diff --git a/.github/workflows/ansible-test-sanity.yml b/.github/workflows/ansible-test-sanity.yml index 90b32f207..5e464b01f 100644 --- a/.github/workflows/ansible-test-sanity.yml +++ b/.github/workflows/ansible-test-sanity.yml @@ -5,9 +5,10 @@ name: ansible-test sanity of the collection on: - schedule: - - cron: '31 12 * * 1' - + pull_request: + branches: + - main + - dev workflow_dispatch: jobs: diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 24d07bcd4..be39f1101 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -1,3 +1,5 @@ +--- + name: CodeSpell on: diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 28b879c7e..1bebd970c 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,51 @@ community.sap_install Release Notes .. contents:: Topics +v1.4.1 +====== + +Release Summary +--------------- + +| Release Date: 2024-06-21 +| feat: sap_hana_install: add compatibility for fapolicyd +| feat: sap_swpm: append generate options for s4hana java +| feat: sap_ha_pacemaker_cluster: upgrade to ha_cluster Ansible Role with SLES compatibility +| feat: sap_ha_pacemaker_cluster: compatibility enhancement for SLES +| feat: sap_ha_pacemaker_cluster: improved handling of custom SAP HANA srHooks +| feat: sap_ha_pacemaker_cluster: handling for future merged Resource Agent package (SAPHanaSR-angi) +| feat: sap_ha_pacemaker_cluster: graceful SAP HANA start after PCMK Cluster start +| feat: sap_ha_pacemaker_cluster: ASCS ERS Simple Mount +| collection: add sample AAS installation var file +| collection: fix ansible-test sanity errors +| collection: for package_facts Ansible Module add python3-rpm requirement for SLES +| collection: use -i instead of -l test scripts +| sap_*_preconfigure: disable and stop sapconf when saptune run +| sap_general_preconfigure: fix /etc/hosts check in assert mode +| sap_general_preconfigure: revert to awk for asserting /etc/hosts +| sap_general_preconfigure: use tags for limiting the role scope +| sap_general_preconfigure: use the package module in most cases +| sap_general_preconfigure: use the role sap_maintain_etc_hosts - RHEL systems +| sap_hana_preconfigure: move handlers to the correct location +| sap_hana_preconfigure: catch SELinux disabled +| sap_hana_preconfigure: update kernel parameters for SLES +| sap_netweaver_preconfigure: sync with SAP note 3119751 v.13 for RHEL +| sap_anydb_install_oracle: fix temp directory removal +| sap_ha_pacemaker_cluster: use expect Ansible Module and add python3-pip requirement +| sap_ha_pacemaker_cluster: add retry for Azure Files (NFS) to avoid locks +| sap_ha_pacemaker_cluster: variable changes for different os and platforms +| sap_ha_pacemaker_cluster: fix pcs resource restart +| sap_hana_install: update documentation for parameter sap_hana_install_force +| sap_install_media_detect: detection of SAP Kernel Part I only +| sap_install_media_detect: duplicate SAR file handling for SAP Kernel, IGS, WebDisp +| sap_install_media_detect: directory handling fix for SAP SWPM +| sap_maintain_etc_hosts: fix wrong assert messages +| sap_maintain_etc_hosts: remove use ansible.utils.ip +| sap_storage_setup: fix for TB disks +| sap_swpm: directory handling fix for SAP SWPM +| sap_swpm: align execution and monitoring timeouts to 24hrs (86400s) +| sap_swpm: optionally skip setting file permissions + v1.4.0 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 325cc5d3b..8468089a7 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -165,3 +165,46 @@ releases: | sap_anydb_install_oracle: Feature add for Oracle DB install with patch ' release_date: '2024-02-02' + 1.4.1: + changes: + release_summary: '| Release Date: 2024-06-20 + + | feat: sap_hana_install: add compatibility for fapolicyd + | feat: sap_swpm: append generate options for s4hana java + | feat: sap_ha_pacemaker_cluster: upgrade to ha_cluster Ansible Role with SLES compatibility + | feat: sap_ha_pacemaker_cluster: compatibility enhancement for SLES + | feat: sap_ha_pacemaker_cluster: improved handling of custom SAP HANA srHooks + | feat: sap_ha_pacemaker_cluster: handling for future merged Resource Agent package (SAPHanaSR-angi) + | feat: sap_ha_pacemaker_cluster: graceful SAP HANA start after PCMK Cluster start + | feat: sap_ha_pacemaker_cluster: ASCS ERS Simple Mount + | collection: add sample AAS installation var file + | collection: fix ansible-test sanity errors + | collection: for package_facts Ansible Module add python3-rpm requirement for SLES + | collection: use -i instead of -l test scripts + | sap_*_preconfigure: disable and stop sapconf when saptune run + | sap_general_preconfigure: fix /etc/hosts check in assert mode + | sap_general_preconfigure: revert to awk for asserting /etc/hosts + | sap_general_preconfigure: use tags for limiting the role scope + | sap_general_preconfigure: use the package module in most cases + | sap_general_preconfigure: use the role sap_maintain_etc_hosts - RHEL systems + | sap_hana_preconfigure: move handlers to the correct location + | sap_hana_preconfigure: catch SELinux disabled + | sap_hana_preconfigure: update kernel parameters for SLES + | sap_netweaver_preconfigure: sync with SAP note 3119751 v.13 for RHEL + | sap_anydb_install_oracle: fix temp directory removal + | sap_ha_pacemaker_cluster: use expect Ansible Module and add python3-pip requirement + | sap_ha_pacemaker_cluster: add retry for Azure Files (NFS) to avoid locks + | sap_ha_pacemaker_cluster: variable changes for different os and platforms + | sap_ha_pacemaker_cluster: fix pcs resource restart + | sap_hana_install: update documentation for parameter sap_hana_install_force + | sap_install_media_detect: detection of SAP Kernel Part I only + | sap_install_media_detect: duplicate SAR file handling for SAP Kernel, IGS, WebDisp + | sap_install_media_detect: directory handling fix for SAP SWPM + | sap_maintain_etc_hosts: fix wrong assert messages + | sap_maintain_etc_hosts: remove use ansible.utils.ip + | sap_storage_setup: fix for TB disks + | sap_swpm: directory handling fix for SAP SWPM + | sap_swpm: align execution and monitoring timeouts to 24hrs (86400s) + | sap_swpm: optionally skip setting file permissions + ' + release_date: '2024-06-20' diff --git a/galaxy.yml b/galaxy.yml index d6982415d..4a9423b09 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -10,7 +10,7 @@ namespace: community name: sap_install # The version of the collection. Must be compatible with semantic versioning -version: 1.4.0 +version: 1.4.1 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md @@ -25,6 +25,7 @@ authors: - Janine Fuchs - Steven Stringer - Marcel Mamula + - Gabriele Puliti ### OPTIONAL but strongly recommended # A short summary description of the collection diff --git a/playbooks/sample-sap-swpm-default-mode.yml b/playbooks/sample-sap-swpm-default-mode.yml index e0056b3ed..0d8eab07b 100644 --- a/playbooks/sample-sap-swpm-default-mode.yml +++ b/playbooks/sample-sap-swpm-default-mode.yml @@ -13,6 +13,7 @@ - name: Import variables for sap_swpm Ansible Role (Default Mode) ansible.builtin.include_vars: # file: ./sample-variables-sap-swpm-default-mode-bw4hana-onehost-install.yml +# file: ./sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install # file: ./sample-variables-sap-swpm-default-mode-s4hana-distributed-ascs-install # file: ./sample-variables-sap-swpm-default-mode-s4hana-distributed-dbload-install # file: ./sample-variables-sap-swpm-default-mode-s4hana-distributed-ers-install diff --git a/playbooks/vars/sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install.yml b/playbooks/vars/sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install.yml new file mode 100644 index 000000000..bceb19ee4 --- /dev/null +++ b/playbooks/vars/sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install.yml @@ -0,0 +1,55 @@ +--- + +# Detect SAP NetWeaver software +sap_install_media_detect_source_directory: "/software" +sap_install_media_detect_source: local_dir +sap_install_media_detect_swpm: true +sap_install_media_detect_hostagent: true +sap_install_media_detect_igs: true +sap_install_media_detect_kernel: true +sap_install_media_detect_webdisp: false + +# Product ID for New Installation +sap_swpm_product_catalog_id: NW_DI:S4HANA2020.CORE.HDB.PD +#NW_DI:S4HANA2020.CORE.HDB.ABAPHA + +# Generate inifile.params using sap_swpm Ansible Role +sap_swpm_inifile_list: + - swpm_installation_media + - credentials + - db_connection_nw_hana + - nw_config_other + - nw_config_additional_application_server_instance + - nw_config_host_agent + - sap_os_linux_user + +# Software +sap_swpm_software_path: /software/download_basket +sap_swpm_sapcar_path: /software/download_basket +sap_swpm_swpm_path: /software/download_basket + +# NW Passwords +sap_swpm_master_password: "NewPass$321" +sap_swpm_ddic_000_password: "NewPass$321" + +# HDB Passwords +sap_swpm_db_system_password: "NewPass$321" +sap_swpm_db_systemdb_password: "NewPass$321" +sap_swpm_db_schema_abap: "SAPHANADB" +sap_swpm_db_schema_abap_password: "NewPass$321" +sap_swpm_db_sidadm_password: "NewPass$321" + +# NW Instance Parameters +sap_swpm_sid: S4D +sap_swpm_aas_instance_nr: "00" +sap_swpm_aas_instance_hostname: "s4h2020aas" + +# Unix User ID +sap_swpm_sapadm_uid: '3000' +sap_swpm_sapsys_gid: '3001' +sap_swpm_sidadm_uid: '3001' + +# HDB Instance Parameters +sap_swpm_db_host: "hana01" +sap_swpm_db_sid: HDD +sap_swpm_db_instance_nr: "00" diff --git a/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-abap-onehost-install.yml b/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-abap-onehost-install.yml index 2840f34cb..b2ab307e3 100644 --- a/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-abap-onehost-install.yml +++ b/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-abap-onehost-install.yml @@ -32,7 +32,7 @@ sap_swpm_inifile_list: - nw_config_java_ume - nw_config_host_agent - sap_os_linux_user - - solman_credentials_swpm1 + - nw_config_java_icm_credentials - solman_abap_swpm1 # Software diff --git a/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-java-onehost-install.yml b/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-java-onehost-install.yml index 7bc9bd3e8..5447ba3bc 100644 --- a/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-java-onehost-install.yml +++ b/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-java-onehost-install.yml @@ -31,7 +31,7 @@ sap_swpm_inifile_list: - nw_config_ports - nw_config_host_agent # - sap_os_linux_user # Ignore, and SAP SWPM will auto-assign UID and GID - - solman_credentials_swpm1 + - nw_config_java_icm_credentials - nw_config_java_feature_template_ids sap_swpm_java_template_id_selected_list: diff --git a/roles/sap_anydb_install_oracle/tasks/oracledb_install_post_mopatch.yml b/roles/sap_anydb_install_oracle/tasks/oracledb_install_post_mopatch.yml index c482ea5c2..089f0c957 100644 --- a/roles/sap_anydb_install_oracle/tasks/oracledb_install_post_mopatch.yml +++ b/roles/sap_anydb_install_oracle/tasks/oracledb_install_post_mopatch.yml @@ -89,5 +89,5 @@ - name: Oracle DB Patch - Remove the temp dir ansible.builtin.file: - path: "{{ sap_anydb_install_oracle_base }}/tmp_sbp" - state: absent + path: "{{ sap_anydb_install_oracle_base }}/tmp_sbp" + state: absent diff --git a/roles/sap_general_preconfigure/README.md b/roles/sap_general_preconfigure/README.md index c1e228f53..65875d070 100644 --- a/roles/sap_general_preconfigure/README.md +++ b/roles/sap_general_preconfigure/README.md @@ -334,6 +334,58 @@ sap_general_preconfigure_db_group_name: dba +## Tags (RHEL systems only) + +With the following tags, the role can be called to perform certain activities only: +- tag `sap_general_preconfigure_installation`: Perform only the installation tasks +- tag `sap_general_preconfigure_configuration`: Perform only the configuration tasks +- tag `sap_general_preconfigure_3108316`: Perform only the tasks(s) related to this SAP note. +- tag `sap_general_preconfigure_2772999_03`: Perform only the tasks(s) related to step 3 of the SAP note. +- tag `sap_general_preconfigure_etc_hosts`: Perform only the tasks(s) related to this step. This step might be one of multiple + configuration activities of a SAP note. Also this step might be valid for multiple RHEL major releases. + +Sample call for only performing all installation and configuration tasks (sample playbook name sap.yml, see the next section for +an example). This is the default behavior. If no tag is specified, all installation and configuration tasks are enabled: +``` +# ansible-playbook sap.yml +``` + +Sample call for only performing all installation tasks: +``` +# ansible-playbook sap.yml --tags=sap_general_preconfigure_installation +``` + +Sample call for only performing all configuration tasks: +``` +# ansible-playbook sap.yml --tags=sap_general_preconfigure_configuration +``` + +Sample call for only verifying and modifying the /etc/hosts file: +``` +# ansible-playbook sap.yml --tags=sap_general_preconfigure_etc_hosts +``` + +Sample call for performing all configuration steps except verifying and modifying the /etc/hosts file: +``` +# ansible-playbook sap.yml --tags=sap_general_preconfigure_configuration --skip_tags=sap_general_preconfigure_etc_hosts +``` + +Sample call for only performing the configuration activities related to SAP note 3108316 (RHEL 9 specific): +``` +# ansible-playbook sap.yml --tags=sap_general_preconfigure_3108316 +``` + +Sample call for performing all configuration activities except those related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): +Sample call for only performing the configuration activities related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): +``` +# ansible-playbook sap.yml --tags=sap_general_preconfigure_3108316_02 +``` + +Sample call for performing all configuration activities except those related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): +``` +# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration --skip_tags=sap_general_preconfigure_3108316_02 +``` + ## Dependencies This role does not depend on any other role. diff --git a/roles/sap_general_preconfigure/defaults/main.yml b/roles/sap_general_preconfigure/defaults/main.yml index 9bda53ad4..c7f353c3a 100644 --- a/roles/sap_general_preconfigure/defaults/main.yml +++ b/roles/sap_general_preconfigure/defaults/main.yml @@ -145,18 +145,16 @@ sap_general_preconfigure_kernel_parameters: "{{ __sap_general_preconfigure_kerne sap_general_preconfigure_max_hostname_length: '13' # The maximum length of the hostname. See SAP note 611361. -# Reason for noqa: A separate role is planned to replace the code which uses this variable. -sap_hostname: "{{ ansible_hostname }}" # noqa var-naming[no-role-prefix] +# If "global" variables are set, use those. If not, default to the values from gather_facts: +sap_general_preconfigure_ip: "{{ sap_ip | d(ansible_default_ipv4.address) }}" +# The IPV4 address to be used for updating or checking `/etc/hosts` entries. + +sap_general_preconfigure_hostname: "{{ sap_hostname | d(ansible_hostname) }}" # The hostname to be used for updating or checking `/etc/hosts` entries. -# Reason for noqa: A separate role is planned to replace the code which uses this variable. -sap_domain: "{{ ansible_domain }}" # noqa var-naming[no-role-prefix] +sap_general_preconfigure_domain: "{{ sap_domain | d(ansible_domain) }}" # The DNS domain name to be used for updating or checking `/etc/hosts` entries. -# Reason for noqa: A separate role is planned to replace the code which uses this variable. -sap_ip: "{{ ansible_default_ipv4.address }}" # noqa var-naming[no-role-prefix] -# The IPV4 address to be used for updating or checking `/etc/hosts` entries. - # sap_general_preconfigure_db_group_name: (not defined by default) # Use this variable to specify the name of the RHEL group which is used for the database processes. # If defined, it will be used to configure process limits as per step diff --git a/roles/sap_general_preconfigure/meta/argument_specs.yml b/roles/sap_general_preconfigure/meta/argument_specs.yml index 5621e5b28..6ee5fa23d 100644 --- a/roles/sap_general_preconfigure/meta/argument_specs.yml +++ b/roles/sap_general_preconfigure/meta/argument_specs.yml @@ -310,21 +310,21 @@ argument_specs: required: false type: str - sap_hostname: + sap_general_preconfigure_hostname: default: "{{ ansible_hostname }}" description: - The hostname to be used for updating or checking `/etc/hosts` entries. required: false type: str - sap_domain: + sap_general_preconfigure_domain: default: "{{ ansible_domain }}" description: - The DNS domain name to be used for updating or checking `/etc/hosts` entries. required: false type: str - sap_ip: + sap_general_preconfigure_ip: default: "{{ ansible_default_ipv4.address }}" description: - The IPV4 address to be used for updating or checking `/etc/hosts` entries. diff --git a/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml b/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml index dc12b02a3..1116afc6b 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml @@ -3,12 +3,18 @@ - name: Assert - List required SAP Notes ansible.builtin.debug: var: __sap_general_preconfigure_sapnotes_versions | difference(['']) + tags: + - always - name: Gather service facts ansible.builtin.service_facts: + tags: + - always - name: Assert - Include configuration actions for required sapnotes ansible.builtin.include_tasks: "sapnote/assert-{{ sap_note_line_item.number }}.yml" with_items: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}" loop_control: loop_var: sap_note_line_item + tags: + - always diff --git a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml index 5893e00a9..108af000f 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml @@ -3,6 +3,8 @@ - name: Configure - List required SAP Notes ansible.builtin.debug: var: __sap_general_preconfigure_sapnotes_versions | difference(['']) + tags: + - always - name: Configure - Set directory variables for setting SELinux file contexts ansible.builtin.set_fact: @@ -16,11 +18,19 @@ target: "{{ line_item }}(/.*)?" setype: 'usr_t' when: sap_general_preconfigure_modify_selinux_labels + tags: + - sap_general_preconfigure_3108316_02 + - sap_general_preconfigure_2772999_02 + - sap_general_preconfigure_selinux - name: Configure - Display directory variable ansible.builtin.debug: var: sap_general_preconfigure_fact_targets_setypes when: sap_general_preconfigure_modify_selinux_labels + tags: + - sap_general_preconfigure_3108316_02 + - sap_general_preconfigure_2772999_02 + - sap_general_preconfigure_selinux - name: Configure - Create directories ansible.builtin.file: @@ -33,9 +43,17 @@ loop_control: loop_var: line_item when: sap_general_preconfigure_create_directories or sap_general_preconfigure_modify_selinux_labels + tags: + - sap_general_preconfigure_create_directories + - sap_general_preconfigure_3108316_02 + - sap_general_preconfigure_2772999_02 + - sap_general_preconfigure_selinux - name: Configure - Include configuration actions for required sapnotes - ansible.builtin.include_tasks: "sapnote/{{ sap_note_line_item.number }}.yml" + ansible.builtin.include_tasks: + file: "sapnote/{{ sap_note_line_item.number }}.yml" with_items: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}" loop_control: loop_var: sap_note_line_item + tags: + - always diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-dns-name-resolution.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-dns-name-resolution.yml index c7df9b1b3..d0815faba 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-dns-name-resolution.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-dns-name-resolution.yml @@ -3,16 +3,16 @@ - name: Assert that the DNS domain is set ansible.builtin.assert: that: not( (ansible_domain is undefined) or (ansible_domain is none) or (ansible_domain | trim == '') ) - fail_msg: "FAIL: The DNS domain is not configured! So variable 'sap_domain' needs to be configured!" + fail_msg: "FAIL: The DNS domain is not configured! So variable 'sap_general_preconfigure_domain' needs to be configured!" success_msg: "PASS: The DNS domain is configured." # ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" ignore_errors: yes -- name: Assert that variable sap_domain is set +- name: Assert that variable sap_general_preconfigure_domain is set ansible.builtin.assert: - that: not( (sap_domain is undefined) or (sap_domain is none) or (sap_domain | trim == '') ) - fail_msg: "FAIL: The variable 'sap_domain' is not set!" - success_msg: "PASS: The variable 'sap_domain' is set." + that: not( (sap_general_preconfigure_domain is undefined) or (sap_general_preconfigure_domain is none) or (sap_general_preconfigure_domain | trim == '') ) + fail_msg: "FAIL: The variable 'sap_general_preconfigure_domain' is not set!" + success_msg: "PASS: The variable 'sap_general_preconfigure_domain' is set." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" - name: Check if the bind-utils package, which contains the dig command, is available @@ -21,8 +21,8 @@ fail_msg: "FAIL: The package 'bind-utils' is not installed! DNS checking not possible!" ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Check if IP address for sap_hostname.sap_domain is resolved correctly - ansible.builtin.command: dig {{ sap_hostname }}.{{ sap_domain }} +short +- name: Check if IP address for sap_general_preconfigure_hostname.sap_general_preconfigure_domain is resolved correctly + ansible.builtin.command: dig {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} +short register: __sap_general_preconfigure_register_dig_short_assert ignore_errors: yes changed_when: no @@ -35,32 +35,32 @@ success_msg: "PASS: The variable 'ansible_default_ipv4.address' is defined." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Assert that sap_ip is set +- name: Assert that sap_general_preconfigure_ip is set ansible.builtin.assert: - that: __sap_general_preconfigure_register_dig_short_assert.stdout == sap_ip - fail_msg: "FAIL: The variable 'sap_ip' is not set!" - success_msg: "PASS: The variable 'sap_ip' is set." + that: __sap_general_preconfigure_register_dig_short_assert.stdout == sap_general_preconfigure_ip + fail_msg: "FAIL: The variable 'sap_general_preconfigure_ip' is not set!" + success_msg: "PASS: The variable 'sap_general_preconfigure_ip' is set." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" when: "'bind-utils' in ansible_facts.packages" ### BUG: dig does not use search path in resolv.con on PPCle -- name: Check if IP address for sap_hostname with search path is resolved correctly - ansible.builtin.command: dig {{ sap_hostname }} +search +short +- name: Check if IP address for sap_general_preconfigure_hostname with search path is resolved correctly + ansible.builtin.command: dig {{ sap_general_preconfigure_hostname }} +search +short register: __sap_general_preconfigure_register_dig_search_short_assert changed_when: false ignore_errors: true when: "'bind-utils' in ansible_facts.packages" -- name: Assert that the IP address for sap_hostname is resolved correctly +- name: Assert that the IP address for sap_general_preconfigure_hostname is resolved correctly ansible.builtin.assert: - that: __sap_general_preconfigure_register_dig_search_short_assert.stdout == sap_ip - fail_msg: "FAIL: The IP address for 'sap_hostname' could not be resolved!" - success_msg: "PASS: The IP address for 'sap_hostname' was resolved." + that: __sap_general_preconfigure_register_dig_search_short_assert.stdout == sap_general_preconfigure_ip + fail_msg: "FAIL: The IP address for 'sap_general_preconfigure_hostname' could not be resolved!" + success_msg: "PASS: The IP address for 'sap_general_preconfigure_hostname' was resolved." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(true) }}" when: "'bind-utils' in ansible_facts.packages" - name: Check if the reverse name resolution is correct - ansible.builtin.command: dig -x {{ sap_ip }} +short + ansible.builtin.command: dig -x {{ sap_general_preconfigure_ip }} +short register: __sap_general_preconfigure_register_dig_reverse_assert changed_when: false ignore_errors: true @@ -68,8 +68,8 @@ - name: Assert that the reverse name resolution is correct ansible.builtin.assert: - that: __sap_general_preconfigure_register_dig_reverse_assert.stdout == (sap_hostname + '.' + sap_domain + '.') - fail_msg: "FAIL: The reverse name resolution of 'sap_ip' was not successful!" - success_msg: "PASS: The reverse name resolution of 'sap_ip' was successful." + that: __sap_general_preconfigure_register_dig_reverse_assert.stdout == (sap_general_preconfigure_hostname + '.' + sap_general_preconfigure_domain + '.') + fail_msg: "FAIL: The reverse name resolution of 'sap_general_preconfigure_ip' was not successful!" + success_msg: "PASS: The reverse name resolution of 'sap_general_preconfigure_ip' was successful." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(true) }}" when: "'bind-utils' in ansible_facts.packages" diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml index 48b301f38..93e602ead 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml @@ -3,28 +3,12 @@ - name: Assert - Display host and domain name, and IP address ansible.builtin.debug: msg: - - "sap_hostname = {{ sap_hostname }}" - - "sap_domain = {{ sap_domain }}" - - "sap_ip = {{ sap_ip }}" - -# Note: There is no check related to hostname aliases. -#- name: Get all hostname aliases of {{ sap_ip }} -# shell: | -# awk '( $1 == "{{ sap_ip }}" ) { -# for (i=2; i<=NF; ++i) { -# if (( $i != "{{ sap_hostname }}" ) && ( $i != "{{ sap_hostname }}.{{ sap_domain }}" )) { printf $i" " } -# } -# }' /etc/hosts -# register: sap_base_settings_register_hostname_aliases -# changed_when: false -# check_mode: false - -#- name: Print hostname aliases -# debug: -# var=sap_hostname_aliases + - "sap_general_preconfigure_hostname = {{ sap_general_preconfigure_hostname }}" + - "sap_general_preconfigure_domain = {{ sap_general_preconfigure_domain }}" + - "sap_general_preconfigure_ip = {{ sap_general_preconfigure_ip }}" - name: Check if ipv4 address, FQDN, and hostname are once in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/{{ sap_ip }}/&&/{{ sap_hostname }}.{{ sap_domain }}/&&/{{ sap_hostname }}/{a++}END{print a}' /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_ip }}\s/&&/\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/&&(/\s{{ sap_general_preconfigure_hostname }}\s/||/\s{{ sap_general_preconfigure_hostname }}$/){a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_assert ignore_errors: yes changed_when: no @@ -32,62 +16,55 @@ - name: Assert that ipv4 address, FQDN, and hostname are once in /etc/hosts ansible.builtin.assert: that: __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_assert.stdout == '1' - fail_msg: "FAIL: The line '{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}' needs to be once in /etc/hosts!" - success_msg: "PASS: The line '{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}' is once in /etc/hosts." + fail_msg: "FAIL: The line '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' needs to be once in /etc/hosts!" + success_msg: "PASS: The line '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' is once in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -#- name: Ensure that the entry in /etc/hosts is correct -# ansible.builtin.lineinfile: -# path: /etc/hosts -# regexp: '^{{ sap_ip }}\s' -# line: "{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }} {{ sap_base_settings_register_hostname_aliases.stdout }}" -# when: -# - sap_general_preconfigure_assert_modify_etc_hosts | bool - -- name: Count the number of sap_ip ({{ sap_ip }}) entries in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/{{ sap_ip }}/{a++}END{print a}' /etc/hosts +# Only one line containing sap_general_preconfigure_ip is allowed: +- name: Count the number of sap_general_preconfigure_ip ({{ sap_general_preconfigure_ip }}) entries in /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_ip }}\s/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_sap_ip_once_assert ignore_errors: yes changed_when: no -- name: Assert that there is just one line containing {{ sap_ip }} in /etc/hosts +- name: Assert that there is exactly one line containing {{ sap_general_preconfigure_ip }} in /etc/hosts ansible.builtin.assert: that: __sap_general_preconfigure_register_sap_ip_once_assert.stdout == '1' - fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_ip }}' in /etc/hosts!" - success_msg: "PASS: There is only one line containing '{{ sap_ip }}' in /etc/hosts." + fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts!" + success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Check for duplicate or missing entries of {{ sap_hostname }}.{{ sap_domain }} in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_hostname }}.{{ sap_domain }}\s/|| - /\s{{ sap_hostname }}.{{ sap_domain }}\s/|| - /\s{{ sap_hostname }}.{{ sap_domain }}$/{a++}END{print a}' /etc/hosts +- name: Check for duplicate or missing entries of {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} in /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/|| + /\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/|| + /\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}$/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_fqdn_once_assert ignore_errors: yes changed_when: no -- name: Assert that there is just one line containing {{ sap_hostname }}.{{ sap_domain }} in /etc/hosts +- name: Assert that there is just one line containing {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} in /etc/hosts ansible.builtin.assert: that: __sap_general_preconfigure_register_fqdn_once_assert.stdout == '1' - fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_hostname }}.{{ sap_domain }}' in /etc/hosts!" - success_msg: "PASS: There is only one line containing '{{ sap_hostname }}.{{ sap_domain }}' in /etc/hosts." + fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts!" + success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Check for duplicate or missing entries of {{ sap_hostname }} in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_hostname }}\s/|| - /\s{{ sap_hostname }}\s/|| - /\s{{ sap_hostname }}$/{a++}END{print a}' /etc/hosts +- name: Check for duplicate or missing entries of {{ sap_general_preconfigure_hostname }} in /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_hostname }}\s/|| + /\s{{ sap_general_preconfigure_hostname }}\s/|| + /\s{{ sap_general_preconfigure_hostname }}$/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_sap_hostname_once_assert ignore_errors: yes changed_when: no -- name: Assert that there is just one line containing {{ sap_hostname }} in /etc/hosts +- name: Assert that there is just one line containing {{ sap_general_preconfigure_hostname }} in /etc/hosts ansible.builtin.assert: that: __sap_general_preconfigure_register_sap_hostname_once_assert.stdout == '1' - fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_hostname }}' in /etc/hosts!" - success_msg: "PASS: There is only one line containing '{{ sap_hostname }}' in /etc/hosts." + fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_hostname }}' in /etc/hosts!" + success_msg: "PASS: There is only one line containing '{{ sap_general_preconfigure_hostname }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Check hostname -s +- name: Test hostname -s ansible.builtin.shell: test "$(hostname -s)" = "$(hostname)" register: __sap_general_preconfigure_register_hostname_s_assert ignore_errors: yes @@ -100,7 +77,7 @@ success_msg: "PASS: The output of 'hostname -s' matches the output of 'hostname'." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Check hostname -f +- name: Test hostname -f ansible.builtin.shell: test "$(hostname -f)" = "$(hostname).$(hostname -d)" register: __sap_general_preconfigure_register_hostname_f_assert ignore_errors: yes diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-hostname.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-hostname.yml index 0ee9b8972..38e843517 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-hostname.yml @@ -6,16 +6,16 @@ ignore_errors: yes changed_when: no -- name: Assert that the output of hostname matches the content of variable sap_hostname +- name: Assert that the output of hostname matches the content of variable sap_general_preconfigure_hostname ansible.builtin.assert: - that: __sap_general_preconfigure_register_hostname_assert.stdout == sap_hostname - fail_msg: "FAIL: The output of 'hostname' does not match the content of variable 'sap_hostname'!" - success_msg: "PASS: The output of 'hostname' matches the content of variable 'sap_hostname'." + that: __sap_general_preconfigure_register_hostname_assert.stdout == sap_general_preconfigure_hostname + fail_msg: "FAIL: The output of 'hostname' does not match the content of variable 'sap_general_preconfigure_hostname'!" + success_msg: "PASS: The output of 'hostname' matches the content of variable 'sap_general_preconfigure_hostname'." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" - name: "Assert that the length of the hostname is not longer than 'sap_general_preconfigure_max_hostname_length'" ansible.builtin.assert: - that: (sap_hostname | length | int) <= (sap_general_preconfigure_max_hostname_length | int) - fail_msg: "FAIL: The length of the hostname is {{ sap_hostname | length | int }} but must be less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')!" - success_msg: "PASS: The length of the hostname is {{ sap_hostname | length | int }}, which is less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')." + that: (sap_general_preconfigure_hostname | length | int) <= (sap_general_preconfigure_max_hostname_length | int) + fail_msg: "FAIL: The length of the hostname is {{ sap_general_preconfigure_hostname | length | int }} but must be less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')!" + success_msg: "PASS: The length of the hostname is {{ sap_general_preconfigure_hostname | length | int }}, which is less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/check-dns-name-resolution.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/check-dns-name-resolution.yml index 42ca53351..562f8d16c 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/check-dns-name-resolution.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/check-dns-name-resolution.yml @@ -1,17 +1,17 @@ --- - name: Check dns forwarding settings - ansible.builtin.shell: test "$(dig {{ sap_hostname }}.{{ sap_domain }} +short)" = "{{ sap_ip }}" + ansible.builtin.shell: test "$(dig {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} +short)" = "{{ sap_general_preconfigure_ip }}" changed_when: false ignore_errors: true ### BUG: dig does not use search path in resolv.con on PPCle - name: Check resolv.conf settings - ansible.builtin.shell: test "$(dig {{ sap_hostname }} +search +short)" = "{{ sap_ip }}" + ansible.builtin.shell: test "$(dig {{ sap_general_preconfigure_hostname }} +search +short)" = "{{ sap_general_preconfigure_ip }}" changed_when: false ignore_errors: true - name: Check dns reverse settings - ansible.builtin.shell: test "$(dig -x {{ sap_ip }} +short)" = "{{ sap_hostname }}.{{ sap_domain }}." + ansible.builtin.shell: test "$(dig -x {{ sap_general_preconfigure_ip }} +short)" = "{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}." changed_when: false ignore_errors: true diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-etc-hosts.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-etc-hosts.yml index baa6991d3..1c333e1bd 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-etc-hosts.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-etc-hosts.yml @@ -3,15 +3,16 @@ - name: Display host and domain name, and IP address before the modification ansible.builtin.debug: msg: - - "sap_hostname = {{ sap_hostname }}" - - "sap_domain = {{ sap_domain }}" - - "sap_ip = {{ sap_ip }}" + - "sap_general_preconfigure_hostname = {{ sap_general_preconfigure_hostname }}" + - "sap_general_preconfigure_domain = {{ sap_general_preconfigure_domain }}" + - "sap_general_preconfigure_ip = {{ sap_general_preconfigure_ip }}" -- name: Get all hostname aliases of {{ sap_ip }} +- name: Get all hostname aliases of {{ sap_general_preconfigure_ip }} ansible.builtin.shell: | - awk '( $1 == "{{ sap_ip }}" ) { + awk '( $1 == "{{ sap_general_preconfigure_ip }}" ) { for (i=2; i<=NF; ++i) { - if (( $i != "{{ sap_hostname }}" ) && ( $i != "{{ sap_hostname }}.{{ sap_domain }}" )) { printf " "$i } + if (( $i != "{{ sap_general_preconfigure_hostname }}" ) && + ( $i != "{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}" )) { printf " "$i } } }' /etc/hosts register: __sap_general_preconfigure_register_sap_hostname_aliases @@ -26,7 +27,7 @@ block: - name: Perform the /etc/hosts completeness check - ansible.builtin.command: awk 'BEGIN{a=0}/{{ sap_ip }}/&&/{{ sap_hostname }}.