance_attrs: + - attrs: + - name: token + value: "{{ sap_ha_pacemaker_cluster_ibmcloud_api_key }}" + - name: region + value: "{{ sap_ha_pacemaker_cluster_ibmcloud_region }}" + - name: crn + value: "{{ sap_ha_pacemaker_cluster_ibmcloud_powervs_workspace_crn }}" + + # Identified during execution initial tasks, populated when variables are imported + - name: instance + value: "{{ sap_ha_pacemaker_cluster_ibmcloud_powervs_workspace_guid }}" + + # Identified during execution initial tasks, populated when variables are imported. + # Unnecessary when using pcmk_host_map. Identified during execution initial tasks, populated when variables are imported + # plug: "{{ sap_ha_pacemaker_cluster_ibmcloud_powervs_instance_id }}" + + # Dependent on network interface attachments, if no public network interface + # then 'private' value must be provided. + - name: api-type + value: "{{ sap_ha_pacemaker_cluster_ibmcloud_powervs_api_type | default('public') }}" + + # Dependent on network interface attachments, if no public network interface + # then a valid HTTP Proxy URL value must be provided. + - name: proxy + value: "{{ sap_ha_pacemaker_cluster_ibmcloud_powervs_forward_proxy_url | default('') }}" + + # String of cluster hosts defined in include_vars_platform + - name: pcmk_host_map + value: "{{ __sap_ha_pacemaker_cluster_pcmk_host_map }}" + - name: pcmk_reboot_timeout + value: 600 + - name: pcmk_monitor_timeout + value: 600 + - name: pcmk_status_timeout + value: 60 + +# Select __sap_ha_pacemaker_cluster_stonith_default +__sap_ha_pacemaker_cluster_stonith_default: + "{{ __sap_ha_pacemaker_cluster_stonith_default_dict.generic }}" + + +# Default corosync options - Platform specific +# These options combined with __sap_ha_pacemaker_cluster_corosync_totem_default (Same options are overwritten). +__sap_ha_pacemaker_cluster_corosync_totem_platform_dict: + generic: + options: + token: 30000 + +__sap_ha_pacemaker_cluster_corosync_totem_platform: + "{{ __sap_ha_pacemaker_cluster_corosync_totem_platform_dict.generic }}" # Platform specific VIP handling diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_vs.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_vs.yml index 81e13f417..c058300a9 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_vs.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_vs.yml @@ -4,30 +4,50 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: - "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_ibmcloud_vs | default([]) }}" +__sap_ha_pacemaker_cluster_fence_agent_packages_platform: + "{{ __sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_ibmcloud_vs | default([]) }}" __sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_ibmcloud_vs | default([]) }}" __sap_ha_pacemaker_cluster_repos: - - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" - name: High Availability E4S (4-Year) -# - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-eus-rpms" -# name: High Availability EUS (2-Year) -# - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-rpms" -# name: High Availability - -# Predefine -__sap_ha_pacemaker_cluster_ibmcloud_hosts: [] - -sap_ha_pacemaker_cluster_stonith_default: - id: "res_fence_ibm_vpc" - agent: "stonith:fence_ibm_vpc" - options: - apikey: "{{ sap_ha_pacemaker_cluster_ibmcloud_api_key }}" - region: "{{ sap_ha_pacemaker_cluster_ibmcloud_region }}" - pcmk_monitor_timeout: 600 + "{{ __sap_ha_pacemaker_cluster_repos_dict.cloud_ibmcloud_vs | default([]) }}" + + +# Stonith dictionary for default stonith agents. +# Custom stonith resource can be defined using sap_ha_pacemaker_cluster_stonith_custom +__sap_ha_pacemaker_cluster_stonith_default_dict: + generic: + id: "rsc_fence_ibm_vpc" + agent: "stonith:fence_ibm_vpc" + instance_attrs: + - attrs: + - name: apikey + value: "{{ sap_ha_pacemaker_cluster_ibmcloud_api_key }}" + - name: region + value: "{{ sap_ha_pacemaker_cluster_ibmcloud_region }}" + + # String of cluster hosts defined in include_vars_platform + - name: pcmk_host_map + value: "{{ __sap_ha_pacemaker_cluster_pcmk_host_map }}" + - name: pcmk_monitor_timeout + value: 600 + +# Select __sap_ha_pacemaker_cluster_stonith_default +__sap_ha_pacemaker_cluster_stonith_default: + "{{ __sap_ha_pacemaker_cluster_stonith_default_dict.generic }}" + + +# Default corosync options - Platform specific +# These options combined with __sap_ha_pacemaker_cluster_corosync_totem_default (Same options are overwritten). +__sap_ha_pacemaker_cluster_corosync_totem_platform_dict: + generic: + options: + token: 30000 + +__sap_ha_pacemaker_cluster_corosync_totem_platform: + "{{ __sap_ha_pacemaker_cluster_corosync_totem_platform_dict.generic }}" + # Platform specific VIP handling sap_ha_pacemaker_cluster_vip_method: ibmcloud_alb_haproxy diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_msazure_vm.