From a651f1b8ac9a2b92c5b68241913b6583ca90e7ef Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Tue, 6 Feb 2024 13:08:55 +0100 Subject: [PATCH 001/135] fix(sap_hana_preconfigure/tasks/SLES): update kernel paramenters Closes #337 --- .../tasks/SLES/configuration.yml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index b588e9d88..73b2db850 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -32,6 +32,26 @@ ansible.builtin.debug: var: __sap_hana_preconfigure_fact_solution_configured +- name: Set GRUB entries + when: __sap_hana_preconfigure_run_saptune + block: + - name: Set GRUB entries # noqa yaml[line-length] + ansible.builtin.lineinfile: + path: /etc/default/grub + regexp: "^GRUB_CMDLINE_LINUX_DEFAULT=" + line: 'GRUB_CMDLINE_LINUX_DEFAULT="splash=silent mitigations=auto quiet numa_balancing=disable transparent_hugepage=never intel_idle.max_cstate=1 processor.max_cstate=1 audit=1"' + register: set_grub_entries + + - name: GRUB mkconfig # noqa command-instead-of-shell no-handler + ansible.builtin.shell: + cmd: grub2-mkconfig -o /boot/grub2/grub.cfg + when: set_grub_entries.changed + + - name: GRUB.cfg permissions + ansible.builtin.file: + path: /boot/grub2/grub.cfg + mode: "0600" + - name: Enable sapconf when: not __sap_hana_preconfigure_run_saptune block: From c8aeb72284fea01cda27050fb1f86c4e11d170cc Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Tue, 6 Feb 2024 18:18:03 +0100 Subject: [PATCH 002/135] fix(roles/sap_*_preconfigure): disable and stop sapconf when saptune run Closes #333 --- roles/sap_hana_preconfigure/tasks/SLES/configuration.yml | 6 ++++++ .../sap_netweaver_preconfigure/tasks/SLES/configuration.yml | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index b588e9d88..1fb76db11 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -2,6 +2,12 @@ - name: Takover saptune and enable when: __sap_hana_preconfigure_run_saptune block: + - name: Ensure sapconf is stopped and disabled + ansible.builtin.systemd: + name: sapconf + state: stopped + enabled: false + - name: Make sure that sapconf and tuned are stopped and disabled ansible.builtin.command: "saptune service takeover" register: __sap_saptune_takeover diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml index 58ca75c3e..f3401bb7f 100644 --- a/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml @@ -2,6 +2,12 @@ - name: Takover saptune and enable when: __sap_netweaver_preconfigure_run_saptune block: + - name: Ensure sapconf is stopped and disabled + ansible.builtin.systemd: + name: sapconf + state: stopped + enabled: false + - name: Make sure that sapconf and tuned are stopped and disabled ansible.builtin.command: "saptune service takeover" register: __sap_saptune_takeover From fb32d0d80c01a462793b17285856e1f9e7553470 Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Thu, 8 Feb 2024 17:08:02 +0100 Subject: [PATCH 003/135] fix(sap_hana_preconfigure): split every element independently --- .../tasks/SLES/configuration.yml | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index 73b2db850..ffbf1e837 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -35,17 +35,26 @@ - name: Set GRUB entries when: __sap_hana_preconfigure_run_saptune block: - - name: Set GRUB entries # noqa yaml[line-length] + - name: Set GRUB entries ansible.builtin.lineinfile: path: /etc/default/grub - regexp: "^GRUB_CMDLINE_LINUX_DEFAULT=" - line: 'GRUB_CMDLINE_LINUX_DEFAULT="splash=silent mitigations=auto quiet numa_balancing=disable transparent_hugepage=never intel_idle.max_cstate=1 processor.max_cstate=1 audit=1"' + regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ item }}).*). *$' + line: "\\1 {{ item }}\"" register: set_grub_entries + with_items: + - "splash=silent" + - "mitigations=auto" + - "quiet" + - "numa_balancing=disable" + - "transparent_hugepage=never" + - "intel_idle.max_cstate=1" + - "processor.max_cstate=1" + - "audit=1" - name: GRUB mkconfig # noqa command-instead-of-shell no-handler ansible.builtin.shell: cmd: grub2-mkconfig -o /boot/grub2/grub.cfg - when: set_grub_entries.changed + when: set_grub_entries.results | selectattr('changed', 'equalto', true) | list | length > 0 - name: GRUB.cfg permissions ansible.builtin.file: From 00b1b30e57151f50b107e6a2e0b1510b8c9d5152 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 8 Feb 2024 18:07:15 +0100 Subject: [PATCH 004/135] sap_hana_preconfigure: Catch SELinux disabled Solves issue #641. Signed-off-by: Bernd Finger --- .../tasks/RedHat/generic/configure-selinux.yml | 2 +- .../tasks/RedHat/generic/configure-selinux.yml | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml index 09dc818d7..81592887c 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml @@ -101,7 +101,7 @@ - name: SELinux - Warn if the SELinux file contexts cannot be set ansible.builtin.debug: - msg: "WARN: The SELinux file context cannot be set on an SELinux disabled system!" + msg: "WARN: The SELinux file contexts cannot be set on an SELinux disabled system!" when: - sap_general_preconfigure_modify_selinux_labels - __sap_general_preconfigure_fact_selinux_mode == 'disabled' diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-selinux.yml b/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-selinux.yml index fa2905ba2..8a24bedf5 100644 --- a/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-selinux.yml +++ b/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-selinux.yml @@ -1,5 +1,18 @@ --- +# Set a new SELinux mode variable to the SELinux status if 'disabled' or otherwise to +# the value of the 'mode' member ('permissive' or 'enforcing') +- name: SELinux - Set an SELinux mode variable + ansible.builtin.set_fact: + __sap_hana_preconfigure_fact_selinux_mode: "{{ (ansible_selinux.status == 'disabled') | ternary(ansible_selinux.status, ansible_selinux.mode) }}" + +- name: SELinux - Warn if the SELinux file contexts cannot be set + ansible.builtin.debug: + msg: "WARN: The SELinux file contexts cannot be set on an SELinux disabled system!" + when: + - sap_hana_preconfigure_modify_selinux_labels + - __sap_hana_preconfigure_fact_selinux_mode == 'disabled' + - name: SELinux - Configure SELinux file contexts ansible.builtin.include_role: name: '{{ sap_hana_preconfigure_system_roles_collection }}.selinux' @@ -10,4 +23,6 @@ - "{{ sap_hana_preconfigure_fact_targets_setypes }}" selinux_restore_dirs: - "{{ sap_hana_preconfigure_hana_directories }}" - when: sap_hana_preconfigure_modify_selinux_labels + when: + - sap_hana_preconfigure_modify_selinux_labels + - __sap_hana_preconfigure_fact_selinux_mode != 'disabled' From 72014aeb3b75c24009b62951132264e77c55ece6 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 9 Feb 2024 11:33:36 +0100 Subject: [PATCH 005/135] collection: Fix pylint sanity test Partially solves issue #641. Signed-off-by: Bernd Finger --- .../tests/install/run-sap_hana_install-install-tests.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py b/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py index fbf422ec5..ac23abc09 100755 --- a/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py +++ b/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py @@ -4,11 +4,9 @@ import sys import datetime import subprocess -import re import shlex import yaml - def print_log(text): sys.stdout.write(str(text)) __filedescriptor.write(str(text)) From b06265e668b537b4f9b4828516a12d6e6b561ddd Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 9 Feb 2024 11:59:41 +0100 Subject: [PATCH 006/135] collection: Fix pep8 sanity test Partially solves issue #641. Signed-off-by: Bernd Finger --- .../tests/run-sap_general_preconfigure-tests.py | 2 +- .../tests/install/run-sap_hana_install-install-tests.py | 5 +++-- .../tests/sapcar/run-sap_hana_install-sapcar-tests.py | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/roles/sap_general_preconfigure/tests/run-sap_general_preconfigure-tests.py b/roles/sap_general_preconfigure/tests/run-sap_general_preconfigure-tests.py index b09ea85bc..42ed90923 100755 --- a/roles/sap_general_preconfigure/tests/run-sap_general_preconfigure-tests.py +++ b/roles/sap_general_preconfigure/tests/run-sap_general_preconfigure-tests.py @@ -39,7 +39,7 @@ 'rc': '99', 'role_vars': [ { - 'sap_general_preconfigure_fail_if_reboot_required': False, + 'sap_general_preconfigure_fail_if_reboot_required': False, } ] }, diff --git a/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py b/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py index ac23abc09..a0531355a 100755 --- a/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py +++ b/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py @@ -7,6 +7,7 @@ import shlex import yaml + def print_log(text): sys.stdout.write(str(text)) __filedescriptor.write(str(text)) @@ -15,7 +16,7 @@ def print_log(text): # output field delimiter for displaying the results: __field_delimiter = '\t' -if(len(sys.argv) != 3): +if (len(sys.argv) != 3): print('Please provide the name of the managed node and the user name for logging in.') __managed_node = input('Name of managed node: ') __username = input('User name for connecting to managed node: ') @@ -181,7 +182,7 @@ def print_log(text): + '\'' + par1['command_line_parameter'] + '\'' + __field_delimiter + '\'' + par1['expected_output_string'] + '\'' + __field_delimiter) # + '\'' + par1['expected_output_string'] + '\'' + __field_delimiter, end='') - if(len(par1['role_vars']) == 0): + if (len(par1['role_vars']) == 0): print_log('\n') else: for par2 in par1['role_vars']: diff --git a/roles/sap_hana_install/tests/sapcar/run-sap_hana_install-sapcar-tests.py b/roles/sap_hana_install/tests/sapcar/run-sap_hana_install-sapcar-tests.py index d9eceff3d..97b46e1f2 100755 --- a/roles/sap_hana_install/tests/sapcar/run-sap_hana_install-sapcar-tests.py +++ b/roles/sap_hana_install/tests/sapcar/run-sap_hana_install-sapcar-tests.py @@ -9,7 +9,7 @@ # output field delimiter for displaying the results: _field_delimiter = '\t' -if(len(sys.argv) != 3): +if (len(sys.argv) != 3): print('Please provide the name of the managed node and the user name for logging in.') _managed_node = input('Name of managed node: ') _username = input('User name for connecting to managed node: ') From ce506f079530ac99a1bf194700fe8c126baf8a20 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 9 Feb 2024 12:08:58 +0100 Subject: [PATCH 007/135] collection: Fix shebang sanity test Solves issue #641. Signed-off-by: Bernd Finger --- roles/sap_general_preconfigure/tools/beautify-assert-output.sh | 2 +- roles/sap_hana_install/files/tmp/tail-f-hdblcm-install-trc.sh | 2 +- roles/sap_hana_preconfigure/tools/beautify-assert-output.sh | 2 +- roles/sap_install_media_detect/files/tmp/sapfile | 2 +- .../sap_netweaver_preconfigure/tools/beautify-assert-output.sh | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/sap_general_preconfigure/tools/beautify-assert-output.sh b/roles/sap_general_preconfigure/tools/beautify-assert-output.sh index f48087c68..3c7e426a7 100755 --- a/roles/sap_general_preconfigure/tools/beautify-assert-output.sh +++ b/roles/sap_general_preconfigure/tools/beautify-assert-output.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # default font color: Light Cyan, which should be readable on both bright and dark background __FONT_COLOR=36m diff --git a/roles/sap_hana_install/files/tmp/tail-f-hdblcm-install-trc.sh b/roles/sap_hana_install/files/tmp/tail-f-hdblcm-install-trc.sh index eef42909a..b3c248391 100644 --- a/roles/sap_hana_install/files/tmp/tail-f-hdblcm-install-trc.sh +++ b/roles/sap_hana_install/files/tmp/tail-f-hdblcm-install-trc.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash while true; do # in case hdblcm has not yet started, we assume that it is waiting for sapdsigner to complete: diff --git a/roles/sap_hana_preconfigure/tools/beautify-assert-output.sh b/roles/sap_hana_preconfigure/tools/beautify-assert-output.sh index f48087c68..3c7e426a7 100755 --- a/roles/sap_hana_preconfigure/tools/beautify-assert-output.sh +++ b/roles/sap_hana_preconfigure/tools/beautify-assert-output.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # default font color: Light Cyan, which should be readable on both bright and dark background __FONT_COLOR=36m diff --git a/roles/sap_install_media_detect/files/tmp/sapfile b/roles/sap_install_media_detect/files/tmp/sapfile index 037480246..49a782ff8 100755 --- a/roles/sap_install_media_detect/files/tmp/sapfile +++ b/roles/sap_install_media_detect/files/tmp/sapfile @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # sapfile: Determine and display SAP file type # # Copyright 2023 Bernd Finger, Red Hat diff --git a/roles/sap_netweaver_preconfigure/tools/beautify-assert-output.sh b/roles/sap_netweaver_preconfigure/tools/beautify-assert-output.sh index f48087c68..3c7e426a7 100755 --- a/roles/sap_netweaver_preconfigure/tools/beautify-assert-output.sh +++ b/roles/sap_netweaver_preconfigure/tools/beautify-assert-output.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # default font color: Light Cyan, which should be readable on both bright and dark background __FONT_COLOR=36m From cc20bda7d0ea549843288899145aa2011c613b7c Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Fri, 9 Feb 2024 12:30:57 +0100 Subject: [PATCH 008/135] fix(sap_hana_preconfigure): solve the linting problem - remove a trailing space - add a `noqa no-changed-when` in order to prevent a false-positive of the linting --- roles/sap_hana_preconfigure/tasks/SLES/configuration.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index ffbf1e837..b7a484d20 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -35,13 +35,16 @@ - name: Set GRUB entries when: __sap_hana_preconfigure_run_saptune block: - - name: Set GRUB entries + # Reason for noqa: the regex do a check on the element before apply the + # changed item, this prevent a replace to an element that is already in the + # configuration + - name: Set GRUB entries # noqa no-changed-when ansible.builtin.lineinfile: path: /etc/default/grub regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ item }}).*). *$' line: "\\1 {{ item }}\"" register: set_grub_entries - with_items: + with_items: - "splash=silent" - "mitigations=auto" - "quiet" From 186e97aefccc9c8835c949a4369c20ddaf790189 Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Fri, 9 Feb 2024 12:40:28 +0100 Subject: [PATCH 009/135] fix(sap_hana_preconfigure): fix some more typos --- roles/sap_hana_preconfigure/tasks/SLES/configuration.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index b7a484d20..f66cf53e8 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -35,9 +35,9 @@ - name: Set GRUB entries when: __sap_hana_preconfigure_run_saptune block: - # Reason for noqa: the regex do a check on the element before apply the + # Reason for noqa: the regex do a check on the element before apply the # changed item, this prevent a replace to an element that is already in the - # configuration + # configuration - name: Set GRUB entries # noqa no-changed-when ansible.builtin.lineinfile: path: /etc/default/grub @@ -54,7 +54,7 @@ - "processor.max_cstate=1" - "audit=1" - - name: GRUB mkconfig # noqa command-instead-of-shell no-handler + - name: GRUB mkconfig # noqa command-instead-of-shell no-handler no-changed-when ansible.builtin.shell: cmd: grub2-mkconfig -o /boot/grub2/grub.cfg when: set_grub_entries.results | selectattr('changed', 'equalto', true) | list | length > 0 From 6fcc1a189a31084f585d137e9ed7ec2032f8a4e7 Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Fri, 9 Feb 2024 14:51:45 +0100 Subject: [PATCH 010/135] feat(sap_hana_preconfigure): update grub using handlers Some experiments using handlers --- .../tasks/SLES/configuration.yml | 31 ++++++++++++------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index f66cf53e8..1df107982 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -35,9 +35,10 @@ - name: Set GRUB entries when: __sap_hana_preconfigure_run_saptune block: - # Reason for noqa: the regex do a check on the element before apply the - # changed item, this prevent a replace to an element that is already in the - # configuration + # Reason for noqa: + # no-changed-when: the regex do a check on the element before apply the + # changed item, this prevent a replace to an element that is already in + # the configuration - name: Set GRUB entries # noqa no-changed-when ansible.builtin.lineinfile: path: /etc/default/grub @@ -54,15 +55,10 @@ - "processor.max_cstate=1" - "audit=1" - - name: GRUB mkconfig # noqa command-instead-of-shell no-handler no-changed-when - ansible.builtin.shell: - cmd: grub2-mkconfig -o /boot/grub2/grub.cfg + - name: Trigger grub update if necessary + ansible.builtin.meta: noop when: set_grub_entries.results | selectattr('changed', 'equalto', true) | list | length > 0 - - - name: GRUB.cfg permissions - ansible.builtin.file: - path: /boot/grub2/grub.cfg - mode: "0600" + notify: GRUB_post-update_configuration - name: Enable sapconf when: not __sap_hana_preconfigure_run_saptune @@ -124,3 +120,16 @@ - name: Ensure solution was successful ansible.builtin.command: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}" changed_when: false # We're only checking, not changing! + + handlers: + - name: GRUB_post-update_configuration + block: + - name: GRUB mkconfig + ansible.builtin.shell: + cmd: grub2-mkconfig -o /boot/grub2/grub.cfg + + - name: GRUB.cfg permissions + ansible.builtin.file: + path: /boot/grub2/grub.cfg + mode: "0600" + From 11792897cdb54a2c3cc648e8b642dab419410e39 Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Fri, 9 Feb 2024 15:07:01 +0100 Subject: [PATCH 011/135] fix(sap_hana_preconfigure): wrong placement of handlers --- .../tasks/SLES/configuration.yml | 30 +++++++++---------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index 1df107982..c90076c7c 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -34,10 +34,21 @@ - name: Set GRUB entries when: __sap_hana_preconfigure_run_saptune + handlers: + - name: GRUB_post-update_configuration + block: + - name: GRUB mkconfig + ansible.builtin.shell: + cmd: grub2-mkconfig -o /boot/grub2/grub.cfg + + - name: GRUB.cfg permissions + ansible.builtin.file: + path: /boot/grub2/grub.cfg + mode: "0600" block: - # Reason for noqa: - # no-changed-when: the regex do a check on the element before apply the - # changed item, this prevent a replace to an element that is already in + # Reason for noqa: + # no-changed-when: the regex do a check on the element before apply the + # changed item, this prevent a replace to an element that is already in # the configuration - name: Set GRUB entries # noqa no-changed-when ansible.builtin.lineinfile: @@ -120,16 +131,3 @@ - name: Ensure solution was successful ansible.builtin.command: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}" changed_when: false # We're only checking, not changing! - - handlers: - - name: GRUB_post-update_configuration - block: - - name: GRUB mkconfig - ansible.builtin.shell: - cmd: grub2-mkconfig -o /boot/grub2/grub.cfg - - - name: GRUB.cfg permissions - ansible.builtin.file: - path: /boot/grub2/grub.cfg - mode: "0600" - From d0a0743837020d88c7848aedb84ee01c327dc426 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 9 Feb 2024 19:32:29 +0100 Subject: [PATCH 012/135] sap_general_preconfigure: implement tags ... for limiting the role scope. Relates to #342. Sample playbook calls: $ ansible-playbook sap.yml --tags \ sap_general_preconfigure_configuration,sap_general_preconfigure_configuration_all_steps $ ansible-playbook sap.yml --tags \ sap_general_preconfigure_configuration,sap_general_preconfigure_2772999_02 $ ansible-playbook sap.yml --tags \ sap_general_preconfigure_configuration,sap_general_preconfigure_selinux $ ansible-playbook sap.yml --tags \ sap_general_preconfigure_configuration,sap_general_preconfigure_configuration_all_steps \ --skip-tags sap_general_preconfigure_2772999_02 $ ansible-playbook sap.yml --tags \ sap_general_preconfigure_configuration,sap_general_preconfigure_configuration_all_steps \ --skip-tags sap_general_preconfigure_selinux Signed-off-by: Bernd Finger --- .../tasks/RedHat/configuration.yml | 3 ++ roles/sap_general_preconfigure/tasks/main.yml | 33 ++++++++++++++ .../tasks/sapnote/0941735.yml | 7 +++ .../tasks/sapnote/1391070.yml | 7 +++ .../tasks/sapnote/1771258.yml | 7 +++ .../tasks/sapnote/2002167.yml | 28 ++++++++++++ .../tasks/sapnote/2772999.yml | 41 ++++++++++++++++++ .../tasks/sapnote/3108316.yml | 43 ++++++++++++++++++- .../tasks/sapnote/assert-0941735.yml | 7 +++ .../tasks/sapnote/assert-1391070.yml | 7 +++ .../tasks/sapnote/assert-1771258.yml | 7 +++ .../tasks/sapnote/assert-2002167.yml | 25 +++++++++++ .../tasks/sapnote/assert-2772999.yml | 41 ++++++++++++++++++ .../tasks/sapnote/assert-3108316.yml | 43 ++++++++++++++++++- 14 files changed, 297 insertions(+), 2 deletions(-) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml index 5893e00a9..3db2835ef 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml @@ -39,3 +39,6 @@ with_items: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}" loop_control: loop_var: sap_note_line_item + tags: + - sap_general_preconfigure_configuration + - sap_general_preconfigure_configuration_all_steps diff --git a/roles/sap_general_preconfigure/tasks/main.yml b/roles/sap_general_preconfigure/tasks/main.yml index 52b5fe1ae..e641851ac 100644 --- a/roles/sap_general_preconfigure/tasks/main.yml +++ b/roles/sap_general_preconfigure/tasks/main.yml @@ -3,6 +3,9 @@ - name: Display the role path ansible.builtin.debug: var: role_path + tags: + - sap_general_preconfigure_installation + - sap_general_preconfigure_configuration - name: Include OS specific vars, specific ansible.builtin.include_vars: '{{ item }}' @@ -10,6 +13,9 @@ - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_version }}.yml' - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_major_version }}.yml' - '{{ ansible_os_family }}.yml' + tags: + - sap_general_preconfigure_installation + - sap_general_preconfigure_configuration - name: Rename user sap_preconfigure variables if found, generic ansible.builtin.set_fact: @@ -31,6 +37,9 @@ sap_general_preconfigure_modify_etc_hosts: "{{ sap_preconfigure_modify_etc_hosts | d(sap_general_preconfigure_modify_etc_hosts) }}" sap_general_preconfigure_kernel_parameters: "{{ sap_preconfigure_kernel_parameters | d(sap_general_preconfigure_kernel_parameters) }}" sap_general_preconfigure_max_hostname_length: "{{ sap_preconfigure_max_hostname_length | d(sap_general_preconfigure_max_hostname_length) }}" + tags: + - sap_general_preconfigure_installation + - sap_general_preconfigure_configuration - name: Rename user sap_preconfigure variables if found, RHEL only ansible.builtin.set_fact: @@ -52,25 +61,39 @@ sap_general_preconfigure_2772999_09: "{{ (sap_preconfigure_2772999_09 | d(sap_general_preconfigure_2772999_09)) | d(false) }}" sap_general_preconfigure_2772999_10: "{{ (sap_preconfigure_2772999_10 | d(sap_general_preconfigure_2772999_10)) | d(false) }}" when: ansible_facts['distribution'] in ['RedHat'] + tags: + - sap_general_preconfigure_installation + - sap_general_preconfigure_configuration - name: Rename sap_preconfigure_db_group_name if defined ansible.builtin.set_fact: sap_general_preconfigure_db_group_name: "{{ sap_preconfigure_db_group_name | d(sap_general_preconfigure_db_group_name) }}" when: sap_preconfigure_db_group_name is defined or sap_general_preconfigure_db_group_name is defined + tags: + - sap_general_preconfigure_installation + - sap_general_preconfigure_configuration - name: Set filename prefix to empty string if role is run in normal mode ansible.builtin.set_fact: __sap_general_preconfigure_fact_assert_filename_prefix: "" when: not sap_general_preconfigure_assert | d(false) + tags: + - sap_general_preconfigure_installation + - sap_general_preconfigure_configuration - name: Prepend filename with assert string if role is run in assert mode ansible.builtin.set_fact: __sap_general_preconfigure_fact_assert_filename_prefix: "assert-" when: sap_general_preconfigure_assert | d(false) + tags: + - sap_general_preconfigure_installation + - sap_general_preconfigure_configuration # required for installation and configuration tasks: - name: Gather package facts ansible.builtin.package_facts: + tags: + - sap_general_preconfigure_installation - name: Include tasks from 'installation.yml' ansible.builtin.include_tasks: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}installation.yml' @@ -79,9 +102,14 @@ - '{{ ansible_distribution.split("_")[0] }}' - '{{ ansible_distribution }}' - '{{ ansible_os_family }}.yml' + tags: + - sap_general_preconfigure_installation - name: Gather package facts again after the installation phase ansible.builtin.package_facts: + tags: + - sap_general_preconfigure_installation + - sap_general_preconfigure_configuration - name: Include tasks from 'configuration.yml' ansible.builtin.include_tasks: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}configuration.yml' @@ -90,7 +118,12 @@ - '{{ ansible_distribution.split("_")[0] }}' - '{{ ansible_distribution }}' - '{{ ansible_os_family }}.yml' + tags: + - sap_general_preconfigure_configuration # allow a reboot at the end of the preconfigure role - name: Flush handlers ansible.builtin.meta: flush_handlers + tags: + - sap_general_preconfigure_installation + - sap_general_preconfigure_configuration diff --git a/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml b/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml index 71314ca65..4d1f37f0c 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml @@ -8,7 +8,14 @@ memtotal_mb = {{ ansible_memtotal_mb }}; swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - sap_general_preconfigure_configuration + - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '../RedHat/generic/configure-tmpfs.yml' ansible.builtin.import_tasks: ../RedHat/generic/configure-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_0941735 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_0941735 + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml b/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml index 9c8d90ceb..a4889eaa5 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml @@ -5,7 +5,14 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).version }}): Configure uuidd" + tags: + - sap_general_preconfigure_configuration + - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '../RedHat/generic/configure-uuidd.yml' ansible.builtin.import_tasks: ../RedHat/generic/configure-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_1391070 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_1391070 + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml b/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml index da081396e..de81a109f 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml @@ -5,7 +5,14 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).version }}): User and system resource limits" + tags: + - sap_general_preconfigure_configuration + - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '../RedHat/generic/increase-nofile-limits.yml' ansible.builtin.import_tasks: ../RedHat/generic/increase-nofile-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_1771258 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_1771258 + - sap_general_preconfigure_nofile_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml index d05266228..b1a23d2f3 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml @@ -4,23 +4,51 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).version }}): Configure RHEL 7" + tags: + - sap_general_preconfigure_configuration + - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '2002167/02-configuration-changes.yml' ansible.builtin.import_tasks: 2002167/02-configuration-changes.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_02 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2002167_02 + - sap_general_preconfigure_firewall + - sap_general_preconfigure_selinux - name: Import tasks from '2002167/03-setting-the-hostname.yml' ansible.builtin.import_tasks: 2002167/03-setting-the-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_03 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2002167_03 + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns-name-resolution - name: Import tasks from '2002167/04-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2002167/04-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_04 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2002167_04 + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '2002167/05-process-resource-limits.yml' ansible.builtin.import_tasks: 2002167/05-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_05 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2002167_05 + - sap_general_preconfigure_nproc_limits - name: Import tasks from '2002167/06-additional-notes-for-installing-sap-systems.yml' ansible.builtin.import_tasks: 2002167/06-additional-notes-for-installing-sap-systems.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_06 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2002167_06 + - sap_general_preconfigure_libldap + - sap_general_preconfigure_liblber + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml index 12fb3317d..ef2fa7545 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml @@ -4,39 +4,80 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).version }}): Configure RHEL 8" + tags: + - sap_general_preconfigure_configuration + - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '2772999/02-configure-selinux.yml' ansible.builtin.import_tasks: 2772999/02-configure-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_02 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_02 + - sap_general_preconfigure_selinux - name: Import tasks from '2772999/03-configure-hostname.yml' ansible.builtin.import_tasks: 2772999/03-configure-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_03 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_03 + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns-name-resolution - name: Import tasks from '2772999/04-configure-network-time-and-date.yml' ansible.builtin.import_tasks: 2772999/04-configure-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_04 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_04 + - sap_general_preconfigure_network_time_and_date - name: Import tasks from '2772999/05-configure-firewall.yml' ansible.builtin.import_tasks: 2772999/05-configure-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_05 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_05 + - sap_general_preconfigure_firewall - name: Import tasks from '2772999/06-configure-uuidd.yml' ansible.builtin.import_tasks: 2772999/06-configure-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_06 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_06 + - sap_general_preconfigure_configure_uuidd - name: Import tasks from '2772999/07-configure-tmpfs.yml' ansible.builtin.import_tasks: 2772999/07-configure-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_07 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_07 + - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '2772999/08-configure-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2772999/08-configure-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_08 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_08 + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '2772999/09-configure-process-resource-limits.yml' ansible.builtin.import_tasks: 2772999/09-configure-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_09 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_09 + - sap_general_preconfigure_nproc_limits - name: Import tasks from '2772999/10-configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 2772999/10-configure-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_10 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_10 + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml index 5dc4af4b3..8fc8813f4 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml @@ -3,40 +3,81 @@ - name: Configure - Display SAP note number 3108316 and its version ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).number }} - (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).version }}): Configure RHEL 8" + (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).version }}): Configure RHEL 9" + tags: + - sap_general_preconfigure_configuration + - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '3108316/02-configure-selinux.yml' ansible.builtin.import_tasks: 3108316/02-configure-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_02 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_02 + - sap_general_preconfigure_selinux - name: Import tasks from '3108316/03-configure-hostname.yml' ansible.builtin.import_tasks: 3108316/03-configure-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_03 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_03 + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns-name-resolution - name: Import tasks from '3108316/04-configure-network-time-and-date.yml' ansible.builtin.import_tasks: 3108316/04-configure-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_04 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_04 + - sap_general_preconfigure_network_time_and_date - name: Import tasks from '3108316/05-configure-firewall.yml' ansible.builtin.import_tasks: 3108316/05-configure-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_05 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_05 + - sap_general_preconfigure_firewall - name: Import tasks from '3108316/06-configure-uuidd.yml' ansible.builtin.import_tasks: 3108316/06-configure-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_06 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_06 + - sap_general_preconfigure_configure_uuidd - name: Import tasks from '3108316/07-configure-tmpfs.yml' ansible.builtin.import_tasks: 3108316/07-configure-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_07 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_07 + - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '3108316/08-configure-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 3108316/08-configure-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_08 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_08 + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '3108316/09-configure-process-resource-limits.yml' ansible.builtin.import_tasks: 3108316/09-configure-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_09 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_09 + - sap_general_preconfigure_nproc_limits - name: Import tasks from '3108316/10-configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 3108316/10-configure-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_10 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_10 + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml index b411463ce..60cd8a030 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml @@ -8,7 +8,14 @@ memtotal_mb = {{ ansible_memtotal_mb }}; swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - sap_general_preconfigure_configuration + - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '../RedHat/generic/assert-tmpfs.yml' ansible.builtin.import_tasks: ../RedHat/generic/assert-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_0941735 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_0941735 + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml index 5285dae87..84670ea15 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml @@ -5,7 +5,14 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).version }}): Configure uuidd" + tags: + - sap_general_preconfigure_configuration + - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '../RedHat/generic/assert-uuidd.yml' ansible.builtin.import_tasks: ../RedHat/generic/assert-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_1391070 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_1391070 + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml index ac06c3a6e..92dd71a57 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml @@ -5,7 +5,14 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).version }}): User and system resource limits" + tags: + - sap_general_preconfigure_configuration + - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '../RedHat/generic/assert-nofile-limits.yml' ansible.builtin.import_tasks: ../RedHat/generic/assert-nofile-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_1771258 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_1771258 + - sap_general_preconfigure_nofile_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml index bbf5aea5b..261ef42df 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml @@ -8,19 +8,44 @@ - name: Import tasks from '2002167/02-assert-configuration-changes.yml' ansible.builtin.import_tasks: 2002167/02-assert-configuration-changes.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_02 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2002167_02 + - sap_general_preconfigure_firewall + - sap_general_preconfigure_selinux - name: Import tasks from '2002167/03-assert-setting-the-hostname.yml' ansible.builtin.import_tasks: 2002167/03-assert-setting-the-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_03 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2002167_03 + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns-name-resolution - name: Import tasks from '2002167/04-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2002167/04-assert-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_04 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2002167_04 + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '2002167/05-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 2002167/05-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_05 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2002167_05 + - sap_general_preconfigure_nproc_limits - name: Import tasks from '2002167/06-assert-additional-notes-for-installing-sap-systems.yml' ansible.builtin.import_tasks: 2002167/06-assert-additional-notes-for-installing-sap-systems.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_06 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2002167_06 + - sap_general_preconfigure_libldap + - sap_general_preconfigure_liblber + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml index 91adfa3bd..92eeeec50 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml @@ -4,39 +4,80 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).version }}): Configure RHEL 8" + tags: + - sap_general_preconfigure_configuration + - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '2772999/02-assert-selinux.yml' ansible.builtin.import_tasks: 2772999/02-assert-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_02 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_02 + - sap_general_preconfigure_selinux - name: Import tasks from '2772999/03-assert-hostname.yml' ansible.builtin.import_tasks: 2772999/03-assert-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_03 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_03 + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns-name-resolution - name: Import tasks from '2772999/04-assert-network-time-and-date.yml' ansible.builtin.import_tasks: 2772999/04-assert-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_04 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_04 + - sap_general_preconfigure_network_time_and_date - name: Import tasks from '2772999/05-assert-firewall.yml' ansible.builtin.import_tasks: 2772999/05-assert-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_05 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_05 + - sap_general_preconfigure_firewall - name: Import tasks from '2772999/06-assert-uuidd.yml' ansible.builtin.import_tasks: 2772999/06-assert-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_06 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_06 + - sap_general_preconfigure_configure_uuidd - name: Import tasks from '2772999/07-assert-tmpfs.yml' ansible.builtin.import_tasks: 2772999/07-assert-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_07 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_07 + - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '2772999/08-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2772999/08-assert-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_08 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_08 + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '2772999/09-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 2772999/09-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_09 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_09 + - sap_general_preconfigure_nproc_limits - name: Import tasks from '2772999/10-assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 2772999/10-assert-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_10 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_2772999_10 + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml index 7fcddbfb4..210fd5693 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml @@ -3,40 +3,81 @@ - name: Assert - Display SAP note number 3108316 and its version ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).number }} - (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).version }}): Configure RHEL 8" + (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).version }}): Configure RHEL 9" + tags: + - sap_general_preconfigure_configuration + - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '3108316/02-assert-selinux.yml' ansible.builtin.import_tasks: 3108316/02-assert-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_02 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_02 + - sap_general_preconfigure_selinux - name: Import tasks from '3108316/03-assert-hostname.yml' ansible.builtin.import_tasks: 3108316/03-assert-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_03 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_03 + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns-name-resolution - name: Import tasks from '3108316/04-assert-network-time-and-date.yml' ansible.builtin.import_tasks: 3108316/04-assert-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_04 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_04 + - sap_general_preconfigure_network_time_and_date - name: Import tasks from '3108316/05-assert-firewall.yml' ansible.builtin.import_tasks: 3108316/05-assert-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_05 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_05 + - sap_general_preconfigure_firewall - name: Import tasks from '3108316/06-assert-uuidd.yml' ansible.builtin.import_tasks: 3108316/06-assert-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_06 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_06 + - sap_general_preconfigure_configure_uuidd - name: Import tasks from '3108316/07-assert-tmpfs.yml' ansible.builtin.import_tasks: 3108316/07-assert-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_07 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_07 + - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '3108316/08-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 3108316/08-assert-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_08 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_08 + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '3108316/09-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 3108316/09-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_09 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_09 + - sap_general_preconfigure_nproc_limits - name: Import tasks from '3108316/10-assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 3108316/10-assert-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_10 | d(false) + tags: + - sap_general_preconfigure_configuration_all_steps + - sap_general_preconfigure_3108316_10 + - sap_general_preconfigure_systemd_tmpfiles From 7194d5554fb7d6179fef619a92f755c5aa6ea3d3 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 12 Feb 2024 11:39:06 +0100 Subject: [PATCH 013/135] sap_general_preconfigure: add more fine-grained tags Part of #342. Signed-off-by: Bernd Finger --- .../tasks/sapnote/2002167.yml | 15 +++++-------- .../02-assert-configuration-changes.yml | 8 +++++++ .../2002167/02-configuration-changes.yml | 7 ++++++ .../03-assert-setting-the-hostname.yml | 10 +++++++++ .../2002167/03-setting-the-hostname.yml | 10 +++++++++ .../04-assert-linux-kernel-parameters.yml | 4 ++++ .../2002167/04-linux-kernel-parameters.yml | 4 ++++ .../05-assert-process-resource-limits.yml | 6 +++++ .../2002167/05-process-resource-limits.yml | 4 ++++ ...ional-notes-for-installing-sap-systems.yml | 10 +++++++++ ...ional-notes-for-installing-sap-systems.yml | 22 +++++++++++++++++++ .../tasks/sapnote/2772999.yml | 11 ---------- .../sapnote/2772999/02-assert-selinux.yml | 4 ++++ .../sapnote/2772999/02-configure-selinux.yml | 4 ++++ .../sapnote/2772999/03-assert-hostname.yml | 10 +++++++++ .../sapnote/2772999/03-configure-hostname.yml | 10 +++++++++ .../04-assert-network-time-and-date.yml | 8 +++++++ .../04-configure-network-time-and-date.yml | 4 ++++ .../sapnote/2772999/05-assert-firewall.yml | 4 ++++ .../sapnote/2772999/05-configure-firewall.yml | 4 ++++ .../tasks/sapnote/2772999/06-assert-uuidd.yml | 4 ++++ .../sapnote/2772999/06-configure-uuidd.yml | 4 ++++ .../tasks/sapnote/2772999/07-assert-tmpfs.yml | 4 ++++ .../sapnote/2772999/07-configure-tmpfs.yml | 4 ++++ .../08-assert-linux-kernel-parameters.yml | 4 ++++ .../08-configure-linux-kernel-parameters.yml | 4 ++++ .../09-assert-process-resource-limits.yml | 6 +++++ .../09-configure-process-resource-limits.yml | 4 ++++ .../2772999/10-assert-systemd-tmpfiles.yml | 4 ++++ .../2772999/10-configure-systemd-tmpfiles.yml | 4 ++++ .../tasks/sapnote/3108316.yml | 11 ---------- .../sapnote/3108316/02-assert-selinux.yml | 4 ++++ .../sapnote/3108316/02-configure-selinux.yml | 4 ++++ .../sapnote/3108316/03-assert-hostname.yml | 10 +++++++++ .../sapnote/3108316/03-configure-hostname.yml | 10 +++++++++ .../04-assert-network-time-and-date.yml | 8 +++++++ .../04-configure-network-time-and-date.yml | 4 ++++ .../sapnote/3108316/05-assert-firewall.yml | 4 ++++ .../sapnote/3108316/05-configure-firewall.yml | 4 ++++ .../tasks/sapnote/3108316/06-assert-uuidd.yml | 4 ++++ .../sapnote/3108316/06-configure-uuidd.yml | 4 ++++ .../tasks/sapnote/3108316/07-assert-tmpfs.yml | 4 ++++ .../sapnote/3108316/07-configure-tmpfs.yml | 4 ++++ .../08-assert-linux-kernel-parameters.yml | 4 ++++ .../08-configure-linux-kernel-parameters.yml | 4 ++++ .../09-assert-process-resource-limits.yml | 6 +++++ .../09-configure-process-resource-limits.yml | 4 ++++ .../3108316/10-assert-systemd-tmpfiles.yml | 4 ++++ .../3108316/10-configure-systemd-tmpfiles.yml | 4 ++++ .../tasks/sapnote/assert-2002167.yml | 10 --------- .../tasks/sapnote/assert-2772999.yml | 11 ---------- .../tasks/sapnote/assert-3108316.yml | 11 ---------- 52 files changed, 270 insertions(+), 64 deletions(-) diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml index b1a23d2f3..1972bac60 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml @@ -14,8 +14,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_02 - - sap_general_preconfigure_firewall - - sap_general_preconfigure_selinux - name: Import tasks from '2002167/03-setting-the-hostname.yml' ansible.builtin.import_tasks: 2002167/03-setting-the-hostname.yml @@ -23,9 +21,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_03 - - sap_general_preconfigure_hostname - - sap_general_preconfigure_etc_hosts - - sap_general_preconfigure_dns-name-resolution - name: Import tasks from '2002167/04-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2002167/04-linux-kernel-parameters.yml @@ -33,7 +28,7 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_04 - - sap_general_preconfigure_kernel_parameters +# - sap_general_preconfigure_kernel_parameters - name: Import tasks from '2002167/05-process-resource-limits.yml' ansible.builtin.import_tasks: 2002167/05-process-resource-limits.yml @@ -41,7 +36,7 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_05 - - sap_general_preconfigure_nproc_limits +# - sap_general_preconfigure_nproc_limits - name: Import tasks from '2002167/06-additional-notes-for-installing-sap-systems.yml' ansible.builtin.import_tasks: 2002167/06-additional-notes-for-installing-sap-systems.yml @@ -49,6 +44,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_06 - - sap_general_preconfigure_libldap - - sap_general_preconfigure_liblber - - sap_general_preconfigure_systemd_tmpfiles +# - sap_general_preconfigure_libldap +# - sap_general_preconfigure_liblber +# - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-assert-configuration-changes.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-assert-configuration-changes.yml index cb5f0cbd3..2c75cd689 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-assert-configuration-changes.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-assert-configuration-changes.yml @@ -3,13 +3,21 @@ - name: Assert 2002167-2a ansible.builtin.debug: msg: "SAP note 2002167 Step 2a: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall - name: Import tasks from '../../RedHat/generic/assert-firewall.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-firewall.yml + tags: + - sap_general_preconfigure_firewall - name: Assert 2002167-2b ansible.builtin.debug: msg: "SAP note 2002167 Step 2b: Configure SELinux" + tags: + - sap_general_preconfigure_selinux - name: Import tasks from '../../RedHat/generic/assert-selinux.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-configuration-changes.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-configuration-changes.yml index feaca9a22..ce5876fbe 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-configuration-changes.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/02-configuration-changes.yml @@ -3,9 +3,14 @@ - name: Configure 2002167-2a ansible.builtin.debug: msg: "SAP note 2002167 Step 2a: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall + - sap_general_preconfigure_selinux - name: Import tasks from '../../RedHat/generic/configure-firewall.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-firewall.yml + tags: + - sap_general_preconfigure_firewall - name: Configure 2002167-2b ansible.builtin.debug: @@ -13,3 +18,5 @@ - name: Import tasks from '../../RedHat/generic/configure-selinux.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-assert-setting-the-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-assert-setting-the-hostname.yml index 8c5dae0be..243080ea0 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-assert-setting-the-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-assert-setting-the-hostname.yml @@ -3,12 +3,22 @@ - name: Assert 2002167-3 ansible.builtin.debug: msg: "SAP note 2002167 Step 3: Setting the Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution - name: Import tasks from '../../RedHat/generic/assert-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-hostname.yml + tags: + - sap_general_preconfigure_hostname - name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + tags: + - sap_general_preconfigure_etc_hosts - name: Import tasks from '../../RedHat/generic/assert-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml index 7a59c12ca..3cf24bc8f 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml @@ -3,12 +3,22 @@ - name: Configure 2002167-3 ansible.builtin.debug: msg: "SAP note 2002167 Step 3: Setting the Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution - name: Import tasks from '../../RedHat/generic/configure-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-hostname.yml + tags: + - sap_general_preconfigure_hostname - name: Import tasks from '../../RedHat/generic/configure-etc-hosts.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-etc-hosts.yml + tags: + - sap_general_preconfigure_etc_hosts - name: Import tasks from '../../RedHat/generic/check-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-assert-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-assert-linux-kernel-parameters.yml index c4f1be843..ce765cb33 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-assert-linux-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-assert-linux-kernel-parameters.yml @@ -3,6 +3,10 @@ - name: Assert 2002167-4 ansible.builtin.debug: msg: "SAP note 2002167 Step 4: Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '../../RedHat/generic/assert-kernel-parameters.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-linux-kernel-parameters.yml index c428d82b2..e02ad0179 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-linux-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/04-linux-kernel-parameters.yml @@ -3,6 +3,10 @@ - name: Configure 2002167-4 ansible.builtin.debug: msg: "SAP note 2002167 Step 4: Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '../../RedHat/generic/configure-kernel-parameters.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-assert-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-assert-process-resource-limits.yml index 6dc973607..0771eec83 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-assert-process-resource-limits.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-assert-process-resource-limits.yml @@ -3,9 +3,15 @@ - name: Assert 2002167-5 ansible.builtin.debug: msg: "SAP note 2002167 Step 5: Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/assert-limits-conf-file.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-limits-conf-file.yml + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/assert-nproc-limits.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-process-resource-limits.yml index ec9164179..069b2dac7 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-process-resource-limits.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/05-process-resource-limits.yml @@ -3,6 +3,10 @@ - name: Configure 2002167-5 ansible.builtin.debug: msg: "SAP note 2002167 Step 5: Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/increase-nproc-limits.yml' ansible.builtin.import_tasks: ../../RedHat/generic/increase-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-additional-notes-for-installing-sap-systems.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-additional-notes-for-installing-sap-systems.yml index e922748f0..514748cfe 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-additional-notes-for-installing-sap-systems.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-additional-notes-for-installing-sap-systems.yml @@ -3,18 +3,28 @@ - name: Configure 2002167-6 ansible.builtin.debug: msg: "SAP note 2002167 Step 6: Additional notes for installing SAP systems" + tags: + - sap_general_preconfigure_libldap + - sap_general_preconfigure_liblber + - sap_general_preconfigure_systemd_tmpfiles - name: Link LDAP library libldap ansible.builtin.file: src: /usr/lib64/libldap-2.3.so.0 dest: /usr/lib64/libldap.so.199 state: link + tags: + - sap_general_preconfigure_libldap - name: Link LDAP library liblber ansible.builtin.file: src: /usr/lib64/liblber-2.3.so.0 dest: /usr/lib64/liblber.so.199 state: link + tags: + - sap_general_preconfigure_liblber - name: Import tasks from '../../RedHat/generic/configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-assert-additional-notes-for-installing-sap-systems.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-assert-additional-notes-for-installing-sap-systems.yml index 6ab03b878..afb8d04e4 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-assert-additional-notes-for-installing-sap-systems.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/06-assert-additional-notes-for-installing-sap-systems.yml @@ -3,11 +3,17 @@ - name: Assert 2002167-6 ansible.builtin.debug: msg: "SAP note 2002167 Step 6: Additional notes for installing SAP systems" + tags: + - sap_general_preconfigure_libldap + - sap_general_preconfigure_liblber + - sap_general_preconfigure_systemd_tmpfiles - name: Get info about file /usr/lib64/libldap.so.199 ansible.builtin.stat: path: /usr/lib64/libldap.so.199 register: __sap_general_preconfigure_register_stat_libldap_assert + tags: + - sap_general_preconfigure_libldap - name: Assert that file /usr/lib64/libldap.so.199 exists ansible.builtin.assert: @@ -15,6 +21,8 @@ fail_msg: "FAIL: File /usr/lib64/libldap.so.199 does not exist!" success_msg: "PASS: File /usr/lib64/libldap.so.199 exist." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_libldap - name: Assert that file /usr/lib64/libldap.so.199 is a link ansible.builtin.assert: @@ -23,6 +31,8 @@ success_msg: "PASS: File /usr/lib64/libldap.so.199 is a link." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" when: __sap_general_preconfigure_register_stat_libldap_assert.stat.exists + tags: + - sap_general_preconfigure_libldap - name: Assert that file /usr/lib64/libldap.so.199 is a link to /usr/lib64/libldap-2.3.so.0 ansible.builtin.assert: @@ -31,11 +41,15 @@ success_msg: "PASS: File /usr/lib64/libldap.so.199 is a link to /usr/lib64/libldap-2.3.so.0." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" when: __sap_general_preconfigure_register_stat_libldap_assert.stat.exists + tags: + - sap_general_preconfigure_libldap - name: Get info about file /usr/lib64/liblber.so.199 ansible.builtin.stat: path: /usr/lib64/liblber.so.199 register: __sap_general_preconfigure_register_stat_liblber_assert + tags: + - sap_general_preconfigure_liblber - name: Assert that file /usr/lib64/liblber.so.199 exists ansible.builtin.assert: @@ -43,6 +57,8 @@ fail_msg: "FAIL: File /usr/lib64/liblber.so.199 does not exist!" success_msg: "PASS: File /usr/lib64/liblber.so.199 exist." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_liblber - name: Assert that file /usr/lib64/liblber.so.199 exists and is a link ansible.builtin.assert: @@ -51,6 +67,8 @@ success_msg: "PASS: File /usr/lib64/liblber.so.199 is a link." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" when: __sap_general_preconfigure_register_stat_liblber_assert.stat.exists + tags: + - sap_general_preconfigure_liblber - name: Assert that file /usr/lib64/liblber.so.199 is a link to /usr/lib64/liblber-2.3.so.0 ansible.builtin.assert: @@ -59,6 +77,10 @@ success_msg: "PASS: File /usr/lib64/liblber.so.199 is a link to /usr/lib64/liblber-2.3.so.0." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" when: __sap_general_preconfigure_register_stat_liblber_assert.stat.exists + tags: + - sap_general_preconfigure_liblber - name: Import tasks from '../../RedHat/generic/assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml index ef2fa7545..3708bd0ff 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml @@ -14,7 +14,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_02 - - sap_general_preconfigure_selinux - name: Import tasks from '2772999/03-configure-hostname.yml' ansible.builtin.import_tasks: 2772999/03-configure-hostname.yml @@ -22,9 +21,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_03 - - sap_general_preconfigure_hostname - - sap_general_preconfigure_etc_hosts - - sap_general_preconfigure_dns-name-resolution - name: Import tasks from '2772999/04-configure-network-time-and-date.yml' ansible.builtin.import_tasks: 2772999/04-configure-network-time-and-date.yml @@ -32,7 +28,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_04 - - sap_general_preconfigure_network_time_and_date - name: Import tasks from '2772999/05-configure-firewall.yml' ansible.builtin.import_tasks: 2772999/05-configure-firewall.yml @@ -40,7 +35,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_05 - - sap_general_preconfigure_firewall - name: Import tasks from '2772999/06-configure-uuidd.yml' ansible.builtin.import_tasks: 2772999/06-configure-uuidd.yml @@ -48,7 +42,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_06 - - sap_general_preconfigure_configure_uuidd - name: Import tasks from '2772999/07-configure-tmpfs.yml' ansible.builtin.import_tasks: 2772999/07-configure-tmpfs.yml @@ -56,7 +49,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_07 - - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '2772999/08-configure-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2772999/08-configure-linux-kernel-parameters.yml @@ -64,7 +56,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_08 - - sap_general_preconfigure_kernel_parameters - name: Import tasks from '2772999/09-configure-process-resource-limits.yml' ansible.builtin.import_tasks: 2772999/09-configure-process-resource-limits.yml @@ -72,7 +63,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_09 - - sap_general_preconfigure_nproc_limits - name: Import tasks from '2772999/10-configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 2772999/10-configure-systemd-tmpfiles.yml @@ -80,4 +70,3 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_10 - - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-assert-selinux.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-assert-selinux.yml index f5cbea7d0..e0802a6e1 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-assert-selinux.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-assert-selinux.yml @@ -3,6 +3,10 @@ - name: Assert 2772999-2 ansible.builtin.debug: msg: "SAP note 2772999 Step 2: Configure SELinux" + tags: + - sap_general_preconfigure_selinux - name: Import tasks from '../../RedHat/generic/assert-selinux.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-configure-selinux.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-configure-selinux.yml index e77d8d6d1..5cf270376 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-configure-selinux.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/02-configure-selinux.yml @@ -3,6 +3,10 @@ - name: Configure 2772999-2 ansible.builtin.debug: msg: "SAP note 2772999 Step 2: Configure SELinux" + tags: + - sap_general_preconfigure_selinux - name: Import tasks from '../../RedHat/generic/configure-selinux.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-assert-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-assert-hostname.yml index 6214a6487..723f623b7 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-assert-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-assert-hostname.yml @@ -3,12 +3,22 @@ - name: Assert 2772999-3 ansible.builtin.debug: msg: "SAP note 2772999 Step 3: Configure Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution - name: Import tasks from '../../RedHat/generic/assert-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-hostname.yml + tags: + - sap_general_preconfigure_hostname - name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + tags: + - sap_general_preconfigure_etc_hosts - name: Import tasks from '../../RedHat/generic/assert-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml index 20204c9aa..104a1b6a0 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml @@ -3,12 +3,22 @@ - name: Configure 2772999-3 ansible.builtin.debug: msg: "SAP note 2772999 Step 3: Configure Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution - name: Import tasks from '../../RedHat/generic/configure-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-hostname.yml + tags: + - sap_general_preconfigure_hostname - name: Import tasks from '../../RedHat/generic/configure-etc-hosts.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-etc-hosts.yml + tags: + - sap_general_preconfigure_etc_hosts - name: Import tasks from '../../RedHat/generic/check-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-assert-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-assert-network-time-and-date.yml index 28a36f531..611771f0a 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-assert-network-time-and-date.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-assert-network-time-and-date.yml @@ -3,6 +3,8 @@ - name: Assert 2772999-4 ansible.builtin.debug: msg: "SAP note 2772999 Step 4: Configure Network Time and Date" + tags: + - sap_general_preconfigure_network_time_and_date # Reason for noqa: We need to get the current status only - name: Get status of chronyd # noqa command-instead-of-module @@ -10,6 +12,8 @@ register: __sap_general_preconfigure_register_chronyd_status_assert ignore_errors: yes changed_when: no + tags: + - sap_general_preconfigure_network_time_and_date - name: Assert that chronyd is enabled ansible.builtin.assert: @@ -17,6 +21,8 @@ fail_msg: "FAIL: Service 'chronyd' is not enabled!" success_msg: "PASS: Service 'chronyd' is enabled." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_network_time_and_date - name: Assert that chronyd is active ansible.builtin.assert: @@ -24,3 +30,5 @@ fail_msg: "FAIL: Service 'chronyd' is not active!" success_msg: "PASS: Service 'chronyd' is active." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-configure-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-configure-network-time-and-date.yml index 6d515664b..f2ed23418 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-configure-network-time-and-date.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-configure-network-time-and-date.yml @@ -3,9 +3,13 @@ - name: Configure 2772999-4 ansible.builtin.debug: msg: "SAP note 2772999 Step 4: Configure Network Time and Date" + tags: + - sap_general_preconfigure_network_time_and_date - name: Start and enable service chronyd ansible.builtin.systemd: name: chronyd state: started enabled: yes + tags: + - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-assert-firewall.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-assert-firewall.yml index 4b974c632..9f8caf2ef 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-assert-firewall.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-assert-firewall.yml @@ -3,6 +3,10 @@ - name: Assert 2772999-5 ansible.builtin.debug: msg: "SAP note 2772999 Step 5: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall - name: Import tasks from '../../RedHat/generic/assert-firewall.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-firewall.yml + tags: + - sap_general_preconfigure_firewall diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-configure-firewall.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-configure-firewall.yml index 14b4b87bf..0fbc7d4d2 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-configure-firewall.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/05-configure-firewall.yml @@ -3,6 +3,10 @@ - name: Configure 2772999-5 ansible.builtin.debug: msg: "SAP note 2772999 Step 5: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall - name: Import tasks from '../../RedHat/generic/configure-firewall.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-firewall.yml + tags: + - sap_general_preconfigure_firewall diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-assert-uuidd.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-assert-uuidd.yml index c3cac0639..2d7512237 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-assert-uuidd.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-assert-uuidd.yml @@ -3,6 +3,10 @@ - name: Assert 2772999-6 ansible.builtin.debug: msg: "SAP note 2772999 Step 6: Configure uuidd" + tags: + - sap_general_preconfigure_configure_uuidd - name: Import tasks from '../../RedHat/generic/assert-uuidd.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-uuidd.yml + tags: + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-configure-uuidd.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-configure-uuidd.yml index 6736ab75f..ba37631ed 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-configure-uuidd.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/06-configure-uuidd.yml @@ -3,6 +3,10 @@ - name: Configure 2772999-6 ansible.builtin.debug: msg: "SAP note 2772999 Step 6: Configure uuidd" + tags: + - sap_general_preconfigure_configure_uuidd - name: Import tasks from '../../RedHat/generic/configure-uuidd.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-uuidd.yml + tags: + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-assert-tmpfs.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-assert-tmpfs.yml index 555f4f3ca..d6159ecaf 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-assert-tmpfs.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-assert-tmpfs.yml @@ -6,6 +6,10 @@ memtotal_mb = {{ ansible_memtotal_mb }}; swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '../../RedHat/generic/assert-tmpfs.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-tmpfs.yml + tags: + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-configure-tmpfs.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-configure-tmpfs.yml index effbbb6a5..b6de1449f 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-configure-tmpfs.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/07-configure-tmpfs.yml @@ -6,6 +6,10 @@ memtotal_mb = {{ ansible_memtotal_mb }}; swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '../../RedHat/generic/configure-tmpfs.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-tmpfs.yml + tags: + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-assert-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-assert-linux-kernel-parameters.yml index c4fdddd17..30384384e 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-assert-linux-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-assert-linux-kernel-parameters.yml @@ -3,6 +3,10 @@ - name: Assert 2772999-8 ansible.builtin.debug: msg: "SAP note 2772999 Step 8: Configure Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '../../RedHat/generic/assert-kernel-parameters.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-configure-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-configure-linux-kernel-parameters.yml index ef98d6043..5f2c0be03 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-configure-linux-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/08-configure-linux-kernel-parameters.yml @@ -3,6 +3,10 @@ - name: Configure 2772999-8 ansible.builtin.debug: msg: "SAP note 2772999 Step 8: Configure Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '../../RedHat/generic/configure-kernel-parameters.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-assert-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-assert-process-resource-limits.yml index 4d11551ba..c50358cd0 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-assert-process-resource-limits.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-assert-process-resource-limits.yml @@ -3,9 +3,15 @@ - name: Assert 2772999-9 ansible.builtin.debug: msg: "SAP note 2772999 Step 9: Configure Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/assert-limits-conf-file.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-limits-conf-file.yml + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/assert-nproc-limits.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-configure-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-configure-process-resource-limits.yml index d04dd88f2..ac4dc7692 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-configure-process-resource-limits.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/09-configure-process-resource-limits.yml @@ -3,6 +3,10 @@ - name: Configure 2772999-9 ansible.builtin.debug: msg: "SAP note 2772999 Step 9: Configure Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/increase-nproc-limits.yml' ansible.builtin.import_tasks: ../../RedHat/generic/increase-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-assert-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-assert-systemd-tmpfiles.yml index a24301744..a067c5654 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-assert-systemd-tmpfiles.