{{ sap_domain }}/&&/{{ sap_hostname }}/{a++}END{print a}' /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/{{ sap_general_preconfigure_ip }}/&&/{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}/&&/{{ sap_general_preconfigure_hostname }}/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_check changed_when: false @@ -39,7 +40,7 @@ ansible.builtin.debug: msg: - "Expected:" - - "{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}" + - "{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}" when: - __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_check.stdout != "1" @@ -48,15 +49,15 @@ msg: - "Server's ip4 address, FQDN, or hostname are not in /etc/hosts!" - "Expected:" - - "{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}" + - "{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}" when: - __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_check.stdout != "1" ignore_errors: "{{ ansible_check_mode }}" -# We allow more than one line containing sap_ip: -- name: Check for duplicate entries of {{ sap_ip }} in /etc/hosts +# We allow more than one line containing sap_general_preconfigure_ip: +- name: Check for duplicate entries of {{ sap_general_preconfigure_ip }} in /etc/hosts ansible.builtin.shell: | - n=$(grep "^{{ sap_ip }}\s" /etc/hosts | wc -l) + n=$(grep "^{{ sap_general_preconfigure_ip }}\s" /etc/hosts | wc -l) if [ $n -gt 1 ]; then echo "Duplicate IP entry in /etc/hosts!" exit 1 @@ -68,15 +69,15 @@ ignore_errors: yes when: not ansible_check_mode -- name: Verify that variable sap_domain is set +- name: Verify that variable sap_general_preconfigure_domain is set ansible.builtin.assert: - that: not( (sap_domain is undefined) or (sap_domain is none) or (sap_domain | trim == '') ) - msg: "Variable 'sap_domain' is undefined or empty. Please define it in defaults/main.yml or via --extra-vars!" + that: not( (sap_general_preconfigure_domain is undefined) or (sap_general_preconfigure_domain is none) or (sap_general_preconfigure_domain | trim == '') ) + msg: "Variable 'sap_general_preconfigure_domain' is undefined or empty. Please set it in your playbook or inventory!" - name: Report if there is more than one line with the IP address ansible.builtin.debug: msg: - - "More than one line containing {{ sap_ip }}. File /etc/hosts will not be modified." + - "More than one line containing {{ sap_general_preconfigure_ip }}. File /etc/hosts will not be modified." when: - not ansible_check_mode - __sap_general_preconfigure_register_duplicate_ip_check.stdout == 'Duplicate IP entry in /etc/hosts!' @@ -85,12 +86,12 @@ - name: Ensure that the entry in /etc/hosts is correct ansible.builtin.lineinfile: path: /etc/hosts - regexp: '^{{ sap_ip }}\s' - line: "{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}{{ __sap_general_preconfigure_register_sap_hostname_aliases.stdout }}" + regexp: '^{{ sap_general_preconfigure_ip }}\s' + line: "{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}{{ __sap_general_preconfigure_register_sap_hostname_aliases.stdout }}" backup: yes when: - not ansible_check_mode - - sap_domain | length > 0 + - sap_general_preconfigure_domain | length > 0 - __sap_general_preconfigure_register_duplicate_ip_check.stdout != 'Duplicate IP entry in /etc/hosts!' - sap_general_preconfigure_modify_etc_hosts | bool @@ -103,8 +104,8 @@ exit 1 fi with_items: - - '{{ sap_hostname }}.{{ sap_domain }}' - - '{{ sap_hostname }}' + - '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' + - '{{ sap_general_preconfigure_hostname }}' changed_when: false loop_control: loop_var: line_item diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml index 9d3798601..3bb041928 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml @@ -46,9 +46,9 @@ - name: Ensure that the short hostname is set ansible.builtin.hostname: - name: "{{ sap_hostname }}" + name: "{{ sap_general_preconfigure_hostname }}" - name: "Ensure that the length of the hostname is not longer than 'sap_general_preconfigure_max_hostname_length'" ansible.builtin.assert: - that: (sap_hostname | length | int) <= (sap_general_preconfigure_max_hostname_length | int) - msg: "The length of the hostname is {{ sap_hostname | length | int }} but must be less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')!" + that: (sap_general_preconfigure_hostname | length | int) <= (sap_general_preconfigure_max_hostname_length | int) + msg: "The length of the hostname is {{ sap_general_preconfigure_hostname | length | int }} but must be less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')!" diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml index 09dc818d7..81592887c 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml @@ -101,7 +101,7 @@ - name: SELinux - Warn if the SELinux file contexts cannot be set ansible.builtin.debug: - msg: "WARN: The SELinux file context cannot be set on an SELinux disabled system!" + msg: "WARN: The SELinux file contexts cannot be set on an SELinux disabled system!" when: - sap_general_preconfigure_modify_selinux_labels - __sap_general_preconfigure_fact_selinux_mode == 'disabled' diff --git a/roles/sap_general_preconfigure/tasks/RedHat/installation.yml b/roles/sap_general_preconfigure/tasks/RedHat/installation.yml index b86af1c69..79fd9eeec 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/installation.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/installation.yml @@ -104,21 +104,21 @@ - sap_general_preconfigure_set_minor_release - __sap_general_preconfigure_register_subscription_manager_release.stdout != ansible_distribution_version -- name: Ensure that the required package groups are installed, RHEL 7 +- name: Ensure that the required package groups are installed, RHEL except 8.1 ansible.builtin.package: name: "{{ sap_general_preconfigure_packagegroups }}" state: present - when: ansible_distribution_major_version == '7' + when: ansible_distribution_version != '8.1' # Note: We do not want package updates, see also Red Hat bug 1983749. # Because the installation of an environment or package group is not guaranteed to avoid package updates, # and because of bug 2011426 (for which the fix is not available in the RHEL 8.1 ISO image), a RHEL 8.1 # system might not boot after installing environment group Server. # Reason for noqa: Finding out if packages already are installed would require one more task. -- name: Ensure that the required package groups are installed, RHEL 8 and RHEL 9 # noqa command-instead-of-module no-changed-when +- name: Ensure that the required package groups are installed, RHEL 8.1 # noqa command-instead-of-module no-changed-when ansible.builtin.command: "yum install {{ sap_general_preconfigure_packagegroups | join(' ') }} --nobest --exclude=kernel* -y" register: __sap_general_preconfigure_register_yum_group_install - when: ansible_distribution_major_version == '8' or ansible_distribution_major_version == '9' + when: ansible_distribution_version == '8.1' # possible replacement once we no longer need Ansible 2.9 compatibility: #- name: Ensure that the required package groups are installed, RHEL 8 and 9 diff --git a/roles/sap_general_preconfigure/tasks/main.yml b/roles/sap_general_preconfigure/tasks/main.yml index 52b5fe1ae..d9474cf63 100644 --- a/roles/sap_general_preconfigure/tasks/main.yml +++ b/roles/sap_general_preconfigure/tasks/main.yml @@ -3,6 +3,8 @@ - name: Display the role path ansible.builtin.debug: var: role_path + tags: + - always - name: Include OS specific vars, specific ansible.builtin.include_vars: '{{ item }}' @@ -10,6 +12,8 @@ - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_version }}.yml' - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_major_version }}.yml' - '{{ ansible_os_family }}.yml' + tags: + - always - name: Rename user sap_preconfigure variables if found, generic ansible.builtin.set_fact: @@ -31,6 +35,8 @@ sap_general_preconfigure_modify_etc_hosts: "{{ sap_preconfigure_modify_etc_hosts | d(sap_general_preconfigure_modify_etc_hosts) }}" sap_general_preconfigure_kernel_parameters: "{{ sap_preconfigure_kernel_parameters | d(sap_general_preconfigure_kernel_parameters) }}" sap_general_preconfigure_max_hostname_length: "{{ sap_preconfigure_max_hostname_length | d(sap_general_preconfigure_max_hostname_length) }}" + tags: + - always - name: Rename user sap_preconfigure variables if found, RHEL only ansible.builtin.set_fact: @@ -52,45 +58,76 @@ sap_general_preconfigure_2772999_09: "{{ (sap_preconfigure_2772999_09 | d(sap_general_preconfigure_2772999_09)) | d(false) }}" sap_general_preconfigure_2772999_10: "{{ (sap_preconfigure_2772999_10 | d(sap_general_preconfigure_2772999_10)) | d(false) }}" when: ansible_facts['distribution'] in ['RedHat'] + tags: + - always - name: Rename sap_preconfigure_db_group_name if defined ansible.builtin.set_fact: sap_general_preconfigure_db_group_name: "{{ sap_preconfigure_db_group_name | d(sap_general_preconfigure_db_group_name) }}" when: sap_preconfigure_db_group_name is defined or sap_general_preconfigure_db_group_name is defined + tags: + - always - name: Set filename prefix to empty string if role is run in normal mode ansible.builtin.set_fact: __sap_general_preconfigure_fact_assert_filename_prefix: "" when: not sap_general_preconfigure_assert | d(false) + tags: + - always - name: Prepend filename with assert string if role is run in assert mode ansible.builtin.set_fact: __sap_general_preconfigure_fact_assert_filename_prefix: "assert-" when: sap_general_preconfigure_assert | d(false) + tags: + - always + +# Requirement for package_facts Ansible Module +- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python + ansible.builtin.package: + name: python3-rpm + state: present + when: ansible_os_family == "Suse" # required for installation and configuration tasks: - name: Gather package facts ansible.builtin.package_facts: + tags: + - sap_general_preconfigure_installation - name: Include tasks from 'installation.yml' - ansible.builtin.include_tasks: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}installation.yml' + ansible.builtin.include_tasks: + file: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}installation.yml' + apply: + tags: sap_general_preconfigure_installation when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_installation | d(false) with_first_found: - '{{ ansible_distribution.split("_")[0] }}' - '{{ ansible_distribution }}' - '{{ ansible_os_family }}.yml' + tags: + - sap_general_preconfigure_installation - name: Gather package facts again after the installation phase ansible.builtin.package_facts: + tags: + - always - name: Include tasks from 'configuration.yml' - ansible.builtin.include_tasks: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}configuration.yml' + ansible.builtin.include_tasks: + file: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}configuration.yml' + apply: + tags: sap_general_preconfigure_configuration when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_configuration | d(false) with_first_found: - '{{ ansible_distribution.split("_")[0] }}' - '{{ ansible_distribution }}' - '{{ ansible_os_family }}.yml' + tags: + - always # allow a reboot at the end of the preconfigure role - name: Flush handlers ansible.builtin.meta: flush_handlers + tags: + - always diff --git a/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml b/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml index 71314ca65..94f6cb0e4 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml @@ -8,7 +8,12 @@ memtotal_mb = {{ ansible_memtotal_mb }}; swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - always - name: Import tasks from '../RedHat/generic/configure-tmpfs.yml' ansible.builtin.import_tasks: ../RedHat/generic/configure-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_0941735 | d(false) + tags: + - sap_general_preconfigure_0941735 + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml b/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml index 9c8d90ceb..4d040f23e 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml @@ -5,7 +5,12 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).version }}): Configure uuidd" + tags: + - always - name: Import tasks from '../RedHat/generic/configure-uuidd.yml' ansible.builtin.import_tasks: ../RedHat/generic/configure-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_1391070 | d(false) + tags: + - sap_general_preconfigure_1391070 + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml b/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml index da081396e..d392e9b9a 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml @@ -5,7 +5,12 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).version }}): User and system resource limits" + tags: + - always - name: Import tasks from '../RedHat/generic/increase-nofile-limits.yml' ansible.builtin.import_tasks: ../RedHat/generic/increase-nofile-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_1771258 | d(false) + tags: + - sap_general_preconfigure_1771258 + - sap_general_preconfigure_nofile_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml index d05266228..b067cfc15 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml @@ -4,23 +4,40 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).version }}): Configure RHEL 7" + tags: + - always - name: Import tasks from '2002167/02-configuration-changes.yml' ansible.builtin.import_tasks: 2002167/02-configuration-changes.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_02 | d(false) + tags: + - sap_general_preconfigure_2002167 + - sap_general_preconfigure_2002167_02 - name: Import tasks from '2002167/03-setting-the-hostname.yml' ansible.builtin.import_tasks: 2002167/03-setting-the-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_03 | d(false) + tags: + - sap_general_preconfigure_2002167 + - sap_general_preconfigure_2002167_03 - name: Import tasks from '2002167/04-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2002167/04-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_04 | d(false) + tags: + - sap_general_preconfigure_2002167 + - sap_general_preconfigure_2002167_04 - name: Import tasks from '2002167/05-process-resource-limits.yml' ansible.builtin.import_tasks: 2002167/05-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_05 | d(false) + tags: + - sap_general_preconfigure_2002167 + - sap_general_preconfigure_2002167_05 - name: Import tasks from '2002167/06-additional-notes-for-installing-sap-systems.yml' ansible.builtin.import_tasks: 2002167/06-additional-notes-for-installing-sap-systems.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_06 | d(false) + tags: + - sap_general_preconfigure_2002167 + - sap_general_preconfigure_2002167_06 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-assert-configuration-changes.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-assert-configuration-changes.yml index cb5f0cbd3..2c75cd689 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-assert-configuration-changes.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-assert-configuration-changes.yml @@ -3,13 +3,21 @@ - name: Assert 2002167-2a ansible.builtin.debug: msg: "SAP note 2002167 Step 2a: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall - name: Import tasks from '../../RedHat/generic/assert-firewall.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-firewall.yml + tags: + - sap_general_preconfigure_firewall - name: Assert 2002167-2b ansible.builtin.debug: msg: "SAP note 2002167 Step 2b: Configure SELinux" + tags: + - sap_general_preconfigure_selinux - name: Import tasks from '../../RedHat/generic/assert-selinux.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-configuration-changes.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-configuration-changes.yml index feaca9a22..ce5876fbe 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-configuration-changes.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-configuration-changes.yml @@ -3,9 +3,14 @@ - name: Configure 2002167-2a ansible.builtin.debug: msg: "SAP note 2002167 Step 2a: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall + - sap_general_preconfigure_selinux - name: Import tasks from '../../RedHat/generic/configure-firewall.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-firewall.yml + tags: + - sap_general_preconfigure_firewall - name: Configure 2002167-2b ansible.builtin.debug: @@ -13,3 +18,5 @@ - name: Import tasks from '../../RedHat/generic/configure-selinux.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-assert-setting-the-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-assert-setting-the-hostname.yml index 8c5dae0be..243080ea0 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-assert-setting-the-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-assert-setting-the-hostname.yml @@ -3,12 +3,22 @@ - name: Assert 2002167-3 ansible.builtin.debug: msg: "SAP note 2002167 Step 3: Setting the Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution - name: Import tasks from '../../RedHat/generic/assert-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-hostname.yml + tags: + - sap_general_preconfigure_hostname - name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + tags: + - sap_general_preconfigure_etc_hosts - name: Import tasks from '../../RedHat/generic/assert-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml index 7a59c12ca..67d3659f8 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml @@ -3,12 +3,36 @@ - name: Configure 2002167-3 ansible.builtin.debug: msg: "SAP note 2002167 Step 3: Setting the Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution - name: Import tasks from '../../RedHat/generic/configure-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-hostname.yml + tags: + - sap_general_preconfigure_hostname -- name: Import tasks from '../../RedHat/generic/configure-etc-hosts.yml' - ansible.builtin.import_tasks: ../../RedHat/generic/configure-etc-hosts.yml +- name: Import role sap_maintain_etc_hosts + ansible.builtin.import_role: + name: sap_maintain_etc_hosts + vars: + sap_maintain_etc_hosts_list: + - node_ip: "{{ sap_general_preconfigure_ip }}" + node_name: "{{ sap_general_preconfigure_hostname }}" + node_domain: "{{ sap_general_preconfigure_domain }}" + state: present + when: sap_general_preconfigure_modify_etc_hosts + tags: + - sap_general_preconfigure_etc_hosts + +- name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + when: not sap_general_preconfigure_modify_etc_hosts + tags: + - sap_general_preconfigure_etc_hosts - name: Import tasks from '../../RedHat/generic/check-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-assert-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-assert-linux-kernel-parameters.yml index c4f1be843..ce765cb33 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-assert-linux-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-assert-linux-kernel-parameters.yml @@ -3,6 +3,10 @@ - name: Assert 2002167-4 ansible.builtin.debug: msg: "SAP note 2002167 Step 4: Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '../../RedHat/generic/assert-kernel-parameters.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-linux-kernel-parameters.yml index c428d82b2..e02ad0179 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-linux-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-linux-kernel-parameters.yml @@ -3,6 +3,10 @@ - name: Configure 2002167-4 ansible.builtin.debug: msg: "SAP note 2002167 Step 4: Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '../../RedHat/generic/configure-kernel-parameters.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-assert-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-assert-process-resource-limits.yml index 6dc973607..0771eec83 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-assert-process-resource-limits.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-assert-process-resource-limits.yml @@ -3,9 +3,15 @@ - name: Assert 2002167-5 ansible.builtin.debug: msg: "SAP note 2002167 Step 5: Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/assert-limits-conf-file.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-limits-conf-file.yml + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/assert-nproc-limits.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-process-resource-limits.yml index ec9164179..069b2dac7 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-process-resource-limits.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-process-resource-limits.yml @@ -3,6 +3,10 @@ - name: Configure 2002167-5 ansible.builtin.debug: msg: "SAP note 2002167 Step 5: Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/increase-nproc-limits.yml' ansible.builtin.import_tasks: ../../RedHat/generic/increase-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-additional-notes-for-installing-sap-systems.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-additional-notes-for-installing-sap-systems.yml index e922748f0..514748cfe 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-additional-notes-for-installing-sap-systems.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-additional-notes-for-installing-sap-systems.yml @@ -3,18 +3,28 @@ - name: Configure 2002167-6 ansible.builtin.debug: msg: "SAP note 2002167 Step 6: Additional notes for installing SAP systems" + tags: + - sap_general_preconfigure_libldap + - sap_general_preconfigure_liblber + - sap_general_preconfigure_systemd_tmpfiles - name: Link LDAP library libldap ansible.builtin.file: src: /usr/lib64/libldap-2.3.so.0 dest: /usr/lib64/libldap.so.199 state: link + tags: + - sap_general_preconfigure_libldap - name: Link LDAP library liblber ansible.builtin.file: src: /usr/lib64/liblber-2.3.so.0 dest: /usr/lib64/liblber.so.199 state: link + tags: + - sap_general_preconfigure_liblber - name: Import tasks from '../../RedHat/generic/configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-assert-additional-notes-for-installing-sap-systems.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-assert-additional-notes-for-installing-sap-systems.yml index 6ab03b878..afb8d04e4 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-assert-additional-notes-for-installing-sap-systems.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-assert-additional-notes-for-installing-sap-systems.yml @@ -3,11 +3,17 @@ - name: Assert 2002167-6 ansible.builtin.debug: msg: "SAP note 2002167 Step 6: Additional notes for installing SAP systems" + tags: + - sap_general_preconfigure_libldap + - sap_general_preconfigure_liblber + - sap_general_preconfigure_systemd_tmpfiles - name: Get info about file /usr/lib64/libldap.so.199 ansible.builtin.stat: path: /usr/lib64/libldap.so.199 register: __sap_general_preconfigure_register_stat_libldap_assert + tags: + - sap_general_preconfigure_libldap - name: Assert that file /usr/lib64/libldap.so.199 exists ansible.builtin.assert: @@ -15,6 +21,8 @@ fail_msg: "FAIL: File /usr/lib64/libldap.so.199 does not exist!" success_msg: "PASS: File /usr/lib64/libldap.so.199 exist." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_libldap - name: Assert that file /usr/lib64/libldap.so.199 is a link ansible.builtin.assert: @@ -23,6 +31,8 @@ success_msg: "PASS: File /usr/lib64/libldap.so.199 is a link." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" when: __sap_general_preconfigure_register_stat_libldap_assert.stat.exists + tags: + - sap_general_preconfigure_libldap - name: Assert that file /usr/lib64/libldap.so.199 is a link to /usr/lib64/libldap-2.3.so.0 ansible.builtin.assert: @@ -31,11 +41,15 @@ success_msg: "PASS: File /usr/lib64/libldap.so.199 is a link to /usr/lib64/libldap-2.3.so.0." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" when: __sap_general_preconfigure_register_stat_libldap_assert.stat.exists + tags: + - sap_general_preconfigure_libldap - name: Get info about file /usr/lib64/liblber.so.199 ansible.builtin.stat: path: /usr/lib64/liblber.so.199 register: __sap_general_preconfigure_register_stat_liblber_assert + tags: + - sap_general_preconfigure_liblber - name: Assert that file /usr/lib64/liblber.so.199 exists ansible.builtin.assert: @@ -43,6 +57,8 @@ fail_msg: "FAIL: File /usr/lib64/liblber.so.199 does not exist!" success_msg: "PASS: File /usr/lib64/liblber.so.199 exist." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_liblber - name: Assert that file /usr/lib64/liblber.so.199 exists and is a link ansible.builtin.assert: @@ -51,6 +67,8 @@ success_msg: "PASS: File /usr/lib64/liblber.so.199 is a link." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" when: __sap_general_preconfigure_register_stat_liblber_assert.stat.exists + tags: + - sap_general_preconfigure_liblber - name: Assert that file /usr/lib64/liblber.so.199 is a link to /usr/lib64/liblber-2.3.so.0 ansible.builtin.assert: @@ -59,6 +77,10 @@ success_msg: "PASS: File /usr/lib64/liblber.so.199 is a link to /usr/lib64/liblber-2.3.so.0." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" when: __sap_general_preconfigure_register_stat_liblber_assert.stat.exists + tags: + - sap_general_preconfigure_liblber - name: Import tasks from '../../RedHat/generic/assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml index 12fb3317d..45f614357 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml @@ -4,39 +4,68 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).version }}): Configure RHEL 8" + tags: + - always - name: Import tasks from '2772999/02-configure-selinux.yml' ansible.builtin.import_tasks: 2772999/02-configure-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_02 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_02 - name: Import tasks from '2772999/03-configure-hostname.yml' ansible.builtin.import_tasks: 2772999/03-configure-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_03 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_03 - name: Import tasks from '2772999/04-configure-network-time-and-date.yml' ansible.builtin.import_tasks: 2772999/04-configure-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_04 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_04 - name: Import tasks from '2772999/05-configure-firewall.yml' ansible.builtin.import_tasks: 2772999/05-configure-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_05 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_05 - name: Import tasks from '2772999/06-configure-uuidd.yml' ansible.builtin.import_tasks: 2772999/06-configure-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_06 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_06 - name: Import tasks from '2772999/07-configure-tmpfs.yml' ansible.builtin.import_tasks: 2772999/07-configure-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_07 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_07 - name: Import tasks from '2772999/08-configure-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2772999/08-configure-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_08 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_08 - name: Import tasks from '2772999/09-configure-process-resource-limits.yml' ansible.builtin.import_tasks: 2772999/09-configure-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_09 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_09 - name: Import tasks from '2772999/10-configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 2772999/10-configure-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_10 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_10 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-assert-selinux.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-assert-selinux.yml index f5cbea7d0..e0802a6e1 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-assert-selinux.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-assert-selinux.yml @@ -3,6 +3,10 @@ - name: Assert 2772999-2 ansible.builtin.debug: msg: "SAP note 2772999 Step 2: Configure SELinux" + tags: + - sap_general_preconfigure_selinux - name: Import tasks from '../../RedHat/generic/assert-selinux.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-configure-selinux.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-configure-selinux.yml index e77d8d6d1..5cf270376 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-configure-selinux.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-configure-selinux.yml @@ -3,6 +3,10 @@ - name: Configure 2772999-2 ansible.builtin.debug: msg: "SAP note 2772999 Step 2: Configure SELinux" + tags: + - sap_general_preconfigure_selinux - name: Import tasks from '../../RedHat/generic/configure-selinux.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-assert-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-assert-hostname.yml index 6214a6487..723f623b7 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-assert-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-assert-hostname.yml @@ -3,12 +3,22 @@ - name: Assert 2772999-3 ansible.builtin.debug: msg: "SAP note 2772999 Step 3: Configure Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution - name: Import tasks from '../../RedHat/generic/assert-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-hostname.yml + tags: + - sap_general_preconfigure_hostname - name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + tags: + - sap_general_preconfigure_etc_hosts - name: Import tasks from '../../RedHat/generic/assert-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml index 20204c9aa..111821324 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml @@ -3,12 +3,36 @@ - name: Configure 2772999-3 ansible.builtin.debug: msg: "SAP note 2772999 Step 3: Configure Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution - name: Import tasks from '../../RedHat/generic/configure-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-hostname.yml + tags: + - sap_general_preconfigure_hostname -- name: Import tasks from '../../RedHat/generic/configure-etc-hosts.yml' - ansible.builtin.import_tasks: ../../RedHat/generic/configure-etc-hosts.yml +- name: Import role sap_maintain_etc_hosts + ansible.builtin.import_role: + name: sap_maintain_etc_hosts + vars: + sap_maintain_etc_hosts_list: + - node_ip: "{{ sap_general_preconfigure_ip }}" + node_name: "{{ sap_general_preconfigure_hostname }}" + node_domain: "{{ sap_general_preconfigure_domain }}" + state: present + when: sap_general_preconfigure_modify_etc_hosts + tags: + - sap_general_preconfigure_etc_hosts + +- name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + when: not sap_general_preconfigure_modify_etc_hosts + tags: + - sap_general_preconfigure_etc_hosts - name: Import tasks from '../../RedHat/generic/check-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-assert-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-assert-network-time-and-date.yml index 28a36f531..611771f0a 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-assert-network-time-and-date.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-assert-network-time-and-date.yml @@ -3,6 +3,8 @@ - name: Assert 2772999-4 ansible.builtin.debug: msg: "SAP note 2772999 Step 4: Configure Network Time and Date" + tags: + - sap_general_preconfigure_network_time_and_date # Reason for noqa: We need to get the current status only - name: Get status of chronyd # noqa command-instead-of-module @@ -10,6 +12,8 @@ register: __sap_general_preconfigure_register_chronyd_status_assert ignore_errors: yes changed_when: no + tags: + - sap_general_preconfigure_network_time_and_date - name: Assert that chronyd is enabled ansible.builtin.assert: @@ -17,6 +21,8 @@ fail_msg: "FAIL: Service 'chronyd' is not enabled!" success_msg: "PASS: Service 'chronyd' is enabled." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_network_time_and_date - name: Assert that chronyd is active ansible.builtin.assert: @@ -24,3 +30,5 @@ fail_msg: "FAIL: Service 'chronyd' is not active!" success_msg: "PASS: Service 'chronyd' is active." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-configure-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-configure-network-time-and-date.yml index 6d515664b..f2ed23418 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-configure-network-time-and-date.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-configure-network-time-and-date.yml @@ -3,9 +3,13 @@ - name: Configure 2772999-4 ansible.builtin.debug: msg: "SAP note 2772999 Step 4: Configure Network Time and Date" + tags: + - sap_general_preconfigure_network_time_and_date - name: Start and enable service chronyd ansible.builtin.systemd: name: chronyd state: started enabled: yes + tags: + - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-assert-firewall.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-assert-firewall.yml index 4b974c632..9f8caf2ef 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-assert-firewall.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-assert-firewall.yml @@ -3,6 +3,10 @@ - name: Assert 2772999-5 ansible.builtin.debug: msg: "SAP note 2772999 Step 5: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall - name: Import tasks from '../../RedHat/generic/assert-firewall.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-firewall.yml + tags: + - sap_general_preconfigure_firewall diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-configure-firewall.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-configure-firewall.yml index 14b4b87bf..0fbc7d4d2 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-configure-firewall.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-configure-firewall.yml @@ -3,6 +3,10 @@ - name: Configure 2772999-5 ansible.builtin.debug: msg: "SAP note 2772999 Step 5: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall - name: Import tasks from '../../RedHat/generic/configure-firewall.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-firewall.yml + tags: + - sap_general_preconfigure_firewall diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-assert-uuidd.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-assert-uuidd.yml index c3cac0639..2d7512237 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-assert-uuidd.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-assert-uuidd.yml @@ -3,6 +3,10 @@ - name: Assert 2772999-6 ansible.builtin.debug: msg: "SAP note 2772999 Step 6: Configure uuidd" + tags: + - sap_general_preconfigure_configure_uuidd - name: Import tasks from '../../RedHat/generic/assert-uuidd.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-uuidd.yml + tags: + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-configure-uuidd.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-configure-uuidd.yml index 6736ab75f..ba37631ed 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-configure-uuidd.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-configure-uuidd.yml @@ -3,6 +3,10 @@ - name: Configure 2772999-6 ansible.builtin.debug: msg: "SAP note 2772999 Step 6: Configure uuidd" + tags: + - sap_general_preconfigure_configure_uuidd - name: Import tasks from '../../RedHat/generic/configure-uuidd.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-uuidd.yml + tags: + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-assert-tmpfs.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-assert-tmpfs.yml index 555f4f3ca..d6159ecaf 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-assert-tmpfs.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-assert-tmpfs.yml @@ -6,6 +6,10 @@ memtotal_mb = {{ ansible_memtotal_mb }}; swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '../../RedHat/generic/assert-tmpfs.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-tmpfs.yml + tags: + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-configure-tmpfs.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-configure-tmpfs.yml index effbbb6a5..b6de1449f 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-configure-tmpfs.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-configure-tmpfs.yml @@ -6,6 +6,10 @@ memtotal_mb = {{ ansible_memtotal_mb }}; swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '../../RedHat/generic/configure-tmpfs.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-tmpfs.yml + tags: + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-assert-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-assert-linux-kernel-parameters.yml index c4fdddd17..30384384e 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-assert-linux-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-assert-linux-kernel-parameters.yml @@ -3,6 +3,10 @@ - name: Assert 2772999-8 ansible.builtin.debug: msg: "SAP note 2772999 Step 8: Configure Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '../../RedHat/generic/assert-kernel-parameters.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-configure-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-configure-linux-kernel-parameters.yml index ef98d6043..5f2c0be03 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-configure-linux-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-configure-linux-kernel-parameters.yml @@ -3,6 +3,10 @@ - name: Configure 2772999-8 ansible.builtin.debug: msg: "SAP note 2772999 Step 8: Configure Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '../../RedHat/generic/configure-kernel-parameters.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-assert-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-assert-process-resource-limits.yml index 4d11551ba..c50358cd0 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-assert-process-resource-limits.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-assert-process-resource-limits.yml @@ -3,9 +3,15 @@ - name: Assert 2772999-9 ansible.builtin.debug: msg: "SAP note 2772999 Step 9: Configure Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/assert-limits-conf-file.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-limits-conf-file.yml + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/assert-nproc-limits.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-configure-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-configure-process-resource-limits.yml index d04dd88f2..ac4dc7692 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-configure-process-resource-limits.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-configure-process-resource-limits.yml @@ -3,6 +3,10 @@ - name: Configure 2772999-9 ansible.builtin.debug: msg: "SAP note 2772999 Step 9: Configure Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/increase-nproc-limits.yml' ansible.builtin.import_tasks: ../../RedHat/generic/increase-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-assert-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-assert-systemd-tmpfiles.yml index a24301744..a067c5654 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-assert-systemd-tmpfiles.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-assert-systemd-tmpfiles.yml @@ -3,6 +3,10 @@ - name: Assert 2772999-10 ansible.builtin.debug: msg: "SAP note 2772999 Step 10: Configure systemd-tmpfiles" + tags: + - sap_general_preconfigure_systemd_tmpfiles - name: Import tasks from '../../RedHat/generic/assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-configure-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-configure-systemd-tmpfiles.yml index 6af633653..b5fe023fa 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-configure-systemd-tmpfiles.