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_msazure_vm.yml index a94c1bfcb..875dbd721 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_msazure_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_msazure_vm.yml @@ -7,34 +7,115 @@ # The packages of the following lists will be installed by the 'ha_cluster' Linux System Role. # Any packages that are pre-requisites for variable construction must be installed before, e.g. # in the preconfigure-* tasks. -sap_ha_pacemaker_cluster_fence_agent_packages: - "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_msazure_vm | default([]) }}" +__sap_ha_pacemaker_cluster_fence_agent_packages_platform: + "{{ __sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_msazure_vm | default([]) }}" __sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_msazure_vm | default([]) }}" __sap_ha_pacemaker_cluster_repos: - - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms" - name: High Availability - - id: "rhui-microsoft-azure-rhel8-sap-ha" - name: Microsoft Azure RPMs for Red Hat Enterprise Linux 8 (rhel8-sap-ha) - -# Predefine -__sap_ha_pacemaker_cluster_msazure_hosts: [] - -# Fencing via MS Azure Managed Service Identity (MSI) per cluster node -sap_ha_pacemaker_cluster_stonith_default: - id: "res_fence_azure_arm" - agent: "stonith:fence_azure_arm" - options: - msi: true - subscriptionId: "{{ sap_ha_pacemaker_cluster_msazure_subscription_id }}" - resourceGroup: "{{ sap_ha_pacemaker_cluster_msazure_resource_group }}" + "{{ __sap_ha_pacemaker_cluster_repos_dict.cloud_msazure_vm | default([]) }}" + + +# Stonith dictionary for default stonith agents. +# Custom stonith resource can be defined using sap_ha_pacemaker_cluster_stonith_custom +# Documentation sources: +# HANA: +# SLES: https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker?tabs=msi#create-a-fencing-device-on-the-pacemaker-cluster +# RHEL: https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-rhel-pacemaker?tabs=msi#azure-fence-agent-as-fencing-device +# NWAS: +# NOTE: There is no separate documentation for NWAS stonith setup. + +__sap_ha_pacemaker_cluster_stonith_default_dict: + redhat: + id: "rsc_fence_azure_arm" + agent: "stonith:fence_azure_arm" + instance_attrs: + - attrs: + - name: msi + value: true + - name: subscriptionId + value: "{{ sap_ha_pacemaker_cluster_msazure_subscription_id }}" + - name: resourceGroup + value: "{{ sap_ha_pacemaker_cluster_msazure_resource_group }}" + + # String of cluster hosts defined in include_vars_platform + - name: pcmk_host_map + value: "{{ __sap_ha_pacemaker_cluster_pcmk_host_map }}" + - name: pcmk_action_limit + value: 3 + - name: pcmk_delay_max + value: 15 + - name: pcmk_monitor_retries + value: 4 + - name: pcmk_monitor_timeout + value: 120 + - name: pcmk_reboot_timeout + value: 900 + - name: power_timeout + value: 240 + operations: + - action: monitor + attrs: + - name: interval + value: 3600 + + suse: + id: "rsc_fence_azure_arm" + agent: "stonith:fence_azure_arm" + instance_attrs: + - attrs: + - name: msi + value: true + - name: subscriptionId + value: "{{ sap_ha_pacemaker_cluster_msazure_subscription_id }}" + - name: resourceGroup + value: "{{ sap_ha_pacemaker_cluster_msazure_resource_group }}" + + # String of cluster hosts defined in include_vars_platform + - name: pcmk_host_map + value: "{{ __sap_ha_pacemaker_cluster_pcmk_host_map }}" + - name: pcmk_action_limit + value: 3 + - name: pcmk_delay_max + value: 15 + - name: pcmk_monitor_retries + value: 4 + - name: pcmk_reboot_timeout + value: 900 + - name: power_timeout + value: 240 + operations: + - action: monitor + attrs: + - name: interval + value: 3600 + - name: timeout + value: 120 + +# Select __sap_ha_pacemaker_cluster_stonith_default +__sap_ha_pacemaker_cluster_stonith_default: + "{{ __sap_ha_pacemaker_cluster_stonith_default_dict[ansible_os_family | lower] }}" + # Default corosync options - Platform specific +# These options combined with __sap_ha_pacemaker_cluster_corosync_totem_default (Same options are overwritten). +# Documentation sources: +# SLES: https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker?tabs=msi#install-the-cluster 15.A +# RHEL: https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker?tabs=msi#install-the-cluster +# NOTE: Azure does not differentiate between HANA and ASCS pacemaker setup. +__sap_ha_pacemaker_cluster_corosync_totem_platform_dict: + redhat: + options: + token: 30000 + suse: + options: + token: 30000 + consensus: 36000 + __sap_ha_pacemaker_cluster_corosync_totem_platform: - options: - token: 30000 + "{{ __sap_ha_pacemaker_cluster_corosync_totem_platform_dict[ansible_os_family | lower] }}" + # Platform specific VIP handling sap_ha_pacemaker_cluster_vip_method: azure_lb diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_hyp_ibmpower_vm.