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-assert-systemd-tmpfiles.yml @@ -3,6 +3,10 @@ - name: Assert 2772999-10 ansible.builtin.debug: msg: "SAP note 2772999 Step 10: Configure systemd-tmpfiles" + tags: + - sap_general_preconfigure_systemd_tmpfiles - name: Import tasks from '../../RedHat/generic/assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-configure-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-configure-systemd-tmpfiles.yml index 6af633653..b5fe023fa 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-configure-systemd-tmpfiles.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/10-configure-systemd-tmpfiles.yml @@ -3,6 +3,10 @@ - name: Configure 2772999-10 ansible.builtin.debug: msg: "SAP note 2772999 Step 10: Configure systemd-tmpfiles" + tags: + - sap_general_preconfigure_systemd_tmpfiles - name: Import tasks from '../../RedHat/generic/configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml index 8fc8813f4..7c2dfc018 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml @@ -14,7 +14,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_02 - - sap_general_preconfigure_selinux - name: Import tasks from '3108316/03-configure-hostname.yml' ansible.builtin.import_tasks: 3108316/03-configure-hostname.yml @@ -22,9 +21,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_03 - - sap_general_preconfigure_hostname - - sap_general_preconfigure_etc_hosts - - sap_general_preconfigure_dns-name-resolution - name: Import tasks from '3108316/04-configure-network-time-and-date.yml' ansible.builtin.import_tasks: 3108316/04-configure-network-time-and-date.yml @@ -32,7 +28,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_04 - - sap_general_preconfigure_network_time_and_date - name: Import tasks from '3108316/05-configure-firewall.yml' ansible.builtin.import_tasks: 3108316/05-configure-firewall.yml @@ -40,7 +35,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_05 - - sap_general_preconfigure_firewall - name: Import tasks from '3108316/06-configure-uuidd.yml' ansible.builtin.import_tasks: 3108316/06-configure-uuidd.yml @@ -48,7 +42,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_06 - - sap_general_preconfigure_configure_uuidd - name: Import tasks from '3108316/07-configure-tmpfs.yml' ansible.builtin.import_tasks: 3108316/07-configure-tmpfs.yml @@ -56,7 +49,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_07 - - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '3108316/08-configure-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 3108316/08-configure-linux-kernel-parameters.yml @@ -64,7 +56,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_08 - - sap_general_preconfigure_kernel_parameters - name: Import tasks from '3108316/09-configure-process-resource-limits.yml' ansible.builtin.import_tasks: 3108316/09-configure-process-resource-limits.yml @@ -72,7 +63,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_09 - - sap_general_preconfigure_nproc_limits - name: Import tasks from '3108316/10-configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 3108316/10-configure-systemd-tmpfiles.yml @@ -80,4 +70,3 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_10 - - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-assert-selinux.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-assert-selinux.yml index 1c2fe6e96..4bbb28495 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-assert-selinux.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-assert-selinux.yml @@ -3,6 +3,10 @@ - name: Assert 3108316-2 ansible.builtin.debug: msg: "SAP note 3108316 Step 2: Configure SELinux" + tags: + - sap_general_preconfigure_selinux - name: Import tasks from '../../RedHat/generic/assert-selinux.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-configure-selinux.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-configure-selinux.yml index 29a95015e..da03345e5 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-configure-selinux.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/02-configure-selinux.yml @@ -3,6 +3,10 @@ - name: Configure 3108316-2 ansible.builtin.debug: msg: "SAP note 3108316 Step 2: Configure SELinux" + tags: + - sap_general_preconfigure_selinux - name: Import tasks from '../../RedHat/generic/configure-selinux.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-assert-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-assert-hostname.yml index 17aa80708..21a437d8f 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-assert-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-assert-hostname.yml @@ -3,12 +3,22 @@ - name: Assert 3108316-3 ansible.builtin.debug: msg: "SAP note 3108316 Step 3: Configure Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution - name: Import tasks from '../../RedHat/generic/assert-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-hostname.yml + tags: + - sap_general_preconfigure_hostname - name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + tags: + - sap_general_preconfigure_etc_hosts - name: Import tasks from '../../RedHat/generic/assert-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml index d120c8e8e..86681b10a 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml @@ -3,12 +3,22 @@ - name: Configure 3108316-3 ansible.builtin.debug: msg: "SAP note 3108316 Step 3: Configure Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution - name: Import tasks from '../../RedHat/generic/configure-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-hostname.yml + tags: + - sap_general_preconfigure_hostname - name: Import tasks from '../../RedHat/generic/configure-etc-hosts.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-etc-hosts.yml + tags: + - sap_general_preconfigure_etc_hosts - name: Import tasks from '../../RedHat/generic/check-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-assert-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-assert-network-time-and-date.yml index f46e0aac5..d773c14c2 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-assert-network-time-and-date.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-assert-network-time-and-date.yml @@ -3,6 +3,8 @@ - name: Assert 3108316-4 ansible.builtin.debug: msg: "SAP note 3108316 Step 4: Configure Network Time and Date" + tags: + - sap_general_preconfigure_network_time_and_date # Reason for noqa: We need to get the current status only - name: Get status of chronyd # noqa command-instead-of-module @@ -10,6 +12,8 @@ register: __sap_general_preconfigure_register_chronyd_status_assert ignore_errors: yes changed_when: no + tags: + - sap_general_preconfigure_network_time_and_date - name: Assert that chronyd is enabled ansible.builtin.assert: @@ -17,6 +21,8 @@ fail_msg: "FAIL: Service 'chronyd' is not enabled!" success_msg: "PASS: Service 'chronyd' is enabled." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_network_time_and_date - name: Assert that chronyd is active ansible.builtin.assert: @@ -24,3 +30,5 @@ fail_msg: "FAIL: Service 'chronyd' is not active!" success_msg: "PASS: Service 'chronyd' is active." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-configure-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-configure-network-time-and-date.yml index 510ca3fb4..c175f1573 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-configure-network-time-and-date.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-configure-network-time-and-date.yml @@ -3,9 +3,13 @@ - name: Configure 3108316-4 ansible.builtin.debug: msg: "SAP note 3108316 Step 4: Configure Network Time and Date" + tags: + - sap_general_preconfigure_network_time_and_date - name: Start and enable service chronyd ansible.builtin.systemd: name: chronyd state: started enabled: yes + tags: + - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-assert-firewall.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-assert-firewall.yml index 9f70e1648..097978f1a 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-assert-firewall.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-assert-firewall.yml @@ -3,6 +3,10 @@ - name: Assert 3108316-5 ansible.builtin.debug: msg: "SAP note 3108316 Step 5: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall - name: Import tasks from '../../RedHat/generic/assert-firewall.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-firewall.yml + tags: + - sap_general_preconfigure_firewall diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-configure-firewall.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-configure-firewall.yml index 707b53712..a97c67a9c 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-configure-firewall.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/05-configure-firewall.yml @@ -3,6 +3,10 @@ - name: Configure 3108316-5 ansible.builtin.debug: msg: "SAP note 3108316 Step 5: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall - name: Import tasks from '../../RedHat/generic/configure-firewall.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-firewall.yml + tags: + - sap_general_preconfigure_firewall diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-assert-uuidd.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-assert-uuidd.yml index dab32ed0f..e5271b176 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-assert-uuidd.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-assert-uuidd.yml @@ -3,6 +3,10 @@ - name: Assert 3108316-6 ansible.builtin.debug: msg: "SAP note 3108316 Step 6: Configure uuidd" + tags: + - sap_general_preconfigure_configure_uuidd - name: Import tasks from '../../RedHat/generic/assert-uuidd.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-uuidd.yml + tags: + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-configure-uuidd.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-configure-uuidd.yml index ff31a6ce1..b805561d0 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-configure-uuidd.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/06-configure-uuidd.yml @@ -3,6 +3,10 @@ - name: Configure 3108316-6 ansible.builtin.debug: msg: "SAP note 3108316 Step 6: Configure uuidd" + tags: + - sap_general_preconfigure_configure_uuidd - name: Import tasks from '../../RedHat/generic/configure-uuidd.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-uuidd.yml + tags: + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-assert-tmpfs.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-assert-tmpfs.yml index 180df8ba5..4b8fca006 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-assert-tmpfs.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-assert-tmpfs.yml @@ -6,6 +6,10 @@ memtotal_mb = {{ ansible_memtotal_mb }}; swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '../../RedHat/generic/assert-tmpfs.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-tmpfs.yml + tags: + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-configure-tmpfs.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-configure-tmpfs.yml index f293b7979..f07c4081c 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-configure-tmpfs.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/07-configure-tmpfs.yml @@ -6,6 +6,10 @@ memtotal_mb = {{ ansible_memtotal_mb }}; swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '../../RedHat/generic/configure-tmpfs.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-tmpfs.yml + tags: + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-assert-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-assert-linux-kernel-parameters.yml index a5ed5b632..46be59030 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-assert-linux-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-assert-linux-kernel-parameters.yml @@ -3,6 +3,10 @@ - name: Assert 3108316-8 ansible.builtin.debug: msg: "SAP note 3108316 Step 8: Configure Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '../../RedHat/generic/assert-kernel-parameters.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-configure-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-configure-linux-kernel-parameters.yml index 5daf105f5..42a4b2415 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-configure-linux-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/08-configure-linux-kernel-parameters.yml @@ -3,6 +3,10 @@ - name: Configure 3108316-8 ansible.builtin.debug: msg: "SAP note 3108316 Step 8: Configure Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters - name: Import tasks from '../../RedHat/generic/configure-kernel-parameters.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-assert-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-assert-process-resource-limits.yml index b556fe3ef..75f60ddb7 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-assert-process-resource-limits.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-assert-process-resource-limits.yml @@ -3,9 +3,15 @@ - name: Assert 3108316-9 ansible.builtin.debug: msg: "SAP note 3108316 Step 9: Configure Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/assert-limits-conf-file.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-limits-conf-file.yml + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/assert-nproc-limits.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-configure-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-configure-process-resource-limits.yml index 104bd24b9..0a57b7009 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-configure-process-resource-limits.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/09-configure-process-resource-limits.yml @@ -3,6 +3,10 @@ - name: Configure 3108316-9 ansible.builtin.debug: msg: "SAP note 3108316 Step 9: Configure Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits - name: Import tasks from '../../RedHat/generic/increase-nproc-limits.yml' ansible.builtin.import_tasks: ../../RedHat/generic/increase-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-assert-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-assert-systemd-tmpfiles.yml index 37f6d65f7..5371d376a 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-assert-systemd-tmpfiles.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-assert-systemd-tmpfiles.yml @@ -3,6 +3,10 @@ - name: Assert 3108316-10 ansible.builtin.debug: msg: "SAP note 3108316 Step 10: Configure systemd-tmpfiles" + tags: + - sap_general_preconfigure_systemd_tmpfiles - name: Import tasks from '../../RedHat/generic/assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: ../../RedHat/generic/assert-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-configure-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-configure-systemd-tmpfiles.yml index 984bc832e..3fa4076a3 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-configure-systemd-tmpfiles.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/10-configure-systemd-tmpfiles.yml @@ -3,6 +3,10 @@ - name: Configure 3108316-10 ansible.builtin.debug: msg: "SAP note 3108316 Step 10: Configure systemd-tmpfiles" + tags: + - sap_general_preconfigure_systemd_tmpfiles - name: Import tasks from '../../RedHat/generic/configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml index 261ef42df..610e73382 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml @@ -11,8 +11,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_02 - - sap_general_preconfigure_firewall - - sap_general_preconfigure_selinux - name: Import tasks from '2002167/03-assert-setting-the-hostname.yml' ansible.builtin.import_tasks: 2002167/03-assert-setting-the-hostname.yml @@ -20,9 +18,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_03 - - sap_general_preconfigure_hostname - - sap_general_preconfigure_etc_hosts - - sap_general_preconfigure_dns-name-resolution - name: Import tasks from '2002167/04-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2002167/04-assert-linux-kernel-parameters.yml @@ -30,7 +25,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_04 - - sap_general_preconfigure_kernel_parameters - name: Import tasks from '2002167/05-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 2002167/05-assert-process-resource-limits.yml @@ -38,7 +32,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_05 - - sap_general_preconfigure_nproc_limits - name: Import tasks from '2002167/06-assert-additional-notes-for-installing-sap-systems.yml' ansible.builtin.import_tasks: 2002167/06-assert-additional-notes-for-installing-sap-systems.yml @@ -46,6 +39,3 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_06 - - sap_general_preconfigure_libldap - - sap_general_preconfigure_liblber - - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml index 92eeeec50..1fe0047c0 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml @@ -14,7 +14,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_02 - - sap_general_preconfigure_selinux - name: Import tasks from '2772999/03-assert-hostname.yml' ansible.builtin.import_tasks: 2772999/03-assert-hostname.yml @@ -22,9 +21,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_03 - - sap_general_preconfigure_hostname - - sap_general_preconfigure_etc_hosts - - sap_general_preconfigure_dns-name-resolution - name: Import tasks from '2772999/04-assert-network-time-and-date.yml' ansible.builtin.import_tasks: 2772999/04-assert-network-time-and-date.yml @@ -32,7 +28,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_04 - - sap_general_preconfigure_network_time_and_date - name: Import tasks from '2772999/05-assert-firewall.yml' ansible.builtin.import_tasks: 2772999/05-assert-firewall.yml @@ -40,7 +35,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_05 - - sap_general_preconfigure_firewall - name: Import tasks from '2772999/06-assert-uuidd.yml' ansible.builtin.import_tasks: 2772999/06-assert-uuidd.yml @@ -48,7 +42,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_06 - - sap_general_preconfigure_configure_uuidd - name: Import tasks from '2772999/07-assert-tmpfs.yml' ansible.builtin.import_tasks: 2772999/07-assert-tmpfs.yml @@ -56,7 +49,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_07 - - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '2772999/08-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2772999/08-assert-linux-kernel-parameters.yml @@ -64,14 +56,12 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_08 - - sap_general_preconfigure_kernel_parameters - name: Import tasks from '2772999/09-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 2772999/09-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_09 | d(false) tags: - sap_general_preconfigure_configuration_all_steps - - sap_general_preconfigure_2772999_09 - sap_general_preconfigure_nproc_limits - name: Import tasks from '2772999/10-assert-systemd-tmpfiles.yml' @@ -80,4 +70,3 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_10 - - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml index 210fd5693..7fd25ca6b 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml @@ -14,7 +14,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_02 - - sap_general_preconfigure_selinux - name: Import tasks from '3108316/03-assert-hostname.yml' ansible.builtin.import_tasks: 3108316/03-assert-hostname.yml @@ -22,9 +21,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_03 - - sap_general_preconfigure_hostname - - sap_general_preconfigure_etc_hosts - - sap_general_preconfigure_dns-name-resolution - name: Import tasks from '3108316/04-assert-network-time-and-date.yml' ansible.builtin.import_tasks: 3108316/04-assert-network-time-and-date.yml @@ -32,7 +28,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_04 - - sap_general_preconfigure_network_time_and_date - name: Import tasks from '3108316/05-assert-firewall.yml' ansible.builtin.import_tasks: 3108316/05-assert-firewall.yml @@ -40,7 +35,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_05 - - sap_general_preconfigure_firewall - name: Import tasks from '3108316/06-assert-uuidd.yml' ansible.builtin.import_tasks: 3108316/06-assert-uuidd.yml @@ -48,7 +42,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_06 - - sap_general_preconfigure_configure_uuidd - name: Import tasks from '3108316/07-assert-tmpfs.yml' ansible.builtin.import_tasks: 3108316/07-assert-tmpfs.yml @@ -56,7 +49,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_07 - - sap_general_preconfigure_configure_tmpfs - name: Import tasks from '3108316/08-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 3108316/08-assert-linux-kernel-parameters.yml @@ -64,7 +56,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_08 - - sap_general_preconfigure_kernel_parameters - name: Import tasks from '3108316/09-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 3108316/09-assert-process-resource-limits.yml @@ -72,7 +63,6 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_09 - - sap_general_preconfigure_nproc_limits - name: Import tasks from '3108316/10-assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 3108316/10-assert-systemd-tmpfiles.yml @@ -80,4 +70,3 @@ tags: - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_10 - - sap_general_preconfigure_systemd_tmpfiles From f828b4cad663fd59a222d55ee0ca881faf88f9a5 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 12 Feb 2024 17:44:45 +0100 Subject: [PATCH 014/135] sap_general_preconfigure: optimize tags; adapt README.md Solves #342. Signed-off-by: Bernd Finger --- roles/sap_general_preconfigure/README.md | 30 +++++++++++++++++++ .../tasks/RedHat/configuration.yml | 3 +- roles/sap_general_preconfigure/tasks/main.yml | 11 +++++-- .../tasks/sapnote/0941735.yml | 2 -- .../tasks/sapnote/1391070.yml | 2 -- .../tasks/sapnote/1771258.yml | 2 -- .../tasks/sapnote/2002167.yml | 11 ------- .../tasks/sapnote/2772999.yml | 10 ------- .../tasks/sapnote/3108316.yml | 10 ------- .../tasks/sapnote/assert-0941735.yml | 2 -- .../tasks/sapnote/assert-1391070.yml | 2 -- .../tasks/sapnote/assert-1771258.yml | 2 -- .../tasks/sapnote/assert-2002167.yml | 5 ---- .../tasks/sapnote/assert-2772999.yml | 10 ------- .../tasks/sapnote/assert-3108316.yml | 10 ------- 15 files changed, 41 insertions(+), 71 deletions(-) diff --git a/roles/sap_general_preconfigure/README.md b/roles/sap_general_preconfigure/README.md index c1e228f53..e0b19297e 100644 --- a/roles/sap_general_preconfigure/README.md +++ b/roles/sap_general_preconfigure/README.md @@ -334,6 +334,36 @@ sap_general_preconfigure_db_group_name: dba +## Tags + +With the following tags, the role can be called to perform certain activities only: +- tag `sap_general_preconfigure_installation`: Perform only the installation tasks +- tag `sap_general_preconfigure_configuration`: Perform only the configuration tasks +- tag `sap_general_preconfigure_configuration_all_steps`: Perform all configuration tasks +- tag `sap_general_preconfigure_3108316_03`: Perform only the tasks(s) related to this step of the SAP note. +- tag `sap_general_preconfigure_etc_hosts`: Perform only the tasks(s) related to this step. This step might be one of multiple + configuration activities of a SAP note. Also this step might be valid for multiple RHEL major releases. + +Sample call for only verifying and modifying the /etc/hosts file: +``` +# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration,sap_general_preconfigure_etc_hosts +``` + +Sample call for performing all configuration steps except verifying and modifying the /etc/hosts file: +``` +# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration,sap_general_preconfigure_configuration_all_steps --skip_tags=sap_general_preconfigure_etc_hosts +``` + +Sample call for only performing the configuration actitvities related to step 2 (SELinux settings) of SAP note 3108316: +``` +# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration,sap_general_preconfigure_3108316_02 +``` + +Sample call for performing all configuration actitvities except those related to step 2 (SELinux settings) of SAP note 3108316: +``` +# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration,sap_general_preconfigure_configuration_all_steps --skip_tags=sap_general_preconfigure_3108316_02 +``` + ## Dependencies This role does not depend on any other role. diff --git a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml index 3db2835ef..260bae9c7 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml @@ -35,7 +35,8 @@ when: sap_general_preconfigure_create_directories or sap_general_preconfigure_modify_selinux_labels - name: Configure - Include configuration actions for required sapnotes - ansible.builtin.include_tasks: "sapnote/{{ sap_note_line_item.number }}.yml" + ansible.builtin.include_tasks: + file: "sapnote/{{ sap_note_line_item.number }}.yml" with_items: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}" loop_control: loop_var: sap_note_line_item diff --git a/roles/sap_general_preconfigure/tasks/main.yml b/roles/sap_general_preconfigure/tasks/main.yml index e641851ac..5845476b0 100644 --- a/roles/sap_general_preconfigure/tasks/main.yml +++ b/roles/sap_general_preconfigure/tasks/main.yml @@ -96,7 +96,10 @@ - sap_general_preconfigure_installation - name: Include tasks from 'installation.yml' - ansible.builtin.include_tasks: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}installation.yml' + ansible.builtin.include_tasks: + file: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}installation.yml' + apply: + tags: sap_general_preconfigure_installation when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_installation | d(false) with_first_found: - '{{ ansible_distribution.split("_")[0] }}' @@ -112,7 +115,10 @@ - sap_general_preconfigure_configuration - name: Include tasks from 'configuration.yml' - ansible.builtin.include_tasks: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}configuration.yml' + ansible.builtin.include_tasks: + file: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}configuration.yml' + apply: + tags: sap_general_preconfigure_configuration_all_steps when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_configuration | d(false) with_first_found: - '{{ ansible_distribution.split("_")[0] }}' @@ -120,6 +126,7 @@ - '{{ ansible_os_family }}.yml' tags: - sap_general_preconfigure_configuration +# - sap_general_preconfigure_configuration_all_steps # allow a reboot at the end of the preconfigure role - name: Flush handlers diff --git a/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml b/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml index 4d1f37f0c..abb17e283 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml @@ -10,12 +10,10 @@ sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" tags: - sap_general_preconfigure_configuration - - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '../RedHat/generic/configure-tmpfs.yml' ansible.builtin.import_tasks: ../RedHat/generic/configure-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_0941735 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_0941735 - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml b/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml index a4889eaa5..cec15592b 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml @@ -7,12 +7,10 @@ (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).version }}): Configure uuidd" tags: - sap_general_preconfigure_configuration - - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '../RedHat/generic/configure-uuidd.yml' ansible.builtin.import_tasks: ../RedHat/generic/configure-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_1391070 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_1391070 - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml b/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml index de81a109f..783ccb14b 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml @@ -7,12 +7,10 @@ (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).version }}): User and system resource limits" tags: - sap_general_preconfigure_configuration - - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '../RedHat/generic/increase-nofile-limits.yml' ansible.builtin.import_tasks: ../RedHat/generic/increase-nofile-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_1771258 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_1771258 - sap_general_preconfigure_nofile_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml index 1972bac60..200b9ca95 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml @@ -6,44 +6,33 @@ (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).version }}): Configure RHEL 7" tags: - sap_general_preconfigure_configuration - - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '2002167/02-configuration-changes.yml' ansible.builtin.import_tasks: 2002167/02-configuration-changes.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_02 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_02 - name: Import tasks from '2002167/03-setting-the-hostname.yml' ansible.builtin.import_tasks: 2002167/03-setting-the-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_03 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_03 - name: Import tasks from '2002167/04-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2002167/04-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_04 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_04 -# - sap_general_preconfigure_kernel_parameters - name: Import tasks from '2002167/05-process-resource-limits.yml' ansible.builtin.import_tasks: 2002167/05-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_05 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_05 -# - sap_general_preconfigure_nproc_limits - name: Import tasks from '2002167/06-additional-notes-for-installing-sap-systems.yml' ansible.builtin.import_tasks: 2002167/06-additional-notes-for-installing-sap-systems.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_06 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_06 -# - sap_general_preconfigure_libldap -# - sap_general_preconfigure_liblber -# - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml index 3708bd0ff..dcb677520 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml @@ -6,67 +6,57 @@ (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).version }}): Configure RHEL 8" tags: - sap_general_preconfigure_configuration - - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '2772999/02-configure-selinux.yml' ansible.builtin.import_tasks: 2772999/02-configure-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_02 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_02 - name: Import tasks from '2772999/03-configure-hostname.yml' ansible.builtin.import_tasks: 2772999/03-configure-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_03 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_03 - name: Import tasks from '2772999/04-configure-network-time-and-date.yml' ansible.builtin.import_tasks: 2772999/04-configure-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_04 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_04 - name: Import tasks from '2772999/05-configure-firewall.yml' ansible.builtin.import_tasks: 2772999/05-configure-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_05 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_05 - name: Import tasks from '2772999/06-configure-uuidd.yml' ansible.builtin.import_tasks: 2772999/06-configure-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_06 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_06 - name: Import tasks from '2772999/07-configure-tmpfs.yml' ansible.builtin.import_tasks: 2772999/07-configure-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_07 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_07 - name: Import tasks from '2772999/08-configure-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2772999/08-configure-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_08 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_08 - name: Import tasks from '2772999/09-configure-process-resource-limits.yml' ansible.builtin.import_tasks: 2772999/09-configure-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_09 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_09 - name: Import tasks from '2772999/10-configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 2772999/10-configure-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_10 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_10 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml index 7c2dfc018..1ef68aa31 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml @@ -6,67 +6,57 @@ (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).version }}): Configure RHEL 9" tags: - sap_general_preconfigure_configuration - - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '3108316/02-configure-selinux.yml' ansible.builtin.import_tasks: 3108316/02-configure-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_02 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_02 - name: Import tasks from '3108316/03-configure-hostname.yml' ansible.builtin.import_tasks: 3108316/03-configure-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_03 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_03 - name: Import tasks from '3108316/04-configure-network-time-and-date.yml' ansible.builtin.import_tasks: 3108316/04-configure-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_04 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_04 - name: Import tasks from '3108316/05-configure-firewall.yml' ansible.builtin.import_tasks: 3108316/05-configure-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_05 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_05 - name: Import tasks from '3108316/06-configure-uuidd.yml' ansible.builtin.import_tasks: 3108316/06-configure-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_06 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_06 - name: Import tasks from '3108316/07-configure-tmpfs.yml' ansible.builtin.import_tasks: 3108316/07-configure-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_07 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_07 - name: Import tasks from '3108316/08-configure-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 3108316/08-configure-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_08 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_08 - name: Import tasks from '3108316/09-configure-process-resource-limits.yml' ansible.builtin.import_tasks: 3108316/09-configure-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_09 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_09 - name: Import tasks from '3108316/10-configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 3108316/10-configure-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_10 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_10 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml index 60cd8a030..34f06895f 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml @@ -10,12 +10,10 @@ sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" tags: - sap_general_preconfigure_configuration - - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '../RedHat/generic/assert-tmpfs.yml' ansible.builtin.import_tasks: ../RedHat/generic/assert-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_0941735 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_0941735 - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml index 84670ea15..7e1aaabf4 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml @@ -7,12 +7,10 @@ (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).version }}): Configure uuidd" tags: - sap_general_preconfigure_configuration - - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '../RedHat/generic/assert-uuidd.yml' ansible.builtin.import_tasks: ../RedHat/generic/assert-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_1391070 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_1391070 - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml index 92dd71a57..a022ffc44 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml @@ -7,12 +7,10 @@ (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).version }}): User and system resource limits" tags: - sap_general_preconfigure_configuration - - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '../RedHat/generic/assert-nofile-limits.yml' ansible.builtin.import_tasks: ../RedHat/generic/assert-nofile-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_1771258 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_1771258 - sap_general_preconfigure_nofile_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml index 610e73382..aec468a29 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml @@ -9,33 +9,28 @@ ansible.builtin.import_tasks: 2002167/02-assert-configuration-changes.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_02 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_02 - name: Import tasks from '2002167/03-assert-setting-the-hostname.yml' ansible.builtin.import_tasks: 2002167/03-assert-setting-the-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_03 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_03 - name: Import tasks from '2002167/04-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2002167/04-assert-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_04 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_04 - name: Import tasks from '2002167/05-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 2002167/05-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_05 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_05 - name: Import tasks from '2002167/06-assert-additional-notes-for-installing-sap-systems.yml' ansible.builtin.import_tasks: 2002167/06-assert-additional-notes-for-installing-sap-systems.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_06 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2002167_06 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml index 1fe0047c0..0d84f4c93 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml @@ -6,67 +6,57 @@ (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).version }}): Configure RHEL 8" tags: - sap_general_preconfigure_configuration - - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '2772999/02-assert-selinux.yml' ansible.builtin.import_tasks: 2772999/02-assert-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_02 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_02 - name: Import tasks from '2772999/03-assert-hostname.yml' ansible.builtin.import_tasks: 2772999/03-assert-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_03 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_03 - name: Import tasks from '2772999/04-assert-network-time-and-date.yml' ansible.builtin.import_tasks: 2772999/04-assert-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_04 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_04 - name: Import tasks from '2772999/05-assert-firewall.yml' ansible.builtin.import_tasks: 2772999/05-assert-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_05 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_05 - name: Import tasks from '2772999/06-assert-uuidd.yml' ansible.builtin.import_tasks: 2772999/06-assert-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_06 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_06 - name: Import tasks from '2772999/07-assert-tmpfs.yml' ansible.builtin.import_tasks: 2772999/07-assert-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_07 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_07 - name: Import tasks from '2772999/08-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2772999/08-assert-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_08 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_08 - name: Import tasks from '2772999/09-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 2772999/09-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_09 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_nproc_limits - name: Import tasks from '2772999/10-assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 2772999/10-assert-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_10 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_2772999_10 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml index 7fd25ca6b..f11dff560 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml @@ -6,67 +6,57 @@ (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).version }}): Configure RHEL 9" tags: - sap_general_preconfigure_configuration - - sap_general_preconfigure_configuration_all_steps - name: Import tasks from '3108316/02-assert-selinux.yml' ansible.builtin.import_tasks: 3108316/02-assert-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_02 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_02 - name: Import tasks from '3108316/03-assert-hostname.yml' ansible.builtin.import_tasks: 3108316/03-assert-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_03 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_03 - name: Import tasks from '3108316/04-assert-network-time-and-date.yml' ansible.builtin.import_tasks: 3108316/04-assert-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_04 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_04 - name: Import tasks from '3108316/05-assert-firewall.yml' ansible.builtin.import_tasks: 3108316/05-assert-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_05 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_05 - name: Import tasks from '3108316/06-assert-uuidd.yml' ansible.builtin.import_tasks: 3108316/06-assert-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_06 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_06 - name: Import tasks from '3108316/07-assert-tmpfs.yml' ansible.builtin.import_tasks: 3108316/07-assert-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_07 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_07 - name: Import tasks from '3108316/08-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 3108316/08-assert-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_08 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_08 - name: Import tasks from '3108316/09-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 3108316/09-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_09 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_09 - name: Import tasks from '3108316/10-assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 3108316/10-assert-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_10 | d(false) tags: - - sap_general_preconfigure_configuration_all_steps - sap_general_preconfigure_3108316_10 From c6536402628692b65342e6467e05e6df1a9677ee Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 12 Feb 2024 17:55:33 +0100 Subject: [PATCH 015/135] sap_general_preconfigure: Add more examples to README.md Relates to #342. Signed-off-by: Bernd Finger --- roles/sap_general_preconfigure/README.md | 18 ++++++++++++++++++ roles/sap_general_preconfigure/tasks/main.yml | 1 - 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/roles/sap_general_preconfigure/README.md b/roles/sap_general_preconfigure/README.md index e0b19297e..6e4196f39 100644 --- a/roles/sap_general_preconfigure/README.md +++ b/roles/sap_general_preconfigure/README.md @@ -344,6 +344,24 @@ With the following tags, the role can be called to perform certain activities on - tag `sap_general_preconfigure_etc_hosts`: Perform only the tasks(s) related to this step. This step might be one of multiple configuration activities of a SAP note. Also this step might be valid for multiple RHEL major releases. +Sample call for only performing all installation and configuration tasks. This is the default behavior. If no tag is specified, all +installation and configuration tasks are enabled: +``` +# ansible-playbook sap-general-preconfigure.yml +``` + +Sample call for only performing all installation tasks: +``` +# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_installation +``` + +Sample call for only performing all configuration tasks. The tag sap_general_preconfigure_configuration is needed to only use +the configuration tasks, and the tag sap_general_preconfigure_configuration_all_steps activates each individual configuration task. Both +need to be enabled for running all the configuration tasks: +``` +# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration,sap_general_preconfigure_configuration_all_steps +``` + Sample call for only verifying and modifying the /etc/hosts file: ``` # ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration,sap_general_preconfigure_etc_hosts diff --git a/roles/sap_general_preconfigure/tasks/main.yml b/roles/sap_general_preconfigure/tasks/main.yml index 5845476b0..69aeedd6c 100644 --- a/roles/sap_general_preconfigure/tasks/main.yml +++ b/roles/sap_general_preconfigure/tasks/main.yml @@ -126,7 +126,6 @@ - '{{ ansible_os_family }}.yml' tags: - sap_general_preconfigure_configuration -# - sap_general_preconfigure_configuration_all_steps # allow a reboot at the end of the preconfigure role - name: Flush handlers From c2cd1a494c3e6778ebb6a718cd81d68aff51fc1c Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 12 Feb 2024 18:05:31 +0100 Subject: [PATCH 016/135] sap_general_preconfigure: Clarify the scope of tags in README.md Relates to: #342. Signed-off-by: Bernd Finger --- roles/sap_general_preconfigure/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_general_preconfigure/README.md b/roles/sap_general_preconfigure/README.md index 6e4196f39..e48a618c0 100644 --- a/roles/sap_general_preconfigure/README.md +++ b/roles/sap_general_preconfigure/README.md @@ -334,7 +334,7 @@ sap_general_preconfigure_db_group_name: dba -## Tags +## Tags (RHEL systems only) With the following tags, the role can be called to perform certain activities only: - tag `sap_general_preconfigure_installation`: Perform only the installation tasks From 40558c73a68d75dc016afe1f1b281a07c08506eb Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Mon, 12 Feb 2024 17:57:26 +0100 Subject: [PATCH 017/135] fix(ansible-test-sanity): update workflow to run in every pr Closes #648 --- .github/workflows/ansible-test-sanity.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ansible-test-sanity.yml b/.github/workflows/ansible-test-sanity.yml index 90b32f207..5e464b01f 100644 --- a/.github/workflows/ansible-test-sanity.yml +++ b/.github/workflows/ansible-test-sanity.yml @@ -5,9 +5,10 @@ name: ansible-test sanity of the collection on: - schedule: - - cron: '31 12 * * 1' - + pull_request: + branches: + - main + - dev workflow_dispatch: jobs: From 43167ee63a681e1a587f7eb485142b859a988894 Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Tue, 13 Feb 2024 16:08:38 +0100 Subject: [PATCH 018/135] fix(sap_hana_preconfigure/tasks/SLES): update noop with bin/true --- .../sap_hana_preconfigure/tasks/SLES/configuration.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index c90076c7c..c5a3c8070 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -66,8 +66,14 @@ - "processor.max_cstate=1" - "audit=1" - - name: Trigger grub update if necessary - ansible.builtin.meta: noop + # Reason for noqa: + # no-changed-when: there is already a check on the `when` argument that + # loop over all the results of the previous task and if some of the results + # changed the grub configuration file the `GRUB_post-update_configuration` + # handler will be notify, in the other hands if none of the item changed + # the configuration file no handler will be notify + - name: Trigger grub update if necessary # noqa no-changed-when + ansible.builtin.command: /bin/true when: set_grub_entries.results | selectattr('changed', 'equalto', true) | list | length > 0 notify: GRUB_post-update_configuration From 99a22ecdbc6010a25b84c3fc4845facb84476667 Mon Sep 17 00:00:00 2001 From: Roberto Nozaki Date: Tue, 13 Feb 2024 11:41:28 -0500 Subject: [PATCH 019/135] Fix temp removal task --- .../tasks/oracledb_install_post_mopatch.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sap_anydb_install_oracle/tasks/oracledb_install_post_mopatch.yml b/roles/sap_anydb_install_oracle/tasks/oracledb_install_post_mopatch.yml index c482ea5c2..089f0c957 100644 --- a/roles/sap_anydb_install_oracle/tasks/oracledb_install_post_mopatch.yml +++ b/roles/sap_anydb_install_oracle/tasks/oracledb_install_post_mopatch.yml @@ -89,5 +89,5 @@ - name: Oracle DB Patch - Remove the temp dir ansible.builtin.file: - path: "{{ sap_anydb_install_oracle_base }}/tmp_sbp" - state: absent + path: "{{ sap_anydb_install_oracle_base }}/tmp_sbp" + state: absent From 6329c5b574076a72ec0a39e94a14ed9d33879382 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 14 Feb 2024 12:29:08 +0100 Subject: [PATCH 020/135] sap_general_preconfigure: Use the role sap_maintain_etc_hosts Solves issue #658. Signed-off-by: Bernd Finger --- roles/sap_general_preconfigure/defaults/main.yml | 6 +++--- .../tasks/RedHat/configuration.yml | 15 +++++++++++++++ .../sapnote/2002167/03-setting-the-hostname.yml | 16 ++++++++++++++-- .../sapnote/2772999/03-configure-hostname.yml | 16 ++++++++++++++-- .../sapnote/3108316/03-configure-hostname.yml | 16 ++++++++++++++-- 5 files changed, 60 insertions(+), 9 deletions(-) diff --git a/roles/sap_general_preconfigure/defaults/main.yml b/roles/sap_general_preconfigure/defaults/main.yml index 9bda53ad4..c16d30de0 100644 --- a/roles/sap_general_preconfigure/defaults/main.yml +++ b/roles/sap_general_preconfigure/defaults/main.yml @@ -146,15 +146,15 @@ sap_general_preconfigure_max_hostname_length: '13' # The maximum length of the hostname. See SAP note 611361. # Reason for noqa: A separate role is planned to replace the code which uses this variable. -sap_hostname: "{{ ansible_hostname }}" # noqa var-naming[no-role-prefix] +#sap_hostname: "{{ ansible_hostname }}" # noqa var-naming[no-role-prefix] # The hostname to be used for updating or checking `/etc/hosts` entries. # Reason for noqa: A separate role is planned to replace the code which uses this variable. -sap_domain: "{{ ansible_domain }}" # noqa var-naming[no-role-prefix] +#sap_domain: "{{ ansible_domain }}" # noqa var-naming[no-role-prefix] # The DNS domain name to be used for updating or checking `/etc/hosts` entries. # Reason for noqa: A separate role is planned to replace the code which uses this variable. -sap_ip: "{{ ansible_default_ipv4.address }}" # noqa var-naming[no-role-prefix] +#sap_ip: "{{ ansible_default_ipv4.address }}" # noqa var-naming[no-role-prefix] # The IPV4 address to be used for updating or checking `/etc/hosts` entries. # sap_general_preconfigure_db_group_name: (not defined by default) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml index 5893e00a9..ce85ba000 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml @@ -4,6 +4,21 @@ ansible.builtin.debug: var: __sap_general_preconfigure_sapnotes_versions | difference(['']) +- name: Configure - Set sap_hostname if not defined + ansible.builtin.set_fact: + sap_hostname: "{{ ansible_hostname }}" + when: sap_hostname is not defined + +- name: Configure - Set sap_domain if not defined + ansible.builtin.set_fact: + sap_domain: "{{ ansible_domain }}" + when: sap_domain is not defined + +- name: Configure - Set sap_ip if not defined + ansible.builtin.set_fact: + sap_ip: "{{ ansible_default_ipv4.address }}" + when: sap_ip is not defined + - name: Configure - Set directory variables for setting SELinux file contexts ansible.builtin.set_fact: sap_general_preconfigure_fact_targets_setypes: "{{ sap_general_preconfigure_fact_targets_setypes | d([]) + diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml index 7a59c12ca..b183a42dc 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml @@ -7,8 +7,20 @@ - name: Import tasks from '../../RedHat/generic/configure-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-hostname.yml -- name: Import tasks from '../../RedHat/generic/configure-etc-hosts.yml' - ansible.builtin.import_tasks: ../../RedHat/generic/configure-etc-hosts.yml +- name: Import role sap_maintain_etc_hosts + ansible.builtin.import_role: + name: sap_maintain_etc_hosts + vars: + sap_maintain_etc_hosts_list: + - node_ip: "{{ sap_ip | d(ansible_default_ipv4.address) }}" + node_name: "{{ sap_hostname | d(ansible_hostname) }}" + node_domain: "{{ sap_domain | d(ansible_domain) }}" + state: present + when: sap_general_preconfigure_modify_etc_hosts + +- name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + when: not sap_general_preconfigure_modify_etc_hosts - name: Import tasks from '../../RedHat/generic/check-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml index 20204c9aa..858efd8a4 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml @@ -7,8 +7,20 @@ - name: Import tasks from '../../RedHat/generic/configure-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-hostname.yml -- name: Import tasks from '../../RedHat/generic/configure-etc-hosts.yml' - ansible.builtin.import_tasks: ../../RedHat/generic/configure-etc-hosts.yml +- name: Import role sap_maintain_etc_hosts + ansible.builtin.import_role: + name: sap_maintain_etc_hosts + vars: + sap_maintain_etc_hosts_list: + - node_ip: "{{ sap_ip | d(ansible_default_ipv4.address) }}" + node_name: "{{ sap_hostname | d(ansible_hostname) }}" + node_domain: "{{ sap_domain | d(ansible_domain) }}" + state: present + when: sap_general_preconfigure_modify_etc_hosts + +- name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + when: not sap_general_preconfigure_modify_etc_hosts - name: Import tasks from '../../RedHat/generic/check-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml index d120c8e8e..e0c99e546 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml @@ -7,8 +7,20 @@ - name: Import tasks from '../../RedHat/generic/configure-hostname.yml' ansible.builtin.import_tasks: ../../RedHat/generic/configure-hostname.yml -- name: Import tasks from '../../RedHat/generic/configure-etc-hosts.yml' - ansible.builtin.import_tasks: ../../RedHat/generic/configure-etc-hosts.yml +- name: Import role sap_maintain_etc_hosts + ansible.builtin.import_role: + name: sap_maintain_etc_hosts + vars: + sap_maintain_etc_hosts_list: + - node_ip: "{{ sap_ip | d(ansible_default_ipv4.address) }}" + node_name: "{{ sap_hostname | d(ansible_hostname) }}" + node_domain: "{{ sap_domain | d(ansible_domain) }}" + state: present + when: sap_general_preconfigure_modify_etc_hosts + +- name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + when: not sap_general_preconfigure_modify_etc_hosts - name: Import tasks from '../../RedHat/generic/check-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml From 1cd37ecb6f6bf2c155b8e93ea3910a911b38df8e Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 14 Feb 2024 18:18:42 +0100 Subject: [PATCH 021/135] sap_general_preconfigure: rename sap_* variables Avoids the violation of the 'var-naming[no-role-prefix]' ansible-lint rule. Relates to #658. Signed-off-by: Bernd Finger --- .../defaults/main.yml | 14 ++-- .../meta/argument_specs.yml | 6 +- .../tasks/RedHat/configuration.yml | 15 ---- .../generic/assert-dns-name-resolution.yml | 42 +++++------ .../tasks/RedHat/generic/assert-etc-hosts.yml | 74 +++++++------------ .../tasks/RedHat/generic/assert-hostname.yml | 14 ++-- .../generic/check-dns-name-resolution.yml | 6 +- .../RedHat/generic/configure-etc-hosts.yml | 43 +++++------ .../RedHat/generic/configure-hostname.yml | 6 +- .../2002167/03-setting-the-hostname.yml | 6 +- .../sapnote/2772999/03-configure-hostname.yml | 6 +- .../sapnote/3108316/03-configure-hostname.yml | 6 +- 12 files changed, 99 insertions(+), 139 deletions(-) diff --git a/roles/sap_general_preconfigure/defaults/main.yml b/roles/sap_general_preconfigure/defaults/main.yml index c16d30de0..c7f353c3a 100644 --- a/roles/sap_general_preconfigure/defaults/main.yml +++ b/roles/sap_general_preconfigure/defaults/main.yml @@ -145,18 +145,16 @@ sap_general_preconfigure_kernel_parameters: "{{ __sap_general_preconfigure_kerne sap_general_preconfigure_max_hostname_length: '13' # The maximum length of the hostname. See SAP note 611361. -# Reason for noqa: A separate role is planned to replace the code which uses this variable. -#sap_hostname: "{{ ansible_hostname }}" # noqa var-naming[no-role-prefix] +# If "global" variables are set, use those. If not, default to the values from gather_facts: +sap_general_preconfigure_ip: "{{ sap_ip | d(ansible_default_ipv4.address) }}" +# The IPV4 address to be used for updating or checking `/etc/hosts` entries. + +sap_general_preconfigure_hostname: "{{ sap_hostname | d(ansible_hostname) }}" # The hostname to be used for updating or checking `/etc/hosts` entries. -# Reason for noqa: A separate role is planned to replace the code which uses this variable. -#sap_domain: "{{ ansible_domain }}" # noqa var-naming[no-role-prefix] +sap_general_preconfigure_domain: "{{ sap_domain | d(ansible_domain) }}" # The DNS domain name to be used for updating or checking `/etc/hosts` entries. -# Reason for noqa: A separate role is planned to replace the code which uses this variable. -#sap_ip: "{{ ansible_default_ipv4.address }}" # noqa var-naming[no-role-prefix] -# The IPV4 address to be used for updating or checking `/etc/hosts` entries. - # sap_general_preconfigure_db_group_name: (not defined by default) # Use this variable to specify the name of the RHEL group which is used for the database processes. # If defined, it will be used to configure process limits as per step diff --git a/roles/sap_general_preconfigure/meta/argument_specs.yml b/roles/sap_general_preconfigure/meta/argument_specs.yml index 5621e5b28..6ee5fa23d 100644 --- a/roles/sap_general_preconfigure/meta/argument_specs.yml +++ b/roles/sap_general_preconfigure/meta/argument_specs.yml @@ -310,21 +310,21 @@ argument_specs: required: false type: str - sap_hostname: + sap_general_preconfigure_hostname: default: "{{ ansible_hostname }}" description: - The hostname to be used for updating or checking `/etc/hosts` entries. required: false type: str - sap_domain: + sap_general_preconfigure_domain: default: "{{ ansible_domain }}" description: - The DNS domain name to be used for updating or checking `/etc/hosts` entries. required: false type: str - sap_ip: + sap_general_preconfigure_ip: default: "{{ ansible_default_ipv4.address }}" description: - The IPV4 address to be used for updating or checking `/etc/hosts` entries. diff --git a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml index ce85ba000..5893e00a9 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml @@ -4,21 +4,6 @@ ansible.builtin.debug: var: __sap_general_preconfigure_sapnotes_versions | difference(['']) -- name: Configure - Set sap_hostname if not defined - ansible.builtin.set_fact: - sap_hostname: "{{ ansible_hostname }}" - when: sap_hostname is not defined - -- name: Configure - Set sap_domain if not defined - ansible.builtin.set_fact: - sap_domain: "{{ ansible_domain }}" - when: sap_domain is not defined - -- name: Configure - Set sap_ip if not defined - ansible.builtin.set_fact: - sap_ip: "{{ ansible_default_ipv4.address }}" - when: sap_ip is not defined - - name: Configure - Set directory variables for setting SELinux file contexts ansible.builtin.set_fact: sap_general_preconfigure_fact_targets_setypes: "{{ sap_general_preconfigure_fact_targets_setypes | d([]) + diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-dns-name-resolution.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-dns-name-resolution.yml index c7df9b1b3..d0815faba 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-dns-name-resolution.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-dns-name-resolution.yml @@ -3,16 +3,16 @@ - name: Assert that the DNS domain is set ansible.builtin.assert: that: not( (ansible_domain is undefined) or (ansible_domain is none) or (ansible_domain | trim == '') ) - fail_msg: "FAIL: The DNS domain is not configured! So variable 'sap_domain' needs to be configured!" + fail_msg: "FAIL: The DNS domain is not configured! So variable 'sap_general_preconfigure_domain' needs to be configured!" success_msg: "PASS: The DNS domain is configured." # ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" ignore_errors: yes -- name: Assert that variable sap_domain is set +- name: Assert that variable sap_general_preconfigure_domain is set ansible.builtin.assert: - that: not( (sap_domain is undefined) or (sap_domain is none) or (sap_domain | trim == '') ) - fail_msg: "FAIL: The variable 'sap_domain' is not set!" - success_msg: "PASS: The variable 'sap_domain' is set." + that: not( (sap_general_preconfigure_domain is undefined) or (sap_general_preconfigure_domain is none) or (sap_general_preconfigure_domain | trim == '') ) + fail_msg: "FAIL: The variable 'sap_general_preconfigure_domain' is not set!" + success_msg: "PASS: The variable 'sap_general_preconfigure_domain' is set." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" - name: Check if the bind-utils package, which contains the dig command, is available @@ -21,8 +21,8 @@ fail_msg: "FAIL: The package 'bind-utils' is not installed! DNS checking not possible!" ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Check if IP address for sap_hostname.sap_domain is resolved correctly - ansible.builtin.command: dig {{ sap_hostname }}.{{ sap_domain }} +short +- name: Check if IP address for sap_general_preconfigure_hostname.sap_general_preconfigure_domain is resolved correctly + ansible.builtin.command: dig {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} +short register: __sap_general_preconfigure_register_dig_short_assert ignore_errors: yes changed_when: no @@ -35,32 +35,32 @@ success_msg: "PASS: The variable 'ansible_default_ipv4.address' is defined." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Assert that sap_ip is set +- name: Assert that sap_general_preconfigure_ip is set ansible.builtin.assert: - that: __sap_general_preconfigure_register_dig_short_assert.stdout == sap_ip - fail_msg: "FAIL: The variable 'sap_ip' is not set!" - success_msg: "PASS: The variable 'sap_ip' is set." + that: __sap_general_preconfigure_register_dig_short_assert.stdout == sap_general_preconfigure_ip + fail_msg: "FAIL: The variable 'sap_general_preconfigure_ip' is not set!" + success_msg: "PASS: The variable 'sap_general_preconfigure_ip' is set." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" when: "'bind-utils' in ansible_facts.packages" ### BUG: dig does not use search path in resolv.con on PPCle -- name: Check if IP address for sap_hostname with search path is resolved correctly - ansible.builtin.command: dig {{ sap_hostname }} +search +short +- name: Check if IP address for sap_general_preconfigure_hostname with search path is resolved correctly + ansible.builtin.command: dig {{ sap_general_preconfigure_hostname }} +search +short register: __sap_general_preconfigure_register_dig_search_short_assert changed_when: false ignore_errors: true when: "'bind-utils' in ansible_facts.packages" -- name: Assert that the IP address for sap_hostname is resolved correctly +- name: Assert that the IP address for sap_general_preconfigure_hostname is resolved correctly ansible.builtin.assert: - that: __sap_general_preconfigure_register_dig_search_short_assert.stdout == sap_ip - fail_msg: "FAIL: The IP address for 'sap_hostname' could not be resolved!" - success_msg: "PASS: The IP address for 'sap_hostname' was resolved." + that: __sap_general_preconfigure_register_dig_search_short_assert.stdout == sap_general_preconfigure_ip + fail_msg: "FAIL: The IP address for 'sap_general_preconfigure_hostname' could not be resolved!" + success_msg: "PASS: The IP address for 'sap_general_preconfigure_hostname' was resolved." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(true) }}" when: "'bind-utils' in ansible_facts.packages" - name: Check if the reverse name resolution is correct - ansible.builtin.command: dig -x {{ sap_ip }} +short + ansible.builtin.command: dig -x {{ sap_general_preconfigure_ip }} +short register: __sap_general_preconfigure_register_dig_reverse_assert changed_when: false ignore_errors: true @@ -68,8 +68,8 @@ - name: Assert that the reverse name resolution is correct ansible.builtin.assert: - that: __sap_general_preconfigure_register_dig_reverse_assert.stdout == (sap_hostname + '.' + sap_domain + '.') - fail_msg: "FAIL: The reverse name resolution of 'sap_ip' was not successful!" - success_msg: "PASS: The reverse name resolution of 'sap_ip' was successful." + that: __sap_general_preconfigure_register_dig_reverse_assert.stdout == (sap_general_preconfigure_hostname + '.' + sap_general_preconfigure_domain + '.') + fail_msg: "FAIL: The reverse name resolution of 'sap_general_preconfigure_ip' was not successful!" + success_msg: "PASS: The reverse name resolution of 'sap_general_preconfigure_ip' was successful." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(true) }}" when: "'bind-utils' in ansible_facts.packages" diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml index 48b301f38..2b4fc6810 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml @@ -3,28 +3,12 @@ - name: Assert - Display host and domain name, and IP address ansible.builtin.debug: msg: - - "sap_hostname = {{ sap_hostname }}" - - "sap_domain = {{ sap_domain }}" - - "sap_ip = {{ sap_ip }}" - -# Note: There is no check related to hostname aliases. -#- name: Get all hostname aliases of {{ sap_ip }} -# shell: | -# awk '( $1 == "{{ sap_ip }}" ) { -# for (i=2; i<=NF; ++i) { -# if (( $i != "{{ sap_hostname }}" ) && ( $i != "{{ sap_hostname }}.{{ sap_domain }}" )) { printf $i" " } -# } -# }' /etc/hosts -# register: sap_base_settings_register_hostname_aliases -# changed_when: false -# check_mode: false - -#- name: Print hostname aliases -# debug: -# var=sap_hostname_aliases + - "sap_general_preconfigure_hostname = {{ sap_general_preconfigure_hostname }}" + - "sap_general_preconfigure_domain = {{ sap_general_preconfigure_domain }}" + - "sap_general_preconfigure_ip = {{ sap_general_preconfigure_ip }}" - name: Check if ipv4 address, FQDN, and hostname are once in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/{{ sap_ip }}/&&/{{ sap_hostname }}.{{ sap_domain }}/&&/{{ sap_hostname }}/{a++}END{print a}' /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/{{ sap_general_preconfigure_ip }}/&&/{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}/&&/{{ sap_general_preconfigure_hostname }}/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_assert ignore_errors: yes changed_when: no @@ -32,59 +16,51 @@ - name: Assert that ipv4 address, FQDN, and hostname are once in /etc/hosts ansible.builtin.assert: that: __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_assert.stdout == '1' - fail_msg: "FAIL: The line '{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}' needs to be once in /etc/hosts!" - success_msg: "PASS: The line '{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}' is once in /etc/hosts." + fail_msg: "FAIL: The line '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' needs to be once in /etc/hosts!" + success_msg: "PASS: The line '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' is once in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -#- name: Ensure that the entry in /etc/hosts is correct -# ansible.builtin.lineinfile: -# path: /etc/hosts -# regexp: '^{{ sap_ip }}\s' -# line: "{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }} {{ sap_base_settings_register_hostname_aliases.stdout }}" -# when: -# - sap_general_preconfigure_assert_modify_etc_hosts | bool - -- name: Count the number of sap_ip ({{ sap_ip }}) entries in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/{{ sap_ip }}/{a++}END{print a}' /etc/hosts +- name: Count the number of sap_general_preconfigure_ip ({{ sap_general_preconfigure_ip }}) entries in /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/{{ sap_general_preconfigure_ip }}/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_sap_ip_once_assert ignore_errors: yes changed_when: no -- name: Assert that there is just one line containing {{ sap_ip }} in /etc/hosts +- name: Assert that there is just one line containing {{ sap_general_preconfigure_ip }} in /etc/hosts ansible.builtin.assert: that: __sap_general_preconfigure_register_sap_ip_once_assert.stdout == '1' - fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_ip }}' in /etc/hosts!" - success_msg: "PASS: There is only one line containing '{{ sap_ip }}' in /etc/hosts." + fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts!" + success_msg: "PASS: There is only one line containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Check for duplicate or missing entries of {{ sap_hostname }}.{{ sap_domain }} in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_hostname }}.{{ sap_domain }}\s/|| - /\s{{ sap_hostname }}.{{ sap_domain }}\s/|| - /\s{{ sap_hostname }}.{{ sap_domain }}$/{a++}END{print a}' /etc/hosts +- name: Check for duplicate or missing entries of {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} in /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/|| + /\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/|| + /\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}$/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_fqdn_once_assert ignore_errors: yes changed_when: no -- name: Assert that there is just one line containing {{ sap_hostname }}.{{ sap_domain }} in /etc/hosts +- name: Assert that there is just one line containing {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} in /etc/hosts ansible.builtin.assert: that: __sap_general_preconfigure_register_fqdn_once_assert.stdout == '1' - fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_hostname }}.{{ sap_domain }}' in /etc/hosts!" - success_msg: "PASS: There is only one line containing '{{ sap_hostname }}.{{ sap_domain }}' in /etc/hosts." + fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts!" + success_msg: "PASS: There is only one line containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Check for duplicate or missing entries of {{ sap_hostname }} in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_hostname }}\s/|| - /\s{{ sap_hostname }}\s/|| - /\s{{ sap_hostname }}$/{a++}END{print a}' /etc/hosts +- name: Check for duplicate or missing entries of {{ sap_general_preconfigure_hostname }} in /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_hostname }}\s/|| + /\s{{ sap_general_preconfigure_hostname }}\s/|| + /\s{{ sap_general_preconfigure_hostname }}$/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_sap_hostname_once_assert ignore_errors: yes changed_when: no -- name: Assert that there is just one line containing {{ sap_hostname }} in /etc/hosts +- name: Assert that there is just one line containing {{ sap_general_preconfigure_hostname }} in /etc/hosts ansible.builtin.assert: that: __sap_general_preconfigure_register_sap_hostname_once_assert.stdout == '1' - fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_hostname }}' in /etc/hosts!" - success_msg: "PASS: There is only one line containing '{{ sap_hostname }}' in /etc/hosts." + fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_hostname }}' in /etc/hosts!" + success_msg: "PASS: There is only one line containing '{{ sap_general_preconfigure_hostname }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" - name: Check hostname -s diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-hostname.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-hostname.yml index 0ee9b8972..38e843517 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-hostname.yml @@ -6,16 +6,16 @@ ignore_errors: yes changed_when: no -- name: Assert that the output of hostname matches the content of variable sap_hostname +- name: Assert that the output of hostname matches the content of variable sap_general_preconfigure_hostname ansible.builtin.assert: - that: __sap_general_preconfigure_register_hostname_assert.stdout == sap_hostname - fail_msg: "FAIL: The output of 'hostname' does not match the content of variable 'sap_hostname'!" - success_msg: "PASS: The output of 'hostname' matches the content of variable 'sap_hostname'." + that: __sap_general_preconfigure_register_hostname_assert.stdout == sap_general_preconfigure_hostname + fail_msg: "FAIL: The output of 'hostname' does not match the content of variable 'sap_general_preconfigure_hostname'!" + success_msg: "PASS: The output of 'hostname' matches the content of variable 'sap_general_preconfigure_hostname'." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" - name: "Assert that the length of the hostname is not longer than 'sap_general_preconfigure_max_hostname_length'" ansible.builtin.assert: - that: (sap_hostname | length | int) <= (sap_general_preconfigure_max_hostname_length | int) - fail_msg: "FAIL: The length of the hostname is {{ sap_hostname | length | int }} but must be less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')!" - success_msg: "PASS: The length of the hostname is {{ sap_hostname | length | int }}, which is less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')." + that: (sap_general_preconfigure_hostname | length | int) <= (sap_general_preconfigure_max_hostname_length | int) + fail_msg: "FAIL: The length of the hostname is {{ sap_general_preconfigure_hostname | length | int }} but must be less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')!" + success_msg: "PASS: The length of the hostname is {{ sap_general_preconfigure_hostname | length | int }}, which is less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/check-dns-name-resolution.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/check-dns-name-resolution.yml index 42ca53351..562f8d16c 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/check-dns-name-resolution.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/check-dns-name-resolution.yml @@ -1,17 +1,17 @@ --- - name: Check dns forwarding settings - ansible.builtin.shell: test "$(dig {{ sap_hostname }}.{{ sap_domain }} +short)" = "{{ sap_ip }}" + ansible.builtin.shell: test "$(dig {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} +short)" = "{{ sap_general_preconfigure_ip }}" changed_when: false ignore_errors: true ### BUG: dig does not use search path in resolv.con on PPCle - name: Check resolv.conf settings - ansible.builtin.shell: test "$(dig {{ sap_hostname }} +search +short)" = "{{ sap_ip }}" + ansible.builtin.shell: test "$(dig {{ sap_general_preconfigure_hostname }} +search +short)" = "{{ sap_general_preconfigure_ip }}" changed_when: false ignore_errors: true - name: Check dns reverse settings - ansible.builtin.shell: test "$(dig -x {{ sap_ip }} +short)" = "{{ sap_hostname }}.{{ sap_domain }}." + ansible.builtin.shell: test "$(dig -x {{ sap_general_preconfigure_ip }} +short)" = "{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}." changed_when: false ignore_errors: true diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-etc-hosts.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-etc-hosts.yml index baa6991d3..1c333e1bd 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-etc-hosts.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-etc-hosts.yml @@ -3,15 +3,16 @@ - name: Display host and domain name, and IP address before the modification ansible.builtin.debug: msg: - - "sap_hostname = {{ sap_hostname }}" - - "sap_domain = {{ sap_domain }}" - - "sap_ip = {{ sap_ip }}" + - "sap_general_preconfigure_hostname = {{ sap_general_preconfigure_hostname }}" + - "sap_general_preconfigure_domain = {{ sap_general_preconfigure_domain }}" + - "sap_general_preconfigure_ip = {{ sap_general_preconfigure_ip }}" -- name: Get all hostname aliases of {{ sap_ip }} +- name: Get all hostname aliases of {{ sap_general_preconfigure_ip }} ansible.builtin.shell: | - awk '( $1 == "{{ sap_ip }}" ) { + awk '( $1 == "{{ sap_general_preconfigure_ip }}" ) { for (i=2; i<=NF; ++i) { - if (( $i != "{{ sap_hostname }}" ) && ( $i != "{{ sap_hostname }}.{{ sap_domain }}" )) { printf " "$i } + if (( $i != "{{ sap_general_preconfigure_hostname }}" ) && + ( $i != "{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}" )) { printf " "$i } } }' /etc/hosts register: __sap_general_preconfigure_register_sap_hostname_aliases @@ -26,7 +27,7 @@ block: - name: Perform the /etc/hosts completeness check - ansible.builtin.command: awk 'BEGIN{a=0}/{{ sap_ip }}/&&/{{ sap_hostname }}.{{ sap_domain }}/&&/{{ sap_hostname }}/{a++}END{print a}' /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/{{ sap_general_preconfigure_ip }}/&&/{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}/&&/{{ sap_general_preconfigure_hostname }}/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_check changed_when: false @@ -39,7 +40,7 @@ ansible.builtin.debug: msg: - "Expected:" - - "{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}" + - "{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}" when: - __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_check.stdout != "1" @@ -48,15 +49,15 @@ msg: - "Server's ip4 address, FQDN, or hostname are not in /etc/hosts!" - "Expected:" - - "{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}" + - "{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}" when: - __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_check.stdout != "1" ignore_errors: "{{ ansible_check_mode }}" -# We allow more than one line containing sap_ip: -- name: Check for duplicate entries of {{ sap_ip }} in /etc/hosts +# We allow more than one line containing sap_general_preconfigure_ip: +- name: Check for duplicate entries of {{ sap_general_preconfigure_ip }} in /etc/hosts ansible.builtin.shell: | - n=$(grep "^{{ sap_ip }}\s" /etc/hosts | wc -l) + n=$(grep "^{{ sap_general_preconfigure_ip }}\s" /etc/hosts | wc -l) if [ $n -gt 1 ]; then echo "Duplicate IP entry in /etc/hosts!" exit 1 @@ -68,15 +69,15 @@ ignore_errors: yes when: not ansible_check_mode -- name: Verify that variable sap_domain is set +- name: Verify that variable sap_general_preconfigure_domain is set ansible.builtin.assert: - that: not( (sap_domain is undefined) or (sap_domain is none) or (sap_domain | trim == '') ) - msg: "Variable 'sap_domain' is undefined or empty. Please define it in defaults/main.yml or via --extra-vars!" + that: not( (sap_general_preconfigure_domain is undefined) or (sap_general_preconfigure_domain is none) or (sap_general_preconfigure_domain | trim == '') ) + msg: "Variable 'sap_general_preconfigure_domain' is undefined or empty. Please set it in your playbook or inventory!" - name: Report if there is more than one line with the IP address ansible.builtin.debug: msg: - - "More than one line containing {{ sap_ip }}. File /etc/hosts will not be modified." + - "More than one line containing {{ sap_general_preconfigure_ip }}. File /etc/hosts will not be modified." when: - not ansible_check_mode - __sap_general_preconfigure_register_duplicate_ip_check.stdout == 'Duplicate IP entry in /etc/hosts!' @@ -85,12 +86,12 @@ - name: Ensure that the entry in /etc/hosts is correct ansible.builtin.lineinfile: path: /etc/hosts - regexp: '^{{ sap_ip }}\s' - line: "{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}{{ __sap_general_preconfigure_register_sap_hostname_aliases.stdout }}" + regexp: '^{{ sap_general_preconfigure_ip }}\s' + line: "{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}{{ __sap_general_preconfigure_register_sap_hostname_aliases.stdout }}" backup: yes when: - not ansible_check_mode - - sap_domain | length > 0 + - sap_general_preconfigure_domain | length > 0 - __sap_general_preconfigure_register_duplicate_ip_check.stdout != 'Duplicate IP entry in /etc/hosts!' - sap_general_preconfigure_modify_etc_hosts | bool @@ -103,8 +104,8 @@ exit 1 fi with_items: - - '{{ sap_hostname }}.{{ sap_domain }}' - - '{{ sap_hostname }}' + - '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' + - '{{ sap_general_preconfigure_hostname }}' changed_when: false loop_control: loop_var: line_item diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml index 9d3798601..3bb041928 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml @@ -46,9 +46,9 @@ - name: Ensure that the short hostname is set ansible.builtin.hostname: - name: "{{ sap_hostname }}" + name: "{{ sap_general_preconfigure_hostname }}" - name: "Ensure that the length of the hostname is not longer than 'sap_general_preconfigure_max_hostname_length'" ansible.builtin.assert: - that: (sap_hostname | length | int) <= (sap_general_preconfigure_max_hostname_length | int) - msg: "The length of the hostname is {{ sap_hostname | length | int }} but must be less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')!" + that: (sap_general_preconfigure_hostname | length | int) <= (sap_general_preconfigure_max_hostname_length | int) + msg: "The length of the hostname is {{ sap_general_preconfigure_hostname | length | int }} but must be less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')!" diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml index b183a42dc..1a8e01f96 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml @@ -12,9 +12,9 @@ name: sap_maintain_etc_hosts vars: sap_maintain_etc_hosts_list: - - node_ip: "{{ sap_ip | d(ansible_default_ipv4.address) }}" - node_name: "{{ sap_hostname | d(ansible_hostname) }}" - node_domain: "{{ sap_domain | d(ansible_domain) }}" + - node_ip: "{{ sap_general_preconfigure_ip }}" + node_name: "{{ sap_general_preconfigure_hostname }}" + node_domain: "{{ sap_general_preconfigure_domain }}" state: present when: sap_general_preconfigure_modify_etc_hosts diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml index 858efd8a4..d5f50d9a3 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml @@ -12,9 +12,9 @@ name: sap_maintain_etc_hosts vars: sap_maintain_etc_hosts_list: - - node_ip: "{{ sap_ip | d(ansible_default_ipv4.address) }}" - node_name: "{{ sap_hostname | d(ansible_hostname) }}" - node_domain: "{{ sap_domain | d(ansible_domain) }}" + - node_ip: "{{ sap_general_preconfigure_ip }}" + node_name: "{{ sap_general_preconfigure_hostname }}" + node_domain: "{{ sap_general_preconfigure_domain }}" state: present when: sap_general_preconfigure_modify_etc_hosts diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml index e0c99e546..d90cbe537 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml @@ -12,9 +12,9 @@ name: sap_maintain_etc_hosts vars: sap_maintain_etc_hosts_list: - - node_ip: "{{ sap_ip | d(ansible_default_ipv4.address) }}" - node_name: "{{ sap_hostname | d(ansible_hostname) }}" - node_domain: "{{ sap_domain | d(ansible_domain) }}" + - node_ip: "{{ sap_general_preconfigure_ip }}" + node_name: "{{ sap_general_preconfigure_hostname }}" + node_domain: "{{ sap_general_preconfigure_domain }}" state: present when: sap_general_preconfigure_modify_etc_hosts From 7e08d4839babf4105719dd5921f048eafd5b7cc0 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 16 Feb 2024 18:01:44 +0100 Subject: [PATCH 022/135] sap_general_preconfigure: Use only one tag for running all configuration steps Examples for using tags: See README.md. Relates to: #342. Signed-off-by: Bernd Finger --- roles/sap_general_preconfigure/README.md | 27 +++++++--------- .../tasks/RedHat/assert-configuration.yml | 6 ++++ .../tasks/RedHat/configuration.yml | 18 +++++++++-- roles/sap_general_preconfigure/tasks/main.yml | 31 +++++++------------ .../tasks/sapnote/0941735.yml | 2 +- .../tasks/sapnote/1391070.yml | 2 +- .../tasks/sapnote/1771258.yml | 2 +- .../tasks/sapnote/2002167.yml | 2 +- .../tasks/sapnote/2772999.yml | 2 +- .../tasks/sapnote/3108316.yml | 2 +- .../tasks/sapnote/assert-0941735.yml | 2 +- .../tasks/sapnote/assert-1391070.yml | 2 +- .../tasks/sapnote/assert-1771258.yml | 2 +- .../tasks/sapnote/assert-2002167.yml | 2 ++ .../tasks/sapnote/assert-2772999.yml | 2 +- .../tasks/sapnote/assert-3108316.yml | 2 +- 16 files changed, 58 insertions(+), 48 deletions(-) diff --git a/roles/sap_general_preconfigure/README.md b/roles/sap_general_preconfigure/README.md index e48a618c0..b1e9c1c7b 100644 --- a/roles/sap_general_preconfigure/README.md +++ b/roles/sap_general_preconfigure/README.md @@ -339,47 +339,44 @@ sap_general_preconfigure_db_group_name: dba With the following tags, the role can be called to perform certain activities only: - tag `sap_general_preconfigure_installation`: Perform only the installation tasks - tag `sap_general_preconfigure_configuration`: Perform only the configuration tasks -- tag `sap_general_preconfigure_configuration_all_steps`: Perform all configuration tasks - tag `sap_general_preconfigure_3108316_03`: Perform only the tasks(s) related to this step of the SAP note. - tag `sap_general_preconfigure_etc_hosts`: Perform only the tasks(s) related to this step. This step might be one of multiple configuration activities of a SAP note. Also this step might be valid for multiple RHEL major releases. -Sample call for only performing all installation and configuration tasks. This is the default behavior. If no tag is specified, all -installation and configuration tasks are enabled: +Sample call for only performing all installation and configuration tasks (sample playbook name sap.yml, see the next section for +an example). This is the default behavior. If no tag is specified, all installation and configuration tasks are enabled: ``` -# ansible-playbook sap-general-preconfigure.yml +# ansible-playbook sap.yml ``` Sample call for only performing all installation tasks: ``` -# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_installation +# ansible-playbook sap.yml --tags=sap_general_preconfigure_installation ``` -Sample call for only performing all configuration tasks. The tag sap_general_preconfigure_configuration is needed to only use -the configuration tasks, and the tag sap_general_preconfigure_configuration_all_steps activates each individual configuration task. Both -need to be enabled for running all the configuration tasks: +Sample call for only performing all configuration tasks: ``` -# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration,sap_general_preconfigure_configuration_all_steps +# ansible-playbook sap.yml --tags=sap_general_preconfigure_configuration ``` Sample call for only verifying and modifying the /etc/hosts file: ``` -# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration,sap_general_preconfigure_etc_hosts +# ansible-playbook sap.yml --tags=sap_general_preconfigure_etc_hosts ``` Sample call for performing all configuration steps except verifying and modifying the /etc/hosts file: ``` -# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration,sap_general_preconfigure_configuration_all_steps --skip_tags=sap_general_preconfigure_etc_hosts +# ansible-playbook sap.yml --tags=sap_general_preconfigure_configuration --skip_tags=sap_general_preconfigure_etc_hosts ``` -Sample call for only performing the configuration actitvities related to step 2 (SELinux settings) of SAP note 3108316: +Sample call for only performing the configuration actitvities related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): ``` -# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration,sap_general_preconfigure_3108316_02 +# ansible-playbook sap.yml --tags=sap_general_preconfigure_3108316_02 ``` -Sample call for performing all configuration actitvities except those related to step 2 (SELinux settings) of SAP note 3108316: +Sample call for performing all configuration actitvities except those related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): ``` -# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration,sap_general_preconfigure_configuration_all_steps --skip_tags=sap_general_preconfigure_3108316_02 +# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration --skip_tags=sap_general_preconfigure_3108316_02 ``` ## Dependencies diff --git a/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml b/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml index dc12b02a3..1116afc6b 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml @@ -3,12 +3,18 @@ - name: Assert - List required SAP Notes ansible.builtin.debug: var: __sap_general_preconfigure_sapnotes_versions | difference(['']) + tags: + - always - name: Gather service facts ansible.builtin.service_facts: + tags: + - always - name: Assert - Include configuration actions for required sapnotes ansible.builtin.include_tasks: "sapnote/assert-{{ sap_note_line_item.number }}.yml" with_items: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}" loop_control: loop_var: sap_note_line_item + tags: + - always diff --git a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml index 260bae9c7..108af000f 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml @@ -3,6 +3,8 @@ - name: Configure - List required SAP Notes ansible.builtin.debug: var: __sap_general_preconfigure_sapnotes_versions | difference(['']) + tags: + - always - name: Configure - Set directory variables for setting SELinux file contexts ansible.builtin.set_fact: @@ -16,11 +18,19 @@ target: "{{ line_item }}(/.*)?" setype: 'usr_t' when: sap_general_preconfigure_modify_selinux_labels + tags: + - sap_general_preconfigure_3108316_02 + - sap_general_preconfigure_2772999_02 + - sap_general_preconfigure_selinux - name: Configure - Display directory variable ansible.builtin.debug: var: sap_general_preconfigure_fact_targets_setypes when: sap_general_preconfigure_modify_selinux_labels + tags: + - sap_general_preconfigure_3108316_02 + - sap_general_preconfigure_2772999_02 + - sap_general_preconfigure_selinux - name: Configure - Create directories ansible.builtin.file: @@ -33,6 +43,11 @@ loop_control: loop_var: line_item when: sap_general_preconfigure_create_directories or sap_general_preconfigure_modify_selinux_labels + tags: + - sap_general_preconfigure_create_directories + - sap_general_preconfigure_3108316_02 + - sap_general_preconfigure_2772999_02 + - sap_general_preconfigure_selinux - name: Configure - Include configuration actions for required sapnotes ansible.builtin.include_tasks: @@ -41,5 +56,4 @@ loop_control: loop_var: sap_note_line_item tags: - - sap_general_preconfigure_configuration - - sap_general_preconfigure_configuration_all_steps + - always diff --git a/roles/sap_general_preconfigure/tasks/main.yml b/roles/sap_general_preconfigure/tasks/main.yml index 69aeedd6c..25066f592 100644 --- a/roles/sap_general_preconfigure/tasks/main.yml +++ b/roles/sap_general_preconfigure/tasks/main.yml @@ -4,8 +4,7 @@ ansible.builtin.debug: var: role_path tags: - - sap_general_preconfigure_installation - - sap_general_preconfigure_configuration + - always - name: Include OS specific vars, specific ansible.builtin.include_vars: '{{ item }}' @@ -14,8 +13,7 @@ - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_major_version }}.yml' - '{{ ansible_os_family }}.yml' tags: - - sap_general_preconfigure_installation - - sap_general_preconfigure_configuration + - always - name: Rename user sap_preconfigure variables if found, generic ansible.builtin.set_fact: @@ -38,8 +36,7 @@ sap_general_preconfigure_kernel_parameters: "{{ sap_preconfigure_kernel_parameters | d(sap_general_preconfigure_kernel_parameters) }}" sap_general_preconfigure_max_hostname_length: "{{ sap_preconfigure_max_hostname_length | d(sap_general_preconfigure_max_hostname_length) }}" tags: - - sap_general_preconfigure_installation - - sap_general_preconfigure_configuration + - always - name: Rename user sap_preconfigure variables if found, RHEL only ansible.builtin.set_fact: @@ -62,32 +59,28 @@ sap_general_preconfigure_2772999_10: "{{ (sap_preconfigure_2772999_10 | d(sap_general_preconfigure_2772999_10)) | d(false) }}" when: ansible_facts['distribution'] in ['RedHat'] tags: - - sap_general_preconfigure_installation - - sap_general_preconfigure_configuration + - always - name: Rename sap_preconfigure_db_group_name if defined ansible.builtin.set_fact: sap_general_preconfigure_db_group_name: "{{ sap_preconfigure_db_group_name | d(sap_general_preconfigure_db_group_name) }}" when: sap_preconfigure_db_group_name is defined or sap_general_preconfigure_db_group_name is defined tags: - - sap_general_preconfigure_installation - - sap_general_preconfigure_configuration + - always - name: Set filename prefix to empty string if role is run in normal mode ansible.builtin.set_fact: __sap_general_preconfigure_fact_assert_filename_prefix: "" when: not sap_general_preconfigure_assert | d(false) tags: - - sap_general_preconfigure_installation - - sap_general_preconfigure_configuration + - always - name: Prepend filename with assert string if role is run in assert mode ansible.builtin.set_fact: __sap_general_preconfigure_fact_assert_filename_prefix: "assert-" when: sap_general_preconfigure_assert | d(false) tags: - - sap_general_preconfigure_installation - - sap_general_preconfigure_configuration + - always # required for installation and configuration tasks: - name: Gather package facts @@ -111,25 +104,23 @@ - name: Gather package facts again after the installation phase ansible.builtin.package_facts: tags: - - sap_general_preconfigure_installation - - sap_general_preconfigure_configuration + - always - name: Include tasks from 'configuration.yml' ansible.builtin.include_tasks: file: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}configuration.yml' apply: - tags: sap_general_preconfigure_configuration_all_steps + tags: sap_general_preconfigure_configuration when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_configuration | d(false) with_first_found: - '{{ ansible_distribution.split("_")[0] }}' - '{{ ansible_distribution }}' - '{{ ansible_os_family }}.yml' tags: - - sap_general_preconfigure_configuration + - always # allow a reboot at the end of the preconfigure role - name: Flush handlers ansible.builtin.meta: flush_handlers tags: - - sap_general_preconfigure_installation - - sap_general_preconfigure_configuration + - always diff --git a/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml b/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml index abb17e283..94f6cb0e4 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/0941735.yml @@ -9,7 +9,7 @@ swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" tags: - - sap_general_preconfigure_configuration + - always - name: Import tasks from '../RedHat/generic/configure-tmpfs.yml' ansible.builtin.import_tasks: ../RedHat/generic/configure-tmpfs.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml b/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml index cec15592b..4d040f23e 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/1391070.yml @@ -6,7 +6,7 @@ msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).version }}): Configure uuidd" tags: - - sap_general_preconfigure_configuration + - always - name: Import tasks from '../RedHat/generic/configure-uuidd.yml' ansible.builtin.import_tasks: ../RedHat/generic/configure-uuidd.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml b/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml index 783ccb14b..d392e9b9a 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/1771258.yml @@ -6,7 +6,7 @@ msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).version }}): User and system resource limits" tags: - - sap_general_preconfigure_configuration + - always - name: Import tasks from '../RedHat/generic/increase-nofile-limits.yml' ansible.builtin.import_tasks: ../RedHat/generic/increase-nofile-limits.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml index 200b9ca95..caece4ac8 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml @@ -5,7 +5,7 @@ msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).version }}): Configure RHEL 7" tags: - - sap_general_preconfigure_configuration + - always - name: Import tasks from '2002167/02-configuration-changes.yml' ansible.builtin.import_tasks: 2002167/02-configuration-changes.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml index dcb677520..a42ba39ab 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml @@ -5,7 +5,7 @@ msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).version }}): Configure RHEL 8" tags: - - sap_general_preconfigure_configuration + - always - name: Import tasks from '2772999/02-configure-selinux.yml' ansible.builtin.import_tasks: 2772999/02-configure-selinux.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml index 1ef68aa31..4a58fb5a4 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml @@ -5,7 +5,7 @@ msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).version }}): Configure RHEL 9" tags: - - sap_general_preconfigure_configuration + - always - name: Import tasks from '3108316/02-configure-selinux.yml' ansible.builtin.import_tasks: 3108316/02-configure-selinux.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml index 34f06895f..895d68a87 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-0941735.yml @@ -9,7 +9,7 @@ swaptotal_mb = {{ ansible_swaptotal_mb }}; sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" tags: - - sap_general_preconfigure_configuration + - always - name: Import tasks from '../RedHat/generic/assert-tmpfs.yml' ansible.builtin.import_tasks: ../RedHat/generic/assert-tmpfs.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml index 7e1aaabf4..f055f862c 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-1391070.yml @@ -6,7 +6,7 @@ msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).version }}): Configure uuidd" tags: - - sap_general_preconfigure_configuration + - always - name: Import tasks from '../RedHat/generic/assert-uuidd.yml' ansible.builtin.import_tasks: ../RedHat/generic/assert-uuidd.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml index a022ffc44..0a6a2be54 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-1771258.yml @@ -6,7 +6,7 @@ msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).version }}): User and system resource limits" tags: - - sap_general_preconfigure_configuration + - always - name: Import tasks from '../RedHat/generic/assert-nofile-limits.yml' ansible.builtin.import_tasks: ../RedHat/generic/assert-nofile-limits.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml index aec468a29..811da3620 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml @@ -4,6 +4,8 @@ ansible.builtin.debug: msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).version }}): Configure RHEL 7" + tags: + - always - name: Import tasks from '2002167/02-assert-configuration-changes.yml' ansible.builtin.import_tasks: 2002167/02-assert-configuration-changes.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml index 0d84f4c93..8a17db695 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml @@ -5,7 +5,7 @@ msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).version }}): Configure RHEL 8" tags: - - sap_general_preconfigure_configuration + - always - name: Import tasks from '2772999/02-assert-selinux.yml' ansible.builtin.import_tasks: 2772999/02-assert-selinux.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml index f11dff560..d9ce9960f 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml @@ -5,7 +5,7 @@ msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).number }} (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3108316$') | first).version }}): Configure RHEL 9" tags: - - sap_general_preconfigure_configuration + - always - name: Import tasks from '3108316/02-assert-selinux.yml' ansible.builtin.import_tasks: 3108316/02-assert-selinux.yml From f84f9d3e5376df4aba4b6dae5ce19dd3007f7c09 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Tue, 27 Feb 2024 16:08:21 +0100 Subject: [PATCH 023/135] sap_general_preconfigure: Fix some obvious errors Relates to issue #342. Signed-off-by: Bernd Finger --- roles/sap_general_preconfigure/README.md | 4 ++-- .../sap_general_preconfigure/tasks/sapnote/assert-2772999.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/roles/sap_general_preconfigure/README.md b/roles/sap_general_preconfigure/README.md index b1e9c1c7b..d38e39d8c 100644 --- a/roles/sap_general_preconfigure/README.md +++ b/roles/sap_general_preconfigure/README.md @@ -369,12 +369,12 @@ Sample call for performing all configuration steps except verifying and modifyin # ansible-playbook sap.yml --tags=sap_general_preconfigure_configuration --skip_tags=sap_general_preconfigure_etc_hosts ``` -Sample call for only performing the configuration actitvities related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): +Sample call for only performing the configuration activities related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): ``` # ansible-playbook sap.yml --tags=sap_general_preconfigure_3108316_02 ``` -Sample call for performing all configuration actitvities except those related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): +Sample call for performing all configuration activities except those related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): ``` # ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration --skip_tags=sap_general_preconfigure_3108316_02 ``` diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml index 8a17db695..744687def 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml @@ -53,7 +53,7 @@ ansible.builtin.import_tasks: 2772999/09-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_09 | d(false) tags: - - sap_general_preconfigure_nproc_limits + - sap_general_preconfigure_2772999_09 - name: Import tasks from '2772999/10-assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 2772999/10-assert-systemd-tmpfiles.yml From 740ba0b8c0da0386572084b0b5b0fc09e99622e7 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 28 Feb 2024 10:58:55 +0100 Subject: [PATCH 024/135] sap_general_preconfigure: Add global SAP note tags relates to issue #342 Signed-off-by: Bernd Finger --- roles/sap_general_preconfigure/tasks/sapnote/2002167.yml | 5 +++++ roles/sap_general_preconfigure/tasks/sapnote/2772999.yml | 9 +++++++++ roles/sap_general_preconfigure/tasks/sapnote/3108316.yml | 9 +++++++++ .../tasks/sapnote/assert-2002167.yml | 5 +++++ .../tasks/sapnote/assert-2772999.yml | 9 +++++++++ .../tasks/sapnote/assert-3108316.yml | 9 +++++++++ 6 files changed, 46 insertions(+) diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml index caece4ac8..b067cfc15 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167.yml @@ -11,28 +11,33 @@ ansible.builtin.import_tasks: 2002167/02-configuration-changes.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_02 | d(false) tags: + - sap_general_preconfigure_2002167 - sap_general_preconfigure_2002167_02 - name: Import tasks from '2002167/03-setting-the-hostname.yml' ansible.builtin.import_tasks: 2002167/03-setting-the-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_03 | d(false) tags: + - sap_general_preconfigure_2002167 - sap_general_preconfigure_2002167_03 - name: Import tasks from '2002167/04-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2002167/04-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_04 | d(false) tags: + - sap_general_preconfigure_2002167 - sap_general_preconfigure_2002167_04 - name: Import tasks from '2002167/05-process-resource-limits.yml' ansible.builtin.import_tasks: 2002167/05-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_05 | d(false) tags: + - sap_general_preconfigure_2002167 - sap_general_preconfigure_2002167_05 - name: Import tasks from '2002167/06-additional-notes-for-installing-sap-systems.yml' ansible.builtin.import_tasks: 2002167/06-additional-notes-for-installing-sap-systems.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_06 | d(false) tags: + - sap_general_preconfigure_2002167 - sap_general_preconfigure_2002167_06 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml index a42ba39ab..45f614357 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999.yml @@ -11,52 +11,61 @@ ansible.builtin.import_tasks: 2772999/02-configure-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_02 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_02 - name: Import tasks from '2772999/03-configure-hostname.yml' ansible.builtin.import_tasks: 2772999/03-configure-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_03 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_03 - name: Import tasks from '2772999/04-configure-network-time-and-date.yml' ansible.builtin.import_tasks: 2772999/04-configure-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_04 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_04 - name: Import tasks from '2772999/05-configure-firewall.yml' ansible.builtin.import_tasks: 2772999/05-configure-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_05 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_05 - name: Import tasks from '2772999/06-configure-uuidd.yml' ansible.builtin.import_tasks: 2772999/06-configure-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_06 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_06 - name: Import tasks from '2772999/07-configure-tmpfs.yml' ansible.builtin.import_tasks: 2772999/07-configure-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_07 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_07 - name: Import tasks from '2772999/08-configure-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2772999/08-configure-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_08 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_08 - name: Import tasks from '2772999/09-configure-process-resource-limits.yml' ansible.builtin.import_tasks: 2772999/09-configure-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_09 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_09 - name: Import tasks from '2772999/10-configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 2772999/10-configure-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_10 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_10 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml index 4a58fb5a4..18e94b534 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316.yml @@ -11,52 +11,61 @@ ansible.builtin.import_tasks: 3108316/02-configure-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_02 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_02 - name: Import tasks from '3108316/03-configure-hostname.yml' ansible.builtin.import_tasks: 3108316/03-configure-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_03 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_03 - name: Import tasks from '3108316/04-configure-network-time-and-date.yml' ansible.builtin.import_tasks: 3108316/04-configure-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_04 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_04 - name: Import tasks from '3108316/05-configure-firewall.yml' ansible.builtin.import_tasks: 3108316/05-configure-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_05 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_05 - name: Import tasks from '3108316/06-configure-uuidd.yml' ansible.builtin.import_tasks: 3108316/06-configure-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_06 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_06 - name: Import tasks from '3108316/07-configure-tmpfs.yml' ansible.builtin.import_tasks: 3108316/07-configure-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_07 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_07 - name: Import tasks from '3108316/08-configure-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 3108316/08-configure-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_08 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_08 - name: Import tasks from '3108316/09-configure-process-resource-limits.yml' ansible.builtin.import_tasks: 3108316/09-configure-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_09 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_09 - name: Import tasks from '3108316/10-configure-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 3108316/10-configure-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_10 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_10 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml index 811da3620..12040584c 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2002167.yml @@ -11,28 +11,33 @@ ansible.builtin.import_tasks: 2002167/02-assert-configuration-changes.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_02 | d(false) tags: + - sap_general_preconfigure_2002167 - sap_general_preconfigure_2002167_02 - name: Import tasks from '2002167/03-assert-setting-the-hostname.yml' ansible.builtin.import_tasks: 2002167/03-assert-setting-the-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_03 | d(false) tags: + - sap_general_preconfigure_2002167 - sap_general_preconfigure_2002167_03 - name: Import tasks from '2002167/04-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2002167/04-assert-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_04 | d(false) tags: + - sap_general_preconfigure_2002167 - sap_general_preconfigure_2002167_04 - name: Import tasks from '2002167/05-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 2002167/05-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_05 | d(false) tags: + - sap_general_preconfigure_2002167 - sap_general_preconfigure_2002167_05 - name: Import tasks from '2002167/06-assert-additional-notes-for-installing-sap-systems.yml' ansible.builtin.import_tasks: 2002167/06-assert-additional-notes-for-installing-sap-systems.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2002167_06 | d(false) tags: + - sap_general_preconfigure_2002167 - sap_general_preconfigure_2002167_06 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml index 744687def..504404264 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2772999.yml @@ -11,52 +11,61 @@ ansible.builtin.import_tasks: 2772999/02-assert-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_02 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_02 - name: Import tasks from '2772999/03-assert-hostname.yml' ansible.builtin.import_tasks: 2772999/03-assert-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_03 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_03 - name: Import tasks from '2772999/04-assert-network-time-and-date.yml' ansible.builtin.import_tasks: 2772999/04-assert-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_04 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_04 - name: Import tasks from '2772999/05-assert-firewall.yml' ansible.builtin.import_tasks: 2772999/05-assert-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_05 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_05 - name: Import tasks from '2772999/06-assert-uuidd.yml' ansible.builtin.import_tasks: 2772999/06-assert-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_06 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_06 - name: Import tasks from '2772999/07-assert-tmpfs.yml' ansible.builtin.import_tasks: 2772999/07-assert-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_07 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_07 - name: Import tasks from '2772999/08-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 2772999/08-assert-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_08 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_08 - name: Import tasks from '2772999/09-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 2772999/09-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_09 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_09 - name: Import tasks from '2772999/10-assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 2772999/10-assert-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2772999_10 | d(false) tags: + - sap_general_preconfigure_2772999 - sap_general_preconfigure_2772999_10 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml index d9ce9960f..b80204cd2 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-3108316.yml @@ -11,52 +11,61 @@ ansible.builtin.import_tasks: 3108316/02-assert-selinux.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_02 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_02 - name: Import tasks from '3108316/03-assert-hostname.yml' ansible.builtin.import_tasks: 3108316/03-assert-hostname.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_03 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_03 - name: Import tasks from '3108316/04-assert-network-time-and-date.yml' ansible.builtin.import_tasks: 3108316/04-assert-network-time-and-date.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_04 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_04 - name: Import tasks from '3108316/05-assert-firewall.yml' ansible.builtin.import_tasks: 3108316/05-assert-firewall.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_05 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_05 - name: Import tasks from '3108316/06-assert-uuidd.yml' ansible.builtin.import_tasks: 3108316/06-assert-uuidd.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_06 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_06 - name: Import tasks from '3108316/07-assert-tmpfs.yml' ansible.builtin.import_tasks: 3108316/07-assert-tmpfs.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_07 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_07 - name: Import tasks from '3108316/08-assert-linux-kernel-parameters.yml' ansible.builtin.import_tasks: 3108316/08-assert-linux-kernel-parameters.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_08 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_08 - name: Import tasks from '3108316/09-assert-process-resource-limits.yml' ansible.builtin.import_tasks: 3108316/09-assert-process-resource-limits.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_09 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_09 - name: Import tasks from '3108316/10-assert-systemd-tmpfiles.yml' ansible.builtin.import_tasks: 3108316/10-assert-systemd-tmpfiles.yml when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3108316_10 | d(false) tags: + - sap_general_preconfigure_3108316 - sap_general_preconfigure_3108316_10 From 63bf6216f0469390561a906e673952a3864d22db Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 28 Feb 2024 11:18:11 +0100 Subject: [PATCH 025/135] sap_general_preconfigure: Adapt README.md Relates to issue #342 Signed-off-by: Bernd Finger --- roles/sap_general_preconfigure/README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/sap_general_preconfigure/README.md b/roles/sap_general_preconfigure/README.md index d38e39d8c..65875d070 100644 --- a/roles/sap_general_preconfigure/README.md +++ b/roles/sap_general_preconfigure/README.md @@ -339,7 +339,8 @@ sap_general_preconfigure_db_group_name: dba With the following tags, the role can be called to perform certain activities only: - tag `sap_general_preconfigure_installation`: Perform only the installation tasks - tag `sap_general_preconfigure_configuration`: Perform only the configuration tasks -- tag `sap_general_preconfigure_3108316_03`: Perform only the tasks(s) related to this step of the SAP note. +- tag `sap_general_preconfigure_3108316`: Perform only the tasks(s) related to this SAP note. +- tag `sap_general_preconfigure_2772999_03`: Perform only the tasks(s) related to step 3 of the SAP note. - tag `sap_general_preconfigure_etc_hosts`: Perform only the tasks(s) related to this step. This step might be one of multiple configuration activities of a SAP note. Also this step might be valid for multiple RHEL major releases. @@ -369,6 +370,12 @@ Sample call for performing all configuration steps except verifying and modifyin # ansible-playbook sap.yml --tags=sap_general_preconfigure_configuration --skip_tags=sap_general_preconfigure_etc_hosts ``` +Sample call for only performing the configuration activities related to SAP note 3108316 (RHEL 9 specific): +``` +# ansible-playbook sap.yml --tags=sap_general_preconfigure_3108316 +``` + +Sample call for performing all configuration activities except those related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): Sample call for only performing the configuration activities related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): ``` # ansible-playbook sap.yml --tags=sap_general_preconfigure_3108316_02 From 24283751e1643f47c9a4c6d0877a82c59cbb9c47 Mon Sep 17 00:00:00 2001 From: Bernd Finger <49749572+berndfinger@users.noreply.github.com> Date: Wed, 28 Feb 2024 12:15:11 +0100 Subject: [PATCH 026/135] Add missing newline at the end of 03-setting-the-hostname.yml --- .../tasks/sapnote/2002167/03-setting-the-hostname.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml index e424178fb..6f4c78a77 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml @@ -35,4 +35,5 @@ - name: Import tasks from '../../RedHat/generic/check-dns-name-resolution.yml' ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml tags: - - sap_general_preconfigure_dns_name_resolution \ No newline at end of file + - sap_general_preconfigure_dns_name_resolution + From e46628ab5ee8a20fedea39ddb7ea6a867f0a6b83 Mon Sep 17 00:00:00 2001 From: Bernd Finger <49749572+berndfinger@users.noreply.github.com> Date: Wed, 28 Feb 2024 15:25:36 +0100 Subject: [PATCH 027/135] Remove trailing spaces --- .../tasks/sapnote/2002167/03-setting-the-hostname.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml index 6f4c78a77..67d3659f8 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml @@ -36,4 +36,3 @@ ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml tags: - sap_general_preconfigure_dns_name_resolution - From e4dd90f7fcb47590b2d9b36787cc325942d01e23 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 28 Feb 2024 23:03:34 +0100 Subject: [PATCH 028/135] sap_swpm: Improve setting file permissions This commit supports optionally skipping setting permission and ownership of SAP installation files. It also introduces new role parameters for setting the mode, owner, and group of the software directory, the directory for SAPCAR, and the directory for SWPM, as well as the files within. Signed-off-by: Bernd Finger --- roles/sap_swpm/defaults/main.yml | 24 ++++ .../sap_swpm/tasks/swpm/prepare_software.yml | 112 +++++++++++++++--- 2 files changed, 118 insertions(+), 18 deletions(-) diff --git a/roles/sap_swpm/defaults/main.yml b/roles/sap_swpm/defaults/main.yml index f1e146786..acea384fe 100644 --- a/roles/sap_swpm/defaults/main.yml +++ b/roles/sap_swpm/defaults/main.yml @@ -11,6 +11,30 @@ sap_swpm_ansible_role_mode: "default" # advanced_templates # inifile_reuse +######################################## +# SWPM Ansible Role variables +# for setting owner, group, and permissions for the SAP files in sap_swpm_software_path +######################################## +# +# Set the following parameter to false to not change the owner, group, and permissions of the files in sap_swpm_software_path. +# The default is true. +sap_swpm_set_file_permissions: true +# +# Access permissions and ownership for all directories in sap_swpm_software_path, for sap_swpm_sapcar_path, and for sap_swpm_swpm_path: +sap_swpm_software_directory_mode: '0755' +sap_swpm_software_directory_owner: root +sap_swpm_software_directory_group: root +# +# Access permissions and ownership for the SAPCAR*EXE file in sap_swpm_sapcar_path: +sap_swpm_files_sapcar_mode: '0755' +sap_swpm_files_sapcar_owner: root +sap_swpm_files_sapcar_group: root +# +# Access permissions and ownership for all non-SAPCAR*EXE files in sap_swpm_software_path and for SWPM*.SAR in sap_swpm_swpm_path: +sap_swpm_files_non_sapcar_mode: '0664' +sap_swpm_files_non_sapcar_owner: root +sap_swpm_files_non_sapcar_group: root + ######################################## # SWPM Ansible Role variables diff --git a/roles/sap_swpm/tasks/swpm/prepare_software.yml b/roles/sap_swpm/tasks/swpm/prepare_software.yml index 480ded4cd..9980346c0 100644 --- a/roles/sap_swpm/tasks/swpm/prepare_software.yml +++ b/roles/sap_swpm/tasks/swpm/prepare_software.yml @@ -12,21 +12,73 @@ register: sap_swpm_software_path_stat failed_when: not sap_swpm_software_path_stat.stat.exists -- name: SAP SWPM Pre Install - Change ownership of software path - {{ sap_swpm_software_path }} - ansible.builtin.file: - path: "{{ sap_swpm_software_path }}" - state: directory - recurse: yes - mode: '0755' - owner: root - group: root +- name: SAP SWPM Pre Install - Set directory and file permissions + when: sap_swpm_set_file_permissions + block: + + - name: SAP SWPM Pre Install - Find directories + ansible.builtin.find: + path: "{{ sap_swpm_software_path }}" + file_type: directory + register: __sap_swpm_register_find_result_directories + + - name: SAP SWPM Pre Install - Find non-SAPCAR files + ansible.builtin.find: + path: "{{ sap_swpm_software_path }}" + file_type: file + recurse: true + excludes: "SAPCAR*EXE" + register: __sap_swpm_register_find_result_files_non_sapcar + + - name: SAP SWPM Pre Install - Create list of absolute directory names from the find result + ansible.builtin.set_fact: + __sap_swpm_fact_directories: "{{ __sap_swpm_fact_directories|d([]) + [ item.path ] }}" + loop: "{{ __sap_swpm_register_find_result_directories.files }}" + when: __sap_swpm_register_find_result_directories is defined + + - name: SAP SWPM Pre Install - Create list of absolute file names for non-SAPCAR files from the find result + ansible.builtin.set_fact: + __sap_swpm_fact_files_non_sapcar: "{{ __sap_swpm_fact_files_non_sapcar|d([]) + [ item.path ] }}" + loop: "{{ __sap_swpm_register_find_result_files_non_sapcar.files }}" + when: __sap_swpm_register_find_result_files_non_sapcar is defined + + - name: SAP SWPM Pre Install - Ensure correct permissions and ownership of all directories + ansible.builtin.file: + path: "{{ line_item }}" + recurse: no + mode: "{{ sap_swpm_software_directory_mode }}" + owner: "{{ sap_swpm_software_directory_owner }}" + group: "{{ sap_swpm_software_directory_group }}" + loop: "{{ __sap_swpm_fact_directories }}" + loop_control: + loop_var: line_item + when: + - __sap_swpm_fact_directories is defined + - __sap_swpm_register_find_result_directories is defined + + - name: SAP SWPM Pre Install - Create argument list for chmod of non-SAPCAR*EXE files + ansible.builtin.set_fact: + __sap_swpm_fact_files_non_sapcar_chown_arg_list: "{{ __sap_swpm_fact_files_non_sapcar | map('quote') | join(' ') }}" + +# Reasons for noqa: +# - command-instead-of-module: Shorter execution time compared to looping over a list when using the file module +# - no-changed-when: Not worth checking permissions and ownership before this task and comparing afterwards + - name: SAP SWPM Pre Install - Ensure correct permissions and ownership of all non-SAPCAR files # noqa command-instead-of-module no-changed-when + ansible.builtin.shell: > + set -o pipefail && chown {{ sap_swpm_files_non_sapcar_owner }}:{{ sap_swpm_files_non_sapcar_group }} \ + {{ __sap_swpm_fact_files_non_sapcar_chown_arg_list }} && + chmod {{ sap_swpm_files_non_sapcar_mode }} \ + {{ __sap_swpm_fact_files_non_sapcar_chown_arg_list }} + when: + - __sap_swpm_fact_files_non_sapcar is defined + - __sap_swpm_register_find_result_files_non_sapcar is defined # SAPCAR Path - name: SAP SWPM Pre Install - Check availability of SAPCAR path - {{ sap_swpm_sapcar_path }} ansible.builtin.stat: - path: "{{ sap_swpm_sapcar_path }}" + path: "{{ sap_swpm_sapcar_path | d(sap_swpm_software_path) }}" register: sap_swpm_sapcar_path_stat failed_when: not sap_swpm_sapcar_path_stat.stat.exists @@ -34,16 +86,17 @@ ansible.builtin.file: path: "{{ sap_swpm_sapcar_path }}" state: directory - recurse: yes - mode: '0755' - owner: root - group: root + recurse: no + mode: "{{ sap_swpm_software_directory_mode }}" + owner: "{{ sap_swpm_software_directory_owner }}" + group: "{{ sap_swpm_software_directory_group }}" + when: sap_swpm_set_file_permissions # SWPM Path - name: SAP SWPM Pre Install - Check availability of SWPM path - {{ sap_swpm_swpm_path }} ansible.builtin.stat: - path: "{{ sap_swpm_swpm_path }}" + path: "{{ sap_swpm_swpm_path | d(sap_swpm_software_path) }}" register: sap_swpm_swpm_path_stat failed_when: not sap_swpm_swpm_path_stat.stat.exists @@ -51,10 +104,13 @@ ansible.builtin.file: path: "{{ sap_swpm_swpm_path }}" state: directory - recurse: yes - mode: '0755' - owner: root - group: root + recurse: no + mode: "{{ sap_swpm_software_directory_mode }}" + owner: "{{ sap_swpm_software_directory_owner }}" + group: "{{ sap_swpm_software_directory_group }}" + when: + - sap_swpm_swpm_path != sap_swpm_software_path + - sap_swpm_set_file_permissions ################ @@ -81,6 +137,15 @@ register: sap_swpm_sapcar_file_name_stat failed_when: not sap_swpm_sapcar_file_name_stat.stat.exists +- name: SAP SWPM Pre Install - Ensure correct permissions and ownership of the SAPCAR*EXE file + ansible.builtin.file: + path: "{{ sap_swpm_sapcar_path }}/{{ sap_swpm_sapcar_file_name }}" + recurse: no + mode: "{{ sap_swpm_files_sapcar_mode }}" + owner: "{{ sap_swpm_files_sapcar_owner }}" + group: "{{ sap_swpm_files_sapcar_group }}" + when: sap_swpm_set_file_permissions + # 2. SWPM - name: SAP SWPM Pre Install - Get SWPM from {{ sap_swpm_swpm_path }} @@ -101,6 +166,17 @@ register: sap_swpm_swpm_sar_file_name_stat failed_when: not sap_swpm_swpm_sar_file_name_stat.stat.exists +# Note: We use the permissions and ownership settings for non-SAPCAR*EXE files: +- name: SAP SWPM Pre Install - Ensure correct permissions and ownership of the SWPM*SAR file + ansible.builtin.file: + path: "{{ sap_swpm_swpm_path }}/{{ sap_swpm_swpm_sar_file_name }}" + recurse: no + mode: "{{ sap_swpm_files_non_sapcar_mode }}" + owner: "{{ sap_swpm_files_non_sapcar_owner }}" + group: "{{ sap_swpm_files_non_sapcar_group }}" + when: + - sap_swpm_swpm_path != sap_swpm_software_path + - sap_swpm_set_file_permissions - name: SAP SWPM Pre Install - Full SAP System when: not sap_swpm_generic | bool From 6f32b711314506f3c5fe3f98c5045fb442392829 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 28 Feb 2024 23:14:00 +0100 Subject: [PATCH 029/135] sap_swpm: Fix ansible-lint Relates to #663. Signed-off-by: Bernd Finger --- roles/sap_swpm/tasks/swpm/prepare_software.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sap_swpm/tasks/swpm/prepare_software.yml b/roles/sap_swpm/tasks/swpm/prepare_software.yml index 9980346c0..5849d9774 100644 --- a/roles/sap_swpm/tasks/swpm/prepare_software.yml +++ b/roles/sap_swpm/tasks/swpm/prepare_software.yml @@ -32,13 +32,13 @@ - name: SAP SWPM Pre Install - Create list of absolute directory names from the find result ansible.builtin.set_fact: - __sap_swpm_fact_directories: "{{ __sap_swpm_fact_directories|d([]) + [ item.path ] }}" + __sap_swpm_fact_directories: "{{ __sap_swpm_fact_directories | d([]) + [item.path] }}" loop: "{{ __sap_swpm_register_find_result_directories.files }}" when: __sap_swpm_register_find_result_directories is defined - name: SAP SWPM Pre Install - Create list of absolute file names for non-SAPCAR files from the find result ansible.builtin.set_fact: - __sap_swpm_fact_files_non_sapcar: "{{ __sap_swpm_fact_files_non_sapcar|d([]) + [ item.path ] }}" + __sap_swpm_fact_files_non_sapcar: "{{ __sap_swpm_fact_files_non_sapcar | d([]) + [item.path] }}" loop: "{{ __sap_swpm_register_find_result_files_non_sapcar.files }}" when: __sap_swpm_register_find_result_files_non_sapcar is defined From 5ec64dd6317f29c1160f3d042c1c1b7873dff76f Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 29 Feb 2024 12:14:50 +0100 Subject: [PATCH 030/135] sap_maintain_etc_hosts: Fix wrong assert messages Solves issue #662. Signed-off-by: Bernd Finger --- .../tasks/update_host_present.yml | 31 ++++++++++++++----- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml b/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml index 54714284c..97d95a63c 100644 --- a/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml +++ b/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml @@ -2,30 +2,45 @@ - name: Verify that variable node_ip is set ansible.builtin.assert: that: not( ( thishost.node_ip is undefined) or ( thishost.node_ip is none) or ( thishost.node_ip | trim == '') ) - msg: "Variable 'node_ip' is undefined or empty. Please define it in your host list." + msg: | + "The IP address of this host not known. You can solve this problem by + configuring your managed node accordingly or by setting one of the following variables: + - sap_ip + - sap_maintain_etc_hosts_list, member node_ip" -- name: Verify that variable node_ip is in the correct format +- name: Verify that variable node_ip is using the correct IP address format ansible.builtin.assert: that: thishost.node_ip is ansible.utils.ip - msg: "Variable 'node_ip' is not an IP address. Please use the correct format" + msg: | + "The IP address of this host does not have a correct format. + Configure the IP address appropriately in of the following variables: + - sap_ip + - sap_maintain_etc_hosts_list, member node_ip" - name: Verify that variable node_name is set ansible.builtin.assert: that: not( ( thishost.node_name is undefined) or ( thishost.node_name is none) or ( thishost.node_name | trim == '') ) - msg: "Variable 'node_name' is undefined or empty. Please define it your host list" + msg: | + "The hostname of this host not known. You can solve this problem by + configuring your managed node accordingly or by setting one of the following variables: + - sap_hostname + - sap_maintain_etc_hosts_list, member node_name" - name: Ensure node_domain is set ansible.builtin.set_fact: __sap_maintain_etc_hosts_domain: "{{ thishost.node_domain | default(sap_domain) | default(ansible_domain) }}" -# Necessary, if defaults are both undefined - name: Verify that variable domain_name is set ansible.builtin.assert: that: > not( ( __sap_maintain_etc_hosts_domain is undefined) or ( __sap_maintain_etc_hosts_domain is none) or ( __sap_maintain_etc_hosts_domain | trim == '') ) - msg: "Variable 'domain_name' is undefined or empty. Please define it your host list" + msg: | + "The DNS domain of this host not known. You can solve this problem by + configuring your DNS accordingly or by setting one of the following variables: + - sap_domain + - sap_maintain_etc_hosts_list, member node_domain" - name: Set default values ansible.builtin.set_fact: @@ -40,10 +55,10 @@ # The following block reads the existing aliases of a host from /etc/hosts # and merges it with the defined aliases in the struct # -# 1. select the line, where the first entry is the ip-adress thishost.node_ip +# 1. select the line where the first entry is the ip-adress thishost.node_ip # 2. loop over all hostname entries in the selected line (2 bis NF=last element in line) # 3. stop looping when a comment sign is found (because these are comments) -# 4. print an element, if it is not the hostname or FQDN we want to add +# 4. print an element if it is not the hostname or FQDN we want to add # # => __sap_maintain_etc_hosts_register_aliases.stdout contains a list of aliases of thishost.node_ip # From 0e9b7e5d5fb7825d503c745a24c970bf41ed9455 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 29 Feb 2024 12:28:15 +0100 Subject: [PATCH 031/135] sap_maintain_etc_hosts: no longer use ansible.utils.ip Checking the ip address against a regex pattern should be sufficient to ensure valid IP addresses are passed to the role. Solves issue #667. Signed-off-by: Bernd Finger --- roles/sap_maintain_etc_hosts/defaults/main.yml | 4 ++++ roles/sap_maintain_etc_hosts/meta/argument_specs.yml | 12 ++++++++++++ .../tasks/update_host_present.yml | 3 ++- 3 files changed, 18 insertions(+), 1 deletion(-) diff --git a/roles/sap_maintain_etc_hosts/defaults/main.yml b/roles/sap_maintain_etc_hosts/defaults/main.yml index bd6c1cf5b..718730176 100644 --- a/roles/sap_maintain_etc_hosts/defaults/main.yml +++ b/roles/sap_maintain_etc_hosts/defaults/main.yml @@ -45,3 +45,7 @@ # the role creates a default value from ansible_facts sap_maintain_etc_hosts_list: "{{ sap_hana_cluster_nodes | default(sap_ha_pacemaker_cluster_cluster_nodes) | default(omit) }}" + +# regex patterns for IP address validation: +sap_maintain_etc_hosts_regexp_ipv4: '^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$' +sap_maintain_etc_hosts_regexp_ipv6: '^(?:[a-fA-F0-9]{0,4}:){7}[a-fA-F0-9]{0,4}$' diff --git a/roles/sap_maintain_etc_hosts/meta/argument_specs.yml b/roles/sap_maintain_etc_hosts/meta/argument_specs.yml index 4244e41ed..a52430bf7 100644 --- a/roles/sap_maintain_etc_hosts/meta/argument_specs.yml +++ b/roles/sap_maintain_etc_hosts/meta/argument_specs.yml @@ -82,3 +82,15 @@ argument_specs: state: absent - node_name: host2 state: absent + + sap_maintain_etc_hosts_regexp_ipv4: + default: '^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}$' + description: + - regex pattern for IPv4 address validation + type: str + + sap_maintain_etc_hosts_regexp_ipv6: + default: '^(?:[a-fA-F0-9]{0,4}:){7}[a-fA-F0-9]{0,4}$' + description: + - regex pattern for IPv6 address validation + type: str diff --git a/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml b/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml index 54714284c..43caec15d 100644 --- a/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml +++ b/roles/sap_maintain_etc_hosts/tasks/update_host_present.yml @@ -6,7 +6,8 @@ - name: Verify that variable node_ip is in the correct format ansible.builtin.assert: - that: thishost.node_ip is ansible.utils.ip + that: thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv4) or + thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv6) msg: "Variable 'node_ip' is not an IP address. Please use the correct format" - name: Verify that variable node_name is set From 8b8748f9c40d087bbae78eaf80f916d83bf40543 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 29 Feb 2024 12:41:26 +0100 Subject: [PATCH 032/135] sap_maintain_etc_hosts: use the regex method also for assert Relates to #667. Signed-off-by: Bernd Finger --- roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml b/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml index dddf8f467..135023b18 100644 --- a/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml +++ b/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml @@ -1,7 +1,8 @@ --- - name: Verify that variable node_ip is in the correct format ansible.builtin.assert: - that: thishost.node_ip is ansible.utils.ip + that: thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv4) or + thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv6) msg: "Variable 'node_ip' is not an IP address. Please use the correct format" when: thisnode.node_ip is defined From ac122b1bba19567f01216d8e0c8c339f6338ca68 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 29 Feb 2024 15:43:36 +0100 Subject: [PATCH 033/135] sap_swpm: Fix task name for chmod/chown Relates to #663. Signed-off-by: Bernd Finger --- roles/sap_swpm/tasks/swpm/prepare_software.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_swpm/tasks/swpm/prepare_software.yml b/roles/sap_swpm/tasks/swpm/prepare_software.yml index 5849d9774..d16b0c05f 100644 --- a/roles/sap_swpm/tasks/swpm/prepare_software.yml +++ b/roles/sap_swpm/tasks/swpm/prepare_software.yml @@ -56,7 +56,7 @@ - __sap_swpm_fact_directories is defined - __sap_swpm_register_find_result_directories is defined - - name: SAP SWPM Pre Install - Create argument list for chmod of non-SAPCAR*EXE files + - name: SAP SWPM Pre Install - Create argument list for chown and chmod of non-SAPCAR*EXE files ansible.builtin.set_fact: __sap_swpm_fact_files_non_sapcar_chown_arg_list: "{{ __sap_swpm_fact_files_non_sapcar | map('quote') | join(' ') }}" From 07757fb7ca63546756154df59e1e455f7d20a377 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Wed, 7 Feb 2024 11:37:34 +0000 Subject: [PATCH 034/135] Variable changes for different os and platforms --- .../defaults/main.yml | 5 -- .../tasks/configure_srhook.yml | 2 +- .../tasks/construct_vars_hana_common.yml | 4 +- .../import_hacluster_vars_from_inventory.yml | 4 +- .../vars/hana_scaleout_common.yml | 3 +- .../vars/hana_scaleup_common.yml | 3 +- .../vars/nwas_common.yml | 4 +- .../vars/platform_cloud_aws_ec2_vs.yml | 8 ++- .../vars/platform_cloud_gcp_ce_vm.yml | 6 +-- .../vars/platform_cloud_ibmcloud_powervs.yml | 6 +-- .../vars/platform_cloud_ibmcloud_vs.yml | 6 +-- .../vars/platform_cloud_msazure_vm.yml | 6 +-- .../vars/platform_hyp_ibmpower_vm.yml | 6 +-- .../sap_ha_pacemaker_cluster/vars/redhat.yml | 52 +++++++++++++++++++ roles/sap_ha_pacemaker_cluster/vars/suse.yml | 48 +++++++++++++++++ 15 files changed, 123 insertions(+), 40 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/defaults/main.yml b/roles/sap_ha_pacemaker_cluster/defaults/main.yml index 88df2160d..7c3fa95b0 100644 --- a/roles/sap_ha_pacemaker_cluster/defaults/main.yml +++ b/roles/sap_ha_pacemaker_cluster/defaults/main.yml @@ -30,11 +30,6 @@ sap_ha_pacemaker_cluster_create_config_dest: "review_resource_config.yml" # Other options are needed in the separate HSR setup role. sap_ha_pacemaker_cluster_cluster_nodes: "{{ sap_hana_cluster_nodes | default([]) }}" -# Make sure that there is always the minimal default fed into the included role. -# This is combined with the custom list 'sap_ha_pacemaker_cluster_fence_agent_packages'. -sap_ha_pacemaker_cluster_fence_agent_minimal_packages: - - fence-agents-all - # Resource defaults are defined differently by cluster type in different tasks, if not custom defined. # TODO: migrate to 'ha_cluster' native parameter combination when moving the function to be included in the role # (newer feature in the LSR) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml index 1abcd3293..f7404fb61 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml @@ -10,7 +10,7 @@ - name: "SAP HA Pacemaker srHook - Copy srHook to shared directory" ansible.builtin.copy: remote_src: true - src: /usr/share/SAPHanaSR/srHook/SAPHanaSR.py + src: "{{ __sap_ha_srhook_path }}" dest: "{{ sap_ha_pacemaker_cluster_hadr_provider_path }}/{{ sap_ha_pacemaker_cluster_hadr_provider_name }}.py" mode: "0755" owner: "{{ sap_ha_pacemaker_cluster_hana_sid | lower }}adm" diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml index cfc6f757c..ec16611b9 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml @@ -24,7 +24,7 @@ vars: __resource_hana_topology: id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" - agent: "ocf:heartbeat:SAPHanaTopology" + agent: "ocf:{{ __sap_ha_resource_agent_namespace }}:SAPHanaTopology" instance_attrs: - attrs: - name: SID @@ -55,7 +55,7 @@ vars: __resource_hana: id: "{{ sap_ha_pacemaker_cluster_hana_resource_name }}" - agent: "ocf:heartbeat:{{ sap_ha_pacemaker_cluster_ra_hana }}" + agent: "ocf:{{ __sap_ha_resource_agent_namespace }}:{{ sap_ha_pacemaker_cluster_ra_hana }}" instance_attrs: - attrs: - name: SID diff --git a/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml b/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml index b3c5ad290..ad449ce7b 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml @@ -63,7 +63,9 @@ # ha_cluster_hacluster_password - name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_repos'" - when: ha_cluster_hacluster_password is defined + when: + - ha_cluster_hacluster_password is defined + - ha_cluster_hacluster_password | length > 0 ansible.builtin.set_fact: __sap_ha_pacemaker_cluster_hacluster_user_password: "{{ ha_cluster_hacluster_password }}" no_log: true # handle credentials with care diff --git a/roles/sap_ha_pacemaker_cluster/vars/hana_scaleout_common.yml b/roles/sap_ha_pacemaker_cluster/vars/hana_scaleout_common.yml index 4175257b5..83f6d7837 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/hana_scaleout_common.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/hana_scaleout_common.yml @@ -3,8 +3,7 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -__sap_ha_pacemaker_cluster_sap_extra_packages: - - resource-agents-sap-hana-scaleout +__sap_ha_pacemaker_cluster_sap_extra_packages: "{{ __sap_ha_pacemaker_cluster_sap_extra_packages_dict.scaleout }}" sap_ha_pacemaker_cluster_ra_hana: SAPHanaController sap_ha_pacemaker_cluster_hadr_provider_name: SAPHanaSR diff --git a/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_common.yml b/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_common.yml index 85043b5c5..e84ca6d10 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_common.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_common.yml @@ -3,8 +3,7 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -__sap_ha_pacemaker_cluster_sap_extra_packages: - - resource-agents-sap-hana +__sap_ha_pacemaker_cluster_sap_extra_packages: "{{ __sap_ha_pacemaker_cluster_sap_extra_packages_dict.scaleup }}" sap_ha_pacemaker_cluster_ra_hana: SAPHana sap_ha_pacemaker_cluster_hadr_provider_name: SAPHanaSR diff --git a/roles/sap_ha_pacemaker_cluster/vars/nwas_common.yml b/roles/sap_ha_pacemaker_cluster/vars/nwas_common.yml index c74b238e6..8d0c25921 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/nwas_common.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/nwas_common.yml @@ -4,5 +4,5 @@ # TODO: make sure to first respect 'ha_cluster' native variables __sap_ha_pacemaker_cluster_sap_extra_packages: - - resource-agents-sap - - "{% if sap_ha_pacemaker_cluster_enable_cluster_connector %}{{ __sap_ha_pacemaker_cluster_halib_package }}{% endif %}" + "{{ ( __sap_ha_pacemaker_cluster_sap_extra_packages_dict.nwas + __sap_ha_pacemaker_cluster_halib_package + if sap_ha_pacemaker_cluster_enable_cluster_connector else __sap_ha_pacemaker_cluster_sap_extra_packages_dict.nwas ) unique }}" diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_aws_ec2_vs.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_aws_ec2_vs.yml index b6f2248d5..9862d6f14 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_aws_ec2_vs.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_aws_ec2_vs.yml @@ -3,11 +3,9 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: - - fence-agents-aws +sap_ha_pacemaker_cluster_fence_agent_packages: "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_aws }}" -__sap_ha_pacemaker_cluster_platform_extra_packages: - - awscli +__sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_aws }}" __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms" @@ -21,7 +19,7 @@ __sap_ha_pacemaker_cluster_aws_instances: [] # The aws cli is currently configured anyway for the standard AWS VIP resource. sap_ha_pacemaker_cluster_stonith_default: id: "res_fence_aws" - agent: "stonith:fence_aws" + agent: "{{ sap_ha_pacemaker_cluster_stonith_agent_dict.cloud_aws }}" # options: # access_key: "{{ sap_ha_pacemaker_cluster_aws_access_key_id }}" # secret_key: "{{ sap_ha_pacemaker_cluster_aws_secret_access_key }}" diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml index 2e766b33c..a9cc0f423 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml @@ -3,11 +3,9 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: - - fence-agents-gce +sap_ha_pacemaker_cluster_fence_agent_packages: "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_gcp }}" -__sap_ha_pacemaker_cluster_platform_extra_packages: - - resource-agents-gcp +__sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_gcp }}" __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms" diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_powervs.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_powervs.yml index e5938f11d..0b89b16f3 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_powervs.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_powervs.yml @@ -3,11 +3,9 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: - - fence-agents-ibm-powervs +sap_ha_pacemaker_cluster_fence_agent_packages: "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_ibmcloud_powervs }}" -# __sap_ha_pacemaker_cluster_platform_extra_packages: -# - +__sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_ibmcloud_powervs }}" __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_vs.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_vs.yml index e70b1380d..9f073da70 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_vs.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_vs.yml @@ -3,11 +3,9 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: - - fence-agents-ibm-vpc +sap_ha_pacemaker_cluster_fence_agent_packages: "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_ibmcloud_vs }}" -# __sap_ha_pacemaker_cluster_platform_extra_packages: -# - +__sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_ibmcloud_vs }}" __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_msazure_vm.