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-configure-systemd-tmpfiles.yml @@ -3,6 +3,10 @@ - name: Configure 2772999-10 ansible.builtin.debug: msg: "SAP note 2772999 Step 10: Configure systemd-tmpfiles" + tags: + - sap_general_preconfigure_systemd_tmpfiles - name: Import tasks from '../../RedHat/generic/configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml index 5dc4af4b3..18e94b534 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml @@ -3,40 +3,69 @@ - name: Configure - Display SAP note number 3108316 and its version ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).number }} - (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).version }}): Configure RHEL 8" + (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).version }}): Configure RHEL 9" + tags: + - always - name: Import tasks from '3108316/02-configure-selinux.yml' ansible.builtin.import_tasks: 3108316/02-configure-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_02 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_02 - name: Import tasks from '3108316/03-configure-hostname.yml' ansible.builtin.import_tasks: 3108316/03-configure-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_03 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_03 - name: Import tasks from '3108316/04-configure-network-time-and-date.yml' ansible.builtin.import_tasks: 3108316/04-configure-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_04 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_04 - name: Import tasks from '3108316/05-configure-firewall.yml' ansible.builtin.import_tasks: 3108316/05-configure-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_05 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_05 - name: Import tasks from '3108316/06-configure-uuidd.yml' ansible.builtin.import_tasks: 3108316/06-configure-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_06 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_06 - name: Import tasks from '3108316/07-configure-tmpfs.yml' ansible.builtin.import_tasks: 3108316/07-configure-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_07 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_07 - name: Import tasks from '3108316/08-configure-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 3108316/08-configure-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_08 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_08 - name: Import tasks from '3108316/09-configure-process-resource-limits.yml' ansible.builtin.import_tasks: 3108316/09-configure-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_09 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_09 - name: Import tasks from '3108316/10-configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 3108316/10-configure-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_10 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_10 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-assert-selinux.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-assert-selinux.yml index 1c2fe6e96..4bbb28495 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-assert-selinux.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-assert-selinux.yml @@ -3,6 +3,10 @@ - name: Assert 3108316-2 ansible.builtin.debug: msg: "SAP note 3108316 Step 2: Configure SELinux" + tags: + - sap_general_preconfigure_selinux - name: Import tasks from '../../RedHat/generic/assert-selinux.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-configure-selinux.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-configure-selinux.yml index 29a95015e..da03345e5 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-configure-selinux.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-configure-selinux.yml @@ -3,6 +3,10 @@ - name: Configure 3108316-2 ansible.builtin.debug: msg: "SAP note 3108316 Step 2: Configure SELinux" + tags: + - sap_general_preconfigure_selinux - name: Import tasks from '../../RedHat/generic/configure-selinux.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-assert-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-assert-hostname.yml index 17aa80708..21a437d8f 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-assert-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-assert-hostname.yml @@ -3,12 +3,22 @@ - name: Assert 3108316-3 ansible.builtin.debug: msg: "SAP note 3108316 Step 3: Configure Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution - name: Import tasks from '../../RedHat/generic/assert-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-hostname.yml + tags: + - sap_general_preconfigure_hostname - name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + tags: + - sap_general_preconfigure_etc_hosts - name: Import tasks from '../../RedHat/generic/assert-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml index d120c8e8e..891888978 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml @@ -3,12 +3,36 @@ - name: Configure 3108316-3 ansible.builtin.debug: msg: "SAP note 3108316 Step 3: Configure Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution - name: Import tasks from '../../RedHat/generic/configure-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-hostname.yml + tags: + - sap_general_preconfigure_hostname -- name: Import tasks from '../../RedHat/generic/configure-etc-hosts.yml' - ansible.builtin.import_tasks: ../../RedHat/generic/configure-etc-hosts.yml +- name: Import role sap_maintain_etc_hosts + ansible.builtin.import_role: + name: sap_maintain_etc_hosts + vars: + sap_maintain_etc_hosts_list: + - node_ip: "{{ sap_general_preconfigure_ip }}" + node_name: "{{ sap_general_preconfigure_hostname }}" + node_domain: "{{ sap_general_preconfigure_domain }}" + state: present + when: sap_general_preconfigure_modify_etc_hosts + tags: + - sap_general_preconfigure_etc_hosts + +- name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + when: not sap_general_preconfigure_modify_etc_hosts + tags: + - sap_general_preconfigure_etc_hosts - name: Import tasks from '../../RedHat/generic/check-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-assert-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-assert-network-time-and-date.yml index f46e0aac5..d773c14c2 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-assert-network-time-and-date.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-assert-network-time-and-date.yml @@ -3,6 +3,8 @@ - name: Assert 3108316-4 ansible.builtin.debug: msg: "SAP note 3108316 Step 4: Configure Network Time and Date" + tags: + - sap_general_preconfigure_network_time_and_date # Reason for noqa: We need to get the current status only - name: Get status of chronyd # noqa command-instead-of-module @@ -10,6 +12,8 @@ register: __sap_general_preconfigure_register_chronyd_status_assert ignore_errors: yes changed_when: no + tags: + - sap_general_preconfigure_network_time_and_date - name: Assert that chronyd is enabled ansible.builtin.assert: @@ -17,6 +21,8 @@ fail_msg: "FAIL: Service 'chronyd' is not enabled!" success_msg: "PASS: Service 'chronyd' is enabled." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_network_time_and_date - name: Assert that chronyd is active ansible.builtin.assert: @@ -24,3 +30,5 @@ fail_msg: "FAIL: Service 'chronyd' is not active!" success_msg: "PASS: Service 'chronyd' is active." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-configure-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-configure-network-time-and-date.yml index 510ca3fb4..c175f1573 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-configure-network-time-and-date.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-configure-network-time-and-date.yml @@ -3,9 +3,13 @@ - name: Configure 3108316-4 ansible.builtin.debug: msg: "SAP note 3108316 Step 4: Configure Network Time and Date" + tags: + - sap_general_preconfigure_network_time_and_date - name: Start and enable service chronyd ansible.builtin.systemd: name: chronyd state: started enabled: yes + tags: + - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-assert-firewall.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-assert-firewall.yml index 9f70e1648..097978f1a 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-assert-firewall.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-assert-firewall.yml @@ -3,6 +3,10 @@ - name: Assert 3108316-5 ansible.builtin.debug: msg: "SAP note 3108316 Step 5: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall - name: Import tasks from '../../RedHat/generic/assert-firewall.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-firewall.yml + tags: + - sap_general_preconfigure_firewall diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-configure-firewall.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-configure-firewall.yml index 707b53712..a97c67a9c 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-configure-firewall.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-configure-firewall.yml @@ -3,6 +3,10 @@ - name: Configure 3108316-5 ansible.builtin.debug: msg: "SAP note 3108316 Step 5: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall - name: Import tasks from '../../RedHat/generic/configure-firewall.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-firewall.yml + tags: + - sap_general_preconfigure_firewall diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-assert-uuidd.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-assert-uuidd.yml index dab32ed0f..e5271b176 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-assert-uuidd.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-assert-uuidd.yml @@ -3,6 +3,10 @@ - name: Assert 3108316-6 ansible.builtin.debug: msg: "SAP note 3108316 Step 6: Configure uuidd" + tags: + - sap_general_preconfigure_configure_uuidd - name: Import tasks from '../../RedHat/generic/assert-uuidd.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-uuidd.yml + tags: + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-configure-uuidd.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-configure-uuidd.yml index ff31a6ce1..b805561d0 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-configure-uuidd.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-configure-uuidd.yml @@ -3,6 +3,10 @@ - name: Configure 3108316-6 ansible.builtin.debug: msg: "SAP note 3108316 Step 6: Configure uuidd" + tags: + - sap_general_preconfigure_configure_uuidd - name: Import tasks from '../../RedHat/generic/configure-uuidd.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-uuidd.yml + tags: + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-assert-tmpfs.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-assert-tmpfs.yml index 180df8ba5..4b8fca006 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-assert-tmpfs.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-assert-tmpfs.yml @@ -6,6 +6,10 @@ memtotal_mb = {{ ansible_memtotal_mb }}; swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '../../RedHat/generic/assert-tmpfs.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-tmpfs.yml + tags: + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-configure-tmpfs.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-configure-tmpfs.yml index f293b7979..f07c4081c 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-configure-tmpfs.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-configure-tmpfs.yml @@ -6,6 +6,10 @@ memtotal_mb = {{ ansible_memtotal_mb }}; swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '../../RedHat/generic/configure-tmpfs.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-tmpfs.yml + tags: + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-assert-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-assert-linux-kernel-parameters.yml index a5ed5b632..46be59030 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-assert-linux-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-assert-linux-kernel-parameters.yml @@ -3,6 +3,10 @@ - name: Assert 3108316-8 ansible.builtin.debug: msg: "SAP note 3108316 Step 8: Configure Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '../../RedHat/generic/assert-kernel-parameters.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-configure-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-configure-linux-kernel-parameters.yml index 5daf105f5..42a4b2415 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-configure-linux-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-configure-linux-kernel-parameters.yml @@ -3,6 +3,10 @@ - name: Configure 3108316-8 ansible.builtin.debug: msg: "SAP note 3108316 Step 8: Configure Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '../../RedHat/generic/configure-kernel-parameters.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-assert-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-assert-process-resource-limits.yml index b556fe3ef..75f60ddb7 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-assert-process-resource-limits.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-assert-process-resource-limits.yml @@ -3,9 +3,15 @@ - name: Assert 3108316-9 ansible.builtin.debug: msg: "SAP note 3108316 Step 9: Configure Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/assert-limits-conf-file.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-limits-conf-file.yml + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/assert-nproc-limits.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-configure-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-configure-process-resource-limits.yml index 104bd24b9..0a57b7009 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-configure-process-resource-limits.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-configure-process-resource-limits.yml @@ -3,6 +3,10 @@ - name: Configure 3108316-9 ansible.builtin.debug: msg: "SAP note 3108316 Step 9: Configure Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/increase-nproc-limits.yml' ansible.builtin.import_tasks: ../../RedHat/generic/increase-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-assert-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-assert-systemd-tmpfiles.yml index 37f6d65f7..5371d376a 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-assert-systemd-tmpfiles.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-assert-systemd-tmpfiles.yml @@ -3,6 +3,10 @@ - name: Assert 3108316-10 ansible.builtin.debug: msg: "SAP note 3108316 Step 10: Configure systemd-tmpfiles" + tags: + - sap_general_preconfigure_systemd_tmpfiles - name: Import tasks from '../../RedHat/generic/assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-configure-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-configure-systemd-tmpfiles.yml index 984bc832e..3fa4076a3 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-configure-systemd-tmpfiles.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-configure-systemd-tmpfiles.yml @@ -3,6 +3,10 @@ - name: Configure 3108316-10 ansible.builtin.debug: msg: "SAP note 3108316 Step 10: Configure systemd-tmpfiles" + tags: + - sap_general_preconfigure_systemd_tmpfiles - name: Import tasks from '../../RedHat/generic/configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml index b411463ce..895d68a87 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml @@ -8,7 +8,12 @@ memtotal_mb = {{ ansible_memtotal_mb }}; swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - always - name: Import tasks from '../RedHat/generic/assert-tmpfs.yml' ansible.builtin.import_tasks: ../RedHat/generic/assert-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_0941735 | d(false) + tags: + - sap_general_preconfigure_0941735 + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml index 5285dae87..f055f862c 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml @@ -5,7 +5,12 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).version }}): Configure uuidd" + tags: + - always - name: Import tasks from '../RedHat/generic/assert-uuidd.yml' ansible.builtin.import_tasks: ../RedHat/generic/assert-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_1391070 | d(false) + tags: + - sap_general_preconfigure_1391070 + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml index ac06c3a6e..0a6a2be54 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml @@ -5,7 +5,12 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).version }}): User and system resource limits" + tags: + - always - name: Import tasks from '../RedHat/generic/assert-nofile-limits.yml' ansible.builtin.import_tasks: ../RedHat/generic/assert-nofile-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_1771258 | d(false) + tags: + - sap_general_preconfigure_1771258 + - sap_general_preconfigure_nofile_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml index bbf5aea5b..12040584c 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml @@ -4,23 +4,40 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).version }}): Configure RHEL 7" + tags: + - always - name: Import tasks from '2002167/02-assert-configuration-changes.yml' ansible.builtin.import_tasks: 2002167/02-assert-configuration-changes.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_02 | d(false) + tags: + - sap_general_preconfigure_2002167 + - sap_general_preconfigure_2002167_02 - name: Import tasks from '2002167/03-assert-setting-the-hostname.yml' ansible.builtin.import_tasks: 2002167/03-assert-setting-the-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_03 | d(false) + tags: + - sap_general_preconfigure_2002167 + - sap_general_preconfigure_2002167_03 - name: Import tasks from '2002167/04-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2002167/04-assert-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_04 | d(false) + tags: + - sap_general_preconfigure_2002167 + - sap_general_preconfigure_2002167_04 - name: Import tasks from '2002167/05-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 2002167/05-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_05 | d(false) + tags: + - sap_general_preconfigure_2002167 + - sap_general_preconfigure_2002167_05 - name: Import tasks from '2002167/06-assert-additional-notes-for-installing-sap-systems.yml' ansible.builtin.import_tasks: 2002167/06-assert-additional-notes-for-installing-sap-systems.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_06 | d(false) + tags: + - sap_general_preconfigure_2002167 + - sap_general_preconfigure_2002167_06 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml index 91adfa3bd..504404264 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml @@ -4,39 +4,68 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).version }}): Configure RHEL 8" + tags: + - always - name: Import tasks from '2772999/02-assert-selinux.yml' ansible.builtin.import_tasks: 2772999/02-assert-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_02 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_02 - name: Import tasks from '2772999/03-assert-hostname.yml' ansible.builtin.import_tasks: 2772999/03-assert-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_03 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_03 - name: Import tasks from '2772999/04-assert-network-time-and-date.yml' ansible.builtin.import_tasks: 2772999/04-assert-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_04 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_04 - name: Import tasks from '2772999/05-assert-firewall.yml' ansible.builtin.import_tasks: 2772999/05-assert-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_05 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_05 - name: Import tasks from '2772999/06-assert-uuidd.yml' ansible.builtin.import_tasks: 2772999/06-assert-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_06 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_06 - name: Import tasks from '2772999/07-assert-tmpfs.yml' ansible.builtin.import_tasks: 2772999/07-assert-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_07 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_07 - name: Import tasks from '2772999/08-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2772999/08-assert-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_08 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_08 - name: Import tasks from '2772999/09-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 2772999/09-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_09 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_09 - name: Import tasks from '2772999/10-assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 2772999/10-assert-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_10 | d(false) + tags: + - sap_general_preconfigure_2772999 + - sap_general_preconfigure_2772999_10 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml index 7fcddbfb4..b80204cd2 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml @@ -3,40 +3,69 @@ - name: Assert - Display SAP note number 3108316 and its version ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).number }} - (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).version }}): Configure RHEL 8" + (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).version }}): Configure RHEL 9" + tags: + - always - name: Import tasks from '3108316/02-assert-selinux.yml' ansible.builtin.import_tasks: 3108316/02-assert-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_02 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_02 - name: Import tasks from '3108316/03-assert-hostname.yml' ansible.builtin.import_tasks: 3108316/03-assert-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_03 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_03 - name: Import tasks from '3108316/04-assert-network-time-and-date.yml' ansible.builtin.import_tasks: 3108316/04-assert-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_04 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_04 - name: Import tasks from '3108316/05-assert-firewall.yml' ansible.builtin.import_tasks: 3108316/05-assert-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_05 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_05 - name: Import tasks from '3108316/06-assert-uuidd.yml' ansible.builtin.import_tasks: 3108316/06-assert-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_06 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_06 - name: Import tasks from '3108316/07-assert-tmpfs.yml' ansible.builtin.import_tasks: 3108316/07-assert-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_07 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_07 - name: Import tasks from '3108316/08-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 3108316/08-assert-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_08 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_08 - name: Import tasks from '3108316/09-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 3108316/09-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_09 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_09 - name: Import tasks from '3108316/10-assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 3108316/10-assert-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_10 | d(false) + tags: + - sap_general_preconfigure_3108316 + - sap_general_preconfigure_3108316_10 diff --git a/roles/sap_general_preconfigure/tests/run-sap_general_preconfigure-tests.py b/roles/sap_general_preconfigure/tests/run-sap_general_preconfigure-tests.py index b09ea85bc..1e918077e 100755 --- a/roles/sap_general_preconfigure/tests/run-sap_general_preconfigure-tests.py +++ b/roles/sap_general_preconfigure/tests/run-sap_general_preconfigure-tests.py @@ -39,7 +39,7 @@ 'rc': '99', 'role_vars': [ { - 'sap_general_preconfigure_fail_if_reboot_required': False, + 'sap_general_preconfigure_fail_if_reboot_required': False, } ] }, @@ -143,9 +143,10 @@ command = ( 'ansible-playbook sap_general_preconfigure-default-settings.yml ' + par1['command_line_parameter'] - + '-l ' + + '-u root ' + + '-i ' + _managed_node - + ' ' + + ', ' + '-e "' ) for par2 in par1['role_vars']: diff --git a/roles/sap_general_preconfigure/tools/beautify-assert-output.sh b/roles/sap_general_preconfigure/tools/beautify-assert-output.sh index f48087c68..3c7e426a7 100755 --- a/roles/sap_general_preconfigure/tools/beautify-assert-output.sh +++ b/roles/sap_general_preconfigure/tools/beautify-assert-output.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # default font color: Light Cyan, which should be readable on both bright and dark background __FONT_COLOR=36m diff --git a/roles/sap_ha_pacemaker_cluster/README.md b/roles/sap_ha_pacemaker_cluster/README.md index 30f194cf1..3ddbb5f72 100644 --- a/roles/sap_ha_pacemaker_cluster/README.md +++ b/roles/sap_ha_pacemaker_cluster/README.md @@ -57,11 +57,15 @@ _All of the following functionality is provided as **Technology Preview**._ The Ansible Role requires the SAP HANA Database Server or SAP NetWeaver Application Server software installation to already exist on the target host/s. -The target host must have: -- OS version and license - RHEL4SAP (HA and US) 8.4+ -- OS package repositories enabled - SAP and High Availability +The target host must be either: +- Red Hat + - OS version: Registered RHEL4SAP (HA and US) 8.4+ + - OS package repositories enabled: SAP and High Availability +- SUSE + - OS version: Registered SLES for SAP 15+ (SLES4SAP 15+) + - OS package repositories enabled: HA Extension is part of registered SLES4SAP + -> _N.B. At this time SLES4SAP functionality is not available, until `crmsh` commands are provided in dependency Ansible Role [`ha_cluster`](https://github.com/linux-system-roles/ha_cluster)_ The Ansible Control System (where Ansible is executed from) must have: - Ansible Core 2.9+ @@ -318,16 +322,100 @@ Inherits the value of `ha_cluster_hacluster_password`, when defined.
Parameter for the 'SAPHana' cluster resource.
Define if a former primary should be re-registered automatically as secondary.
+### sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name + +- _Type:_ `string` +- _Default:_ `col_saphana_vip__HDB_primary` + +Customize the cluster constraint name for VIP and SAPHana primary clone colocation.
+ +### sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name + +- _Type:_ `string` +- _Default:_ `col_saphana_vip__HDB_readonly` + +Customize the cluster constraint name for VIP and SAPHana secondary clone colocation.
+ ### sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout - _Type:_ `int` -- _Default:_ `900` +- _Default:_ `7200` Parameter for the 'SAPHana' cluster resource.
Time difference needed between to primary time stamps, if a dual-primary situation occurs.
If the time difference is less than the time gap, then the cluster holds one or both instances in a "WAITING" status.
This is to give an admin a chance to react on a failover. A failed former primary will be registered after the time difference is passed.
+### sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name + +- _Type:_ `string` +- _Default:_ `cln_SAPHanaFil__HDB` + +Customize the cluster resource name of the SAP HANA Filesystem clone.
+ +### sap_ha_pacemaker_cluster_hana_filesystem_resource_name + +- _Type:_ `string` +- _Default:_ `rsc_SAPHanaFil__HDB` + +Customize the cluster resource name of the SAP HANA Filesystem.
+ +### sap_ha_pacemaker_cluster_hana_global_ini_path + +- _Type:_ `string` +- _Default:_ `/usr/sap//SYS/global/hdb/custom/config/global.ini` + +Path with location of global.ini for srHook update
+ +### sap_ha_pacemaker_cluster_hana_hook_chksrv + +- _Type:_ `bool` +- _Default:_ `False` + +Controls if ChkSrv srHook is enabled during srHook creation.
+It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined.
+ +### sap_ha_pacemaker_cluster_hana_hook_tkover + +- _Type:_ `bool` +- _Default:_ `False` + +Controls if TkOver srHook is enabled during srHook creation.
+It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined.
+ +### sap_ha_pacemaker_cluster_hana_hooks + +- _Type:_ `list` +- _Default:_ `[]` + +Customize required list of SAP HANA Hooks
+Mandatory to include SAPHanaSR srHook in list.
+Mandatory attributes are provider and path.
+Example below shows mandatory SAPHanaSR, TkOver and ChkSrv hooks.
+ +Example: + +```yaml +sap_ha_pacemaker_cluster_hana_hooks: +- options: + - name: execution_order + value: 1 + path: /usr/share/SAPHanaSR/ + provider: SAPHanaSR +- options: + - name: execution_order + value: 2 + path: /usr/share/SAPHanaSR/ + provider: susTkOver +- options: + - name: execution_order + value: 3 + - name: action_on_lost + value: stop + path: /usr/share/SAPHanaSR/ + provider: susChkSrv +``` + ### sap_ha_pacemaker_cluster_hana_instance_nr - _Type:_ `string` @@ -336,6 +424,27 @@ The instance number of the SAP HANA database which this role will configure in t Inherits the value of `sap_hana_instance_number`, when defined.
Mandatory for SAP HANA cluster setups.
+### sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name + +- _Type:_ `string` +- _Default:_ `ord_saphana_vip__HDB_primary` + +Customize the cluster constraint name for VIP and SAPHana primary clone order.
+ +### sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name + +- _Type:_ `string` +- _Default:_ `ord_saphana_vip__HDB_readonly` + +Customize the cluster constraint name for VIP and SAPHana secondary clone order.
+ +### sap_ha_pacemaker_cluster_hana_order_topology_hana_name + +- _Type:_ `string` +- _Default:_ `ord_saphana_saphanatop__HDB` + +Customize the cluster constraint name for SAPHana and Topology order.
+ ### sap_ha_pacemaker_cluster_hana_prefer_site_takeover - _Type:_ `bool` @@ -345,17 +454,25 @@ Parameter for the 'SAPHana' cluster resource.
Set to "false" if the cluster should first attempt to restart the instance on the same node.
When set to "true" (default) a failover to secondary will be initiated on resource failure.
+### sap_ha_pacemaker_cluster_hana_resource_clone_msl_name + +- _Type:_ `string` +- _Default:_ `msl_SAPHana__HDB` + +Customize the cluster resource name of the SAP HANA DB resource master slave clone.
+Master Slave clone is specific to SAPHana resource on SUSE.
+ ### sap_ha_pacemaker_cluster_hana_resource_clone_name - _Type:_ `string` -- _Default:_ `SAPHana__-clone` +- _Default:_ `cln_SAPHana__HDB` Customize the cluster resource name of the SAP HANA DB resource clone.
### sap_ha_pacemaker_cluster_hana_resource_name - _Type:_ `string` -- _Default:_ `SAPHana__` +- _Default:_ `rsc_SAPHana__HDB` Customize the cluster resource name of the SAP HANA DB resource.
@@ -371,17 +488,31 @@ Mandatory for SAP HANA cluster setups.
### sap_ha_pacemaker_cluster_hana_topology_resource_clone_name - _Type:_ `string` -- _Default:_ `SAPHanaTopology__-clone` +- _Default:_ `cln_SAPHanaTop__HDB` Customize the cluster resource name of the SAP HANA Topology resource clone.
### sap_ha_pacemaker_cluster_hana_topology_resource_name - _Type:_ `string` -- _Default:_ `SAPHanaTopology__` +- _Default:_ `rsc_SAPHanaTop__HDB` Customize the cluster resource name of the SAP HANA Topology resource.
+### sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name + +- _Type:_ `string` +- _Default:_ `cln_SAPHanaCon__HDB` + +Customize the cluster resource name of the SAP HANA Controller clone.
+ +### sap_ha_pacemaker_cluster_hanacontroller_resource_name + +- _Type:_ `string` +- _Default:_ `rsc_SAPHanaCon__HDB` + +Customize the cluster resource name of the SAP HANA Controller.
+ ### sap_ha_pacemaker_cluster_host_type - _Type:_ `list` @@ -455,10 +586,18 @@ Mandatory for NetWeaver AAS cluster configuration.
The standard NetWeaver ASCS/ERS cluster will be set up as ENSA2.
Set this parameter to 'true' to configure it as ENSA1.
+### sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + +- _Type:_ `bool` +- _Default:_ `True` + +Enables preferred method for ASCS ERS ENSA2 clusters - Simple Mount
+Set this parameter to 'true' to configure ENSA2 Simple Mount.
+ ### sap_ha_pacemaker_cluster_nwas_abap_ascs_filesystem_resource_name - _Type:_ `string` -- _Default:_ `Filesystem_NWAS_ABAP_ASCS__` +- _Default:_ `rsc_fs__ASCS` Name of the filesystem resource for the ASCS instance.
@@ -505,11 +644,12 @@ Only used for ENSA1 setups (see `sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_ens The name of the ASCS instance, typically the profile name.
Mandatory for the NetWeaver ASCS/ERS cluster setup
+Recommended format _ASCS_.
### sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name - _Type:_ `string` -- _Default:_ `SAPInstance_NWAS_ABAP_ASCS__` +- _Default:_ `rsc_SAPInstance__ASCS` Name of the ASCS instance resource.
@@ -527,10 +667,17 @@ NetWeaver ASCS instance resource stickiness attribute.
The full path and name of the ASCS instance profile.
Mandatory for the NetWeaver ASCS/ERS cluster setup.
+### sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name + +- _Type:_ `string` +- _Default:_ `rsc_SAPStartSrv__ASCS` + +Name of the ASCS SAPStartSrv resource for simple mount.
+ ### sap_ha_pacemaker_cluster_nwas_abap_ers_filesystem_resource_name - _Type:_ `string` -- _Default:_ `Filesystem_NWAS_ABAP_ERS__` +- _Default:_ `rsc_fs__ERS` Name of the filesystem resource for the ERS instance.
@@ -554,11 +701,12 @@ NetWeaver ERS instance resource option "AUTOMATIC_RECOVER".
The name of the ERS instance, typically the profile name.
Mandatory for the NetWeaver ASCS/ERS cluster setup.
+Recommended format _ERS_.
### sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name - _Type:_ `string` -- _Default:_ `SAPInstance_NWAS_ABAP_ERS__` +- _Default:_ `rsc_SAPInstance__ERS` Name of the ERS instance resource.
@@ -569,6 +717,13 @@ Name of the ERS instance resource.
The full path and name of the ERS instance profile.
Mandatory for the NetWeaver ASCS/ERS cluster.
+### sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name + +- _Type:_ `string` +- _Default:_ `rsc_SAPStartSrv__ERS` + +Name of the ERS SAPstartSrv resource for simple mount.
+ ### sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr - _Type:_ `string` @@ -585,10 +740,32 @@ Mandatory for NetWeaver cluster configuration.
Uses `sap_swpm_sid` if defined.
Mandatory for NetWeaver cluster setups.
+### sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name + +- _Type:_ `string` +- _Default:_ `col_ascs_separate_` + +Customize the cluster constraint name for ASCS and ERS separation colocation.
+ +### sap_ha_pacemaker_cluster_nwas_order_ascs_first_name + +- _Type:_ `string` +- _Default:_ `ord_ascs_first_` + +Customize the cluster constraint name for ASCS starting before ERS order.
+ +### sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name + +- _Type:_ `string` +- _Default:_ `cln_fs__sapmnt` + +Filesystem resource clone name for the shared filesystem /sapmnt.
+Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+ ### sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name - _Type:_ `string` -- _Default:_ `Filesystem_NWAS_SAPMNT_` +- _Default:_ `rsc_fs__sapmnt` Filesystem resource name for the shared filesystem /sapmnt.
Optional, this is typically managed by the OS, but can as well be added to the cluster configuration.
@@ -601,24 +778,55 @@ Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesyste Change this parameter to 'true' if the 3 shared filesystems `/usr/sap/trans`, `/usr/sap//SYS` and '/sapmnt' shall be configured as cloned cluster resources.
+### sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name + +- _Type:_ `string` +- _Default:_ `cln_fs__sys` + +Filesystem resource clone name for the shared filesystem /usr/sap//SYS.
+Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+ ### sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name - _Type:_ `string` -- _Default:_ `Filesystem_NWAS_SYS_` +- _Default:_ `rsc_fs__sys` Filesystem resource name for the transports filesystem /usr/sap//SYS.
Optional, this is typically managed by the OS, but can as well be added to the cluster configuration.
Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+### sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_clone_name + +- _Type:_ `string` +- _Default:_ `cln_fs__trans` + +Filesystem resource clone name for the shared filesystem /usr/sap/trans.
+Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+ ### sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name - _Type:_ `string` -- _Default:_ `Filesystem_NWAS_TRANS_` +- _Default:_ `rsc_fs__trans` Filesystem resource name for the transports filesystem /usr/sap/trans.
Optional, this is typically managed by the OS, but can as well be added to the cluster configuration.
Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+### sap_ha_pacemaker_cluster_operation_defaults + +- _Type:_ `dict` +- _Default:_ `{'record-pending': True, 'timeout': 600}` + +Set default operation parameters that will be valid for all pacemaker resources.
+ +Example: + +```yaml +sap_ha_pacemaker_cluster_operation_defaults: + record-pending: true + timeout: 600 +``` + ### sap_ha_pacemaker_cluster_resource_defaults - _Type:_ `dict` @@ -740,7 +948,7 @@ Mandatory parameter for HANA clusters.
### sap_ha_pacemaker_cluster_vip_hana_primary_resource_name - _Type:_ `string` -- _Default:_ `vip_` +- _Default:_ `rsc_vip__HDB_primary` Customize the name of the resource managing the Virtual IP of the primary HANA instance.
@@ -761,7 +969,7 @@ Mandatory for NetWeaver AAS cluster setup.
### sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name - _Type:_ `string` -- _Default:_ `vip___aas` +- _Default:_ `rsc_vip__AAS` Name of the SAPInstance resource for NetWeaver AAS.
@@ -775,14 +983,14 @@ Mandatory for NetWeaver ASCS/ERS cluster setup.
### sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name - _Type:_ `string` -- _Default:_ `_ASCS_group` +- _Default:_ `grp__ASCS` Name of the NetWeaver ASCS resource group.
### sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_name - _Type:_ `string` -- _Default:_ `vip___ascs` +- _Default:_ `rsc_vip__ASCS` Name of the SAPInstance resource for NetWeaver ASCS.
@@ -796,14 +1004,14 @@ Mandatory for NetWeaver ASCS/ERS cluster setup.
### sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name - _Type:_ `string` -- _Default:_ `_ERS_group` +- _Default:_ `grp__ERS` Name of the NetWeaver ERS resource group.
### sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_name - _Type:_ `string` -- _Default:_ `vip___ers` +- _Default:_ `rsc_vip__ERS` Name of the SAPInstance resource for NetWeaver ERS.
@@ -817,14 +1025,14 @@ Mandatory for NetWeaver PAS cluster setup.
### sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name - _Type:_ `string` -- _Default:_ `vip___pas` +- _Default:_ `rsc_vip__PAS` Name of the SAPInstance resource for NetWeaver PAS.
### sap_ha_pacemaker_cluster_vip_secondary_resource_name - _Type:_ `string` -- _Default:_ `vip_` +- _Default:_ `rsc_vip__HDB_readonly` Customize the name of the resource managing the Virtual IP of read-only access to the secondary HANA instance.