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_hyp_ibmpower_vm.yml index d20cbd8b6..8410754ec 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_hyp_ibmpower_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_hyp_ibmpower_vm.yml @@ -4,44 +4,69 @@ # TODO: rename this file to match the actual "chassis_asset_tag" output # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: - "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.hyp_ibmpower_vm | default([]) }}" +__sap_ha_pacemaker_cluster_fence_agent_packages_platform: + "{{ __sap_ha_pacemaker_cluster_fence_agent_packages_dict.hyp_ibmpower_vm | default([]) }}" __sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.hyp_ibmpower_vm | default([]) }}" __sap_ha_pacemaker_cluster_repos: - - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" - name: High Availability E4S (4-Year) for Power, little endian -# - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-eus-rpms" -# name: High Availability EUS (2-Year) for Power, little endian -# - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-rpms" -# name: High Availability for Power, little endian - -# Predefine -__sap_ha_pacemaker_cluster_ibmpower_vm_hosts: [] - - -sap_ha_pacemaker_cluster_stonith_default: - id: "res_fence_lpar" - agent: "stonith:fence_lpar" - options: - ip: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host }}" - ipport: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_port }}" - username: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_login }}" - password: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_login_password }}" - hmc_version: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_version | default('4') }}" - managed: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_system_host_mtms }}" - # Identified during execution initial tasks, populated when variables are imported - - # plug: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_system_partition_name }}" - # Unnecessary when using pcmk_host_map. Identified during execution initial tasks, populated when variables are imported - - pcmk_reboot_retries: 4 - pcmk_reboot_timeout: 600 - pcmk_monitor_timeout: 600 - pcmk_status_timeout: 60 - power_timeout: 240 + "{{ __sap_ha_pacemaker_cluster_repos_dict.hyp_ibmpower_vm | default([]) }}" + + +# Stonith dictionary for default stonith agents. +# Custom stonith resource can be defined using sap_ha_pacemaker_cluster_stonith_custom +__sap_ha_pacemaker_cluster_stonith_default_dict: + generic: + id: "rsc_fence_lpar" + agent: "stonith:fence_lpar" + instance_attrs: + - attrs: + - name: ip + value: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host }}" + - name: ipport + value: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_port }}" + - name: username + value: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_login }}" + - name: password + value: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_login_password }}" + - name: hmc_version + value: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_version | default('4') }}" + - name: managed + value: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_system_host_mtms }}" + + # Identified during execution initial tasks, populated when variables are imported + + # plug: "{{ sap_ha_pacemaker_cluster_ibmpower_vm_hmc_system_partition_name }}" + # Unnecessary when using pcmk_host_map. Identified during execution initial tasks, populated when variables are imported + # String of cluster hosts defined in include_vars_platform + - name: pcmk_host_map + value: "{{ __sap_ha_pacemaker_cluster_pcmk_host_map }}" + - name: pcmk_reboot_retries + value: 4 + - name: pcmk_reboot_timeout + value: 600 + - name: pcmk_monitor_timeout + value: 600 + - name: pcmk_status_timeout + value: 60 + - name: power_timeout + value: 240 + +# Select __sap_ha_pacemaker_cluster_stonith_default +__sap_ha_pacemaker_cluster_stonith_default: + "{{ __sap_ha_pacemaker_cluster_stonith_default_dict.generic }}" + + +# Default corosync options - Platform specific +# These