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_msazure_vm.yml index d8607e3ba..e7b02f2cb 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_msazure_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_msazure_vm.yml @@ -6,11 +6,9 @@ # The packages of the following lists will be installed by the 'ha_cluster' Linux System Role. # Any packages that are pre-requisites for variable construction must be installed before, e.g. # in the preconfigure-* tasks. -sap_ha_pacemaker_cluster_fence_agent_packages: - - fence-agents-azure-arm +sap_ha_pacemaker_cluster_fence_agent_packages: "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_msazure_vm }}" -__sap_ha_pacemaker_cluster_platform_extra_packages: - - socat +__sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_msazure_vm }}" __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms" diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_hyp_ibmpower_vm.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_hyp_ibmpower_vm.yml index dc4300e65..be47270e9 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_hyp_ibmpower_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_hyp_ibmpower_vm.yml @@ -3,11 +3,9 @@ # TODO: rename this file to match the actual "chassis_asset_tag" output # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: - - fence-agents-lpar +sap_ha_pacemaker_cluster_fence_agent_packages: "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.hyp_ibmpower_vm }}" -# __sap_ha_pacemaker_cluster_platform_extra_packages: -# - +__sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.hyp_ibmpower_vm }}" __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" diff --git a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml index dcf8452bc..2c0b81cfa 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml @@ -19,3 +19,55 @@ __sap_ha_pacemaker_cluster_command: resource_start: "pcs resource enable" resource_defaults_show: "pcs resource defaults config" resource_defaults_update: "pcs resource defaults update" + +# Make sure that there is always the minimal default fed into the included role. +# This is combined with the custom list 'sap_ha_pacemaker_cluster_fence_agent_packages'. +sap_ha_pacemaker_cluster_fence_agent_minimal_packages: + - fence-agents-all + +# Dictionary with fence packages for each platform +sap_ha_pacemaker_cluster_fence_agent_packages_dict: + cloud_aws: + - fence-agents-aws + cloud_gcp: + - fence-agents-gce + cloud_ibmcloud_powervs: + - fence-agents-ibm-powervs + cloud_ibmcloud_vs: + - fence-agents-ibm-vpc + cloud_msazure_vm: + - fence-agents-azure-arm + hyp_ibmpower_vm: + - fence-agents-lpar + +# Dictionary with extra platform specific packages +__sap_ha_pacemaker_cluster_platform_extra_packages_dict: + cloud_aws: + - awscli + cloud_gcp: + - resource-agents-gcp + cloud_ibmcloud_powervs: [] + cloud_ibmcloud_vs: [] + cloud_msazure_vm: + - socat + hyp_ibmpower_vm: [] + +# Dictionary with additional cluster packages for specific scenarios +__sap_ha_pacemaker_cluster_sap_extra_packages_dict: + scaleout: + - resource-agents-sap-hana-scaleout + scaleup: + - resource-agents-sap-hana + nwas: + - resource-agents-sap + +# Dictionary for platform specific Stonith agents +# This is required only if there are differences between os_family +sap_ha_pacemaker_cluster_stonith_agent_dict: + cloud_aws: 'stonith:fence_aws' + +# SAP HANA Resource agent namespace +__sap_ha_resource_agent_namespace: heartbeat + +# Location of HANA SRHook binaries +__sap_ha_srhook_path: '/usr/share/SAPHanaSR/srHook/SAPHanaSR.py' diff --git a/roles/sap_ha_pacemaker_cluster/vars/suse.yml b/roles/sap_ha_pacemaker_cluster/vars/suse.yml index c821de804..ce063cffc 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/suse.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/suse.yml @@ -13,3 +13,51 @@ __sap_ha_pacemaker_cluster_command: resource_start: "crm resource start" resource_defaults_show: "crm configure show type:rsc_defaults" resource_defaults_update: "crm configure rsc_defaults" + +# Make sure that there is always the minimal default fed into the included role. +# This is combined with the custom list 'sap_ha_pacemaker_cluster_fence_agent_packages'. +sap_ha_pacemaker_cluster_fence_agent_minimal_packages: + - fence-agents + +# Dictionary with fence packages for each platform +# SUSE does not use platform specific fence agents, just fence-agents +sap_ha_pacemaker_cluster_fence_agent_packages_dict: + cloud_aws: [] + cloud_gcp: [] + cloud_ibmcloud_powervs: [] + cloud_ibmcloud_vs: [] + cloud_msazure_vm: [] + hyp_ibmpower_vm: [] + +# Dictionary with extra platform specific packages +__sap_ha_pacemaker_cluster_platform_extra_packages_dict: + cloud_aws: + - awscli + cloud_gcp: [] + cloud_ibmcloud_powervs: [] + cloud_ibmcloud_vs: [] + cloud_msazure_vm: + - socat + hyp_ibmpower_vm: [] + +# Dictionary with additional cluster packages for specific scenarios +__sap_ha_pacemaker_cluster_sap_extra_packages_dict: + scaleout: + - resource-agents + - SAPHanaSR-ScaleOut + scaleup: + - resource-agents + - SAPHanaSR + nwas: + - resource-agents + +# Dictionary for platform specific Stonith agents +# This is required only if there are differences between os_family +sap_ha_pacemaker_cluster_stonith_agent_dict: + cloud_aws: 'stonith:external/ec2' + +# SAP HANA Resource agent namespace +__sap_ha_resource_agent_namespace: suse + +# Location of HANA SRHook binaries +__sap_ha_srhook_path: '/usr/share/SAPHanaSR/SAPHanaSR.py' From 52964e689316ca432ed97f6257667641a01997a3 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Fri, 1 Mar 2024 15:19:52 +0000 Subject: [PATCH 035/135] bugfix for list error unique --- roles/sap_ha_pacemaker_cluster/vars/nwas_common.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/vars/nwas_common.yml b/roles/sap_ha_pacemaker_cluster/vars/nwas_common.yml index 8d0c25921..9e82175b4 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/nwas_common.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/nwas_common.yml @@ -4,5 +4,6 @@ # TODO: make sure to first respect 'ha_cluster' native variables __sap_ha_pacemaker_cluster_sap_extra_packages: - "{{ ( __sap_ha_pacemaker_cluster_sap_extra_packages_dict.nwas + __sap_ha_pacemaker_cluster_halib_package - if sap_ha_pacemaker_cluster_enable_cluster_connector else __sap_ha_pacemaker_cluster_sap_extra_packages_dict.nwas ) unique }}" + "{{ ( __sap_ha_pacemaker_cluster_sap_extra_packages_dict.nwas + + [ __sap_ha_pacemaker_cluster_halib_package ] if sap_ha_pacemaker_cluster_enable_cluster_connector + else __sap_ha_pacemaker_cluster_sap_extra_packages_dict.nwas ) | unique }}" From 01b3d0af4b9018bd7673875051d0bb19f5319976 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 1 Mar 2024 19:01:12 +0100 Subject: [PATCH 036/135] sap_hana_install: Support fapolicyd Also use role parameters for /hana and /hana/shared where possible. Signed-off-by: Bernd Finger --- roles/sap_hana_install/defaults/main.yml | 9 +++++- .../tasks/assert-addhosts-loop-block.yml | 6 ++-- roles/sap_hana_install/tasks/hana_exists.yml | 12 +++---- roles/sap_hana_install/tasks/post_install.yml | 31 +++++++++++++++++++ roles/sap_hana_install/tasks/pre_install.yml | 31 ++++++++++++++----- 5 files changed, 72 insertions(+), 17 deletions(-) diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index c388228b8..fcfdf48f8 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -29,6 +29,12 @@ sap_hana_install_copy_sarfiles: no # removed after extraction. sap_hana_install_keep_copied_sarfiles: no +# For supporting fapolicyd, set the following variable to `yes`: +sap_hana_install_use_fapolicyd: no + +# When using fapolicyd, the file name in /etc/fapolicyd/trust.d/ must be set: +sap_hana_install_fapolicyd_trust_filename: '_hana' + # File name of SAPCAR*EXE in the software directory. If the variable is not set and there is more than one SAPCAR executable # in the software directory, the latest SAPCAR executable for the CPU architecture will be selected automatically. #sap_hana_install_sapcar_filename: SAPCAR_1115-70006178.EXE @@ -114,7 +120,8 @@ sap_hana_install_components: 'all' # Instance details sap_hana_install_sid: sap_hana_install_number: -sap_hana_install_install_path: '/hana/shared' +sap_hana_install_root_path: '/hana' +sap_hana_install_install_path: '{{ sap_hana_install_root_path }}/shared' # Adjust these accordingly for your installation type sap_hana_install_system_usage: 'custom' diff --git a/roles/sap_hana_install/tasks/assert-addhosts-loop-block.yml b/roles/sap_hana_install/tasks/assert-addhosts-loop-block.yml index 72439716a..47d501164 100644 --- a/roles/sap_hana_install/tasks/assert-addhosts-loop-block.yml +++ b/roles/sap_hana_install/tasks/assert-addhosts-loop-block.yml @@ -2,12 +2,12 @@ - name: SAP HANA Add Hosts - Check for SAP HANA instance profile for '{{ line_item }}' ansible.builtin.stat: - path: "/hana/shared/{{ sap_hana_install_sid }}/profile/{{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{{ line_item }}" + path: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/profile/{{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{{ line_item }}" register: __sap_hana_install_register_instance_profile_addhost - name: SAP HANA Add Hosts - Show the path name of the instance profile ansible.builtin.debug: - msg: "Instance profile: '/hana/shared/{{ sap_hana_install_sid }}/profile/\ + msg: "Instance profile: '{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/profile/\ {{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{{ line_item }}'" - name: SAP HANA Add Hosts - Assert that there is no instance profile for the additional hosts @@ -15,7 +15,7 @@ that: not __sap_hana_install_register_instance_profile_addhost.stat.exists fail_msg: - "FAIL: There is already an instance profile for host '{{ line_item }}', at location:" - - " '/hana/shared/{{ sap_hana_install_sid }}/profile/{{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{'{ line_item }}." + - " '{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/profile/{{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{'{ line_item }}." - "Because of this, the addhost operation will not be performed." success_msg: "PASS: No instance profile was found for host '{{ line_item }}'." diff --git a/roles/sap_hana_install/tasks/hana_exists.yml b/roles/sap_hana_install/tasks/hana_exists.yml index 9dbeb50a3..f195f4cf0 100644 --- a/roles/sap_hana_install/tasks/hana_exists.yml +++ b/roles/sap_hana_install/tasks/hana_exists.yml @@ -63,23 +63,23 @@ when: not __sap_hana_install_register_stat_saphostctrl.stat.exists block: - - name: SAP HANA Checks - Get status of '/hana/shared/{{ sap_hana_install_sid }}' + - name: SAP HANA Checks - Get status of '{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}' ansible.builtin.stat: - path: "/hana/shared/{{ sap_hana_install_sid }}" + path: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}" check_mode: false register: __sap_hana_install_register_stat_hana_shared_sid_assert failed_when: false - - name: SAP HANA Checks - Get contents of '/hana/shared/{{ sap_hana_install_sid }}' + - name: SAP HANA Checks - Get contents of '{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}' ansible.builtin.find: - paths: "/hana/shared/{{ sap_hana_install_sid }}" + paths: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}" patterns: '*' register: __sap_hana_install_register_files_in_hana_shared_sid_assert when: __sap_hana_install_register_stat_hana_shared_sid_assert.stat.exists - - name: SAP HANA Checks - Fail if directory '/hana/shared/{{ sap_hana_install_sid }}' exists and is not empty + - name: SAP HANA Checks - Fail if directory '{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}' exists and is not empty ansible.builtin.fail: - msg: "FAIL: Directory '/hana/shared/{{ sap_hana_install_sid }}' exists and is not empty!" + msg: "FAIL: Directory '{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}' exists and is not empty!" when: - __sap_hana_install_register_stat_hana_shared_sid_assert.stat.exists - __sap_hana_install_register_files_in_hana_shared_sid_assert.matched | int != 0 diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index 697615cca..d1e40d386 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -203,3 +203,34 @@ # - ' Host - {{ ansible_hostname }}' # - ' FQDN - {{ ansible_fqdn }}' when: not ansible_check_mode + +- name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_root_path' into the fapolicyd trust file + ansible.builtin.shell: | + set -o pipefail && find {{ sap_hana_install_root_path }} -type f -executable -exec file {} \; | awk 'BEGIN{FS=":";IGNORECASE=1}/64-bit/{system ("fapolicyd-cli --file add "$1" --trust-file {{ sap_hana_install_fapolicyd_trust_filename }}")}' + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' + +- name: SAP HANA Post Install, fapolicyd - Enable fapolicyd + ansible.builtin.service: + name: fapolicyd + enabled: true + state: started + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' + +- name: SAP HANA Post Install, fapolicyd - Update the fapolicyd database + ansible.builtin.command: fapolicyd-cli --update + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' + +- name: SAP HANA Post Install, fapolicyd - Restart fapolicyd + ansible.builtin.service: + name: fapolicyd + enabled: true + state: restarted + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' diff --git a/roles/sap_hana_install/tasks/pre_install.yml b/roles/sap_hana_install/tasks/pre_install.yml index 3e20526c0..12aa8afbc 100644 --- a/roles/sap_hana_install/tasks/pre_install.yml +++ b/roles/sap_hana_install/tasks/pre_install.yml @@ -14,6 +14,23 @@ # sap_hana_install_lss_backup_password: "{{ sap_hana_install_master_password }}" # when: sap_hana_install_use_master_password == 'y' +################ +# Handle fapolicyd +################ + +- name: SAP HANA Pre Install, fapolicyd - Gather package facts + ansible.builtin.package_facts: + when: sap_hana_install_use_fapolicyd + +- name: SAP HANA Pre Install, fapolicyd - Disable fapolicyd + ansible.builtin.service: + name: fapolicyd + enabled: false + state: stopped + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' + ################ # Prepare software path ################ @@ -77,10 +94,10 @@ owner: root group: root loop: - - '/hana' - - '/hana/shared' - - '/hana/log' - - '/hana/data' + - '{{ sap_hana_install_root_path }}' + - '{{ sap_hana_install_install_path }}' + - '{{ sap_hana_install_root_path }}/log' + - '{{ sap_hana_install_root_path }}/data' tags: sap_hana_install_chown_hana_directories # SELinux is not currently supported by SAP using SLES4SAP @@ -90,16 +107,16 @@ sap_hana_install_modify_selinux_labels: false when: ansible_os_family == "Suse" - - name: SAP HANA Pre Install - Configure '/hana' SELinux file contexts + - name: SAP HANA Pre Install - Configure 'sap_hana_install_root_path' SELinux file contexts ansible.builtin.include_role: name: '{{ sap_hana_install_system_roles_collection }}.selinux' vars: selinux_booleans: - { name: 'selinuxuser_execmod', state: 'on' } selinux_fcontexts: - - { target: '/hana(/.*)?', setype: 'usr_t' } + - { target: '{{ sap_hana_install_root_path }}(/.*)?', setype: 'usr_t' } selinux_restore_dirs: - - /hana + - '{{ sap_hana_install_root_path }}' when: sap_hana_install_modify_selinux_labels - name: SAP HANA Pre Install - Get info about software extract directory '{{ sap_hana_install_software_extract_directory }}' From 8c32eb469e9735f6ad38a2db3e9bc361e4da728b Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 1 Mar 2024 19:42:01 +0100 Subject: [PATCH 037/135] sap_hana_install: Use "hana" instead of "_hana" ... for the name of the fapolicyd trusted files file. Signed-off-by: Bernd Finger --- roles/sap_hana_install/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index fcfdf48f8..ffbb7eb11 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -33,7 +33,7 @@ sap_hana_install_keep_copied_sarfiles: no sap_hana_install_use_fapolicyd: no # When using fapolicyd, the file name in /etc/fapolicyd/trust.d/ must be set: -sap_hana_install_fapolicyd_trust_filename: '_hana' +sap_hana_install_fapolicyd_trust_filename: 'hana' # File name of SAPCAR*EXE in the software directory. If the variable is not set and there is more than one SAPCAR executable # in the software directory, the latest SAPCAR executable for the CPU architecture will be selected automatically. From f2b3d91169111c44f47c994ae20cec352eee1450 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 4 Mar 2024 15:31:06 +0100 Subject: [PATCH 038/135] sap_maintain_etc_hosts: Fix wrong assert messages also for absent hosts Relates to #662. Signed-off-by: Bernd Finger --- .../tasks/update_host_absent.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml b/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml index 135023b18..9155ba151 100644 --- a/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml +++ b/roles/sap_maintain_etc_hosts/tasks/update_host_absent.yml @@ -3,7 +3,11 @@ ansible.builtin.assert: that: thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv4) or thishost.node_ip | regex_search(sap_maintain_etc_hosts_regexp_ipv6) - msg: "Variable 'node_ip' is not an IP address. Please use the correct format" + msg: | + "The IP address of this host does not have a correct format. + Configure the IP address appropriately in of the following variables: + - sap_ip + - sap_maintain_etc_hosts_list, member node_ip" when: thisnode.node_ip is defined - name: Ensure that either IP address or hostname is defined @@ -13,7 +17,7 @@ ((thishost.node_ip is undefined) and (thishost.node_name is defined)) msg: "Invalid delete item. Please define either node_ip only or node_name. In the latter case node_domain is optional." -- name: Ensure that the entry all entries in hosts file are removed with IP {{ thishost.node_ip | d('undefined') }} +- name: Ensure that all entries with IP {{ thishost.node_ip | d('undefined') }} in /etc/hosts are absent ansible.builtin.lineinfile: path: "{{ __sap_maintain_etc_hosts_file }}" regexp: '^{{ thishost.node_ip }}\s' @@ -26,7 +30,7 @@ become_user: root become: true -- name: Ensure that the entry all entries in hosts file are removed with name {{ thishost.node_name | d('undefined') }} +- name: Ensure that all entries with name {{ thishost.node_name | d('undefined') }} in /etc/hosts are absent ansible.builtin.lineinfile: path: "{{ __sap_maintain_etc_hosts_file }}" regexp: '^.*\s{{ thishost.node_name }}\s' @@ -40,7 +44,7 @@ become_user: root become: true -- name: Ensure that the entry all enries in hosts file are removed with FQDN +- name: Ensure that all enries with the specified FQDN in /etc/hosts are absent ansible.builtin.lineinfile: path: "{{ __sap_maintain_etc_hosts_file }}" regexp: '^.*\s{{ thishost.node_name + "." + thishost.node_domain }}\s' From 1f884151585fe73d02df6bd40a894f704bb16c90 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 4 Mar 2024 17:37:11 +0100 Subject: [PATCH 039/135] sap_hana_install: Ensure fapolicyd is present... ... if fapolicyd is to be used. Also replace yes by true and no by false in defaults/main.yml. Signed-off-by: Bernd Finger --- roles/sap_hana_install/defaults/main.yml | 62 ++++++++++---------- roles/sap_hana_install/tasks/pre_install.yml | 17 ++++-- 2 files changed, 44 insertions(+), 35 deletions(-) diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index ffbb7eb11..b53ec8763 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -20,17 +20,17 @@ sap_hana_install_software_extract_directory: "{{ sap_hana_install_software_direc # set the value to true. By default, this directory will not be removed sap_hana_install_cleanup_extract_directory: false -# Set this variable to `yes` if you want to copy the SAR files from `sap_hana_install_software_directory` +# Set this variable to `false` if you want to copy the SAR files from `sap_hana_install_software_directory` # to `sap_hana_install_software_extract_directory/sarfiles` before extracting. # This might be useful if the SAR files are on a slow fileshare. -sap_hana_install_copy_sarfiles: no +sap_hana_install_copy_sarfiles: false -# Set the following variable to `yes` if you want to keep the copied SAR files. By default, the SAR files will be +# Set the following variable to `false` if you want to keep the copied SAR files. By default, the SAR files will be # removed after extraction. -sap_hana_install_keep_copied_sarfiles: no +sap_hana_install_keep_copied_sarfiles: false -# For supporting fapolicyd, set the following variable to `yes`: -sap_hana_install_use_fapolicyd: no +# For supporting fapolicyd, set the following variable to `false`: +sap_hana_install_use_fapolicyd: false # When using fapolicyd, the file name in /etc/fapolicyd/trust.d/ must be set: sap_hana_install_fapolicyd_trust_filename: 'hana' @@ -45,9 +45,9 @@ sap_hana_install_fapolicyd_trust_filename: 'hana' # - SAPHOSTAGENT54_54-80004822.SAR # - IMDB_SERVER20_060_0-80002031.SAR -# Set the following variable to `yes` to let the role abort if checksum verification fails for any SAPCAR or SAR file +# Set the following variable to `false` to let the role abort if checksum verification fails for any SAPCAR or SAR file # called or used by the role. -sap_hana_install_verify_checksums: no +sap_hana_install_verify_checksums: false # Checksum algorithm for checksum verification. Default is sha256, for which a checksum is available in the SAP software # download pages. @@ -56,9 +56,9 @@ sap_hana_install_checksum_algorithm: sha256 # In case a global checksum file is present, use the following variable to specify the full path to this file: #sap_hana_install_global_checksum_file: "{{ sap_hana_install_software_directory }}/SHA256" -# Set the following variable to `yes` to let hdbclm verify SAR file signatures. This corresponds to the hdblcm command line +# Set the following variable to `false` to let hdbclm verify SAR file signatures. This corresponds to the hdblcm command line # argument `--verify_signature`. -sap_hana_install_verify_signature: no +sap_hana_install_verify_signature: false # hdblcm configfile related variables: # Directory where to store the hdblcm configfile template and the Jinja2 template: @@ -75,36 +75,36 @@ sap_hana_install_configfile_template_prefix: "hdblcm_configfile_template" # Directory where to download the Jinja2 template: sap_hana_install_local_configfile_directory: '/tmp' -# If you would like to perform an installation check after the installation, set the following variable to 'yes'. +# If you would like to perform an installation check after the installation, set the following variable to 'false'. # Note: This only works if there is no static configfile available in sap_hana_install_configfile_directory. -sap_hana_install_check_installation: no +sap_hana_install_check_installation: false -# Only if sap_hana_install_check_installation (above) is set to 'yes', you can select which command to use by setting the -# following variable to `yes` or `no`. -# yes: use the command 'hdbcheck', with parameters `--remote_execution=ssh` and `--scope=system` +# Only if sap_hana_install_check_installation (above) is set to 'false', you can select which command to use by setting the +# following variable to `false` or `false`. +# false: use the command 'hdbcheck', with parameters `--remote_execution=ssh` and `--scope=system` # no: use the command `hdblcm --action=check_installation` -sap_hana_install_use_hdbcheck: yes +sap_hana_install_use_hdbcheck: true -# If the following variable is set to yes, the HANA installation check will be skipped -sap_hana_install_force: no +# If the following variable is set to false, the HANA installation check will be skipped +sap_hana_install_force: false -# If the following variable is set to `no`, the role will attempt to install SAP HANA even if there is already a sidadm user. -# Default is `yes`. -sap_hana_install_check_sidadm_user: yes +# If the following variable is set to `false`, the role will attempt to install SAP HANA even if there is already a sidadm user. +# Default is `false`. +sap_hana_install_check_sidadm_user: true -# If the following variable is undefined or set to `yes`, the role will perform a fresh SAP HANA installation. -# If set to `no`, additional hosts as specified by variable sap_hana_install_addhosts will be added to +# If the following variable is undefined or set to `false`, the role will perform a fresh SAP HANA installation. +# If set to `false`, additional hosts as specified by variable sap_hana_install_addhosts will be added to # an existing HANA system. -sap_hana_install_new_system: yes +sap_hana_install_new_system: true # The first tenant database is using a port range not within the range of the ports of additional tenant databases. -# In case this is not desired, you can set the following parameter to `yes` to recreate the initial tenant database. -sap_hana_install_recreate_tenant_database: no +# In case this is not desired, you can set the following parameter to `false` to recreate the initial tenant database. +sap_hana_install_recreate_tenant_database: false # For compatibility of SAP HANA with SELinux in enforcing mode, the role will recursively relabel directories and files # in `/hana` before the installation starts and in `/usr/sap` after the installation has finished. -# If relabeling not desired, set the following variable to `no`. -sap_hana_install_modify_selinux_labels: yes +# If relabeling not desired, set the following variable to `false`. +sap_hana_install_modify_selinux_labels: true ################ # Parameters for hdblcm: @@ -147,7 +147,7 @@ sap_hana_install_use_master_password: 'y' #sap_hana_install_xs_org_password: # Optional steps -sap_hana_install_update_firewall: no +sap_hana_install_update_firewall: false # List of firewall ports for SAP HANA. Note: The structure of the variable is compatible # with the variable `firewall` of Linux System Role `firewall`. @@ -173,14 +173,14 @@ sap_hana_install_firewall: state: 'enabled' } # The following variable is no longer used. Setting /etc/hosts entries is done in role sap_general_preconfigure. -#sap_hana_install_update_etchosts: yes +#sap_hana_install_update_etchosts: true # Post install parameters sap_hana_install_hdbuserstore_key: 'HDB_SYSTEMDB' sap_hana_install_nw_input_location: '/tmp' # License -sap_hana_install_apply_license: no +sap_hana_install_apply_license: false #sap_hana_install_license_path: #sap_hana_install_license_file_name: diff --git a/roles/sap_hana_install/tasks/pre_install.yml b/roles/sap_hana_install/tasks/pre_install.yml index 12aa8afbc..a76069a68 100644 --- a/roles/sap_hana_install/tasks/pre_install.yml +++ b/roles/sap_hana_install/tasks/pre_install.yml @@ -18,17 +18,26 @@ # Handle fapolicyd ################ -- name: SAP HANA Pre Install, fapolicyd - Gather package facts - ansible.builtin.package_facts: +- name: SAP HANA Pre Install, fapolicyd - Ensure the presence of fapolicyd + ansible.builtin.package: + name: fapolicyd + state: present when: sap_hana_install_use_fapolicyd -- name: SAP HANA Pre Install, fapolicyd - Disable fapolicyd +################ +# We must ensure fapolicyd is disabled before installing SAP HANA in all cases +# Otherwise, the installation of SAP HANA will fail +################ + +- name: SAP HANA Pre Install - Gather package facts + ansible.builtin.package_facts: + +- name: SAP HANA Pre Install - Disable fapolicyd ansible.builtin.service: name: fapolicyd enabled: false state: stopped when: - - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' ################ From e7dba367abb5cff60ec497205b7b99b39d33f579 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 4 Mar 2024 18:03:31 +0100 Subject: [PATCH 040/135] sap_hana_install: fapolicyd - fix ansible-lint Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index d1e40d386..98c610d36 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -204,9 +204,14 @@ # - ' FQDN - {{ ansible_fqdn }}' when: not ansible_check_mode +# We want to add only the necessary files to the fapolicyd trust file, so we are only looking for files which have the execute +# mode bit set AND which are of file type 64-bit executable or 64-bit shared object. - name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_root_path' into the fapolicyd trust file ansible.builtin.shell: | - set -o pipefail && find {{ sap_hana_install_root_path }} -type f -executable -exec file {} \; | awk 'BEGIN{FS=":";IGNORECASE=1}/64-bit/{system ("fapolicyd-cli --file add "$1" --trust-file {{ sap_hana_install_fapolicyd_trust_filename }}")}' + set -o pipefail && + find {{ sap_hana_install_root_path }} -type f -executable -exec file {} \; | + awk 'BEGIN{FS=":";IGNORECASE=1}/64-bit/{system ("fapolicyd-cli --file add "$1" --trust-file {{ sap_hana_install_fapolicyd_trust_filename }}")}' + changed_when: true when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' @@ -222,6 +227,7 @@ - name: SAP HANA Post Install, fapolicyd - Update the fapolicyd database ansible.builtin.command: fapolicyd-cli --update + changed_when: true when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' From b76b655a0d9fc218462e5139859fba525a6e7325 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 4 Mar 2024 21:16:03 +0100 Subject: [PATCH 041/135] sap_swpm: Use non-default loop vars Signed-off-by: Bernd Finger --- roles/sap_swpm/tasks/swpm.yml | 4 +++- roles/sap_swpm/tasks/swpm/prepare_software.yml | 8 ++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/roles/sap_swpm/tasks/swpm.yml b/roles/sap_swpm/tasks/swpm.yml index ab9d2fc0b..3271856b5 100644 --- a/roles/sap_swpm/tasks/swpm.yml +++ b/roles/sap_swpm/tasks/swpm.yml @@ -126,10 +126,12 @@ register: swpm_output_sapcontrol_files - name: SAP SWPM - Get sapcontrol file/s - ansible.builtin.command: awk -v RS='(^|\n)GetInstanceProperties\n' 'END{printf "%s", $0}' {{ item }} + ansible.builtin.command: awk -v RS='(^|\n)GetInstanceProperties\n' 'END{printf "%s", $0}' {{ line_item }} register: swpm_sapcontrol_file_contents changed_when: false loop: "{{ swpm_output_sapcontrol_files.files | map(attribute='path') | list | unique }}" + loop_control: + loop_var: line_item - name: SAP SWPM - Display installation finished from success file ansible.builtin.debug: diff --git a/roles/sap_swpm/tasks/swpm/prepare_software.yml b/roles/sap_swpm/tasks/swpm/prepare_software.yml index d16b0c05f..876afe978 100644 --- a/roles/sap_swpm/tasks/swpm/prepare_software.yml +++ b/roles/sap_swpm/tasks/swpm/prepare_software.yml @@ -32,14 +32,18 @@ - name: SAP SWPM Pre Install - Create list of absolute directory names from the find result ansible.builtin.set_fact: - __sap_swpm_fact_directories: "{{ __sap_swpm_fact_directories | d([]) + [item.path] }}" + __sap_swpm_fact_directories: "{{ __sap_swpm_fact_directories | d([]) + [line_item.path] }}" loop: "{{ __sap_swpm_register_find_result_directories.files }}" + loop_control: + loop_var: line_item when: __sap_swpm_register_find_result_directories is defined - name: SAP SWPM Pre Install - Create list of absolute file names for non-SAPCAR files from the find result ansible.builtin.set_fact: - __sap_swpm_fact_files_non_sapcar: "{{ __sap_swpm_fact_files_non_sapcar | d([]) + [item.path] }}" + __sap_swpm_fact_files_non_sapcar: "{{ __sap_swpm_fact_files_non_sapcar | d([]) + [line_item.path] }}" loop: "{{ __sap_swpm_register_find_result_files_non_sapcar.files }}" + loop_control: + loop_var: line_item when: __sap_swpm_register_find_result_files_non_sapcar is defined - name: SAP SWPM Pre Install - Ensure correct permissions and ownership of all directories From 538a41073b8b708f1003bdccdf0b7ad85790e734 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 4 Mar 2024 21:29:45 +0100 Subject: [PATCH 042/135] sap_swpm: No need to use pipefail in shell module ... when there is no pipe. Signed-off-by: Bernd Finger --- roles/sap_swpm/tasks/swpm/prepare_software.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_swpm/tasks/swpm/prepare_software.yml b/roles/sap_swpm/tasks/swpm/prepare_software.yml index 876afe978..a5c59d176 100644 --- a/roles/sap_swpm/tasks/swpm/prepare_software.yml +++ b/roles/sap_swpm/tasks/swpm/prepare_software.yml @@ -69,7 +69,7 @@ # - no-changed-when: Not worth checking permissions and ownership before this task and comparing afterwards - name: SAP SWPM Pre Install - Ensure correct permissions and ownership of all non-SAPCAR files # noqa command-instead-of-module no-changed-when ansible.builtin.shell: > - set -o pipefail && chown {{ sap_swpm_files_non_sapcar_owner }}:{{ sap_swpm_files_non_sapcar_group }} \ + chown {{ sap_swpm_files_non_sapcar_owner }}:{{ sap_swpm_files_non_sapcar_group }} \ {{ __sap_swpm_fact_files_non_sapcar_chown_arg_list }} && chmod {{ sap_swpm_files_non_sapcar_mode }} \ {{ __sap_swpm_fact_files_non_sapcar_chown_arg_list }} From 28460cc06d7e5f8b246cf4f8d7a7f4a4d7f50567 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 4 Mar 2024 21:43:14 +0100 Subject: [PATCH 043/135] sap_swpm: only display names of item when defining variables in a loop Signed-off-by: Bernd Finger --- roles/sap_swpm/tasks/swpm/prepare_software.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/sap_swpm/tasks/swpm/prepare_software.yml b/roles/sap_swpm/tasks/swpm/prepare_software.yml index a5c59d176..911d82fdc 100644 --- a/roles/sap_swpm/tasks/swpm/prepare_software.yml +++ b/roles/sap_swpm/tasks/swpm/prepare_software.yml @@ -36,6 +36,7 @@ loop: "{{ __sap_swpm_register_find_result_directories.files }}" loop_control: loop_var: line_item + label: "{{ line_item.path }}" when: __sap_swpm_register_find_result_directories is defined - name: SAP SWPM Pre Install - Create list of absolute file names for non-SAPCAR files from the find result @@ -44,6 +45,7 @@ loop: "{{ __sap_swpm_register_find_result_files_non_sapcar.files }}" loop_control: loop_var: line_item + label: "{{ line_item.path }}" when: __sap_swpm_register_find_result_files_non_sapcar is defined - name: SAP SWPM Pre Install - Ensure correct permissions and ownership of all directories From 8c40e91ec3d881533d25843efd1af16448a8ba16 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Tue, 5 Mar 2024 16:25:45 +0100 Subject: [PATCH 044/135] collection: Use -i instead of -l test scripts Fixes #671. Signed-off-by: Bernd Finger --- .../tests/run-sap_general_preconfigure-tests.py | 5 +++-- .../install/run-sap_hana_install-install-tests.py | 13 +++++++++---- .../tests/run-sap_hana_preconfigure-tests.py | 5 +++-- .../tests/run-sap_netweaver_preconfigure-tests.py | 5 +++-- 4 files changed, 18 insertions(+), 10 deletions(-) diff --git a/roles/sap_general_preconfigure/tests/run-sap_general_preconfigure-tests.py b/roles/sap_general_preconfigure/tests/run-sap_general_preconfigure-tests.py index 42ed90923..1e918077e 100755 --- a/roles/sap_general_preconfigure/tests/run-sap_general_preconfigure-tests.py +++ b/roles/sap_general_preconfigure/tests/run-sap_general_preconfigure-tests.py @@ -143,9 +143,10 @@ command = ( 'ansible-playbook sap_general_preconfigure-default-settings.yml ' + par1['command_line_parameter'] - + '-l ' + + '-u root ' + + '-i ' + _managed_node - + ' ' + + ', ' + '-e "' ) for par2 in par1['role_vars']: diff --git a/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py b/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py index a0531355a..40512e06a 100755 --- a/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py +++ b/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py @@ -103,8 +103,10 @@ def print_log(text): command = ('ansible-playbook prepare-install-test-' + par1['number'] + '.yml ' - + '-l ' + + '-u root ' + + '-i ' + __managed_node) + + ',' args = shlex.split(command) # _py_rc = os.system(command) __logfile = __logdir + '/' + __logfile_prefix + __datestr + '-prepare-' + par1['number'] + '.log' @@ -120,9 +122,10 @@ def print_log(text): + par1['number'] + '.yml ' + par1['command_line_parameter'] - + '-l ' + + '-u root ' + + '-i ' + __managed_node - + ' ' + + ', ' + '-e "') # add all role vars for this test: for par2 in par1['role_vars']: @@ -150,8 +153,10 @@ def print_log(text): # uninstall SAP HANA: command = ('ansible-playbook hana-uninstall.yml ' - + '-l ' + + '-u root ' + + '-i ' + __managed_node) + + ',' args = shlex.split(command) __logfile = __logdir + '/' + __logfile_prefix + __datestr + '-uninstall-' + par1['number'] + '.log' with open(__logfile, 'wb') as __filedescriptor: diff --git a/roles/sap_hana_preconfigure/tests/run-sap_hana_preconfigure-tests.py b/roles/sap_hana_preconfigure/tests/run-sap_hana_preconfigure-tests.py index 08bc7f554..7feed3311 100755 --- a/roles/sap_hana_preconfigure/tests/run-sap_hana_preconfigure-tests.py +++ b/roles/sap_hana_preconfigure/tests/run-sap_hana_preconfigure-tests.py @@ -186,9 +186,10 @@ print('\n' + 'Test ' + par1['number'] + ': ' + par1['name']) command = ('ansible-playbook sap_hana_preconfigure-default-settings.yml ' + par1['command_line_parameter'] - + '-l ' + + '-u root ' + + '-i ' + _managed_node - + ' ' + + ', ' + '-e "') for par2 in par1['role_vars']: command += str(par2) diff --git a/roles/sap_netweaver_preconfigure/tests/run-sap_netweaver_preconfigure-tests.py b/roles/sap_netweaver_preconfigure/tests/run-sap_netweaver_preconfigure-tests.py index 30cc2501d..766b45d5f 100755 --- a/roles/sap_netweaver_preconfigure/tests/run-sap_netweaver_preconfigure-tests.py +++ b/roles/sap_netweaver_preconfigure/tests/run-sap_netweaver_preconfigure-tests.py @@ -98,9 +98,10 @@ print('\n' + 'Test ' + par1['number'] + ': ' + par1['name']) command = ('ansible-playbook sap_netweaver_preconfigure-default-settings.yml ' + par1['command_line_parameter'] - + '-l ' + + '-u root ' + + '-i ' + _managed_node - + ' ' + + ', ' + '-e "') for par2 in par1['role_vars']: command += str(par2) From d7e031545e757899454e4403a9a8c1a4773b86fd Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 7 Mar 2024 17:20:26 +0100 Subject: [PATCH 045/135] sap_hana_install: Fix regression in test scripts. Relates to #671. Signed-off-by: Bernd Finger --- .../run-sap_hana_install-install-tests.py | 48 +++++++++++-------- 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py b/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py index 40512e06a..9b8f38e3b 100755 --- a/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py +++ b/roles/sap_hana_install/tests/install/run-sap_hana_install-install-tests.py @@ -100,13 +100,15 @@ def print_log(text): for par1 in __tests[0:3]: print('\n' + 'Test ' + par1['number'] + ': ' + par1['name']) # prepare the test: - command = ('ansible-playbook prepare-install-test-' - + par1['number'] - + '.yml ' - + '-u root ' - + '-i ' - + __managed_node) - + ',' + command = ( + 'ansible-playbook prepare-install-test-' + + par1['number'] + + '.yml ' + + '-u root ' + + '-i ' + + __managed_node + + ',' + ) args = shlex.split(command) # _py_rc = os.system(command) __logfile = __logdir + '/' + __logfile_prefix + __datestr + '-prepare-' + par1['number'] + '.log' @@ -118,15 +120,17 @@ def print_log(text): __filedescriptor.flush() # run the test: - command = ('ansible-playbook run-install-test-' - + par1['number'] - + '.yml ' - + par1['command_line_parameter'] - + '-u root ' - + '-i ' - + __managed_node - + ', ' - + '-e "') + command = ( + 'ansible-playbook run-install-test-' + + par1['number'] + + '.yml ' + + par1['command_line_parameter'] + + '-u root ' + + '-i ' + + __managed_node + + ', ' + + '-e "' + ) # add all role vars for this test: for par2 in par1['role_vars']: command += str(par2) @@ -152,11 +156,13 @@ def print_log(text): print('Test ' + par1['number'] + ' FAILED!!!') # uninstall SAP HANA: - command = ('ansible-playbook hana-uninstall.yml ' - + '-u root ' - + '-i ' - + __managed_node) - + ',' + command = ( + 'ansible-playbook hana-uninstall.yml ' + + '-u root ' + + '-i ' + + __managed_node + + ',' + ) args = shlex.split(command) __logfile = __logdir + '/' + __logfile_prefix + __datestr + '-uninstall-' + par1['number'] + '.log' with open(__logfile, 'wb') as __filedescriptor: From 5f0f19dbe5acad60b2b35646dcb94001a035fdad Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Fri, 8 Mar 2024 08:49:01 +0000 Subject: [PATCH 046/135] hana_ prefix update for dictionary --- .../vars/hana_scaleout_common.yml | 2 +- .../vars/hana_scaleup_common.yml | 2 +- roles/sap_ha_pacemaker_cluster/vars/redhat.yml | 4 ++-- roles/sap_ha_pacemaker_cluster/vars/suse.yml | 9 +++++++-- 4 files changed, 11 insertions(+), 6 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/vars/hana_scaleout_common.yml b/roles/sap_ha_pacemaker_cluster/vars/hana_scaleout_common.yml index 83f6d7837..16db5b62a 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/hana_scaleout_common.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/hana_scaleout_common.yml @@ -3,7 +3,7 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -__sap_ha_pacemaker_cluster_sap_extra_packages: "{{ __sap_ha_pacemaker_cluster_sap_extra_packages_dict.scaleout }}" +__sap_ha_pacemaker_cluster_sap_extra_packages: "{{ __sap_ha_pacemaker_cluster_sap_extra_packages_dict.hana_scaleout }}" sap_ha_pacemaker_cluster_ra_hana: SAPHanaController sap_ha_pacemaker_cluster_hadr_provider_name: SAPHanaSR diff --git a/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_common.yml b/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_common.yml index e84ca6d10..373e1ddfa 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_common.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_common.yml @@ -3,7 +3,7 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -__sap_ha_pacemaker_cluster_sap_extra_packages: "{{ __sap_ha_pacemaker_cluster_sap_extra_packages_dict.scaleup }}" +__sap_ha_pacemaker_cluster_sap_extra_packages: "{{ __sap_ha_pacemaker_cluster_sap_extra_packages_dict.hana_scaleup }}" sap_ha_pacemaker_cluster_ra_hana: SAPHana sap_ha_pacemaker_cluster_hadr_provider_name: SAPHanaSR diff --git a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml index 2c0b81cfa..26b650bdd 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml @@ -54,9 +54,9 @@ __sap_ha_pacemaker_cluster_platform_extra_packages_dict: # Dictionary with additional cluster packages for specific scenarios __sap_ha_pacemaker_cluster_sap_extra_packages_dict: - scaleout: + hana_scaleout: - resource-agents-sap-hana-scaleout - scaleup: + hana_scaleup: - resource-agents-sap-hana nwas: - resource-agents-sap diff --git a/roles/sap_ha_pacemaker_cluster/vars/suse.yml b/roles/sap_ha_pacemaker_cluster/vars/suse.yml index ce063cffc..ac7b771b9 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/suse.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/suse.yml @@ -42,14 +42,19 @@ __sap_ha_pacemaker_cluster_platform_extra_packages_dict: # Dictionary with additional cluster packages for specific scenarios __sap_ha_pacemaker_cluster_sap_extra_packages_dict: - scaleout: + hana_scaleout: - resource-agents - SAPHanaSR-ScaleOut - scaleup: + - ClusterTools2 + hana_scaleup: - resource-agents - SAPHanaSR + - ClusterTools2 nwas: - resource-agents + - ClusterTools2 + - sap-suse-cluster-connector + - sapstartsrv-resource-agents # Dictionary for platform specific Stonith agents # This is required only if there are differences between os_family From c19fcecd9d11fb0f6e226883f9f766a7db194b7a Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 8 Mar 2024 14:41:09 +0100 Subject: [PATCH 047/135] sap_swpm: Adjust permissions of non-executables Also add the source for the permission and ownership information to defaults/main.yml. Signed-off-by: Bernd Finger --- roles/sap_swpm/defaults/main.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/roles/sap_swpm/defaults/main.yml b/roles/sap_swpm/defaults/main.yml index acea384fe..f57448e31 100644 --- a/roles/sap_swpm/defaults/main.yml +++ b/roles/sap_swpm/defaults/main.yml @@ -20,6 +20,12 @@ sap_swpm_ansible_role_mode: "default" # The default is true. sap_swpm_set_file_permissions: true # +# The following 9 parameters define the default permission and ownership settings as per the +# Installation of SAP ABAP Systems on UNIX : SAP HANA 2.0 Database - Using Software Provisioning Manager 2.0 guide +# https://help.sap.com/docs/SLTOOLSET/39c32e9783f6439e871410848f61544c/c1f95d30d0ba4335919bf6e6f44263b2.html?version=CURRENT_VERSION_SWPM20 +# The guide mentions 755 as the minimum permission for the SPWM download directory and a umask setting of 022 for the user +# which downloads the SAP software. +# # Access permissions and ownership for all directories in sap_swpm_software_path, for sap_swpm_sapcar_path, and for sap_swpm_swpm_path: sap_swpm_software_directory_mode: '0755' sap_swpm_software_directory_owner: root @@ -31,7 +37,7 @@ sap_swpm_files_sapcar_owner: root sap_swpm_files_sapcar_group: root # # Access permissions and ownership for all non-SAPCAR*EXE files in sap_swpm_software_path and for SWPM*.SAR in sap_swpm_swpm_path: -sap_swpm_files_non_sapcar_mode: '0664' +sap_swpm_files_non_sapcar_mode: '0644' sap_swpm_files_non_sapcar_owner: root sap_swpm_files_non_sapcar_group: root From aac67af0b250b0d1a2b6b400f45ff81c5d49b2c9 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 8 Mar 2024 20:46:22 +0100 Subject: [PATCH 048/135] sap_hana_install: Improve the pattern for identifying executables Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index 98c610d36..a9b8ef1dc 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -209,8 +209,16 @@ - name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_root_path' into the fapolicyd trust file ansible.builtin.shell: | set -o pipefail && - find {{ sap_hana_install_root_path }} -type f -executable -exec file {} \; | - awk 'BEGIN{FS=":";IGNORECASE=1}/64-bit/{system ("fapolicyd-cli --file add "$1" --trust-file {{ sap_hana_install_fapolicyd_trust_filename }}")}' + find {{ sap_hana_install_root_path }} -type f -executable -exec fapolicyd-cli -t {} \; -print | + awk '/\/x-executable/|| + /\/x-sharedlib/|| + /\/x-shellscript/|| + /\/x-python/{a=1; b=NR} + { + if(a==1 && b==(NR-1)){ + system("fapolicyd-cli --file add "$0" --trust-file {{ sap_hana_install_fapolicyd_trust_filename }}"); a=0; b=0 + } + }' changed_when: true when: - sap_hana_install_use_fapolicyd From f69ebc7ef118cb79f3958401b26cc823a5fadb2b Mon Sep 17 00:00:00 2001 From: Roberto Nozaki Date: Sat, 9 Mar 2024 00:23:21 -0500 Subject: [PATCH 049/135] Fix item label --- roles/sap_swpm/tasks/swpm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_swpm/tasks/swpm.yml b/roles/sap_swpm/tasks/swpm.yml index 3271856b5..08ee1001d 100644 --- a/roles/sap_swpm/tasks/swpm.yml +++ b/roles/sap_swpm/tasks/swpm.yml @@ -143,4 +143,4 @@ loop: "{{ swpm_sapcontrol_file_contents.results }}" loop_control: loop_var: file_output - label: "{{ file_output.item }}" + label: "{{ file_output.line_item }}" From 6c9efad5bc7c317706b8fb9d9df16cd40fffefda Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Mon, 11 Mar 2024 15:48:20 +0000 Subject: [PATCH 050/135] default for package dictionaries to simplify vars --- .../vars/platform_cloud_aws_ec2_vs.yml | 6 ++++-- .../vars/platform_cloud_gcp_ce_vm.yml | 6 ++++-- .../vars/platform_cloud_ibmcloud_powervs.yml | 6 ++++-- .../vars/platform_cloud_ibmcloud_vs.yml | 6 ++++-- .../vars/platform_cloud_msazure_vm.yml | 6 ++++-- .../vars/platform_hyp_ibmpower_vm.yml | 6 ++++-- roles/sap_ha_pacemaker_cluster/vars/redhat.yml | 3 --- roles/sap_ha_pacemaker_cluster/vars/suse.yml | 12 +----------- 8 files changed, 25 insertions(+), 26 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_aws_ec2_vs.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_aws_ec2_vs.yml index 9862d6f14..07b1564f2 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_aws_ec2_vs.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_aws_ec2_vs.yml @@ -3,9 +3,11 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_aws }}" +sap_ha_pacemaker_cluster_fence_agent_packages: + "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_aws | default([]) }}" -__sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_aws }}" +__sap_ha_pacemaker_cluster_platform_extra_packages: + "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_aws | default([]) }}" __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms" diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml index a9cc0f423..abf0104ea 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml @@ -3,9 +3,11 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_gcp }}" +sap_ha_pacemaker_cluster_fence_agent_packages: + "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_gcp | default([]) }}" -__sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_gcp }}" +__sap_ha_pacemaker_cluster_platform_extra_packages: + "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_gcp | default([]) }}" __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms" diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_powervs.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_powervs.yml index 0b89b16f3..dfd234172 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_powervs.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_powervs.yml @@ -3,9 +3,11 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_ibmcloud_powervs }}" +sap_ha_pacemaker_cluster_fence_agent_packages: + "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_ibmcloud_powervs | default([]) }}" -__sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_ibmcloud_powervs }}" +__sap_ha_pacemaker_cluster_platform_extra_packages: + "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_ibmcloud_powervs | default([]) }}" __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_vs.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_vs.yml index 9f073da70..412fd2001 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_vs.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_ibmcloud_vs.yml @@ -3,9 +3,11 @@ # # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_ibmcloud_vs }}" +sap_ha_pacemaker_cluster_fence_agent_packages: + "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_ibmcloud_vs | default([]) }}" -__sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_ibmcloud_vs }}" +__sap_ha_pacemaker_cluster_platform_extra_packages: + "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_ibmcloud_vs | default([]) }}" __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_msazure_vm.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_msazure_vm.yml index e7b02f2cb..26c2afee8 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_msazure_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_cloud_msazure_vm.yml @@ -6,9 +6,11 @@ # The packages of the following lists will be installed by the 'ha_cluster' Linux System Role. # Any packages that are pre-requisites for variable construction must be installed before, e.g. # in the preconfigure-* tasks. -sap_ha_pacemaker_cluster_fence_agent_packages: "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_msazure_vm }}" +sap_ha_pacemaker_cluster_fence_agent_packages: + "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.cloud_msazure_vm | default([]) }}" -__sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_msazure_vm }}" +__sap_ha_pacemaker_cluster_platform_extra_packages: + "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.cloud_msazure_vm | default([]) }}" __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms" diff --git a/roles/sap_ha_pacemaker_cluster/vars/platform_hyp_ibmpower_vm.yml b/roles/sap_ha_pacemaker_cluster/vars/platform_hyp_ibmpower_vm.yml index be47270e9..8572b600f 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/platform_hyp_ibmpower_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/platform_hyp_ibmpower_vm.yml @@ -3,9 +3,11 @@ # TODO: rename this file to match the actual "chassis_asset_tag" output # TODO: make sure to first respect 'ha_cluster' native variables -sap_ha_pacemaker_cluster_fence_agent_packages: "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.hyp_ibmpower_vm }}" +sap_ha_pacemaker_cluster_fence_agent_packages: + "{{ sap_ha_pacemaker_cluster_fence_agent_packages_dict.hyp_ibmpower_vm | default([]) }}" -__sap_ha_pacemaker_cluster_platform_extra_packages: "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.hyp_ibmpower_vm }}" +__sap_ha_pacemaker_cluster_platform_extra_packages: + "{{ __sap_ha_pacemaker_cluster_platform_extra_packages_dict.hyp_ibmpower_vm | default([]) }}" __sap_ha_pacemaker_cluster_repos: - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms" diff --git a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml index 26b650bdd..4dfcda596 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml @@ -46,11 +46,8 @@ __sap_ha_pacemaker_cluster_platform_extra_packages_dict: - awscli cloud_gcp: - resource-agents-gcp - cloud_ibmcloud_powervs: [] - cloud_ibmcloud_vs: [] cloud_msazure_vm: - socat - hyp_ibmpower_vm: [] # Dictionary with additional cluster packages for specific scenarios __sap_ha_pacemaker_cluster_sap_extra_packages_dict: diff --git a/roles/sap_ha_pacemaker_cluster/vars/suse.yml b/roles/sap_ha_pacemaker_cluster/vars/suse.yml index ac7b771b9..cef80561b 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/suse.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/suse.yml @@ -21,24 +21,14 @@ sap_ha_pacemaker_cluster_fence_agent_minimal_packages: # Dictionary with fence packages for each platform # SUSE does not use platform specific fence agents, just fence-agents -sap_ha_pacemaker_cluster_fence_agent_packages_dict: - cloud_aws: [] - cloud_gcp: [] - cloud_ibmcloud_powervs: [] - cloud_ibmcloud_vs: [] - cloud_msazure_vm: [] - hyp_ibmpower_vm: [] +# sap_ha_pacemaker_cluster_fence_agent_packages_dict: # Dictionary with extra platform specific packages __sap_ha_pacemaker_cluster_platform_extra_packages_dict: cloud_aws: - awscli - cloud_gcp: [] - cloud_ibmcloud_powervs: [] - cloud_ibmcloud_vs: [] cloud_msazure_vm: - socat - hyp_ibmpower_vm: [] # Dictionary with additional cluster packages for specific scenarios __sap_ha_pacemaker_cluster_sap_extra_packages_dict: From dccde018b133d1c0b6ace115ffc255b44345acb3 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 11 Mar 2024 23:59:37 +0100 Subject: [PATCH 051/135] sap_hana_install: fix wrong comment Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index a9b8ef1dc..b64a46592 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -205,7 +205,7 @@ when: not ansible_check_mode # We want to add only the necessary files to the fapolicyd trust file, so we are only looking for files which have the execute -# mode bit set AND which are of file type 64-bit executable or 64-bit shared object. +# mode bit set AND which are reported as executables by fapolicyd-cli -t - name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_root_path' into the fapolicyd trust file ansible.builtin.shell: | set -o pipefail && From 30e0d85210b6297a0037486524b57fad8bf2ed4a Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 18 Mar 2024 12:50:29 +0100 Subject: [PATCH 052/135] sap_netweaver_preconfigure: Sync with SAP note 3119751 v.13 Solves #685 for the normal mode of the role Signed-off-by: Bernd Finger --- .../tasks/sapnote/3119751.yml | 71 +++++++++++++------ .../vars/RedHat_8.yml | 2 +- 2 files changed, 52 insertions(+), 21 deletions(-) diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml index 3b4dcb41c..073da2b3b 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml @@ -5,23 +5,54 @@ msg: "SAP note {{ (__sap_netweaver_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3119751$') | first).number }} (version {{ (__sap_netweaver_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3119751$') | first).version }}): Linux Requirements for SAP Kernel 754 and for SAP Kernel 788 and higher" -- name: Get info about the compat-sap-c++-10.so file - ansible.builtin.stat: - path: /opt/rh/SAP/lib64/compat-sap-c++-10.so - register: __sap_netweaver_preconfigure_register_stat_compat_sap_cpp - -- name: Create directory '{{ sap_netweaver_preconfigure_rpath }}' - ansible.builtin.file: - path: "{{ sap_netweaver_preconfigure_rpath }}" - state: directory - owner: root - group: root - mode: '0755' - when: __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists - -- name: Create a link to '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' - ansible.builtin.file: - src: /opt/rh/SAP/lib64/compat-sap-c++-10.so - dest: "{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6" - state: link - when: __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists +# Reason for noqa: We do not want to fail if there is no output from the ls command. +- name: Indentify the latest compat-sap-c++-NUM.so file with NUM >= 10 # noqa risky-shell-pipe + ansible.builtin.shell: + args: + cmd: ls compat-sap-c++-1* | sort | tail -1 + chdir: /opt/rh/SAP/lib64 + register: __sap_netweaver_preconfigure_register_ls_compat_sap_cpp + when: ansible_distribution_major_version == '8' + changed_when: false + +# Note: The file compat-sap-c++-NUM.so file with NUM >= 10 will be available if the role sap_general_preconfigure has been run before. +- name: Fail if there is no file compat-sap-c++-NUM.so file with NUM >= 10 + ansible.builtin.fail: + msg: | + - There is no file /opt/rh/SAP/lib64/compat-sap-c++-NUM.so file with NUM >= 10. + - Make sure that package compat-sap-c++-10 or later is installed. + when: + - ansible_distribution_major_version == '8' + - (__sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout is undefined or + __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout is none or + __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout | length == 0) + +- name: Display the identified compat-sap-c++-NUM.so file name + ansible.builtin.debug: + msg: "File /opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }} is present." + +- name: Ensure necessary symlinks for RHEL 8 are available + when: + - ansible_distribution_major_version == '8' + - __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout | length > 0 + block: + + - name: Ensure there is a symlink in directory '/opt/rh/SAP/lib64' named 'libstdc++.so.6', pointing to '{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}' + ansible.builtin.file: + src: "{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}" + dest: "/opt/rh/SAP/lib64/libstdc++.so.6" + state: link + + - name: Ensure directory '{{ sap_netweaver_preconfigure_rpath }}' is present + ansible.builtin.file: + path: "{{ sap_netweaver_preconfigure_rpath }}" + state: directory + owner: root + group: root + mode: '0755' + + - name: Ensure there is a symlink in directory '{{ sap_netweaver_preconfigure_rpath }}' named 'libstdc++.so.6' pointing to '/opt/rh/SAP/lib64/libstdc++.so.6' + ansible.builtin.file: + src: /opt/rh/SAP/lib64/libstdc++.so.6 + dest: "{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6" + state: link diff --git a/roles/sap_netweaver_preconfigure/vars/RedHat_8.yml b/roles/sap_netweaver_preconfigure/vars/RedHat_8.yml index 89f297948..9bd5223a0 100644 --- a/roles/sap_netweaver_preconfigure/vars/RedHat_8.yml +++ b/roles/sap_netweaver_preconfigure/vars/RedHat_8.yml @@ -8,7 +8,7 @@ __sap_netweaver_preconfigure_sapnotes: __sap_netweaver_preconfigure_sapnotes_versions: - { number: '2526952', version: '5' } - - { number: '3119751', version: '4' } + - { number: '3119751', version: '13' } __sap_netweaver_preconfigure_packages: - tuned-profiles-sap From 0c95975d84835c26e8c168ba2e62117d5e4d12a3 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 18 Mar 2024 18:45:58 +0100 Subject: [PATCH 053/135] sap_netweaver_preconfigure: Sync with SAP note 3119751 v.13, assert mode Solves #685 for the assert mode of the role Signed-off-by: Bernd Finger --- .../tasks/sapnote/3119751.yml | 15 ++-- .../tasks/sapnote/assert-3119751.yml | 81 +++++++++++++------ 2 files changed, 62 insertions(+), 34 deletions(-) diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml index 073da2b3b..4b1ffcae3 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml @@ -5,6 +5,8 @@ msg: "SAP note {{ (__sap_netweaver_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3119751$') | first).number }} (version {{ (__sap_netweaver_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3119751$') | first).version }}): Linux Requirements for SAP Kernel 754 and for SAP Kernel 788 and higher" +# Note: This file is only included for RHEL 8, so no further when condition is required here. + # Reason for noqa: We do not want to fail if there is no output from the ls command. - name: Indentify the latest compat-sap-c++-NUM.so file with NUM >= 10 # noqa risky-shell-pipe ansible.builtin.shell: @@ -12,7 +14,6 @@ cmd: ls compat-sap-c++-1* | sort | tail -1 chdir: /opt/rh/SAP/lib64 register: __sap_netweaver_preconfigure_register_ls_compat_sap_cpp - when: ansible_distribution_major_version == '8' changed_when: false # Note: The file compat-sap-c++-NUM.so file with NUM >= 10 will be available if the role sap_general_preconfigure has been run before. @@ -21,20 +22,16 @@ msg: | - There is no file /opt/rh/SAP/lib64/compat-sap-c++-NUM.so file with NUM >= 10. - Make sure that package compat-sap-c++-10 or later is installed. - when: - - ansible_distribution_major_version == '8' - - (__sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout is undefined or - __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout is none or - __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout | length == 0) + when: __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout is undefined or + __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout is none or + __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout | length == 0 - name: Display the identified compat-sap-c++-NUM.so file name ansible.builtin.debug: msg: "File /opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }} is present." - name: Ensure necessary symlinks for RHEL 8 are available - when: - - ansible_distribution_major_version == '8' - - __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout | length > 0 + when: __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout | length > 0 block: - name: Ensure there is a symlink in directory '/opt/rh/SAP/lib64' named 'libstdc++.so.6', pointing to '{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}' diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml index afe510cdd..d50527e4d 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml @@ -5,46 +5,77 @@ msg: "SAP note {{ (__sap_netweaver_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3119751$') | first).number }} (version {{ (__sap_netweaver_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3119751$') | first).version }}): Linux Requirements for SAP Kernel 754 and for SAP Kernel 788 and higher" -- name: Get info about the compat-sap-c++-10.so file +# Note: This file is only included for RHEL 8, so no further when condition is required here. + +- name: Indentify the latest compat-sap-c++-NUM.so file with NUM >= 10 # noqa risky-shell-pipe + ansible.builtin.shell: + args: + cmd: ls compat-sap-c++-1* | sort | tail -1 + chdir: /opt/rh/SAP/lib64 + register: __sap_netweaver_preconfigure_register_ls_compat_sap_cpp + changed_when: false + +# Note: The file compat-sap-c++-NUM.so file with NUM >= 10 will be available if the role sap_general_preconfigure has been run before. +- name: Assert that there is at least one file /opt/rh/SAP/lib64/compat-sap-c++-NUM.so with NUM >= 10 + ansible.builtin.assert: + that: __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout | length > 0 + fail_msg: "FAIL: There is no file /opt/rh/SAP/lib64/compat-sap-c++-NUM.so file with NUM >= 10!" + success_msg: "PASS: Found file /opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}." + ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" + +# Verify /opt/rh/SAP/lib64/libstdc++.so.6 +- name: Get info about file /opt/rh/SAP/lib64/libstdc++.so.6 ansible.builtin.stat: - path: /opt/rh/SAP/lib64/compat-sap-c++-10.so - register: __sap_netweaver_preconfigure_register_stat_compat_sap_cpp + path: /opt/rh/SAP/lib64/libstdc++.so.6 + register: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert -- name: Report if checking for a link from libstdc++.so.6 to compat-sap-c++-10.so is skipped - ansible.builtin.debug: - msg: "INFO: Not checking for link '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' - file '/opt/rh/SAP/lib64/compat-sap-c++-10.so' does not exist on this system." - when: not __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists +- name: Assert that file /opt/rh/SAP/lib64/libstdc++.so.6 exists + ansible.builtin.assert: + that: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.exists + fail_msg: "FAIL: File '/opt/rh/SAP/lib64/libstdc++.so.6' does not exist!" + success_msg: "PASS: File '/opt/rh/SAP/lib64/libstdc++.so.6' exists." + ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" + +- name: Assert that file '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink + ansible.builtin.assert: + that: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.islnk + fail_msg: "FAIL: File '/opt/rh/SAP/lib64/libstdc++.so.6' is not a symlink!" + success_msg: "PASS: File '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink." + ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" + when: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.exists + +- name: Assert that file '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink to '{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}' + ansible.builtin.assert: + that: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.lnk_target == __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout + fail_msg: "FAIL: File '/opt/rh/SAP/lib64/libstdc++.so.6' is not a symlink to '{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}!'" + success_msg: "PASS: File '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink to '{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}'." + ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" + when: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.exists - name: Get info about file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' ansible.builtin.stat: path: "{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6" - register: __sap_netweaver_preconfigure_register_stat_libstdc_assert - when: __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists + register: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert - name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' exists ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_libstdc_assert.stat.exists + that: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.exists fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' does not exist!" success_msg: "PASS: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' exists." ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - when: __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists -- name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a link +- name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a symlink ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_libstdc_assert.stat.islnk - fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is not a link!" - success_msg: "PASS: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a link." + that: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.islnk + fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is not a symlink!" + success_msg: "PASS: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a symlink." ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - when: - - __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists - - __sap_netweaver_preconfigure_register_stat_libstdc_assert.stat.exists + when: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.exists -- name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a link to '/opt/rh/SAP/lib64/compat-sap-c++-10.so' +- name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a symlink to '/opt/rh/SAP/lib64/libstdc++.so.6' ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_libstdc_assert.stat.lnk_target == '/opt/rh/SAP/lib64/compat-sap-c++-10.so' - fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is not a link to '/opt/rh/SAP/lib64/compat-sap-c++-10.so!'" - success_msg: "PASS: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a link to '/opt/rh/SAP/lib64/compat-sap-c++-10.so.'" + that: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.lnk_target == '/opt/rh/SAP/lib64/libstdc++.so.6' + fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is not a symlink to '/opt/rh/SAP/lib64/libstdc++.so.6'!" + success_msg: "PASS: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a symlink to '/opt/rh/SAP/lib64/libstdc++.so.6'." ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - when: - - __sap_netweaver_preconfigure_register_stat_compat_sap_cpp.stat.exists - - __sap_netweaver_preconfigure_register_stat_libstdc_assert.stat.exists + when: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.exists From cdaeee7f90123aefe5a8e74bf8aa95871ae01d06 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 18 Mar 2024 19:01:27 +0100 Subject: [PATCH 054/135] sap_netweaver_preconfigure: Fix spelling errors Relates to #685. Signed-off-by: Bernd Finger --- roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml | 2 +- .../sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml index 4b1ffcae3..a1752947f 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml @@ -8,7 +8,7 @@ # Note: This file is only included for RHEL 8, so no further when condition is required here. # Reason for noqa: We do not want to fail if there is no output from the ls command. -- name: Indentify the latest compat-sap-c++-NUM.so file with NUM >= 10 # noqa risky-shell-pipe +- name: Identify the latest compat-sap-c++-NUM.so file with NUM >= 10 # noqa risky-shell-pipe ansible.builtin.shell: args: cmd: ls compat-sap-c++-1* | sort | tail -1 diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml index d50527e4d..14fd48f16 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml @@ -7,7 +7,7 @@ # Note: This file is only included for RHEL 8, so no further when condition is required here. -- name: Indentify the latest compat-sap-c++-NUM.so file with NUM >= 10 # noqa risky-shell-pipe +- name: Identify the latest compat-sap-c++-NUM.so file with NUM >= 10 # noqa risky-shell-pipe ansible.builtin.shell: args: cmd: ls compat-sap-c++-1* | sort | tail -1 From 8d67018516fc6f99141d6b3ba65b2ed24d82b092 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Tue, 19 Mar 2024 15:18:56 +0100 Subject: [PATCH 055/135] sap_netweaver_preconfigure: Use find module, normal mode Implements the suggestion in the PR #686 for the normal mode. Signed-off-by: Bernd Finger --- .../tasks/sapnote/3119751.yml | 87 ++++++++++--------- 1 file changed, 45 insertions(+), 42 deletions(-) diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml index a1752947f..4e7e60324 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml @@ -7,49 +7,52 @@ # Note: This file is only included for RHEL 8, so no further when condition is required here. -# Reason for noqa: We do not want to fail if there is no output from the ls command. -- name: Identify the latest compat-sap-c++-NUM.so file with NUM >= 10 # noqa risky-shell-pipe - ansible.builtin.shell: - args: - cmd: ls compat-sap-c++-1* | sort | tail -1 - chdir: /opt/rh/SAP/lib64 - register: __sap_netweaver_preconfigure_register_ls_compat_sap_cpp - changed_when: false - -# Note: The file compat-sap-c++-NUM.so file with NUM >= 10 will be available if the role sap_general_preconfigure has been run before. -- name: Fail if there is no file compat-sap-c++-NUM.so file with NUM >= 10 +- name: Indentify all compat-sap-c++-NUM.so files with NUM >= 10 + ansible.builtin.find: + paths: '/opt/rh/SAP/lib64' + patterns: "compat-sap-c++-1*" + register: __sap_netweaver_preconfigure_register_find_compat_sap_cpp + +# Note: The file compat-sap-c++-NUM.so with NUM >= 10 will be available if the role sap_general_preconfigure has been run before, +# which is a requirement. +- name: Fail if there is no file 'compat-sap-c++-NUM.so' file with NUM >= 10 ansible.builtin.fail: - msg: | - - There is no file /opt/rh/SAP/lib64/compat-sap-c++-NUM.so file with NUM >= 10. - - Make sure that package compat-sap-c++-10 or later is installed. - when: __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout is undefined or - __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout is none or - __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout | length == 0 + msg: There is no file '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' file with NUM >= 10! + when: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched == 0 + +# Note: All following tasks depend on the previous task not having failed, so no further when condition is used below. +- name: Set fact for file names from find result + ansible.builtin.set_fact: + __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames | d([]) + [ __sap_netweaver_preconfigure_item.path | basename ] }}" + loop: "{{ __sap_netweaver_preconfigure_register_find_compat_sap_cpp.files }}" + loop_control: + loop_var: __sap_netweaver_preconfigure_item + label: __sap_netweaver_preconfigure_item + +- name: Set fact for the latest compat-sap-c++.NUM.so file name + ansible.builtin.set_fact: + __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames | sort | last }}" - name: Display the identified compat-sap-c++-NUM.so file name ansible.builtin.debug: - msg: "File /opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }} is present." - -- name: Ensure necessary symlinks for RHEL 8 are available - when: __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout | length > 0 - block: - - - name: Ensure there is a symlink in directory '/opt/rh/SAP/lib64' named 'libstdc++.so.6', pointing to '{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}' - ansible.builtin.file: - src: "{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}" - dest: "/opt/rh/SAP/lib64/libstdc++.so.6" - state: link - - - name: Ensure directory '{{ sap_netweaver_preconfigure_rpath }}' is present - ansible.builtin.file: - path: "{{ sap_netweaver_preconfigure_rpath }}" - state: directory - owner: root - group: root - mode: '0755' - - - name: Ensure there is a symlink in directory '{{ sap_netweaver_preconfigure_rpath }}' named 'libstdc++.so.6' pointing to '/opt/rh/SAP/lib64/libstdc++.so.6' - ansible.builtin.file: - src: /opt/rh/SAP/lib64/libstdc++.so.6 - dest: "{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6" - state: link + msg: "File /opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }} is present." + +- name: Ensure there is a symlink in directory '/opt/rh/SAP/lib64' named 'libstdc++.so.6', pointing to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}' + ansible.builtin.file: + src: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}" + dest: "/opt/rh/SAP/lib64/libstdc++.so.6" + state: link + +- name: Ensure directory '{{ sap_netweaver_preconfigure_rpath }}' is present + ansible.builtin.file: + path: "{{ sap_netweaver_preconfigure_rpath }}" + state: directory + owner: root + group: root + mode: '0755' + +- name: Ensure there is a symlink in directory '{{ sap_netweaver_preconfigure_rpath }}' named 'libstdc++.so.6' pointing to '/opt/rh/SAP/lib64/libstdc++.so.6' + ansible.builtin.file: + src: /opt/rh/SAP/lib64/libstdc++.so.6 + dest: "{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6" + state: link From 1f3cc7aad0061c1000a36ed065a2d5ef697fe136 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Tue, 19 Mar 2024 15:23:08 +0100 Subject: [PATCH 056/135] sap_netweaver_preconfigure: Fix ansible-lint and spell check Relates to #685. Signed-off-by: Bernd Finger --- roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml index 4e7e60324..0f35e9c41 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml @@ -7,7 +7,7 @@ # Note: This file is only included for RHEL 8, so no further when condition is required here. -- name: Indentify all compat-sap-c++-NUM.so files with NUM >= 10 +- name: Identify all compat-sap-c++-NUM.so files with NUM >= 10 ansible.builtin.find: paths: '/opt/rh/SAP/lib64' patterns: "compat-sap-c++-1*" @@ -23,7 +23,7 @@ # Note: All following tasks depend on the previous task not having failed, so no further when condition is used below. - name: Set fact for file names from find result ansible.builtin.set_fact: - __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames | d([]) + [ __sap_netweaver_preconfigure_item.path | basename ] }}" + __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames | d([]) + [__sap_netweaver_preconfigure_item.path | basename] }}" loop: "{{ __sap_netweaver_preconfigure_register_find_compat_sap_cpp.files }}" loop_control: loop_var: __sap_netweaver_preconfigure_item From b444c85a66afac4d2653f912cface6d9ec6a1112 Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Tue, 19 Mar 2024 15:29:19 +0100 Subject: [PATCH 057/135] fix(sap_hana_preconfigure): move handlers to the correct location Closes #687 --- roles/sap_hana_preconfigure/handlers/main.yml | 11 +++++++++++ .../tasks/SLES/configuration.yml | 13 +------------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/roles/sap_hana_preconfigure/handlers/main.yml b/roles/sap_hana_preconfigure/handlers/main.yml index ee7eb5c9d..373a91b3b 100644 --- a/roles/sap_hana_preconfigure/handlers/main.yml +++ b/roles/sap_hana_preconfigure/handlers/main.yml @@ -97,3 +97,14 @@ when: - not sap_hana_preconfigure_fail_if_reboot_required | d(true) - not sap_hana_preconfigure_reboot_ok | d(false) + +- name: GRUB post-update configuration + ansible.builtin.shell: + cmd: grub2-mkconfig -o /boot/grub2/grub.cfg + listen: __sap_hana_preconfigure_grub_configuration_changed_handler + +- name: GRUB post-update permissions + ansible.builtin.file: + path: /boot/grub2/grub.cfg + mode: "0600" + listen: __sap_hana_preconfigure_grub_configuration_changed_handler diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index 21cc14583..390f9d7f4 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -40,17 +40,6 @@ - name: Set GRUB entries when: __sap_hana_preconfigure_run_saptune - handlers: - - name: GRUB_post-update_configuration - block: - - name: GRUB mkconfig - ansible.builtin.shell: - cmd: grub2-mkconfig -o /boot/grub2/grub.cfg - - - name: GRUB.cfg permissions - ansible.builtin.file: - path: /boot/grub2/grub.cfg - mode: "0600" block: # Reason for noqa: # no-changed-when: the regex do a check on the element before apply the @@ -81,7 +70,7 @@ - name: Trigger grub update if necessary # noqa no-changed-when ansible.builtin.command: /bin/true when: set_grub_entries.results | selectattr('changed', 'equalto', true) | list | length > 0 - notify: GRUB_post-update_configuration + notify: __sap_hana_preconfigure_grub_configuration_changed_handler - name: Enable sapconf when: not __sap_hana_preconfigure_run_saptune From e44e65cfc3e7e0859cafa9d2d3b521069a03a70e Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Tue, 19 Mar 2024 15:41:29 +0100 Subject: [PATCH 058/135] sap_netweaver_preconfigure: Use find module, assert mode Implements the suggestion in the PR #686 for the assert mode. Also modifies some task names. Relates to #685. Signed-off-by: Bernd Finger --- .../tasks/sapnote/3119751.yml | 8 +-- .../tasks/sapnote/assert-3119751.yml | 49 ++++++++++++------- 2 files changed, 35 insertions(+), 22 deletions(-) diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml index 0f35e9c41..25a03cbd1 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml @@ -7,7 +7,7 @@ # Note: This file is only included for RHEL 8, so no further when condition is required here. -- name: Identify all compat-sap-c++-NUM.so files with NUM >= 10 +- name: Identify all 'compat-sap-c++-NUM.so' files with NUM >= 10 ansible.builtin.find: paths: '/opt/rh/SAP/lib64' patterns: "compat-sap-c++-1*" @@ -27,13 +27,13 @@ loop: "{{ __sap_netweaver_preconfigure_register_find_compat_sap_cpp.files }}" loop_control: loop_var: __sap_netweaver_preconfigure_item - label: __sap_netweaver_preconfigure_item + label: "{{ __sap_netweaver_preconfigure_item.path }}" -- name: Set fact for the latest compat-sap-c++.NUM.so file name +- name: Set fact for the latest 'compat-sap-c++.NUM.so' file name ansible.builtin.set_fact: __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames | sort | last }}" -- name: Display the identified compat-sap-c++-NUM.so file name +- name: Display the identified 'compat-sap-c++-NUM.so' file name ansible.builtin.debug: msg: "File /opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }} is present." diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml index 14fd48f16..b982db01b 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml @@ -7,29 +7,42 @@ # Note: This file is only included for RHEL 8, so no further when condition is required here. -- name: Identify the latest compat-sap-c++-NUM.so file with NUM >= 10 # noqa risky-shell-pipe - ansible.builtin.shell: - args: - cmd: ls compat-sap-c++-1* | sort | tail -1 - chdir: /opt/rh/SAP/lib64 - register: __sap_netweaver_preconfigure_register_ls_compat_sap_cpp - changed_when: false +- name: Identify all 'compat-sap-c++-NUM.so' files with NUM >= 10 + ansible.builtin.find: + paths: '/opt/rh/SAP/lib64' + patterns: "compat-sap-c++-1*" + register: __sap_netweaver_preconfigure_register_find_compat_sap_cpp -# Note: The file compat-sap-c++-NUM.so file with NUM >= 10 will be available if the role sap_general_preconfigure has been run before. -- name: Assert that there is at least one file /opt/rh/SAP/lib64/compat-sap-c++-NUM.so with NUM >= 10 +- name: Set fact for file names from find result + ansible.builtin.set_fact: + __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames | d([]) + [__sap_netweaver_preconfigure_item.path | basename] }}" + loop: "{{ __sap_netweaver_preconfigure_register_find_compat_sap_cpp.files }}" + loop_control: + loop_var: __sap_netweaver_preconfigure_item + label: "{{ __sap_netweaver_preconfigure_item.path }}" + when: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched > 0 + +- name: Set fact for the latest 'compat-sap-c++.NUM.so' file name + ansible.builtin.set_fact: + __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames | sort | last }}" + when: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched > 0 + +# Note: The file compat-sap-c++-NUM.so with NUM >= 10 will be available if the role sap_general_preconfigure has been run before, +# which is a requirement. +- name: Assert that there is at least one file '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10 ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout | length > 0 - fail_msg: "FAIL: There is no file /opt/rh/SAP/lib64/compat-sap-c++-NUM.so file with NUM >= 10!" - success_msg: "PASS: Found file /opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}." + that: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched > 0 + fail_msg: "FAIL: There is no file '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' file with NUM >= 10!" + success_msg: "PASS: Identified file '/opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}'." ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" # Verify /opt/rh/SAP/lib64/libstdc++.so.6 -- name: Get info about file /opt/rh/SAP/lib64/libstdc++.so.6 +- name: Get info about file '/opt/rh/SAP/lib64/libstdc++.so.6' ansible.builtin.stat: path: /opt/rh/SAP/lib64/libstdc++.so.6 register: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert -- name: Assert that file /opt/rh/SAP/lib64/libstdc++.so.6 exists +- name: Assert that file '/opt/rh/SAP/lib64/libstdc++.so.6' exists ansible.builtin.assert: that: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.exists fail_msg: "FAIL: File '/opt/rh/SAP/lib64/libstdc++.so.6' does not exist!" @@ -44,11 +57,11 @@ ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" when: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.exists -- name: Assert that file '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink to '{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}' +- name: Assert that file '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}' ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.lnk_target == __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout - fail_msg: "FAIL: File '/opt/rh/SAP/lib64/libstdc++.so.6' is not a symlink to '{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}!'" - success_msg: "PASS: File '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink to '{{ __sap_netweaver_preconfigure_register_ls_compat_sap_cpp.stdout }}'." + that: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.lnk_target == __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest + fail_msg: "FAIL: File '/opt/rh/SAP/lib64/libstdc++.so.6' is not a symlink to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}!'" + success_msg: "PASS: File '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}'." ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" when: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.exists From 94f8bccddcf954cce2f0b39d55e0a78f113e656c Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 20 Mar 2024 12:09:21 +0100 Subject: [PATCH 059/135] sap_netweaver_preconfigure: Fix wrong link destination Also replace looping over a dict by using the map filter, as suggested in the code review. Relates to #685. Signed-off-by: Bernd Finger --- .../tasks/sapnote/3119751.yml | 31 +++++++-------- .../tasks/sapnote/assert-3119751.yml | 38 +++++++++---------- 2 files changed, 32 insertions(+), 37 deletions(-) diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml index 25a03cbd1..3b7055ed2 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml @@ -7,35 +7,32 @@ # Note: This file is only included for RHEL 8, so no further when condition is required here. -- name: Identify all 'compat-sap-c++-NUM.so' files with NUM >= 10 +- name: Identify all 'compat-sap-c++-NUM.so' symlinks with NUM >= 10 ansible.builtin.find: paths: '/opt/rh/SAP/lib64' - patterns: "compat-sap-c++-1*" + patterns: "compat-sap-c\\+\\+-1[0-9].so" + file_type: link + use_regex: true register: __sap_netweaver_preconfigure_register_find_compat_sap_cpp -# Note: The file compat-sap-c++-NUM.so with NUM >= 10 will be available if the role sap_general_preconfigure has been run before, +# Note: The symlink compat-sap-c++-NUM.so with NUM >= 10 will be available if the role sap_general_preconfigure has been run before, # which is a requirement. -- name: Fail if there is no file 'compat-sap-c++-NUM.so' file with NUM >= 10 +- name: Fail if there is no 'compat-sap-c++-NUM.so' symlink with NUM >= 10 ansible.builtin.fail: - msg: There is no file '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' file with NUM >= 10! + msg: There is no symlink '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10! when: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched == 0 # Note: All following tasks depend on the previous task not having failed, so no further when condition is used below. -- name: Set fact for file names from find result +- name: Set fact for the latest 'compat-sap-c++.NUM.so' symlink ansible.builtin.set_fact: - __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames | d([]) + [__sap_netweaver_preconfigure_item.path | basename] }}" - loop: "{{ __sap_netweaver_preconfigure_register_find_compat_sap_cpp.files }}" - loop_control: - loop_var: __sap_netweaver_preconfigure_item - label: "{{ __sap_netweaver_preconfigure_item.path }}" + __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest: >- + {{ __sap_netweaver_preconfigure_register_find_compat_sap_cpp.files + | map(attribute = 'path') + | sort | last | basename }} -- name: Set fact for the latest 'compat-sap-c++.NUM.so' file name - ansible.builtin.set_fact: - __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames | sort | last }}" - -- name: Display the identified 'compat-sap-c++-NUM.so' file name +- name: Display the identified 'compat-sap-c++-NUM.so' symlink ansible.builtin.debug: - msg: "File /opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }} is present." + msg: "Symlink /opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }} is present." - name: Ensure there is a symlink in directory '/opt/rh/SAP/lib64' named 'libstdc++.so.6', pointing to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}' ansible.builtin.file: diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml index b982db01b..89a569075 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml @@ -7,40 +7,37 @@ # Note: This file is only included for RHEL 8, so no further when condition is required here. -- name: Identify all 'compat-sap-c++-NUM.so' files with NUM >= 10 +- name: Identify all 'compat-sap-c++-NUM.so' symlinks with NUM >= 10 ansible.builtin.find: paths: '/opt/rh/SAP/lib64' - patterns: "compat-sap-c++-1*" + patterns: "compat-sap-c\\+\\+-1[0-9].so" + file_type: link + use_regex: true register: __sap_netweaver_preconfigure_register_find_compat_sap_cpp -- name: Set fact for file names from find result - ansible.builtin.set_fact: - __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames | d([]) + [__sap_netweaver_preconfigure_item.path | basename] }}" - loop: "{{ __sap_netweaver_preconfigure_register_find_compat_sap_cpp.files }}" - loop_control: - loop_var: __sap_netweaver_preconfigure_item - label: "{{ __sap_netweaver_preconfigure_item.path }}" - when: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched > 0 - -- name: Set fact for the latest 'compat-sap-c++.NUM.so' file name - ansible.builtin.set_fact: - __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest: "{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_filenames | sort | last }}" - when: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched > 0 - -# Note: The file compat-sap-c++-NUM.so with NUM >= 10 will be available if the role sap_general_preconfigure has been run before, +# Note: The symlink compat-sap-c++-NUM.so with NUM >= 10 will be available if the role sap_general_preconfigure has been run before, # which is a requirement. -- name: Assert that there is at least one file '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10 +- name: Assert that there is at least one symlink '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10 ansible.builtin.assert: that: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched > 0 - fail_msg: "FAIL: There is no file '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' file with NUM >= 10!" - success_msg: "PASS: Identified file '/opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}'." + fail_msg: "FAIL: There is no symlink '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10!" + success_msg: "FAIL: There is at least one symlink '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10!" ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" +- name: Set fact for the latest 'compat-sap-c++.NUM.so' symlink + ansible.builtin.set_fact: + __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest: >- + {{ __sap_netweaver_preconfigure_register_find_compat_sap_cpp.files + | map(attribute = 'path') + | sort | last | basename }} + when: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched > 0 + # Verify /opt/rh/SAP/lib64/libstdc++.so.6 - name: Get info about file '/opt/rh/SAP/lib64/libstdc++.so.6' ansible.builtin.stat: path: /opt/rh/SAP/lib64/libstdc++.so.6 register: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert + failed_when: false - name: Assert that file '/opt/rh/SAP/lib64/libstdc++.so.6' exists ansible.builtin.assert: @@ -69,6 +66,7 @@ ansible.builtin.stat: path: "{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6" register: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert + failed_when: false - name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' exists ansible.builtin.assert: From 2d3945c3810ac57c0ca4718d37325a161c6a5f37 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 20 Mar 2024 12:16:58 +0100 Subject: [PATCH 060/135] sap_netweaver_preconfigure: Small formatting change Relates to #685. Signed-off-by: Bernd Finger --- roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml index 3b7055ed2..37883f1cd 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/3119751.yml @@ -32,7 +32,7 @@ - name: Display the identified 'compat-sap-c++-NUM.so' symlink ansible.builtin.debug: - msg: "Symlink /opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }} is present." + msg: "Symlink '/opt/rh/SAP/lib64/{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}' is present." - name: Ensure there is a symlink in directory '/opt/rh/SAP/lib64' named 'libstdc++.so.6', pointing to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}' ansible.builtin.file: From c3fc9a9968afa1dfd321b3a92ebb6b436ca31520 Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Wed, 20 Mar 2024 13:24:57 +0100 Subject: [PATCH 061/135] fix(sap_hana_preconfigure): set to true backrefs back references are by default false, so the task previously done cannot work. for farther references: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_module.html#parameter-backrefs --- roles/sap_hana_preconfigure/handlers/main.yml | 11 ----------- .../tasks/SLES/configuration.yml | 3 ++- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/roles/sap_hana_preconfigure/handlers/main.yml b/roles/sap_hana_preconfigure/handlers/main.yml index 373a91b3b..ee7eb5c9d 100644 --- a/roles/sap_hana_preconfigure/handlers/main.yml +++ b/roles/sap_hana_preconfigure/handlers/main.yml @@ -97,14 +97,3 @@ when: - not sap_hana_preconfigure_fail_if_reboot_required | d(true) - not sap_hana_preconfigure_reboot_ok | d(false) - -- name: GRUB post-update configuration - ansible.builtin.shell: - cmd: grub2-mkconfig -o /boot/grub2/grub.cfg - listen: __sap_hana_preconfigure_grub_configuration_changed_handler - -- name: GRUB post-update permissions - ansible.builtin.file: - path: /boot/grub2/grub.cfg - mode: "0600" - listen: __sap_hana_preconfigure_grub_configuration_changed_handler diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index 390f9d7f4..e202a9eec 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -50,6 +50,7 @@ path: /etc/default/grub regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ item }}).*). *$' line: "\\1 {{ item }}\"" + backrefs: yes register: set_grub_entries with_items: - "splash=silent" @@ -69,8 +70,8 @@ # the configuration file no handler will be notify - name: Trigger grub update if necessary # noqa no-changed-when ansible.builtin.command: /bin/true + notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler when: set_grub_entries.results | selectattr('changed', 'equalto', true) | list | length > 0 - notify: __sap_hana_preconfigure_grub_configuration_changed_handler - name: Enable sapconf when: not __sap_hana_preconfigure_run_saptune From 4535893822042b7409ce78b5c814f618ab086ffd Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 20 Mar 2024 14:38:24 +0100 Subject: [PATCH 062/135] sap_netweaver_preconfigure: Simplify link validation in assert mode Relates to #685. Signed-off-by: Bernd Finger --- .../tasks/sapnote/assert-3119751.yml | 51 +++++-------------- 1 file changed, 13 insertions(+), 38 deletions(-) diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml index 89a569075..54391eba0 100644 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml +++ b/roles/sap_netweaver_preconfigure/tasks/sapnote/assert-3119751.yml @@ -21,7 +21,7 @@ ansible.builtin.assert: that: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched > 0 fail_msg: "FAIL: There is no symlink '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10!" - success_msg: "FAIL: There is at least one symlink '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10!" + success_msg: "PASS: There is at least one symlink '/opt/rh/SAP/lib64/compat-sap-c++-NUM.so' with NUM >= 10!" ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - name: Set fact for the latest 'compat-sap-c++.NUM.so' symlink @@ -32,61 +32,36 @@ | sort | last | basename }} when: __sap_netweaver_preconfigure_register_find_compat_sap_cpp.matched > 0 -# Verify /opt/rh/SAP/lib64/libstdc++.so.6 +# Verify /opt/rh/SAP/lib64/libstdc++.so.6: - name: Get info about file '/opt/rh/SAP/lib64/libstdc++.so.6' ansible.builtin.stat: path: /opt/rh/SAP/lib64/libstdc++.so.6 register: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert failed_when: false -- name: Assert that file '/opt/rh/SAP/lib64/libstdc++.so.6' exists - ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.exists - fail_msg: "FAIL: File '/opt/rh/SAP/lib64/libstdc++.so.6' does not exist!" - success_msg: "PASS: File '/opt/rh/SAP/lib64/libstdc++.so.6' exists." - ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - -- name: Assert that file '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink - ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.islnk - fail_msg: "FAIL: File '/opt/rh/SAP/lib64/libstdc++.so.6' is not a symlink!" - success_msg: "PASS: File '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink." - ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - when: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.exists - - name: Assert that file '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}' ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.lnk_target == __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest - fail_msg: "FAIL: File '/opt/rh/SAP/lib64/libstdc++.so.6' is not a symlink to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}!'" + that: + - __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.exists + - __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.islnk + - __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.lnk_target == __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest + fail_msg: "FAIL: File '/opt/rh/SAP/lib64/libstdc++.so.6' does not exist or is not a symlink to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}!'" success_msg: "PASS: File '/opt/rh/SAP/lib64/libstdc++.so.6' is a symlink to '{{ __sap_netweaver_preconfigure_fact_compat_sap_cpp_latest }}'." ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - when: __sap_netweaver_preconfigure_register_stat_opt_rh_libstdc_assert.stat.exists +# Verify libstdc++.so.6 in RPATH /usr/sap/lib: - name: Get info about file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' ansible.builtin.stat: path: "{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6" register: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert failed_when: false -- name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' exists - ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.exists - fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' does not exist!" - success_msg: "PASS: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' exists." - ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - -- name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a symlink - ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.islnk - fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is not a symlink!" - success_msg: "PASS: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a symlink." - ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - when: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.exists - - name: Assert that file '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a symlink to '/opt/rh/SAP/lib64/libstdc++.so.6' ansible.builtin.assert: - that: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.lnk_target == '/opt/rh/SAP/lib64/libstdc++.so.6' - fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is not a symlink to '/opt/rh/SAP/lib64/libstdc++.so.6'!" + that: + - __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.exists + - __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.islnk + - __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.lnk_target == '/opt/rh/SAP/lib64/libstdc++.so.6' + fail_msg: "FAIL: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' does not exist or is not a symlink to '/opt/rh/SAP/lib64/libstdc++.so.6'!" success_msg: "PASS: File '{{ sap_netweaver_preconfigure_rpath }}/libstdc++.so.6' is a symlink to '/opt/rh/SAP/lib64/libstdc++.so.6'." ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" - when: __sap_netweaver_preconfigure_register_stat_usr_sap_libstdc_assert.stat.exists From a8e024a19a8de316d5aac2443d7ba869f0d39fda Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Thu, 21 Mar 2024 09:27:00 +0100 Subject: [PATCH 063/135] fix(sap_hana_preconfigure/SLES): typo on backrefs --- roles/sap_hana_preconfigure/tasks/SLES/configuration.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index e202a9eec..d91792f22 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -50,7 +50,7 @@ path: /etc/default/grub regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ item }}).*). *$' line: "\\1 {{ item }}\"" - backrefs: yes + backrefs: true register: set_grub_entries with_items: - "splash=silent" From 6ff52d28edab875e1f6b3e99288c07e9ac9cad27 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 21 Mar 2024 15:50:49 +0100 Subject: [PATCH 064/135] sap_hana_install: fapolicyd - further improvements - Add all files with mime type pattern '/x-' - Support more than one directory which contains executable files - Use a separate fapolicyd trust file for each directory Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 32 ++++++++++--------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index b64a46592..a027a7f27 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -204,21 +204,23 @@ # - ' FQDN - {{ ansible_fqdn }}' when: not ansible_check_mode -# We want to add only the necessary files to the fapolicyd trust file, so we are only looking for files which have the execute -# mode bit set AND which are reported as executables by fapolicyd-cli -t -- name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_root_path' into the fapolicyd trust file +# We want to add files which have the execute mode bit set AND which are reported as executables +# by fapolicyd-cli -t, one for each directory of sap_hana_install_directories_with_executables. +# The fapolicy trust file name will be created from the directory names by replacing '/' by '_' and +# omitting the first '_'. +- name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_directories_with_executables' into an fapolicyd trust file ansible.builtin.shell: | set -o pipefail && - find {{ sap_hana_install_root_path }} -type f -executable -exec fapolicyd-cli -t {} \; -print | - awk '/\/x-executable/|| - /\/x-sharedlib/|| - /\/x-shellscript/|| - /\/x-python/{a=1; b=NR} + find {{ __sap_hana_install_item }} -type f -executable -exec fapolicyd-cli -t {} \; -print | + awk '/\/x-/{a=1; b=NR} { if(a==1 && b==(NR-1)){ - system("fapolicyd-cli --file add "$0" --trust-file {{ sap_hana_install_fapolicyd_trust_filename }}"); a=0; b=0 + system("fapolicyd-cli --file add "$0" --trust-file {{ __sap_hana_install_item | regex_replace('//*', '_') | regex_replace("^_", "") }}"); a=0; b=0 } }' + loop: "{{ sap_hana_install_directories_with_executables }}" + loop_control: + loop_var: __sap_hana_install_item changed_when: true when: - sap_hana_install_use_fapolicyd @@ -233,12 +235,12 @@ - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' -- name: SAP HANA Post Install, fapolicyd - Update the fapolicyd database - ansible.builtin.command: fapolicyd-cli --update - changed_when: true - when: - - sap_hana_install_use_fapolicyd - - '"fapolicyd" in ansible_facts.packages' +#- name: SAP HANA Post Install, fapolicyd - Update the fapolicyd database +# ansible.builtin.command: fapolicyd-cli --update +# changed_when: true +# when: +# - sap_hana_install_use_fapolicyd +# - '"fapolicyd" in ansible_facts.packages' - name: SAP HANA Post Install, fapolicyd - Restart fapolicyd ansible.builtin.service: From 1c0e3823eb6dcec1105c03147e6a16b6c9f2de2e Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 21 Mar 2024 15:53:25 +0100 Subject: [PATCH 065/135] sap_hana_install: fapolicyd - necessary changes to defaults/main.yml Signed-off-by: Bernd Finger --- roles/sap_hana_install/defaults/main.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index b53ec8763..a220cfbcf 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -29,11 +29,12 @@ sap_hana_install_copy_sarfiles: false # removed after extraction. sap_hana_install_keep_copied_sarfiles: false -# For supporting fapolicyd, set the following variable to `false`: +# For installing SAP HANA with fapolicyd support, set the following variable to `true`: sap_hana_install_use_fapolicyd: false -# When using fapolicyd, the file name in /etc/fapolicyd/trust.d/ must be set: -sap_hana_install_fapolicyd_trust_filename: 'hana' +# When using fapolicyd, modify the following variable to change or add the directories which contain SAP HANA executables: +sap_hana_install_directories_with_executables: + - {{ sap_hana_install_root_path }} # File name of SAPCAR*EXE in the software directory. If the variable is not set and there is more than one SAPCAR executable # in the software directory, the latest SAPCAR executable for the CPU architecture will be selected automatically. From 936f1ee5b9118e0ada66c88b9d0fad6b8ffe54c3 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 22 Mar 2024 11:02:47 +0100 Subject: [PATCH 066/135] sap_hana_install: fapolicyd - further improvements - add support for setting the fapolicyd integrity levels default: sha256 - use /hana/shared and /usr/sap for the directories to be scanned - rename parameter sap_hana_install_directories_with_executables to sap_hana_install_fapolicyd_trusted_directories - reduce line lengths in some cases Signed-off-by: Bernd Finger --- roles/sap_hana_install/defaults/main.yml | 10 ++++-- roles/sap_hana_install/tasks/post_install.yml | 33 ++++++++++++++----- 2 files changed, 33 insertions(+), 10 deletions(-) diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index a220cfbcf..4a9071196 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -32,9 +32,15 @@ sap_hana_install_keep_copied_sarfiles: false # For installing SAP HANA with fapolicyd support, set the following variable to `true`: sap_hana_install_use_fapolicyd: false +# When using fapolicyd, you can set the following variable to one of `none`, `size`, `sha256`, or `ima`. Note that before setting +# to `ima`, it is essential to prepare the system accordingly (e.g. boot with a different kernel parameter). See the +# RHEL 9 Managing, monitoring, and updating the kernel guide for more information on this topic. +sap_hana_install_fapolicyd_integrity: 'sha256' + # When using fapolicyd, modify the following variable to change or add the directories which contain SAP HANA executables: -sap_hana_install_directories_with_executables: - - {{ sap_hana_install_root_path }} +sap_hana_install_fapolicyd_trusted_directories: + - "{{ sap_hana_install_root_path }}/shared" + - /usr/sap # File name of SAPCAR*EXE in the software directory. If the variable is not set and there is more than one SAPCAR executable # in the software directory, the latest SAPCAR executable for the CPU architecture will be selected automatically. diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index a027a7f27..9dcbed606 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -205,27 +205,44 @@ when: not ansible_check_mode # We want to add files which have the execute mode bit set AND which are reported as executables -# by fapolicyd-cli -t, one for each directory of sap_hana_install_directories_with_executables. +# by fapolicyd-cli -t, one for each directory of sap_hana_install_fapolicyd_trusted_directories. # The fapolicy trust file name will be created from the directory names by replacing '/' by '_' and # omitting the first '_'. -- name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_directories_with_executables' into an fapolicyd trust file +- name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_fapolicyd_trusted_directories' into an fapolicyd trust file ansible.builtin.shell: | set -o pipefail && find {{ __sap_hana_install_item }} -type f -executable -exec fapolicyd-cli -t {} \; -print | awk '/\/x-/{a=1; b=NR} - { - if(a==1 && b==(NR-1)){ - system("fapolicyd-cli --file add "$0" --trust-file {{ __sap_hana_install_item | regex_replace('//*', '_') | regex_replace("^_", "") }}"); a=0; b=0 - } - }' - loop: "{{ sap_hana_install_directories_with_executables }}" + { + if(a==1 && b==(NR-1)){ + system("fapolicyd-cli --file add "$0" --trust-file \ + {{ __sap_hana_install_item | regex_replace('//*', '_') | regex_replace("^_", "") }}"); a=0; b=0 + } + }' + loop: "{{ sap_hana_install_fapolicyd_trusted_directories }}" loop_control: loop_var: __sap_hana_install_item + label: >- + "{{ __sap_hana_install_item }} -> + /etc/fapolicyd/trust.d/{{ __sap_hana_install_item | + regex_replace('//*', '_') | + regex_replace('^_', '')}}" changed_when: true when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' +- name: SAP HANA Post Install, fapolicyd - Ensure the desired integrity level + ansible.builtin.lineinfile: + path: /etc/fapolicyd/fapolicyd.conf + backup: yes + state: present + regexp: 'integrity' + line: "integrity = {{ sap_hana_install_fapolicyd_integrity }}" + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' + - name: SAP HANA Post Install, fapolicyd - Enable fapolicyd ansible.builtin.service: name: fapolicyd From adfc634f41e1d593a2756b6d77614023b6dd8e68 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 22 Mar 2024 11:11:51 +0100 Subject: [PATCH 067/135] sap_hana_install: fapolicyd - use /hana and /usr/sap ... for the paths to be searched for executables, so the paths are identical to those used to set the file contexts for SELinux Signed-off-by: Bernd Finger --- roles/sap_hana_install/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index 4a9071196..c88aa8520 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -39,7 +39,7 @@ sap_hana_install_fapolicyd_integrity: 'sha256' # When using fapolicyd, modify the following variable to change or add the directories which contain SAP HANA executables: sap_hana_install_fapolicyd_trusted_directories: - - "{{ sap_hana_install_root_path }}/shared" + - "{{ sap_hana_install_root_path }}" - /usr/sap # File name of SAPCAR*EXE in the software directory. If the variable is not set and there is more than one SAPCAR executable From b94e9ccfc85b336ae91df8d7df800144b2b7c3a9 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 22 Mar 2024 11:15:36 +0100 Subject: [PATCH 068/135] sap_hana_install: fapolicyd - modify task name Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index 9dcbed606..b9de48b91 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -208,7 +208,7 @@ # by fapolicyd-cli -t, one for each directory of sap_hana_install_fapolicyd_trusted_directories. # The fapolicy trust file name will be created from the directory names by replacing '/' by '_' and # omitting the first '_'. -- name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_fapolicyd_trusted_directories' into an fapolicyd trust file +- name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_fapolicyd_trusted_directories' into fapolicyd trust files ansible.builtin.shell: | set -o pipefail && find {{ __sap_hana_install_item }} -type f -executable -exec fapolicyd-cli -t {} \; -print | From 73cb99de6fe14cb25b38e78545f6d13ef2502a61 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 22 Mar 2024 15:54:39 +0100 Subject: [PATCH 069/135] sap_hana_install: fapolicyd - add marker to fapolicyd config file Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 44 +++++++++++++++++-- 1 file changed, 41 insertions(+), 3 deletions(-) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index b9de48b91..0ec77ac13 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -232,16 +232,54 @@ - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' -- name: SAP HANA Post Install, fapolicyd - Ensure the desired integrity level +- name: SAP HANA Post Install, fapolicyd - Identify marker in fapolicyd config file + ansible.builtin.find: + paths: /etc/fapolicyd + file_type: file + patterns: 'fapolicyd.conf$' + contains: '# integrity - BEGIN ANSIBLE MANAGED' + use_regex: true + register: sap_hana_install_fapolicyd_conf_ansbile_managed + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' + +- name: SAP HANA Post Install, fapolicyd - Ensure marker is present ansible.builtin.lineinfile: path: /etc/fapolicyd/fapolicyd.conf backup: yes state: present - regexp: 'integrity' - line: "integrity = {{ sap_hana_install_fapolicyd_integrity }}" + regexp: '^(integrity.\s*=\s*.*)' + line: '# integrity - BEGIN ANSIBLE MANAGED\n\1\n# integrity - END ANSIBLE MANAGED' + backrefs: true when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' + - sap_hana_install_fapolicyd_conf_ansbile_managed.matched == 0 + +- name: SAP HANA Post Install, fapolicyd - Ensure the desired integrity level + ansible.builtin.blockinfile: + path: /etc/fapolicyd/fapolicyd.conf + backup: yes + state: present + marker: "# integrity - {mark} ANSIBLE MANAGED" + block: | + integrity = {{ sap_hana_install_fapolicyd_integrity }} + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' + +## Version without markers: +#- name: SAP HANA Post Install, fapolicyd - Ensure the desired integrity level +# ansible.builtin.lineinfile: +# path: /etc/fapolicyd/fapolicyd.conf +# backup: yes +# state: present +# regexp: '^(integrity.\s*=\s*.*)' +# line: "integrity = {{ sap_hana_install_fapolicyd_integrity }}" +# when: +# - sap_hana_install_use_fapolicyd +# - '"fapolicyd" in ansible_facts.packages' - name: SAP HANA Post Install, fapolicyd - Enable fapolicyd ansible.builtin.service: From 8a508c217b81baff5cb509ad0670636d58df959e Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 22 Mar 2024 16:20:45 +0100 Subject: [PATCH 070/135] sap_hana_install: fapolicyd - simplify marker addition Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 46 ++++--------------- 1 file changed, 9 insertions(+), 37 deletions(-) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index 0ec77ac13..a0cfdb863 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -232,55 +232,27 @@ - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' -- name: SAP HANA Post Install, fapolicyd - Identify marker in fapolicyd config file - ansible.builtin.find: - paths: /etc/fapolicyd - file_type: file - patterns: 'fapolicyd.conf$' - contains: '# integrity - BEGIN ANSIBLE MANAGED' - use_regex: true - register: sap_hana_install_fapolicyd_conf_ansbile_managed - when: - - sap_hana_install_use_fapolicyd - - '"fapolicyd" in ansible_facts.packages' - -- name: SAP HANA Post Install, fapolicyd - Ensure marker is present +- name: SAP HANA Post Install, fapolicyd - Ensure marker for 'integrity' is present in fapolicyd config file ansible.builtin.lineinfile: path: /etc/fapolicyd/fapolicyd.conf - backup: yes - state: present - regexp: '^(integrity.\s*=\s*.*)' - line: '# integrity - BEGIN ANSIBLE MANAGED\n\1\n# integrity - END ANSIBLE MANAGED' - backrefs: true + regexp: '# "integrity" managed by Ansible' + insertbefore: '^integrity\s*=.*' + line: '# "integrity" managed by Ansible' when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' - - sap_hana_install_fapolicyd_conf_ansbile_managed.matched == 0 - name: SAP HANA Post Install, fapolicyd - Ensure the desired integrity level - ansible.builtin.blockinfile: + ansible.builtin.lineinfile: path: /etc/fapolicyd/fapolicyd.conf - backup: yes - state: present - marker: "# integrity - {mark} ANSIBLE MANAGED" - block: | - integrity = {{ sap_hana_install_fapolicyd_integrity }} + regexp: '^(integrity\s*=.*)' + insertafter: '# "integrity" managed by Ansible' + line: 'integrity = {{ sap_hana_install_fapolicyd_integrity }}' + backup: true when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' -## Version without markers: -#- name: SAP HANA Post Install, fapolicyd - Ensure the desired integrity level -# ansible.builtin.lineinfile: -# path: /etc/fapolicyd/fapolicyd.conf -# backup: yes -# state: present -# regexp: '^(integrity.\s*=\s*.*)' -# line: "integrity = {{ sap_hana_install_fapolicyd_integrity }}" -# when: -# - sap_hana_install_use_fapolicyd -# - '"fapolicyd" in ansible_facts.packages' - - name: SAP HANA Post Install, fapolicyd - Enable fapolicyd ansible.builtin.service: name: fapolicyd From adc3e9bca06db846805d32a37e1684c399e9b9a8 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 22 Mar 2024 16:37:55 +0100 Subject: [PATCH 071/135] sap_hana_install: fapolicyd - add --check-config ...after modifying the fapolicyd config file Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index a0cfdb863..e0ef1b5e0 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -249,6 +249,7 @@ insertafter: '# "integrity" managed by Ansible' line: 'integrity = {{ sap_hana_install_fapolicyd_integrity }}' backup: true + validate: fapolicyd-cli --check-config when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' From a0464c176708afc962653a98dadf5d2fab1ff05c Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 22 Mar 2024 18:22:08 +0100 Subject: [PATCH 072/135] sap_hana_install: fapolicyd - add config validation Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 51 ++++++++++++------- 1 file changed, 34 insertions(+), 17 deletions(-) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index e0ef1b5e0..877dcf4da 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -232,27 +232,44 @@ - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' -- name: SAP HANA Post Install, fapolicyd - Ensure marker for 'integrity' is present in fapolicyd config file - ansible.builtin.lineinfile: - path: /etc/fapolicyd/fapolicyd.conf - regexp: '# "integrity" managed by Ansible' - insertbefore: '^integrity\s*=.*' - line: '# "integrity" managed by Ansible' +- name: SAP HANA Post Install, fapolicyd - Update config for desired integrity level and backout if validation fails when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' + block: -- name: SAP HANA Post Install, fapolicyd - Ensure the desired integrity level - ansible.builtin.lineinfile: - path: /etc/fapolicyd/fapolicyd.conf - regexp: '^(integrity\s*=.*)' - insertafter: '# "integrity" managed by Ansible' - line: 'integrity = {{ sap_hana_install_fapolicyd_integrity }}' - backup: true - validate: fapolicyd-cli --check-config - when: - - sap_hana_install_use_fapolicyd - - '"fapolicyd" in ansible_facts.packages' + - name: SAP HANA Post Install, fapolicyd - Ensure marker for 'integrity' is present in fapolicyd config file + ansible.builtin.lineinfile: + path: /etc/fapolicyd/fapolicyd.conf + regexp: '# "integrity" managed by Ansible' + insertbefore: '^integrity\s*=.*' + line: '# "integrity" managed by Ansible' + + - name: SAP HANA Post Install, fapolicyd - Ensure the desired integrity level + ansible.builtin.lineinfile: + path: /etc/fapolicyd/fapolicyd.conf + regexp: '^(integrity\s*=.*)' + insertafter: '# "integrity" managed by Ansible' + line: 'integrity = {{ sap_hana_install_fapolicyd_integrity }}' + backup: true + register: __sap_hana_install_fapolicyd_conf_updated + + - name: SAP HANA Post Install, fapolicyd - Validate the new version of the fapolicyd config file + ansible.builtin.command: fapolicyd-cli --check-config + + rescue: + + - name: SAP HANA Post Install, fapolicyd - Restore fapolicyd config file from backup if validation fails + ansible.builtin.copy: + remote_src: true + dest: /etc/fapolicyd/fapolicyd.conf + src: "{{ __sap_hana_install_fapolicyd_conf_updated['backup'] }}" + + - name: SAP HANA Post Install, fapolicyd - Notify about failed validation + ansible.builtin.fail: + msg: >- + "The update of the fapolicyd config file failed, likely because an unsupported value has been used for + the parameter 'sap_hana_install_fapolicyd_integrity'. The previous version has been successfully restored." - name: SAP HANA Post Install, fapolicyd - Enable fapolicyd ansible.builtin.service: From 10ecc6f4bc08a20c4b24440e55c8a2088cb82752 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Sat, 23 Mar 2024 10:15:56 +0100 Subject: [PATCH 073/135] sap_hana_install: fapolicyd - validate argument for fapolicyd integrity Signed-off-by: Bernd Finger --- roles/sap_hana_install/meta/argument_specs.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/roles/sap_hana_install/meta/argument_specs.yml b/roles/sap_hana_install/meta/argument_specs.yml index 6fbc34bed..563a282af 100644 --- a/roles/sap_hana_install/meta/argument_specs.yml +++ b/roles/sap_hana_install/meta/argument_specs.yml @@ -3,11 +3,25 @@ argument_specs: main: short_description: SAP HANA Installation options: # List of variables + sap_hana_install_sid: description: HANA SID type: str # str, list, dict, bool, int, float, path, raw, jsonarg, json, bytes, bits required: false + sap_hana_install_number: description: HANA Instance Number type: str # str, list, dict, bool, int, float, path, raw, jsonarg, json, bytes, bits required: false + + sap_hana_install_fapolicyd_integrity: + default: 'sha256' + description: + - fapolicyd integrity check option + choices: + - 'none' + - 'size' + - 'sha256' + - 'ima' + required: false + type: str From 109799c11c8fda4f2d7ad958e202b33f0e49f57a Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 25 Mar 2024 23:32:19 +0100 Subject: [PATCH 074/135] sap_hana_install: fapolicyd - also protect shellscripts Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 8 ++++++++ roles/sap_hana_install/templates/fapolicyd-rules.j2 | 6 ++++++ 2 files changed, 14 insertions(+) create mode 100644 roles/sap_hana_install/templates/fapolicyd-rules.j2 diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index 877dcf4da..3667479d9 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -204,6 +204,14 @@ # - ' FQDN - {{ ansible_fqdn }}' when: not ansible_check_mode +- name: SAP HANA Post Install, fapolicyd - Process template for adding custom rules + template: + src: fapolicyd-rules.j2 + dest: /etc/fapolicyd/rules.d/71-sap-shellscripts + owner: root + group: fapolicyd + mode: '0644' + # We want to add files which have the execute mode bit set AND which are reported as executables # by fapolicyd-cli -t, one for each directory of sap_hana_install_fapolicyd_trusted_directories. # The fapolicy trust file name will be created from the directory names by replacing '/' by '_' and diff --git a/roles/sap_hana_install/templates/fapolicyd-rules.j2 b/roles/sap_hana_install/templates/fapolicyd-rules.j2 new file mode 100644 index 000000000..7008a5a8c --- /dev/null +++ b/roles/sap_hana_install/templates/fapolicyd-rules.j2 @@ -0,0 +1,6 @@ +# Allow no shell script execution and sourcing under SAP HANA directories + +{% for __sap_hana_install_fapolicyd_trusted_directory in sap_hana_install_fapolicyd_trusted_directories %} +deny_audit perm=any all : ftype=text/x-shellscript dir={{ __sap_hana_install_fapolicyd_trusted_directory }}/ trust=0 +{% endfor %} + From b996b8810578db8d81cbf7b0ed0265732049ffb7 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 25 Mar 2024 23:43:04 +0100 Subject: [PATCH 075/135] sap_hana_install: fapolicyd - modify comment for rules file Signed-off-by: Bernd Finger --- roles/sap_hana_install/templates/fapolicyd-rules.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_hana_install/templates/fapolicyd-rules.j2 b/roles/sap_hana_install/templates/fapolicyd-rules.j2 index 7008a5a8c..da182b560 100644 --- a/roles/sap_hana_install/templates/fapolicyd-rules.j2 +++ b/roles/sap_hana_install/templates/fapolicyd-rules.j2 @@ -1,4 +1,4 @@ -# Allow no shell script execution and sourcing under SAP HANA directories +# Deny shell script execution and sourcing under SAP HANA directories {% for __sap_hana_install_fapolicyd_trusted_directory in sap_hana_install_fapolicyd_trusted_directories %} deny_audit perm=any all : ftype=text/x-shellscript dir={{ __sap_hana_install_fapolicyd_trusted_directory }}/ trust=0 From 7891bbfa95e8050979cce1795837fd2626a47f5b Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 25 Mar 2024 23:50:31 +0100 Subject: [PATCH 076/135] sap_hana_install: fapolicyd - add Ansible marker to rules file Signed-off-by: Bernd Finger --- roles/sap_hana_install/templates/fapolicyd-rules.j2 | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/sap_hana_install/templates/fapolicyd-rules.j2 b/roles/sap_hana_install/templates/fapolicyd-rules.j2 index da182b560..85a34a943 100644 --- a/roles/sap_hana_install/templates/fapolicyd-rules.j2 +++ b/roles/sap_hana_install/templates/fapolicyd-rules.j2 @@ -1,4 +1,5 @@ # Deny shell script execution and sourcing under SAP HANA directories +# File managed by Ansible {% for __sap_hana_install_fapolicyd_trusted_directory in sap_hana_install_fapolicyd_trusted_directories %} deny_audit perm=any all : ftype=text/x-shellscript dir={{ __sap_hana_install_fapolicyd_trusted_directory }}/ trust=0 From 05445d848b8e2e0f10a47e50c65d85ce11edc990 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Tue, 26 Mar 2024 00:08:10 +0100 Subject: [PATCH 077/135] sap_hana_install: fapolicyd - add condition for processing template Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index 3667479d9..b4de1028f 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -211,6 +211,9 @@ owner: root group: fapolicyd mode: '0644' + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' # We want to add files which have the execute mode bit set AND which are reported as executables # by fapolicyd-cli -t, one for each directory of sap_hana_install_fapolicyd_trusted_directories. From 7337d3f3e8315ec0762d6197f9255b96c21d4275 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Tue, 26 Mar 2024 11:29:02 +0100 Subject: [PATCH 078/135] sap_hana_install: fapolicyd - add tag sap_hana_install_use_fapolicyd Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 10 ++++++++++ roles/sap_hana_install/tasks/pre_install.yml | 3 +++ 2 files changed, 13 insertions(+) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index b4de1028f..e14f1614e 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -214,6 +214,7 @@ when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' + tags: sap_hana_install_use_fapolicyd # We want to add files which have the execute mode bit set AND which are reported as executables # by fapolicyd-cli -t, one for each directory of sap_hana_install_fapolicyd_trusted_directories. @@ -242,6 +243,7 @@ when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' + tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Update config for desired integrity level and backout if validation fails when: @@ -255,6 +257,7 @@ regexp: '# "integrity" managed by Ansible' insertbefore: '^integrity\s*=.*' line: '# "integrity" managed by Ansible' + tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Ensure the desired integrity level ansible.builtin.lineinfile: @@ -264,9 +267,11 @@ line: 'integrity = {{ sap_hana_install_fapolicyd_integrity }}' backup: true register: __sap_hana_install_fapolicyd_conf_updated + tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Validate the new version of the fapolicyd config file ansible.builtin.command: fapolicyd-cli --check-config + tags: sap_hana_install_use_fapolicyd rescue: @@ -275,12 +280,14 @@ remote_src: true dest: /etc/fapolicyd/fapolicyd.conf src: "{{ __sap_hana_install_fapolicyd_conf_updated['backup'] }}" + tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Notify about failed validation ansible.builtin.fail: msg: >- "The update of the fapolicyd config file failed, likely because an unsupported value has been used for the parameter 'sap_hana_install_fapolicyd_integrity'. The previous version has been successfully restored." + tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Enable fapolicyd ansible.builtin.service: @@ -290,6 +297,7 @@ when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' + tags: sap_hana_install_use_fapolicyd #- name: SAP HANA Post Install, fapolicyd - Update the fapolicyd database # ansible.builtin.command: fapolicyd-cli --update @@ -297,6 +305,7 @@ # when: # - sap_hana_install_use_fapolicyd # - '"fapolicyd" in ansible_facts.packages' +# tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Restart fapolicyd ansible.builtin.service: @@ -306,3 +315,4 @@ when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' + tags: sap_hana_install_use_fapolicyd diff --git a/roles/sap_hana_install/tasks/pre_install.yml b/roles/sap_hana_install/tasks/pre_install.yml index a76069a68..cd69f6ff4 100644 --- a/roles/sap_hana_install/tasks/pre_install.yml +++ b/roles/sap_hana_install/tasks/pre_install.yml @@ -23,6 +23,7 @@ name: fapolicyd state: present when: sap_hana_install_use_fapolicyd + tags: sap_hana_install_use_fapolicyd ################ # We must ensure fapolicyd is disabled before installing SAP HANA in all cases @@ -31,6 +32,7 @@ - name: SAP HANA Pre Install - Gather package facts ansible.builtin.package_facts: + tags: sap_hana_install_use_fapolicyd - name: SAP HANA Pre Install - Disable fapolicyd ansible.builtin.service: @@ -39,6 +41,7 @@ state: stopped when: - '"fapolicyd" in ansible_facts.packages' + tags: sap_hana_install_use_fapolicyd ################ # Prepare software path From cd3ab787992767cd9db2cfeb09dfd38d56394980 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 27 Mar 2024 15:08:13 +0100 Subject: [PATCH 079/135] sap_hana_install: fapolicyd - reorder modificaitons Signed-off-by: Bernd Finger --- roles/sap_hana_install/defaults/main.yml | 7 +- roles/sap_hana_install/tasks/post_install.yml | 94 +++++++++---------- 2 files changed, 49 insertions(+), 52 deletions(-) diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index c88aa8520..c3641cd0e 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -37,10 +37,15 @@ sap_hana_install_use_fapolicyd: false # RHEL 9 Managing, monitoring, and updating the kernel guide for more information on this topic. sap_hana_install_fapolicyd_integrity: 'sha256' +# When using fapolicyd, the following variable is used to define the fapolicyd rule file in which the rules for +# protecting shell scripts are stored. The rule file will be created in the directory '/etc/fapolicyd/rules.d'. +# Note: The mandatory file ending '.rules' will be added in the corresponding task of this role. +sap_hana_install_fapolicyd_rule_file: '71-sap-shellscripts' + # When using fapolicyd, modify the following variable to change or add the directories which contain SAP HANA executables: sap_hana_install_fapolicyd_trusted_directories: - "{{ sap_hana_install_root_path }}" - - /usr/sap + - '/usr/sap' # File name of SAPCAR*EXE in the software directory. If the variable is not set and there is more than one SAPCAR executable # in the software directory, the latest SAPCAR executable for the CPU architecture will be selected automatically. diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index e14f1614e..089d2a03e 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -204,54 +204,13 @@ # - ' FQDN - {{ ansible_fqdn }}' when: not ansible_check_mode -- name: SAP HANA Post Install, fapolicyd - Process template for adding custom rules - template: - src: fapolicyd-rules.j2 - dest: /etc/fapolicyd/rules.d/71-sap-shellscripts - owner: root - group: fapolicyd - mode: '0644' - when: - - sap_hana_install_use_fapolicyd - - '"fapolicyd" in ansible_facts.packages' - tags: sap_hana_install_use_fapolicyd - -# We want to add files which have the execute mode bit set AND which are reported as executables -# by fapolicyd-cli -t, one for each directory of sap_hana_install_fapolicyd_trusted_directories. -# The fapolicy trust file name will be created from the directory names by replacing '/' by '_' and -# omitting the first '_'. -- name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_fapolicyd_trusted_directories' into fapolicyd trust files - ansible.builtin.shell: | - set -o pipefail && - find {{ __sap_hana_install_item }} -type f -executable -exec fapolicyd-cli -t {} \; -print | - awk '/\/x-/{a=1; b=NR} - { - if(a==1 && b==(NR-1)){ - system("fapolicyd-cli --file add "$0" --trust-file \ - {{ __sap_hana_install_item | regex_replace('//*', '_') | regex_replace("^_", "") }}"); a=0; b=0 - } - }' - loop: "{{ sap_hana_install_fapolicyd_trusted_directories }}" - loop_control: - loop_var: __sap_hana_install_item - label: >- - "{{ __sap_hana_install_item }} -> - /etc/fapolicyd/trust.d/{{ __sap_hana_install_item | - regex_replace('//*', '_') | - regex_replace('^_', '')}}" - changed_when: true - when: - - sap_hana_install_use_fapolicyd - - '"fapolicyd" in ansible_facts.packages' - tags: sap_hana_install_use_fapolicyd - - name: SAP HANA Post Install, fapolicyd - Update config for desired integrity level and backout if validation fails when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' block: - - name: SAP HANA Post Install, fapolicyd - Ensure marker for 'integrity' is present in fapolicyd config file + - name: SAP HANA Post Install, fapolicyd - Ensure Ansible marker for 'integrity' is present in fapolicyd config file ansible.builtin.lineinfile: path: /etc/fapolicyd/fapolicyd.conf regexp: '# "integrity" managed by Ansible' @@ -259,7 +218,7 @@ line: '# "integrity" managed by Ansible' tags: sap_hana_install_use_fapolicyd - - name: SAP HANA Post Install, fapolicyd - Ensure the desired integrity level + - name: SAP HANA Post Install, fapolicyd - Ensure integrity level '{{ sap_hana_install_fapolicyd_integrity }}' is configured" ansible.builtin.lineinfile: path: /etc/fapolicyd/fapolicyd.conf regexp: '^(integrity\s*=.*)' @@ -289,6 +248,47 @@ the parameter 'sap_hana_install_fapolicyd_integrity'. The previous version has been successfully restored." tags: sap_hana_install_use_fapolicyd +- name: SAP HANA Post Install, fapolicyd - Process template for creating rule file "{{ sap_hana_install_fapolicyd_rule_file }}" + template: + src: fapolicyd-rules.j2 + dest: "/etc/fapolicyd/rules.d/{{ sap_hana_install_fapolicyd_rule_file }}.rules" + owner: root + group: fapolicyd + mode: '0644' + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' + tags: sap_hana_install_use_fapolicyd + +# We want to add files which have the execute mode bit set AND which are reported as executables +# by fapolicyd-cli -t, one for each directory of sap_hana_install_fapolicyd_trusted_directories. +# The fapolicy trust file name will be created from the directory names by replacing '/' by '_' and +# omitting the first '_'. +- name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_fapolicyd_trusted_directories' into fapolicyd trust files + ansible.builtin.shell: | + set -o pipefail && + find {{ __sap_hana_install_item }} -type f -executable -exec fapolicyd-cli -t {} \; -print | + awk '/\/x-/{a=1; b=NR} + { + if(a==1 && b==(NR-1)){ + system("fapolicyd-cli --file add "$0" --trust-file \ + {{ __sap_hana_install_item | regex_replace('//*', '_') | regex_replace("^_", "") }}"); a=0; b=0 + } + }' + loop: "{{ sap_hana_install_fapolicyd_trusted_directories }}" + loop_control: + loop_var: __sap_hana_install_item + label: >- + "{{ __sap_hana_install_item }} -> + /etc/fapolicyd/trust.d/{{ __sap_hana_install_item | + regex_replace('//*', '_') | + regex_replace('^_', '')}}" + changed_when: true + when: + - sap_hana_install_use_fapolicyd + - '"fapolicyd" in ansible_facts.packages' + tags: sap_hana_install_use_fapolicyd + - name: SAP HANA Post Install, fapolicyd - Enable fapolicyd ansible.builtin.service: name: fapolicyd @@ -299,14 +299,6 @@ - '"fapolicyd" in ansible_facts.packages' tags: sap_hana_install_use_fapolicyd -#- name: SAP HANA Post Install, fapolicyd - Update the fapolicyd database -# ansible.builtin.command: fapolicyd-cli --update -# changed_when: true -# when: -# - sap_hana_install_use_fapolicyd -# - '"fapolicyd" in ansible_facts.packages' -# tags: sap_hana_install_use_fapolicyd - - name: SAP HANA Post Install, fapolicyd - Restart fapolicyd ansible.builtin.service: name: fapolicyd From 8ed8244603ca4303b0a04d5e5e46d0a220aaca79 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 27 Mar 2024 17:31:26 +0100 Subject: [PATCH 080/135] sap_hana_install: fapolicyd - implement just one rule ... for multiple directories Signed-off-by: Bernd Finger --- roles/sap_hana_install/templates/fapolicyd-rules.j2 | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/roles/sap_hana_install/templates/fapolicyd-rules.j2 b/roles/sap_hana_install/templates/fapolicyd-rules.j2 index 85a34a943..20f79847f 100644 --- a/roles/sap_hana_install/templates/fapolicyd-rules.j2 +++ b/roles/sap_hana_install/templates/fapolicyd-rules.j2 @@ -1,7 +1,9 @@ # Deny shell script execution and sourcing under SAP HANA directories # File managed by Ansible -{% for __sap_hana_install_fapolicyd_trusted_directory in sap_hana_install_fapolicyd_trusted_directories %} -deny_audit perm=any all : ftype=text/x-shellscript dir={{ __sap_hana_install_fapolicyd_trusted_directory }}/ trust=0 -{% endfor %} +deny_audit perm=any all : ftype=text/x-shellscript dir= +{%- for __sap_hana_install_fapolicyd_trusted_directory in sap_hana_install_fapolicyd_trusted_directories -%} +{{ __sap_hana_install_fapolicyd_trusted_directory }}/{{ "" if loop.last else "," }} +{%- endfor %} + trust=0 From 3f9fc3a17c732091d13929724177b1b08eafc611 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 27 Mar 2024 18:26:41 +0100 Subject: [PATCH 081/135] sap_hana_install: fapolicyd - ansible-lint cleanup ... and some further tweaking Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index 089d2a03e..a6741afa4 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -230,6 +230,7 @@ - name: SAP HANA Post Install, fapolicyd - Validate the new version of the fapolicyd config file ansible.builtin.command: fapolicyd-cli --check-config + changed_when: false tags: sap_hana_install_use_fapolicyd rescue: @@ -239,6 +240,9 @@ remote_src: true dest: /etc/fapolicyd/fapolicyd.conf src: "{{ __sap_hana_install_fapolicyd_conf_updated['backup'] }}" + owner: root + group: fapolicyd + mode: '0644' tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Notify about failed validation @@ -248,8 +252,8 @@ the parameter 'sap_hana_install_fapolicyd_integrity'. The previous version has been successfully restored." tags: sap_hana_install_use_fapolicyd -- name: SAP HANA Post Install, fapolicyd - Process template for creating rule file "{{ sap_hana_install_fapolicyd_rule_file }}" - template: +- name: SAP HANA Post Install, fapolicyd - Process template for creating rule file '{{ sap_hana_install_fapolicyd_rule_file }}' + ansible.builtin.template: src: fapolicyd-rules.j2 dest: "/etc/fapolicyd/rules.d/{{ sap_hana_install_fapolicyd_rule_file }}.rules" owner: root @@ -260,6 +264,15 @@ - '"fapolicyd" in ansible_facts.packages' tags: sap_hana_install_use_fapolicyd +# Reason for noqa: The return code of the command is always 0 no matter if there was a change or not +- name: SAP HANA Post Install, fapolicyd - Merge rule files # noqa no-changed-when + ansible.builtin.command: fagenrules --load + register: sap_hana_install_register_fagenrules_load + +- name: SAP HANA hdblcm installation check - Display the output of the command 'fagenrules --load' + ansible.builtin.debug: + msg: "{{ sap_hana_install_register_fagenrules_load.stdout_lines }}" + # We want to add files which have the execute mode bit set AND which are reported as executables # by fapolicyd-cli -t, one for each directory of sap_hana_install_fapolicyd_trusted_directories. # The fapolicy trust file name will be created from the directory names by replacing '/' by '_' and @@ -282,7 +295,7 @@ "{{ __sap_hana_install_item }} -> /etc/fapolicyd/trust.d/{{ __sap_hana_install_item | regex_replace('//*', '_') | - regex_replace('^_', '')}}" + regex_replace('^_', '') }}" changed_when: true when: - sap_hana_install_use_fapolicyd From 2b935afa39bb1c1b90518143e9b5ddab1e1e41ef Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Fri, 5 Apr 2024 12:30:53 +0000 Subject: [PATCH 082/135] feat: SAP certified HANA cluster, Angi, fixes --- roles/sap_ha_pacemaker_cluster/README.md | 158 +++++++++++-- .../defaults/main.yml | 66 ++++-- .../meta/argument_specs.yml | 125 +++++++++-- .../tasks/RedHat/post_steps_hana_scaleup.yml | 35 +++ .../tasks/RedHat/pre_steps_hana.yml | 6 + .../tasks/Suse/post_steps_hana_scaleup.yml | 32 +++ .../tasks/Suse/pre_steps_hana.yml | 37 ++++ .../tasks/configure_srhook.yml | 109 ++++++--- .../tasks/construct_final_hacluster_vars.yml | 10 + .../tasks/construct_vars_hana_common.yml | 182 ++++----------- .../tasks/construct_vars_hana_scaleup.yml | 194 +++++++++++++++- .../construct_vars_hana_scaleup_angi.yml | 207 ++++++++++++++++++ .../construct_vars_nwas_abap_ascs_ers.yml | 4 +- .../tasks/construct_vars_nwas_common.yml | 55 ++++- .../tasks/construct_vars_stonith.yml | 10 + .../construct_vars_vip_constraints_hana.yml | 23 +- .../tasks/include_vars_hana.yml | 27 ++- roles/sap_ha_pacemaker_cluster/tasks/main.yml | 68 +++--- ...ct_vars_vip_resources_cloud_aws_ec2_vs.yml | 7 +- ...uct_vars_vip_resources_cloud_gcp_ce_vm.yml | 2 +- ...s_vip_resources_cloud_ibmcloud_powervs.yml | 2 +- ...uct_vars_vip_resources_hyp_ibmpower_vm.yml | 2 +- .../templates/cluster_create_config.j2 | 8 + .../templates/sudofile_20-saphana.j2 | 13 ++ .../vars/hana_scaleout_common.yml | 10 - .../vars/hana_scaleout_perf.yml | 15 ++ .../vars/hana_scaleup_common.yml | 10 - .../vars/hana_scaleup_perf.yml | 39 ++++ roles/sap_ha_pacemaker_cluster/vars/main.yml | 4 + .../vars/nwas_common.yml | 13 +- .../vars/platform_cloud_aws_ec2_vs.yml | 9 +- .../sap_ha_pacemaker_cluster/vars/redhat.yml | 37 +++- roles/sap_ha_pacemaker_cluster/vars/suse.yml | 87 ++++++-- roles/sap_hana_preconfigure/defaults/main.yml | 3 +- .../tasks/SLES/assert-configuration.yml | 13 +- .../tasks/SLES/assert-installation.yml | 13 +- .../tasks/SLES/installation.yml | 31 ++- 37 files changed, 1297 insertions(+), 369 deletions(-) create mode 100644 roles/sap_ha_pacemaker_cluster/tasks/RedHat/post_steps_hana_scaleup.yml create mode 100644 roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_hana.yml create mode 100644 roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_hana_scaleup.yml create mode 100644 roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml create mode 100644 roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup_angi.yml delete mode 100644 roles/sap_ha_pacemaker_cluster/vars/hana_scaleout_common.yml create mode 100644 roles/sap_ha_pacemaker_cluster/vars/hana_scaleout_perf.yml delete mode 100644 roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_common.yml create mode 100644 roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_perf.yml diff --git a/roles/sap_ha_pacemaker_cluster/README.md b/roles/sap_ha_pacemaker_cluster/README.md index 30f194cf1..31e27619c 100644 --- a/roles/sap_ha_pacemaker_cluster/README.md +++ b/roles/sap_ha_pacemaker_cluster/README.md @@ -57,11 +57,15 @@ _All of the following functionality is provided as **Technology Preview**._ The Ansible Role requires the SAP HANA Database Server or SAP NetWeaver Application Server software installation to already exist on the target host/s. -The target host must have: -- OS version and license - RHEL4SAP (HA and US) 8.4+ -- OS package repositories enabled - SAP and High Availability +The target host must be either: +- Red Hat + - OS version: Registered RHEL4SAP (HA and US) 8.4+ + - OS package repositories enabled: SAP and High Availability +- SUSE + - OS version: Registered SLES4SAP 15+ + - OS package repositories enabled: HA Extension is part of registered SLES4SAP + -> _N.B. At this time SLES4SAP functionality is not available, until `crmsh` commands are provided in dependency Ansible Role [`ha_cluster`](https://github.com/linux-system-roles/ha_cluster)_ The Ansible Control System (where Ansible is executed from) must have: - Ansible Core 2.9+ @@ -321,7 +325,7 @@ Define if a former primary should be re-registered automatically as secondary. Time difference needed between to primary time stamps, if a dual-primary situation occurs.