diff --git a/roles/sap_ha_pacemaker_cluster/defaults/main.yml b/roles/sap_ha_pacemaker_cluster/defaults/main.yml index 88df2160d..a6ddb9cc9 100644 --- a/roles/sap_ha_pacemaker_cluster/defaults/main.yml +++ b/roles/sap_ha_pacemaker_cluster/defaults/main.yml @@ -30,15 +30,9 @@ sap_ha_pacemaker_cluster_create_config_dest: "review_resource_config.yml" # Other options are needed in the separate HSR setup role. sap_ha_pacemaker_cluster_cluster_nodes: "{{ sap_hana_cluster_nodes | default([]) }}" -# Make sure that there is always the minimal default fed into the included role. -# This is combined with the custom list 'sap_ha_pacemaker_cluster_fence_agent_packages'. -sap_ha_pacemaker_cluster_fence_agent_minimal_packages: - - fence-agents-all - # Resource defaults are defined differently by cluster type in different tasks, if not custom defined. -# TODO: migrate to 'ha_cluster' native parameter combination when moving the function to be included in the role -# (newer feature in the LSR) sap_ha_pacemaker_cluster_resource_defaults: {} +sap_ha_pacemaker_cluster_operation_defaults: {} # The type of SAP landscape and multi-node replication # TODO: Type definitions and feature support @@ -113,20 +107,47 @@ sap_ha_pacemaker_cluster_hana_instance_nr: >- # AUTOMATED_REGISTER sap_ha_pacemaker_cluster_hana_automated_register: true # DUPLICATE_PRIMARY_TIMEOUT -sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout: 900 +sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout: 7200 # PREFER_SITE_TAKEOVER sap_ha_pacemaker_cluster_hana_prefer_site_takeover: true # SAP HANA - Resource IDs (names) as convenience parameters. sap_ha_pacemaker_cluster_hana_resource_name: >- - SAPHana_{{ sap_ha_pacemaker_cluster_hana_sid }}_{{ sap_ha_pacemaker_cluster_hana_instance_nr }} + rsc_SAPHana_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} sap_ha_pacemaker_cluster_hana_resource_clone_name: >- - {{ sap_ha_pacemaker_cluster_hana_resource_name }}-clone + cln_SAPHana_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} +# Master slave clone for SAPHanaSR on SLES <15.6 +sap_ha_pacemaker_cluster_hana_resource_clone_msl_name: >- + msl_SAPHana_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} +# SAPHanaController resource in SAPHanaSR-angi +sap_ha_pacemaker_cluster_hanacontroller_resource_name: >- + rsc_SAPHanaCon_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} +sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name: >- + mst_SAPHanaCon_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} + sap_ha_pacemaker_cluster_hana_topology_resource_name: >- - SAPHanaTopology_{{ sap_ha_pacemaker_cluster_hana_sid }}_{{ sap_ha_pacemaker_cluster_hana_instance_nr }} + rsc_SAPHanaTop_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} sap_ha_pacemaker_cluster_hana_topology_resource_clone_name: >- - {{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}-clone + cln_SAPHanaTop_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} + +sap_ha_pacemaker_cluster_hana_filesystem_resource_name: >- + rsc_SAPHanaFil_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} +sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name: >- + cln_SAPHanaFil_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} + +# SAP HANA - Constraint names +sap_ha_pacemaker_cluster_hana_order_topology_hana_name: >- + ord_saphana_saphanatop_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} + +sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name: >- + col_saphana_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary +sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name: >- + col_saphana_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_readonly +sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name: >- + ord_saphana_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary +sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name: >- + ord_saphana_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_readonly # Multiple VIP parameters can be defined and will be combined. # See tasks/include_construct_vip_resources.yml @@ -134,10 +155,10 @@ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name: >- # Mandatory: primary VIP address definition in HANA scale-up clusters sap_ha_pacemaker_cluster_vip_hana_primary_ip_address: '' sap_ha_pacemaker_cluster_vip_hana_primary_resource_name: >- - vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary + rsc_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary sap_ha_pacemaker_cluster_vip_hana_secondary_ip_address: '' sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name: >- - vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_readonly + rsc_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_readonly sap_ha_pacemaker_cluster_healthcheck_hana_primary_id: "{{ sap_ha_pacemaker_cluster_hana_sid + 'prim' }}" sap_ha_pacemaker_cluster_healthcheck_hana_secondary_id: "{{ sap_ha_pacemaker_cluster_hana_sid + 'ro' }}" @@ -146,6 +167,16 @@ sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ers_id: "{{ sap_ha_pacemaker_clus sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid + 'pas' }}" sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid + 'aas' }}" +# Optional dictionary with custom list of HANA Hooks for replication +sap_ha_pacemaker_cluster_hana_hooks: [] +# Parameters enable additional srHooks for TkOver and ChkSrv. +# They are ignored if sap_ha_pacemaker_cluster_hana_hooks is used. +sap_ha_pacemaker_cluster_hana_hook_tkover: false +sap_ha_pacemaker_cluster_hana_hook_chksrv: false + +# SAP Hana global.ini path calculated from SID +sap_ha_pacemaker_cluster_hana_global_ini_path: "/usr/sap/{{ + sap_ha_pacemaker_cluster_hana_sid | upper }}/SYS/global/hdb/custom/config/global.ini" ################################################################################ # NetWeaver generic definitions @@ -155,6 +186,9 @@ sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_id: "{{ sap_ha_pacemaker_clus # set this parameter to 'true'. sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_ensa1: false +# Enable ENSA2 simple mount configuration +sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount: true + # Enable/Disable sap_cluster_connector. # Ref.: https://access.redhat.com/solutions/3606101 sap_ha_pacemaker_cluster_enable_cluster_connector: true @@ -185,16 +219,16 @@ sap_ha_pacemaker_cluster_resource_filesystem_force_unmount: safe # See tasks/include_construct_vip_resources.yml sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_ip_address: '' sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_name: >- - vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}_ascs + rsc_vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} sap_ha_pacemaker_cluster_vip_nwas_abap_ers_ip_address: '' sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_name: >- - vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}_ers + rsc_vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} sap_ha_pacemaker_cluster_vip_nwas_abap_pas_ip_address: '' sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name: >- - vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr }}_pas + rsc_vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_PAS{{ sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr }} sap_ha_pacemaker_cluster_vip_nwas_abap_aas_ip_address: '' sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name: >- - vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_aas_instance_nr }}_aas + rsc_vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_AAS{{ sap_ha_pacemaker_cluster_nwas_abap_aas_instance_nr }} # SAP NetWeaver common - Resource IDs (names) as convenience parameters @@ -203,23 +237,25 @@ sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name: >- # - /usr/sap/trans # - /usr/sap/<>/SYS sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name: >- - Filesystem_NWAS_SAPMNT_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }} + rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_sapmnt +sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name: >- + cln_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_sapmnt + sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name: >- - Filesystem_NWAS_TRANS_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }} + rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_trans +sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_clone_name: >- + cln_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_trans + sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name: >- - Filesystem_NWAS_SYS_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }} + rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_sys +sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name: >- + cln_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_sys # The shared filesystems are not required to be configured in the cluster. # By default it is assumed that they are mounted by the system and available on all cluster nodes. # Set this parameter to "true" to configure the 3 shared filesystems as part of the cluster. sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed: false -# SAP NetWeaver resource group names as convenience parameters -sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name: >- - {{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}_group -sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name: >- - {{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}_group - ################################################################################ # ASCS resource defaults ################################################################################ @@ -234,10 +270,21 @@ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_start_profile_string: '' # - /usr/sap/<>/ERS<> sap_ha_pacemaker_cluster_nwas_abap_ascs_filesystem_resource_name: >- - Filesystem_NWAS_ABAP_ASCS_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} + rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name: >- - SAPInstance_NWAS_ABAP_ASCS_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -# sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_clone_name: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name }}-clone" + rsc_SAPInstance_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} +sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name: >- + rsc_SAPStartSrv_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} + +sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name: >- + grp_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} + +sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name: >- + col_ascs_separate_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }} + +sap_ha_pacemaker_cluster_nwas_order_ascs_first_name: >- + ord_ascs_first_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }} + sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_automatic_recover_bool: false sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_stickiness: 5000 sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_ensa1_migration_threshold: 1 @@ -256,13 +303,18 @@ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_instance_name: '' # Full path with instance profile name - mandatory to be user-defined sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_start_profile_string: '' +# SAP NetWeaver ABAP ERS - Resource IDs (names) as convenience parameters. sap_ha_pacemaker_cluster_nwas_abap_ers_filesystem_resource_name: >- - Filesystem_NWAS_ABAP_ERS_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} + rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name: >- - SAPInstance_NWAS_ABAP_ERS_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -# sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_clone_name: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name }}-clone" + rsc_SAPInstance_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} +sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name: >- + rsc_SAPStartSrv_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_automatic_recover_bool: false +sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name: >- + grp_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} + ################################################################################ # PAS/AAS resource defaults diff --git a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml index 2de3b8d43..88883f8a1 100644 --- a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml +++ b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml @@ -119,6 +119,18 @@ argument_specs: resource-stickiness: 1000 migration-threshold: 5000 + sap_ha_pacemaker_cluster_operation_defaults: + type: dict + default: + timeout: 600 + record-pending: true + description: + - Set default operation parameters that will be valid for all pacemaker resources. + example: + sap_ha_pacemaker_cluster_operation_defaults: + timeout: 600 + record-pending: true + sap_ha_pacemaker_cluster_host_type: type: list choices: @@ -274,7 +286,7 @@ argument_specs: sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout: type: int - default: 900 + default: 7200 description: - Parameter for the 'SAPHana' cluster resource. - Time difference needed between to primary time stamps, if a dual-primary situation occurs. @@ -295,32 +307,63 @@ argument_specs: - When set to "true" (default) a failover to secondary will be initiated on resource failure. sap_ha_pacemaker_cluster_hana_resource_name: - default: "SAPHana__" + default: "rsc_SAPHana__HDB" description: - Customize the cluster resource name of the SAP HANA DB resource. sap_ha_pacemaker_cluster_hana_resource_clone_name: - default: "SAPHana__-clone" + default: "cln_SAPHana__HDB" description: - Customize the cluster resource name of the SAP HANA DB resource clone. + sap_ha_pacemaker_cluster_hana_resource_clone_msl_name: + default: "msl_SAPHana__HDB" + description: + - Customize the cluster resource name of the SAP HANA DB resource master slave clone. + - Master Slave clone is specific to SAPHana resource on SUSE. + + sap_ha_pacemaker_cluster_hanacontroller_resource_name: + default: "rsc_SAPHanaCon__HDB" + description: + - Customize the cluster resource name of the SAP HANA Controller. + + sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name: + default: "cln_SAPHanaCon__HDB" + description: + - Customize the cluster resource name of the SAP HANA Controller clone. + sap_ha_pacemaker_cluster_hana_topology_resource_name: - default: "SAPHanaTopology__" + default: "rsc_SAPHanaTop__HDB" description: - Customize the cluster resource name of the SAP HANA Topology resource. sap_ha_pacemaker_cluster_hana_topology_resource_clone_name: - default: "SAPHanaTopology__-clone" + default: "cln_SAPHanaTop__HDB" description: - Customize the cluster resource name of the SAP HANA Topology resource clone. + sap_ha_pacemaker_cluster_hana_filesystem_resource_name: + default: "rsc_SAPHanaFil__HDB" + description: + - Customize the cluster resource name of the SAP HANA Filesystem. + + sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name: + default: "cln_SAPHanaFil__HDB" + description: + - Customize the cluster resource name of the SAP HANA Filesystem clone. + + sap_ha_pacemaker_cluster_hana_order_topology_hana_name: + default: "ord_saphana_saphanatop__HDB" + description: + - Customize the cluster constraint name for SAPHana and Topology order. + sap_ha_pacemaker_cluster_vip_hana_primary_ip_address: description: - The virtual IP of the primary HANA instance. - Mandatory parameter for HANA clusters. sap_ha_pacemaker_cluster_vip_hana_primary_resource_name: - default: "vip_" + default: "rsc_vip__HDB_primary" description: - Customize the name of the resource managing the Virtual IP of the primary HANA instance. @@ -330,16 +373,90 @@ argument_specs: - Optional parameter in HANA clusters. sap_ha_pacemaker_cluster_vip_secondary_resource_name: - default: "vip_" + default: "rsc_vip__HDB_readonly" description: - Customize the name of the resource managing the Virtual IP of read-only access to the secondary HANA instance. + sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name: + default: "ord_saphana_vip__HDB_primary" + description: + - Customize the cluster constraint name for VIP and SAPHana primary clone order. + + sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name: + default: "ord_saphana_vip__HDB_readonly" + description: + - Customize the cluster constraint name for VIP and SAPHana secondary clone order. + + sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name: + default: "col_saphana_vip__HDB_primary" + description: + - Customize the cluster constraint name for VIP and SAPHana primary clone colocation. + + sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name: + default: "col_saphana_vip__HDB_readonly" + description: + - Customize the cluster constraint name for VIP and SAPHana secondary clone colocation. + + sap_ha_pacemaker_cluster_hana_hooks: + type: list + default: [] + description: + - Customize required list of SAP HANA Hooks + - Mandatory to include SAPHanaSR srHook in list. + - Mandatory attributes are provider and path. + - Example below shows mandatory SAPHanaSR, TkOver and ChkSrv hooks. + + example: + sap_ha_pacemaker_cluster_hana_hooks: + - provider: SAPHanaSR + path: /usr/share/SAPHanaSR/ + options: + - name: execution_order + value: 1 + - provider: susTkOver + path: /usr/share/SAPHanaSR/ + options: + - name: execution_order + value: 2 + - provider: susChkSrv + path: /usr/share/SAPHanaSR/ + options: + - name: execution_order + value: 3 + - name: action_on_lost + value: stop + + sap_ha_pacemaker_cluster_hana_hook_tkover: + type: bool + default: false + description: + - Controls if TkOver srHook is enabled during srHook creation. + - It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined. + + sap_ha_pacemaker_cluster_hana_hook_chksrv: + type: bool + default: false + description: + - Controls if ChkSrv srHook is enabled during srHook creation. + - It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined. + + sap_ha_pacemaker_cluster_hana_global_ini_path: + default: "/usr/sap//SYS/global/hdb/custom/config/global.ini" + description: + - Path with location of global.ini for srHook update ########################################################################## # NetWeaver specific parameters ########################################################################## + sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount: + type: bool + default: true + description: + - Enables preferred method for ASCS ERS ENSA2 clusters - Simple Mount + - Set this parameter to 'true' to configure ENSA2 Simple Mount. + sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_ensa1: type: bool default: false @@ -435,7 +552,7 @@ argument_specs: - Mandatory for NetWeaver ASCS/ERS cluster setup. sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_name: - default: vip___ascs + default: rsc_vip__ASCS description: - Name of the SAPInstance resource for NetWeaver ASCS. @@ -445,7 +562,7 @@ argument_specs: - Mandatory for NetWeaver ASCS/ERS cluster setup. sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_name: - default: vip___ers + default: rsc_vip__ERS description: - Name of the SAPInstance resource for NetWeaver ERS. @@ -455,7 +572,7 @@ argument_specs: - Mandatory for NetWeaver PAS cluster setup. sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name: - default: vip___pas + default: rsc_vip__PAS description: - Name of the SAPInstance resource for NetWeaver PAS. @@ -465,34 +582,52 @@ argument_specs: - Mandatory for NetWeaver AAS cluster setup. sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name: - default: vip___aas + default: rsc_vip__AAS description: - Name of the SAPInstance resource for NetWeaver AAS. sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name: - default: Filesystem_NWAS_SAPMNT_ + default: rsc_fs__sapmnt description: - Filesystem resource name for the shared filesystem /sapmnt. - Optional, this is typically managed by the OS, but can as well be added to the cluster configuration. - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. + sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name: + default: cln_fs__sapmnt + description: + - Filesystem resource clone name for the shared filesystem /sapmnt. + - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. + sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name: - default: Filesystem_NWAS_TRANS_ + default: rsc_fs__trans description: - Filesystem resource name for the transports filesystem /usr/sap/trans. - Optional, this is typically managed by the OS, but can as well be added to the cluster configuration. - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. + sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_clone_name: + default: cln_fs__trans + description: + - Filesystem resource clone name for the shared filesystem /usr/sap/trans. + - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. + sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name: - default: Filesystem_NWAS_SYS_ + default: rsc_fs__sys description: - Filesystem resource name for the transports filesystem /usr/sap//SYS. - Optional, this is typically managed by the OS, but can as well be added to the cluster configuration. - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. + sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name: + default: cln_fs__sys + description: + - Filesystem resource clone name for the shared filesystem /usr/sap//SYS. + - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. + sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed: type: bool default: false @@ -500,16 +635,6 @@ argument_specs: - Change this parameter to 'true' if the 3 shared filesystems `/usr/sap/trans`, `/usr/sap//SYS` and '/sapmnt' shall be configured as cloned cluster resources. - sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name: - default: _ASCS_group - description: - - Name of the NetWeaver ASCS resource group. - - sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name: - default: _ERS_group - description: - - Name of the NetWeaver ERS resource group. - ########################################################################## # NetWeaver ASCS specific parameters ########################################################################## @@ -518,6 +643,7 @@ argument_specs: description: - The name of the ASCS instance, typically the profile name. - Mandatory for the NetWeaver ASCS/ERS cluster setup + - Recommended format _ASCS_. sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_start_profile_string: description: @@ -525,15 +651,35 @@ argument_specs: - Mandatory for the NetWeaver ASCS/ERS cluster setup. sap_ha_pacemaker_cluster_nwas_abap_ascs_filesystem_resource_name: - default: Filesystem_NWAS_ABAP_ASCS__ + default: rsc_fs__ASCS description: - Name of the filesystem resource for the ASCS instance. sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name: - default: SAPInstance_NWAS_ABAP_ASCS__ + default: rsc_SAPInstance__ASCS description: - Name of the ASCS instance resource. + sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name: + default: rsc_SAPStartSrv__ASCS + description: + - Name of the ASCS SAPStartSrv resource for simple mount. + + sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name: + default: grp__ASCS + description: + - Name of the NetWeaver ASCS resource group. + + sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name: + default: "col_ascs_separate_" + description: + - Customize the cluster constraint name for ASCS and ERS separation colocation. + + sap_ha_pacemaker_cluster_nwas_order_ascs_first_name: + default: "ord_ascs_first_" + description: + - Customize the cluster constraint name for ASCS starting before ERS order. + sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_automatic_recover_bool: type: bool default: false @@ -574,6 +720,7 @@ argument_specs: description: - The name of the ERS instance, typically the profile name. - Mandatory for the NetWeaver ASCS/ERS cluster setup. + - Recommended format _ERS_. sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_start_profile_string: description: @@ -587,15 +734,24 @@ argument_specs: - NetWeaver ERS instance resource option "AUTOMATIC_RECOVER". sap_ha_pacemaker_cluster_nwas_abap_ers_filesystem_resource_name: - default: Filesystem_NWAS_ABAP_ERS__ + default: rsc_fs__ERS description: - Name of the filesystem resource for the ERS instance. sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name: - default: SAPInstance_NWAS_ABAP_ERS__ + default: rsc_SAPInstance__ERS description: - Name of the ERS instance resource. + sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name: + default: rsc_SAPStartSrv__ERS + description: + - Name of the ERS SAPstartSrv resource for simple mount. + + sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name: + default: grp__ERS + description: + - Name of the NetWeaver ERS resource group. ########################################################################## # PAS specific parameters diff --git a/roles/sap_ha_pacemaker_cluster/tasks/RedHat/post_steps_hana_scaleup.yml b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/post_steps_hana_scaleup.yml new file mode 100644 index 000000000..fc15cb42b --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/post_steps_hana_scaleup.yml @@ -0,0 +1,35 @@ +--- +# Starting SAPHana clone immediately after cluster configuration can lead to +# HANA shutdown. Following steps will leave enough time for resource agents +# to load HANA configuration before disabling maintenance. +# +# TODO: +# Add RedHat specific steps to mitigate issues with abrupt start of cluster. + +- name: "SAP HA Install Pacemaker - SAPHana pcs resource cleanup" + ansible.builtin.command: + cmd: pcs resource cleanup {{ sap_ha_pacemaker_cluster_hana_resource_name + if not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hanacontroller_resource_name }} + changed_when: true + +- name: "SAP HA Install Pacemaker - SAPHana clone pcs resource refresh" + ansible.builtin.command: + cmd: pcs resource refresh {{ sap_ha_pacemaker_cluster_hana_resource_clone_name + if not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name }} + changed_when: true + +# Sleep 30 is added to leave enough time for agents to load data from HANA. +# TODO: Add detection for Idle HANA, to ensure that Resource Agents loaded data. +- name: "SAP HA Install Pacemaker - Sleep wait for SAP HANA to become idle" + ansible.builtin.command: + cmd: sleep 30 + changed_when: false + +- name: "SAP HA Install Pacemaker - SAPHana clone pcs resource meta maintenance=false" + ansible.builtin.command: + cmd: pcs resource meta {{ sap_ha_pacemaker_cluster_hana_resource_clone_name + if not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name }} maintenance=false + changed_when: true diff --git a/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_hana.yml new file mode 100644 index 000000000..c912295a5 --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_hana.yml @@ -0,0 +1,6 @@ +--- +# Identify if SAPHanaSR-angi package is available for installation. +# SAPHanaSR-angi replaces SAPHanaSR and SAPHanaSR-ScaleOut. + +# TODO: +# Add RedHat specific steps to identify SAPHanaSR-angi package. diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_hana_scaleup.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_hana_scaleup.yml new file mode 100644 index 000000000..9b04b12ec --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_hana_scaleup.yml @@ -0,0 +1,32 @@ +--- +# Starting SAPHana clone immediately after cluster configuration can lead to HANA shutdown. +# Following steps will leave enough time for resource agents to load HANA configuration +# before disabling maintenance. +# +# Steps are SUSE specific and they use crmsh. + +- name: "SAP HA Install Pacemaker - SAPHana crm resource cleanup" + ansible.builtin.command: + cmd: crm resource cleanup {{ sap_ha_pacemaker_cluster_hana_resource_name + if not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hanacontroller_resource_name }} + changed_when: true + +- name: "SAP HA Install Pacemaker - SAPHana clone crm resource refresh" + ansible.builtin.command: + cmd: crm resource refresh {{ sap_ha_pacemaker_cluster_hana_resource_clone_name + if not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name }} + changed_when: true + +- name: "SAP HA Install Pacemaker - Wait for SAP HANA to become idle" + ansible.builtin.command: + cmd: cs_wait_for_idle -s 5 + changed_when: true + +- name: "SAP HA Install Pacemaker - SAPHana crm resource maintenance off" + ansible.builtin.command: + cmd: crm resource maintenance {{ sap_ha_pacemaker_cluster_hana_resource_clone_name + if not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name }} off + changed_when: true diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml new file mode 100644 index 000000000..1ef42ec61 --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml @@ -0,0 +1,106 @@ +--- +# Recent crmsh changes have added default behavior, where all default metadata +# op parameters are added and it cannot be controlled. Not adding them during +# creation, will forcefully add them regardless. + +# Following steps are similar to crmsh code in ha_cluster role, but they are +# too SAP specific, so they are added here instead of there. + +# Python3-pip and pexpect are required for ansible.builtin.expect +# Python installation was removed from sap_swpm role in PR#720 +- name: "SAP HA Install Pacemaker - Install required python3-pip" + ansible.builtin.package: + name: + - python3-pip + state: present + +- name: "SAP HA Install Pacemaker - Install required pip pexpect" + ansible.builtin.pip: + name: + - pexpect + +- name: Block to ensure that changes are executed only once + run_once: true # noqa: run_once[task] + block: + + - name: "SAP HA Install Pacemaker - Create file for CIB backup" + ansible.builtin.tempfile: + state: file + suffix: _sap_ha_pacemaker_cluster_cib_xml_backup + register: __sap_ha_pacemaker_cluster_cib_xml_backup + + - name: "SAP HA Install Pacemaker - Put cluster in maintenance mode" + ansible.builtin.expect: + command: crm configure property maintenance-mode=true + responses: + ".*is-managed.*": "n" + ".*already.*": "n" + check_mode: false + changed_when: true + + - name: "SAP HA Install Pacemaker - Verify that maintenance-mode is true" + ansible.builtin.command: + cmd: crm status + register: __sap_ha_pacemaker_cluster_crm_status_maint + retries: 10 + delay: 5 + until: + '"Resource management is DISABLED" in __sap_ha_pacemaker_cluster_crm_status_maint.stdout' + check_mode: false + changed_when: false + run_once: true # noqa: run_once[task] + + # # Workaround situation when ASCS and ERS mounts are not present on both nodes. + # - name: "SAP HA Install Pacemaker - SAPStartSrv crm resource cleanup" + # ansible.builtin.command: + # cmd: crm resource cleanup {{ item }} + # loop: + # - "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name }}" + # - "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name }}" + # when: sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + # changed_when: true + + - name: "SAP HA Install Pacemaker - Fetch CIB configuration" + ansible.builtin.command: + cmd: cibadmin --query + register: __sap_ha_pacemaker_cluster_cib_query + check_mode: false + changed_when: false + + - name: "SAP HA Install Pacemaker - Save CIB configuration" + ansible.builtin.copy: + content: "{{ __sap_ha_pacemaker_cluster_cib_query.stdout }}" + dest: "{{ __sap_ha_pacemaker_cluster_cib_xml_backup.path }}" + owner: root + group: root + mode: '0600' + check_mode: false + + # SAPStartSrv - Remove monitor, start, stop operations from SAPStartSrv + # These operations are not supported and not recommended. + # TODO: Limit deletion in future, when more supported is added in Resource Agent + - name: "SAP HA Install Pacemaker - Remove operations for SAPStartSrv" + ansible.builtin.command: + cmd: cibadmin -d --force --xpath "//primitive[@type='SAPStartSrv']//operations" + when: sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + changed_when: true + + # SAPInstance - Remove default operations: promote, demote, start, stop + - name: "SAP HA Install Pacemaker - Remove operations for SAPInstance" + ansible.builtin.command: + cmd: cibadmin -d --force --xpath "//primitive[@type='SAPInstance']//op[{{ item }}]" + loop: + - "@name='promote' and @interval='0s'" + - "@name='demote' and @interval='0s'" + - "@name='start' and @interval='0s'" + - "@name='stop' and @interval='0s'" + changed_when: true + + - name: "SAP HA Install Pacemaker - Disable maintenance mode" + ansible.builtin.expect: + command: crm configure property maintenance-mode=false + responses: + ".*is-managed.*": "n" + ".*already.*": "n" + check_mode: false + changed_when: true diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml new file mode 100644 index 000000000..4a1697668 --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml @@ -0,0 +1,44 @@ +--- +# Identify if SAPHanaSR-angi package is available for installation. +# SAPHanaSR-angi replaces SAPHanaSR and SAPHanaSR-ScaleOut. + +# This is destructive step if executed on running cluster +# without proper migration from SAPHanaSR to SAPHanaSR-angi! + +# Requirement for package_facts Ansible Module +- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python + ansible.builtin.package: + name: python3-rpm + state: present + when: ansible_os_family == "Suse" + +- name: "SAP HA Prepare Pacemaker - Gather installed packages facts" + ansible.builtin.package_facts: + manager: auto + +- name: "SAP HA Prepare Pacemaker - Search for SAPHanaSR-angi" + ansible.builtin.command: + cmd: zypper se SAPHanaSR-angi + changed_when: false + register: __sap_ha_pacemaker_cluster_zypper_angi_check + failed_when: false + +# package can be replaced with "rpm -e --nodeps {{ item }}" +- name: "SAP HA Prepare Pacemaker - Remove SAPHanaSR and SAPHanaSR-doc" + ansible.builtin.package: + name: "{{ item }}" + state: absent + loop: + - SAPHanaSR + - SAPHanaSR-doc + when: + - __sap_ha_pacemaker_cluster_zypper_angi_check is defined + - __sap_ha_pacemaker_cluster_zypper_angi_check.rc == 0 + - "'SAPHanaSR' in ansible_facts.packages" + +- name: "SAP HA Prepare Pacemaker - Set fact angi_available" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_saphanasr_angi_available: true + when: + - __sap_ha_pacemaker_cluster_zypper_angi_check is defined + - __sap_ha_pacemaker_cluster_zypper_angi_check.rc == 0 diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml index a65fc28fb..de55f3943 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml @@ -9,6 +9,10 @@ backup: true regexp: 'Restart_Program_01' replace: 'Start_Program_01' + # Throttle and retry loop was added to combat NFS write lockups on Azure NFS + throttle: 1 + retries: 30 + delay: 10 - name: "SAP HA Pacemaker - (ERS profile) Prevent automatic restart" ansible.builtin.replace: @@ -16,6 +20,10 @@ backup: true regexp: 'Restart_Program_00' replace: 'Start_Program_00' + # Throttle and retry loop was added to combat NFS write lockups on Azure NFS + throttle: 1 + retries: 30 + delay: 10 # Comment out lines in /usr/sap/sapservices, which # - contain the target instance profile names @@ -108,7 +116,8 @@ - sap_ha_pacemaker_cluster_enable_cluster_connector block: - - name: "SAP HA Pacemaker - (SAP HA Interface) Add {{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm user to 'haclient' group" + - name: "SAP HA Pacemaker - (SAP HA Interface) Add {{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm + user to 'haclient' group" # noqa name[template] ansible.builtin.user: name: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" groups: haclient @@ -127,13 +136,18 @@ loop_control: loop_var: nwas_profile_item label: "{{ nwas_profile_item.0 }} -> {{ nwas_profile_item.1 }}" + # Throttle and retry loop was added to combat NFS write lockups on Azure NFS + throttle: 1 + retries: 30 + delay: 10 + # Sleep added to resolve issue with WaitforStarted finishing before resources are available. - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for ASCS to be up and running" become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_where_ascs ansible.builtin.shell: | - /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function WaitforStarted 600 15 + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function WaitforStarted 600 30 changed_when: false failed_when: false @@ -142,10 +156,12 @@ become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_where_ers ansible.builtin.shell: | - /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function WaitforStarted 600 15 + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function WaitforStarted 600 30 changed_when: false failed_when: false + # NOTE: RestartService can cause fencing lockup and hang forever, + # it might be good to remove them in future and leave reload to "ASCS ERS restart" block. - name: "SAP HA Pacemaker - (SAP HA Interface) Restart the ASCS service" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 @@ -166,46 +182,185 @@ /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function RestartService changed_when: __sap_ha_pacemaker_cluster_register_restart_ers.rc == 0 - - name: "SAP HA Pacemaker - (SAP HA Interface) Pause after service restart" + + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HAGetFailoverConfig for ASCS" + when: + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config + ansible.builtin.shell: | + sleep 10 + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HAGetFailoverConfig + changed_when: false + + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HAGetFailoverConfig for ERS" + when: + - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_ers_ha_failover_config + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function HAGetFailoverConfig + changed_when: false + + - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results" + when: + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + - __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout_lines is defined + ansible.builtin.debug: + msg: | + {{ __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout_lines }} + + + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HACheckConfig for ASCS" + when: + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_ascs_ha_check_config + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HACheckConfig + changed_when: false + failed_when: false + + - name: "SAP HA Pacemaker - (SAP HA Interface) Display HACheckConfig results" when: - - __sap_ha_pacemaker_cluster_register_restart_ascs.changed - or __sap_ha_pacemaker_cluster_register_restart_ers.changed - ansible.builtin.pause: - seconds: 10 + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + - __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout_lines is defined + ansible.builtin.debug: + msg: | + {{ __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout_lines }} + - - name: "SAP HA Pacemaker - (SAP HA Interface) Run HA check for ASCS" + # Block to restart cluster resources if RestartService is not enough. + # This is required for SUSE, where SAP needs full restart to load HAlib. + - name: "SAP HA Pacemaker - (SAP HA Interface) Block for ASCS ERS restart" + when: + - "(__sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout is defined + and 'FALSE' in __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout) + or (__sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout is defined + and 'FALSE' in __sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout) + or (__sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout is defined + and 'ERROR' in __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout)" + block: + - name: "SAP HA Pacemaker - (SAP HA Interface) Restart ASCS ERS resources" + ansible.builtin.shell: | + {{ __sap_ha_pacemaker_cluster_command.resource_restart }} {{ restart_item }} + vars: + __rsc_ascs: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name + if sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + else sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name }}" + __rsc_ers: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name + if sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + else sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name }}" + loop: + - "{{ __rsc_ascs }}" + - "{{ __rsc_ers }}" + loop_control: + loop_var: restart_item + when: + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + changed_when: true + + - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for ASCS to be up and running" + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_where_ascs_restart + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function WaitforStarted 600 30 + changed_when: false + failed_when: false + + - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for ERS to be up and running" + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_where_ers_restart + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function WaitforStarted 600 30 + changed_when: false + failed_when: false + + + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HACheckConfig for ASCS" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" - register: __sap_ha_pacemaker_cluster_register_ascs_ha + register: __sap_ha_pacemaker_cluster_register_ascs_ha_check_config ansible.builtin.shell: | + sleep 30 /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HACheckConfig changed_when: false + failed_when: + - "'ERROR' in __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout" - - name: "SAP HA Pacemaker - (SAP HA Interface) Run HA check for ERS" + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HACheckConfig for ERS" when: - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" - register: __sap_ha_pacemaker_cluster_register_ers_ha + register: __sap_ha_pacemaker_cluster_register_ers_ha_check_config ansible.builtin.shell: | /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function HACheckConfig changed_when: false + failed_when: + - "'ERROR' in __sap_ha_pacemaker_cluster_register_ers_ha_check_config.stdout" + + + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HAGetFailoverConfig for ASCS" + when: + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HAGetFailoverConfig + changed_when: false + # failed_when: + # - __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout is defined + # and 'FALSE' in __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout - - name: "SAP HA Pacemaker - (SAP HA Interface) Display HA check results for ASCS" + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HAGetFailoverConfig for ERS" + when: + - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_ers_ha_failover_config + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function HAGetFailoverConfig + changed_when: false + # failed_when: + # - __sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout is defined + # and 'FALSE' in __sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout + + + # HAGetFailoverConfig is not consistent and it can show FALSE on one of nodes + - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results on ASCS" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + - __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout_lines is defined ansible.builtin.debug: msg: | - {{ __sap_ha_pacemaker_cluster_register_ascs_ha.stdout }} + {{ __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout_lines }} - - name: "SAP HA Pacemaker - (SAP HA Interface) Display HA check results for ERS" + # HAGetFailoverConfig is not consistent and it can show FALSE on one of nodes + - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results on ERS" when: - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 + - __sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout_lines is defined + ansible.builtin.debug: + msg: | + {{ __sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout_lines }} + + # HACheckConfig shows same statues on both nodes, therefore only ASCS is shown + - name: "SAP HA Pacemaker - (SAP HA Interface) Display HACheckConfig results" + when: + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + - __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout_lines is defined ansible.builtin.debug: msg: | - {{ __sap_ha_pacemaker_cluster_register_ers_ha.stdout }} + {{ __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout_lines }} # TODO: verification checks that the instances are running and HA Interface is enabled diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml index 1abcd3293..fdc4610b3 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml @@ -1,47 +1,88 @@ --- -- name: "SAP HA Pacemaker srHook - Create srHook shared directory" - ansible.builtin.file: - path: "{{ sap_ha_pacemaker_cluster_hadr_provider_path }}" - state: directory - mode: "0755" - owner: "{{ sap_ha_pacemaker_cluster_hana_sid | lower }}adm" - group: sapsys - -- name: "SAP HA Pacemaker srHook - Copy srHook to shared directory" - ansible.builtin.copy: - remote_src: true - src: /usr/share/SAPHanaSR/srHook/SAPHanaSR.py - dest: "{{ sap_ha_pacemaker_cluster_hadr_provider_path }}/{{ sap_ha_pacemaker_cluster_hadr_provider_name }}.py" - mode: "0755" - owner: "{{ sap_ha_pacemaker_cluster_hana_sid | lower }}adm" - group: sapsys - # Do not run in check mode because the path is created in the previous step - when: not ansible_check_mode - -- name: "SAP HA Pacemaker srHook - Check global.ini for 'ha_dr_saphanasr'" - ansible.builtin.shell: | - grep ha_dr_saphanasr /usr/sap/{{ sap_ha_pacemaker_cluster_hana_sid | upper }}/SYS/global/hdb/custom/config/global.ini - register: __sap_ha_pacemaker_cluster_srhook_trace_global - failed_when: false - # This command should always run, even in check mode. - # It never does a change, but the return code is required for the next task. - check_mode: false +- name: "SAP HA Pacemaker srHook - Check presence of global.ini" + ansible.builtin.stat: + path: "{{ sap_ha_pacemaker_cluster_hana_global_ini_path }}" + register: __sap_ha_pacemaker_cluster_global_ini + failed_when: not __sap_ha_pacemaker_cluster_global_ini.stat.exists + +- name: "SAP HA Pacemaker srHook - Get contents of global.ini" + ansible.builtin.command: + cmd: cat "{{ sap_ha_pacemaker_cluster_hana_global_ini_path }}" + register: __sap_ha_pacemaker_cluster_global_ini_contents changed_when: false -- name: "SAP HA Pacemaker srHook - Update srHook in global.ini" +# Following tasks will prepare srhook list if user input is detected +- name: "SAP HA Pacemaker srHook - Block for user provided hooks" + when: + - sap_ha_pacemaker_cluster_hana_hooks is defined + - sap_ha_pacemaker_cluster_hana_hooks | length > 0 + block: + - name: "SAP HA Pacemaker srHook - Use user provided hooks" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_hana_hooks: + "{{ sap_ha_pacemaker_cluster_hana_hooks }}" + __sap_ha_pacemaker_cluster_hana_hook_tkover: false + __sap_ha_pacemaker_cluster_hana_hook_chksrv: false + + # tkover and chksrv variables are updated if their providers are detected + - name: "SAP HA Pacemaker srHook - Set tkover true if present" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_hana_hook_tkover: true + when: + - sap_ha_pacemaker_cluster_hana_hooks | selectattr( + 'provider', 'search', 'tkover', 'i') | list | length > 0 + + - name: "SAP HA Pacemaker srHook - Set chksrv true if present" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_hana_hook_chksrv: true + when: + - sap_ha_pacemaker_cluster_hana_hooks | selectattr( + 'provider', 'search', 'chksrv', 'i') | list | length > 0 + +- name: "SAP HA Pacemaker srHook - Update srHook providers in global.ini" ansible.builtin.blockinfile: - path: /usr/sap/{{ sap_ha_pacemaker_cluster_hana_sid | upper }}/SYS/global/hdb/custom/config/global.ini + path: "{{ sap_ha_pacemaker_cluster_hana_global_ini_path }}" marker: "" block: | - [ha_dr_provider_{{ sap_ha_pacemaker_cluster_hadr_provider_name }}] - provider = {{ sap_ha_pacemaker_cluster_hadr_provider_name }} - path = {{ sap_ha_pacemaker_cluster_hadr_provider_path }} - execution_order = 1 + [ha_dr_provider_{{ srhook_item.provider }}] + provider = {{ srhook_item.provider }} + path = {{ srhook_item.path }} + {% for option in srhook_item.options | d([]) -%} + {{ option.name }} = {{ option.value }} + {% endfor %} + loop: "{{ __sap_ha_pacemaker_cluster_hana_hooks }}" + loop_control: + loop_var: srhook_item + label: "{{ srhook_item.provider }}" + when: "('[ha_dr_provider_' + srhook_item.provider + ']') | lower + not in __sap_ha_pacemaker_cluster_global_ini_contents.stdout | lower" +# Separate task to create [trace] block so hooks can be appended to it +- name: "SAP HA Pacemaker srHook - Add [trace] block in global.ini" + ansible.builtin.blockinfile: + path: "{{ sap_ha_pacemaker_cluster_hana_global_ini_path }}" + marker: "" + block: | [trace] - ha_dr_saphanasr = info - when: __sap_ha_pacemaker_cluster_srhook_trace_global.rc == 1 + when: + - "'[trace]' not in __sap_ha_pacemaker_cluster_global_ini_contents.stdout" + +# Append hooks to [trace] block if they are not present already +- name: "SAP HA Pacemaker srHook - Update srHooks trace in global.ini" + ansible.builtin.lineinfile: + path: "{{ sap_ha_pacemaker_cluster_hana_global_ini_path }}" + insertafter: "^\\[trace\\]" + line: "ha_dr_{{ srhook_item.provider }} = info" + loop: "{{ __sap_ha_pacemaker_cluster_hana_hooks }}" + loop_control: + loop_var: srhook_item + label: "{{ srhook_item.provider }}" + when: + - "('ha_dr_' + srhook_item.provider + ' = info') | lower + not in __sap_ha_pacemaker_cluster_global_ini_contents.stdout | lower" +# jinja2 template contains logic to add extra entries if: +# TkOver hook is present or SAPHanaSR-angi is used. - name: "SAP HA Pacemaker srHook - Add srHook sudo entries" ansible.builtin.template: backup: true diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml index bfb24a925..2fc57e61e 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml @@ -43,6 +43,16 @@ ansible.builtin.set_fact: ha_cluster_cluster_properties: "{{ __sap_ha_pacemaker_cluster_cluster_properties }}" +- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_defaults'" + when: __sap_ha_pacemaker_cluster_resource_defaults is defined + ansible.builtin.set_fact: + ha_cluster_resource_defaults: "{{ __sap_ha_pacemaker_cluster_resource_defaults }}" + +- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_operation_defaults'" + when: __sap_ha_pacemaker_cluster_resource_operation_defaults is defined + ansible.builtin.set_fact: + ha_cluster_resource_operation_defaults: "{{ __sap_ha_pacemaker_cluster_resource_operation_defaults }}" + - name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_constraints_colocation'" when: __sap_ha_pacemaker_cluster_constraints_colocation is defined ansible.builtin.set_fact: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml index cfc6f757c..f83af514a 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml @@ -2,158 +2,70 @@ # Variables containing variables must be constructed with values # to be fed into the included ha_cluster role -# - put here all scale-up and scale-out common resources -# - certain differences like ra agent names are provided through -# type specific variables - # TODO: add conditionals to verify that the same resource agent is not already # defined in user input variables. Conflicting user input should take precedence. +# Prepare default resource defaults - name: "SAP HA Prepare Pacemaker - Define resource defaults for HANA clusters" when: - sap_ha_pacemaker_cluster_resource_defaults is not defined or sap_ha_pacemaker_cluster_resource_defaults | length == 0 ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_resource_defaults: + sap_ha_pacemaker_cluster_resource_defaults: resource-stickiness: 1000 migration-threshold: 5000 -- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA Topology" +# Convert dictionary into ha_cluster format. +- name: "SAP HA Prepare Pacemaker - prepare resource defaults for ha_cluster" ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana_topology] }}" + __sap_ha_pacemaker_cluster_resource_defaults: "{{ __resource_defaults }}" vars: - __resource_hana_topology: - id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" - agent: "ocf:heartbeat:SAPHanaTopology" - instance_attrs: - - attrs: - - name: SID - value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" - - name: InstanceNumber - value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" - operations: - - action: start - attrs: - - name: timeout - value: 600 - - action: stop - attrs: - - name: timeout - value: 600 - - action: monitor - attrs: - - name: interval - value: 10 - - name: timeout - value: 600 - when: - - __resource_hana_topology.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) + __resource_defaults: + meta_attrs: + - attrs: |- + {% set attrs = __sap_ha_pacemaker_cluster_resource_defaults.meta_attrs | map(attribute='attrs') | flatten -%} + {%- for resource_default in (sap_ha_pacemaker_cluster_resource_defaults | dict2items) -%} + {% if resource_default.key not in + (__sap_ha_pacemaker_cluster_resource_defaults.meta_attrs | map(attribute='attrs') | flatten | map(attribute='name')) -%} + {% set role_attrs = attrs.extend([ + { + 'name': resource_default.key, + 'value': resource_default.value + } + ]) -%} + {%- endif %} + {%- endfor %} + {{ attrs }} -- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA DB" - ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana] }}" - vars: - __resource_hana: - id: "{{ sap_ha_pacemaker_cluster_hana_resource_name }}" - agent: "ocf:heartbeat:{{ sap_ha_pacemaker_cluster_ra_hana }}" - instance_attrs: - - attrs: - - name: SID - value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" - - name: InstanceNumber - value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" - - name: AUTOMATED_REGISTER - value: "{{ sap_ha_pacemaker_cluster_hana_automated_register | string }}" - - name: DUPLICATE_PRIMARY_TIMEOUT - value: "{{ sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout | string }}" - - name: PREFER_SITE_TAKEOVER - value: "{{ sap_ha_pacemaker_cluster_hana_prefer_site_takeover | string }}" - operations: - - action: start - attrs: - - name: timeout - value: 3600 - - action: stop - attrs: - - name: timeout - value: 3600 - - action: monitor - attrs: - - name: interval - value: 61 - - name: role - value: Slave - - name: timeout - value: 700 - - action: monitor - attrs: - - name: interval - value: 59 - - name: role - value: Master - - name: timeout - value: 700 - - action: promote - attrs: - - name: timeout - value: 3600 - - action: demote - attrs: - - name: timeout - value: 3600 - when: - - __resource_hana.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) -- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA Topology" - ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana_topology] }}" - vars: - __clone_hana_topology: - resource_id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" - meta_attrs: - - attrs: - - name: clone-max - value: 2 - - name: clone-node-max - value: 1 - - name: interleave - value: "true" +# Prepare default resource operation defaults +- name: "SAP HA Prepare Pacemaker - Define operation defaults for HANA clusters" when: - - __clone_hana_topology.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) - -- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA DB" + - sap_ha_pacemaker_cluster_operation_defaults is not defined + or sap_ha_pacemaker_cluster_operation_defaults | length == 0 ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana] }}" - vars: - __clone_hana: - resource_id: "{{ sap_ha_pacemaker_cluster_hana_resource_name }}" - meta_attrs: - - attrs: - - name: clone-max - value: 2 - - name: clone-node-max - value: 1 - - name: interleave - value: "true" - - name: promotable - value: "true" - when: - - __clone_hana.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + sap_ha_pacemaker_cluster_operation_defaults: + timeout: 600 + record-pending: true -# First start Topology, then HANA (automatically stops in reverse order) -- name: "SAP HA Prepare Pacemaker - Add order constraint: Topology starts before DB" +# Convert dictionary into ha_cluster format. +- name: "SAP HA Prepare Pacemaker - prepare operation defaults for ha_cluster" ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_hana_topology] }}" + __sap_ha_pacemaker_cluster_resource_operation_defaults: "{{ __operation_defaults }}" vars: - __constraint_order_hana_topology: - resource_first: - id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name }}" - action: start - resource_then: - id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name }}" - action: start - options: - - name: symmetrical - value: "false" - when: - - __constraint_order_hana_topology.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then')) + __operation_defaults: + meta_attrs: + - attrs: |- + {% set attrs = __sap_ha_pacemaker_cluster_resource_operation_defaults.meta_attrs | map(attribute='attrs') | flatten -%} + {%- for operation_default in (sap_ha_pacemaker_cluster_operation_defaults | dict2items) -%} + {% if operation_default.key not in + (__sap_ha_pacemaker_cluster_resource_operation_defaults.meta_attrs | map(attribute='attrs') | flatten | map(attribute='name')) -%} + {% set role_attrs = attrs.extend([ + { + 'name': operation_default.key, + 'value': operation_default.value + } + ]) -%} + {%- endif %} + {%- endfor %} + {{ attrs }} diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup.yml index b9215eb1f..3a004d36b 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup.yml @@ -1,13 +1,184 @@ --- -# Variables containing variables must be constructed with values -# to be fed into an included role - -# TODO: add here any scale-up special variable constructions -# Make sure to first respect 'ha_cluster' native variables - -# - name: "SAP HA Prepare Pacemaker - Construct cluster vars for SAP HANA Scale-up" -# ansible.builtin.set_fact: -# -- name: "SAP HA Prepare Pacemaker - Info" - ansible.builtin.debug: - msg: "INFO: There is currently no Scale-up specific construction, in addition to the SAP HANA common definitions." +- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA Topology" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana_topology] }}" + vars: + __resource_hana_topology: + id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.saphanatopology }}" + instance_attrs: + - attrs: + - name: SID + value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" + - name: InstanceNumber + value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" + operations: + - action: start + attrs: + - name: timeout + value: 600 + - action: stop + attrs: + - name: timeout + value: 600 + - action: monitor + attrs: + - name: interval + value: 10 + - name: timeout + value: 600 + when: + - __resource_hana_topology.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) + + +- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA DB" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana] }}" + vars: + __resource_hana: + id: "{{ sap_ha_pacemaker_cluster_hana_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.saphana }}" + instance_attrs: + - attrs: + - name: SID + value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" + - name: InstanceNumber + value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" + - name: AUTOMATED_REGISTER + value: "{{ sap_ha_pacemaker_cluster_hana_automated_register | string }}" + - name: DUPLICATE_PRIMARY_TIMEOUT + value: "{{ sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout | string }}" + - name: PREFER_SITE_TAKEOVER + value: "{{ sap_ha_pacemaker_cluster_hana_prefer_site_takeover | string }}" + operations: + - action: start + attrs: + - name: timeout + value: 3600 + - action: stop + attrs: + - name: timeout + value: 3600 + - action: monitor + attrs: + - name: interval + value: 61 + - name: role + value: Slave + - name: timeout + value: 700 + - action: monitor + attrs: + # SUSE recommended monitor interval is 60 + - name: interval + value: "{{ 60 if ansible_os_family == 'Suse' else 59 }}" + - name: role + value: Master + - name: timeout + value: 700 + - action: promote + attrs: + - name: timeout + value: 900 + - action: demote + attrs: + - name: timeout + value: 320 + meta_attrs: + - attrs: + - name: priority + value: 100 + when: + - __resource_hana.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) + + +- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA Topology" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana_topology] }}" + vars: + __clone_hana_topology: + id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name }}" + resource_id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" + meta_attrs: + - attrs: + - name: clone-max + value: 2 + - name: clone-node-max + value: 1 + - name: interleave + value: "true" + when: + - __clone_hana_topology.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + + +- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA DB" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_clones: + "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana] }}" + vars: + __clone_hana: + id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name }}" + resource_id: "{{ sap_ha_pacemaker_cluster_hana_resource_name }}" + meta_attrs: + - attrs: + - name: clone-max + value: 2 + - name: clone-node-max + value: 1 + - name: interleave + value: "true" + - name: promotable + value: "true" + # Maintenance attribute is required for correct cluster startup. + - name: maintenance + value: "true" + when: + - __clone_hana.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + - ansible_os_family != 'Suse' + +- name: "SAP HA Prepare Pacemaker - Add master slave resource clone: SAP HANA DB" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_clones: + "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana] }}" + vars: + __clone_hana: + id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_msl_name }}" + resource_id: "{{ sap_ha_pacemaker_cluster_hana_resource_name }}" + meta_attrs: + - attrs: + - name: clone-max + value: 2 + - name: clone-node-max + value: 1 + - name: interleave + value: "true" + # Maintenance attribute is required for correct cluster startup. + - name: maintenance + value: "true" + # ms attribute is used to create ms resource instead of clone. + ms: true + when: + - __clone_hana.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + - ansible_os_family == 'Suse' + +# First start Topology, then HANA (automatically stops in reverse order) +- name: "SAP HA Prepare Pacemaker - Add order constraint: Topology starts before DB" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_constraints_order: + "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_hana_topology] }}" + vars: + __constraint_order_hana_topology: + id: "{{ sap_ha_pacemaker_cluster_hana_order_topology_hana_name }}" + resource_first: + id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name }}" + action: start + resource_then: + # SUSE SAPHanaSR is using Master Slave clone using Master/Slave roles + id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name + if ansible_os_family != 'Suse' else sap_ha_pacemaker_cluster_hana_resource_clone_msl_name }}" + action: start + options: + - name: symmetrical + value: "false" + when: + - __constraint_order_hana_topology.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then')) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup_angi.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup_angi.yml new file mode 100644 index 000000000..c3dd1c54d --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup_angi.yml @@ -0,0 +1,208 @@ +--- +- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA Topology" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana_topology] }}" + vars: + __resource_hana_topology: + id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.saphanatopology }}" + instance_attrs: + - attrs: + - name: SID + value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" + - name: InstanceNumber + value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" + operations: + - action: start + attrs: + - name: timeout + value: 600 + - action: stop + attrs: + - name: timeout + value: 600 + - action: monitor + attrs: + - name: interval + value: 50 + - name: timeout + value: 600 + when: + - __resource_hana_topology.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) + + +- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA DB" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana] }}" + vars: + __resource_hana: + id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.saphanacontroller }}" + instance_attrs: + - attrs: + - name: SID + value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" + - name: InstanceNumber + value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" + - name: AUTOMATED_REGISTER + value: "{{ sap_ha_pacemaker_cluster_hana_automated_register | string }}" + - name: DUPLICATE_PRIMARY_TIMEOUT + value: "{{ sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout | string }}" + - name: PREFER_SITE_TAKEOVER + value: "{{ sap_ha_pacemaker_cluster_hana_prefer_site_takeover | string }}" + operations: + - action: start + attrs: + - name: timeout + value: 3600 + - action: stop + attrs: + - name: timeout + value: 3600 + - action: monitor + attrs: + - name: interval + value: 61 + - name: role + value: Unpromoted + - name: timeout + value: 700 + - action: monitor + attrs: + - name: interval + value: 60 + - name: role + value: Promoted + - name: timeout + value: 700 + - action: promote + attrs: + - name: timeout + value: 700 + - action: demote + attrs: + - name: timeout + value: 320 + meta_attrs: + - attrs: + - name: priority + value: 100 + when: + - __resource_hana.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) + + +- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA Filesystem" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana_filesystem] }}" + vars: + __resource_hana_filesystem: + id: "{{ sap_ha_pacemaker_cluster_hana_filesystem_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.saphanafilesystem }}" + instance_attrs: + - attrs: + - name: SID + value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" + - name: InstanceNumber + value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" + - name: ON_FAIL_ACTION + value: fence + operations: + - action: start + attrs: + - name: interval + value: 0 + - name: timeout + value: 10 + - action: stop + attrs: + - name: interval + value: 0 + - name: timeout + value: 20 + - action: monitor + attrs: + - name: interval + value: 120 + - name: timeout + value: 180 + when: + - __resource_hana_filesystem.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) + + +- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA Topology" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana_topology] }}" + vars: + __clone_hana_topology: + id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name }}" + resource_id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" + meta_attrs: + - attrs: + - name: clone-max + value: 2 + - name: clone-node-max + value: 1 + - name: interleave + value: "true" + when: + - __clone_hana_topology.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + + +- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA Controller" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_clones: + "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana] }}" + vars: + __clone_hana: + id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name }}" + resource_id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_name }}" + meta_attrs: + - attrs: + - name: clone-max + value: 2 + - name: clone-node-max + value: 1 + - name: interleave + value: "true" + - name: promotable + value: "true" + - name: maintenance + value: "true" + when: + - __clone_hana.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + +- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA Filesystem" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana_filesystem] }}" + vars: + __clone_hana_filesystem: + id: "{{ sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name }}" + resource_id: "{{ sap_ha_pacemaker_cluster_hana_filesystem_resource_name }}" + meta_attrs: + - attrs: + - name: clone-node-max + value: 1 + - name: interleave + value: "true" + when: + - __clone_hana_filesystem.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + +# First start Topology, then HANA (automatically stops in reverse order) +- name: "SAP HA Prepare Pacemaker - Add order constraint: Topology starts before DB" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_constraints_order: + "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_hana_topology] }}" + vars: + __constraint_order_hana_topology: + id: "{{ sap_ha_pacemaker_cluster_hana_order_topology_hana_name }}" + resource_first: + id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name }}" + action: start + resource_then: + id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name }}" + action: start + options: + - name: symmetrical + value: "false" + when: + - __constraint_order_hana_topology.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then')) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml index aa76295a0..6e3bc2803 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml @@ -36,7 +36,8 @@ value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_start_profile_string }}" - name: AUTOMATIC_RECOVER value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_automatic_recover_bool | string }}" - + - name: IS_ERS + value: true - name: "SAP HA Prepare Pacemaker - Define ASCS/ERS instance attributes (ENSA1)" when: sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_ensa1 @@ -60,7 +61,8 @@ value: true -### ASCS/ERS instance filesystems +### Resources +# ASCS/ERS instance filesystems - name: "SAP HA Prepare Pacemaker - Add filesystem resources for ASCS/ERS to resource definition" ansible.builtin.set_fact: __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_filesystem] }}" @@ -238,20 +240,11 @@ when: - __resource_sapinstance_ers.id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) - -################################################# -# Group resources that belong together -# ############################################### - -# ASCS group consists of resources for +### Groups +# ASCS group consists of resources in this order: # - ASCS filesystem # - ASCS instance # - ASCS VIP -# The order of the resources in the group define the order in which they are -# started - resources are stopped in reverse order. -# -# Only resources that were defined as resources to be configured will be -# added to the group. - name: "SAP HA Prepare Pacemaker - Add resource group for ASCS resources" ansible.builtin.set_fact: @@ -280,15 +273,10 @@ - __ascs_group.id is not in (__sap_ha_pacemaker_cluster_resource_groups | map(attribute='id')) -# ERS group consists of resources for +# ERS group consists of resources in this order: # - ERS filesystem # - ERS instance # - ERS VIP -# The order of the resources in the group define the order in which they are -# started - resources are stopped in reverse order. -# -# Only resources that were defined as resources to be configured will be -# added to the group. - name: "SAP HA Prepare Pacemaker - Add resource group for ERS resources" ansible.builtin.set_fact: @@ -319,29 +307,20 @@ - __sap_ha_pacemaker_cluster_resource_groups is defined - __sap_ha_pacemaker_cluster_resource_groups | length > 0 -################################################# -# Constraints -################################################# - -# Constraint parameters are pre-defined from potentially inherited ha_cluster LSR definitions. -# Constraint definitions are combined into these parameters. -# See tasks/ascertain_ha_cluster_in_inventory.yml: -# -# __sap_ha_pacemaker_cluster_constraints_colocation: "{{ ha_cluster_constraints_colocation }}" -# __sap_ha_pacemaker_cluster_constraints_location: "{{ ha_cluster_constraints_location }}" -# __sap_ha_pacemaker_cluster_constraints_order: "{{ ha_cluster_constraints_order }}" +### Constraints # ERS and ASCS resource groups should try to avoid running on the same node - name: "SAP HA Prepare Pacemaker - Add colocation constraint: ERS avoids to run on the ASCS node" ansible.builtin.set_fact: __sap_ha_pacemaker_cluster_constraints_colocation: "{{ __sap_ha_pacemaker_cluster_constraints_colocation + [__constraint_colo_ers] }}" vars: __constraint_colo_ers: + id: "{{ sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name }}" resource_leader: - id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}_group" + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" role: started resource_follower: - id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}_group" + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" options: - name: score value: -5000 @@ -354,11 +333,12 @@ __sap_ha_pacemaker_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_ascs_ers] }}" vars: __constraint_order_ascs_ers: + id: "{{ sap_ha_pacemaker_cluster_nwas_order_ascs_first_name }}" resource_first: - id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}_group" + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" role: started resource_then: - id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}_group" + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" options: - name: symmetrical value: "false" @@ -391,10 +371,10 @@ vars: __constraint_order_sapmnt: resource_first: - id: "{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name }}-clone" + id: "{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name }}" role: started resource_then: - id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}_group" + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" when: - sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed @@ -404,9 +384,9 @@ vars: __constraint_order_sapmnt: resource_first: - id: "{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name }}-clone" + id: "{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name }}" role: started resource_then: - id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}_group" + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" when: - sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers_simple_mount.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers_simple_mount.yml new file mode 100644 index 000000000..6a8441df6 --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers_simple_mount.yml @@ -0,0 +1,215 @@ +--- +# Variables containing variables must be constructed with values +# to be fed into the included ha_cluster role + +# TODO: add conditionals to verify that the same resource agent is not already +# defined in user input variables. Conflicting user input should take precedence. +# +# ASCS ERS simple mount cluster is ENSA2. + +### Resources +# ASCS SAPStartSrv resource definition +- name: "SAP HA Prepare Pacemaker - Add resource: SAPStartSrv for Central Service (ABAP ASCS)" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_sapstartsrv] }}" + vars: + __resource_sapstartsrv: + id: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.sapstartsrv }}" + instance_attrs: + - attrs: + - name: InstanceName + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_instance_name }}" + when: + - __resource_sapstartsrv.id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) + +# ERS SAPStartSrv resource definition +- name: "SAP HA Prepare Pacemaker - Add resource: SAPStartSrv for Central Service (ABAP ERS)" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_sapstartsrv] }}" + vars: + __resource_sapstartsrv: + id: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.sapstartsrv }}" + instance_attrs: + - attrs: + - name: InstanceName + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_instance_name }}" + when: + - __resource_sapstartsrv.id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) + + +# ASCS instance resource definition +- name: "SAP HA Prepare Pacemaker - Add resource: SAPInstance for Central Service (ABAP ASCS)" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_sapinstance] }}" + vars: + __resource_sapinstance: + id: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name }}" + agent: "ocf:heartbeat:SAPInstance" + instance_attrs: + - attrs: + - name: InstanceName + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_instance_name }}" + - name: START_PROFILE + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_start_profile_string }}" + - name: AUTOMATIC_RECOVER + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_automatic_recover_bool | string }}" + - name: MINIMAL_PROBE + value: true + meta_attrs: + - attrs: + - name: resource-stickiness + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_stickiness }}" + operations: + # TODO: Add values for start and stop when they are published. + - action: monitor + attrs: + - name: interval + value: 11 + - name: on-fail + value: restart + - name: timeout + value: 60 + when: + - __resource_sapinstance.id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) + + +# ERS instance resource definition +- name: "SAP HA Prepare Pacemaker - Add resource: SAPInstance for Enqueue Replication Service (ABAP ERS)" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_sapinstance_ers] }}" + vars: + __resource_sapinstance_ers: + id: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name }}" + agent: "ocf:heartbeat:SAPInstance" + instance_attrs: + - attrs: + - name: InstanceName + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_instance_name }}" + - name: START_PROFILE + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_start_profile_string }}" + - name: AUTOMATIC_RECOVER + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_automatic_recover_bool | string }}" + - name: IS_ERS + value: true + - name: MINIMAL_PROBE + value: true + operations: + # TODO: Add values for start and stop when they are published. + - action: monitor + attrs: + - name: interval + value: 11 + - name: on-fail + value: restart + - name: timeout + value: 60 + when: + - __resource_sapinstance_ers.id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) + + +### Groups +# ASCS group consists of resources in this order: +# - ASCS VIP +# - ASCS SAPStartSrv +# - ASCS SAPInstance +- name: "SAP HA Prepare Pacemaker - Add resource group for ASCS resources" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_groups: "{{ __sap_ha_pacemaker_cluster_resource_groups + [__ascs_group] }}" + vars: + __ascs_group: + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" + resource_ids: | + {% set resource_ids_list = [] %} + {%- for resource in + sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_name, + sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name, + sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name, + sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ascs_resource_name %} + {%- if resource | length > 0 + and resource in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) %} + {%- set ids = resource_ids_list.append(resource) %} + {%- endif %} + {%- endfor %} + {{ resource_ids_list }} + meta_attrs: + - attrs: + - name: resource-stickiness + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_group_stickiness }}" + when: + - __ascs_group.id is not in (__sap_ha_pacemaker_cluster_resource_groups | map(attribute='id')) + + +# ERS group consists of resources in this order: +# - ERS VIP +# - ERS SAPStartSrv +# - ERS SAPInstance +- name: "SAP HA Prepare Pacemaker - Add resource group for ERS resources" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_groups: "{{ __sap_ha_pacemaker_cluster_resource_groups + [__ers_group] }}" + vars: + __ers_group: + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" + resource_ids: | + {% set resource_ids_list = [] %} + {%- for resource in + sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_name, + sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name, + sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name, + sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ers_resource_name %} + {%- if resource | length > 0 + and resource in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) %} + {%- set ids = resource_ids_list.append(resource) %} + {%- endif %} + {%- endfor %} + {{ resource_ids_list }} + when: + - __ers_group.id is not in (__sap_ha_pacemaker_cluster_resource_groups | map(attribute='id')) + +- name: "SAP HA Prepare Pacemaker - Display VIP resource group definition if any were built" + ansible.builtin.debug: + var: __sap_ha_pacemaker_cluster_resource_groups + when: + - __sap_ha_pacemaker_cluster_resource_groups is defined + - __sap_ha_pacemaker_cluster_resource_groups | length > 0 + + +### Constraints +# ERS and ASCS resource groups should try to avoid running on the same node +- name: "SAP HA Prepare Pacemaker - Add colocation constraint: ERS avoids to run on the ASCS node" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_constraints_colocation: "{{ __sap_ha_pacemaker_cluster_constraints_colocation + [__constraint_colo_ers] }}" + vars: + __constraint_colo_ers: + id: "{{ sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name }}" + resource_leader: + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" + role: started + resource_follower: + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" + options: + - name: score + value: -5000 + when: + - __constraint_colo_ers.resource_follower not in (__sap_ha_pacemaker_cluster_constraints_colocation | map(attribute='resource_follower')) + +# Optional: ASCS should be started before ERS +- name: "SAP HA Prepare Pacemaker - Add order constraint: first start ASCS group, then ERS group" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_ascs_ers] }}" + vars: + __constraint_order_ascs_ers: + id: "{{ sap_ha_pacemaker_cluster_nwas_order_ascs_first_name }}" + resource_first: + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" + role: started + resource_then: + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" + options: + - name: symmetrical + value: "false" + - name: kind + value: Optional + when: + - __constraint_order_ascs_ers.