options combined with __sap_ha_pacemaker_cluster_corosync_totem_default (Same options are overwritten). +__sap_ha_pacemaker_cluster_corosync_totem_platform_dict: + generic: + options: + token: 30000 + +__sap_ha_pacemaker_cluster_corosync_totem_platform: + "{{ __sap_ha_pacemaker_cluster_corosync_totem_platform_dict.generic }}" # Platform specific VIP handling diff --git a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml index 82fafecf3..93e2d40a6 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml @@ -1,11 +1,46 @@ # SPDX-License-Identifier: Apache-2.0 --- -# Overwrite HA_CLUSTER repository ID to use E4S repository -# - an alternative logic could be to enable the repo before running ha_cluster +# Default repositories if platform does not override them. +# This selection does not affect imported __ha_cluster_repos due to precedence. __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" name: High Availability +# Dictionary with repos for each platform +__sap_ha_pacemaker_cluster_repos_dict: + cloud_aws_ec2_vs: + - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms" + name: High Availability + cloud_gcp_ce_vm: + - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms" + name: High Availability + cloud_ibmcloud_powervs: + - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" + name: High Availability E4S (4-Year) for Power, little endian + # - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-eus-rpms" + # name: High Availability EUS (2-Year) for Power, little endian + # - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-rpms" + # name: High Availability for Power, little endian + cloud_ibmcloud_vs: + - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" + name: High Availability E4S (4-Year) + # - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-eus-rpms" + # name: High Availability EUS (2-Year) + # - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-rpms" + # name: High Availability + cloud_msazure_vm: + - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms" + name: High Availability + - id: "rhui-microsoft-azure-rhel8-sap-ha" + name: Microsoft Azure RPMs for Red Hat Enterprise Linux 8 (rhel8-sap-ha) + hyp_ibmpower_vm: + - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" + name: High Availability E4S (4-Year) for Power, little endian + # - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-eus-rpms" + # name: High Availability EUS (2-Year) for Power, little endian + # - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-rpms" + # name: High Availability for Power, little endian + __sap_ha_pacemaker_cluster_halib_package: sap-cluster-connector # List of configuration lines that must be added to the instance profiles. @@ -28,14 +63,14 @@ __sap_ha_pacemaker_cluster_corosync_totem_default: # Make sure that there is always the minimal default fed into the included role. # This is combined with the custom list 'sap_ha_pacemaker_cluster_fence_agent_packages'. -sap_ha_pacemaker_cluster_fence_agent_minimal_packages: +__sap_ha_pacemaker_cluster_fence_agent_packages_minimal: - fence-agents-all # Dictionary with fence packages for each platform -sap_ha_pacemaker_cluster_fence_agent_packages_dict: - cloud_aws: +__sap_ha_pacemaker_cluster_fence_agent_packages_dict: + cloud_aws_ec2_vs: - fence-agents-aws - cloud_gcp: + cloud_gcp_ce_vm: - fence-agents-gce cloud_ibmcloud_powervs: - fence-agents-ibm-powervs @@ -48,9 +83,9 @@ sap_ha_pacemaker_cluster_fence_agent_packages_dict: # Dictionary with extra platform specific packages __sap_ha_pacemaker_cluster_platform_extra_packages_dict: - cloud_aws: + cloud_aws_ec2_vs: - awscli - cloud_gcp: + cloud_gcp_ce_vm: - resource-agents-gcp cloud_msazure_vm: - socat diff --git a/roles/sap_ha_pacemaker_cluster/vars/suse.yml b/roles/sap_ha_pacemaker_cluster/vars/suse.yml index e62d9389b..c72abff6b 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/suse.