@@ -348,17 +352,39 @@ When set to "true" (default) a failover to secondary will be initiated on resour ### sap_ha_pacemaker_cluster_hana_resource_clone_name - _Type:_ `string` -- _Default:_ `SAPHana__-clone` +- _Default:_ `cln_SAPHana__HDB` Customize the cluster resource name of the SAP HANA DB resource clone.
+### sap_ha_pacemaker_cluster_hana_resource_clone_msl_name + +- _Type:_ `string` +- _Default:_ `msl_SAPHana__HDB` + +Customize the cluster resource name of the SAP HANA DB resource master slave clone.
+Master Slave clone is specific to SAPHana resource on SUSE.
+ ### sap_ha_pacemaker_cluster_hana_resource_name - _Type:_ `string` -- _Default:_ `SAPHana__` +- _Default:_ `rsc_SAPHana__HDB` Customize the cluster resource name of the SAP HANA DB resource.
+### sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name + +- _Type:_ `string` +- _Default:_ `cln_SAPHanaCon__HDB` + +Customize the cluster resource name of the SAP HANA DB Controller clone.
+ +### sap_ha_pacemaker_cluster_hanacontroller_resource_name + +- _Type:_ `string` +- _Default:_ `rsc_SAPHanaCon__HDB` + +Customize the cluster resource name of the SAP HANA Controller.
+ ### sap_ha_pacemaker_cluster_hana_sid - _Type:_ `string` @@ -371,17 +397,86 @@ Mandatory for SAP HANA cluster setups.
### sap_ha_pacemaker_cluster_hana_topology_resource_clone_name - _Type:_ `string` -- _Default:_ `SAPHanaTopology__-clone` +- _Default:_ `cln_SAPHanaTop__HDB` Customize the cluster resource name of the SAP HANA Topology resource clone.
### sap_ha_pacemaker_cluster_hana_topology_resource_name - _Type:_ `string` -- _Default:_ `SAPHanaTopology__` +- _Default:_ `rsc_SAPHanaTop__HDB` Customize the cluster resource name of the SAP HANA Topology resource.
+### sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name + +- _Type:_ `string` +- _Default:_ `cln_SAPHanaFil__HDB` + +Customize the cluster resource name of the SAP HANA Filesystem clone.
+ +### sap_ha_pacemaker_cluster_hana_filesystem_resource_name + +- _Type:_ `string` +- _Default:_ `rsc_SAPHanaFil__HDB` + +Customize the cluster resource name of the SAP HANA Filesystem.
+ +### sap_ha_pacemaker_cluster_hana_hooks + +- _Type:_ `list` + +Customize required list of SAP HANA Hooks.
+Mandatory to include SAPHanaSR srHook in list.
+Mandatory attributes are provider and path.
+Example below shows mandatory SAPHanaSR, TkOver and ChkSrv hooks.
+ +Example: + +```yaml +sap_ha_pacemaker_cluster_hana_hooks: + - provider: SAPHanaSR + path: /usr/share/SAPHanaSR/ + options: + - name: execution_order + value: 1 + - provider: susTkOver + path: /usr/share/SAPHanaSR/ + options: + - name: execution_order + value: 2 + - provider: susChkSrv + path: /usr/share/SAPHanaSR/ + options: + - name: execution_order + value: 3 + - name: action_on_lost + value: stop +``` + +### sap_ha_pacemaker_cluster_hana_hook_tkover + +- _Type:_ `bool` +- _Default:_ `false` + +Controls if TkOver srHook is enabled during srHook creation.
+It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined.
+ +### sap_ha_pacemaker_cluster_hana_hook_chksrv + +- _Type:_ `bool` +- _Default:_ `false` + +Controls if ChkSrv srHook is enabled during srHook creation.
+It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined.
+ +### sap_ha_pacemaker_cluster_hana_global_ini_path + +- _Type:_ `string` +- _Default:_ `/usr/sap//SYS/global/hdb/custom/config/global.ini` + +Path with location of global.ini for srHook update.
+ ### sap_ha_pacemaker_cluster_host_type - _Type:_ `list` @@ -458,7 +553,7 @@ Set this parameter to 'true' to configure it as ENSA1.
### sap_ha_pacemaker_cluster_nwas_abap_ascs_filesystem_resource_name - _Type:_ `string` -- _Default:_ `Filesystem_NWAS_ABAP_ASCS__` +- _Default:_ `rsc_fs__ASCS` Name of the filesystem resource for the ASCS instance.
@@ -509,7 +604,7 @@ Mandatory for the NetWeaver ASCS/ERS cluster setup
### sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name - _Type:_ `string` -- _Default:_ `SAPInstance_NWAS_ABAP_ASCS__` +- _Default:_ `rsc_SAPInstance__ASCS` Name of the ASCS instance resource.
@@ -530,7 +625,7 @@ Mandatory for the NetWeaver ASCS/ERS cluster setup.
### sap_ha_pacemaker_cluster_nwas_abap_ers_filesystem_resource_name - _Type:_ `string` -- _Default:_ `Filesystem_NWAS_ABAP_ERS__` +- _Default:_ `rsc_fs__ERS` Name of the filesystem resource for the ERS instance.
@@ -558,7 +653,7 @@ Mandatory for the NetWeaver ASCS/ERS cluster setup.
### sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name - _Type:_ `string` -- _Default:_ `SAPInstance_NWAS_ABAP_ERS__` +- _Default:_ `rsc_SAPInstance__ERS` Name of the ERS instance resource.
@@ -588,7 +683,7 @@ Mandatory for NetWeaver cluster setups.
### sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name - _Type:_ `string` -- _Default:_ `Filesystem_NWAS_SAPMNT_` +- _Default:_ `rsc_fs__sapmnt` Filesystem resource name for the shared filesystem /sapmnt.
Optional, this is typically managed by the OS, but can as well be added to the cluster configuration.
@@ -604,7 +699,7 @@ Change this parameter to 'true' if the 3 shared filesystems `/usr/sap/trans`, `/ ### sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name - _Type:_ `string` -- _Default:_ `Filesystem_NWAS_SYS_` +- _Default:_ `rsc_fs__sys` Filesystem resource name for the transports filesystem /usr/sap//SYS.
Optional, this is typically managed by the OS, but can as well be added to the cluster configuration.
@@ -613,7 +708,7 @@ Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesyste ### sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name - _Type:_ `string` -- _Default:_ `Filesystem_NWAS_TRANS_` +- _Default:_ `rsc_fs__trans` Filesystem resource name for the transports filesystem /usr/sap/trans.
Optional, this is typically managed by the OS, but can as well be added to the cluster configuration.
@@ -634,6 +729,21 @@ sap_ha_pacemaker_cluster_resource_defaults: resource-stickiness: 1000 ``` +### sap_ha_pacemaker_cluster_operation_defaults + +- _Type:_ `dict` +- _Default:_ `{'timeout': 600, 'record-pending': true}` + +Set default operation parameters that will be valid for all pacemaker resources.
+ +Example: + +```yaml +sap_ha_pacemaker_cluster_operation_defaults: + timeout: 600 + record-pending: true +``` + ### sap_ha_pacemaker_cluster_stonith_custom - _Type:_ `list` @@ -740,7 +850,7 @@ Mandatory parameter for HANA clusters.
### sap_ha_pacemaker_cluster_vip_hana_primary_resource_name - _Type:_ `string` -- _Default:_ `vip_` +- _Default:_ `rsc_vip__HDB_primary` Customize the name of the resource managing the Virtual IP of the primary HANA instance.
@@ -761,7 +871,7 @@ Mandatory for NetWeaver AAS cluster setup.
### sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name - _Type:_ `string` -- _Default:_ `vip___aas` +- _Default:_ `rsc_vip__AAS` Name of the SAPInstance resource for NetWeaver AAS.
@@ -775,14 +885,14 @@ Mandatory for NetWeaver ASCS/ERS cluster setup.
### sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name - _Type:_ `string` -- _Default:_ `_ASCS_group` +- _Default:_ `grp__ASCS` Name of the NetWeaver ASCS resource group.
### sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_name - _Type:_ `string` -- _Default:_ `vip___ascs` +- _Default:_ `rsc_vip__ASCS` Name of the SAPInstance resource for NetWeaver ASCS.
@@ -796,14 +906,14 @@ Mandatory for NetWeaver ASCS/ERS cluster setup.
### sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name - _Type:_ `string` -- _Default:_ `_ERS_group` +- _Default:_ `grp__ERS_group` Name of the NetWeaver ERS resource group.
### sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_name - _Type:_ `string` -- _Default:_ `vip___ers` +- _Default:_ `rsc_vip__ERS` Name of the SAPInstance resource for NetWeaver ERS.
@@ -817,14 +927,14 @@ Mandatory for NetWeaver PAS cluster setup.
### sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name - _Type:_ `string` -- _Default:_ `vip___pas` +- _Default:_ `rsc_vip__PAS` Name of the SAPInstance resource for NetWeaver PAS.
### sap_ha_pacemaker_cluster_vip_secondary_resource_name - _Type:_ `string` -- _Default:_ `vip_` +- _Default:_ `rsc_vip__HDB_readonly` Customize the name of the resource managing the Virtual IP of read-only access to the secondary HANA instance.
diff --git a/roles/sap_ha_pacemaker_cluster/defaults/main.yml b/roles/sap_ha_pacemaker_cluster/defaults/main.yml index 7c3fa95b0..ead98c89f 100644 --- a/roles/sap_ha_pacemaker_cluster/defaults/main.yml +++ b/roles/sap_ha_pacemaker_cluster/defaults/main.yml @@ -31,9 +31,8 @@ sap_ha_pacemaker_cluster_create_config_dest: "review_resource_config.yml" sap_ha_pacemaker_cluster_cluster_nodes: "{{ sap_hana_cluster_nodes | default([]) }}" # Resource defaults are defined differently by cluster type in different tasks, if not custom defined. -# TODO: migrate to 'ha_cluster' native parameter combination when moving the function to be included in the role -# (newer feature in the LSR) sap_ha_pacemaker_cluster_resource_defaults: {} +sap_ha_pacemaker_cluster_operation_defaults: {} # The type of SAP landscape and multi-node replication # TODO: Type definitions and feature support @@ -108,20 +107,33 @@ sap_ha_pacemaker_cluster_hana_instance_nr: >- # AUTOMATED_REGISTER sap_ha_pacemaker_cluster_hana_automated_register: true # DUPLICATE_PRIMARY_TIMEOUT -sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout: 900 +sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout: 7200 # PREFER_SITE_TAKEOVER sap_ha_pacemaker_cluster_hana_prefer_site_takeover: true # SAP HANA - Resource IDs (names) as convenience parameters. sap_ha_pacemaker_cluster_hana_resource_name: >- - SAPHana_{{ sap_ha_pacemaker_cluster_hana_sid }}_{{ sap_ha_pacemaker_cluster_hana_instance_nr }} + rsc_SAPHana_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} sap_ha_pacemaker_cluster_hana_resource_clone_name: >- - {{ sap_ha_pacemaker_cluster_hana_resource_name }}-clone + cln_SAPHana_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} +# Master slave clone for SAPHanaSR on SLES <15.6 +sap_ha_pacemaker_cluster_hana_resource_clone_msl_name: >- + msl_SAPHana_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} +# SAPHanaController resource in SAPHanaSR-angi +sap_ha_pacemaker_cluster_hanacontroller_resource_name: >- + rsc_SAPHanaCon_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} +sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name: >- + mst_SAPHanaCon_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} + sap_ha_pacemaker_cluster_hana_topology_resource_name: >- - SAPHanaTopology_{{ sap_ha_pacemaker_cluster_hana_sid }}_{{ sap_ha_pacemaker_cluster_hana_instance_nr }} + rsc_SAPHanaTop_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} sap_ha_pacemaker_cluster_hana_topology_resource_clone_name: >- - {{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}-clone + cln_SAPHanaTop_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} +sap_ha_pacemaker_cluster_hana_filesystem_resource_name: >- + rsc_SAPHanaFil_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} +sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name: >- + cln_SAPHanaFil_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} # Multiple VIP parameters can be defined and will be combined. # See tasks/include_construct_vip_resources.yml @@ -129,10 +141,10 @@ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name: >- # Mandatory: primary VIP address definition in HANA scale-up clusters sap_ha_pacemaker_cluster_vip_hana_primary_ip_address: '' sap_ha_pacemaker_cluster_vip_hana_primary_resource_name: >- - vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary + rsc_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary sap_ha_pacemaker_cluster_vip_hana_secondary_ip_address: '' sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name: >- - vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_readonly + rsc_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_readonly sap_ha_pacemaker_cluster_healthcheck_hana_primary_id: "{{ sap_ha_pacemaker_cluster_hana_sid + 'prim' }}" sap_ha_pacemaker_cluster_healthcheck_hana_secondary_id: "{{ sap_ha_pacemaker_cluster_hana_sid + 'ro' }}" @@ -141,6 +153,16 @@ sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ers_id: "{{ sap_ha_pacemaker_clus sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid + 'pas' }}" sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid + 'aas' }}" +# Optional dictionary with custom list of HANA Hooks for replication +sap_ha_pacemaker_cluster_hana_hooks: [] +# Parameters enable additonal srHooks for TkOver and ChkSrv. +# They are ignored if sap_ha_pacemaker_cluster_hana_hooks is used. +sap_ha_pacemaker_cluster_hana_hook_tkover: false +sap_ha_pacemaker_cluster_hana_hook_chksrv: false + +# SAP Hana global.ini path calculated from SID +sap_ha_pacemaker_cluster_hana_global_ini_path: "/usr/sap/{{ + sap_ha_pacemaker_cluster_hana_sid | upper }}/SYS/global/hdb/custom/config/global.ini" ################################################################################ # NetWeaver generic definitions @@ -180,16 +202,16 @@ sap_ha_pacemaker_cluster_resource_filesystem_force_unmount: safe # See tasks/include_construct_vip_resources.yml sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_ip_address: '' sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_name: >- - vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}_ascs + rsc_vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} sap_ha_pacemaker_cluster_vip_nwas_abap_ers_ip_address: '' sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_name: >- - vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}_ers + rsc_vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} sap_ha_pacemaker_cluster_vip_nwas_abap_pas_ip_address: '' sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name: >- - vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr }}_pas + rsc_vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_PAS{{ sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr }} sap_ha_pacemaker_cluster_vip_nwas_abap_aas_ip_address: '' sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name: >- - vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_aas_instance_nr }}_aas + rsc_vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_AAS{{ sap_ha_pacemaker_cluster_nwas_abap_aas_instance_nr }} # SAP NetWeaver common - Resource IDs (names) as convenience parameters @@ -198,11 +220,11 @@ sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name: >- # - /usr/sap/trans # - /usr/sap/<>/SYS sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name: >- - Filesystem_NWAS_SAPMNT_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }} + rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_sapmnt sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name: >- - Filesystem_NWAS_TRANS_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }} + rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_trans sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name: >- - Filesystem_NWAS_SYS_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }} + rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_sys # The shared filesystems are not required to be configured in the cluster. # By default it is assumed that they are mounted by the system and available on all cluster nodes. @@ -211,9 +233,9 @@ sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed: false # SAP NetWeaver resource group names as convenience parameters sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name: >- - {{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}_group + grp_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name: >- - {{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}_group + grp_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} ################################################################################ # ASCS resource defaults @@ -229,9 +251,9 @@ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_start_profile_string: '' # - /usr/sap/<>/ERS<> sap_ha_pacemaker_cluster_nwas_abap_ascs_filesystem_resource_name: >- - Filesystem_NWAS_ABAP_ASCS_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} + rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name: >- - SAPInstance_NWAS_ABAP_ASCS_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} + rsc_SAPInstance_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} # sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_clone_name: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name }}-clone" sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_automatic_recover_bool: false sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_stickiness: 5000 @@ -252,9 +274,9 @@ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_instance_name: '' sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_start_profile_string: '' sap_ha_pacemaker_cluster_nwas_abap_ers_filesystem_resource_name: >- - Filesystem_NWAS_ABAP_ERS_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} + rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name: >- - SAPInstance_NWAS_ABAP_ERS_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} + rsc_SAPInstance_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} # sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_clone_name: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name }}-clone" sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_automatic_recover_bool: false diff --git a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml index 2de3b8d43..0d98a27ea 100644 --- a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml +++ b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml @@ -119,6 +119,18 @@ argument_specs: resource-stickiness: 1000 migration-threshold: 5000 + sap_ha_pacemaker_cluster_operation_defaults: + type: dict + default: + timeout: 600 + record-pending: true + description: + - Set default operation parameters that will be valid for all pacemaker resources. + example: + sap_ha_pacemaker_cluster_operation_defaults: + timeout: 600 + record-pending: true + sap_ha_pacemaker_cluster_host_type: type: list choices: @@ -274,7 +286,7 @@ argument_specs: sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout: type: int - default: 900 + default: 7200 description: - Parameter for the 'SAPHana' cluster resource. - Time difference needed between to primary time stamps, if a dual-primary situation occurs. @@ -295,32 +307,58 @@ argument_specs: - When set to "true" (default) a failover to secondary will be initiated on resource failure. sap_ha_pacemaker_cluster_hana_resource_name: - default: "SAPHana__" + default: "rsc_SAPHana__HDB" description: - Customize the cluster resource name of the SAP HANA DB resource. sap_ha_pacemaker_cluster_hana_resource_clone_name: - default: "SAPHana__-clone" + default: "cln_SAPHana__HDB" description: - Customize the cluster resource name of the SAP HANA DB resource clone. + sap_ha_pacemaker_cluster_hana_resource_clone_msl_name: + default: "msl_SAPHana__HDB" + description: + - Customize the cluster resource name of the SAP HANA DB resource master slave clone. + - Master Slave clone is specific to SAPHana resource on SUSE. + + sap_ha_pacemaker_cluster_hanacontroller_resource_name: + default: "rsc_SAPHanaCon__HDB" + description: + - Customize the cluster resource name of the SAP HANA Controller. + + sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name: + default: "cln_SAPHanaCon__HDB" + description: + - Customize the cluster resource name of the SAP HANA Controller clone. + sap_ha_pacemaker_cluster_hana_topology_resource_name: - default: "SAPHanaTopology__" + default: "rsc_SAPHanaTop__HDB" description: - Customize the cluster resource name of the SAP HANA Topology resource. sap_ha_pacemaker_cluster_hana_topology_resource_clone_name: - default: "SAPHanaTopology__-clone" + default: "cln_SAPHanaTop__HDB" description: - Customize the cluster resource name of the SAP HANA Topology resource clone. + sap_ha_pacemaker_cluster_hana_filesystem_resource_name: + default: "rsc_SAPHanaFil__HDB" + description: + - Customize the cluster resource name of the SAP HANA Filesystem. + + sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name: + default: "cln_SAPHanaFil__HDB" + description: + - Customize the cluster resource name of the SAP HANA Filesystem clone. + sap_ha_pacemaker_cluster_vip_hana_primary_ip_address: description: - The virtual IP of the primary HANA instance. - Mandatory parameter for HANA clusters. sap_ha_pacemaker_cluster_vip_hana_primary_resource_name: - default: "vip_" + default: "rsc_vip__HDB_primary" description: - Customize the name of the resource managing the Virtual IP of the primary HANA instance. @@ -330,11 +368,58 @@ argument_specs: - Optional parameter in HANA clusters. sap_ha_pacemaker_cluster_vip_secondary_resource_name: - default: "vip_" + default: "rsc_vip__HDB_readonly" description: - Customize the name of the resource managing the Virtual IP of read-only access to the secondary HANA instance. + sap_ha_pacemaker_cluster_hana_hooks: + type: list + default: [] + description: + - Customize required list of SAP HANA Hooks + - Mandatory to include SAPHanaSR srHook in list. + - Mandatory attributes are provider and path. + - Example below shows mandatory SAPHanaSR, TkOver and ChkSrv hooks. + + example: + sap_ha_pacemaker_cluster_hana_hooks: + - provider: SAPHanaSR + path: /usr/share/SAPHanaSR/ + options: + - name: execution_order + value: 1 + - provider: susTkOver + path: /usr/share/SAPHanaSR/ + options: + - name: execution_order + value: 2 + - provider: susChkSrv + path: /usr/share/SAPHanaSR/ + options: + - name: execution_order + value: 3 + - name: action_on_lost + value: stop + + sap_ha_pacemaker_cluster_hana_hook_tkover: + type: bool + default: false + description: + - Controls if TkOver srHook is enabled during srHook creation. + - It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined. + + sap_ha_pacemaker_cluster_hana_hook_chksrv: + type: bool + default: false + description: + - Controls if ChkSrv srHook is enabled during srHook creation. + - It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined. + + sap_ha_pacemaker_cluster_hana_global_ini_path: + default: "/usr/sap//SYS/global/hdb/custom/config/global.ini" + description: + - Path with location of global.ini for srHook update ########################################################################## # NetWeaver specific parameters @@ -435,7 +520,7 @@ argument_specs: - Mandatory for NetWeaver ASCS/ERS cluster setup. sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_name: - default: vip___ascs + default: rsc_vip__ASCS description: - Name of the SAPInstance resource for NetWeaver ASCS. @@ -445,7 +530,7 @@ argument_specs: - Mandatory for NetWeaver ASCS/ERS cluster setup. sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_name: - default: vip___ers + default: rsc_vip__ERS description: - Name of the SAPInstance resource for NetWeaver ERS. @@ -455,7 +540,7 @@ argument_specs: - Mandatory for NetWeaver PAS cluster setup. sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name: - default: vip___pas + default: rsc_vip__PAS description: - Name of the SAPInstance resource for NetWeaver PAS. @@ -465,12 +550,12 @@ argument_specs: - Mandatory for NetWeaver AAS cluster setup. sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name: - default: vip___aas + default: rsc_vip__AAS description: - Name of the SAPInstance resource for NetWeaver AAS. sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name: - default: Filesystem_NWAS_SAPMNT_ + default: rsc_fs__sapmnt description: - Filesystem resource name for the shared filesystem /sapmnt. - Optional, this is typically managed by the OS, but can as well be added to the cluster @@ -478,7 +563,7 @@ argument_specs: - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name: - default: Filesystem_NWAS_TRANS_ + default: rsc_fs__trans description: - Filesystem resource name for the transports filesystem /usr/sap/trans. - Optional, this is typically managed by the OS, but can as well be added to the cluster @@ -486,7 +571,7 @@ argument_specs: - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name: - default: Filesystem_NWAS_SYS_ + default: rsc_fs__sys description: - Filesystem resource name for the transports filesystem /usr/sap//SYS. - Optional, this is typically managed by the OS, but can as well be added to the cluster @@ -501,12 +586,12 @@ argument_specs: `/usr/sap//SYS` and '/sapmnt' shall be configured as cloned cluster resources. sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name: - default: _ASCS_group + default: grp__ASCS description: - Name of the NetWeaver ASCS resource group. sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name: - default: _ERS_group + default: grp__ERS_group description: - Name of the NetWeaver ERS resource group. @@ -525,12 +610,12 @@ argument_specs: - Mandatory for the NetWeaver ASCS/ERS cluster setup. sap_ha_pacemaker_cluster_nwas_abap_ascs_filesystem_resource_name: - default: Filesystem_NWAS_ABAP_ASCS__ + default: rsc_fs__ASCS description: - Name of the filesystem resource for the ASCS instance. sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name: - default: SAPInstance_NWAS_ABAP_ASCS__ + default: rsc_SAPInstance__ASCS description: - Name of the ASCS instance resource. @@ -587,12 +672,12 @@ argument_specs: - NetWeaver ERS instance resource option "AUTOMATIC_RECOVER". sap_ha_pacemaker_cluster_nwas_abap_ers_filesystem_resource_name: - default: Filesystem_NWAS_ABAP_ERS__ + default: rsc_fs__ERS description: - Name of the filesystem resource for the ERS instance. sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name: - default: SAPInstance_NWAS_ABAP_ERS__ + default: rsc_SAPInstance__ERS description: - Name of the ERS instance resource. diff --git a/roles/sap_ha_pacemaker_cluster/tasks/RedHat/post_steps_hana_scaleup.yml b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/post_steps_hana_scaleup.yml new file mode 100644 index 000000000..61ce5f6f1 --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/post_steps_hana_scaleup.yml @@ -0,0 +1,35 @@ +--- +# Starting SAPHana clone immediately after cluster configuration can lead to +# HANA shutdown. Following steps will leave enough time for resource agents +# to load HANA configuration before disabling maintenance. +# +# TODO: +# Add RedHat specific steps to mitigate issues with abtrupt start of cluster. + +- name: "SAP HA Install Pacemaker - SAPHana pcs resource cleanup" + ansible.builtin.command: + cmd: pcs resource cleanup {{ sap_ha_pacemaker_cluster_hana_resource_name + if not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hanacontroller_resource_name }} + changed_when: true + +- name: "SAP HA Install Pacemaker - SAPHana clone pcs resource refresh" + ansible.builtin.command: + cmd: pcs resource refresh {{ sap_ha_pacemaker_cluster_hana_resource_clone_name + if not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name }} + changed_when: true + +# Sleep 30 is added to leave enough time for agents to load data from HANA. +# TODO: Add detection for Idle HANA, to ensure that Resource Agents loaded data. +- name: "SAP HA Install Pacemaker - Sleep wait for SAP HANA to become idle" + ansible.builtin.command: + cmd: sleep 30 + changed_when: false + +- name: "SAP HA Install Pacemaker - SAPHana clone pcs resource meta maintenance=false" + ansible.builtin.command: + cmd: pcs resource meta {{ sap_ha_pacemaker_cluster_hana_resource_clone_name + if not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name }} maintenance=false + changed_when: true diff --git a/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_hana.yml new file mode 100644 index 000000000..c912295a5 --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_hana.yml @@ -0,0 +1,6 @@ +--- +# Identify if SAPHanaSR-angi package is available for installation. +# SAPHanaSR-angi replaces SAPHanaSR and SAPHanaSR-ScaleOut. + +# TODO: +# Add RedHat specific steps to identify SAPHanaSR-angi package. diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_hana_scaleup.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_hana_scaleup.yml new file mode 100644 index 000000000..9b04b12ec --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_hana_scaleup.yml @@ -0,0 +1,32 @@ +--- +# Starting SAPHana clone immediately after cluster configuration can lead to HANA shutdown. +# Following steps will leave enough time for resource agents to load HANA configuration +# before disabling maintenance. +# +# Steps are SUSE specific and they use crmsh. + +- name: "SAP HA Install Pacemaker - SAPHana crm resource cleanup" + ansible.builtin.command: + cmd: crm resource cleanup {{ sap_ha_pacemaker_cluster_hana_resource_name + if not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hanacontroller_resource_name }} + changed_when: true + +- name: "SAP HA Install Pacemaker - SAPHana clone crm resource refresh" + ansible.builtin.command: + cmd: crm resource refresh {{ sap_ha_pacemaker_cluster_hana_resource_clone_name + if not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name }} + changed_when: true + +- name: "SAP HA Install Pacemaker - Wait for SAP HANA to become idle" + ansible.builtin.command: + cmd: cs_wait_for_idle -s 5 + changed_when: true + +- name: "SAP HA Install Pacemaker - SAPHana crm resource maintenance off" + ansible.builtin.command: + cmd: crm resource maintenance {{ sap_ha_pacemaker_cluster_hana_resource_clone_name + if not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name }} off + changed_when: true diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml new file mode 100644 index 000000000..19d432494 --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml @@ -0,0 +1,37 @@ +--- +# Identify if SAPHanaSR-angi package is available for installation. +# SAPHanaSR-angi replaces SAPHanaSR and SAPHanaSR-ScaleOut. + +# This is destructive step if executed on running cluster +# without proper migration from SAPHanaSR to SAPHanaSR-angi! + +- name: "SAP HA Prepare Pacemaker - Gather installed packages facts" + ansible.builtin.package_facts: + manager: auto + +- name: "SAP HA Prepare Pacemaker - Search for SAPHanaSR-angi" + ansible.builtin.command: + cmd: zypper se SAPHanaSR-angi + changed_when: false + register: __sap_ha_pacemaker_cluster_zypper_angi_check + failed_when: false + +# package can be replaced with "rpm -e --nodeps {{ item }}" +- name: "SAP HA Prepare Pacemaker - Remove SAPHanaSR and SAPHanaSR-doc" + ansible.builtin.package: + name: "{{ item }}" + state: absent + loop: + - SAPHanaSR + - SAPHanaSR-doc + when: + - __sap_ha_pacemaker_cluster_zypper_angi_check is defined + - __sap_ha_pacemaker_cluster_zypper_angi_check.rc == 0 + - "'SAPHanaSR' in ansible_facts.packages" + +- name: "SAP HA Prepare Pacemaker - Set fact angi_available" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_saphanasr_angi_available: true + when: + - __sap_ha_pacemaker_cluster_zypper_angi_check is defined + - __sap_ha_pacemaker_cluster_zypper_angi_check.rc == 0 diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml index f7404fb61..d17b35a61 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml @@ -1,47 +1,86 @@ --- -- name: "SAP HA Pacemaker srHook - Create srHook shared directory" - ansible.builtin.file: - path: "{{ sap_ha_pacemaker_cluster_hadr_provider_path }}" - state: directory - mode: "0755" - owner: "{{ sap_ha_pacemaker_cluster_hana_sid | lower }}adm" - group: sapsys - -- name: "SAP HA Pacemaker srHook - Copy srHook to shared directory" - ansible.builtin.copy: - remote_src: true - src: "{{ __sap_ha_srhook_path }}" - dest: "{{ sap_ha_pacemaker_cluster_hadr_provider_path }}/{{ sap_ha_pacemaker_cluster_hadr_provider_name }}.py" - mode: "0755" - owner: "{{ sap_ha_pacemaker_cluster_hana_sid | lower }}adm" - group: sapsys - # Do not run in check mode because the path is created in the previous step - when: not ansible_check_mode - -- name: "SAP HA Pacemaker srHook - Check global.ini for 'ha_dr_saphanasr'" - ansible.builtin.shell: | - grep ha_dr_saphanasr /usr/sap/{{ sap_ha_pacemaker_cluster_hana_sid | upper }}/SYS/global/hdb/custom/config/global.ini - register: __sap_ha_pacemaker_cluster_srhook_trace_global - failed_when: false - # This command should always run, even in check mode. - # It never does a change, but the return code is required for the next task. - check_mode: false +- name: "SAP HA Pacemaker srHook - Check presence of global.ini" + ansible.builtin.stat: + path: "{{ sap_ha_pacemaker_cluster_hana_global_ini_path }}" + register: __sap_ha_pacemaker_cluster_global_ini + failed_when: not __sap_ha_pacemaker_cluster_global_ini.stat.exists + +- name: "SAP HA Pacemaker srHook - Get contents of global.ini" + ansible.builtin.command: + cmd: cat "{{ sap_ha_pacemaker_cluster_hana_global_ini_path }}" + register: __sap_ha_pacemaker_cluster_global_ini_contents changed_when: false -- name: "SAP HA Pacemaker srHook - Update srHook in global.ini" +# Following tasks will prepare srhook list if user input is detected +- name: "SAP HA Pacemaker srHook - Block for user provided hooks" + when: + - sap_ha_pacemaker_cluster_hana_hooks is defined + - sap_ha_pacemaker_cluster_hana_hooks | length > 0 + block: + - name: "SAP HA Pacemaker srHook - Use user provided hooks" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_hana_hooks: + "{{ sap_ha_pacemaker_cluster_hana_hooks }}" + __sap_ha_pacemaker_cluster_hana_hook_tkover: false + __sap_ha_pacemaker_cluster_hana_hook_chksrv: false + + # tkover and chksrv variables are updated if their providers are detected + - name: "SAP HA Pacemaker srHook - Set tkover true if present" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_hana_hook_tkover: true + when: + - sap_ha_pacemaker_cluster_hana_hooks | selectattr( + 'provider', 'search', 'tkover', 'i') | list | length > 0 + + - name: "SAP HA Pacemaker srHook - Set chksrv true if present" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_hana_hook_chksrv: true + when: + - sap_ha_pacemaker_cluster_hana_hooks | selectattr( + 'provider', 'search', 'chksrv', 'i') | list | length > 0 + +- name: "SAP HA Pacemaker srHook - Update srHook providers in global.ini" ansible.builtin.blockinfile: - path: /usr/sap/{{ sap_ha_pacemaker_cluster_hana_sid | upper }}/SYS/global/hdb/custom/config/global.ini + path: "{{ sap_ha_pacemaker_cluster_hana_global_ini_path }}" marker: "" block: | - [ha_dr_provider_{{ sap_ha_pacemaker_cluster_hadr_provider_name }}] - provider = {{ sap_ha_pacemaker_cluster_hadr_provider_name }} - path = {{ sap_ha_pacemaker_cluster_hadr_provider_path }} - execution_order = 1 + [ha_dr_provider_{{ srhook.provider }}] + provider = {{ srhook.provider }} + path = {{ srhook.path }} + {% for option in srhook.options | d([]) -%} + {{ option.name }} = {{ option.value }} + {% endfor %} + loop: "{{ __sap_ha_pacemaker_cluster_hana_hooks }}" + loop_control: + loop_var: srhook + when: "('[ha_dr_provider_' + srhook.provider + ']') + not in __sap_ha_pacemaker_cluster_global_ini_contents.stdout" +# Separate task to create [trace] block so hooks can be appended to it +- name: "SAP HA Pacemaker srHook - Add [trace] block in global.ini" + ansible.builtin.blockinfile: + path: "{{ sap_ha_pacemaker_cluster_hana_global_ini_path }}" + marker: "" + block: | [trace] - ha_dr_saphanasr = info - when: __sap_ha_pacemaker_cluster_srhook_trace_global.rc == 1 + when: + - "'[trace]' not in __sap_ha_pacemaker_cluster_global_ini_contents.stdout" + +# Append hooks to [trace] block if they are not present already +- name: "SAP HA Pacemaker srHook - Update srHooks trace in global.ini" + ansible.builtin.lineinfile: + path: "{{ sap_ha_pacemaker_cluster_hana_global_ini_path }}" + insertafter: "^\\[trace\\]" + line: "ha_dr_{{ srhook.provider }} = info" + loop: "{{ __sap_ha_pacemaker_cluster_hana_hooks }}" + loop_control: + loop_var: srhook + when: + - "('ha_dr_' + srhook.provider + ' = info') + not in __sap_ha_pacemaker_cluster_global_ini_contents.stdout" +# jinja2 template contains logic to add extra entries if: +# TkOver hook is present or SAPHanaSR-angi is used. - name: "SAP HA Pacemaker srHook - Add srHook sudo entries" ansible.builtin.template: backup: true diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml index bfb24a925..7d01c6745 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml @@ -43,6 +43,16 @@ ansible.builtin.set_fact: ha_cluster_cluster_properties: "{{ __sap_ha_pacemaker_cluster_cluster_properties }}" +- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_defaults'" + when: __sap_ha_pacemaker_cluster_resource_defaults is defined + ansible.builtin.set_fact: + ha_cluster_resource_defaults: "{{ __sap_ha_pacemaker_cluster_resource_defaults }}" + +- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_operation_defaults'" + when: __sap_ha_pacemaker_cluster_operation_defaults is defined + ansible.builtin.set_fact: + ha_cluster_resource_operation_defaults: "{{ __sap_ha_pacemaker_cluster_operation_defaults }}" + - name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_constraints_colocation'" when: __sap_ha_pacemaker_cluster_constraints_colocation is defined ansible.builtin.set_fact: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml index ec16611b9..ee84a21e3 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml @@ -2,158 +2,70 @@ # Variables containing variables must be constructed with values # to be fed into the included ha_cluster role -# - put here all scale-up and scale-out common resources -# - certain differences like ra agent names are provided through -# type specific variables - # TODO: add conditionals to verify that the same resource agent is not already # defined in user input variables. Conflicting user input should take precedence. +# Prepare default resource defaults - name: "SAP HA Prepare Pacemaker - Define resource defaults for HANA clusters" when: - sap_ha_pacemaker_cluster_resource_defaults is not defined or sap_ha_pacemaker_cluster_resource_defaults | length == 0 ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_resource_defaults: + sap_ha_pacemaker_cluster_resource_defaults: resource-stickiness: 1000 migration-threshold: 5000 -- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA Topology" +# Convert dictionary into ha_cluster format. +- name: "SAP HA Prepare Pacemaker - prepare resource defaults for ha_cluster" ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana_topology] }}" + __sap_ha_pacemaker_cluster_resource_defaults: "{{ __resource_defaults }}" vars: - __resource_hana_topology: - id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" - agent: "ocf:{{ __sap_ha_resource_agent_namespace }}:SAPHanaTopology" - instance_attrs: - - attrs: - - name: SID - value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" - - name: InstanceNumber - value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" - operations: - - action: start - attrs: - - name: timeout - value: 600 - - action: stop - attrs: - - name: timeout - value: 600 - - action: monitor - attrs: - - name: interval - value: 10 - - name: timeout - value: 600 - when: - - __resource_hana_topology.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) + __resource_defaults: + meta_attrs: + - attrs: |- + {% set attrs = __sap_ha_pacemaker_cluster_resource_defaults.meta_attrs | map(attribute='attrs') | flatten -%} + {%- for resource_default in (sap_ha_pacemaker_cluster_resource_defaults | dict2items) -%} + {% if resource_default.key not in + (__sap_ha_pacemaker_cluster_resource_defaults.meta_attrs | map(attribute='attrs') | flatten | map(attribute='name')) -%} + {% set role_attrs = attrs.extend([ + { + 'name': resource_default.key, + 'value': resource_default.value + } + ]) -%} + {%- endif %} + {%- endfor %} + {{ attrs }} -- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA DB" - ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana] }}" - vars: - __resource_hana: - id: "{{ sap_ha_pacemaker_cluster_hana_resource_name }}" - agent: "ocf:{{ __sap_ha_resource_agent_namespace }}:{{ sap_ha_pacemaker_cluster_ra_hana }}" - instance_attrs: - - attrs: - - name: SID - value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" - - name: InstanceNumber - value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" - - name: AUTOMATED_REGISTER - value: "{{ sap_ha_pacemaker_cluster_hana_automated_register | string }}" - - name: DUPLICATE_PRIMARY_TIMEOUT - value: "{{ sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout | string }}" - - name: PREFER_SITE_TAKEOVER - value: "{{ sap_ha_pacemaker_cluster_hana_prefer_site_takeover | string }}" - operations: - - action: start - attrs: - - name: timeout - value: 3600 - - action: stop - attrs: - - name: timeout - value: 3600 - - action: monitor - attrs: - - name: interval - value: 61 - - name: role - value: Slave - - name: timeout - value: 700 - - action: monitor - attrs: - - name: interval - value: 59 - - name: role - value: Master - - name: timeout - value: 700 - - action: promote - attrs: - - name: timeout - value: 3600 - - action: demote - attrs: - - name: timeout - value: 3600 - when: - - __resource_hana.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) -- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA Topology" - ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana_topology] }}" - vars: - __clone_hana_topology: - resource_id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" - meta_attrs: - - attrs: - - name: clone-max - value: 2 - - name: clone-node-max - value: 1 - - name: interleave - value: "true" +# Prepare default resource operation defaults +- name: "SAP HA Prepare Pacemaker - Define operation defaults for HANA clusters" when: - - __clone_hana_topology.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) - -- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA DB" + - sap_ha_pacemaker_cluster_operation_defaults is not defined + or sap_ha_pacemaker_cluster_operation_defaults | length == 0 ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana] }}" - vars: - __clone_hana: - resource_id: "{{ sap_ha_pacemaker_cluster_hana_resource_name }}" - meta_attrs: - - attrs: - - name: clone-max - value: 2 - - name: clone-node-max - value: 1 - - name: interleave - value: "true" - - name: promotable - value: "true" - when: - - __clone_hana.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + sap_ha_pacemaker_cluster_operation_defaults: + timeout: 600 + record-pending: true -# First start Topology, then HANA (automatically stops in reverse order) -- name: "SAP HA Prepare Pacemaker - Add order constraint: Topology starts before DB" +# Convert dictionary into ha_cluster format. +- name: "SAP HA Prepare Pacemaker - prepare operation defaults for ha_cluster" ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_hana_topology] }}" + __sap_ha_pacemaker_cluster_operation_defaults: "{{ __operation_defaults }}" vars: - __constraint_order_hana_topology: - resource_first: - id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name }}" - action: start - resource_then: - id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name }}" - action: start - options: - - name: symmetrical - value: "false" - when: - - __constraint_order_hana_topology.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then')) + __operation_defaults: + meta_attrs: + - attrs: |- + {% set attrs = __sap_ha_pacemaker_cluster_operation_defaults.meta_attrs | map(attribute='attrs') | flatten -%} + {%- for operation_default in (sap_ha_pacemaker_cluster_operation_defaults | dict2items) -%} + {% if operation_default.key not in + (__sap_ha_pacemaker_cluster_operation_defaults.meta_attrs | map(attribute='attrs') | flatten | map(attribute='name')) -%} + {% set role_attrs = attrs.extend([ + { + 'name': operation_default.key, + 'value': operation_default.value + } + ]) -%} + {%- endif %} + {%- endfor %} + {{ attrs }} diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup.yml index b9215eb1f..2ecc6bf96 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup.yml @@ -1,13 +1,183 @@ --- -# Variables containing variables must be constructed with values -# to be fed into an included role - -# TODO: add here any scale-up special variable constructions -# Make sure to first respect 'ha_cluster' native variables - -# - name: "SAP HA Prepare Pacemaker - Construct cluster vars for SAP HANA Scale-up" -# ansible.builtin.set_fact: -# -- name: "SAP HA Prepare Pacemaker - Info" - ansible.builtin.debug: - msg: "INFO: There is currently no Scale-up specific construction, in addition to the SAP HANA common definitions." +- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA Topology" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana_topology] }}" + vars: + __resource_hana_topology: + id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.saphanatopology }}" + instance_attrs: + - attrs: + - name: SID + value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" + - name: InstanceNumber + value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" + operations: + - action: start + attrs: + - name: timeout + value: 600 + - action: stop + attrs: + - name: timeout + value: 600 + - action: monitor + attrs: + - name: interval + value: 10 + - name: timeout + value: 600 + when: + - __resource_hana_topology.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) + + +- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA DB" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana] }}" + vars: + __resource_hana: + id: "{{ sap_ha_pacemaker_cluster_hana_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.saphana }}" + instance_attrs: + - attrs: + - name: SID + value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" + - name: InstanceNumber + value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" + - name: AUTOMATED_REGISTER + value: "{{ sap_ha_pacemaker_cluster_hana_automated_register | string }}" + - name: DUPLICATE_PRIMARY_TIMEOUT + value: "{{ sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout | string }}" + - name: PREFER_SITE_TAKEOVER + value: "{{ sap_ha_pacemaker_cluster_hana_prefer_site_takeover | string }}" + operations: + - action: start + attrs: + - name: timeout + value: 3600 + - action: stop + attrs: + - name: timeout + value: 3600 + - action: monitor + attrs: + - name: interval + value: 61 + - name: role + value: Slave + - name: timeout + value: 700 + - action: monitor + attrs: + # SUSE recommended monitor interval is 60 + - name: interval + value: "{{ 60 if ansible_os_family == 'Suse' else 59 }}" + - name: role + value: Master + - name: timeout + value: 700 + - action: promote + attrs: + - name: timeout + value: 900 + - action: demote + attrs: + - name: timeout + value: 320 + meta_attrs: + - attrs: + - name: priority + value: 100 + when: + - __resource_hana.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) + + +- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA Topology" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana_topology] }}" + vars: + __clone_hana_topology: + id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name }}" + resource_id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" + meta_attrs: + - attrs: + - name: clone-max + value: 2 + - name: clone-node-max + value: 1 + - name: interleave + value: "true" + when: + - __clone_hana_topology.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + + +- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA DB" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_clones: + "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana] }}" + vars: + __clone_hana: + id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name }}" + resource_id: "{{ sap_ha_pacemaker_cluster_hana_resource_name }}" + meta_attrs: + - attrs: + - name: clone-max + value: 2 + - name: clone-node-max + value: 1 + - name: interleave + value: "true" + - name: promotable + value: "true" + # Maintenance attribute is required for correct cluster startup. + - name: maintenance + value: "true" + when: + - __clone_hana.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + - ansible_os_family != 'Suse' + +- name: "SAP HA Prepare Pacemaker - Add master slave resource clone: SAP HANA DB" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_clones: + "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana] }}" + vars: + __clone_hana: + id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_msl_name }}" + resource_id: "{{ sap_ha_pacemaker_cluster_hana_resource_name }}" + meta_attrs: + - attrs: + - name: clone-max + value: 2 + - name: clone-node-max + value: 1 + - name: interleave + value: "true" + # Maintenance attribute is required for correct cluster startup. + - name: maintenance + value: "true" + # ms attribute is used to create ms resource instead of clone. + ms: true + when: + - __clone_hana.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + - ansible_os_family == 'Suse' + +# First start Topology, then HANA (automatically stops in reverse order) +- name: "SAP HA Prepare Pacemaker - Add order constraint: Topology starts before DB" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_constraints_order: + "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_hana_topology] }}" + vars: + __constraint_order_hana_topology: + resource_first: + id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name }}" + action: start + resource_then: + # SUSE SAPHanaSR is using Master Slave clone using Master/Slave roles + id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name + if ansible_os_family != 'Suse' else sap_ha_pacemaker_cluster_hana_resource_clone_msl_name }}" + action: start + options: + - name: symmetrical + value: "false" + when: + - __constraint_order_hana_topology.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then')) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup_angi.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup_angi.yml new file mode 100644 index 000000000..85c793686 --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup_angi.yml @@ -0,0 +1,207 @@ +--- +- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA Topology" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana_topology] }}" + vars: + __resource_hana_topology: + id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.saphanatopology }}" + instance_attrs: + - attrs: + - name: SID + value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" + - name: InstanceNumber + value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" + operations: + - action: start + attrs: + - name: timeout + value: 600 + - action: stop + attrs: + - name: timeout + value: 600 + - action: monitor + attrs: + - name: interval + value: 50 + - name: timeout + value: 600 + when: + - __resource_hana_topology.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) + + +- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA DB" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana] }}" + vars: + __resource_hana: + id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.saphanacontroller }}" + instance_attrs: + - attrs: + - name: SID + value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" + - name: InstanceNumber + value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" + - name: AUTOMATED_REGISTER + value: "{{ sap_ha_pacemaker_cluster_hana_automated_register | string }}" + - name: DUPLICATE_PRIMARY_TIMEOUT + value: "{{ sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout | string }}" + - name: PREFER_SITE_TAKEOVER + value: "{{ sap_ha_pacemaker_cluster_hana_prefer_site_takeover | string }}" + operations: + - action: start + attrs: + - name: timeout + value: 3600 + - action: stop + attrs: + - name: timeout + value: 3600 + - action: monitor + attrs: + - name: interval + value: 61 + - name: role + value: Unpromoted + - name: timeout + value: 700 + - action: monitor + attrs: + - name: interval + value: 60 + - name: role + value: Promoted + - name: timeout + value: 700 + - action: promote + attrs: + - name: timeout + value: 700 + - action: demote + attrs: + - name: timeout + value: 320 + meta_attrs: + - attrs: + - name: priority + value: 100 + when: + - __resource_hana.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) + + +- name: "SAP HA Prepare Pacemaker - Add resource: SAP HANA Filesystem" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_hana_filesystem] }}" + vars: + __resource_hana_filesystem: + id: "{{ sap_ha_pacemaker_cluster_hana_filesystem_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.saphanafilesystem }}" + instance_attrs: + - attrs: + - name: SID + value: "{{ sap_ha_pacemaker_cluster_hana_sid }}" + - name: InstanceNumber + value: "{{ sap_ha_pacemaker_cluster_hana_instance_nr }}" + - name: ON_FAIL_ACTION + value: fence + operations: + - action: start + attrs: + - name: interval + value: 0 + - name: timeout + value: 10 + - action: stop + attrs: + - name: interval + value: 0 + - name: timeout + value: 20 + - action: monitor + attrs: + - name: interval + value: 120 + - name: timeout + value: 180 + when: + - __resource_hana_filesystem.agent not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='agent')) + + +- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA Topology" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana_topology] }}" + vars: + __clone_hana_topology: + id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name }}" + resource_id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_name }}" + meta_attrs: + - attrs: + - name: clone-max + value: 2 + - name: clone-node-max + value: 1 + - name: interleave + value: "true" + when: + - __clone_hana_topology.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + + +- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA Controller" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_clones: + "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana] }}" + vars: + __clone_hana: + id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name }}" + resource_id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_name }}" + meta_attrs: + - attrs: + - name: clone-max + value: 2 + - name: clone-node-max + value: 1 + - name: interleave + value: "true" + - name: promotable + value: "true" + - name: maintenance + value: "true" + when: + - __clone_hana.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + +- name: "SAP HA Prepare Pacemaker - Add resource clone: SAP HANA Filesystem" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_hana_filesystem] }}" + vars: + __clone_hana_filesystem: + id: "{{ sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name }}" + resource_id: "{{ sap_ha_pacemaker_cluster_hana_filesystem_resource_name }}" + meta_attrs: + - attrs: + - name: clone-node-max + value: 1 + - name: interleave + value: "true" + when: + - __clone_hana_filesystem.resource_id not in (__sap_ha_pacemaker_cluster_resource_clones | map(attribute='resource_id')) + +# First start Topology, then HANA (automatically stops in reverse order) +- name: "SAP HA Prepare Pacemaker - Add order constraint: Topology starts before DB" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_constraints_order: + "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_hana_topology] }}" + vars: + __constraint_order_hana_topology: + resource_first: + id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name }}" + action: start + resource_then: + id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name }}" + action: start + options: + - name: symmetrical + value: "false" + when: + - __constraint_order_hana_topology.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then')) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml index aa76295a0..0a0add2a8 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml @@ -391,7 +391,7 @@ vars: __constraint_order_sapmnt: resource_first: - id: "{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name }}-clone" + id: "cln_{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name }}" role: started resource_then: id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}_group" @@ -404,7 +404,7 @@ vars: __constraint_order_sapmnt: resource_first: - id: "{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name }}-clone" + id: "cln_{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name }}" role: started resource_then: id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}_group" diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml index ccaae9c04..6e21d870d 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml @@ -12,10 +12,63 @@ - sap_ha_pacemaker_cluster_resource_defaults is not defined or sap_ha_pacemaker_cluster_resource_defaults | length == 0 ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_resource_defaults: + sap_ha_pacemaker_cluster_resource_defaults: resource-stickiness: 1 migration-threshold: 3 +# Convert dictionary into ha_cluster format. +- name: "SAP HA Prepare Pacemaker - prepare resource defaults for ha_cluster" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_defaults: "{{ __resource_defaults }}" + vars: + __resource_defaults: + meta_attrs: + - attrs: |- + {% set attrs = __sap_ha_pacemaker_cluster_resource_defaults.meta_attrs | map(attribute='attrs') | flatten -%} + {%- for resource_default in (sap_ha_pacemaker_cluster_resource_defaults | dict2items) -%} + {% if resource_default.key not in + (__sap_ha_pacemaker_cluster_resource_defaults.meta_attrs | map(attribute='attrs') | flatten | map(attribute='name')) -%} + {% set role_attrs = attrs.extend([ + { + 'name': resource_default.key, + 'value': resource_default.value + } + ]) -%} + {%- endif %} + {%- endfor %} + {{ attrs }} + +# Prepare default resource operation defaults +- name: "SAP HA Prepare Pacemaker - Define operation defaults for NetWeaver clusters" + when: + - sap_ha_pacemaker_cluster_operation_defaults is not defined + or sap_ha_pacemaker_cluster_operation_defaults | length == 0 + ansible.builtin.set_fact: + sap_ha_pacemaker_cluster_operation_defaults: + timeout: 600 + record-pending: true + +# Convert dictionary into ha_cluster format. +- name: "SAP HA Prepare Pacemaker - prepare operation defaults for ha_cluster" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_operation_defaults: "{{ __operation_defaults }}" + vars: + __operation_defaults: + meta_attrs: + - attrs: |- + {% set attrs = __sap_ha_pacemaker_cluster_operation_defaults.meta_attrs | map(attribute='attrs') | flatten -%} + {%- for operation_default in (sap_ha_pacemaker_cluster_operation_defaults | dict2items) -%} + {% if operation_default.key not in + (__sap_ha_pacemaker_cluster_operation_defaults.meta_attrs | map(attribute='attrs') | flatten | map(attribute='name')) -%} + {% set role_attrs = attrs.extend([ + { + 'name': operation_default.key, + 'value': operation_default.value + } + ]) -%} + {%- endif %} + {%- endfor %} + {{ attrs }} - name: "SAP HA Prepare Pacemaker - Add NetWeaver common filesystem resources to resource definition" ansible.builtin.set_fact: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml index 8e5cf4002..e3311324d 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml @@ -52,6 +52,16 @@ # END of block for disabling stonith +# Add additional stonith properties to sap_ha_pacemaker_cluster_cluster_properties +# Checks if pcmk_delay_max is defined and non zero, then multiples it by 2. +- name: "SAP HA Prepare Pacemaker - (STONITH) Add priority-fencing-delay property" + ansible.builtin.set_fact: + sap_ha_pacemaker_cluster_cluster_properties: + "{{ sap_ha_pacemaker_cluster_cluster_properties | combine({'priority-fencing-delay': + sap_ha_pacemaker_cluster_stonith_default.options.pcmk_delay_max | int * 2}) + if sap_ha_pacemaker_cluster_stonith_default.options.pcmk_delay_max is defined + and sap_ha_pacemaker_cluster_stonith_default.options.pcmk_delay_max | int != 0 + else sap_ha_pacemaker_cluster_cluster_properties }}" - name: "SAP HA Prepare Pacemaker - (STONITH) Define cluster properties" when: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml index 6896055ae..c75f1aacf 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml @@ -36,6 +36,8 @@ when: - __constraint_order_vip.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then')) - __res_or_grp != 'none_found' # fallback skip if there was neither a group nor any VIP/HC resources found + # SUSE HANA Cluster does not contain order for cln_SAPHana then IP. This is achieved by colocation constraint. + - ansible_os_family != 'Suse' - name: "SAP HA Prepare Pacemaker - Add order constraint: Read-only VIP starts after DB on the secondary" ansible.builtin.set_fact: @@ -72,7 +74,8 @@ when: - __constraint_order_vip.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then')) - __res_or_grp != 'none_found' # fallback skip if there was neither a group nor any VIP/HC resources found - + # SUSE HANA Cluster does not contain order for cln_SAPHana then IP. This is achieved by colocation constraint. + - ansible_os_family != 'Suse' # The primary VIP only runs where HANA is promoted - name: "SAP HA Prepare Pacemaker - Add colocation constraint: Primary VIP runs where HANA is promoted" @@ -81,10 +84,15 @@ vars: __constraint_colo_vip: resource_leader: - id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name }}" - role: promoted + # SAPHana is replaced by SAP HANA Controller for SAPHanaSR-angi + id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name if __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hana_resource_clone_name }}" + # SUSE SAPHanaSR is using Master Slave clone using Master/Slave roles + role: "{{ 'master' if ansible_os_family == 'Suse' and not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else 'promoted' }}" resource_follower: id: "{{ __res_or_grp }}" + role: started options: - name: score value: "{{ __colo_score }}" @@ -135,10 +143,15 @@ vars: __constraint_colo_vip: resource_leader: - id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name }}" - role: unpromoted + # SAPHana is replaced by SAP HANA Controller for SAPHanaSR-angi + id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name if __sap_ha_pacemaker_cluster_saphanasr_angi_available + else sap_ha_pacemaker_cluster_hana_resource_clone_name }}" + # SUSE SAPHanaSR is using Master Slave clone using Master/Slave roles + role: "{{ 'slave' if ansible_os_family == 'Suse' and not __sap_ha_pacemaker_cluster_saphanasr_angi_available + else 'unpromoted' }}" resource_follower: id: "{{ __res_or_grp }}" + role: started options: - name: score value: "{{ __colo_score }}" diff --git a/roles/sap_ha_pacemaker_cluster/tasks/include_vars_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/include_vars_hana.yml index ed2f2f41b..6c7f8c906 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/include_vars_hana.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/include_vars_hana.yml @@ -1,5 +1,15 @@ --- -- name: SAP HA Prepare Pacemaker - Include HANA landscape specific variables +# Detect presence of SAPHanaSR-angi package before loading HANA variables +# Detection of package availability was chosen instead of OS version check. +# SAPHanaSR-angi will be retrofitted to older SP repositories in future. +- name: "SAP HA Prepare Pacemaker - Detect SAPHanaSR-angi availability" + ansible.builtin.include_tasks: + file: "{{ ansible_facts['os_family'] }}/pre_steps_hana.yml" + when: + - sap_ha_pacemaker_cluster_host_type | select('search', 'hana') | length > 0 + + +- name: "SAP HA Prepare Pacemaker - Include HANA landscape specific variables" ansible.builtin.include_vars: "{{ role_path }}/vars/{{ include_item }}.yml" loop: "{{ __host_type_list | flatten }}" loop_control: @@ -7,7 +17,18 @@ label: "{{ include_item }}.yml" vars: __host_type_list: - - hana_scaleup_common - - "{{ sap_ha_pacemaker_cluster_host_type }}" + - "{{ sap_ha_pacemaker_cluster_host_type | d('hana_scaleup_perf') }}" when: - "(role_path + '/vars/' + include_item + '.yml') is file" + + +# Disable concurrent-fencing for Scale-up scenario. +# This assignment cannot be in scaleup var file, because it results in nested error. +- name: "SAP HA Prepare Pacemaker - Disable concurrent-fencing in properties" + ansible.builtin.set_fact: + sap_ha_pacemaker_cluster_cluster_properties: + "{{ sap_ha_pacemaker_cluster_cluster_properties | combine({'concurrent-fencing': false}) + if sap_ha_pacemaker_cluster_cluster_properties['concurrent-fencing'] is defined + else sap_ha_pacemaker_cluster_cluster_properties }}" + when: + - sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup') | length > 0 diff --git a/roles/sap_ha_pacemaker_cluster/tasks/main.yml b/roles/sap_ha_pacemaker_cluster/tasks/main.yml index e62864c79..417bc1685 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/main.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/main.yml @@ -60,6 +60,14 @@ file: construct_vars_hana_scaleup.yml when: - sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup') | length > 0 + - not __sap_ha_pacemaker_cluster_saphanasr_angi_available + +- name: "SAP HA Prepare Pacemaker - Include variable construction for SAP HANA Scale-up - Angi" + ansible.builtin.include_tasks: + file: construct_vars_hana_scaleup_angi.yml + when: + - sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup') | length > 0 + - __sap_ha_pacemaker_cluster_saphanasr_angi_available - name: "SAP HA Prepare Pacemaker - Include variable construction for SAP NetWeaver common" ansible.builtin.include_tasks: @@ -167,32 +175,32 @@ name: "{{ sap_ha_pacemaker_cluster_system_roles_collection }}.ha_cluster" no_log: "{{ __sap_ha_pacemaker_cluster_no_log }}" # some parameters contain secrets - # Resource defaults settings were added to "ha_cluster" in Apr 2023 (GH version 1.9.0) - # https://github.com/linux-system-roles/ha_cluster#ha_cluster_resource_defaults - # Keeping separate for compatibility with older versions of the ha_cluster role. - # TODO: Change resource defaults update to "ha_cluster" native syntax. - - name: "SAP HA Install Pacemaker - Check resource defaults" - ansible.builtin.command: - cmd: | - {{ __sap_ha_pacemaker_cluster_command.resource_defaults_show }} - register: __sap_ha_pacemaker_cluster_check_resource_defaults - run_once: true - changed_when: false - check_mode: false - - - name: "SAP HA Install Pacemaker - Update resource default attributes" - when: - - item.key ~ '=' ~ item.value not in __sap_ha_pacemaker_cluster_check_resource_defaults.stdout - - __sap_ha_pacemaker_cluster_resource_defaults is defined - - __sap_ha_pacemaker_cluster_resource_defaults | length > 0 - ansible.builtin.command: - cmd: | - {{ __sap_ha_pacemaker_cluster_command.resource_defaults_update }} {{ item.key }}={{ item.value }} - loop: "{{ __sap_ha_pacemaker_cluster_resource_defaults | dict2items }}" - loop_control: - label: "{{ item.key }}={{ item.value }}" - run_once: true - changed_when: true + # # Resource defaults settings were added to "ha_cluster" in Apr 2023 (GH version 1.9.0) + # # https://github.com/linux-system-roles/ha_cluster#ha_cluster_resource_defaults + # # Keeping separate for compatibility with older versions of the ha_cluster role. + # # TODO: Change resource defaults update to "ha_cluster" native syntax. + # - name: "SAP HA Install Pacemaker - Check resource defaults" + # ansible.builtin.command: + # cmd: | + # {{ __sap_ha_pacemaker_cluster_command.resource_defaults_show }} + # register: __sap_ha_pacemaker_cluster_check_resource_defaults + # run_once: true + # changed_when: false + # check_mode: false + + # - name: "SAP HA Install Pacemaker - Update resource default attributes" + # when: + # - item.key ~ '=' ~ item.value not in __sap_ha_pacemaker_cluster_check_resource_defaults.stdout + # - __sap_ha_pacemaker_cluster_resource_defaults is defined + # - __sap_ha_pacemaker_cluster_resource_defaults | length > 0 + # ansible.builtin.command: + # cmd: | + # {{ __sap_ha_pacemaker_cluster_command.resource_defaults_update }} {{ item.key }}={{ item.value }} + # loop: "{{ __sap_ha_pacemaker_cluster_resource_defaults | dict2items }}" + # loop_control: + # label: "{{ item.key }}={{ item.value }}" + # run_once: true + # changed_when: true # Corosync post-inst - name: "SAP HA Install Pacemaker - Make sure corosync systemd directory exists" @@ -227,6 +235,14 @@ when: - sap_ha_pacemaker_cluster_host_type | select('search', 'hana') | length > 0 + # Graceful start of SAPHana clone to ensure resource agents are able to load configuration. + - name: "SAP HA Install Pacemaker - Gracefully start SAP HANA cluster" + ansible.builtin.include_tasks: + file: "{{ ansible_facts['os_family'] }}/post_steps_hana_scaleup.yml" + when: + - sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup') | length > 0 + run_once: true + - name: "SAP HA Install Pacemaker - Include NetWeaver ASCS/ERS post installation" ansible.builtin.include_tasks: file: configure_nwas_ascs_ers_postinstallation.yml diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_aws_ec2_vs.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_aws_ec2_vs.yml index 0dbcdf44f..25cf812c5 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_aws_ec2_vs.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_aws_ec2_vs.yml @@ -18,14 +18,15 @@ __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_vip] }}" vars: __resource_vip: - id: "pri_{{ vip_list_item.key }}" + id: "{{ vip_list_item.key }}" # pri_ prefix removed agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents[sap_ha_pacemaker_cluster_vip_method].agent }}" instance_attrs: - attrs: - name: secondary_private_ip value: "{{ vip_list_item.value }}" when: - - ('pri_' ~ vip_list_item.key) not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) +# - ('pri_' ~ vip_list_item.key) not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) + - vip_list_item.key not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) - sap_ha_pacemaker_cluster_vip_method == 'awsvip' - vip_list_item.key in __sap_ha_pacemaker_cluster_vip_resource_list @@ -37,7 +38,7 @@ id: "{{ sap_ha_pacemaker_cluster_vip_group_prefix }}{{ vip_list_item.key }}" resource_ids: - "{{ vip_list_item.key }}" - - "pri_{{ vip_list_item.key }}" +# - "pri_{{ vip_list_item.key }}" when: - __vip_group.id is not in (__sap_ha_pacemaker_cluster_resource_groups | map(attribute='id')) - sap_ha_pacemaker_cluster_vip_method in ['awsvip'] diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_gcp_ce_vm.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_gcp_ce_vm.yml index 2f5d3d600..0e5cb6a16 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_gcp_ce_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_gcp_ce_vm.yml @@ -14,7 +14,7 @@ vars: __resource_vip: id: "{{ vip_list_item.key }}" - agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents['ipaddr'].agent }}" + agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents[sap_ha_pacemaker_cluster_vip_method].agent }}" instance_attrs: - attrs: - name: ip diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_ibmcloud_powervs.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_ibmcloud_powervs.yml index 01d2cf3b0..b8a2abac2 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_ibmcloud_powervs.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_ibmcloud_powervs.yml @@ -7,7 +7,7 @@ vars: __resource_vip: id: "{{ vip_list_item.key }}" - agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents['ipaddr_custom'].agent }}" + agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents[sap_ha_pacemaker_cluster_vip_method].agent }}" instance_attrs: - attrs: - name: ip diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_hyp_ibmpower_vm.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_hyp_ibmpower_vm.yml index 97b662d67..b2ebfb1a7 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_hyp_ibmpower_vm.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_hyp_ibmpower_vm.yml @@ -7,7 +7,7 @@ vars: __resource_vip: id: "{{ vip_list_item.key }}" - agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents['ipaddr'].agent }}" + agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents[sap_ha_pacemaker_cluster_vip_method].agent }}" instance_attrs: - attrs: - name: ip diff --git a/roles/sap_ha_pacemaker_cluster/templates/cluster_create_config.j2 b/roles/sap_ha_pacemaker_cluster/templates/cluster_create_config.j2 index 622cf8e48..98c536090 100644 --- a/roles/sap_ha_pacemaker_cluster/templates/cluster_create_config.j2 +++ b/roles/sap_ha_pacemaker_cluster/templates/cluster_create_config.j2 @@ -12,6 +12,14 @@ ha_cluster_cluster_name: {{ ha_cluster_cluster_name | default(' 0 diff --git a/roles/sap_hana_preconfigure/tasks/SLES/installation.yml b/roles/sap_hana_preconfigure/tasks/SLES/installation.yml index 3788ec552..a01037e27 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/installation.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/installation.yml @@ -1,8 +1,4 @@ --- -#- name: Enable Debugging -# debug: -# verbosity: "{{ debuglevel }}" -# # Reason for noqa: Both yum and dnf support "state: latest" - name: Ensure that the system is updated to the latest patchlevel # noqa package-latest ansible.builtin.package: @@ -25,13 +21,12 @@ - '"SLES" in sles_baseproduct.stat.lnk_target' - ansible_os_family == 'Suse' -- name: Output - ansible.builtin.debug: - msg: - - "OS Family: {{ ansible_os_family }}" - - "saptune: {{ __sap_hana_preconfigure_run_saptune }}" - - "link: {{ sles_baseproduct.stat.lnk_target }}" -# ----------- +# - name: Output +# ansible.builtin.debug: +# msg: +# - "OS Family: {{ ansible_os_family }}" +# - "saptune: {{ __sap_hana_preconfigure_run_saptune }}" +# - "link: {{ sles_baseproduct.stat.lnk_target }}" - name: Prepare saptune when: @@ -45,12 +40,24 @@ state: present force: true - - name: Ensure saptune is installed + - name: Ensure latest saptune is installed + community.general.zypper: + type: package + name: saptune + state: present + when: + - sap_hana_preconfigure_saptune_version is undefined + or sap_hana_preconfigure_saptune_version | length == 0 + + - name: Ensure specific saptune version is installed community.general.zypper: type: package name: "saptune={{ sap_hana_preconfigure_saptune_version }}" state: present force: true + when: + - sap_hana_preconfigure_saptune_version is defined + - sap_hana_preconfigure_saptune_version | length > 0 - name: Ensure sapconf is installed community.general.zypper: From 97fea450612a187d8e3212579bb8e279b896a077 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Fri, 5 Apr 2024 12:51:26 +0000 Subject: [PATCH 083/135] fix: spelling check --- roles/sap_ha_pacemaker_cluster/defaults/main.yml | 2 +- roles/sap_ha_pacemaker_cluster/vars/redhat.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/defaults/main.yml b/roles/sap_ha_pacemaker_cluster/defaults/main.yml index ead98c89f..50cbe3f58 100644 --- a/roles/sap_ha_pacemaker_cluster/defaults/main.yml +++ b/roles/sap_ha_pacemaker_cluster/defaults/main.yml @@ -155,7 +155,7 @@ sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_id: "{{ sap_ha_pacemaker_clus # Optional dictionary with custom list of HANA Hooks for replication sap_ha_pacemaker_cluster_hana_hooks: [] -# Parameters enable additonal srHooks for TkOver and ChkSrv. +# Parameters enable additional srHooks for TkOver and ChkSrv. # They are ignored if sap_ha_pacemaker_cluster_hana_hooks is used. sap_ha_pacemaker_cluster_hana_hook_tkover: false sap_ha_pacemaker_cluster_hana_hook_chksrv: false diff --git a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml index facca8562..de7891380 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml @@ -85,7 +85,7 @@ __sap_ha_pacemaker_cluster_hook_hana_scaleup_perf_angi: [] __sap_ha_pacemaker_cluster_hook_hana_scaleout: [] __sap_ha_pacemaker_cluster_hook_hana_scaleout_angi: [] -# Disabled additonal hooks until they are present in package +# Disabled additional hooks until they are present in dictionary above # TODO: Remove when additional hooks are specified above. __sap_ha_pacemaker_cluster_hana_hook_tkover: false __sap_ha_pacemaker_cluster_hana_hook_chksrv: false From aa210d80a9996582e3aec6c3a0975a4038c908e9 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Mon, 8 Apr 2024 14:58:41 +0000 Subject: [PATCH 084/135] fix: replacing hardcoded _group ascs ers --- .../tasks/construct_vars_nwas_abap_ascs_ers.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml index 0a0add2a8..13ed67e0f 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml @@ -338,10 +338,10 @@ vars: __constraint_colo_ers: resource_leader: - id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}_group" + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" role: started resource_follower: - id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}_group" + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" options: - name: score value: -5000 @@ -355,10 +355,10 @@ vars: __constraint_order_ascs_ers: resource_first: - id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}_group" + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" role: started resource_then: - id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}_group" + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" options: - name: symmetrical value: "false" @@ -394,7 +394,7 @@ id: "cln_{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name }}" role: started resource_then: - id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}_group" + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" when: - sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed @@ -407,6 +407,6 @@ id: "cln_{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name }}" role: started resource_then: - id: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}_group" + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" when: - sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed From 9ee6ac97311fbd66a9932c20a637d241231079a0 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Thu, 11 Apr 2024 10:30:44 +0000 Subject: [PATCH 085/135] readme updated and regenerated --- roles/sap_ha_pacemaker_cluster/README.md | 189 ++++++++++++----------- 1 file changed, 95 insertions(+), 94 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/README.md b/roles/sap_ha_pacemaker_cluster/README.md index 31e27619c..78d635e66 100644 --- a/roles/sap_ha_pacemaker_cluster/README.md +++ b/roles/sap_ha_pacemaker_cluster/README.md @@ -62,7 +62,7 @@ The target host must be either: - OS version: Registered RHEL4SAP (HA and US) 8.4+ - OS package repositories enabled: SAP and High Availability - SUSE - - OS version: Registered SLES4SAP 15+ + - OS version: Registered SLES for SAP 15+ (SLES4SAP 15+) - OS package repositories enabled: HA Extension is part of registered SLES4SAP @@ -332,6 +332,76 @@ Time difference needed between to primary time stamps, if a dual-primary situati If the time difference is less than the time gap, then the cluster holds one or both instances in a "WAITING" status.