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then')) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml index ccaae9c04..5d624d549 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml @@ -12,10 +12,63 @@ - sap_ha_pacemaker_cluster_resource_defaults is not defined or sap_ha_pacemaker_cluster_resource_defaults | length == 0 ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_resource_defaults: + sap_ha_pacemaker_cluster_resource_defaults: resource-stickiness: 1 migration-threshold: 3 +# Convert dictionary into ha_cluster format. +- name: "SAP HA Prepare Pacemaker - prepare resource defaults for ha_cluster" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_defaults: "{{ __resource_defaults }}" + vars: + __resource_defaults: + meta_attrs: + - attrs: |- + {% set attrs = __sap_ha_pacemaker_cluster_resource_defaults.meta_attrs | map(attribute='attrs') | flatten -%} + {%- for resource_default in (sap_ha_pacemaker_cluster_resource_defaults | dict2items) -%} + {% if resource_default.key not in + (__sap_ha_pacemaker_cluster_resource_defaults.meta_attrs | map(attribute='attrs') | flatten | map(attribute='name')) -%} + {% set role_attrs = attrs.extend([ + { + 'name': resource_default.key, + 'value': resource_default.value + } + ]) -%} + {%- endif %} + {%- endfor %} + {{ attrs }} + +# Prepare default resource operation defaults +- name: "SAP HA Prepare Pacemaker - Define operation defaults for NetWeaver clusters" + when: + - sap_ha_pacemaker_cluster_operation_defaults is not defined + or sap_ha_pacemaker_cluster_operation_defaults | length == 0 + ansible.builtin.set_fact: + sap_ha_pacemaker_cluster_operation_defaults: + timeout: 600 + record-pending: true + +# Convert dictionary into ha_cluster format. +- name: "SAP HA Prepare Pacemaker - prepare operation defaults for ha_cluster" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_operation_defaults: "{{ __operation_defaults }}" + vars: + __operation_defaults: + meta_attrs: + - attrs: |- + {% set attrs = __sap_ha_pacemaker_cluster_resource_operation_defaults.meta_attrs | map(attribute='attrs') | flatten -%} + {%- for operation_default in (sap_ha_pacemaker_cluster_operation_defaults | dict2items) -%} + {% if operation_default.key not in + (__sap_ha_pacemaker_cluster_resource_operation_defaults.meta_attrs | map(attribute='attrs') | flatten | map(attribute='name')) -%} + {% set role_attrs = attrs.extend([ + { + 'name': operation_default.key, + 'value': operation_default.value + } + ]) -%} + {%- endif %} + {%- endfor %} + {{ attrs }} - name: "SAP HA Prepare Pacemaker - Add NetWeaver common filesystem resources to resource definition" ansible.builtin.set_fact: @@ -103,15 +156,22 @@ __sap_ha_pacemaker_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_common_filesystem] }}" vars: __clone_common_filesystem: + id: |- + {%- if '/sapmnt' in __mountpoint -%} + {{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name }} + {%- elif '/usr/sap/trans' in __mountpoint -%} + {{ sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_clone_name }} + {%- elif '/usr/sap/' + sap_ha_pacemaker_cluster_nwas_abap_sid + '/SYS' in __mountpoint -%} + {{ sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name }} + {%- endif %} resource_id: |- {%- if '/sapmnt' in __mountpoint -%} - {% set idname = sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name %} - {% elif '/usr/sap/trans' in __mountpoint -%} - {% set idname = sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name %} - {% elif '/usr/sap/' + sap_ha_pacemaker_cluster_nwas_abap_sid + '/SYS' in __mountpoint -%} - {% set idname = sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name %} - {% endif %} - {{ idname }} + {{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name }} + {%- elif '/usr/sap/trans' in __mountpoint -%} + {{ sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name }} + {%- elif '/usr/sap/' + sap_ha_pacemaker_cluster_nwas_abap_sid + '/SYS' in __mountpoint -%} + {{ sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name }} + {%- endif %} meta_attrs: - attrs: - name: interleave diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml index 8e5cf4002..e3311324d 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml @@ -52,6 +52,16 @@ # END of block for disabling stonith +# Add additional stonith properties to sap_ha_pacemaker_cluster_cluster_properties +# Checks if pcmk_delay_max is defined and non zero, then multiples it by 2. +- name: "SAP HA Prepare Pacemaker - (STONITH) Add priority-fencing-delay property" + ansible.builtin.set_fact: + sap_ha_pacemaker_cluster_cluster_properties: + "{{ sap_ha_pacemaker_cluster_cluster_properties | combine({'priority-fencing-delay': + sap_ha_pacemaker_cluster_stonith_default.options.pcmk_delay_max | int * 2}) + if sap_ha_pacemaker_cluster_stonith_default.options.pcmk_delay_max is defined + and sap_ha_pacemaker_cluster_stonith_default.options.pcmk_delay_max | int != 0 + else sap_ha_pacemaker_cluster_cluster_properties }}" - name: "SAP HA Prepare Pacemaker - (STONITH) Define cluster properties" when: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml index 6896055ae..2e1b18977 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml @@ -6,6 +6,7 @@ __sap_ha_pacemaker_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_vip] }}" vars: __constraint_order_vip: + id: "{{ sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name }}" resource_first: id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name }}" action: promote @@ -36,12 +37,15 @@ when: - __constraint_order_vip.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then')) - __res_or_grp != 'none_found' # fallback skip if there was neither a group nor any VIP/HC resources found + # SUSE HANA Cluster does not contain order for cln_SAPHana then IP. This is achieved by colocation constraint. + - ansible_os_family != 'Suse' - name: "SAP HA Prepare Pacemaker - Add order constraint: Read-only VIP starts after DB on the secondary" ansible.builtin.set_fact: __sap_ha_pacemaker_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_vip] }}" vars: __constraint_order_vip: + id: "{{ sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name }}" resource_first: id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name }}" action: start @@ -72,7 +76,8 @@ when: - __constraint_order_vip.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then')) - __res_or_grp != 'none_found' # fallback skip if there was neither a group nor any VIP/HC resources found - + # SUSE HANA Cluster does not contain order for cln_SAPHana then IP. This is achieved by colocation constraint. + - ansible_os_family != 'Suse' # The primary VIP only runs where HANA is promoted - name: "SAP HA Prepare Pacemaker - Add colocation constraint: Primary VIP runs where HANA is promoted" @@ -80,11 +85,17 @@ __sap_ha_pacemaker_cluster_constraints_colocation: "{{ __sap_ha_pacemaker_cluster_constraints_colocation + [__constraint_colo_vip] }}" vars: __constraint_colo_vip: + id: "{{ sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name }}" resource_leader: - id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name }}" - role: promoted + # SAPHana is replaced by SAP HANA Controller for SAPHanaSR-angi + id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name if __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hana_resource_clone_name }}" + # SUSE SAPHanaSR is using Master Slave clone using Master/Slave roles + role: "{{ 'master' if ansible_os_family == 'Suse' and not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else 'promoted' }}" resource_follower: id: "{{ __res_or_grp }}" + role: started options: - name: score value: "{{ __colo_score }}" @@ -134,11 +145,17 @@ __sap_ha_pacemaker_cluster_constraints_colocation: "{{ __sap_ha_pacemaker_cluster_constraints_colocation + [__constraint_colo_vip] }}" vars: __constraint_colo_vip: + id: "{{ sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name }}" resource_leader: - id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name }}" - role: unpromoted + # SAPHana is replaced by SAP HANA Controller for SAPHanaSR-angi + id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name if __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hana_resource_clone_name }}" + # SUSE SAPHanaSR is using Master Slave clone using Master/Slave roles + role: "{{ 'slave' if ansible_os_family == 'Suse' and not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else 'unpromoted' }}" resource_follower: id: "{{ __res_or_grp }}" + role: started options: - name: score value: "{{ __colo_score }}" diff --git a/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml b/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml index b3c5ad290..ad449ce7b 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml @@ -63,7 +63,9 @@ # ha_cluster_hacluster_password - name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_repos'" - when: ha_cluster_hacluster_password is defined + when: + - ha_cluster_hacluster_password is defined + - ha_cluster_hacluster_password | length > 0 ansible.builtin.set_fact: __sap_ha_pacemaker_cluster_hacluster_user_password: "{{ ha_cluster_hacluster_password }}" no_log: true # handle credentials with care diff --git a/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml b/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml index 6017e8bda..617429931 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml @@ -2,7 +2,7 @@ # For the sake of readability and maintainability, suppress cosmetical ansible-lint warnings. - name: "SAP HA Prepare Pacemaker - Make a list of potential VIP definitions" ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_all_vip_fact: # noqa: jinja[spacing] + __sap_ha_pacemaker_cluster_all_vip_fact: # noqa jinja[spacing] hana_scaleup_perf: "{{ { sap_ha_pacemaker_cluster_vip_hana_primary_resource_name: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/include_vars_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/include_vars_hana.yml index ed2f2f41b..6c7f8c906 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/include_vars_hana.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/include_vars_hana.yml @@ -1,5 +1,15 @@ --- -- name: SAP HA Prepare Pacemaker - Include HANA landscape specific variables +# Detect presence of SAPHanaSR-angi package before loading HANA variables +# Detection of package availability was chosen instead of OS version check. +# SAPHanaSR-angi will be retrofitted to older SP repositories in future. +- name: "SAP HA Prepare Pacemaker - Detect SAPHanaSR-angi availability" + ansible.builtin.include_tasks: + file: "{{ ansible_facts['os_family'] }}/pre_steps_hana.yml" + when: + - sap_ha_pacemaker_cluster_host_type | select('search', 'hana') | length > 0 + + +- name: "SAP HA Prepare Pacemaker - Include HANA landscape specific variables" ansible.builtin.include_vars: "{{ role_path }}/vars/{{ include_item }}.yml" loop: "{{ __host_type_list | flatten }}" loop_control: @@ -7,7 +17,18 @@ label: "{{ include_item }}.yml" vars: __host_type_list: - - hana_scaleup_common - - "{{ sap_ha_pacemaker_cluster_host_type }}" + - "{{ sap_ha_pacemaker_cluster_host_type | d('hana_scaleup_perf') }}" when: - "(role_path + '/vars/' + include_item + '.yml') is file" + + +# Disable concurrent-fencing for Scale-up scenario. +# This assignment cannot be in scaleup var file, because it results in nested error. +- name: "SAP HA Prepare Pacemaker - Disable concurrent-fencing in properties" + ansible.builtin.set_fact: + sap_ha_pacemaker_cluster_cluster_properties: + "{{ sap_ha_pacemaker_cluster_cluster_properties | combine({'concurrent-fencing': false}) + if sap_ha_pacemaker_cluster_cluster_properties['concurrent-fencing'] is defined + else sap_ha_pacemaker_cluster_cluster_properties }}" + when: + - sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup') | length > 0 diff --git a/roles/sap_ha_pacemaker_cluster/tasks/main.yml b/roles/sap_ha_pacemaker_cluster/tasks/main.yml index e62864c79..4b2119e92 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/main.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/main.yml @@ -60,6 +60,14 @@ file: construct_vars_hana_scaleup.yml when: - sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup') | length > 0 + - not __sap_ha_pacemaker_cluster_saphanasr_angi_available + +- name: "SAP HA Prepare Pacemaker - Include variable construction for SAP HANA Scale-up - Angi" + ansible.builtin.include_tasks: + file: construct_vars_hana_scaleup_angi.yml + when: + - sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup') | length > 0 + - __sap_ha_pacemaker_cluster_saphanasr_angi_available - name: "SAP HA Prepare Pacemaker - Include variable construction for SAP NetWeaver common" ansible.builtin.include_tasks: @@ -75,6 +83,20 @@ loop_var: nwas_build_item when: - "'nwas_abap_ascs' in nwas_build_item" + - not sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + +- name: SAP HA Prepare Pacemaker - Include variable construction for SAP NetWeaver ABAP ASCS/ERS + Simple Mount # noqa name[template] + ansible.builtin.include_tasks: + file: construct_vars_nwas_abap_ascs_ers_simple_mount.yml + loop: "{{ sap_ha_pacemaker_cluster_host_type }}" + loop_control: + loop_var: nwas_build_item + when: + - "'nwas_abap_ascs' in nwas_build_item" + - sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + # TODO: Remove rule when SAPStartSrv resource agents are available on Red Hat + - ansible_os_family == 'Suse' - name: "SAP HA Prepare Pacemaker - Include variable construction for SAP NetWeaver ABAP PAS/AAS" ansible.builtin.include_tasks: @@ -167,32 +189,32 @@ name: "{{ sap_ha_pacemaker_cluster_system_roles_collection }}.ha_cluster" no_log: "{{ __sap_ha_pacemaker_cluster_no_log }}" # some parameters contain secrets - # Resource defaults settings were added to "ha_cluster" in Apr 2023 (GH version 1.9.0) - # https://github.com/linux-system-roles/ha_cluster#ha_cluster_resource_defaults - # Keeping separate for compatibility with older versions of the ha_cluster role. - # TODO: Change resource defaults update to "ha_cluster" native syntax. - - name: "SAP HA Install Pacemaker - Check resource defaults" - ansible.builtin.command: - cmd: | - {{ __sap_ha_pacemaker_cluster_command.resource_defaults_show }} - register: __sap_ha_pacemaker_cluster_check_resource_defaults - run_once: true - changed_when: false - check_mode: false - - - name: "SAP HA Install Pacemaker - Update resource default attributes" - when: - - item.key ~ '=' ~ item.value not in __sap_ha_pacemaker_cluster_check_resource_defaults.stdout - - __sap_ha_pacemaker_cluster_resource_defaults is defined - - __sap_ha_pacemaker_cluster_resource_defaults | length > 0 - ansible.builtin.command: - cmd: | - {{ __sap_ha_pacemaker_cluster_command.resource_defaults_update }} {{ item.key }}={{ item.value }} - loop: "{{ __sap_ha_pacemaker_cluster_resource_defaults | dict2items }}" - loop_control: - label: "{{ item.key }}={{ item.value }}" - run_once: true - changed_when: true + # # Resource defaults settings were added to "ha_cluster" in Apr 2023 (GH version 1.9.0) + # # https://github.com/linux-system-roles/ha_cluster#ha_cluster_resource_defaults + # # Keeping separate for compatibility with older versions of the ha_cluster role. + # # TODO: Change resource defaults update to "ha_cluster" native syntax. + # - name: "SAP HA Install Pacemaker - Check resource defaults" + # ansible.builtin.command: + # cmd: | + # {{ __sap_ha_pacemaker_cluster_command.resource_defaults_show }} + # register: __sap_ha_pacemaker_cluster_check_resource_defaults + # run_once: true + # changed_when: false + # check_mode: false + + # - name: "SAP HA Install Pacemaker - Update resource default attributes" + # when: + # - item.key ~ '=' ~ item.value not in __sap_ha_pacemaker_cluster_check_resource_defaults.stdout + # - __sap_ha_pacemaker_cluster_resource_defaults is defined + # - __sap_ha_pacemaker_cluster_resource_defaults | length > 0 + # ansible.builtin.command: + # cmd: | + # {{ __sap_ha_pacemaker_cluster_command.resource_defaults_update }} {{ item.key }}={{ item.value }} + # loop: "{{ __sap_ha_pacemaker_cluster_resource_defaults | dict2items }}" + # loop_control: + # label: "{{ item.key }}={{ item.value }}" + # run_once: true + # changed_when: true # Corosync post-inst - name: "SAP HA Install Pacemaker - Make sure corosync systemd directory exists" @@ -227,7 +249,24 @@ when: - sap_ha_pacemaker_cluster_host_type | select('search', 'hana') | length > 0 - - name: "SAP HA Install Pacemaker - Include NetWeaver ASCS/ERS post installation" + # Graceful start of SAPHana clone to ensure resource agents are able to load configuration. + - name: "SAP HA Install Pacemaker - Gracefully start SAP HANA cluster" + ansible.builtin.include_tasks: + file: "{{ ansible_facts['os_family'] }}/post_steps_hana_scaleup.yml" + when: + - sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup') | length > 0 + run_once: true + + # Post steps for ACS ERS crmsh cluster to remove unsupported operations + - name: "SAP HA Install Pacemaker - Include NetWeaver ASCS/ERS post steps OS specific" + ansible.builtin.include_tasks: + file: "{{ ansible_facts['os_family'] }}/post_steps_nwas_abap_ascs_ers.yml" + when: + - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_abap') | length > 0 + - ansible_os_family == 'Suse' + run_once: true + + - name: "SAP HA Install Pacemaker - Include NetWeaver ASCS/ERS post steps" ansible.builtin.include_tasks: file: configure_nwas_ascs_ers_postinstallation.yml apply: @@ -236,6 +275,7 @@ when: - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_abap') | length > 0 + ### END OF BLOCK: prerequisite changes and cluster setup # Save all the constructed cluster parameters into a vars file. diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_aws_ec2_vs.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_aws_ec2_vs.yml index 0dbcdf44f..25cf812c5 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_aws_ec2_vs.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_aws_ec2_vs.yml @@ -18,14 +18,15 @@ __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_vip] }}" vars: __resource_vip: - id: "pri_{{ vip_list_item.key }}" + id: "{{ vip_list_item.key }}" # pri_ prefix removed agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents[sap_ha_pacemaker_cluster_vip_method].agent }}" instance_attrs: - attrs: - name: secondary_private_ip value: "{{ vip_list_item.value }}" when: - - ('pri_' ~ vip_list_item.key) not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) +# - ('pri_' ~ vip_list_item.key) not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) + - vip_list_item.key not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) - sap_ha_pacemaker_cluster_vip_method == 'awsvip' - vip_list_item.key in __sap_ha_pacemaker_cluster_vip_resource_list @@ -37,7 +38,7 @@ id: "{{ sap_ha_pacemaker_cluster_vip_group_prefix }}{{ vip_list_item.key }}" resource_ids: - "{{ vip_list_item.key }}" - - "pri_{{ vip_list_item.key }}" +# - "pri_{{ vip_list_item.key }}" when: - __vip_group.id is not in (__sap_ha_pacemaker_cluster_resource_groups | map(attribute='id')) - sap_ha_pacemaker_cluster_vip_method in ['awsvip'] diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_gcp_ce_vm.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_gcp_ce_vm.yml index 2f5d3d600..0e5cb6a16 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_gcp_ce_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_gcp_ce_vm.yml @@ -14,7 +14,7 @@ vars: __resource_vip: id: "{{ vip_list_item.key }}" - agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents['ipaddr'].agent }}" + agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents[sap_ha_pacemaker_cluster_vip_method].agent }}" instance_attrs: - attrs: - name: ip diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_ibmcloud_powervs.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_ibmcloud_powervs.yml index 01d2cf3b0..b8a2abac2 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_ibmcloud_powervs.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_ibmcloud_powervs.yml @@ -7,7 +7,7 @@ vars: __resource_vip: id: "{{ vip_list_item.key }}" - agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents['ipaddr_custom'].agent }}" + agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents[sap_ha_pacemaker_cluster_vip_method].agent }}" instance_attrs: - attrs: - name: ip diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_hyp_ibmpower_vm.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_hyp_ibmpower_vm.yml index 97b662d67..b2ebfb1a7 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_hyp_ibmpower_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_hyp_ibmpower_vm.yml @@ -7,7 +7,7 @@ vars: __resource_vip: id: "{{ vip_list_item.key }}" - agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents['ipaddr'].agent }}" + agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents[sap_ha_pacemaker_cluster_vip_method].agent }}" instance_attrs: - attrs: - name: ip diff --git a/roles/sap_ha_pacemaker_cluster/templates/cluster_create_config.j2 b/roles/sap_ha_pacemaker_cluster/templates/cluster_create_config.j2 index 622cf8e48..98c536090 100644 --- a/roles/sap_ha_pacemaker_cluster/templates/cluster_create_config.j2 +++ b/roles/sap_ha_pacemaker_cluster/templates/cluster_create_config.j2 @@ -12,6 +12,14 @@ ha_cluster_cluster_name: {{ ha_cluster_cluster_name | default('` exists. If yes and not empty, abort the role. - - Check if directory `/usr/sap/` exists. If yes and not empty, abort the role. +- Check if `/usr/sap/hostctrl/exe/saphostctrl` exists and get info on running HANA instances: + - If a conflicting instances exist, the role aborts with a failure + - If the desired instance is running, the role aborts with success +- If `/usr/sap/hostctrl/exe/saphostctrl` does not exist: + - Check if the directory `/hana/shared/` exists. If yes and not empty, abort the role. + - Check if the directory `/usr/sap/` exists. If yes and not empty, abort the role. #### Pre-Install diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index c388228b8..0e82c8e5d 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -20,14 +20,32 @@ sap_hana_install_software_extract_directory: "{{ sap_hana_install_software_direc # set the value to true. By default, this directory will not be removed sap_hana_install_cleanup_extract_directory: false -# Set this variable to `yes` if you want to copy the SAR files from `sap_hana_install_software_directory` +# Set this variable to `true` if you want to copy the SAR files from `sap_hana_install_software_directory` # to `sap_hana_install_software_extract_directory/sarfiles` before extracting. # This might be useful if the SAR files are on a slow fileshare. -sap_hana_install_copy_sarfiles: no +sap_hana_install_copy_sarfiles: false -# Set the following variable to `yes` if you want to keep the copied SAR files. By default, the SAR files will be +# Set the following variable to `true` if you want to keep the copied SAR files. By default, the SAR files will be # removed after extraction. -sap_hana_install_keep_copied_sarfiles: no +sap_hana_install_keep_copied_sarfiles: false + +# For installing SAP HANA with fapolicyd support, set the following variable to `true`: +sap_hana_install_use_fapolicyd: false + +# When using fapolicyd, you can set the following variable to one of `none`, `size`, `sha256`, or `ima`. Note that before setting +# to `ima`, it is essential to prepare the system accordingly (e.g. boot with a different kernel parameter). See the +# RHEL 9 Managing, monitoring, and updating the kernel guide for more information on this topic. +sap_hana_install_fapolicyd_integrity: 'sha256' + +# When using fapolicyd, the following variable is used to define the fapolicyd rule file in which the rules for +# protecting shell scripts are stored. The rule file will be created in the directory '/etc/fapolicyd/rules.d'. +# Note: The mandatory file ending '.rules' will be added in the corresponding task of this role. +sap_hana_install_fapolicyd_rule_file: '71-sap-shellscripts' + +# When using fapolicyd, modify the following variable to change or add the directories which contain SAP HANA executables: +sap_hana_install_fapolicyd_trusted_directories: + - "{{ sap_hana_install_root_path }}" + - '/usr/sap' # File name of SAPCAR*EXE in the software directory. If the variable is not set and there is more than one SAPCAR executable # in the software directory, the latest SAPCAR executable for the CPU architecture will be selected automatically. @@ -39,9 +57,9 @@ sap_hana_install_keep_copied_sarfiles: no # - SAPHOSTAGENT54_54-80004822.SAR # - IMDB_SERVER20_060_0-80002031.SAR -# Set the following variable to `yes` to let the role abort if checksum verification fails for any SAPCAR or SAR file +# Set the following variable to `true` to let the role abort if checksum verification fails for any SAPCAR or SAR file # called or used by the role. -sap_hana_install_verify_checksums: no +sap_hana_install_verify_checksums: false # Checksum algorithm for checksum verification. Default is sha256, for which a checksum is available in the SAP software # download pages. @@ -50,9 +68,9 @@ sap_hana_install_checksum_algorithm: sha256 # In case a global checksum file is present, use the following variable to specify the full path to this file: #sap_hana_install_global_checksum_file: "{{ sap_hana_install_software_directory }}/SHA256" -# Set the following variable to `yes` to let hdbclm verify SAR file signatures. This corresponds to the hdblcm command line +# Set the following variable to `true` to let hdbclm verify SAR file signatures. This corresponds to the hdblcm command line # argument `--verify_signature`. -sap_hana_install_verify_signature: no +sap_hana_install_verify_signature: false # hdblcm configfile related variables: # Directory where to store the hdblcm configfile template and the Jinja2 template: @@ -69,36 +87,35 @@ sap_hana_install_configfile_template_prefix: "hdblcm_configfile_template" # Directory where to download the Jinja2 template: sap_hana_install_local_configfile_directory: '/tmp' -# If you would like to perform an installation check after the installation, set the following variable to 'yes'. +# If you would like to perform an installation check after the installation, set the following variable to 'true'. # Note: This only works if there is no static configfile available in sap_hana_install_configfile_directory. -sap_hana_install_check_installation: no +sap_hana_install_check_installation: false -# Only if sap_hana_install_check_installation (above) is set to 'yes', you can select which command to use by setting the -# following variable to `yes` or `no`. -# yes: use the command 'hdbcheck', with parameters `--remote_execution=ssh` and `--scope=system` -# no: use the command `hdblcm --action=check_installation` -sap_hana_install_use_hdbcheck: yes +# Only if sap_hana_install_check_installation (above) is set to 'true', you can select which command to use by setting the +# following variable to `true` or `false`. +# true: use the command 'hdbcheck', with parameters `--remote_execution=ssh` and `--scope=system` +# false: use the command `hdblcm --action=check_installation` +sap_hana_install_use_hdbcheck: true -# If the following variable is set to yes, the HANA installation check will be skipped -sap_hana_install_force: no +# If the following variable is set to 'true', the HANA installation check will be skipped +sap_hana_install_force: false -# If the following variable is set to `no`, the role will attempt to install SAP HANA even if there is already a sidadm user. -# Default is `yes`. -sap_hana_install_check_sidadm_user: yes +# If the following variable is set to `false`, the role will attempt to install SAP HANA even if there is already a sidadm user. +sap_hana_install_check_sidadm_user: true -# If the following variable is undefined or set to `yes`, the role will perform a fresh SAP HANA installation. -# If set to `no`, additional hosts as specified by variable sap_hana_install_addhosts will be added to +# If the following variable is undefined or set to `true`, the role will perform a fresh SAP HANA installation. +# If set to `false`, additional hosts as specified by variable sap_hana_install_addhosts will be added to # an existing HANA system. -sap_hana_install_new_system: yes +sap_hana_install_new_system: true # The first tenant database is using a port range not within the range of the ports of additional tenant databases. -# In case this is not desired, you can set the following parameter to `yes` to recreate the initial tenant database. -sap_hana_install_recreate_tenant_database: no +# In case this is not desired, you can set the following parameter to `true` to recreate the initial tenant database. +sap_hana_install_recreate_tenant_database: false # For compatibility of SAP HANA with SELinux in enforcing mode, the role will recursively relabel directories and files # in `/hana` before the installation starts and in `/usr/sap` after the installation has finished. -# If relabeling not desired, set the following variable to `no`. -sap_hana_install_modify_selinux_labels: yes +# If relabeling not desired, set the following variable to `false`. +sap_hana_install_modify_selinux_labels: true ################ # Parameters for hdblcm: @@ -114,7 +131,8 @@ sap_hana_install_components: 'all' # Instance details sap_hana_install_sid: sap_hana_install_number: -sap_hana_install_install_path: '/hana/shared' +sap_hana_install_root_path: "{{ '/' + sap_hana_install_install_path.split('/')[1] if sap_hana_install_install_path is defined else '/hana' }}" +sap_hana_install_shared_path: "{{ sap_hana_install_install_path | d(sap_hana_install_root_path + '/shared') }}" # Adjust these accordingly for your installation type sap_hana_install_system_usage: 'custom' @@ -140,7 +158,7 @@ sap_hana_install_use_master_password: 'y' #sap_hana_install_xs_org_password: # Optional steps -sap_hana_install_update_firewall: no +sap_hana_install_update_firewall: false # List of firewall ports for SAP HANA. Note: The structure of the variable is compatible # with the variable `firewall` of Linux System Role `firewall`. @@ -166,14 +184,14 @@ sap_hana_install_firewall: state: 'enabled' } # The following variable is no longer used. Setting /etc/hosts entries is done in role sap_general_preconfigure. -#sap_hana_install_update_etchosts: yes +#sap_hana_install_update_etchosts: true # Post install parameters sap_hana_install_hdbuserstore_key: 'HDB_SYSTEMDB' sap_hana_install_nw_input_location: '/tmp' # License -sap_hana_install_apply_license: no +sap_hana_install_apply_license: false #sap_hana_install_license_path: #sap_hana_install_license_file_name: diff --git a/roles/sap_hana_install/files/tmp/tail-f-hdblcm-install-trc.sh b/roles/sap_hana_install/files/tmp/tail-f-hdblcm-install-trc.sh index eef42909a..b3c248391 100644 --- a/roles/sap_hana_install/files/tmp/tail-f-hdblcm-install-trc.sh +++ b/roles/sap_hana_install/files/tmp/tail-f-hdblcm-install-trc.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash while true; do # in case hdblcm has not yet started, we assume that it is waiting for sapdsigner to complete: diff --git a/roles/sap_hana_install/meta/argument_specs.yml b/roles/sap_hana_install/meta/argument_specs.yml index 6fbc34bed..563a282af 100644 --- a/roles/sap_hana_install/meta/argument_specs.yml +++ b/roles/sap_hana_install/meta/argument_specs.yml @@ -3,11 +3,25 @@ argument_specs: main: short_description: SAP HANA Installation options: # List of variables + sap_hana_install_sid: description: HANA SID type: str # str, list, dict, bool, int, float, path, raw, jsonarg, json, bytes, bits required: false + sap_hana_install_number: description: HANA Instance Number type: str # str, list, dict, bool, int, float, path, raw, jsonarg, json, bytes, bits required: false + + sap_hana_install_fapolicyd_integrity: + default: 'sha256' + description: + - fapolicyd integrity check option + choices: + - 'none' + - 'size' + - 'sha256' + - 'ima' + required: false + type: str diff --git a/roles/sap_hana_install/tasks/assert-addhosts-loop-block.yml b/roles/sap_hana_install/tasks/assert-addhosts-loop-block.yml index 72439716a..55581576f 100644 --- a/roles/sap_hana_install/tasks/assert-addhosts-loop-block.yml +++ b/roles/sap_hana_install/tasks/assert-addhosts-loop-block.yml @@ -2,12 +2,12 @@ - name: SAP HANA Add Hosts - Check for SAP HANA instance profile for '{{ line_item }}' ansible.builtin.stat: - path: "/hana/shared/{{ sap_hana_install_sid }}/profile/{{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{{ line_item }}" + path: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/profile/{{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{{ line_item }}" register: __sap_hana_install_register_instance_profile_addhost - name: SAP HANA Add Hosts - Show the path name of the instance profile ansible.builtin.debug: - msg: "Instance profile: '/hana/shared/{{ sap_hana_install_sid }}/profile/\ + msg: "Instance profile: '{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/profile/\ {{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{{ line_item }}'" - name: SAP HANA Add Hosts - Assert that there is no instance profile for the additional hosts @@ -15,7 +15,7 @@ that: not __sap_hana_install_register_instance_profile_addhost.stat.exists fail_msg: - "FAIL: There is already an instance profile for host '{{ line_item }}', at location:" - - " '/hana/shared/{{ sap_hana_install_sid }}/profile/{{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{'{ line_item }}." + - " '{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/profile/{{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{'{ line_item }}." - "Because of this, the addhost operation will not be performed." success_msg: "PASS: No instance profile was found for host '{{ line_item }}'." diff --git a/roles/sap_hana_install/tasks/hana_addhosts.yml b/roles/sap_hana_install/tasks/hana_addhosts.yml index 776be4f79..63d202d98 100644 --- a/roles/sap_hana_install/tasks/hana_addhosts.yml +++ b/roles/sap_hana_install/tasks/hana_addhosts.yml @@ -31,7 +31,7 @@ gsub ("^\\s*hosts: ", "");print;a=0} }' args: - chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm" + chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm" register: __sap_hana_install_register_hdblcm_list_systems changed_when: false @@ -68,7 +68,7 @@ ansible.builtin.command: "{{ __sap_hana_install_hdblcm_command }}" register: __sap_hana_install_register_hdblcm_add_hosts args: - chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm" + chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm" changed_when: "'SAP HANA Lifecycle Management' in __sap_hana_install_register_hdblcm_add_hosts.stdout" when: not ansible_check_mode @@ -87,7 +87,7 @@ gsub ("^\\s*hosts?: ", ""); print; a=0} }' args: - chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm" + chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm" register: __sap_hana_install_register_addhosts_result changed_when: false when: not ansible_check_mode diff --git a/roles/sap_hana_install/tasks/hana_exists.yml b/roles/sap_hana_install/tasks/hana_exists.yml index 9dbeb50a3..3f352b830 100644 --- a/roles/sap_hana_install/tasks/hana_exists.yml +++ b/roles/sap_hana_install/tasks/hana_exists.yml @@ -63,23 +63,23 @@ when: not __sap_hana_install_register_stat_saphostctrl.stat.exists block: - - name: SAP HANA Checks - Get status of '/hana/shared/{{ sap_hana_install_sid }}' + - name: SAP HANA Checks - Get status of '{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}' ansible.builtin.stat: - path: "/hana/shared/{{ sap_hana_install_sid }}" + path: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}" check_mode: false register: __sap_hana_install_register_stat_hana_shared_sid_assert failed_when: false - - name: SAP HANA Checks - Get contents of '/hana/shared/{{ sap_hana_install_sid }}' + - name: SAP HANA Checks - Get contents of '{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}' ansible.builtin.find: - paths: "/hana/shared/{{ sap_hana_install_sid }}" + paths: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}" patterns: '*' register: __sap_hana_install_register_files_in_hana_shared_sid_assert when: __sap_hana_install_register_stat_hana_shared_sid_assert.stat.exists - - name: SAP HANA Checks - Fail if directory '/hana/shared/{{ sap_hana_install_sid }}' exists and is not empty + - name: SAP HANA Checks - Fail if directory '{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}' exists and is not empty ansible.builtin.fail: - msg: "FAIL: Directory '/hana/shared/{{ sap_hana_install_sid }}' exists and is not empty!" + msg: "FAIL: Directory '{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}' exists and is not empty!" when: - __sap_hana_install_register_stat_hana_shared_sid_assert.stat.exists - __sap_hana_install_register_files_in_hana_shared_sid_assert.matched | int != 0 diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index 697615cca..0af5f8773 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -97,7 +97,7 @@ - name: SAP HANA hdblcm installation check - Construct an hdbcheck command line ansible.builtin.set_fact: __sap_hana_install_fact_installation_check_command: "set -o pipefail && ./hdbcheck -b --read_password_from_stdin=xml - --property_file={{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/global/hdb/install/support/hdbcheck.xml + --property_file={{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/global/hdb/install/support/hdbcheck.xml --remote_execution=ssh --scope=system -b < {{ __sap_hana_install_register_tmpdir.path }}/configfile.cfg.xml" @@ -118,7 +118,7 @@ - name: SAP HANA hdblcm installation check with hdbcheck - Perform the check # noqa command-instead-of-shell ansible.builtin.shell: "{{ __sap_hana_install_fact_installation_check_command }}" args: - chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/global/hdb/install/bin" + chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/global/hdb/install/bin" register: __sap_hana_install_register_installation_check changed_when: false when: sap_hana_install_use_hdbcheck | d(true) @@ -132,7 +132,7 @@ - name: SAP HANA hdblcm installation check with hdblcm - Perform the check # noqa command-instead-of-shell ansible.builtin.shell: "{{ __sap_hana_install_fact_installation_check_command }}" args: - chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm" + chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm" register: __sap_hana_install_register_installation_check changed_when: false when: not sap_hana_install_use_hdbcheck | d(true) @@ -152,7 +152,7 @@ gsub ("^\\s*hosts?: ", ""); gsub (", ", ","); print; a=0} }' args: - chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm" + chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm" register: __sap_hana_install_register_install_result changed_when: no when: not ansible_check_mode @@ -203,3 +203,108 @@ # - ' Host - {{ ansible_hostname }}' # - ' FQDN - {{ ansible_fqdn }}' when: not ansible_check_mode + +- name: SAP HANA Post Install, fapolicyd - Update config for desired integrity level and backout if validation fails + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' + tags: sap_hana_install_use_fapolicyd + block: + + - name: SAP HANA Post Install, fapolicyd - Ensure Ansible marker for 'integrity' is present in fapolicyd config file + ansible.builtin.lineinfile: + path: /etc/fapolicyd/fapolicyd.conf + regexp: '# "integrity" managed by Ansible' + insertbefore: '^integrity\s*=.