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/suse.yml @@ -1,5 +1,9 @@ # SPDX-License-Identifier: Apache-2.0 --- +# Default repositories are tied to subscription for SLES4SAP, no need to specify them. +# __sap_ha_pacemaker_cluster_repos: +# __sap_ha_pacemaker_cluster_repos_dict: + __sap_ha_pacemaker_cluster_halib_package: sap-suse-cluster-connector # List of configuration lines that must be added to the instance profiles. @@ -27,16 +31,20 @@ __sap_ha_pacemaker_cluster_corosync_totem_default: # Make sure that there is always the minimal default fed into the included role. # This is combined with the custom list 'sap_ha_pacemaker_cluster_fence_agent_packages'. -sap_ha_pacemaker_cluster_fence_agent_minimal_packages: +__sap_ha_pacemaker_cluster_fence_agent_packages_minimal: - fence-agents # Dictionary with fence packages for each platform -# fence-agents are defined in sap_ha_pacemaker_cluster_fence_agent_minimal_packages already. -# sap_ha_pacemaker_cluster_fence_agent_packages_dict: +# fence-agents are defined in __sap_ha_pacemaker_cluster_fence_agent_packages_minimal already. +__sap_ha_pacemaker_cluster_fence_agent_packages_dict: + # Separate agent because of https://www.suse.com/support/kb/doc/?id=000021504 + # This package is present in SLES4SAP 15 SP4 and higher + cloud_msazure_vm: + - fence-agents-azure-arm # Dictionary with extra platform specific packages __sap_ha_pacemaker_cluster_platform_extra_packages_dict: - cloud_aws: + cloud_aws_ec2_vs: - awscli cloud_msazure_vm: - socat @@ -121,6 +129,7 @@ __sap_ha_pacemaker_cluster_hook_hana_scaleout: [] __sap_ha_pacemaker_cluster_hook_hana_scaleout_angi: [] # Overwrite resource clone name for SAP HANA +# SAPHanaSR-angi uses different variables, so it applies only to classic HANA. sap_ha_pacemaker_cluster_hana_resource_clone_name: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_msl_name }}" diff --git a/roles/sap_hana_install/.yamllint.yml b/roles/sap_hana_install/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_hana_install/.yamllint.yml +++ b/roles/sap_hana_install/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/sap_hana_install/tasks/main.yml b/roles/sap_hana_install/tasks/main.yml index a695c9494..b9efc6398 100644 --- a/roles/sap_hana_install/tasks/main.yml +++ b/roles/sap_hana_install/tasks/main.yml @@ -10,6 +10,7 @@ sap_hana_install_restrict_max_mem: "{{ sap_hana_install_mem_restrict | d(sap_hana_install_restrict_max_mem) }}" tags: - sap_hana_install_check_hana_exists + - sap_hana_install_check_installation - sap_hana_install_preinstall - sap_hana_install_set_log_mode - sap_hana_install_configure_firewall diff --git a/roles/sap_hana_preconfigure/.yamllint.yml b/roles/sap_hana_preconfigure/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_hana_preconfigure/.yamllint.yml +++ b/roles/sap_hana_preconfigure/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/sap_hostagent/.yamllint.yml b/roles/sap_hostagent/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_hostagent/.yamllint.yml +++ b/roles/sap_hostagent/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/sap_install_media_detect/.yamllint.yml b/roles/sap_install_media_detect/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_install_media_detect/.yamllint.yml +++ b/roles/sap_install_media_detect/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/sap_install_media_detect/defaults/main.yml b/roles/sap_install_media_detect/defaults/main.yml index d832612ed..29277a7c0 100644 --- a/roles/sap_install_media_detect/defaults/main.yml +++ b/roles/sap_install_media_detect/defaults/main.yml @@ -1,6 +1,10 @@ # SPDX-License-Identifier: Apache-2.0 --- +# Set this parameter to `false` for skipping the handling of RAR files. In this case, also no unar or other RAR handling software +# will be installed. +sap_install_media_detect_rar_handling: true + # Set this parameter to use either the unar package from EPEL or another software package for handling RAR files. # Based on this setting, the commands for listing and extracting RAR files are being set in tasks/prepare/enable_rar_handling.yml sap_install_media_detect_rar_package: 'EPEL' diff --git a/roles/sap_install_media_detect/tasks/main.yml b/roles/sap_install_media_detect/tasks/main.yml index d98e06d35..2e46b9ac5 100644 --- a/roles/sap_install_media_detect/tasks/main.yml +++ b/roles/sap_install_media_detect/tasks/main.yml @@ -25,6 +25,7 @@ file: prepare/enable_rar_handling.yml apply: tags: sap_install_media_detect_rar_handling + when: sap_install_media_detect_rar_handling tags: sap_install_media_detect_rar_handling - name: SAP Install Media Detect - Prepare - Check directories @@ -95,6 +96,7 @@ tags: sap_install_media_detect_rar_handling tags: sap_install_media_detect_rar_handling when: + - sap_install_media_detect_rar_handling - sap_install_media_detect_rar_package == 'EPEL' - ansible_os_family == 'RedHat' - __sap_install_media_detect_register_rpm_q_epel.stdout != 'epel-release' diff --git a/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml b/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml index 73948383e..a2391d390 100644 --- a/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml +++ b/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml @@ -25,13 +25,23 @@ loop_control: label: "{{ item.path }}" -- name: SAP Install Media Detect - Prepare - Iterate over files and determine file type +- name: SAP Install Media Detect - Prepare - Iterate over files and determine file type, including command for handling RAR files ansible.builtin.command: "{{ __sap_install_media_detect_sapfile_path }} -e --lsar_file={{ __sap_install_media_detect_rar_list.split(' ')[0] }} --sapcar_file={{ __sap_install_media_detect_fact_sapcar_path }} {{ line_item }}" register: __sap_install_media_detect_register_files_phase_2 loop: "{{ __sap_install_media_detect_fact_find_result_phase_2 }}" loop_control: loop_var: line_item changed_when: false + when: sap_install_media_detect_rar_handling + +- name: SAP Install Media Detect - Prepare - Iterate over files and determine file type, without command for handling RAR files + ansible.builtin.command: "{{ __sap_install_media_detect_sapfile_path }} -e --sapcar_file={{ __sap_install_media_detect_fact_sapcar_path }} {{ line_item }}" + register: __sap_install_media_detect_register_files_phase_2 + loop: "{{ __sap_install_media_detect_fact_find_result_phase_2 }}" + loop_control: + loop_var: line_item + changed_when: false + when: not sap_install_media_detect_rar_handling - name: SAP Install Media Detect - Prepare - Set fact with the results of the sapfile command ansible.builtin.set_fact: diff --git a/roles/sap_install_media_detect/tasks/prepare/move_files_to_main_directory.yml b/roles/sap_install_media_detect/tasks/prepare/move_files_to_main_directory.yml index 68134084d..f3d141b5f 100644 --- a/roles/sap_install_media_detect/tasks/prepare/move_files_to_main_directory.yml +++ b/roles/sap_install_media_detect/tasks/prepare/move_files_to_main_directory.yml @@ -10,9 +10,9 @@ - name: SAP Install Media Detect - Prepare - Move files to parent for known subdirs - Find the relevant non-extract subdirectories # noqa risky-shell-pipe ansible.builtin.shell: cmd: > - ls -d \ - sap_hana sap_swpm sap_swpm_download_basket \ - sapase sapmaxdb oracledb ibmdb2 sap_export_nwas_java sap_export_ecc sap_export_nwas_abap sap_export_solman_java sap_export_ecc_ides \ + ls -d + sap_hana sap_swpm sap_swpm_download_basket + sapase sapmaxdb oracledb ibmdb2 sap_export_nwas_java sap_export_ecc sap_export_nwas_abap sap_export_solman_java sap_export_ecc_ides $({{ __sap_install_media_detect_sapfile_path }} -s) 2>/dev/null | awk '{print ("'{{ __sap_install_media_detect_software_main_directory }}'/"$0"/")}' chdir: "{{ __sap_install_media_detect_software_main_directory }}" diff --git a/roles/sap_maintain_etc_hosts/.yamllint.yml b/roles/sap_maintain_etc_hosts/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_maintain_etc_hosts/.yamllint.yml +++ b/roles/sap_maintain_etc_hosts/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/sap_netweaver_preconfigure/.yamllint.yml b/roles/sap_netweaver_preconfigure/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_netweaver_preconfigure/.yamllint.yml +++ b/roles/sap_netweaver_preconfigure/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/sap_storage_setup/.yamllint.yml b/roles/sap_storage_setup/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_storage_setup/.yamllint.yml +++ b/roles/sap_storage_setup/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true diff --git a/roles/sap_storage_setup/README.md b/roles/sap_storage_setup/README.md index 1f3394813..d5e5ff23c 100644 --- a/roles/sap_storage_setup/README.md +++ b/roles/sap_storage_setup/README.md @@ -17,6 +17,13 @@ This Ansible Role is agnostic, and will run on any Infrastructure Platform. Only Please note, while this Ansible Role has protection against overwrite of existing disks and filesystems - sensible review and care is required for any automation of disk storage. Please review the documentation and samples/examples carefully. It is strongly suggested to initially execute the Ansible Playbook calling this Ansible Role, with `ansible-playbook --check` for Check Mode - this will perform no changes to the host and show which changes would be made. +In addition, this Ansible Role: + +- Does not permit static definition for mountpoint to use a specific device (e.g. `/dev/sdk`). The definition will define the disk size to use for the mountpoint, and match accordingly. +- Enforces 1 mountpoint will use 1 LVM Logical Volume (LV) that consumes 100% of an LVM Volume Group (VG), with the LVM Volume Group (VG) consuming 100% of 1..n LVM Physical Volumes (PV). + - For granular control of LVM setup, the suggestion is to instead use Ansible Role `storage` from the `fedora.linux_system_roles` Ansible Collection or the Ansible Roles `lvg/lvol/filesystem` from `community.general` Ansible Collection + + ## Requirements The Ansible Role requires the `community.general` Ansible Collection (uses the `lvg`, `lvol` and `filesystem` Ansible Modules). @@ -62,9 +69,9 @@ Red Hat for SAP Community of Practice, Janine Fuchs, IBM Lab for SAP Solutions Minimum required parameters: -- [sap_storage_setup_definition](#sap_storage_setup_definition) -- [sap_storage_setup_host_type](#sap_storage_setup_host_type) -- [sap_storage_setup_sid](#sap_storage_setup_sid) +- [sap_storage_setup_definition](#sap_storage_setup_definition-required) +- [sap_storage_setup_host_type](#sap_storage_setup_host_type-required) +- [sap_storage_setup_sid](#sap_storage_setup_sid-required) ### sap_storage_setup_definition required @@ -110,14 +117,24 @@ Example: ```yaml sap_storage_setup_definition: -- disk_size: 100G - filesystem_type: xfs - mountpoint: /hana/data - name: hanadata -- disk_size: 100G - filesystem_type: xfs - mountpoint: /hana/log - name: hanalog + + # Block Storage volume + - name: hana_data # required: string, filesystem name used to generate lvm_lv_name and lvm_vg_name + mountpoint: /hana/data # required: string, directory path where the filesystem is mounted + disk_size: 100 # required: integer, size in GB + filesystem_type: xfs # optional: string, value 'xfs'. Use 'swap' to create swap filesystem + + # File Storage volume + - name: hana_shared # required: string, reference name + mountpoint: /hana/shared # required: string, directory path where the filesystem is mounted + nfs_server: nfs.corp:/ # required: string, server and parent directory of the NFS Server; value default from var sap_storage_setup_nfs_server + + # Swap as file instead of Block Storage volume + # See SAP Note 1597355 - Swap-space recommendation for Linux + - name: swap # required: string, reference name + swap_path: /swapfile # required: string, directory path where swap file is created + disk_size: 4 # required: integer, size in GB of swap file + filesystem_type: swap # required: string, must be value 'swap' ``` ### sap_storage_setup_host_type required diff --git a/roles/sap_storage_setup/defaults/main.yml b/roles/sap_storage_setup/defaults/main.yml index 3cfc3bd3e..f4925f150 100644 --- a/roles/sap_storage_setup/defaults/main.yml +++ b/roles/sap_storage_setup/defaults/main.yml @@ -1,10 +1,59 @@ # SPDX-License-Identifier: Apache-2.0 --- -# Inherit from global parameters, if they exist -sap_storage_setup_host_type: "{{ sap_host_type }}" +# Mandatory +# Inherit from global parameter, if exist sap_storage_setup_sid: "{{ sap_system_sid }}" +# Mandatory +# Inherit from global parameter, if exist +# Use list with values: hana_primary, hana_secondary, nwas_abap_ascs, nwas_abap_ers, nwas_abap_pas, nwas_abap_aas, nwas_java_scs, nwas_java_ers +# Sandbox example +## sap_storage_setup_host_type: +## - hana_primary +## - nwas_abap_ascs +## - nwas_abap_pas +sap_storage_setup_host_type: "{{ sap_host_type }}" + + +#### Mandatory variable reference example for SAP System storage definition + +# # Mandatory +# sap_storage_setup_definition: + +# # Block Storage volume +# - name: name # required: string, filesystem name used to generate lvm_lv_name and lvm_vg_name +# mountpoint: /directory # required: string, directory path where the filesystem is mounted +# disk_size: 384 # required: integer, size in GB +# filesystem_type: xfs # optional: string, value 'xfs'. Use 'swap' to create swap filesystem +# #lvm_lv_name: # optional: string, value 'lv_' +# #lvm_lv_stripes: # optional: integer, value '1', stripe over LVM Physical Volumes within the LVM Volume Group +# #lvm_lv_stripe_size: # optional: string, value '128K', override definition by the OS. Akin to Virtualized Block Size +# #lvm_vg_name: # optional: string, value 'vg_'' +# #lvm_vg_options: # optional: string, value '', additional LVM VG options (e.g. "--dataalignment XX ..." to override MiB offset from disk start before first LVM VG Physical Extent) +# #lvm_vg_physical_extent_size: # optional: integer, value '4', size in MiB. Akin to Physical Block Size, difficult to change once set +# #lvm_pv_options: # optional: string, value '', additional LVM PV options (e.g. "--dataalignment XX ..." to override MiB offset from disk start before first LVM PV Physical Extent) + +# # File Storage volume +# - name: name # required: string, reference name +# mountpoint: /directory # required: string, directory path where the filesystem is mounted +# nfs_server: nfs.corp:/ # required: string, server and parent directory of the NFS Server; value default from var sap_storage_setup_nfs_server +# #nfs_path: # optional: string, value '', subdirectory path on the NFS Server +# #nfs_filesystem_type: # optional: string, value default 'nfs4' from var sap_storage_setup_nfs_filesystem_type, NFS Server protocol +# #nfs_mount_options: # optional: string, value default 'defaults' from var sap_storage_setup_nfs_mount_options, NFS Server specific options e.g. 