*' + line: '# "integrity" managed by Ansible' + + - name: SAP HANA Post Install, fapolicyd - Ensure integrity level '{{ sap_hana_install_fapolicyd_integrity }}' is configured" + ansible.builtin.lineinfile: + path: /etc/fapolicyd/fapolicyd.conf + regexp: '^(integrity\s*=.*)' + insertafter: '# "integrity" managed by Ansible' + line: 'integrity = {{ sap_hana_install_fapolicyd_integrity }}' + backup: true + register: __sap_hana_install_fapolicyd_conf_updated + + - name: SAP HANA Post Install, fapolicyd - Validate the new version of the fapolicyd config file + ansible.builtin.command: fapolicyd-cli --check-config + changed_when: false + + rescue: + + - name: SAP HANA Post Install, fapolicyd - Restore fapolicyd config file from backup if validation fails + ansible.builtin.copy: + remote_src: true + dest: /etc/fapolicyd/fapolicyd.conf + src: "{{ __sap_hana_install_fapolicyd_conf_updated['backup'] }}" + owner: root + group: fapolicyd + mode: '0644' + + - name: SAP HANA Post Install, fapolicyd - Notify about failed validation + ansible.builtin.fail: + msg: >- + "The update of the fapolicyd config file failed, likely because an unsupported value has been used for + the parameter 'sap_hana_install_fapolicyd_integrity'. The previous version has been successfully restored." + +- name: SAP HANA Post Install, fapolicyd - Create rule and trust files, enable fapolicyd + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' + tags: sap_hana_install_use_fapolicyd + block: + + - name: SAP HANA Post Install, fapolicyd - Process template for creating rule file '{{ sap_hana_install_fapolicyd_rule_file }}' + ansible.builtin.template: + src: fapolicyd-rules.j2 + dest: "/etc/fapolicyd/rules.d/{{ sap_hana_install_fapolicyd_rule_file }}.rules" + owner: root + group: fapolicyd + mode: '0644' + +# Reason for noqa: The return code of the command is always 0 no matter if there was a change or not + - name: SAP HANA Post Install, fapolicyd - Merge rule files # noqa no-changed-when + ansible.builtin.command: fagenrules --load + register: sap_hana_install_register_fagenrules_load + + - name: SAP HANA Post Install, fapolicyd - Display the output of the command 'fagenrules --load' + ansible.builtin.debug: + msg: "{{ sap_hana_install_register_fagenrules_load.stdout_lines }}" + +# We want to add files which have the execute mode bit set AND which are reported as executables +# by fapolicyd-cli -t, one for each directory of sap_hana_install_fapolicyd_trusted_directories. +# The fapolicy trust file name will be created from the directory names by replacing '/' by '_' and +# omitting the first '_'. + - name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_fapolicyd_trusted_directories' into fapolicyd trust files + ansible.builtin.shell: | + set -o pipefail && + find {{ __sap_hana_install_item }} -type f -executable -exec fapolicyd-cli -t {} \; -print | + awk '/\/x-/{a=1; b=NR} + { + if(a==1 && b==(NR-1)){ + system("fapolicyd-cli --file add "$0" --trust-file \ + {{ __sap_hana_install_item | regex_replace('//*', '_') | regex_replace("^_", "") }}"); a=0; b=0 + } + }' + loop: "{{ sap_hana_install_fapolicyd_trusted_directories }}" + loop_control: + loop_var: __sap_hana_install_item + label: >- + "{{ __sap_hana_install_item }} -> + /etc/fapolicyd/trust.d/{{ __sap_hana_install_item | + regex_replace('//*', '_') | + regex_replace('^_', '') }}" + changed_when: true + + - name: SAP HANA Post Install, fapolicyd - Enable fapolicyd + ansible.builtin.service: + name: fapolicyd + enabled: true + state: started + + - name: SAP HANA Post Install, fapolicyd - Restart fapolicyd + ansible.builtin.service: + name: fapolicyd + enabled: true + state: restarted diff --git a/roles/sap_hana_install/tasks/pre_install.yml b/roles/sap_hana_install/tasks/pre_install.yml index 3e20526c0..df158848c 100644 --- a/roles/sap_hana_install/tasks/pre_install.yml +++ b/roles/sap_hana_install/tasks/pre_install.yml @@ -14,6 +14,35 @@ # sap_hana_install_lss_backup_password: "{{ sap_hana_install_master_password }}" # when: sap_hana_install_use_master_password == 'y' +################ +# Handle fapolicyd +################ + +- name: SAP HANA Pre Install, fapolicyd - Ensure the presence of fapolicyd + ansible.builtin.package: + name: fapolicyd + state: present + when: sap_hana_install_use_fapolicyd + tags: sap_hana_install_use_fapolicyd + +################ +# We must ensure fapolicyd is disabled before installing SAP HANA in all cases +# Otherwise, the installation of SAP HANA will fail +################ + +- name: SAP HANA Pre Install, fapolicyd - Gather package facts + ansible.builtin.package_facts: + tags: sap_hana_install_use_fapolicyd + +- name: SAP HANA Pre Install, fapolicyd - Disable fapolicyd + ansible.builtin.service: + name: fapolicyd + enabled: false + state: stopped + when: + - '"fapolicyd" in ansible_facts.packages' + tags: sap_hana_install_use_fapolicyd + ################ # Prepare software path ################ @@ -77,10 +106,10 @@ owner: root group: root loop: - - '/hana' - - '/hana/shared' - - '/hana/log' - - '/hana/data' + - '{{ sap_hana_install_root_path }}' + - '{{ sap_hana_install_shared_path }}' + - '{{ sap_hana_install_root_path }}/log' + - '{{ sap_hana_install_root_path }}/data' tags: sap_hana_install_chown_hana_directories # SELinux is not currently supported by SAP using SLES4SAP @@ -90,16 +119,16 @@ sap_hana_install_modify_selinux_labels: false when: ansible_os_family == "Suse" - - name: SAP HANA Pre Install - Configure '/hana' SELinux file contexts + - name: SAP HANA Pre Install - Configure 'sap_hana_install_root_path' SELinux file contexts ansible.builtin.include_role: name: '{{ sap_hana_install_system_roles_collection }}.selinux' vars: selinux_booleans: - { name: 'selinuxuser_execmod', state: 'on' } selinux_fcontexts: - - { target: '/hana(/.*)?', setype: 'usr_t' } + - { target: '{{ sap_hana_install_root_path }}(/.*)?', setype: 'usr_t' } selinux_restore_dirs: - - /hana + - '{{ sap_hana_install_root_path }}' when: sap_hana_install_modify_selinux_labels - name: SAP HANA Pre Install - Get info about software extract directory '{{ sap_hana_install_software_extract_directory }}' diff --git a/roles/sap_hana_install/templates/fapolicyd-rules.j2 b/roles/sap_hana_install/templates/fapolicyd-rules.j2 new file mode 100644 index 000000000..20f79847f --- /dev/null +++ b/roles/sap_hana_install/templates/fapolicyd-rules.j2 @@ -0,0 +1,9 @@ +# Deny shell script execution and sourcing under SAP HANA directories +# File managed by Ansible + +deny_audit perm=any all : ftype=text/x-shellscript dir= +{%- for __sap_hana_install_fapolicyd_trusted_directory in sap_hana_install_fapolicyd_trusted_directories -%} +{{ __sap_hana_install_fapolicyd_trusted_directory }}/{{ "" if loop.last else "," }} +{%- endfor %} + trust=0 + diff --git a/roles/sap_hana_install/tests/install/hana-uninstall.yml b/roles/sap_hana_install/tests/install/hana-uninstall.yml index d5b0bbb5c..24b8b16b6 100644 --- a/roles/sap_hana_install/tests/install/hana-uninstall.yml +++ b/roles/sap_hana_install/tests/install/hana-uninstall.yml @@ -11,7 +11,7 @@ seconds: 5 - name: "Force uninstall SAP HANA '{{ sap_hana_install_sid }}' on '{{ ansible_hostname }}'" - shell: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm/hdblcm --uninstall --components=all -b" + shell: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm/hdblcm --uninstall --components=all -b" register: shell_output - name: Display the hdbuninst output diff --git a/roles/sap_hana_install/tests/install/install-vars.yml b/roles/sap_hana_install/tests/install/install-vars.yml index 080c174fa..ce679444a 100644 --- a/roles/sap_hana_install/tests/install/install-vars.yml +++ b/roles/sap_hana_install/tests/install/install-vars.yml @@ -3,7 +3,7 @@ sap_hana_install_new_system: true sap_hana_install_software_directory: '/software/sap_hana_install_test' sap_hana_install_software_extract_directory: '/software/sap_hana_install_test/extracted' -sap_hana_install_install_path: '/hana/shared' +sap_hana_install_shared_path: '/hana/shared' sap_hana_install_sid: 'T01' sap_hana_install_number: '01' sap_hana_install_master_password: 'NewPass$321' diff --git a/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py b/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py index fbf422ec5..9b8f38e3b 100755 --- a/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py +++ b/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py @@ -4,7 +4,6 @@ import sys import datetime import subprocess -import re import shlex import yaml @@ -17,7 +16,7 @@ def print_log(text): # output field delimiter for displaying the results: __field_delimiter = '\t' -if(len(sys.argv) != 3): +if (len(sys.argv) != 3): print('Please provide the name of the managed node and the user name for logging in.') __managed_node = input('Name of managed node: ') __username = input('User name for connecting to managed node: ') @@ -101,11 +100,15 @@ def print_log(text): for par1 in __tests[0:3]: print('\n' + 'Test ' + par1['number'] + ': ' + par1['name']) # prepare the test: - command = ('ansible-playbook prepare-install-test-' - + par1['number'] - + '.yml ' - + '-l ' - + __managed_node) + command = ( + 'ansible-playbook prepare-install-test-' + + par1['number'] + + '.yml ' + + '-u root ' + + '-i ' + + __managed_node + + ',' + ) args = shlex.split(command) # _py_rc = os.system(command) __logfile = __logdir + '/' + __logfile_prefix + __datestr + '-prepare-' + par1['number'] + '.log' @@ -117,14 +120,17 @@ def print_log(text): __filedescriptor.flush() # run the test: - command = ('ansible-playbook run-install-test-' - + par1['number'] - + '.yml ' - + par1['command_line_parameter'] - + '-l ' - + __managed_node - + ' ' - + '-e "') + command = ( + 'ansible-playbook run-install-test-' + + par1['number'] + + '.yml ' + + par1['command_line_parameter'] + + '-u root ' + + '-i ' + + __managed_node + + ', ' + + '-e "' + ) # add all role vars for this test: for par2 in par1['role_vars']: command += str(par2) @@ -150,9 +156,13 @@ def print_log(text): print('Test ' + par1['number'] + ' FAILED!!!') # uninstall SAP HANA: - command = ('ansible-playbook hana-uninstall.yml ' - + '-l ' - + __managed_node) + command = ( + 'ansible-playbook hana-uninstall.yml ' + + '-u root ' + + '-i ' + + __managed_node + + ',' + ) args = shlex.split(command) __logfile = __logdir + '/' + __logfile_prefix + __datestr + '-uninstall-' + par1['number'] + '.log' with open(__logfile, 'wb') as __filedescriptor: @@ -183,7 +193,7 @@ def print_log(text): + '\'' + par1['command_line_parameter'] + '\'' + __field_delimiter + '\'' + par1['expected_output_string'] + '\'' + __field_delimiter) # + '\'' + par1['expected_output_string'] + '\'' + __field_delimiter, end='') - if(len(par1['role_vars']) == 0): + if (len(par1['role_vars']) == 0): print_log('\n') else: for par2 in par1['role_vars']: diff --git a/roles/sap_hana_install/tests/sapcar/run-sap_hana_install-sapcar-tests.py b/roles/sap_hana_install/tests/sapcar/run-sap_hana_install-sapcar-tests.py index d9eceff3d..97b46e1f2 100755 --- a/roles/sap_hana_install/tests/sapcar/run-sap_hana_install-sapcar-tests.py +++ b/roles/sap_hana_install/tests/sapcar/run-sap_hana_install-sapcar-tests.py @@ -9,7 +9,7 @@ # output field delimiter for displaying the results: _field_delimiter = '\t' -if(len(sys.argv) != 3): +if (len(sys.argv) != 3): print('Please provide the name of the managed node and the user name for logging in.') _managed_node = input('Name of managed node: ') _username = input('User name for connecting to managed node: ') diff --git a/roles/sap_hana_preconfigure/defaults/main.yml b/roles/sap_hana_preconfigure/defaults/main.yml index b1dfe49c5..8b95b4982 100644 --- a/roles/sap_hana_preconfigure/defaults/main.yml +++ b/roles/sap_hana_preconfigure/defaults/main.yml @@ -169,8 +169,9 @@ sap_hana_preconfigure_run_grub2_mkconfig: true # It will be used to configure process limits as per step "Configuring Process Resource Limits" of SAP note 2772999. # Example: See README.md -sap_hana_preconfigure_saptune_version: '3.0.2' +sap_hana_preconfigure_saptune_version: '' # Version of saptune to install (SLES for SAP Applications). +# It is recommended to install latest version by keeping this variable empty. # This will replace the current installed version if present, even downgrade if necessary. sap_hana_preconfigure_saptune_solution: 'HANA' diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-selinux.yml b/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-selinux.yml index fa2905ba2..8a24bedf5 100644 --- a/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-selinux.yml +++ b/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-selinux.yml @@ -1,5 +1,18 @@ --- +# Set a new SELinux mode variable to the SELinux status if 'disabled' or otherwise to +# the value of the 'mode' member ('permissive' or 'enforcing') +- name: SELinux - Set an SELinux mode variable + ansible.builtin.set_fact: + __sap_hana_preconfigure_fact_selinux_mode: "{{ (ansible_selinux.status == 'disabled') | ternary(ansible_selinux.status, ansible_selinux.mode) }}" + +- name: SELinux - Warn if the SELinux file contexts cannot be set + ansible.builtin.debug: + msg: "WARN: The SELinux file contexts cannot be set on an SELinux disabled system!" + when: + - sap_hana_preconfigure_modify_selinux_labels + - __sap_hana_preconfigure_fact_selinux_mode == 'disabled' + - name: SELinux - Configure SELinux file contexts ansible.builtin.include_role: name: '{{ sap_hana_preconfigure_system_roles_collection }}.selinux' @@ -10,4 +23,6 @@ - "{{ sap_hana_preconfigure_fact_targets_setypes }}" selinux_restore_dirs: - "{{ sap_hana_preconfigure_hana_directories }}" - when: sap_hana_preconfigure_modify_selinux_labels + when: + - sap_hana_preconfigure_modify_selinux_labels + - __sap_hana_preconfigure_fact_selinux_mode != 'disabled' diff --git a/roles/sap_hana_preconfigure/tasks/SLES/assert-configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/assert-configuration.yml index 6aee0145c..198c5238e 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/assert-configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/assert-configuration.yml @@ -1,9 +1,4 @@ --- -#- name: Enable Debugging -# debug: -# verbosity: "{{ debuglevel }}" -# - - name: Populate service facts ansible.builtin.service_facts: @@ -34,19 +29,21 @@ - name: Set solution fact ansible.builtin.set_fact: - __sap_hana_preconfigure_saptune_configured_solution: "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" + __sap_hana_preconfigure_saptune_configured_solution: + "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" - name: Assert that active solution is the expected solution ansible.builtin.assert: that: __sap_hana_preconfigure_saptune_configured_solution == sap_hana_preconfigure_saptune_solution - fail_msg: "FAIL: the configured saptune solution is '{{ __sap_hana_preconfigure_saptune_configured_solution }}'' and does not match the expected solution '{{ sap_hana_preconfigure_saptune_solution }}'" + fail_msg: "FAIL: the configured saptune solution is '{{ __sap_hana_preconfigure_saptune_configured_solution + }}'' and does not match the expected solution '{{ sap_hana_preconfigure_saptune_solution }}'" success_msg: "PASS: the configured saptune solution matches the expected solution '{{ sap_hana_preconfigure_saptune_solution }}'" # If this is a cluster node on Azure, we need to override to disable tcp timestamps, reuse and recycle. # This can be done by copying the sapnote file 2382421 from /usr/share/saptune/notes to /etc/saptune/override # The value can then override in the in the new file -#- name: Disable TCP timestamps, recycle & reuse +# - name: Disable TCP timestamps, recycle & reuse # ansible.builtin.blockinfile: # path: /etc/saptune/override/2382421 # create: yes diff --git a/roles/sap_hana_preconfigure/tasks/SLES/assert-installation.yml b/roles/sap_hana_preconfigure/tasks/SLES/assert-installation.yml index c54bb6106..79e9442a5 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/assert-installation.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/assert-installation.yml @@ -1,10 +1,5 @@ --- -#- name: Enable Debugging -# debug: -# verbosity: "{{ debuglevel }}" -# - -#Capture all patterns along with their install status +# Capture all patterns along with their install status - name: Get zypper pattern information ansible.builtin.command: zypper patterns register: __sap_hana_preconfigure_zypper_patterns @@ -21,5 +16,9 @@ - name: Assert saptune is at requested version ansible.builtin.assert: that: ansible_facts.packages['saptune'][0]['version'] == sap_hana_preconfigure_saptune_version - fail_msg: "FAIL: saptune version installed is {{ ansible_facts.packages['saptune'][0]['version'] }} but the version {{ sap_hana_preconfigure_saptune_version }} was expected" + fail_msg: "FAIL: saptune version installed is {{ ansible_facts.packages['saptune'][0]['version'] + }} but the version {{ sap_hana_preconfigure_saptune_version }} was expected" success_msg: "PASS: the installed version of saptune meets the expected version: {{ sap_hana_preconfigure_saptune_version }}" + when: + - sap_hana_preconfigure_saptune_version is defined + - sap_hana_preconfigure_saptune_version | length > 0 diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index b588e9d88..d91792f22 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -2,6 +2,12 @@ - name: Takover saptune and enable when: __sap_hana_preconfigure_run_saptune block: + - name: Ensure sapconf is stopped and disabled + ansible.builtin.systemd: + name: sapconf + state: stopped + enabled: false + - name: Make sure that sapconf and tuned are stopped and disabled ansible.builtin.command: "saptune service takeover" register: __sap_saptune_takeover @@ -32,6 +38,41 @@ ansible.builtin.debug: var: __sap_hana_preconfigure_fact_solution_configured +- name: Set GRUB entries + when: __sap_hana_preconfigure_run_saptune + block: + # Reason for noqa: + # no-changed-when: the regex do a check on the element before apply the + # changed item, this prevent a replace to an element that is already in + # the configuration + - name: Set GRUB entries # noqa no-changed-when + ansible.builtin.lineinfile: + path: /etc/default/grub + regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ item }}).*). *$' + line: "\\1 {{ item }}\"" + backrefs: true + register: set_grub_entries + with_items: + - "splash=silent" + - "mitigations=auto" + - "quiet" + - "numa_balancing=disable" + - "transparent_hugepage=never" + - "intel_idle.max_cstate=1" + - "processor.max_cstate=1" + - "audit=1" + + # Reason for noqa: + # no-changed-when: there is already a check on the `when` argument that + # loop over all the results of the previous task and if some of the results + # changed the grub configuration file the `GRUB_post-update_configuration` + # handler will be notify, in the other hands if none of the item changed + # the configuration file no handler will be notify + - name: Trigger grub update if necessary # noqa no-changed-when + ansible.builtin.command: /bin/true + notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler + when: set_grub_entries.results | selectattr('changed', 'equalto', true) | list | length > 0 + - name: Enable sapconf when: not __sap_hana_preconfigure_run_saptune block: diff --git a/roles/sap_hana_preconfigure/tasks/SLES/installation.yml b/roles/sap_hana_preconfigure/tasks/SLES/installation.yml index 3788ec552..a01037e27 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/installation.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/installation.yml @@ -1,8 +1,4 @@ --- -#- name: Enable Debugging -# debug: -# verbosity: "{{ debuglevel }}" -# # Reason for noqa: Both yum and dnf support "state: latest" - name: Ensure that the system is updated to the latest patchlevel # noqa package-latest ansible.builtin.package: @@ -25,13 +21,12 @@ - '"SLES" in sles_baseproduct.stat.lnk_target' - ansible_os_family == 'Suse' -- name: Output - ansible.builtin.debug: - msg: - - "OS Family: {{ ansible_os_family }}" - - "saptune: {{ __sap_hana_preconfigure_run_saptune }}" - - "link: {{ sles_baseproduct.stat.lnk_target }}" -# ----------- +# - name: Output +# ansible.builtin.debug: +# msg: +# - "OS Family: {{ ansible_os_family }}" +# - "saptune: {{ __sap_hana_preconfigure_run_saptune }}" +# - "link: {{ sles_baseproduct.stat.lnk_target }}" - name: Prepare saptune when: @@ -45,12 +40,24 @@ state: present force: true - - name: Ensure saptune is installed + - name: Ensure latest saptune is installed + community.general.zypper: + type: package + name: saptune + state: present + when: + - sap_hana_preconfigure_saptune_version is undefined + or sap_hana_preconfigure_saptune_version | length == 0 + + - name: Ensure specific saptune version is installed community.general.zypper: type: package name: "saptune={{ sap_hana_preconfigure_saptune_version }}" state: present force: true + when: + - sap_hana_preconfigure_saptune_version is defined + - sap_hana_preconfigure_saptune_version | length > 0 - name: Ensure sapconf is installed community.general.zypper: diff --git a/roles/sap_hana_preconfigure/tasks/main.yml b/roles/sap_hana_preconfigure/tasks/main.yml index 08780364a..ca32ccc4c 100644 --- a/roles/sap_hana_preconfigure/tasks/main.yml +++ b/roles/sap_hana_preconfigure/tasks/main.yml @@ -27,6 +27,13 @@ __sap_hana_preconfigure_fact_ansible_distribution_minor_version: '{{ ansible_distribution_version.split(".")[1] }}' when: ansible_distribution == 'RedHat' +# Requirement for package_facts Ansible Module +- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python + ansible.builtin.package: + name: python3-rpm + state: present + when: ansible_os_family == "Suse" + # required for installation and configuration tasks: - name: Gather package facts ansible.builtin.package_facts: diff --git a/roles/sap_hana_preconfigure/tests/run-sap_hana_preconfigure-tests.py b/roles/sap_hana_preconfigure/tests/run-sap_hana_preconfigure-tests.py index 08bc7f554..7feed3311 100755 --- a/roles/sap_hana_preconfigure/tests/run-sap_hana_preconfigure-tests.py +++ b/roles/sap_hana_preconfigure/tests/run-sap_hana_preconfigure-tests.py @@ -186,9 +186,10 @@ print('\n' + 'Test ' + par1['number'] + ': ' + par1['name']) command = ('ansible-playbook sap_hana_preconfigure-default-settings.yml ' + par1['command_line_parameter'] - + '-l ' + + '-u root ' + + '-i ' + _managed_node - + ' ' + + ', ' + '-e "') for par2 in par1['role_vars']: command += str(par2) diff --git a/roles/sap_hana_preconfigure/tools/beautify-assert-output.sh b/roles/sap_hana_preconfigure/tools/beautify-assert-output.sh index f48087c68..3c7e426a7 100755 --- a/roles/sap_hana_preconfigure/tools/beautify-assert-output.sh +++ b/roles/sap_hana_preconfigure/tools/beautify-assert-output.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # default font color: Light Cyan, which should be readable on both bright and dark background __FONT_COLOR=36m diff --git a/roles/sap_install_media_detect/files/tmp/sapfile b/roles/sap_install_media_detect/files/tmp/sapfile index 037480246..034285ef6 100755 --- a/roles/sap_install_media_detect/files/tmp/sapfile +++ b/roles/sap_install_media_detect/files/tmp/sapfile @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # sapfile: Determine and display SAP file type # # Copyright 2023 Bernd Finger, Red Hat @@ -207,12 +207,12 @@ for _FILE in "$@"; do _FILE_OUTPUT=$(file "${_FILE}" | sed 's,'"${_FILE}"': ,,') _GENERIC_FILE_TYPE=$(echo "${_FILE_OUTPUT}" | awk ' BEGIN{_file_type="other"} - /RAR self-extracting archive/{_file_type="rarexe"} - /RAR archive data/{_file_type="rar"} - /Zip archive data/{_file_type="zip"} - /SAPCAR archive data/{_file_type="sapcar"} - /XML/&&/ASCII/{_file_type="xml"} - /directory/{_file_type="dir"} + /RAR self-extracting archive/{_file_type="rarexe"; exit} + /RAR archive data/{_file_type="rar"; exit} + /Zip archive data/{_file_type="zip"; exit} + /SAPCAR archive data/{_file_type="sapcar"; exit} + /XML/&&/ASCII/{_file_type="xml"; exit} + /directory/{_file_type="dir"; exit} END{print _file_type}') if [[ ${_GENERIC_FILE_TYPE}. == "rarexe." ]]; then _list_content="${_LSAR_COMMAND}" @@ -241,23 +241,23 @@ for _FILE in "$@"; do SAP_FILE_TYPE_FROM_FILENAME=$(echo "${_FILE}" | awk ' BEGIN{_sap_file_type="look_inside"} - /SAPCAR/&&/\.EXE/{_sap_file_type="sapcar"} - /IMDB_SERVER/&&/\.SAR/{_sap_file_type="saphana"} - /IMDB_CLIENT/&&/\.SAR/{_sap_file_type="saphana_client"} - !/IMDB_SERVER/&&!/IMDB_CLIENT/&&/IMDB/&&/\.SAR/{_sap_file_type="saphana_other"} - /SWPM/&&/\.SAR/{_sap_file_type="sap_swpm"} - /SAPHOSTAGENT/&&/\.SAR/{_sap_file_type="sap_hostagent"} - /SAPEXE_/{_sap_file_type="sap_kernel"} - /SAPEXEDB_/{_sap_file_type="sap_kernel_db"} - /igsexe/||/igshelper/{_sap_file_type="sap_igs"} - /SAPWEBDISP_/{_sap_file_type="sap_webdisp"} - /SAPJVM/{_sap_file_type="sap_jvm"} - /ASEBC/{_sap_file_type="sapase_client"} - /COMPLETE/{_sap_file_type="saphana_backup"} - /S4/&&/LANG/{_sap_file_type="sap_s4hana_lang"} - /S4/&&/EXPORT/{_sap_file_type="sap_export_s4hana"} - /BW4/&&/EXPORT/{_sap_file_type="sap_export_bw4hana"} - /VCH/&&/\.SAR/{_sap_file_type="saphana_vch_afl"} + /SAPCAR/&&/\.EXE/{_sap_file_type="sapcar"; exit} + /IMDB_SERVER/&&/\.SAR/{_sap_file_type="saphana"; exit} + /IMDB_CLIENT/&&/\.SAR/{_sap_file_type="saphana_client"; exit} + !/IMDB_SERVER/&&!/IMDB_CLIENT/&&/IMDB/&&/\.SAR/{_sap_file_type="saphana_other"; exit} + /SWPM/&&/\.SAR/{_sap_file_type="sap_swpm"; exit} + /SAPHOSTAGENT/&&/\.SAR/{_sap_file_type="sap_hostagent"; exit} + /SAPEXE_/{_sap_file_type="sap_kernel"; exit} + /SAPEXEDB_/{_sap_file_type="sap_kernel_db"; exit} + /igsexe/||/igshelper/{_sap_file_type="sap_igs"; exit} + /SAPWEBDISP_/{_sap_file_type="sap_webdisp"; exit} + /SAPJVM/{_sap_file_type="sap_jvm"; exit} + /ASEBC/{_sap_file_type="sapase_client"; exit} + /COMPLETE/{_sap_file_type="saphana_backup"; exit} + /S4/&&/LANG/{_sap_file_type="sap_s4hana_lang"; exit} + /S4/&&/EXPORT/{_sap_file_type="sap_export_s4hana"; exit} + /BW4/&&/EXPORT/{_sap_file_type="sap_export_bw4hana"; exit} + /VCH/&&/\.SAR/{_sap_file_type="saphana_vch_afl"; exit} END{print _sap_file_type}') if [[ ${SAP_FILE_TYPE_FROM_FILENAME}. == "sap_kernel_db." ]]; then SAP_FILE_TYPE_FROM_FILENAME=$(eval "${_list_content}" "${_FILE}" | awk ' @@ -277,22 +277,22 @@ for _FILE in "$@"; do ${_GENERIC_FILE_TYPE}. == "xml." ]]; then _SAP_FILE_TYPE=$(eval "${_list_content}" "${_FILE}" | awk ' BEGIN{_sap_file_type="sap_unknown"} - /BD_SYBASE_ASE/{_sap_file_type="sapase"} - /ASEBC/{_sap_file_type="sapase_client"} - /MaxDB_7.9/{_sap_file_type="sapmaxdb"} - /19cinstall.sh/{_sap_file_type="oracledb"} - /OCL_LINUX_X86_64/{_sap_file_type="oracledb_client"} - /brtools/{_sap_file_type="oracledb_tools"} - /db2setup/{_sap_file_type="ibmdb2"} - /db6_update_client.sh/{_sap_file_type="ibmdb2_client"} - /db2aese_c.lic/{_sap_file_type="ibmdb2_license"} - /DATA_UNITS\/EXPORT/{_sap_file_type="sap_export_ecc"} - /EXP[0-9]/{_sap_file_type="sap_export_ecc_ides"} - /DATA_UNITS\/EXP[0-9]/{_sap_file_type="sap_export_nwas_abap"} - /DATA_UNITS\/JAVA_EXPORT_JDMP/{_sap_file_type="sap_export_nwas_java"} - /DATA_UNITS\/SOLMAN/&&/_JAVA_UT/{_sap_file_type="sap_export_solman_java"} - / 0 + - sap_install_media_detect_kernel_db == 'saphana' or + sap_install_media_detect_kernel_db == 'sapase' or + sap_install_media_detect_kernel_db == 'sapmaxdb' or + sap_install_media_detect_kernel_db == 'oracledb' or + sap_install_media_detect_kernel_db == 'ibmdb2' block: - name: SAP Install Media Detect - Find files after extraction - Find SAPEXEDB, database specific diff --git a/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml b/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml index 264e17ece..355836b98 100644 --- a/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml +++ b/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml @@ -120,7 +120,7 @@ ansible.builtin.assert: that: - __sap_install_media_detect_fact_files_sapfile_results | selectattr('sap_file_type', 'equalto', 'sap_kernel') | length > 0 - - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'SAPEXE_') | length == 1 + - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'SAPEXE_') | selectattr('archive_type', 'equalto', 'sapcar') | length == 1 fail_msg: "No, or more than one, DB independent SAP Kernel file found" when: - sap_install_media_detect_kernel @@ -129,14 +129,19 @@ ansible.builtin.assert: that: - __sap_install_media_detect_fact_files_sapfile_results | selectattr('sap_file_type', 'search', 'sap_kernel_db_') | length > 0 - - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'SAPEXEDB_') | length == 1 + - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'SAPEXEDB_') | selectattr('archive_type', 'equalto', 'sapcar') | length == 1 fail_msg: "No, or more than one, DB dependent SAP Kernel file found" when: - sap_install_media_detect_kernel - sap_install_media_detect_kernel_db is not defined - name: SAP Install Media Detect - Prepare - Assert that exactly one matching SAP Kernel DB dependent is present - when: sap_install_media_detect_kernel_db is defined + when: + sap_install_media_detect_kernel_db == 'saphana' or + sap_install_media_detect_kernel_db == 'sapase' or + sap_install_media_detect_kernel_db == 'sapmaxdb' or + sap_install_media_detect_kernel_db == 'oracledb' or + sap_install_media_detect_kernel_db == 'ibmdb2' block: - name: SAP Install Media Detect - Prepare - Assert that exactly one SAP Kernel DB dependent for SAP HANA is present @@ -191,7 +196,7 @@ ansible.builtin.assert: that: - __sap_install_media_detect_fact_files_sapfile_results | selectattr('sap_file_type', 'equalto', 'sap_igs') | length > 0 - - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'igsexe') | length > 0 + - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'igsexe') | selectattr('archive_type', 'equalto', 'sapcar') | length > 0 fail_msg: "No igsexe file found" when: - sap_install_media_detect_igs @@ -200,7 +205,7 @@ ansible.builtin.assert: that: - __sap_install_media_detect_fact_files_sapfile_results | selectattr('sap_file_type', 'equalto', 'sap_igs') | length > 0 - - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'igshelper') | length > 0 + - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'igshelper') | selectattr('archive_type', 'equalto', 'sapcar') | length > 0 fail_msg: "No igshelper file found" when: - sap_install_media_detect_igs @@ -209,7 +214,7 @@ ansible.builtin.assert: that: - __sap_install_media_detect_fact_files_sapfile_results | selectattr('sap_file_type', 'equalto', 'sap_webdisp') | length > 0 - - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'SAPWEBDISP_') | length == 1 + - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'SAPWEBDISP_') | selectattr('archive_type', 'equalto', 'sapcar') | length == 1 fail_msg: "No, or more than one, SAPWEBDISP file found" when: - sap_install_media_detect_webdisp diff --git a/roles/sap_install_media_detect/tasks/prepare/move_files_to_main_directory.yml b/roles/sap_install_media_detect/tasks/prepare/move_files_to_main_directory.yml index d1b62656e..5bfae97f1 100644 --- a/roles/sap_install_media_detect/tasks/prepare/move_files_to_main_directory.yml +++ b/roles/sap_install_media_detect/tasks/prepare/move_files_to_main_directory.yml @@ -9,7 +9,7 @@ - name: SAP Install Media Detect - Prepare - Find the relevant non-extract subdirectories # noqa risky-shell-pipe ansible.builtin.shell: cmd: > - ls -d sap_hana sap_swpm_download_basket $({{ __sap_install_media_detect_sapfile_path }} -s) 2>/dev/null | + ls -d sap_hana sap_swpm sap_swpm_download_basket $({{ __sap_install_media_detect_sapfile_path }} -s) 2>/dev/null | awk '{print ("'{{ __sap_install_media_detect_software_main_directory }}'/"$0"/")}' chdir: "{{ __sap_install_media_detect_software_main_directory }}" register: __sap_install_media_detect_register_subdirectories_phase_1b diff --git a/roles/sap_install_media_detect/tasks/set_global_vars.yml b/roles/sap_install_media_detect/tasks/set_global_vars.yml index 659090141..7f449371f 100644 --- a/roles/sap_install_media_detect/tasks/set_global_vars.yml +++ b/roles/sap_install_media_detect/tasks/set_global_vars.yml @@ -135,6 +135,7 @@ - sap_install_media_detect_kernel - sap_install_media_detect_kernel_db is defined - sap_install_media_detect_kernel_db | length > 0 + - sap_install_media_detect_kernel_db != 'none' - name: SAP Install Media Detect - Detection completed - Set facts for SAP IGS ansible.builtin.set_fact: diff --git a/roles/sap_maintain_etc_hosts/defaults/main.yml b/roles/sap_maintain_etc_hosts/defaults/main.yml index bd6c1cf5b..718730176 100644 --- a/roles/sap_maintain_etc_hosts/defaults/main.yml +++ b/roles/sap_maintain_etc_hosts/defaults/main.yml @@ -45,3 +45,7 @@ # the role creates a default value from ansible_facts sap_maintain_etc_hosts_list: "{{ sap_hana_cluster_nodes | default(sap_ha_pacemaker_cluster_cluster_nodes) | default(omit) }}" + +# regex patterns for IP address validation: +sap_maintain_etc_hosts_regexp_ipv4: '^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$' +sap_maintain_etc_hosts_regexp_ipv6: '^(?:[a-fA-F0-9]{0,4}:){7}[a-fA-F0-9]{0,4}$' diff --git a/roles/sap_maintain_etc_hosts/meta/argument_specs.yml b/roles/sap_maintain_etc_hosts/meta/argument_specs.yml index 4244e41ed..a52430bf7 100644 --- a/roles/sap_maintain_etc_hosts/meta/argument_specs.yml +++ b/roles/sap_maintain_etc_hosts/meta/argument_specs.yml @@ -82,3 +82,15 @@ argument_specs: state: absent - node_name: host2 state: absent + + sap_maintain_etc_hosts_regexp_ipv4: + default: '^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$' + description: + - regex pattern for IPv4 address validation + type: str + + sap_maintain_etc_hosts_regexp_ipv6: + default: '^(?:[a-fA-F0-9]{0,4}:){7}[a-fA-F0-9]{0,4}$' + description: + - regex pattern for IPv6 address validation + type: str diff --git a/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml b/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml index dddf8f467..9155ba151 100644 --- a/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml +++ b/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml @@ -1,8 +1,13 @@ --- - name: Verify that variable node_ip is in the correct format ansible.builtin.assert: - that: thishost.node_ip is ansible.utils.ip - msg: "Variable 'node_ip' is not an IP address. Please use the correct format" + that: thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv4) or + thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv6) + msg: | + "The IP address of this host does not have a correct format. + Configure the IP address appropriately in of the following variables: + - sap_ip + - sap_maintain_etc_hosts_list, member node_ip" when: thisnode.node_ip is defined - name: Ensure that either IP address or hostname is defined @@ -12,7 +17,7 @@ ((thishost.node_ip is undefined) and (thishost.node_name is defined)) msg: "Invalid delete item. Please define either node_ip only or node_name. In the latter case node_domain is optional." -- name: Ensure that the entry all entries in hosts file are removed with IP {{ thishost.node_ip | d('undefined') }} +- name: Ensure that all entries with IP {{ thishost.node_ip | d('undefined') }} in /etc/hosts are absent ansible.builtin.lineinfile: path: "{{ __sap_maintain_etc_hosts_file }}" regexp: '^{{ thishost.node_ip }}\s' @@ -25,7 +30,7 @@ become_user: root become: true -- name: Ensure that the entry all entries in hosts file are removed with name {{ thishost.node_name | d('undefined') }} +- name: Ensure that all entries with name {{ thishost.node_name | d('undefined') }} in /etc/hosts are absent ansible.builtin.lineinfile: path: "{{ __sap_maintain_etc_hosts_file }}" regexp: '^.*\s{{ thishost.node_name }}\s' @@ -39,7 +44,7 @@ become_user: root become: true -- name: Ensure that the entry all enries in hosts file are removed with FQDN +- name: Ensure that all enries with the specified FQDN in /etc/hosts are absent ansible.builtin.lineinfile: path: "{{ __sap_maintain_etc_hosts_file }}" regexp: '^.