'relatime' + +# # Swap as file instead of Block Storage volume +# - name: swap # required: string, reference name +# swap_path: /swapfile # required: string, directory path where swap file is created +# disk_size: 4 # required: integer, size in GB of swap file +# filesystem_type: swap # required: string, must be value 'swap' + +# # If applicable, create default for all nfs_server keys within sap_storage_setup_definition +# sap_storage_setup_nfs_server: 'nfs.corp:/' + + +#### Default variable values for SAP System storage + # By default do not look for multipath devices. # When enabled, this includes # - installation of necessary packages @@ -33,7 +82,8 @@ sap_storage_setup_nwas_java_ci_instance_nr: '21' # - NWAS JAVA AS uses J # - NWAS WebDispatcher uses W -#----------------------------------------------------------# + +#### NFS default values sap_storage_setup_nfs_filesystem_type: nfs4 sap_storage_setup_nfs_mount_options: defaults @@ -59,6 +109,7 @@ sap_storage_setup_nfs_dirs_usr_sap: nwas_java_scs: - "{{ sap_storage_setup_sid }}/SCS{{ sap_storage_setup_nwas_java_scs_instance_nr }}" + ##### #### Legacy code - retain vars for commented out code, until decision on specific activities for each Cloud ###### @@ -85,6 +136,3 @@ sap_storage_setup_aws_imds_url: sap_storage_setup_aws_vmsize_url: sap_storage_setup_aws_vmsize: - -# IBM Cloud variables -# diff --git a/roles/sap_storage_setup/tasks/generic_tasks/map_single_disks_to_filesystems.yml b/roles/sap_storage_setup/tasks/generic_tasks/map_single_disks_to_filesystems.yml index 004c9b85f..1fea460ed 100644 --- a/roles/sap_storage_setup/tasks/generic_tasks/map_single_disks_to_filesystems.yml +++ b/roles/sap_storage_setup/tasks/generic_tasks/map_single_disks_to_filesystems.yml @@ -50,6 +50,8 @@ # defined already that is to be enhanced with single disk definitions, if # applicable. +# First pass assigns disks based on exact size. +# Second pass assigns disks based on approximate size -8GB and +8GB - name: SAP Storage Setup - Set fact for target filesystem device mapping ansible.builtin.set_fact: filesystem_device_map: "{{ filesystem_device_map | default([]) + __single_disk_to_fs_device_map }}" @@ -68,7 +70,21 @@ -%} {%- for dev in av_dev -%} + {%- if dev.value.size | regex_search('.*TB$') -%} + {% set disk_size_gb = (((( dev.value.size | replace(' TB','') | float * 1024) /8) | round(0,'ceil') * 8) | int) -%} + {%- else -%} + {% set disk_size_gb = (dev.value.size | regex_replace('(\.\d+\s*)', '') | replace('GB','') | int) -%} + {%- endif -%} + {%- if disk_size_gb == fs.disk_size + and dev.key not in assigned_dev + and dev.value.holders | length == 0 + and matching_dev | length < (fs.lvm_lv_stripes | d('1') | int) -%} + {%- set assigned = assigned_dev.append(dev.key) -%} + {%- set add = matching_dev.append('/dev/' + dev.key) -%} + {%- endif -%} + {%- endfor -%} + {%- for dev in av_dev -%} {%- if dev.value.size | regex_search('.*TB$') -%} {% set disk_size_gb = (((( dev.value.size | replace(' TB','') | float * 1024) /8) | round(0,'ceil') * 8) | int) -%} {%- else -%} @@ -82,7 +98,6 @@ {%- set assigned = assigned_dev.append(dev.key) -%} {%- set add = matching_dev.append('/dev/' + dev.key) -%} {%- endif -%} - {%- endfor -%} {%- if matching_dev | length > 0 -%} diff --git a/roles/sap_swpm/.yamllint.yml b/roles/sap_swpm/.yamllint.yml index ea7a6099f..ee4457cfd 100644 --- a/roles/sap_swpm/.yamllint.yml +++ b/roles/sap_swpm/.yamllint.yml @@ -8,7 +8,9 @@ rules: brackets: {max-spaces-inside: 1, level: error} # colons: {max-spaces-after: -1, level: error} # commas: {max-spaces-after: -1, level: error} - comments: disable + comments: + require-starting-space: false + min-spaces-from-content: 1 comments-indentation: disable # document-start: disable # empty-lines: {max: 3, level: error} @@ -20,3 +22,6 @@ rules: # new-lines: {type: unix} # trailing-spaces: disable truthy: disable + octal-values: + forbid-implicit-octal: true + forbid-explicit-octal: true