*\s{{ thishost.node_name + "." + thishost.node_domain }}\s' diff --git a/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml b/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml index 54714284c..c3c22fdc0 100644 --- a/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml +++ b/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml @@ -2,30 +2,46 @@ - name: Verify that variable node_ip is set ansible.builtin.assert: that: not( ( thishost.node_ip is undefined) or ( thishost.node_ip is none) or ( thishost.node_ip | trim == '') ) - msg: "Variable 'node_ip' is undefined or empty. Please define it in your host list." + msg: | + "The IP address of this host not known. You can solve this problem by + configuring your managed node accordingly or by setting one of the following variables: + - sap_ip + - sap_maintain_etc_hosts_list, member node_ip" -- name: Verify that variable node_ip is in the correct format +- name: Verify that variable node_ip is using the correct IP address format ansible.builtin.assert: - that: thishost.node_ip is ansible.utils.ip - msg: "Variable 'node_ip' is not an IP address. Please use the correct format" + that: thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv4) or + thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv6) + msg: | + "The IP address of this host does not have a correct format. + Configure the IP address appropriately in of the following variables: + - sap_ip + - sap_maintain_etc_hosts_list, member node_ip" - name: Verify that variable node_name is set ansible.builtin.assert: that: not( ( thishost.node_name is undefined) or ( thishost.node_name is none) or ( thishost.node_name | trim == '') ) - msg: "Variable 'node_name' is undefined or empty. Please define it your host list" + msg: | + "The hostname of this host not known. You can solve this problem by + configuring your managed node accordingly or by setting one of the following variables: + - sap_hostname + - sap_maintain_etc_hosts_list, member node_name" - name: Ensure node_domain is set ansible.builtin.set_fact: __sap_maintain_etc_hosts_domain: "{{ thishost.node_domain | default(sap_domain) | default(ansible_domain) }}" -# Necessary, if defaults are both undefined - name: Verify that variable domain_name is set ansible.builtin.assert: that: > not( ( __sap_maintain_etc_hosts_domain is undefined) or ( __sap_maintain_etc_hosts_domain is none) or ( __sap_maintain_etc_hosts_domain | trim == '') ) - msg: "Variable 'domain_name' is undefined or empty. Please define it your host list" + msg: | + "The DNS domain of this host not known. You can solve this problem by + configuring your DNS accordingly or by setting one of the following variables: + - sap_domain + - sap_maintain_etc_hosts_list, member node_domain" - name: Set default values ansible.builtin.set_fact: @@ -40,10 +56,10 @@ # The following block reads the existing aliases of a host from /etc/hosts # and merges it with the defined aliases in the struct # -# 1. select the line, where the first entry is the ip-adress thishost.node_ip +# 1. select the line where the first entry is the ip-adress thishost.node_ip # 2. loop over all hostname entries in the selected line (2 bis NF=last element in line) # 3. stop looping when a comment sign is found (because these are comments) -# 4. print an element, if it is not the hostname or FQDN we want to add +# 4. print an element if it is not the hostname or FQDN we want to add # # => __sap_maintain_etc_hosts_register_aliases.stdout contains a list of aliases of thishost.node_ip # diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml index 58ca75c3e..f3401bb7f 100644 --- a/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml @@ -2,6 +2,12 @@ - name: Takover saptune and enable when: __sap_netweaver_preconfigure_run_saptune block: + - name: Ensure sapconf is stopped and disabled + ansible.builtin.systemd: + name: sapconf + state: stopped + enabled: false + - name: Make sure that sapconf and tuned are stopped and disabled ansible.builtin.command: "saptune service takeover" register: __sap_saptune_takeover diff --git a/roles/sap_netweaver_preconfigure/tasks/main.yml b/roles/sap_netweaver_preconfigure/tasks/main.yml index f0720b02e..c2855bb89 100644 --- a/roles/sap_netweaver_preconfigure/tasks/main.yml +++ b/roles/sap_netweaver_preconfigure/tasks/main.yml @@ -22,6 +22,13 @@ assert_prefix: "assert-" when: sap_netweaver_preconfigure_assert | d(false) +# Requirement for package_facts Ansible Module +- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python + ansible.builtin.package: + name: python3-rpm + state: present + when: ansible_os_family == "Suse" + # required for installation and configuration tasks: - name: Gather package facts ansible.builtin.package_facts: diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml index 3b4dcb41c..37883f1cd 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml @@ -5,23 +5,51 @@ msg: "SAP note {{ (__sap_netweaver_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3119751$') | first).number }} (version {{ (__sap_netweaver_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3119751$') | first).version }}): Linux Requirements for SAP Kernel 754 and for SAP Kernel 788 and higher" -- name: Get info about the compat-sap-c++-10.so file - ansible.builtin.stat: - path: /opt/rh/SAP/lib64/compat-sap-c++-10.so - register: __sap_netweaver_preconfigure_register_stat_compat_sap_cpp +# Note: This file is only included for RHEL 8, so no further when condition is required here. -- name: Create directory '{{ sap_netweaver_preconfigure_rpath }}' +- name: Identify all 'compat-sap-c++-NUM.so' symlinks with NUM >= 10 + ansible.builtin.find: + paths: '/opt/rh/SAP/lib64' + patterns: "compat-sap-c\\+\\+-1[0-9].so" + file_type: link + use_regex: true + register: __sap_netweaver_preconfigure_register_find_compat_sap_cpp + +# Note: The symlink compat-sap-c++-NUM.so with NUM >= 10 will be available if the role sap_general_preconfigure has been run before, +# which is a requirement. +- name: Fail if there is no 'compat-sap-c++-NUM.so' symlink with NUM >= 10 + ansible.builtin.fail: + msg: There is no symlink '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10! + when: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched == 0 + +# Note: All following tasks depend on the previous task not having failed, so no further when condition is used below. +- name: Set fact for the latest 'compat-sap-c++.NUM.so' symlink + ansible.builtin.set_fact: + __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest: >- + {{ __sap_netweaver_preconfigure_register_find_compat_sap_cpp.files + | map(attribute = 'path') + | sort | last | basename }} + +- name: Display the identified 'compat-sap-c++-NUM.so' symlink + ansible.builtin.debug: + msg: "Symlink '/opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}' is present." + +- name: Ensure there is a symlink in directory '/opt/rh/SAP/lib64' named 'libstdc++.so.6', pointing to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}' + ansible.builtin.file: + src: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}" + dest: "/opt/rh/SAP/lib64/libstdc++.so.6" + state: link + +- name: Ensure directory '{{ sap_netweaver_preconfigure_rpath }}' is present ansible.builtin.file: path: "{{ sap_netweaver_preconfigure_rpath }}" state: directory owner: root group: root mode: '0755' - when: __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists -- name: Create a link to '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' +- name: Ensure there is a symlink in directory '{{ sap_netweaver_preconfigure_rpath }}' named 'libstdc++.so.6' pointing to '/opt/rh/SAP/lib64/libstdc++.so.6' ansible.builtin.file: - src: /opt/rh/SAP/lib64/compat-sap-c++-10.so + src: /opt/rh/SAP/lib64/libstdc++.so.6 dest: "{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6" state: link - when: __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml index afe510cdd..54391eba0 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml @@ -5,46 +5,63 @@ msg: "SAP note {{ (__sap_netweaver_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3119751$') | first).number }} (version {{ (__sap_netweaver_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3119751$') | first).version }}): Linux Requirements for SAP Kernel 754 and for SAP Kernel 788 and higher" -- name: Get info about the compat-sap-c++-10.so file - ansible.builtin.stat: - path: /opt/rh/SAP/lib64/compat-sap-c++-10.so - register: __sap_netweaver_preconfigure_register_stat_compat_sap_cpp +# Note: This file is only included for RHEL 8, so no further when condition is required here. -- name: Report if checking for a link from libstdc++.so.6 to compat-sap-c++-10.so is skipped - ansible.builtin.debug: - msg: "INFO: Not checking for link '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' - file '/opt/rh/SAP/lib64/compat-sap-c++-10.so' does not exist on this system." - when: not __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists +- name: Identify all 'compat-sap-c++-NUM.so' symlinks with NUM >= 10 + ansible.builtin.find: + paths: '/opt/rh/SAP/lib64' + patterns: "compat-sap-c\\+\\+-1[0-9].so" + file_type: link + use_regex: true + register: __sap_netweaver_preconfigure_register_find_compat_sap_cpp -- name: Get info about file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' - ansible.builtin.stat: - path: "{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6" - register: __sap_netweaver_preconfigure_register_stat_libstdc_assert - when: __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists - -- name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' exists +# Note: The symlink compat-sap-c++-NUM.so with NUM >= 10 will be available if the role sap_general_preconfigure has been run before, +# which is a requirement. +- name: Assert that there is at least one symlink '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10 ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_libstdc_assert.stat.exists - fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' does not exist!" - success_msg: "PASS: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' exists." + that: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched > 0 + fail_msg: "FAIL: There is no symlink '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10!" + success_msg: "PASS: There is at least one symlink '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10!" ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - when: __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists -- name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a link +- name: Set fact for the latest 'compat-sap-c++.NUM.so' symlink + ansible.builtin.set_fact: + __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest: >- + {{ __sap_netweaver_preconfigure_register_find_compat_sap_cpp.files + | map(attribute = 'path') + | sort | last | basename }} + when: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched > 0 + +# Verify /opt/rh/SAP/lib64/libstdc++.so.6: +- name: Get info about file '/opt/rh/SAP/lib64/libstdc++.so.6' + ansible.builtin.stat: + path: /opt/rh/SAP/lib64/libstdc++.so.6 + register: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert + failed_when: false + +- name: Assert that file '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}' ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_libstdc_assert.stat.islnk - fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is not a link!" - success_msg: "PASS: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a link." + that: + - __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.exists + - __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.islnk + - __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.lnk_target == __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest + fail_msg: "FAIL: File '/opt/rh/SAP/lib64/libstdc++.so.6' does not exist or is not a symlink to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}!'" + success_msg: "PASS: File '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}'." ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - when: - - __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists - - __sap_netweaver_preconfigure_register_stat_libstdc_assert.stat.exists -- name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a link to '/opt/rh/SAP/lib64/compat-sap-c++-10.so' +# Verify libstdc++.so.6 in RPATH /usr/sap/lib: +- name: Get info about file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' + ansible.builtin.stat: + path: "{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6" + register: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert + failed_when: false + +- name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a symlink to '/opt/rh/SAP/lib64/libstdc++.so.6' ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_libstdc_assert.stat.lnk_target == '/opt/rh/SAP/lib64/compat-sap-c++-10.so' - fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is not a link to '/opt/rh/SAP/lib64/compat-sap-c++-10.so!'" - success_msg: "PASS: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a link to '/opt/rh/SAP/lib64/compat-sap-c++-10.so.'" + that: + - __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.exists + - __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.islnk + - __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.lnk_target == '/opt/rh/SAP/lib64/libstdc++.so.6' + fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' does not exist or is not a symlink to '/opt/rh/SAP/lib64/libstdc++.so.6'!" + success_msg: "PASS: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a symlink to '/opt/rh/SAP/lib64/libstdc++.so.6'." ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - when: - - __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists - - __sap_netweaver_preconfigure_register_stat_libstdc_assert.stat.exists diff --git a/roles/sap_netweaver_preconfigure/tests/run-sap_netweaver_preconfigure-tests.py b/roles/sap_netweaver_preconfigure/tests/run-sap_netweaver_preconfigure-tests.py index 30cc2501d..766b45d5f 100755 --- a/roles/sap_netweaver_preconfigure/tests/run-sap_netweaver_preconfigure-tests.py +++ b/roles/sap_netweaver_preconfigure/tests/run-sap_netweaver_preconfigure-tests.py @@ -98,9 +98,10 @@ print('\n' + 'Test ' + par1['number'] + ': ' + par1['name']) command = ('ansible-playbook sap_netweaver_preconfigure-default-settings.yml ' + par1['command_line_parameter'] - + '-l ' + + '-u root ' + + '-i ' + _managed_node - + ' ' + + ', ' + '-e "') for par2 in par1['role_vars']: command += str(par2) diff --git a/roles/sap_netweaver_preconfigure/tools/beautify-assert-output.sh b/roles/sap_netweaver_preconfigure/tools/beautify-assert-output.sh index f48087c68..3c7e426a7 100755 --- a/roles/sap_netweaver_preconfigure/tools/beautify-assert-output.sh +++ b/roles/sap_netweaver_preconfigure/tools/beautify-assert-output.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # default font color: Light Cyan, which should be readable on both bright and dark background __FONT_COLOR=36m diff --git a/roles/sap_netweaver_preconfigure/vars/RedHat_8.yml b/roles/sap_netweaver_preconfigure/vars/RedHat_8.yml index 89f297948..9bd5223a0 100644 --- a/roles/sap_netweaver_preconfigure/vars/RedHat_8.yml +++ b/roles/sap_netweaver_preconfigure/vars/RedHat_8.yml @@ -8,7 +8,7 @@ __sap_netweaver_preconfigure_sapnotes: __sap_netweaver_preconfigure_sapnotes_versions: - { number: '2526952', version: '5' } - - { number: '3119751', version: '4' } + - { number: '3119751', version: '13' } __sap_netweaver_preconfigure_packages: - tuned-profiles-sap diff --git a/roles/sap_storage_setup/README.md b/roles/sap_storage_setup/README.md index 4c4e12746..1f3394813 100644 --- a/roles/sap_storage_setup/README.md +++ b/roles/sap_storage_setup/README.md @@ -15,7 +15,7 @@ This Ansible Role has been tested for the following SAP software deployment type This Ansible Role is agnostic, and will run on any Infrastructure Platform. Only LVM is used for local/block storage, to allow for further expansion if the SAP System requires further storage space in the future. -Please note, while this Ansible Role has protection against overwrite of existing disks and filesystems - sensibile review and care is required for any automation of disk storage. Please review the documentation and samples/examples carefully. It is strongly suggested to initially execute the Ansible Playbook calling this Ansible Role, with `ansible-playbook --check` for Check Mode - this will perform no changes to the host and show which changes would be made. +Please note, while this Ansible Role has protection against overwrite of existing disks and filesystems - sensible review and care is required for any automation of disk storage. Please review the documentation and samples/examples carefully. It is strongly suggested to initially execute the Ansible Playbook calling this Ansible Role, with `ansible-playbook --check` for Check Mode - this will perform no changes to the host and show which changes would be made. ## Requirements diff --git a/roles/sap_storage_setup/tasks/generic_tasks/map_single_disks_to_filesystems.yml b/roles/sap_storage_setup/tasks/generic_tasks/map_single_disks_to_filesystems.yml index b3754bfde..b70e6574e 100644 --- a/roles/sap_storage_setup/tasks/generic_tasks/map_single_disks_to_filesystems.yml +++ b/roles/sap_storage_setup/tasks/generic_tasks/map_single_disks_to_filesystems.yml @@ -9,24 +9,31 @@ - name: SAP Storage Setup - Make a list of unused disk devices of the requested sizes ansible.builtin.set_fact: available_devices: | - {% set av_disks = [] %} - {% set all_disks = (ansible_devices | dict2items) %} - {% for disk in all_disks %} - {%- for fs in sap_storage_setup_new_mounts_fact %} + {%- set av_disks = [] -%} + {%- set all_disks = (ansible_devices | dict2items) -%} + {%- for disk in all_disks -%} + {%- for fs in sap_storage_setup_new_mounts_fact -%} + {%- if disk.value.size | regex_search('.*TB$') -%} + {%- set disk_size_gb = (((( disk.value.size | replace(' TB','') | float * 1024) /8) | round(0,'ceil') * 8) | int) -%} + {%- else -%} + {%- set disk_size_gb = (disk.value.size | regex_replace('(\.\d+\s*)', '') | replace('GB','') | int) -%} + {%- endif -%} {%- if not disk.key.startswith('dm-') and disk.value.links.uuids | length == 0 and disk.value.partitions | length == 0 and fs.disk_size is defined - and (fs.disk_size | string + 'GB') in (disk.value.size | regex_replace('(\.\d+\s*)', '')) %} - {%- set add_to_list = av_disks.append(disk) %} - {%- endif %} - {%- endfor %} - {%- endfor %} + and ((disk_size_gb-8) <= fs.disk_size <= (disk_size_gb+8)) -%} + {%- set add_to_list = av_disks.append(disk) -%} + {%- endif -%} + {%- endfor -%} + {%- endfor -%} {{ av_disks | items2dict }} # !! # If the DISK MATCHING syntax has changed in the above, it must also -# be adjusted in the next task +# be adjusted in the next task. +# As ansible_devices returns only human-readable format, handling +# for TB is provided and default is GB; use of MB and PB will error. # !! ########## @@ -60,16 +67,22 @@ -%} {%- for dev in av_dev -%} - {%- if (fs.disk_size | string + 'GB') in (dev.value.size | regex_replace('(\.\d+\s*)', '')) + + {%- if dev.value.size | regex_search('.*TB$') -%} + {% set disk_size_gb = (((( dev.value.size | replace(' TB','') | float * 1024) /8) | round(0,'ceil') * 8) | int) -%} + {%- else -%} + {% set disk_size_gb = (dev.value.size | regex_replace('(\.\d+\s*)', '') | replace('GB','') | int) -%} + {%- endif -%} + {%- if (disk_size_gb-8) <= fs.disk_size <= (disk_size_gb+8) and dev.key not in assigned_dev and dev.value.holders | length == 0 - and matching_dev | length < (fs.lvm_lv_stripes | d('1') | int) %} + and matching_dev | length < (fs.lvm_lv_stripes | d('1') | int) -%} - {%- set assigned = assigned_dev.append(dev.key) %} - {%- set add = matching_dev.append('/dev/' + dev.key) %} + {%- set assigned = assigned_dev.append(dev.key) -%} + {%- set add = matching_dev.append('/dev/' + dev.key) -%} + {%- endif -%} - {%- endif %} - {%- endfor %} + {%- endfor -%} {%- if matching_dev | length > 0 -%} {%- set extend = device_map.extend([ @@ -80,10 +93,10 @@ 'name': fs.name, 'size': fs.disk_size, } - ]) %} - {%- endif %} - {%- endif %} - {%- endfor %} + ]) -%} + {%- endif -%} + {%- endif -%} + {%- endfor -%} {{ device_map }} diff --git a/roles/sap_swpm/defaults/main.yml b/roles/sap_swpm/defaults/main.yml index f1e146786..c3956bf99 100644 --- a/roles/sap_swpm/defaults/main.yml +++ b/roles/sap_swpm/defaults/main.yml @@ -11,6 +11,36 @@ sap_swpm_ansible_role_mode: "default" # advanced_templates # inifile_reuse +######################################## +# SWPM Ansible Role variables +# for setting owner, group, and permissions for the SAP files in sap_swpm_software_path +######################################## +# +# Set the following parameter to false to not change the owner, group, and permissions of the files in sap_swpm_software_path. +# The default is true. +sap_swpm_set_file_permissions: true +# +# The following 9 parameters define the default permission and ownership settings as per the +# Installation of SAP ABAP Systems on UNIX : SAP HANA 2.0 Database - Using Software Provisioning Manager 2.0 guide +# https://help.sap.com/docs/SLTOOLSET/39c32e9783f6439e871410848f61544c/c1f95d30d0ba4335919bf6e6f44263b2.html?version=CURRENT_VERSION_SWPM20 +# The guide mentions 755 as the minimum permission for the SPWM download directory and a umask setting of 022 for the user +# which downloads the SAP software. +# +# Access permissions and ownership for all directories in sap_swpm_software_path, for sap_swpm_sapcar_path, and for sap_swpm_swpm_path: +sap_swpm_software_directory_mode: '0755' +sap_swpm_software_directory_owner: root +sap_swpm_software_directory_group: root +# +# Access permissions and ownership for the SAPCAR*EXE file in sap_swpm_sapcar_path: +sap_swpm_files_sapcar_mode: '0755' +sap_swpm_files_sapcar_owner: root +sap_swpm_files_sapcar_group: root +# +# Access permissions and ownership for all non-SAPCAR*EXE files in sap_swpm_software_path and for SWPM*.SAR in sap_swpm_swpm_path: +sap_swpm_files_non_sapcar_mode: '0644' +sap_swpm_files_non_sapcar_owner: root +sap_swpm_files_non_sapcar_group: root + ######################################## # SWPM Ansible Role variables @@ -85,6 +115,7 @@ sap_swpm_inifile_list: - nw_config_ports # - nw_config_java_ume # - nw_config_java_feature_template_ids +# - nw_config_java_icm_credentials # - nw_config_webdisp_generic # - nw_config_webdisp_gateway - nw_config_host_agent @@ -96,7 +127,6 @@ sap_swpm_inifile_list: ## Not in use # - swpm_installation_media_download_service -# - solman_credentials_swpm1 # - solman_abap_swpm1 # - solman_daa_swpm1 @@ -115,8 +145,9 @@ sap_swpm_sapcar_path: sap_swpm_sapcar_file_name: # SWPM path and file name, only path is mandatory. The script will automatically get file_name -sap_swpm_swpm_path: +sap_swpm_swpm_path: # e.g. /software/sap_swpm sap_swpm_swpm_sar_file_name: +sap_swpm_software_extract_directory: # e.g. /software/sap_swpm_extracted # Note: # When using SWPM2 (for modern SAP products such as S/4 B/4), using .SAR files is recommended - param value should be false @@ -199,11 +230,15 @@ sap_swpm_virtual_hostname: "initial" ######################################## # SWPM Ansible Role variables # for Default Mode -# - Lookup list of Feature Template IDs +# - Lookup list of NWAS JAVA Feature Template IDs ######################################## -sap_swpm_java_template_id_selected_list: - - java_engine_ee +# Two methods exist for SAP NWAS JAVA, jload and extramile (BatchDeployer) before call to Deploy Controller Runner +# Default to extramile for SAP NWAS JAVA, except SAP S/4HANA +sap_swpm_java_import_method: "{{ 'jload' if 'S4H' in sap_swpm_product_catalog_id else 'extramile' }}" + +# Use empty list which will create inifile parameter as blank for default installation +sap_swpm_java_template_id_selected_list: [] sap_swpm_java_template_id_lookup_dictionary: java_nwas_as: @@ -240,6 +275,14 @@ sap_swpm_java_template_id_lookup_dictionary: - 01200615324800001035 # Solution Manager, includes java_nwas_as (01200615324800000135) and java_engine_ee (01200615324800000125) java_demo: - 01200615324800002898 # Demo Applications + s4hana_java_as: + - '73554900104800002396' # SAP S/4HANA Java + s4hana_java_adobe_document_services: + - '73554900104800002328' # SAP S/4HANA Java Adobe Document Services, includes s4hana_java_as (73554900104800002396) + s4hana_java_enterprise_service_repository: + - '73554900104800002330' # SAP S/4HANA Java Enterprise Services Repository, includes s4hana_java_as (73554900104800002396) + s4hana_java_aex: + - '73554900104800002329' # SAP S/4HANA Java Advanced Adapter Engine Extnd, includes s4hana_java_as (73554900104800002396) and s4hana_java_enterprise_service_repository (73554900104800002330) ######################################## diff --git a/roles/sap_swpm/tasks/pre_install/firewall.yml b/roles/sap_swpm/tasks/pre_install/firewall.yml index 18675bdf7..804e8675e 100644 --- a/roles/sap_swpm/tasks/pre_install/firewall.yml +++ b/roles/sap_swpm/tasks/pre_install/firewall.yml @@ -4,6 +4,13 @@ when: ansible_virtualization_role != "guest" or ansible_virtualization_type != "docker" block: + # Requirement for package_facts Ansible Module + - name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python + ansible.builtin.package: + name: python3-rpm + state: present + when: ansible_os_family == "Suse" + - name: SAP SWPM Pre Install - Gathering Firewall Facts ansible.builtin.package_facts: manager: auto diff --git a/roles/sap_swpm/tasks/swpm.yml b/roles/sap_swpm/tasks/swpm.yml index ab9d2fc0b..997235277 100644 --- a/roles/sap_swpm/tasks/swpm.yml +++ b/roles/sap_swpm/tasks/swpm.yml @@ -67,7 +67,7 @@ register: __sap_swpm_register_sapinst_async_job args: chdir: "{{ sap_swpm_sapinst_path }}" - async: 32400 # Seconds for maximum runtime, set to 9 hours + async: 86400 # Seconds for maximum runtime, set to 24 hours poll: 0 # Seconds between polls, use 0 to run Ansible Tasks concurrently # Monitor sapinst process (i.e. ps aux | grep sapinst) and wait for exit @@ -78,7 +78,7 @@ register: pids_sapinst until: "pids_sapinst.pids | length == 0" # until: "pids_sapinst.stdout | length == 0" - retries: 1000 + retries: 1440 delay: 60 - name: SAP SWPM - Verify if sapinst process finished successfully @@ -126,10 +126,12 @@ register: swpm_output_sapcontrol_files - name: SAP SWPM - Get sapcontrol file/s - ansible.builtin.command: awk -v RS='(^|\n)GetInstanceProperties\n' 'END{printf "%s", $0}' {{ item }} + ansible.builtin.command: awk -v RS='(^|\n)GetInstanceProperties\n' 'END{printf "%s", $0}' {{ line_item }} register: swpm_sapcontrol_file_contents changed_when: false loop: "{{ swpm_output_sapcontrol_files.files | map(attribute='path') | list | unique }}" + loop_control: + loop_var: line_item - name: SAP SWPM - Display installation finished from success file ansible.builtin.debug: @@ -141,4 +143,4 @@ loop: "{{ swpm_sapcontrol_file_contents.results }}" loop_control: loop_var: file_output - label: "{{ file_output.item }}" + label: "{{ file_output.line_item }}" diff --git a/roles/sap_swpm/tasks/swpm/prepare_software.yml b/roles/sap_swpm/tasks/swpm/prepare_software.yml index 480ded4cd..911d82fdc 100644 --- a/roles/sap_swpm/tasks/swpm/prepare_software.yml +++ b/roles/sap_swpm/tasks/swpm/prepare_software.yml @@ -12,21 +12,79 @@ register: sap_swpm_software_path_stat failed_when: not sap_swpm_software_path_stat.stat.exists -- name: SAP SWPM Pre Install - Change ownership of software path - {{ sap_swpm_software_path }} - ansible.builtin.file: - path: "{{ sap_swpm_software_path }}" - state: directory - recurse: yes - mode: '0755' - owner: root - group: root +- name: SAP SWPM Pre Install - Set directory and file permissions + when: sap_swpm_set_file_permissions + block: + + - name: SAP SWPM Pre Install - Find directories + ansible.builtin.find: + path: "{{ sap_swpm_software_path }}" + file_type: directory + register: __sap_swpm_register_find_result_directories + + - name: SAP SWPM Pre Install - Find non-SAPCAR files + ansible.builtin.find: + path: "{{ sap_swpm_software_path }}" + file_type: file + recurse: true + excludes: "SAPCAR*EXE" + register: __sap_swpm_register_find_result_files_non_sapcar + + - name: SAP SWPM Pre Install - Create list of absolute directory names from the find result + ansible.builtin.set_fact: + __sap_swpm_fact_directories: "{{ __sap_swpm_fact_directories | d([]) + [line_item.path] }}" + loop: "{{ __sap_swpm_register_find_result_directories.files }}" + loop_control: + loop_var: line_item + label: "{{ line_item.path }}" + when: __sap_swpm_register_find_result_directories is defined + + - name: SAP SWPM Pre Install - Create list of absolute file names for non-SAPCAR files from the find result + ansible.builtin.set_fact: + __sap_swpm_fact_files_non_sapcar: "{{ __sap_swpm_fact_files_non_sapcar | d([]) + [line_item.path] }}" + loop: "{{ __sap_swpm_register_find_result_files_non_sapcar.files }}" + loop_control: + loop_var: line_item + label: "{{ line_item.path }}" + when: __sap_swpm_register_find_result_files_non_sapcar is defined + + - name: SAP SWPM Pre Install - Ensure correct permissions and ownership of all directories + ansible.builtin.file: + path: "{{ line_item }}" + recurse: no + mode: "{{ sap_swpm_software_directory_mode }}" + owner: "{{ sap_swpm_software_directory_owner }}" + group: "{{ sap_swpm_software_directory_group }}" + loop: "{{ __sap_swpm_fact_directories }}" + loop_control: + loop_var: line_item + when: + - __sap_swpm_fact_directories is defined + - __sap_swpm_register_find_result_directories is defined + + - name: SAP SWPM Pre Install - Create argument list for chown and chmod of non-SAPCAR*EXE files + ansible.builtin.set_fact: + __sap_swpm_fact_files_non_sapcar_chown_arg_list: "{{ __sap_swpm_fact_files_non_sapcar | map('quote') | join(' ') }}" + +# Reasons for noqa: +# - command-instead-of-module: Shorter execution time compared to looping over a list when using the file module +# - no-changed-when: Not worth checking permissions and ownership before this task and comparing afterwards + - name: SAP SWPM Pre Install - Ensure correct permissions and ownership of all non-SAPCAR files # noqa command-instead-of-module no-changed-when + ansible.builtin.shell: > + chown {{ sap_swpm_files_non_sapcar_owner }}:{{ sap_swpm_files_non_sapcar_group }} \ + {{ __sap_swpm_fact_files_non_sapcar_chown_arg_list }} && + chmod {{ sap_swpm_files_non_sapcar_mode }} \ + {{ __sap_swpm_fact_files_non_sapcar_chown_arg_list }} + when: + - __sap_swpm_fact_files_non_sapcar is defined + - __sap_swpm_register_find_result_files_non_sapcar is defined # SAPCAR Path - name: SAP SWPM Pre Install - Check availability of SAPCAR path - {{ sap_swpm_sapcar_path }} ansible.builtin.stat: - path: "{{ sap_swpm_sapcar_path }}" + path: "{{ sap_swpm_sapcar_path | d(sap_swpm_software_path) }}" register: sap_swpm_sapcar_path_stat failed_when: not sap_swpm_sapcar_path_stat.stat.exists @@ -34,16 +92,17 @@ ansible.builtin.file: path: "{{ sap_swpm_sapcar_path }}" state: directory - recurse: yes - mode: '0755' - owner: root - group: root + recurse: no + mode: "{{ sap_swpm_software_directory_mode }}" + owner: "{{ sap_swpm_software_directory_owner }}" + group: "{{ sap_swpm_software_directory_group }}" + when: sap_swpm_set_file_permissions # SWPM Path - name: SAP SWPM Pre Install - Check availability of SWPM path - {{ sap_swpm_swpm_path }} ansible.builtin.stat: - path: "{{ sap_swpm_swpm_path }}" + path: "{{ sap_swpm_swpm_path | d(sap_swpm_software_path) }}" register: sap_swpm_swpm_path_stat failed_when: not sap_swpm_swpm_path_stat.stat.exists @@ -51,10 +110,13 @@ ansible.builtin.file: path: "{{ sap_swpm_swpm_path }}" state: directory - recurse: yes - mode: '0755' - owner: root - group: root + recurse: no + mode: "{{ sap_swpm_software_directory_mode }}" + owner: "{{ sap_swpm_software_directory_owner }}" + group: "{{ sap_swpm_software_directory_group }}" + when: + - sap_swpm_swpm_path != sap_swpm_software_path + - sap_swpm_set_file_permissions ################ @@ -81,6 +143,15 @@ register: sap_swpm_sapcar_file_name_stat failed_when: not sap_swpm_sapcar_file_name_stat.stat.exists +- name: SAP SWPM Pre Install - Ensure correct permissions and ownership of the SAPCAR*EXE file + ansible.builtin.file: + path: "{{ sap_swpm_sapcar_path }}/{{ sap_swpm_sapcar_file_name }}" + recurse: no + mode: "{{ sap_swpm_files_sapcar_mode }}" + owner: "{{ sap_swpm_files_sapcar_owner }}" + group: "{{ sap_swpm_files_sapcar_group }}" + when: sap_swpm_set_file_permissions + # 2. SWPM - name: SAP SWPM Pre Install - Get SWPM from {{ sap_swpm_swpm_path }} @@ -101,6 +172,17 @@ register: sap_swpm_swpm_sar_file_name_stat failed_when: not sap_swpm_swpm_sar_file_name_stat.stat.exists +# Note: We use the permissions and ownership settings for non-SAPCAR*EXE files: +- name: SAP SWPM Pre Install - Ensure correct permissions and ownership of the SWPM*SAR file + ansible.builtin.file: + path: "{{ sap_swpm_swpm_path }}/{{ sap_swpm_swpm_sar_file_name }}" + recurse: no + mode: "{{ sap_swpm_files_non_sapcar_mode }}" + owner: "{{ sap_swpm_files_non_sapcar_owner }}" + group: "{{ sap_swpm_files_non_sapcar_group }}" + when: + - sap_swpm_swpm_path != sap_swpm_software_path + - sap_swpm_set_file_permissions - name: SAP SWPM Pre Install - Full SAP System when: not sap_swpm_generic | bool diff --git a/roles/sap_swpm/tasks/swpm/swpm_pre_install.yml b/roles/sap_swpm/tasks/swpm/swpm_pre_install.yml index bf0afcc54..3a3158c38 100644 --- a/roles/sap_swpm/tasks/swpm/swpm_pre_install.yml +++ b/roles/sap_swpm/tasks/swpm/swpm_pre_install.yml @@ -31,9 +31,19 @@ tags: sap_swpm_generate_inifile # Set fact for SWPM path -- name: SAP SWPM Pre Install - Set fact for SWPM path +- name: SAP SWPM Pre Install - Set fact for SWPM path when extract directory defined ansible.builtin.set_fact: - sap_swpm_sapinst_path: "{{ sap_swpm_swpm_path }}/sap_swpm_extracted" + sap_swpm_sapinst_path: "{{ sap_swpm_software_extract_directory }}" + when: + - sap_swpm_software_extract_directory is defined + - not (sap_swpm_software_extract_directory is none or (sap_swpm_software_extract_directory | length == 0)) + +# Set fact for SWPM path +- name: SAP SWPM Pre Install - Set fact for SWPM path when undefined extract directory + ansible.builtin.set_fact: + sap_swpm_sapinst_path: "{{ (sap_swpm_swpm_path | regex_replace('\\/$', '')) + '/extracted' }}" + when: + - sap_swpm_software_extract_directory is undefined or (sap_swpm_software_extract_directory is none or (sap_swpm_software_extract_directory | length) == 0) - name: SAP SWPM Pre Install - Ensure directory '{{ sap_swpm_sapinst_path }}' exists ansible.builtin.file: diff --git a/roles/sap_swpm/templates/configfile.j2 b/roles/sap_swpm/templates/configfile.j2 index 4e0d8412e..48765b1b5 100644 --- a/roles/sap_swpm/templates/configfile.j2 +++ b/roles/sap_swpm/templates/configfile.j2 @@ -29,6 +29,13 @@ SAPINST.CD.PACKAGE.RDBMS = {{ sap_swpm_cd_rdbms_path }} # SAPINST.CD.PACKAGE.KERNEL = # SAPINST.CD.PACKAGE.KERNEL2 = # SAPINST.CD.PACKAGE.KERNEL3 = + +# SAPINST.CD.PACKAGE.JAVA_EXPORT = /path/JAVA_EXPORT +# SAPINST.CD.PACKAGE.JDMP = /path/JAVA_EXPORT_JDMP +# SAPINST.CD.PACKAGE.J2EE = /path/JAVA_J2EE_OSINDEP +# SAPINST.CD.PACKAGE.J2EE-INST = /path/JAVA_J2EE_OSINDEP_J2EE_INST +# SAPINST.CD.PACKAGE.SCA = /path/JAVA_J2EE_OSINDEP_UT + {% endif %} {% if 'swpm_installation_media_swpm1_exportfiles' in sap_swpm_inifile_list %} @@ -638,7 +645,7 @@ UmeConfiguration.umeType = {{ sap_swpm_ume_type }} # nw_config_java_feature_template_ids ###### NW_internal.useProductVersionDescriptor = true -nw_java_import.buildJEEusingExtraMileTool = true +nw_java_import.buildJEEusingExtraMileTool = {{ true if sap_swpm_java_import_method == 'extramile' else false }} # If use PV = true # SAP SWPM 1.0 for SAP NetWeaver AS (JAVA), Product Version Software Instance **Feature Template IDs** comma-separated list @@ -802,10 +809,9 @@ nwUsers.sidAdmUID = {{ sap_swpm_sidadm_uid }} {% endif %} -{% if 'solman_credentials_swpm1' in sap_swpm_inifile_list %} +{% if 'nw_config_java_icm_credentials' in sap_swpm_inifile_list %} ###### -# solman_credentials_swpm1 -# Not in use by sap_swpm Ansible Role +# nw_config_java_icm_credentials ###### NW_IcmAuth.webadmPassword = {{ sap_swpm_ume_j2ee_admin_password }} {% endif %} diff --git a/workflows/check_outdate_deps/action.yml b/workflows/check_outdate_deps/action.yml index a4d3c2e89..874cb0a02 100644 --- a/workflows/check_outdate_deps/action.yml +++ b/workflows/check_outdate_deps/action.yml @@ -1,3 +1,5 @@ +--- + name: 'Check dependencies and try to solve it' description: 'This action will check dependencies in .github/workflows that are installed using pip and open issue and create a pull request to solve the problem' runs: diff --git a/workflows/check_outdate_deps/check_deps.py b/workflows/check_outdate_deps/check_deps.py index 8013bd572..dcbe4f0d2 100644 --- a/workflows/check_outdate_deps/check_deps.py +++ b/workflows/check_outdate_deps/check_deps.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python import os import re @@ -26,7 +26,7 @@ def __build_packages_dict_from_file(): lines = file.readlines() for line in lines: regex_pattern = re.compile( - "([a-zA-Z0-9-]+)==([0-9]+\.[0-9]+\.[0-9]+)") + r"([a-zA-Z0-9-]+)==([0-9]+\.[0-9]+\.[0-9]+)") matches = regex_pattern.findall(line) if len(matches) > 0: package_name = str(matches[0][0]) @@ -41,7 +41,7 @@ def __build_packages_dict_from_output(output): lines = output.splitlines(output) for line in lines: regex_pattern = re.compile( - "([a-zA-Z0-9-]+)\ +([0-9]+\.[0-9]+\.[0-9]+)\ +([0-9]+\.[0-9]+\.[0-9]+)\ +([a-zA-Z]+)") + r"([a-zA-Z0-9-]+)\ +([0-9]+\.[0-9]+\.[0-9]+)\ +([0-9]+\.[0-9]+\.[0-9]+)\ +([a-zA-Z]+)") matches = regex_pattern.findall(line) if len(matches) > 0: package_name = str(matches[0][0]) @@ -119,6 +119,7 @@ def __create_pull_request(pr_data): print(f"ERROR: Failed to create pull request. Status code: {response.status_code}.") return -1 + def manage_pull_request(branch, packages_issue): body = f"Bumps packages in {REQUIREMENT_FILE}." for package in packages_issue: @@ -145,7 +146,7 @@ def manage_pull_request(branch, packages_issue): else: print(f"ERROR: Failed to update the pull requests. Status code: {response.status_code}.") else: - print(f"ERROR: More than 1 pull-request with the same title are found! I can't update.") + print("ERROR: More than 1 pull-request with the same title are found! I can't update.") def update_branch_with_changes(branch, file_to_change): @@ -157,8 +158,9 @@ def update_branch_with_changes(branch, file_to_change): git stash push git checkout -b {branch} origin/{branch} git stash pop +git checkout --theirs {REQUIREMENT_FILE} git add {file_to_change} -git commit --message=\"Update {file_to_change}\" +git commit --message=\"Update {file_to_change} on `date`\" git push """) @@ -174,8 +176,8 @@ def find_replace_in_file(file_path, find_str, replace_str): def create_branch_if_not_exists(branch, commit_sha): response = requests.get(f"https://api.github.com/repos/{REPOSITORY}/branches/{branch}") if response.status_code == 404: - branch_data = {"ref": "refs/heads/" + branch, "sha": commit_sha} - __create_branch(branch, branch_data) + branch_data = {"ref": "refs/heads/" + branch, "sha": commit_sha} + __create_branch(branch, branch_data) else: print(f"INFO: Branch -> https://github.com/{REPOSITORY}/tree/{branch}") @@ -213,7 +215,7 @@ def open_issue_for_package(package, current_version, latest_version): **This is the previous title and description of this issue:** ``` Title: {old_title} -Description: +Description: {old_description} ``` """ @@ -221,19 +223,20 @@ def open_issue_for_package(package, current_version, latest_version): __update_issue(issue_number, issue) return issue_number else: - print(f"ERROR: More than 1 issues with the same title are found! I can't update.") + print("ERROR: More than 1 issues with the same title are found! I can't update.") return -1 if __name__ == '__main__': - print("##### Collect datas #####") + print("##### Collect data #####") os.system(f"pip3 install -r {REQUIREMENT_FILE}") raw_output_outdated = subprocess.run( ['pip3', 'list', '--outdated'], - stdout=subprocess.PIPE) + stdout=subprocess.PIPE, + check=False) current_packages = __build_packages_dict_from_file() latest_packages = __build_packages_dict_from_output(raw_output_outdated.stdout.decode('utf-8')) - print("##### Create datas #####") + print("##### Create data #####") packages_issue = {} if OPEN_PR == "True": create_branch_if_not_exists(BRANCH, COMMIT_SHA) @@ -251,7 +254,7 @@ def open_issue_for_package(package, current_version, latest_version): latest_version) if OPEN_PR == "True": - line_current = f"{package}==[0-9]+\.[0-9]+\.[0-9]+" + line_current = package + r"==[0-9]+\.[0-9]+\.[0-9]+" line_latest = f"{package}=={latest_version}" find_replace_in_file(REQUIREMENT_FILE, line_current,