This is to give an admin a chance to react on a failover. A failed former primary will be registered after the time difference is passed.
+### sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name + +- _Type:_ `string` +- _Default:_ `cln_SAPHanaFil__HDB` + +Customize the cluster resource name of the SAP HANA Filesystem clone.
+ +### sap_ha_pacemaker_cluster_hana_filesystem_resource_name + +- _Type:_ `string` +- _Default:_ `rsc_SAPHanaFil__HDB` + +Customize the cluster resource name of the SAP HANA Filesystem.
+ +### sap_ha_pacemaker_cluster_hana_global_ini_path + +- _Type:_ `string` +- _Default:_ `/usr/sap//SYS/global/hdb/custom/config/global.ini` + +Path with location of global.ini for srHook update
+ +### sap_ha_pacemaker_cluster_hana_hook_chksrv + +- _Type:_ `bool` +- _Default:_ `False` + +Controls if ChkSrv srHook is enabled during srHook creation.
+It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined.
+ +### sap_ha_pacemaker_cluster_hana_hook_tkover + +- _Type:_ `bool` +- _Default:_ `False` + +Controls if TkOver srHook is enabled during srHook creation.
+It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined.
+ +### sap_ha_pacemaker_cluster_hana_hooks + +- _Type:_ `list` +- _Default:_ `[]` + +Customize required list of SAP HANA Hooks
+Mandatory to include SAPHanaSR srHook in list.
+Mandatory attributes are provider and path.
+Example below shows mandatory SAPHanaSR, TkOver and ChkSrv hooks.
+ +Example: + +```yaml +sap_ha_pacemaker_cluster_hana_hooks: +- options: + - name: execution_order + value: 1 + path: /usr/share/SAPHanaSR/ + provider: SAPHanaSR +- options: + - name: execution_order + value: 2 + path: /usr/share/SAPHanaSR/ + provider: susTkOver +- options: + - name: execution_order + value: 3 + - name: action_on_lost + value: stop + path: /usr/share/SAPHanaSR/ + provider: susChkSrv +``` + ### sap_ha_pacemaker_cluster_hana_instance_nr - _Type:_ `string` @@ -349,13 +419,6 @@ Parameter for the 'SAPHana' cluster resource.
Set to "false" if the cluster should first attempt to restart the instance on the same node.
When set to "true" (default) a failover to secondary will be initiated on resource failure.
-### sap_ha_pacemaker_cluster_hana_resource_clone_name - -- _Type:_ `string` -- _Default:_ `cln_SAPHana__HDB` - -Customize the cluster resource name of the SAP HANA DB resource clone.
- ### sap_ha_pacemaker_cluster_hana_resource_clone_msl_name - _Type:_ `string` @@ -364,26 +427,19 @@ Customize the cluster resource name of the SAP HANA DB resource clone.
Customize the cluster resource name of the SAP HANA DB resource master slave clone.
Master Slave clone is specific to SAPHana resource on SUSE.
-### sap_ha_pacemaker_cluster_hana_resource_name - -- _Type:_ `string` -- _Default:_ `rsc_SAPHana__HDB` - -Customize the cluster resource name of the SAP HANA DB resource.
- -### sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name +### sap_ha_pacemaker_cluster_hana_resource_clone_name - _Type:_ `string` -- _Default:_ `cln_SAPHanaCon__HDB` +- _Default:_ `cln_SAPHana__HDB` -Customize the cluster resource name of the SAP HANA DB Controller clone.
+Customize the cluster resource name of the SAP HANA DB resource clone.
-### sap_ha_pacemaker_cluster_hanacontroller_resource_name +### sap_ha_pacemaker_cluster_hana_resource_name - _Type:_ `string` -- _Default:_ `rsc_SAPHanaCon__HDB` +- _Default:_ `rsc_SAPHana__HDB` -Customize the cluster resource name of the SAP HANA Controller.
+Customize the cluster resource name of the SAP HANA DB resource.
### sap_ha_pacemaker_cluster_hana_sid @@ -408,74 +464,19 @@ Customize the cluster resource name of the SAP HANA Topology resource clone.
Customize the cluster resource name of the SAP HANA Topology resource.
-### sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name - -- _Type:_ `string` -- _Default:_ `cln_SAPHanaFil__HDB` - -Customize the cluster resource name of the SAP HANA Filesystem clone.
- -### sap_ha_pacemaker_cluster_hana_filesystem_resource_name +### sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name - _Type:_ `string` -- _Default:_ `rsc_SAPHanaFil__HDB` - -Customize the cluster resource name of the SAP HANA Filesystem.
- -### sap_ha_pacemaker_cluster_hana_hooks - -- _Type:_ `list` - -Customize required list of SAP HANA Hooks.
-Mandatory to include SAPHanaSR srHook in list.
-Mandatory attributes are provider and path.
-Example below shows mandatory SAPHanaSR, TkOver and ChkSrv hooks.
- -Example: - -```yaml -sap_ha_pacemaker_cluster_hana_hooks: - - provider: SAPHanaSR - path: /usr/share/SAPHanaSR/ - options: - - name: execution_order - value: 1 - - provider: susTkOver - path: /usr/share/SAPHanaSR/ - options: - - name: execution_order - value: 2 - - provider: susChkSrv - path: /usr/share/SAPHanaSR/ - options: - - name: execution_order - value: 3 - - name: action_on_lost - value: stop -``` - -### sap_ha_pacemaker_cluster_hana_hook_tkover - -- _Type:_ `bool` -- _Default:_ `false` - -Controls if TkOver srHook is enabled during srHook creation.
-It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined.
- -### sap_ha_pacemaker_cluster_hana_hook_chksrv - -- _Type:_ `bool` -- _Default:_ `false` +- _Default:_ `cln_SAPHanaCon__HDB` -Controls if ChkSrv srHook is enabled during srHook creation.
-It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined.
+Customize the cluster resource name of the SAP HANA Controller clone.
-### sap_ha_pacemaker_cluster_hana_global_ini_path +### sap_ha_pacemaker_cluster_hanacontroller_resource_name - _Type:_ `string` -- _Default:_ `/usr/sap//SYS/global/hdb/custom/config/global.ini` +- _Default:_ `rsc_SAPHanaCon__HDB` -Path with location of global.ini for srHook update.
+Customize the cluster resource name of the SAP HANA Controller.
### sap_ha_pacemaker_cluster_host_type @@ -714,34 +715,34 @@ Filesystem resource name for the transports filesystem /usr/sap/trans.
Optional, this is typically managed by the OS, but can as well be added to the cluster configuration.
Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
-### sap_ha_pacemaker_cluster_resource_defaults +### sap_ha_pacemaker_cluster_operation_defaults - _Type:_ `dict` -- _Default:_ `{'migration-threshold': 5000, 'resource-stickiness': 3000}` +- _Default:_ `{'record-pending': True, 'timeout': 600}` -Set default parameters that will be valid for all pacemaker resources.
+Set default operation parameters that will be valid for all pacemaker resources.
Example: ```yaml -sap_ha_pacemaker_cluster_resource_defaults: - migration-threshold: 5000 - resource-stickiness: 1000 +sap_ha_pacemaker_cluster_operation_defaults: + record-pending: true + timeout: 600 ``` -### sap_ha_pacemaker_cluster_operation_defaults +### sap_ha_pacemaker_cluster_resource_defaults - _Type:_ `dict` -- _Default:_ `{'timeout': 600, 'record-pending': true}` +- _Default:_ `{'migration-threshold': 5000, 'resource-stickiness': 3000}` -Set default operation parameters that will be valid for all pacemaker resources.
+Set default parameters that will be valid for all pacemaker resources.
Example: ```yaml -sap_ha_pacemaker_cluster_operation_defaults: - timeout: 600 - record-pending: true +sap_ha_pacemaker_cluster_resource_defaults: + migration-threshold: 5000 + resource-stickiness: 1000 ``` ### sap_ha_pacemaker_cluster_stonith_custom From 2191c38473bf930ea0680e912407a5ce815cd9c0 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 11 Apr 2024 12:57:53 +0200 Subject: [PATCH 086/135] sap_general_preconfigure: Fix /etc/hosts check in assert mode Solves issue #696. Signed-off-by: Bernd Finger --- .../tasks/RedHat/generic/assert-etc-hosts.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml index 2b4fc6810..3c69ed7f6 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml @@ -8,7 +8,7 @@ - "sap_general_preconfigure_ip = {{ sap_general_preconfigure_ip }}" - name: Check if ipv4 address, FQDN, and hostname are once in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/{{ sap_general_preconfigure_ip }}/&&/{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}/&&/{{ sap_general_preconfigure_hostname }}/{a++}END{print a}' /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_ip }}\s/&&/\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/&&(/\s{{ sap_general_preconfigure_hostname }}\s/||/\s{{ sap_general_preconfigure_hostname }}$/){a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_assert ignore_errors: yes changed_when: no @@ -20,17 +20,18 @@ success_msg: "PASS: The line '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' is once in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" +# We allow more than one line containing sap_general_preconfigure_ip: - name: Count the number of sap_general_preconfigure_ip ({{ sap_general_preconfigure_ip }}) entries in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/{{ sap_general_preconfigure_ip }}/{a++}END{print a}' /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_ip }}\s/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_sap_ip_once_assert ignore_errors: yes changed_when: no -- name: Assert that there is just one line containing {{ sap_general_preconfigure_ip }} in /etc/hosts +- name: Assert that there is at least one line containing {{ sap_general_preconfigure_ip }} in /etc/hosts ansible.builtin.assert: - that: __sap_general_preconfigure_register_sap_ip_once_assert.stdout == '1' - fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts!" - success_msg: "PASS: There is only one line containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts." + that: __sap_general_preconfigure_register_sap_ip_once_assert.stdout >= '1' + fail_msg: "FAIL: There is no line containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts!" + success_msg: "PASS: There is at least one line containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" - name: Check for duplicate or missing entries of {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} in /etc/hosts From 153a36e6039f9d62554fae232565714b6678c7fc Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 12 Apr 2024 15:55:34 +0200 Subject: [PATCH 087/135] sap_install_media_detect: improve file type detection Solves issue #695. Signed-off-by: Bernd Finger --- .../files/tmp/sapfile | 78 +++++++++---------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/roles/sap_install_media_detect/files/tmp/sapfile b/roles/sap_install_media_detect/files/tmp/sapfile index 49a782ff8..034285ef6 100755 --- a/roles/sap_install_media_detect/files/tmp/sapfile +++ b/roles/sap_install_media_detect/files/tmp/sapfile @@ -207,12 +207,12 @@ for _FILE in "$@"; do _FILE_OUTPUT=$(file "${_FILE}" | sed 's,'"${_FILE}"': ,,') _GENERIC_FILE_TYPE=$(echo "${_FILE_OUTPUT}" | awk ' BEGIN{_file_type="other"} - /RAR self-extracting archive/{_file_type="rarexe"} - /RAR archive data/{_file_type="rar"} - /Zip archive data/{_file_type="zip"} - /SAPCAR archive data/{_file_type="sapcar"} - /XML/&&/ASCII/{_file_type="xml"} - /directory/{_file_type="dir"} + /RAR self-extracting archive/{_file_type="rarexe"; exit} + /RAR archive data/{_file_type="rar"; exit} + /Zip archive data/{_file_type="zip"; exit} + /SAPCAR archive data/{_file_type="sapcar"; exit} + /XML/&&/ASCII/{_file_type="xml"; exit} + /directory/{_file_type="dir"; exit} END{print _file_type}') if [[ ${_GENERIC_FILE_TYPE}. == "rarexe." ]]; then _list_content="${_LSAR_COMMAND}" @@ -241,23 +241,23 @@ for _FILE in "$@"; do SAP_FILE_TYPE_FROM_FILENAME=$(echo "${_FILE}" | awk ' BEGIN{_sap_file_type="look_inside"} - /SAPCAR/&&/\.EXE/{_sap_file_type="sapcar"} - /IMDB_SERVER/&&/\.SAR/{_sap_file_type="saphana"} - /IMDB_CLIENT/&&/\.SAR/{_sap_file_type="saphana_client"} - !/IMDB_SERVER/&&!/IMDB_CLIENT/&&/IMDB/&&/\.SAR/{_sap_file_type="saphana_other"} - /SWPM/&&/\.SAR/{_sap_file_type="sap_swpm"} - /SAPHOSTAGENT/&&/\.SAR/{_sap_file_type="sap_hostagent"} - /SAPEXE_/{_sap_file_type="sap_kernel"} - /SAPEXEDB_/{_sap_file_type="sap_kernel_db"} - /igsexe/||/igshelper/{_sap_file_type="sap_igs"} - /SAPWEBDISP_/{_sap_file_type="sap_webdisp"} - /SAPJVM/{_sap_file_type="sap_jvm"} - /ASEBC/{_sap_file_type="sapase_client"} - /COMPLETE/{_sap_file_type="saphana_backup"} - /S4/&&/LANG/{_sap_file_type="sap_s4hana_lang"} - /S4/&&/EXPORT/{_sap_file_type="sap_export_s4hana"} - /BW4/&&/EXPORT/{_sap_file_type="sap_export_bw4hana"} - /VCH/&&/\.SAR/{_sap_file_type="saphana_vch_afl"} + /SAPCAR/&&/\.EXE/{_sap_file_type="sapcar"; exit} + /IMDB_SERVER/&&/\.SAR/{_sap_file_type="saphana"; exit} + /IMDB_CLIENT/&&/\.SAR/{_sap_file_type="saphana_client"; exit} + !/IMDB_SERVER/&&!/IMDB_CLIENT/&&/IMDB/&&/\.SAR/{_sap_file_type="saphana_other"; exit} + /SWPM/&&/\.SAR/{_sap_file_type="sap_swpm"; exit} + /SAPHOSTAGENT/&&/\.SAR/{_sap_file_type="sap_hostagent"; exit} + /SAPEXE_/{_sap_file_type="sap_kernel"; exit} + /SAPEXEDB_/{_sap_file_type="sap_kernel_db"; exit} + /igsexe/||/igshelper/{_sap_file_type="sap_igs"; exit} + /SAPWEBDISP_/{_sap_file_type="sap_webdisp"; exit} + /SAPJVM/{_sap_file_type="sap_jvm"; exit} + /ASEBC/{_sap_file_type="sapase_client"; exit} + /COMPLETE/{_sap_file_type="saphana_backup"; exit} + /S4/&&/LANG/{_sap_file_type="sap_s4hana_lang"; exit} + /S4/&&/EXPORT/{_sap_file_type="sap_export_s4hana"; exit} + /BW4/&&/EXPORT/{_sap_file_type="sap_export_bw4hana"; exit} + /VCH/&&/\.SAR/{_sap_file_type="saphana_vch_afl"; exit} END{print _sap_file_type}') if [[ ${SAP_FILE_TYPE_FROM_FILENAME}. == "sap_kernel_db." ]]; then SAP_FILE_TYPE_FROM_FILENAME=$(eval "${_list_content}" "${_FILE}" | awk ' @@ -277,22 +277,22 @@ for _FILE in "$@"; do ${_GENERIC_FILE_TYPE}. == "xml." ]]; then _SAP_FILE_TYPE=$(eval "${_list_content}" "${_FILE}" | awk ' BEGIN{_sap_file_type="sap_unknown"} - /BD_SYBASE_ASE/{_sap_file_type="sapase"} - /ASEBC/{_sap_file_type="sapase_client"} - /MaxDB_7.9/{_sap_file_type="sapmaxdb"} - /19cinstall.sh/{_sap_file_type="oracledb"} - /OCL_LINUX_X86_64/{_sap_file_type="oracledb_client"} - /brtools/{_sap_file_type="oracledb_tools"} - /db2setup/{_sap_file_type="ibmdb2"} - /db6_update_client.sh/{_sap_file_type="ibmdb2_client"} - /db2aese_c.lic/{_sap_file_type="ibmdb2_license"} - /DATA_UNITS\/EXPORT/{_sap_file_type="sap_export_ecc"} - /EXP[0-9]/{_sap_file_type="sap_export_ecc_ides"} - /DATA_UNITS\/EXP[0-9]/{_sap_file_type="sap_export_nwas_abap"} - /DATA_UNITS\/JAVA_EXPORT_JDMP/{_sap_file_type="sap_export_nwas_java"} - /DATA_UNITS\/SOLMAN/&&/_JAVA_UT/{_sap_file_type="sap_export_solman_java"} - / Date: Fri, 12 Apr 2024 16:08:53 +0200 Subject: [PATCH 088/135] sap_install_media_detect: Solve issue #699 --- roles/sap_install_media_detect/files/tmp/sapfile | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/sap_install_media_detect/files/tmp/sapfile b/roles/sap_install_media_detect/files/tmp/sapfile index 034285ef6..ac26a8758 100755 --- a/roles/sap_install_media_detect/files/tmp/sapfile +++ b/roles/sap_install_media_detect/files/tmp/sapfile @@ -286,6 +286,7 @@ for _FILE in "$@"; do /db2setup/{_sap_file_type="ibmdb2"; exit} /db6_update_client.sh/{_sap_file_type="ibmdb2_client"; exit} /db2aese_c.lic/{_sap_file_type="ibmdb2_license"; exit} + /DATA_UNITS\/S4_JAVA/{_sap_file_type="sap_export_s4hana_java"; exit} /DATA_UNITS\/JAVA_EXPORT_JDMP/{_sap_file_type="sap_export_nwas_java"; exit} /DATA_UNITS\/EXPORT/{_sap_file_type="sap_export_ecc"; exit} /DATA_UNITS\/EXP[0-9]/{_sap_file_type="sap_export_nwas_abap"; exit} From 1af130a308f4721b3302fcb633e68c3c0be0c972 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Fri, 12 Apr 2024 15:13:07 +0000 Subject: [PATCH 089/135] fix: renaming vars, srhook lowercase --- roles/sap_ha_pacemaker_cluster/README.md | 2 +- .../meta/argument_specs.yml | 2 +- .../tasks/RedHat/post_steps_hana_scaleup.yml | 2 +- .../tasks/configure_srhook.yml | 24 ++++++++++--------- .../tasks/construct_final_hacluster_vars.yml | 4 ++-- .../tasks/construct_vars_hana_common.yml | 6 ++--- .../tasks/construct_vars_nwas_common.yml | 6 ++--- .../vars/hana_scaleup_perf.yml | 14 +++++------ roles/sap_ha_pacemaker_cluster/vars/main.yml | 2 +- 9 files changed, 32 insertions(+), 30 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/README.md b/roles/sap_ha_pacemaker_cluster/README.md index 78d635e66..eb8db6411 100644 --- a/roles/sap_ha_pacemaker_cluster/README.md +++ b/roles/sap_ha_pacemaker_cluster/README.md @@ -907,7 +907,7 @@ Mandatory for NetWeaver ASCS/ERS cluster setup.
### sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name - _Type:_ `string` -- _Default:_ `grp__ERS_group` +- _Default:_ `grp__ERS` Name of the NetWeaver ERS resource group.
diff --git a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml index 0d98a27ea..5d18715fc 100644 --- a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml +++ b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml @@ -591,7 +591,7 @@ argument_specs: - Name of the NetWeaver ASCS resource group. sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name: - default: grp__ERS_group + default: grp__ERS description: - Name of the NetWeaver ERS resource group. diff --git a/roles/sap_ha_pacemaker_cluster/tasks/RedHat/post_steps_hana_scaleup.yml b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/post_steps_hana_scaleup.yml index 61ce5f6f1..fc15cb42b 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/RedHat/post_steps_hana_scaleup.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/post_steps_hana_scaleup.yml @@ -4,7 +4,7 @@ # to load HANA configuration before disabling maintenance. # # TODO: -# Add RedHat specific steps to mitigate issues with abtrupt start of cluster. +# Add RedHat specific steps to mitigate issues with abrupt start of cluster. - name: "SAP HA Install Pacemaker - SAPHana pcs resource cleanup" ansible.builtin.command: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml index d17b35a61..fdc4610b3 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_srhook.yml @@ -44,17 +44,18 @@ path: "{{ sap_ha_pacemaker_cluster_hana_global_ini_path }}" marker: "" block: | - [ha_dr_provider_{{ srhook.provider }}] - provider = {{ srhook.provider }} - path = {{ srhook.path }} - {% for option in srhook.options | d([]) -%} + [ha_dr_provider_{{ srhook_item.provider }}] + provider = {{ srhook_item.provider }} + path = {{ srhook_item.path }} + {% for option in srhook_item.options | d([]) -%} {{ option.name }} = {{ option.value }} {% endfor %} loop: "{{ __sap_ha_pacemaker_cluster_hana_hooks }}" loop_control: - loop_var: srhook - when: "('[ha_dr_provider_' + srhook.provider + ']') - not in __sap_ha_pacemaker_cluster_global_ini_contents.stdout" + loop_var: srhook_item + label: "{{ srhook_item.provider }}" + when: "('[ha_dr_provider_' + srhook_item.provider + ']') | lower + not in __sap_ha_pacemaker_cluster_global_ini_contents.stdout | lower" # Separate task to create [trace] block so hooks can be appended to it - name: "SAP HA Pacemaker srHook - Add [trace] block in global.ini" @@ -71,13 +72,14 @@ ansible.builtin.lineinfile: path: "{{ sap_ha_pacemaker_cluster_hana_global_ini_path }}" insertafter: "^\\[trace\\]" - line: "ha_dr_{{ srhook.provider }} = info" + line: "ha_dr_{{ srhook_item.provider }} = info" loop: "{{ __sap_ha_pacemaker_cluster_hana_hooks }}" loop_control: - loop_var: srhook + loop_var: srhook_item + label: "{{ srhook_item.provider }}" when: - - "('ha_dr_' + srhook.provider + ' = info') - not in __sap_ha_pacemaker_cluster_global_ini_contents.stdout" + - "('ha_dr_' + srhook_item.provider + ' = info') | lower + not in __sap_ha_pacemaker_cluster_global_ini_contents.stdout | lower" # jinja2 template contains logic to add extra entries if: # TkOver hook is present or SAPHanaSR-angi is used. diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml index 7d01c6745..2fc57e61e 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml @@ -49,9 +49,9 @@ ha_cluster_resource_defaults: "{{ __sap_ha_pacemaker_cluster_resource_defaults }}" - name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_operation_defaults'" - when: __sap_ha_pacemaker_cluster_operation_defaults is defined + when: __sap_ha_pacemaker_cluster_resource_operation_defaults is defined ansible.builtin.set_fact: - ha_cluster_resource_operation_defaults: "{{ __sap_ha_pacemaker_cluster_operation_defaults }}" + ha_cluster_resource_operation_defaults: "{{ __sap_ha_pacemaker_cluster_resource_operation_defaults }}" - name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_constraints_colocation'" when: __sap_ha_pacemaker_cluster_constraints_colocation is defined diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml index ee84a21e3..f83af514a 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_common.yml @@ -51,15 +51,15 @@ # Convert dictionary into ha_cluster format. - name: "SAP HA Prepare Pacemaker - prepare operation defaults for ha_cluster" ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_operation_defaults: "{{ __operation_defaults }}" + __sap_ha_pacemaker_cluster_resource_operation_defaults: "{{ __operation_defaults }}" vars: __operation_defaults: meta_attrs: - attrs: |- - {% set attrs = __sap_ha_pacemaker_cluster_operation_defaults.meta_attrs | map(attribute='attrs') | flatten -%} + {% set attrs = __sap_ha_pacemaker_cluster_resource_operation_defaults.meta_attrs | map(attribute='attrs') | flatten -%} {%- for operation_default in (sap_ha_pacemaker_cluster_operation_defaults | dict2items) -%} {% if operation_default.key not in - (__sap_ha_pacemaker_cluster_operation_defaults.meta_attrs | map(attribute='attrs') | flatten | map(attribute='name')) -%} + (__sap_ha_pacemaker_cluster_resource_operation_defaults.meta_attrs | map(attribute='attrs') | flatten | map(attribute='name')) -%} {% set role_attrs = attrs.extend([ { 'name': operation_default.key, diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml index 6e21d870d..37a7b9f04 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml @@ -51,15 +51,15 @@ # Convert dictionary into ha_cluster format. - name: "SAP HA Prepare Pacemaker - prepare operation defaults for ha_cluster" ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_operation_defaults: "{{ __operation_defaults }}" + __sap_ha_pacemaker_cluster_resource_operation_defaults: "{{ __operation_defaults }}" vars: __operation_defaults: meta_attrs: - attrs: |- - {% set attrs = __sap_ha_pacemaker_cluster_operation_defaults.meta_attrs | map(attribute='attrs') | flatten -%} + {% set attrs = __sap_ha_pacemaker_cluster_resource_operation_defaults.meta_attrs | map(attribute='attrs') | flatten -%} {%- for operation_default in (sap_ha_pacemaker_cluster_operation_defaults | dict2items) -%} {% if operation_default.key not in - (__sap_ha_pacemaker_cluster_operation_defaults.meta_attrs | map(attribute='attrs') | flatten | map(attribute='name')) -%} + (__sap_ha_pacemaker_cluster_resource_operation_defaults.meta_attrs | map(attribute='attrs') | flatten | map(attribute='name')) -%} {% set role_attrs = attrs.extend([ { 'name': operation_default.key, diff --git a/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_perf.yml b/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_perf.yml index 3f4150720..7d05279fb 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_perf.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_perf.yml @@ -19,19 +19,19 @@ __sap_ha_pacemaker_cluster_hana_hook_dictionary: # Recommended srhooks are set to true only if default dictionary is populated __sap_ha_pacemaker_cluster_hana_hook_tkover: - "{{ true if vars[__sap_ha_pacemaker_cluster_hana_hook_dictionary].tkover + "{{ true if lookup('ansible.builtin.vars', __sap_ha_pacemaker_cluster_hana_hook_dictionary).tkover is defined else false }}" __sap_ha_pacemaker_cluster_hana_hook_chksrv: - "{{ true if vars[__sap_ha_pacemaker_cluster_hana_hook_dictionary].chksrv + "{{ true if lookup('ansible.builtin.vars', __sap_ha_pacemaker_cluster_hana_hook_dictionary).chksrv is defined else false }}" # Combine final list of srhooks based on user input and angi availability __sap_ha_pacemaker_cluster_hana_hooks: "{{ - vars[__sap_ha_pacemaker_cluster_hana_hook_dictionary].saphanasr - + (vars[__sap_ha_pacemaker_cluster_hana_hook_dictionary].tkover | default([]) - if __sap_ha_pacemaker_cluster_hana_hook_tkover else []) - + (vars[__sap_ha_pacemaker_cluster_hana_hook_dictionary].chksrv | default([]) - if __sap_ha_pacemaker_cluster_hana_hook_chksrv else []) + lookup('ansible.builtin.vars', __sap_ha_pacemaker_cluster_hana_hook_dictionary).saphanasr + + (lookup('ansible.builtin.vars', __sap_ha_pacemaker_cluster_hana_hook_dictionary).tkover + | default([]) if __sap_ha_pacemaker_cluster_hana_hook_tkover else []) + + (lookup('ansible.builtin.vars', __sap_ha_pacemaker_cluster_hana_hook_dictionary).chksrv + | default([]) if __sap_ha_pacemaker_cluster_hana_hook_chksrv else []) }}" # Define sap_ha_pacemaker_cluster_hadr_provider_name for jinja2 template diff --git a/roles/sap_ha_pacemaker_cluster/vars/main.yml b/roles/sap_ha_pacemaker_cluster/vars/main.yml index 411125c87..b784dc511 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/main.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/main.yml @@ -116,7 +116,7 @@ __sap_ha_pacemaker_cluster_platform_extra_packages: [] __sap_ha_pacemaker_cluster_cluster_properties: [] __sap_ha_pacemaker_cluster_resource_defaults: meta_attrs: [] -__sap_ha_pacemaker_cluster_operation_defaults: +__sap_ha_pacemaker_cluster_resource_operation_defaults: meta_attrs: [] __sap_ha_pacemaker_cluster_constraints_colocation: [] __sap_ha_pacemaker_cluster_constraints_location: [] From fd0296fa1e39a12267bca664671a71457140fb93 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 12 Apr 2024 18:05:40 +0200 Subject: [PATCH 090/135] sap_install_media_detect: No need for a new file type According to further testing, the new file type sap_export_s4hana_java is not required. File 51057035 will be detected as type sap_export_nwas_java, which should be sufficient for correct processing. Signed-off-by: Bernd Finger --- roles/sap_install_media_detect/files/tmp/sapfile | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/sap_install_media_detect/files/tmp/sapfile b/roles/sap_install_media_detect/files/tmp/sapfile index ac26a8758..034285ef6 100755 --- a/roles/sap_install_media_detect/files/tmp/sapfile +++ b/roles/sap_install_media_detect/files/tmp/sapfile @@ -286,7 +286,6 @@ for _FILE in "$@"; do /db2setup/{_sap_file_type="ibmdb2"; exit} /db6_update_client.sh/{_sap_file_type="ibmdb2_client"; exit} /db2aese_c.lic/{_sap_file_type="ibmdb2_license"; exit} - /DATA_UNITS\/S4_JAVA/{_sap_file_type="sap_export_s4hana_java"; exit} /DATA_UNITS\/JAVA_EXPORT_JDMP/{_sap_file_type="sap_export_nwas_java"; exit} /DATA_UNITS\/EXPORT/{_sap_file_type="sap_export_ecc"; exit} /DATA_UNITS\/EXP[0-9]/{_sap_file_type="sap_export_nwas_abap"; exit} From 312ca16235a36b1197eeab5873fd27dd0aaac441 Mon Sep 17 00:00:00 2001 From: rob0d Date: Fri, 12 Apr 2024 17:27:26 +0100 Subject: [PATCH 091/135] Detection of duplicate SAR files for EXE, EXEDB, igs, igshelper and webdisp should count only file with type=sapcar --- .../tasks/prepare/create_file_list_phase_2.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml b/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml index 264e17ece..46ce83194 100644 --- a/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml +++ b/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml @@ -120,7 +120,7 @@ ansible.builtin.assert: that: - __sap_install_media_detect_fact_files_sapfile_results | selectattr('sap_file_type', 'equalto', 'sap_kernel') | length > 0 - - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'SAPEXE_') | length == 1 + - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'SAPEXE_') | selectattr('archive_type', 'equalto', 'sapcar') | length == 1 fail_msg: "No, or more than one, DB independent SAP Kernel file found" when: - sap_install_media_detect_kernel @@ -129,7 +129,7 @@ ansible.builtin.assert: that: - __sap_install_media_detect_fact_files_sapfile_results | selectattr('sap_file_type', 'search', 'sap_kernel_db_') | length > 0 - - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'SAPEXEDB_') | length == 1 + - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'SAPEXEDB_') | selectattr('archive_type', 'equalto', 'sapcar') | length == 1 fail_msg: "No, or more than one, DB dependent SAP Kernel file found" when: - sap_install_media_detect_kernel @@ -191,7 +191,7 @@ ansible.builtin.assert: that: - __sap_install_media_detect_fact_files_sapfile_results | selectattr('sap_file_type', 'equalto', 'sap_igs') | length > 0 - - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'igsexe') | length > 0 + - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'igsexe') | selectattr('archive_type', 'equalto', 'sapcar') | length > 0 fail_msg: "No igsexe file found" when: - sap_install_media_detect_igs @@ -200,7 +200,7 @@ ansible.builtin.assert: that: - __sap_install_media_detect_fact_files_sapfile_results | selectattr('sap_file_type', 'equalto', 'sap_igs') | length > 0 - - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'igshelper') | length > 0 + - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'igshelper') | selectattr('archive_type', 'equalto', 'sapcar') | length > 0 fail_msg: "No igshelper file found" when: - sap_install_media_detect_igs @@ -209,7 +209,7 @@ ansible.builtin.assert: that: - __sap_install_media_detect_fact_files_sapfile_results | selectattr('sap_file_type', 'equalto', 'sap_webdisp') | length > 0 - - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'SAPWEBDISP_') | length == 1 + - __sap_install_media_detect_fact_files_sapfile_results | selectattr('file', 'search', 'SAPWEBDISP_') | selectattr('archive_type', 'equalto', 'sapcar') | length == 1 fail_msg: "No, or more than one, SAPWEBDISP file found" when: - sap_install_media_detect_webdisp From bee152a931852bbed68d131839fa50f645cf8126 Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Fri, 12 Apr 2024 18:35:50 +0100 Subject: [PATCH 092/135] Added AAS var file --- playbooks/sample-sap-swpm-default-mode.yml | 1 + ...lt-mode-s4hana-distributed-aas-install.yml | 56 +++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 playbooks/vars/sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install.yml diff --git a/playbooks/sample-sap-swpm-default-mode.yml b/playbooks/sample-sap-swpm-default-mode.yml index e0056b3ed..0d8eab07b 100644 --- a/playbooks/sample-sap-swpm-default-mode.yml +++ b/playbooks/sample-sap-swpm-default-mode.yml @@ -13,6 +13,7 @@ - name: Import variables for sap_swpm Ansible Role (Default Mode) ansible.builtin.include_vars: # file: ./sample-variables-sap-swpm-default-mode-bw4hana-onehost-install.yml +# file: ./sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install # file: ./sample-variables-sap-swpm-default-mode-s4hana-distributed-ascs-install # file: ./sample-variables-sap-swpm-default-mode-s4hana-distributed-dbload-install # file: ./sample-variables-sap-swpm-default-mode-s4hana-distributed-ers-install diff --git a/playbooks/vars/sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install.yml b/playbooks/vars/sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install.yml new file mode 100644 index 000000000..82cf02139 --- /dev/null +++ b/playbooks/vars/sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install.yml @@ -0,0 +1,56 @@ +--- + +# Detect SAP NetWeaver software +sap_install_media_detect_source_directory: "/software" +sap_install_media_detect_source: local_dir +sap_install_media_detect_swpm: true +sap_install_media_detect_hostagent: true +sap_install_media_detect_igs: true +sap_install_media_detect_kernel: true +sap_install_media_detect_webdisp: false + +# Product ID for New Installation +sap_swpm_product_catalog_id: NW_DI:S4HANA2023.CORE.HDB.PD +#NW_DI:S4HANA2023.CORE.HDB.PD - Distributed AAS +#NW_DI:S4HANA2023.CORE.HDB.ABAPHA - High Availbility AAS + +# Generate inifile.params using sap_swpm Ansible Role +sap_swpm_inifile_list: + - swpm_installation_media + - credentials + - db_connection_nw_hana + - nw_config_other + - nw_config_additional_application_server_instance + - nw_config_host_agent + - sap_os_linux_user + +# Software +sap_swpm_software_path: /software/download_basket +sap_swpm_sapcar_path: /software/download_basket +sap_swpm_swpm_path: /software/download_basket + +# NW Passwords +sap_swpm_master_password: "NewPass$321" +sap_swpm_ddic_000_password: "NewPass$321" + +# HDB Passwords +sap_swpm_db_system_password: "NewPass$321" +sap_swpm_db_systemdb_password: "NewPass$321" +sap_swpm_db_schema_abap: "SAPHANADB" +sap_swpm_db_schema_abap_password: "NewPass$321" +sap_swpm_db_sidadm_password: "NewPass$321" + +# NW Instance Parameters +sap_swpm_sid: S4D +sap_swpm_aas_instance_nr: "00" +sap_swpm_aas_instance_hostname: "{{ inventory_hostname_short }}" + +# Unix User ID +sap_swpm_sapadm_uid: '3000' +sap_swpm_sapsys_gid: '3001' +sap_swpm_sidadm_uid: '3001' + +# HDB Instance Parameters +sap_swpm_db_host: "hana01" +sap_swpm_db_sid: HDD +sap_swpm_db_instance_nr: "00" \ No newline at end of file From 454d369ceb3fd15d7b5d7fdbeed2a96de9119117 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Mon, 15 Apr 2024 09:54:41 +0100 Subject: [PATCH 093/135] sap_swpm: changes for s4hana java --- ...-mode-solman-hana-abap-onehost-install.yml | 2 +- ...-mode-solman-hana-java-onehost-install.yml | 2 +- roles/sap_swpm/defaults/main.yml | 20 +++++++++++++++---- roles/sap_swpm/templates/configfile.j2 | 14 +++++++++---- 4 files changed, 28 insertions(+), 10 deletions(-) diff --git a/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-abap-onehost-install.yml b/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-abap-onehost-install.yml index 2840f34cb..b2ab307e3 100644 --- a/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-abap-onehost-install.yml +++ b/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-abap-onehost-install.yml @@ -32,7 +32,7 @@ sap_swpm_inifile_list: - nw_config_java_ume - nw_config_host_agent - sap_os_linux_user - - solman_credentials_swpm1 + - nw_config_java_icm_credentials - solman_abap_swpm1 # Software diff --git a/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-java-onehost-install.yml b/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-java-onehost-install.yml index 7bc9bd3e8..5447ba3bc 100644 --- a/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-java-onehost-install.yml +++ b/playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-java-onehost-install.yml @@ -31,7 +31,7 @@ sap_swpm_inifile_list: - nw_config_ports - nw_config_host_agent # - sap_os_linux_user # Ignore, and SAP SWPM will auto-assign UID and GID - - solman_credentials_swpm1 + - nw_config_java_icm_credentials - nw_config_java_feature_template_ids sap_swpm_java_template_id_selected_list: diff --git a/roles/sap_swpm/defaults/main.yml b/roles/sap_swpm/defaults/main.yml index f57448e31..6a82c0583 100644 --- a/roles/sap_swpm/defaults/main.yml +++ b/roles/sap_swpm/defaults/main.yml @@ -115,6 +115,7 @@ sap_swpm_inifile_list: - nw_config_ports # - nw_config_java_ume # - nw_config_java_feature_template_ids +# - nw_config_java_icm_credentials # - nw_config_webdisp_generic # - nw_config_webdisp_gateway - nw_config_host_agent @@ -126,7 +127,6 @@ sap_swpm_inifile_list: ## Not in use # - swpm_installation_media_download_service -# - solman_credentials_swpm1 # - solman_abap_swpm1 # - solman_daa_swpm1 @@ -229,11 +229,15 @@ sap_swpm_virtual_hostname: "initial" ######################################## # SWPM Ansible Role variables # for Default Mode -# - Lookup list of Feature Template IDs +# - Lookup list of NWAS JAVA Feature Template IDs ######################################## -sap_swpm_java_template_id_selected_list: - - java_engine_ee +# Two methods exist for SAP NWAS JAVA, jload and extramile (BatchDeployer) before call to Deploy Controller Runner +# Default to extramile for SAP NWAS JAVA, except SAP S/4HANA +sap_swpm_java_import_method: "{{ 'jload' if 'S4H' in sap_swpm_product_catalog_id else 'extramile' }}" + +# Use empty list which will create inifile parameter as blank for default installation +sap_swpm_java_template_id_selected_list: [] sap_swpm_java_template_id_lookup_dictionary: java_nwas_as: @@ -270,6 +274,14 @@ sap_swpm_java_template_id_lookup_dictionary: - 01200615324800001035 # Solution Manager, includes java_nwas_as (01200615324800000135) and java_engine_ee (01200615324800000125) java_demo: - 01200615324800002898 # Demo Applications + s4hana_java_as: + - '73554900104800002396' # SAP S/4HANA Java + s4hana_java_adobe_document_services: + - '73554900104800002328' # SAP S/4HANA Java Adobe Document Services, includes s4hana_java_as (73554900104800002396) + s4hana_java_enterprise_service_repository: + - '73554900104800002330' # SAP S/4HANA Java Enterprise Services Repository, includes s4hana_java_as (73554900104800002396) + s4hana_java_aex: + - '73554900104800002329' # SAP S/4HANA Java Advanced Adapter Engine Extnd, includes s4hana_java_as (73554900104800002396) and s4hana_java_enterprise_service_repository (73554900104800002330) ######################################## diff --git a/roles/sap_swpm/templates/configfile.j2 b/roles/sap_swpm/templates/configfile.j2 index 4e0d8412e..5d21efc95 100644 --- a/roles/sap_swpm/templates/configfile.j2 +++ b/roles/sap_swpm/templates/configfile.j2 @@ -29,6 +29,13 @@ SAPINST.CD.PACKAGE.RDBMS = {{ sap_swpm_cd_rdbms_path }} # SAPINST.CD.PACKAGE.KERNEL = # SAPINST.CD.PACKAGE.KERNEL2 = # SAPINST.CD.PACKAGE.KERNEL3 = + +SAPINST.CD.PACKAGE.JAVA_EXPORT = /path/JAVA_EXPORT +SAPINST.CD.PACKAGE.JDMP = /path/JAVA_EXPORT_JDMP +SAPINST.CD.PACKAGE.J2EE = /path/JAVA_J2EE_OSINDEP +SAPINST.CD.PACKAGE.J2EE-INST = /path/JAVA_J2EE_OSINDEP_J2EE_INST +SAPINST.CD.PACKAGE.SCA = /path/JAVA_J2EE_OSINDEP_UT + {% endif %} {% if 'swpm_installation_media_swpm1_exportfiles' in sap_swpm_inifile_list %} @@ -638,7 +645,7 @@ UmeConfiguration.umeType = {{ sap_swpm_ume_type }} # nw_config_java_feature_template_ids ###### NW_internal.useProductVersionDescriptor = true -nw_java_import.buildJEEusingExtraMileTool = true +nw_java_import.buildJEEusingExtraMileTool = {{ true if sap_swpm_java_import_method == 'extramile' else false }} # If use PV = true # SAP SWPM 1.0 for SAP NetWeaver AS (JAVA), Product Version Software Instance **Feature Template IDs** comma-separated list @@ -802,10 +809,9 @@ nwUsers.sidAdmUID = {{ sap_swpm_sidadm_uid }} {% endif %} -{% if 'solman_credentials_swpm1' in sap_swpm_inifile_list %} +{% if 'nw_config_java_icm_credentials' in sap_swpm_inifile_list %} ###### -# solman_credentials_swpm1 -# Not in use by sap_swpm Ansible Role +# nw_config_java_icm_credentials ###### NW_IcmAuth.webadmPassword = {{ sap_swpm_ume_j2ee_admin_password }} {% endif %} From b2bbdf568ba5293ccc5ba3db5a0a690a49ef8d06 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Mon, 15 Apr 2024 09:57:26 +0100 Subject: [PATCH 094/135] sap_swpm: comment out java pkg params --- roles/sap_swpm/templates/configfile.j2 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/sap_swpm/templates/configfile.j2 b/roles/sap_swpm/templates/configfile.j2 index 5d21efc95..48765b1b5 100644 --- a/roles/sap_swpm/templates/configfile.j2 +++ b/roles/sap_swpm/templates/configfile.j2 @@ -30,11 +30,11 @@ SAPINST.CD.PACKAGE.RDBMS = {{ sap_swpm_cd_rdbms_path }} # SAPINST.CD.PACKAGE.KERNEL2 = # SAPINST.CD.PACKAGE.KERNEL3 = -SAPINST.CD.PACKAGE.JAVA_EXPORT = /path/JAVA_EXPORT -SAPINST.CD.PACKAGE.JDMP = /path/JAVA_EXPORT_JDMP -SAPINST.CD.PACKAGE.J2EE = /path/JAVA_J2EE_OSINDEP -SAPINST.CD.PACKAGE.J2EE-INST = /path/JAVA_J2EE_OSINDEP_J2EE_INST -SAPINST.CD.PACKAGE.SCA = /path/JAVA_J2EE_OSINDEP_UT +# SAPINST.CD.PACKAGE.JAVA_EXPORT = /path/JAVA_EXPORT +# SAPINST.CD.PACKAGE.JDMP = /path/JAVA_EXPORT_JDMP +# SAPINST.CD.PACKAGE.J2EE = /path/JAVA_J2EE_OSINDEP +# SAPINST.CD.PACKAGE.J2EE-INST = /path/JAVA_J2EE_OSINDEP_J2EE_INST +# SAPINST.CD.PACKAGE.SCA = /path/JAVA_J2EE_OSINDEP_UT {% endif %} From 5854934eac82b2e09f5f39b6a38f2e21994e6531 Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Mon, 15 Apr 2024 12:43:56 +0100 Subject: [PATCH 095/135] Updated based on Seans comments to comply with the way sample files are created --- ...-swpm-default-mode-s4hana-distributed-aas-install.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/playbooks/vars/sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install.yml b/playbooks/vars/sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install.yml index 82cf02139..bceb19ee4 100644 --- a/playbooks/vars/sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install.yml +++ b/playbooks/vars/sample-variables-sap-swpm-default-mode-s4hana-distributed-aas-install.yml @@ -10,9 +10,8 @@ sap_install_media_detect_kernel: true sap_install_media_detect_webdisp: false # Product ID for New Installation -sap_swpm_product_catalog_id: NW_DI:S4HANA2023.CORE.HDB.PD -#NW_DI:S4HANA2023.CORE.HDB.PD - Distributed AAS -#NW_DI:S4HANA2023.CORE.HDB.ABAPHA - High Availbility AAS +sap_swpm_product_catalog_id: NW_DI:S4HANA2020.CORE.HDB.PD +#NW_DI:S4HANA2020.CORE.HDB.ABAPHA # Generate inifile.params using sap_swpm Ansible Role sap_swpm_inifile_list: @@ -43,7 +42,7 @@ sap_swpm_db_sidadm_password: "NewPass$321" # NW Instance Parameters sap_swpm_sid: S4D sap_swpm_aas_instance_nr: "00" -sap_swpm_aas_instance_hostname: "{{ inventory_hostname_short }}" +sap_swpm_aas_instance_hostname: "s4h2020aas" # Unix User ID sap_swpm_sapadm_uid: '3000' @@ -53,4 +52,4 @@ sap_swpm_sidadm_uid: '3001' # HDB Instance Parameters sap_swpm_db_host: "hana01" sap_swpm_db_sid: HDD -sap_swpm_db_instance_nr: "00" \ No newline at end of file +sap_swpm_db_instance_nr: "00" From 17783b7398aa1a38f9cc14b8809fae614b47dfd6 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Mon, 15 Apr 2024 13:31:26 +0000 Subject: [PATCH 096/135] new fs clone variable --- roles/sap_ha_pacemaker_cluster/README.md | 24 +++++++++++++++++++ .../defaults/main.yml | 8 +++++++ .../meta/argument_specs.yml | 18 ++++++++++++++ .../construct_vars_nwas_abap_ascs_ers.yml | 4 ++-- .../tasks/construct_vars_nwas_common.yml | 21 ++++++++++------ 5 files changed, 66 insertions(+), 9 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/README.md b/roles/sap_ha_pacemaker_cluster/README.md index eb8db6411..ab49f8baf 100644 --- a/roles/sap_ha_pacemaker_cluster/README.md +++ b/roles/sap_ha_pacemaker_cluster/README.md @@ -681,6 +681,14 @@ Mandatory for NetWeaver cluster configuration.
Uses `sap_swpm_sid` if defined.
Mandatory for NetWeaver cluster setups.
+### sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name + +- _Type:_ `string` +- _Default:_ `cln_fs__sapmnt` + +Filesystem resource clone name for the shared filesystem /sapmnt.
+Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+ ### sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name - _Type:_ `string` @@ -697,6 +705,14 @@ Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesyste Change this parameter to 'true' if the 3 shared filesystems `/usr/sap/trans`, `/usr/sap//SYS` and '/sapmnt' shall be configured as cloned cluster resources.
+### sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name + +- _Type:_ `string` +- _Default:_ `cln_fs__sys` + +Filesystem resource clone name for the shared filesystem /usr/sap//SYS.
+Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+ ### sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name - _Type:_ `string` @@ -706,6 +722,14 @@ Filesystem resource name for the transports filesystem /usr/sap//SYS.
Optional, this is typically managed by the OS, but can as well be added to the cluster configuration.
Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+### sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_clone_name + +- _Type:_ `string` +- _Default:_ `cln_fs__trans` + +Filesystem resource clone name for the shared filesystem /usr/sap/trans.
+Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+ ### sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name - _Type:_ `string` diff --git a/roles/sap_ha_pacemaker_cluster/defaults/main.yml b/roles/sap_ha_pacemaker_cluster/defaults/main.yml index 50cbe3f58..e417d48c0 100644 --- a/roles/sap_ha_pacemaker_cluster/defaults/main.yml +++ b/roles/sap_ha_pacemaker_cluster/defaults/main.yml @@ -221,10 +221,18 @@ sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name: >- # - /usr/sap/<>/SYS sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name: >- rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_sapmnt +sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name: >- + cln_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_sapmnt + sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name: >- rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_trans +sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_clone_name: >- + cln_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_trans + sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name: >- rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_sys +sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name: >- + cln_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_sys # The shared filesystems are not required to be configured in the cluster. # By default it is assumed that they are mounted by the system and available on all cluster nodes. diff --git a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml index 5d18715fc..5c8f217d3 100644 --- a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml +++ b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml @@ -562,6 +562,12 @@ argument_specs: configuration. - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. + sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name: + default: cln_fs__sapmnt + description: + - Filesystem resource clone name for the shared filesystem /sapmnt. + - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. + sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name: default: rsc_fs__trans description: @@ -570,6 +576,12 @@ argument_specs: configuration. - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. + sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_clone_name: + default: cln_fs__trans + description: + - Filesystem resource clone name for the shared filesystem /usr/sap/trans. + - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. + sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name: default: rsc_fs__sys description: @@ -578,6 +590,12 @@ argument_specs: configuration. - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. + sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name: + default: cln_fs__sys + description: + - Filesystem resource clone name for the shared filesystem /usr/sap//SYS. + - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`. + sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed: type: bool default: false diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml index 13ed67e0f..af01f146d 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml @@ -391,7 +391,7 @@ vars: __constraint_order_sapmnt: resource_first: - id: "cln_{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name }}" + id: "{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name }}" role: started resource_then: id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" @@ -404,7 +404,7 @@ vars: __constraint_order_sapmnt: resource_first: - id: "cln_{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name }}" + id: "{{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name }}" role: started resource_then: id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml index 37a7b9f04..5d624d549 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_common.yml @@ -156,15 +156,22 @@ __sap_ha_pacemaker_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + [__clone_common_filesystem] }}" vars: __clone_common_filesystem: + id: |- + {%- if '/sapmnt' in __mountpoint -%} + {{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name }} + {%- elif '/usr/sap/trans' in __mountpoint -%} + {{ sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_clone_name }} + {%- elif '/usr/sap/' + sap_ha_pacemaker_cluster_nwas_abap_sid + '/SYS' in __mountpoint -%} + {{ sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name }} + {%- endif %} resource_id: |- {%- if '/sapmnt' in __mountpoint -%} - {% set idname = sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name %} - {% elif '/usr/sap/trans' in __mountpoint -%} - {% set idname = sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name %} - {% elif '/usr/sap/' + sap_ha_pacemaker_cluster_nwas_abap_sid + '/SYS' in __mountpoint -%} - {% set idname = sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name %} - {% endif %} - {{ idname }} + {{ sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name }} + {%- elif '/usr/sap/trans' in __mountpoint -%} + {{ sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name }} + {%- elif '/usr/sap/' + sap_ha_pacemaker_cluster_nwas_abap_sid + '/SYS' in __mountpoint -%} + {{ sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name }} + {%- endif %} meta_attrs: - attrs: - name: interleave From 3a9930f6f0343169701ad9bbcca7f01e76968bd2 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 17 Apr 2024 16:03:25 +0200 Subject: [PATCH 097/135] sap_general_preconfigure: Only allow one /etc/hosts line for an IPv4 address Relates to #696. Signed-off-by: Bernd Finger --- .../tasks/RedHat/generic/assert-etc-hosts.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml index 3c69ed7f6..62905d3c1 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml @@ -20,18 +20,18 @@ success_msg: "PASS: The line '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' is once in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -# We allow more than one line containing sap_general_preconfigure_ip: +# Only one line containing sap_general_preconfigure_ip is allowed: - name: Count the number of sap_general_preconfigure_ip ({{ sap_general_preconfigure_ip }}) entries in /etc/hosts ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_ip }}\s/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_sap_ip_once_assert ignore_errors: yes changed_when: no -- name: Assert that there is at least one line containing {{ sap_general_preconfigure_ip }} in /etc/hosts +- name: Assert that there is exactly one line containing {{ sap_general_preconfigure_ip }} in /etc/hosts ansible.builtin.assert: - that: __sap_general_preconfigure_register_sap_ip_once_assert.stdout >= '1' - fail_msg: "FAIL: There is no line containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts!" - success_msg: "PASS: There is at least one line containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts." + that: __sap_general_preconfigure_register_sap_ip_once_assert.stdout == '1' + fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts!" + success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" - name: Check for duplicate or missing entries of {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} in /etc/hosts @@ -46,7 +46,7 @@ ansible.builtin.assert: that: __sap_general_preconfigure_register_fqdn_once_assert.stdout == '1' fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts!" - success_msg: "PASS: There is only one line containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts." + success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" - name: Check for duplicate or missing entries of {{ sap_general_preconfigure_hostname }} in /etc/hosts From 1fc145945b2e25471943b6178d3bb891fea982af Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 17 Apr 2024 17:14:12 +0200 Subject: [PATCH 098/135] sap_general_preconfigure: No longer use awk for /etc/hosts verification This speeds up processing and as a side effect reduces the number of programming languages. Relates to #696. Signed-off-by: Bernd Finger --- .../tasks/RedHat/generic/assert-etc-hosts.yml | 108 ++++++++++++------ 1 file changed, 71 insertions(+), 37 deletions(-) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml index 62905d3c1..82780907c 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml @@ -7,61 +7,95 @@ - "sap_general_preconfigure_domain = {{ sap_general_preconfigure_domain }}" - "sap_general_preconfigure_ip = {{ sap_general_preconfigure_ip }}" -- name: Check if ipv4 address, FQDN, and hostname are once in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_ip }}\s/&&/\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/&&(/\s{{ sap_general_preconfigure_hostname }}\s/||/\s{{ sap_general_preconfigure_hostname }}$/){a++}END{print a}' /etc/hosts - register: __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_assert - ignore_errors: yes - changed_when: no +- name: Initialize variables + ansible.builtin.set_fact: + __sap_general_preconfigure_etc_hosts_lines: [] + __sap_general_preconfigure_ipv4_fqdn_hostname_count: 0 + __sap_general_preconfigure_ipv4_count: 0 + __sap_general_preconfigure_fqdn_count: 0 + __sap_general_preconfigure_hostname_count: 0 + +- name: Read /etc/hosts + ansible.builtin.slurp: + src: /etc/hosts + register: __sap_general_preconfigure_etc_hosts -- name: Assert that ipv4 address, FQDN, and hostname are once in /etc/hosts +- name: Set fact for /etc/hosts lines + ansible.builtin.set_fact: + __sap_general_preconfigure_etc_hosts_lines: "{{ __sap_general_preconfigure_etc_hosts_lines + [ __sap_general_preconfigure_line_item ]}}" + loop: "{{ __sap_general_preconfigure_etc_hosts_decoded_split }}" + loop_control: + loop_var: __sap_general_preconfigure_line_item + label: "{{ __sap_general_preconfigure_line_item }}" + vars: + - __sap_general_preconfigure_etc_hosts_decoded: "{{ __sap_general_preconfigure_etc_hosts.content | b64decode }}" + - __sap_general_preconfigure_etc_hosts_decoded_split: "{{ __sap_general_preconfigure_etc_hosts_decoded.split('\n') }}" + when: + - __sap_general_preconfigure_line_item | length > 0 + - not __sap_general_preconfigure_line_item | regex_search("^#") + +- name: Count the number of lines containing ipv4 address, FQDN, and hostname + ansible.builtin.set_fact: + __sap_general_preconfigure_ipv4_fqdn_hostname_count: "{{ __sap_general_preconfigure_ipv4_fqdn_hostname_count | int + 1 }}" + loop: "{{ __sap_general_preconfigure_etc_hosts_lines }}" + loop_control: + loop_var: __sap_general_preconfigure_line_item + label: "{{ __sap_general_preconfigure_line_item }}" + when: __sap_general_preconfigure_line_item | regex_search("^" + sap_general_preconfigure_ip + "(\s)*" + sap_general_preconfigure_hostname + "." + sap_general_preconfigure_domain + "(\s)*" + sap_general_preconfigure_hostname + "($|\s)" ) + +- name: Fail if the number of lines in __sap_general_preconfigure_ipv4_fqdn_hostname_count is != 1 ansible.builtin.assert: - that: __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_assert.stdout == '1' - fail_msg: "FAIL: The line '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' needs to be once in /etc/hosts!" - success_msg: "PASS: The line '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' is once in /etc/hosts." + that: (__sap_general_preconfigure_ipv4_fqdn_hostname_count | int) == 1 + fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' in /etc/hosts!" + success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -# Only one line containing sap_general_preconfigure_ip is allowed: -- name: Count the number of sap_general_preconfigure_ip ({{ sap_general_preconfigure_ip }}) entries in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_ip }}\s/{a++}END{print a}' /etc/hosts - register: __sap_general_preconfigure_register_sap_ip_once_assert - ignore_errors: yes - changed_when: no +- name: Count the number of lines containing the ipv4 address of sap_ip + ansible.builtin.set_fact: + __sap_general_preconfigure_ipv4_count: "{{ __sap_general_preconfigure_ipv4_count | int + 1 }}" + loop: "{{ __sap_general_preconfigure_etc_hosts_lines }}" + loop_control: + loop_var: __sap_general_preconfigure_line_item + label: "{{ __sap_general_preconfigure_line_item.split()[0] }}" + when: __sap_general_preconfigure_line_item | regex_search("^" + sap_general_preconfigure_ip + "\s") -- name: Assert that there is exactly one line containing {{ sap_general_preconfigure_ip }} in /etc/hosts +- name: Fail if the number of lines in __sap_general_preconfigure_ipv4_count is != 1 ansible.builtin.assert: - that: __sap_general_preconfigure_register_sap_ip_once_assert.stdout == '1' + that: (__sap_general_preconfigure_ipv4_count | int) == 1 fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts!" success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Check for duplicate or missing entries of {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/|| - /\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/|| - /\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}$/{a++}END{print a}' /etc/hosts - register: __sap_general_preconfigure_register_fqdn_once_assert - ignore_errors: yes - changed_when: no +- name: Count the number of lines containing FQDN + ansible.builtin.set_fact: + __sap_general_preconfigure_fqdn_count: "{{ __sap_general_preconfigure_fqdn_count | int + 1 }}" + loop: "{{ __sap_general_preconfigure_etc_hosts_lines }}" + loop_control: + loop_var: __sap_general_preconfigure_line_item + label: "{{ __sap_general_preconfigure_line_item.split()[0] }}" + when: __sap_general_preconfigure_line_item | regex_search("(\s)*" + sap_general_preconfigure_hostname + "." + sap_general_preconfigure_domain + "($|\s)*" ) -- name: Assert that there is just one line containing {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} in /etc/hosts +- name: Fail if the number of lines in __sap_general_preconfigure_fqdn_count is != 1 ansible.builtin.assert: - that: __sap_general_preconfigure_register_fqdn_once_assert.stdout == '1' + that: (__sap_general_preconfigure_fqdn_count | int) == 1 fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts!" - success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts." + success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts!" ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Check for duplicate or missing entries of {{ sap_general_preconfigure_hostname }} in /etc/hosts - ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_hostname }}\s/|| - /\s{{ sap_general_preconfigure_hostname }}\s/|| - /\s{{ sap_general_preconfigure_hostname }}$/{a++}END{print a}' /etc/hosts - register: __sap_general_preconfigure_register_sap_hostname_once_assert - ignore_errors: yes - changed_when: no +- name: Count the number of lines containing hostname + ansible.builtin.set_fact: + __sap_general_preconfigure_hostname_count: "{{ __sap_general_preconfigure_hostname_count | int + 1 }}" + loop: "{{ __sap_general_preconfigure_etc_hosts_lines }}" + loop_control: + loop_var: __sap_general_preconfigure_line_item + label: "{{ __sap_general_preconfigure_line_item.split()[0] }}" + when: __sap_general_preconfigure_line_item | regex_search("(\s)*" + sap_general_preconfigure_hostname + "($|\s)*" ) -- name: Assert that there is just one line containing {{ sap_general_preconfigure_hostname }} in /etc/hosts +- name: Fail if the number of lines in __sap_general_preconfigure_hostname_count is != 1 ansible.builtin.assert: - that: __sap_general_preconfigure_register_sap_hostname_once_assert.stdout == '1' + that: (__sap_general_preconfigure_hostname_count | int) == 1 fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_hostname }}' in /etc/hosts!" - success_msg: "PASS: There is only one line containing '{{ sap_general_preconfigure_hostname }}' in /etc/hosts." + success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_hostname }}' in /etc/hosts!" ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" - name: Check hostname -s From ac1ac09034460d968dc497fbd9957cc734f3d840 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 17 Apr 2024 17:37:56 +0200 Subject: [PATCH 099/135] sap_general_preconfigure: Solve ansible-lint errors Relates to #696. Signed-off-by: Bernd Finger --- .../tasks/RedHat/generic/assert-etc-hosts.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml index 82780907c..64f1662bd 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml @@ -22,7 +22,7 @@ - name: Set fact for /etc/hosts lines ansible.builtin.set_fact: - __sap_general_preconfigure_etc_hosts_lines: "{{ __sap_general_preconfigure_etc_hosts_lines + [ __sap_general_preconfigure_line_item ]}}" + __sap_general_preconfigure_etc_hosts_lines: "{{ __sap_general_preconfigure_etc_hosts_lines + [__sap_general_preconfigure_line_item] }}" loop: "{{ __sap_general_preconfigure_etc_hosts_decoded_split }}" loop_control: loop_var: __sap_general_preconfigure_line_item @@ -46,7 +46,7 @@ - name: Fail if the number of lines in __sap_general_preconfigure_ipv4_fqdn_hostname_count is != 1 ansible.builtin.assert: that: (__sap_general_preconfigure_ipv4_fqdn_hostname_count | int) == 1 - fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' in /etc/hosts!" + fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' in /etc/hosts!" success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" From 8000962d9e81c4ec00461ef4c326fce09a506d0d Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Thu, 18 Apr 2024 11:54:26 +0200 Subject: [PATCH 100/135] fix(check_outdate_deps): replace datas with data --- workflows/check_outdate_deps/check_deps.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/workflows/check_outdate_deps/check_deps.py b/workflows/check_outdate_deps/check_deps.py index 8013bd572..1eb41071f 100644 --- a/workflows/check_outdate_deps/check_deps.py +++ b/workflows/check_outdate_deps/check_deps.py @@ -226,14 +226,14 @@ def open_issue_for_package(package, current_version, latest_version): if __name__ == '__main__': - print("##### Collect datas #####") + print("##### Collect data #####") os.system(f"pip3 install -r {REQUIREMENT_FILE}") raw_output_outdated = subprocess.run( ['pip3', 'list', '--outdated'], stdout=subprocess.PIPE) current_packages = __build_packages_dict_from_file() latest_packages = __build_packages_dict_from_output(raw_output_outdated.stdout.decode('utf-8')) - print("##### Create datas #####") + print("##### Create data #####") packages_issue = {} if OPEN_PR == "True": create_branch_if_not_exists(BRANCH, COMMIT_SHA) From 8ccd0bf38158915d1a66b33610cd2ab006532bb5 Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Thu, 18 Apr 2024 12:06:24 +0200 Subject: [PATCH 101/135] fix(check_outdate_deps): solve regex definition for strings --- workflows/check_outdate_deps/check_deps.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/workflows/check_outdate_deps/check_deps.py b/workflows/check_outdate_deps/check_deps.py index 1eb41071f..0d7a5a705 100644 --- a/workflows/check_outdate_deps/check_deps.py +++ b/workflows/check_outdate_deps/check_deps.py @@ -26,7 +26,7 @@ def __build_packages_dict_from_file(): lines = file.readlines() for line in lines: regex_pattern = re.compile( - "([a-zA-Z0-9-]+)==([0-9]+\.[0-9]+\.[0-9]+)") + r"([a-zA-Z0-9-]+)==([0-9]+\.[0-9]+\.[0-9]+)") matches = regex_pattern.findall(line) if len(matches) > 0: package_name = str(matches[0][0]) @@ -41,7 +41,7 @@ def __build_packages_dict_from_output(output): lines = output.splitlines(output) for line in lines: regex_pattern = re.compile( - "([a-zA-Z0-9-]+)\ +([0-9]+\.[0-9]+\.[0-9]+)\ +([0-9]+\.[0-9]+\.[0-9]+)\ +([a-zA-Z]+)") + r"([a-zA-Z0-9-]+)\ +([0-9]+\.[0-9]+\.[0-9]+)\ +([0-9]+\.[0-9]+\.[0-9]+)\ +([a-zA-Z]+)") matches = regex_pattern.findall(line) if len(matches) > 0: package_name = str(matches[0][0]) @@ -145,7 +145,7 @@ def manage_pull_request(branch, packages_issue): else: print(f"ERROR: Failed to update the pull requests. Status code: {response.status_code}.") else: - print(f"ERROR: More than 1 pull-request with the same title are found! I can't update.") + print("ERROR: More than 1 pull-request with the same title are found! I can't update.") def update_branch_with_changes(branch, file_to_change): @@ -221,7 +221,7 @@ def open_issue_for_package(package, current_version, latest_version): __update_issue(issue_number, issue) return issue_number else: - print(f"ERROR: More than 1 issues with the same title are found! I can't update.") + print("ERROR: More than 1 issues with the same title are found! I can't update.") return -1 @@ -251,7 +251,7 @@ def open_issue_for_package(package, current_version, latest_version): latest_version) if OPEN_PR == "True": - line_current = f"{package}==[0-9]+\.[0-9]+\.[0-9]+" + line_current = package + r"==[0-9]+\.[0-9]+\.[0-9]+" line_latest = f"{package}=={latest_version}" find_replace_in_file(REQUIREMENT_FILE, line_current, From 87e700e6d96899d63bdce8c8e593d16717a36d93 Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Thu, 18 Apr 2024 12:21:02 +0200 Subject: [PATCH 102/135] fix(check_outdate_deps): solve errors in sanity checks --- workflows/check_outdate_deps/check_deps.py | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/workflows/check_outdate_deps/check_deps.py b/workflows/check_outdate_deps/check_deps.py index 0d7a5a705..ab6078e1a 100644 --- a/workflows/check_outdate_deps/check_deps.py +++ b/workflows/check_outdate_deps/check_deps.py @@ -1,4 +1,4 @@ -#!/usr/bin/env python3 +#!/usr/bin/env python import os import re @@ -119,6 +119,7 @@ def __create_pull_request(pr_data): print(f"ERROR: Failed to create pull request. Status code: {response.status_code}.") return -1 + def manage_pull_request(branch, packages_issue): body = f"Bumps packages in {REQUIREMENT_FILE}." for package in packages_issue: @@ -174,8 +175,8 @@ def find_replace_in_file(file_path, find_str, replace_str): def create_branch_if_not_exists(branch, commit_sha): response = requests.get(f"https://api.github.com/repos/{REPOSITORY}/branches/{branch}") if response.status_code == 404: - branch_data = {"ref": "refs/heads/" + branch, "sha": commit_sha} - __create_branch(branch, branch_data) + branch_data = {"ref": "refs/heads/" + branch, "sha": commit_sha} + __create_branch(branch, branch_data) else: print(f"INFO: Branch -> https://github.com/{REPOSITORY}/tree/{branch}") @@ -213,7 +214,7 @@ def open_issue_for_package(package, current_version, latest_version): **This is the previous title and description of this issue:** ``` Title: {old_title} -Description: +Description: {old_description} ``` """ @@ -230,7 +231,8 @@ def open_issue_for_package(package, current_version, latest_version): os.system(f"pip3 install -r {REQUIREMENT_FILE}") raw_output_outdated = subprocess.run( ['pip3', 'list', '--outdated'], - stdout=subprocess.PIPE) + stdout=subprocess.PIPE, + check=False) current_packages = __build_packages_dict_from_file() latest_packages = __build_packages_dict_from_output(raw_output_outdated.stdout.decode('utf-8')) print("##### Create data #####") From 41638a77587d330ea2bbee843345339f776f77fb Mon Sep 17 00:00:00 2001 From: marcoschum <50410120+marcoschum@users.noreply.github.com> Date: Mon, 22 Apr 2024 07:14:12 +0200 Subject: [PATCH 103/135] Update README.md Updated README as per suggestions in PR: sap_hana_install: update README.md #722. Clearification on section "Perform Initial Checks". Those checks will only be skipped if "sap_hana_install_force" is set to "true". --- roles/sap_hana_install/README.md | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/roles/sap_hana_install/README.md b/roles/sap_hana_install/README.md index c81786080..35d439c27 100644 --- a/roles/sap_hana_install/README.md +++ b/roles/sap_hana_install/README.md @@ -247,17 +247,15 @@ You can find more complex playbooks in directory `playbooks` of the collection ` #### Perform Initial Checks -These checks are only performed if `sap_hana_install_force` is set to `true`. Its default value is `false` +These checks will be performed by default but can be skipped by setting `sap_hana_install_force` to `true`. - If variable `sap_hana_install_check_sidadm_user` is undefined or set to `yes`: Check if user sidadm exists. If yes, abort the role. - -- Check if `/usr/sap/hostctrl/exe/saphostctrl` exists and get info on running HANA instances. - - If conflicting instances exist the role aborts with a failure - - If desired instance is running, the role aborts with success - -- If `/usr/sap/hostctrl/exe/saphostctrl` does not exist - - Check if directory `/hana/shared/` exists. If yes and not empty, abort the role. - - Check if directory `/usr/sap/` exists. If yes and not empty, abort the role. +- Check if `/usr/sap/hostctrl/exe/saphostctrl` exists and get info on running HANA instances: + - If a conflicting instances exist, the role aborts with a failure + - If the desired instance is running, the role aborts with success +- If `/usr/sap/hostctrl/exe/saphostctrl` does not exist: + - Check if the directory `/hana/shared/` exists. If yes and not empty, abort the role. + - Check if the directory `/usr/sap/` exists. If yes and not empty, abort the role. #### Pre-Install From f12c7b0ee2daf14a5ee1666bfa1ec168aa9e73f5 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 25 Apr 2024 10:33:42 +0200 Subject: [PATCH 104/135] sap_general_preconfigure: Minor change ... for triggering modified github workflows Signed-off-by: Bernd Finger --- .../tasks/RedHat/generic/assert-etc-hosts.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml index 64f1662bd..3cf9f5063 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml @@ -98,7 +98,7 @@ success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_hostname }}' in /etc/hosts!" ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Check hostname -s +- name: Test hostname -s ansible.builtin.shell: test "$(hostname -s)" = "$(hostname)" register: __sap_general_preconfigure_register_hostname_s_assert ignore_errors: yes @@ -111,7 +111,7 @@ success_msg: "PASS: The output of 'hostname -s' matches the output of 'hostname'." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Check hostname -f +- name: Test hostname -f ansible.builtin.shell: test "$(hostname -f)" = "$(hostname).$(hostname -d)" register: __sap_general_preconfigure_register_hostname_f_assert ignore_errors: yes From 00d21291f9872cd05e4700b974f6094d8fac2953 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Fri, 26 Apr 2024 11:07:50 +0000 Subject: [PATCH 105/135] feat: ASCS ERS Simple Mount --- roles/sap_ha_pacemaker_cluster/README.md | 73 ++++++ .../defaults/main.yml | 47 +++- .../meta/argument_specs.yml | 73 +++++- .../tasks/construct_vars_hana_scaleup.yml | 1 + .../construct_vars_hana_scaleup_angi.yml | 1 + .../construct_vars_nwas_abap_ascs_ers.yml | 40 +--- ...t_vars_nwas_abap_ascs_ers_simple_mount.yml | 215 ++++++++++++++++++ .../construct_vars_vip_constraints_hana.yml | 4 + roles/sap_ha_pacemaker_cluster/tasks/main.yml | 14 ++ .../sap_ha_pacemaker_cluster/vars/redhat.yml | 6 + roles/sap_ha_pacemaker_cluster/vars/suse.yml | 6 +- 11 files changed, 428 insertions(+), 52 deletions(-) create mode 100644 roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers_simple_mount.yml diff --git a/roles/sap_ha_pacemaker_cluster/README.md b/roles/sap_ha_pacemaker_cluster/README.md index ab49f8baf..3ddbb5f72 100644 --- a/roles/sap_ha_pacemaker_cluster/README.md +++ b/roles/sap_ha_pacemaker_cluster/README.md @@ -322,6 +322,20 @@ Inherits the value of `ha_cluster_hacluster_password`, when defined.
Parameter for the 'SAPHana' cluster resource.
Define if a former primary should be re-registered automatically as secondary.
+### sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name + +- _Type:_ `string` +- _Default:_ `col_saphana_vip__HDB_primary` + +Customize the cluster constraint name for VIP and SAPHana primary clone colocation.
+ +### sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name + +- _Type:_ `string` +- _Default:_ `col_saphana_vip__HDB_readonly` + +Customize the cluster constraint name for VIP and SAPHana secondary clone colocation.
+ ### sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout - _Type:_ `int` @@ -410,6 +424,27 @@ The instance number of the SAP HANA database which this role will configure in t Inherits the value of `sap_hana_instance_number`, when defined.
Mandatory for SAP HANA cluster setups.
+### sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name + +- _Type:_ `string` +- _Default:_ `ord_saphana_vip__HDB_primary` + +Customize the cluster constraint name for VIP and SAPHana primary clone order.
+ +### sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name + +- _Type:_ `string` +- _Default:_ `ord_saphana_vip__HDB_readonly` + +Customize the cluster constraint name for VIP and SAPHana secondary clone order.
+ +### sap_ha_pacemaker_cluster_hana_order_topology_hana_name + +- _Type:_ `string` +- _Default:_ `ord_saphana_saphanatop__HDB` + +Customize the cluster constraint name for SAPHana and Topology order.
+ ### sap_ha_pacemaker_cluster_hana_prefer_site_takeover - _Type:_ `bool` @@ -551,6 +586,14 @@ Mandatory for NetWeaver AAS cluster configuration.
The standard NetWeaver ASCS/ERS cluster will be set up as ENSA2.
Set this parameter to 'true' to configure it as ENSA1.
+### sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + +- _Type:_ `bool` +- _Default:_ `True` + +Enables preferred method for ASCS ERS ENSA2 clusters - Simple Mount
+Set this parameter to 'true' to configure ENSA2 Simple Mount.
+ ### sap_ha_pacemaker_cluster_nwas_abap_ascs_filesystem_resource_name - _Type:_ `string` @@ -601,6 +644,7 @@ Only used for ENSA1 setups (see `sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_ens The name of the ASCS instance, typically the profile name.
Mandatory for the NetWeaver ASCS/ERS cluster setup
+Recommended format _ASCS_.
### sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name @@ -623,6 +667,13 @@ NetWeaver ASCS instance resource stickiness attribute.
The full path and name of the ASCS instance profile.
Mandatory for the NetWeaver ASCS/ERS cluster setup.
+### sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name + +- _Type:_ `string` +- _Default:_ `rsc_SAPStartSrv__ASCS` + +Name of the ASCS SAPStartSrv resource for simple mount.
+ ### sap_ha_pacemaker_cluster_nwas_abap_ers_filesystem_resource_name - _Type:_ `string` @@ -650,6 +701,7 @@ NetWeaver ERS instance resource option "AUTOMATIC_RECOVER".
The name of the ERS instance, typically the profile name.
Mandatory for the NetWeaver ASCS/ERS cluster setup.
+Recommended format _ERS_.
### sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name @@ -665,6 +717,13 @@ Name of the ERS instance resource.
The full path and name of the ERS instance profile.
Mandatory for the NetWeaver ASCS/ERS cluster.
+### sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name + +- _Type:_ `string` +- _Default:_ `rsc_SAPStartSrv__ERS` + +Name of the ERS SAPstartSrv resource for simple mount.
+ ### sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr - _Type:_ `string` @@ -681,6 +740,20 @@ Mandatory for NetWeaver cluster configuration.
Uses `sap_swpm_sid` if defined.
Mandatory for NetWeaver cluster setups.
+### sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name + +- _Type:_ `string` +- _Default:_ `col_ascs_separate_` + +Customize the cluster constraint name for ASCS and ERS separation colocation.
+ +### sap_ha_pacemaker_cluster_nwas_order_ascs_first_name + +- _Type:_ `string` +- _Default:_ `ord_ascs_first_` + +Customize the cluster constraint name for ASCS starting before ERS order.
+ ### sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name - _Type:_ `string` diff --git a/roles/sap_ha_pacemaker_cluster/defaults/main.yml b/roles/sap_ha_pacemaker_cluster/defaults/main.yml index e417d48c0..03ca80335 100644 --- a/roles/sap_ha_pacemaker_cluster/defaults/main.yml +++ b/roles/sap_ha_pacemaker_cluster/defaults/main.yml @@ -135,6 +135,20 @@ sap_ha_pacemaker_cluster_hana_filesystem_resource_name: >- sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name: >- cln_SAPHanaFil_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} +# SAP HANA - Constraint names +sap_ha_pacemaker_cluster_hana_order_topology_hana_name: >- + ord_saphana_saphanatop_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }} + +sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name: >- + col_saphana_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary +sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name: >- + col_saphana_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary + +sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name: >- + ord_saphana_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary +sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name: >- + ord_saphana_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_readonly + # Multiple VIP parameters can be defined and will be combined. # See tasks/include_construct_vip_resources.yml # @@ -172,6 +186,9 @@ sap_ha_pacemaker_cluster_hana_global_ini_path: "/usr/sap/{{ # set this parameter to 'true'. sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_ensa1: false +# Enable ENSA2 simple mount configuration +sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount: true + # Enable/Disable sap_cluster_connector. # Ref.: https://access.redhat.com/solutions/3606101 sap_ha_pacemaker_cluster_enable_cluster_connector: true @@ -239,12 +256,6 @@ sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name: >- # Set this parameter to "true" to configure the 3 shared filesystems as part of the cluster. sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed: false -# SAP NetWeaver resource group names as convenience parameters -sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name: >- - grp_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name: >- - grp_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} - ################################################################################ # ASCS resource defaults ################################################################################ @@ -262,7 +273,18 @@ sap_ha_pacemaker_cluster_nwas_abap_ascs_filesystem_resource_name: >- rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name: >- rsc_SAPInstance_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -# sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_clone_name: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name }}-clone" +sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name: >- + rsc_SAPStartSrv_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} + +sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name: >- + grp_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} + +sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name: >- + col_ascs_separate_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }} + +sap_ha_pacemaker_cluster_nwas_order_ascs_first_name: >- + ord_ascs_first_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }} + sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_automatic_recover_bool: false sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_stickiness: 5000 sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_ensa1_migration_threshold: 1 @@ -281,13 +303,18 @@ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_instance_name: '' # Full path with instance profile name - mandatory to be user-defined sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_start_profile_string: '' +# SAP NetWeaver ABAP ERS - Resource IDs (names) as convenience parameters. sap_ha_pacemaker_cluster_nwas_abap_ers_filesystem_resource_name: >- - rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} + rsc_fs_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name: >- - rsc_SAPInstance_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -# sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_clone_name: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name }}-clone" + rsc_SAPInstance_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} +sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name: >- + rsc_SAPStartSrv_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_automatic_recover_bool: false +sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name: >- + grp_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} + ################################################################################ # PAS/AAS resource defaults diff --git a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml index 5c8f217d3..88883f8a1 100644 --- a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml +++ b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml @@ -352,6 +352,11 @@ argument_specs: description: - Customize the cluster resource name of the SAP HANA Filesystem clone. + sap_ha_pacemaker_cluster_hana_order_topology_hana_name: + default: "ord_saphana_saphanatop__HDB" + description: + - Customize the cluster constraint name for SAPHana and Topology order. + sap_ha_pacemaker_cluster_vip_hana_primary_ip_address: description: - The virtual IP of the primary HANA instance. @@ -373,6 +378,26 @@ argument_specs: - Customize the name of the resource managing the Virtual IP of read-only access to the secondary HANA instance. + sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name: + default: "ord_saphana_vip__HDB_primary" + description: + - Customize the cluster constraint name for VIP and SAPHana primary clone order. + + sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name: + default: "ord_saphana_vip__HDB_readonly" + description: + - Customize the cluster constraint name for VIP and SAPHana secondary clone order. + + sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name: + default: "col_saphana_vip__HDB_primary" + description: + - Customize the cluster constraint name for VIP and SAPHana primary clone colocation. + + sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name: + default: "col_saphana_vip__HDB_readonly" + description: + - Customize the cluster constraint name for VIP and SAPHana secondary clone colocation. + sap_ha_pacemaker_cluster_hana_hooks: type: list default: [] @@ -425,6 +450,13 @@ argument_specs: # NetWeaver specific parameters ########################################################################## + sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount: + type: bool + default: true + description: + - Enables preferred method for ASCS ERS ENSA2 clusters - Simple Mount + - Set this parameter to 'true' to configure ENSA2 Simple Mount. + sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_ensa1: type: bool default: false @@ -603,16 +635,6 @@ argument_specs: - Change this parameter to 'true' if the 3 shared filesystems `/usr/sap/trans`, `/usr/sap//SYS` and '/sapmnt' shall be configured as cloned cluster resources. - sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name: - default: grp__ASCS - description: - - Name of the NetWeaver ASCS resource group. - - sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name: - default: grp__ERS - description: - - Name of the NetWeaver ERS resource group. - ########################################################################## # NetWeaver ASCS specific parameters ########################################################################## @@ -621,6 +643,7 @@ argument_specs: description: - The name of the ASCS instance, typically the profile name. - Mandatory for the NetWeaver ASCS/ERS cluster setup + - Recommended format _ASCS_. sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_start_profile_string: description: @@ -637,6 +660,26 @@ argument_specs: description: - Name of the ASCS instance resource. + sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name: + default: rsc_SAPStartSrv__ASCS + description: + - Name of the ASCS SAPStartSrv resource for simple mount. + + sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name: + default: grp__ASCS + description: + - Name of the NetWeaver ASCS resource group. + + sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name: + default: "col_ascs_separate_" + description: + - Customize the cluster constraint name for ASCS and ERS separation colocation. + + sap_ha_pacemaker_cluster_nwas_order_ascs_first_name: + default: "ord_ascs_first_" + description: + - Customize the cluster constraint name for ASCS starting before ERS order. + sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_automatic_recover_bool: type: bool default: false @@ -677,6 +720,7 @@ argument_specs: description: - The name of the ERS instance, typically the profile name. - Mandatory for the NetWeaver ASCS/ERS cluster setup. + - Recommended format _ERS_. sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_start_profile_string: description: @@ -699,6 +743,15 @@ argument_specs: description: - Name of the ERS instance resource. + sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name: + default: rsc_SAPStartSrv__ERS + description: + - Name of the ERS SAPstartSrv resource for simple mount. + + sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name: + default: grp__ERS + description: + - Name of the NetWeaver ERS resource group. ########################################################################## # PAS specific parameters diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup.yml index 2ecc6bf96..3a004d36b 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup.yml @@ -168,6 +168,7 @@ "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_hana_topology] }}" vars: __constraint_order_hana_topology: + id: "{{ sap_ha_pacemaker_cluster_hana_order_topology_hana_name }}" resource_first: id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name }}" action: start diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup_angi.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup_angi.yml index 85c793686..c3dd1c54d 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup_angi.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_hana_scaleup_angi.yml @@ -194,6 +194,7 @@ "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_hana_topology] }}" vars: __constraint_order_hana_topology: + id: "{{ sap_ha_pacemaker_cluster_hana_order_topology_hana_name }}" resource_first: id: "{{ sap_ha_pacemaker_cluster_hana_topology_resource_clone_name }}" action: start diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml index af01f146d..6e3bc2803 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml @@ -36,7 +36,8 @@ value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_start_profile_string }}" - name: AUTOMATIC_RECOVER value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_automatic_recover_bool | string }}" - + - name: IS_ERS + value: true - name: "SAP HA Prepare Pacemaker - Define ASCS/ERS instance attributes (ENSA1)" when: sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_ensa1 @@ -60,7 +61,8 @@ value: true -### ASCS/ERS instance filesystems +### Resources +# ASCS/ERS instance filesystems - name: "SAP HA Prepare Pacemaker - Add filesystem resources for ASCS/ERS to resource definition" ansible.builtin.set_fact: __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_filesystem] }}" @@ -238,20 +240,11 @@ when: - __resource_sapinstance_ers.id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) - -################################################# -# Group resources that belong together -# ############################################### - -# ASCS group consists of resources for +### Groups +# ASCS group consists of resources in this order: # - ASCS filesystem # - ASCS instance # - ASCS VIP -# The order of the resources in the group define the order in which they are -# started - resources are stopped in reverse order. -# -# Only resources that were defined as resources to be configured will be -# added to the group. - name: "SAP HA Prepare Pacemaker - Add resource group for ASCS resources" ansible.builtin.set_fact: @@ -280,15 +273,10 @@ - __ascs_group.id is not in (__sap_ha_pacemaker_cluster_resource_groups | map(attribute='id')) -# ERS group consists of resources for +# ERS group consists of resources in this order: # - ERS filesystem # - ERS instance # - ERS VIP -# The order of the resources in the group define the order in which they are -# started - resources are stopped in reverse order. -# -# Only resources that were defined as resources to be configured will be -# added to the group. - name: "SAP HA Prepare Pacemaker - Add resource group for ERS resources" ansible.builtin.set_fact: @@ -319,24 +307,15 @@ - __sap_ha_pacemaker_cluster_resource_groups is defined - __sap_ha_pacemaker_cluster_resource_groups | length > 0 -################################################# -# Constraints -################################################# - -# Constraint parameters are pre-defined from potentially inherited ha_cluster LSR definitions. -# Constraint definitions are combined into these parameters. -# See tasks/ascertain_ha_cluster_in_inventory.yml: -# -# __sap_ha_pacemaker_cluster_constraints_colocation: "{{ ha_cluster_constraints_colocation }}" -# __sap_ha_pacemaker_cluster_constraints_location: "{{ ha_cluster_constraints_location }}" -# __sap_ha_pacemaker_cluster_constraints_order: "{{ ha_cluster_constraints_order }}" +### Constraints # ERS and ASCS resource groups should try to avoid running on the same node - name: "SAP HA Prepare Pacemaker - Add colocation constraint: ERS avoids to run on the ASCS node" ansible.builtin.set_fact: __sap_ha_pacemaker_cluster_constraints_colocation: "{{ __sap_ha_pacemaker_cluster_constraints_colocation + [__constraint_colo_ers] }}" vars: __constraint_colo_ers: + id: "{{ sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name }}" resource_leader: id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" role: started @@ -354,6 +333,7 @@ __sap_ha_pacemaker_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_ascs_ers] }}" vars: __constraint_order_ascs_ers: + id: "{{ sap_ha_pacemaker_cluster_nwas_order_ascs_first_name }}" resource_first: id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" role: started diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers_simple_mount.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers_simple_mount.yml new file mode 100644 index 000000000..6a8441df6 --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers_simple_mount.yml @@ -0,0 +1,215 @@ +--- +# Variables containing variables must be constructed with values +# to be fed into the included ha_cluster role + +# TODO: add conditionals to verify that the same resource agent is not already +# defined in user input variables. Conflicting user input should take precedence. +# +# ASCS ERS simple mount cluster is ENSA2. + +### Resources +# ASCS SAPStartSrv resource definition +- name: "SAP HA Prepare Pacemaker - Add resource: SAPStartSrv for Central Service (ABAP ASCS)" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_sapstartsrv] }}" + vars: + __resource_sapstartsrv: + id: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.sapstartsrv }}" + instance_attrs: + - attrs: + - name: InstanceName + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_instance_name }}" + when: + - __resource_sapstartsrv.id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) + +# ERS SAPStartSrv resource definition +- name: "SAP HA Prepare Pacemaker - Add resource: SAPStartSrv for Central Service (ABAP ERS)" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_sapstartsrv] }}" + vars: + __resource_sapstartsrv: + id: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name }}" + agent: "{{ __sap_ha_pacemaker_cluster_resource_agents.sapstartsrv }}" + instance_attrs: + - attrs: + - name: InstanceName + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_instance_name }}" + when: + - __resource_sapstartsrv.id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) + + +# ASCS instance resource definition +- name: "SAP HA Prepare Pacemaker - Add resource: SAPInstance for Central Service (ABAP ASCS)" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_sapinstance] }}" + vars: + __resource_sapinstance: + id: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name }}" + agent: "ocf:heartbeat:SAPInstance" + instance_attrs: + - attrs: + - name: InstanceName + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_instance_name }}" + - name: START_PROFILE + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_start_profile_string }}" + - name: AUTOMATIC_RECOVER + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_automatic_recover_bool | string }}" + - name: MINIMAL_PROBE + value: true + meta_attrs: + - attrs: + - name: resource-stickiness + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_stickiness }}" + operations: + # TODO: Add values for start and stop when they are published. + - action: monitor + attrs: + - name: interval + value: 11 + - name: on-fail + value: restart + - name: timeout + value: 60 + when: + - __resource_sapinstance.id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) + + +# ERS instance resource definition +- name: "SAP HA Prepare Pacemaker - Add resource: SAPInstance for Enqueue Replication Service (ABAP ERS)" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_sapinstance_ers] }}" + vars: + __resource_sapinstance_ers: + id: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name }}" + agent: "ocf:heartbeat:SAPInstance" + instance_attrs: + - attrs: + - name: InstanceName + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_instance_name }}" + - name: START_PROFILE + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_start_profile_string }}" + - name: AUTOMATIC_RECOVER + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_automatic_recover_bool | string }}" + - name: IS_ERS + value: true + - name: MINIMAL_PROBE + value: true + operations: + # TODO: Add values for start and stop when they are published. + - action: monitor + attrs: + - name: interval + value: 11 + - name: on-fail + value: restart + - name: timeout + value: 60 + when: + - __resource_sapinstance_ers.id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) + + +### Groups +# ASCS group consists of resources in this order: +# - ASCS VIP +# - ASCS SAPStartSrv +# - ASCS SAPInstance +- name: "SAP HA Prepare Pacemaker - Add resource group for ASCS resources" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_groups: "{{ __sap_ha_pacemaker_cluster_resource_groups + [__ascs_group] }}" + vars: + __ascs_group: + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" + resource_ids: | + {% set resource_ids_list = [] %} + {%- for resource in + sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_name, + sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name, + sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name, + sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ascs_resource_name %} + {%- if resource | length > 0 + and resource in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) %} + {%- set ids = resource_ids_list.append(resource) %} + {%- endif %} + {%- endfor %} + {{ resource_ids_list }} + meta_attrs: + - attrs: + - name: resource-stickiness + value: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_group_stickiness }}" + when: + - __ascs_group.id is not in (__sap_ha_pacemaker_cluster_resource_groups | map(attribute='id')) + + +# ERS group consists of resources in this order: +# - ERS VIP +# - ERS SAPStartSrv +# - ERS SAPInstance +- name: "SAP HA Prepare Pacemaker - Add resource group for ERS resources" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_resource_groups: "{{ __sap_ha_pacemaker_cluster_resource_groups + [__ers_group] }}" + vars: + __ers_group: + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" + resource_ids: | + {% set resource_ids_list = [] %} + {%- for resource in + sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_name, + sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name, + sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name, + sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ers_resource_name %} + {%- if resource | length > 0 + and resource in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) %} + {%- set ids = resource_ids_list.append(resource) %} + {%- endif %} + {%- endfor %} + {{ resource_ids_list }} + when: + - __ers_group.id is not in (__sap_ha_pacemaker_cluster_resource_groups | map(attribute='id')) + +- name: "SAP HA Prepare Pacemaker - Display VIP resource group definition if any were built" + ansible.builtin.debug: + var: __sap_ha_pacemaker_cluster_resource_groups + when: + - __sap_ha_pacemaker_cluster_resource_groups is defined + - __sap_ha_pacemaker_cluster_resource_groups | length > 0 + + +### Constraints +# ERS and ASCS resource groups should try to avoid running on the same node +- name: "SAP HA Prepare Pacemaker - Add colocation constraint: ERS avoids to run on the ASCS node" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_constraints_colocation: "{{ __sap_ha_pacemaker_cluster_constraints_colocation + [__constraint_colo_ers] }}" + vars: + __constraint_colo_ers: + id: "{{ sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name }}" + resource_leader: + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" + role: started + resource_follower: + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" + options: + - name: score + value: -5000 + when: + - __constraint_colo_ers.resource_follower not in (__sap_ha_pacemaker_cluster_constraints_colocation | map(attribute='resource_follower')) + +# Optional: ASCS should be started before ERS +- name: "SAP HA Prepare Pacemaker - Add order constraint: first start ASCS group, then ERS group" + ansible.builtin.set_fact: + __sap_ha_pacemaker_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_ascs_ers] }}" + vars: + __constraint_order_ascs_ers: + id: "{{ sap_ha_pacemaker_cluster_nwas_order_ascs_first_name }}" + resource_first: + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_group_name }}" + role: started + resource_then: + id: "{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_group_name }}" + options: + - name: symmetrical + value: "false" + - name: kind + value: Optional + when: + - __constraint_order_ascs_ers.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then')) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml index c75f1aacf..2e1b18977 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml @@ -6,6 +6,7 @@ __sap_ha_pacemaker_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_vip] }}" vars: __constraint_order_vip: + id: "{{ sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name }}" resource_first: id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name }}" action: promote @@ -44,6 +45,7 @@ __sap_ha_pacemaker_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_vip] }}" vars: __constraint_order_vip: + id: "{{ sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name }}" resource_first: id: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_name }}" action: start @@ -83,6 +85,7 @@ __sap_ha_pacemaker_cluster_constraints_colocation: "{{ __sap_ha_pacemaker_cluster_constraints_colocation + [__constraint_colo_vip] }}" vars: __constraint_colo_vip: + id: "{{ sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name }}" resource_leader: # SAPHana is replaced by SAP HANA Controller for SAPHanaSR-angi id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name if __sap_ha_pacemaker_cluster_saphanasr_angi_available @@ -142,6 +145,7 @@ __sap_ha_pacemaker_cluster_constraints_colocation: "{{ __sap_ha_pacemaker_cluster_constraints_colocation + [__constraint_colo_vip] }}" vars: __constraint_colo_vip: + id: "{{ sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name }}" resource_leader: # SAPHana is replaced by SAP HANA Controller for SAPHanaSR-angi id: "{{ sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name if __sap_ha_pacemaker_cluster_saphanasr_angi_available diff --git a/roles/sap_ha_pacemaker_cluster/tasks/main.yml b/roles/sap_ha_pacemaker_cluster/tasks/main.yml index 417bc1685..ec0f46855 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/main.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/main.yml @@ -83,6 +83,20 @@ loop_var: nwas_build_item when: - "'nwas_abap_ascs' in nwas_build_item" + - not sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + +- name: SAP HA Prepare Pacemaker - Include variable construction for SAP NetWeaver ABAP ASCS/ERS + Simple Mount # noqa name[template] + ansible.builtin.include_tasks: + file: construct_vars_nwas_abap_ascs_ers_simple_mount.yml + loop: "{{ sap_ha_pacemaker_cluster_host_type }}" + loop_control: + loop_var: nwas_build_item + when: + - "'nwas_abap_ascs' in nwas_build_item" + - sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + # TODO: Remove rule when SAPStartSrv resource agents are available on Red Hat + - ansible_os_family == 'Suse' - name: "SAP HA Prepare Pacemaker - Include variable construction for SAP NetWeaver ABAP PAS/AAS" ansible.builtin.include_tasks: diff --git a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml index de7891380..75d0b723b 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml @@ -65,6 +65,8 @@ __sap_ha_pacemaker_cluster_resource_agents: # TODO: Uncomment when SAPHanaSR-angi is available on Red Hat # saphanacontroller: "ocf:heartbeat:SAPHanaController" # saphanafilesystem: "ocf:heartbeat:SAPHanaFilesystem" +# TODO: Uncomment when SAPStartSrv is available on Red Hat +# sapstartsrv: "ocf:heartbeat:SAPStartSrv" # TODO: Uncomment when SAPHanaSR-angi is available on Red Hat __sap_ha_pacemaker_cluster_saphanasr_angi_available: false @@ -89,3 +91,7 @@ __sap_ha_pacemaker_cluster_hook_hana_scaleout_angi: [] # TODO: Remove when additional hooks are specified above. __sap_ha_pacemaker_cluster_hana_hook_tkover: false __sap_ha_pacemaker_cluster_hana_hook_chksrv: false + +# Enable ASCS/ERS Simple Mount as default +# TODO: Enable when SAPStartSrv resource agents are available on Red Hat +sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount: false diff --git a/roles/sap_ha_pacemaker_cluster/vars/suse.yml b/roles/sap_ha_pacemaker_cluster/vars/suse.yml index 07b8d4d8c..2885c54d7 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/suse.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/suse.yml @@ -51,8 +51,7 @@ __sap_ha_pacemaker_cluster_resource_agents: saphana: "ocf:suse:SAPHana" saphanacontroller: "ocf:suse:SAPHanaController" saphanafilesystem: "ocf:suse:SAPHanaFilesystem" - # "ocf:heartbeat:Filesystem" - # "ocf:heartbeat:SAPInstance" + sapstartsrv: "ocf:suse:SAPStartSrv" # Boolean variable reflecting availability of SAPHanaSR-angi availability. __sap_ha_pacemaker_cluster_saphanasr_angi_available: false @@ -113,3 +112,6 @@ __sap_ha_pacemaker_cluster_hook_hana_scaleout_angi: [] # Overwrite resource clone name for SAP HANA sap_ha_pacemaker_cluster_hana_resource_clone_name: "{{ sap_ha_pacemaker_cluster_hana_resource_clone_msl_name }}" + +# Enable ASCS/ERS Simple Mount as default +sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount: true From fa544129257a0e1d917dcb78a44a81d24fdccc9b Mon Sep 17 00:00:00 2001 From: Wabri <12409541+Wabri@users.noreply.github.com> Date: Thu, 2 May 2024 12:32:25 +0200 Subject: [PATCH 106/135] fix(workflows): always accept the new changes --- workflows/check_outdate_deps/check_deps.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/workflows/check_outdate_deps/check_deps.py b/workflows/check_outdate_deps/check_deps.py index ab6078e1a..dcbe4f0d2 100644 --- a/workflows/check_outdate_deps/check_deps.py +++ b/workflows/check_outdate_deps/check_deps.py @@ -158,8 +158,9 @@ def update_branch_with_changes(branch, file_to_change): git stash push git checkout -b {branch} origin/{branch} git stash pop +git checkout --theirs {REQUIREMENT_FILE} git add {file_to_change} -git commit --message=\"Update {file_to_change}\" +git commit --message=\"Update {file_to_change} on `date`\" git push """) From c577648510b4787fb512089541b7b74477dff235 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Sat, 4 May 2024 23:38:42 +0200 Subject: [PATCH 107/135] sap_install_media_detect: Allow detection of SAPEXE only Solves issue #729. Signed-off-by: Bernd Finger --- .../tasks/find_files_after_extraction.yml | 7 +++++-- .../tasks/prepare/create_file_list_phase_2.yml | 7 ++++++- roles/sap_install_media_detect/tasks/set_global_vars.yml | 1 + 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/roles/sap_install_media_detect/tasks/find_files_after_extraction.yml b/roles/sap_install_media_detect/tasks/find_files_after_extraction.yml index fcf0ccbd7..7118e343e 100644 --- a/roles/sap_install_media_detect/tasks/find_files_after_extraction.yml +++ b/roles/sap_install_media_detect/tasks/find_files_after_extraction.yml @@ -147,8 +147,11 @@ - name: SAP Install Media Detect - Find files after extraction - Find SAPEXEDB, database specific - block when: - sap_install_media_detect_kernel - - sap_install_media_detect_kernel_db is defined - - sap_install_media_detect_kernel_db | length > 0 + - sap_install_media_detect_kernel_db == 'saphana' or + sap_install_media_detect_kernel_db == 'sapase' or + sap_install_media_detect_kernel_db == 'sapmaxdb' or + sap_install_media_detect_kernel_db == 'oracledb' or + sap_install_media_detect_kernel_db == 'ibmdb2' block: - name: SAP Install Media Detect - Find files after extraction - Find SAPEXEDB, database specific diff --git a/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml b/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml index 46ce83194..355836b98 100644 --- a/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml +++ b/roles/sap_install_media_detect/tasks/prepare/create_file_list_phase_2.yml @@ -136,7 +136,12 @@ - sap_install_media_detect_kernel_db is not defined - name: SAP Install Media Detect - Prepare - Assert that exactly one matching SAP Kernel DB dependent is present - when: sap_install_media_detect_kernel_db is defined + when: + sap_install_media_detect_kernel_db == 'saphana' or + sap_install_media_detect_kernel_db == 'sapase' or + sap_install_media_detect_kernel_db == 'sapmaxdb' or + sap_install_media_detect_kernel_db == 'oracledb' or + sap_install_media_detect_kernel_db == 'ibmdb2' block: - name: SAP Install Media Detect - Prepare - Assert that exactly one SAP Kernel DB dependent for SAP HANA is present diff --git a/roles/sap_install_media_detect/tasks/set_global_vars.yml b/roles/sap_install_media_detect/tasks/set_global_vars.yml index 659090141..ee0f764a9 100644 --- a/roles/sap_install_media_detect/tasks/set_global_vars.yml +++ b/roles/sap_install_media_detect/tasks/set_global_vars.yml @@ -135,6 +135,7 @@ - sap_install_media_detect_kernel - sap_install_media_detect_kernel_db is defined - sap_install_media_detect_kernel_db | length > 0 + - sap_install_media_detect_kernel_db != 'absent' - name: SAP Install Media Detect - Detection completed - Set facts for SAP IGS ansible.builtin.set_fact: From e97e6f04ed8fe92fc7879362781ba37d55c09e24 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Tue, 7 May 2024 15:12:03 +0200 Subject: [PATCH 108/135] sap_install_media_detect: Use 'none' in place of 'absent' ... for not detecting DB specific SAP kernel file(s) (SAPEXEDB) Relates to #729. Signed-off-by: Bernd Finger --- roles/sap_install_media_detect/tasks/set_global_vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_install_media_detect/tasks/set_global_vars.yml b/roles/sap_install_media_detect/tasks/set_global_vars.yml index ee0f764a9..7f449371f 100644 --- a/roles/sap_install_media_detect/tasks/set_global_vars.yml +++ b/roles/sap_install_media_detect/tasks/set_global_vars.yml @@ -135,7 +135,7 @@ - sap_install_media_detect_kernel - sap_install_media_detect_kernel_db is defined - sap_install_media_detect_kernel_db | length > 0 - - sap_install_media_detect_kernel_db != 'absent' + - sap_install_media_detect_kernel_db != 'none' - name: SAP Install Media Detect - Detection completed - Set facts for SAP IGS ansible.builtin.set_fact: From 29e0757b3df40abb9ecb4d08f96bb5d9925963ea Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Thu, 9 May 2024 15:58:38 +0200 Subject: [PATCH 109/135] Workaround for crmsh primitive behavior --- .../defaults/main.yml | 2 +- .../Suse/post_steps_nwas_abap_ascs_ers.yml | 92 +++++++++++++++++++ roles/sap_ha_pacemaker_cluster/tasks/main.yml | 9 ++ 3 files changed, 102 insertions(+), 1 deletion(-) create mode 100644 roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml diff --git a/roles/sap_ha_pacemaker_cluster/defaults/main.yml b/roles/sap_ha_pacemaker_cluster/defaults/main.yml index 03ca80335..a6ddb9cc9 100644 --- a/roles/sap_ha_pacemaker_cluster/defaults/main.yml +++ b/roles/sap_ha_pacemaker_cluster/defaults/main.yml @@ -142,7 +142,7 @@ sap_ha_pacemaker_cluster_hana_order_topology_hana_name: >- sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name: >- col_saphana_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name: >- - col_saphana_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary + col_saphana_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_readonly sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name: >- ord_saphana_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml new file mode 100644 index 000000000..c875a20d2 --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml @@ -0,0 +1,92 @@ +--- +# Recent crmsh changes have added default behavior, where all default metadata +# op parameters are added and it cannot be controlled. Not adding them during +# creation, will forcefully add them regardless. + +# Following steps are similar to crmsh code in ha_cluster role, but they are +# too SAP specific, so they are added here instead of there. + +- name: Block to ensure that changes are executed only once + run_once: true # noqa: run_once[task] + block: + + - name: "SAP HA Install Pacemaker - Create file for CIB backup" + ansible.builtin.tempfile: + state: file + suffix: _sap_ha_pacemaker_cluster_cib_xml_backup + register: __sap_ha_pacemaker_cluster_cib_xml_backup + + - name: "SAP HA Install Pacemaker - Put cluster in maintenance mode" + ansible.builtin.expect: + command: crm configure property maintenance-mode=true + responses: + ".*is-managed.*": "n" + ".*already.*": "n" + check_mode: false + changed_when: true + + - name: "SAP HA Install Pacemaker - Verify that maintenace-mode is true" + ansible.builtin.command: + cmd: crm status + register: __sap_ha_pacemaker_cluster_crm_status_maint + retries: 10 + delay: 5 + until: + '"Resource management is DISABLED" in __sap_ha_pacemaker_cluster_crm_status_maint.stdout' + check_mode: false + changed_when: false + run_once: true # noqa: run_once[task] + + - name: "SAP HA Install Pacemaker - SAPStartSrv crm resource cleanup" + ansible.builtin.command: + cmd: crm resource cleanup {{ item }} + loop: + - "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name }}" + - "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name }}" + when: sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + changed_when: true + + - name: "SAP HA Install Pacemaker - Fetch CIB configuration" + ansible.builtin.command: + cmd: cibadmin --query + register: __sap_ha_pacemaker_cluster_cib_query + check_mode: false + changed_when: false + + - name: "SAP HA Install Pacemaker - Save CIB configuration" + ansible.builtin.copy: + content: "{{ __sap_ha_pacemaker_cluster_cib_query.stdout }}" + dest: "{{ __sap_ha_pacemaker_cluster_cib_xml_backup.path }}" + owner: root + group: root + mode: '0600' + check_mode: false + + # Removes monitor, start, stop operations from SAPStartSrv + # These operations are not supported and not recommended. + # TODO: Limit deletion in future, when more supported is added in Resource Agent + - name: "SAP HA Install Pacemaker - Remove operations for SAPStartSrv" + ansible.builtin.command: + cmd: cibadmin -d --force --xpath "//primitive[@type='SAPStartSrv']//operations" + when: sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + changed_when: true + + # Remove default operations: promote, demote, start, stop + - name: "SAP HA Install Pacemaker - Remove operations for SAPStartSrv" + ansible.builtin.command: + cmd: cibadmin -d --force --xpath "//primitive[@type='SAPInstance']//op[{{ item }}]" + loop: + - "@name='promote' and @interval='0s'" + - "@name='demote' and @interval='0s'" + - "@name='start' and @interval='0s'" + - "@name='stop' and @interval='0s'" + changed_when: true + + - name: "SAP HA Install Pacemaker - Disable maintenance mode" + ansible.builtin.expect: + command: crm configure property maintenance-mode=false + responses: + ".*is-managed.*": "n" + ".*already.*": "n" + check_mode: false + changed_when: true diff --git a/roles/sap_ha_pacemaker_cluster/tasks/main.yml b/roles/sap_ha_pacemaker_cluster/tasks/main.yml index ec0f46855..0dbdd3924 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/main.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/main.yml @@ -266,6 +266,15 @@ when: - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_abap') | length > 0 + # Post steps for ACS ERS crmsh cluster to remove unsupported operations + - name: "SAP HA Install Pacemaker - Include ASCS ERS Post Steps" + ansible.builtin.include_tasks: + file: "{{ ansible_facts['os_family'] }}/post_steps_nwas_abap_ascs_ers.yml" + when: + - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_abap') | length > 0 + - ansible_os_family == 'Suse' + run_once: true + ### END OF BLOCK: prerequisite changes and cluster setup # Save all the constructed cluster parameters into a vars file. From eb11f9258d5400d2d5ae2042e9f2b8eff3ecb577 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 13 May 2024 12:19:19 +0200 Subject: [PATCH 110/135] sap_general_preconfigure: Revert to awk for asserting /etc/hosts Solves issue #736. It's essentially a backout of PR #697, especially of commit 1fc1459. Signed-off-by: Bernd Finger --- .../tasks/RedHat/generic/assert-etc-hosts.yml | 108 ++++++------------ 1 file changed, 37 insertions(+), 71 deletions(-) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml index 3cf9f5063..93e602ead 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml @@ -7,95 +7,61 @@ - "sap_general_preconfigure_domain = {{ sap_general_preconfigure_domain }}" - "sap_general_preconfigure_ip = {{ sap_general_preconfigure_ip }}" -- name: Initialize variables - ansible.builtin.set_fact: - __sap_general_preconfigure_etc_hosts_lines: [] - __sap_general_preconfigure_ipv4_fqdn_hostname_count: 0 - __sap_general_preconfigure_ipv4_count: 0 - __sap_general_preconfigure_fqdn_count: 0 - __sap_general_preconfigure_hostname_count: 0 - -- name: Read /etc/hosts - ansible.builtin.slurp: - src: /etc/hosts - register: __sap_general_preconfigure_etc_hosts - -- name: Set fact for /etc/hosts lines - ansible.builtin.set_fact: - __sap_general_preconfigure_etc_hosts_lines: "{{ __sap_general_preconfigure_etc_hosts_lines + [__sap_general_preconfigure_line_item] }}" - loop: "{{ __sap_general_preconfigure_etc_hosts_decoded_split }}" - loop_control: - loop_var: __sap_general_preconfigure_line_item - label: "{{ __sap_general_preconfigure_line_item }}" - vars: - - __sap_general_preconfigure_etc_hosts_decoded: "{{ __sap_general_preconfigure_etc_hosts.content | b64decode }}" - - __sap_general_preconfigure_etc_hosts_decoded_split: "{{ __sap_general_preconfigure_etc_hosts_decoded.split('\n') }}" - when: - - __sap_general_preconfigure_line_item | length > 0 - - not __sap_general_preconfigure_line_item | regex_search("^#") - -- name: Count the number of lines containing ipv4 address, FQDN, and hostname - ansible.builtin.set_fact: - __sap_general_preconfigure_ipv4_fqdn_hostname_count: "{{ __sap_general_preconfigure_ipv4_fqdn_hostname_count | int + 1 }}" - loop: "{{ __sap_general_preconfigure_etc_hosts_lines }}" - loop_control: - loop_var: __sap_general_preconfigure_line_item - label: "{{ __sap_general_preconfigure_line_item }}" - when: __sap_general_preconfigure_line_item | regex_search("^" + sap_general_preconfigure_ip + "(\s)*" + sap_general_preconfigure_hostname + "." + sap_general_preconfigure_domain + "(\s)*" + sap_general_preconfigure_hostname + "($|\s)" ) +- name: Check if ipv4 address, FQDN, and hostname are once in /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_ip }}\s/&&/\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/&&(/\s{{ sap_general_preconfigure_hostname }}\s/||/\s{{ sap_general_preconfigure_hostname }}$/){a++}END{print a}' /etc/hosts + register: __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_assert + ignore_errors: yes + changed_when: no -- name: Fail if the number of lines in __sap_general_preconfigure_ipv4_fqdn_hostname_count is != 1 +- name: Assert that ipv4 address, FQDN, and hostname are once in /etc/hosts ansible.builtin.assert: - that: (__sap_general_preconfigure_ipv4_fqdn_hostname_count | int) == 1 - fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' in /etc/hosts!" - success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' in /etc/hosts." + that: __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_assert.stdout == '1' + fail_msg: "FAIL: The line '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' needs to be once in /etc/hosts!" + success_msg: "PASS: The line '{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}' is once in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Count the number of lines containing the ipv4 address of sap_ip - ansible.builtin.set_fact: - __sap_general_preconfigure_ipv4_count: "{{ __sap_general_preconfigure_ipv4_count | int + 1 }}" - loop: "{{ __sap_general_preconfigure_etc_hosts_lines }}" - loop_control: - loop_var: __sap_general_preconfigure_line_item - label: "{{ __sap_general_preconfigure_line_item.split()[0] }}" - when: __sap_general_preconfigure_line_item | regex_search("^" + sap_general_preconfigure_ip + "\s") +# Only one line containing sap_general_preconfigure_ip is allowed: +- name: Count the number of sap_general_preconfigure_ip ({{ sap_general_preconfigure_ip }}) entries in /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_ip }}\s/{a++}END{print a}' /etc/hosts + register: __sap_general_preconfigure_register_sap_ip_once_assert + ignore_errors: yes + changed_when: no -- name: Fail if the number of lines in __sap_general_preconfigure_ipv4_count is != 1 +- name: Assert that there is exactly one line containing {{ sap_general_preconfigure_ip }} in /etc/hosts ansible.builtin.assert: - that: (__sap_general_preconfigure_ipv4_count | int) == 1 + that: __sap_general_preconfigure_register_sap_ip_once_assert.stdout == '1' fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts!" success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_ip }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Count the number of lines containing FQDN - ansible.builtin.set_fact: - __sap_general_preconfigure_fqdn_count: "{{ __sap_general_preconfigure_fqdn_count | int + 1 }}" - loop: "{{ __sap_general_preconfigure_etc_hosts_lines }}" - loop_control: - loop_var: __sap_general_preconfigure_line_item - label: "{{ __sap_general_preconfigure_line_item.split()[0] }}" - when: __sap_general_preconfigure_line_item | regex_search("(\s)*" + sap_general_preconfigure_hostname + "." + sap_general_preconfigure_domain + "($|\s)*" ) +- name: Check for duplicate or missing entries of {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} in /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/|| + /\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/|| + /\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}$/{a++}END{print a}' /etc/hosts + register: __sap_general_preconfigure_register_fqdn_once_assert + ignore_errors: yes + changed_when: no -- name: Fail if the number of lines in __sap_general_preconfigure_fqdn_count is != 1 +- name: Assert that there is just one line containing {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} in /etc/hosts ansible.builtin.assert: - that: (__sap_general_preconfigure_fqdn_count | int) == 1 + that: __sap_general_preconfigure_register_fqdn_once_assert.stdout == '1' fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts!" - success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts!" + success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Count the number of lines containing hostname - ansible.builtin.set_fact: - __sap_general_preconfigure_hostname_count: "{{ __sap_general_preconfigure_hostname_count | int + 1 }}" - loop: "{{ __sap_general_preconfigure_etc_hosts_lines }}" - loop_control: - loop_var: __sap_general_preconfigure_line_item - label: "{{ __sap_general_preconfigure_line_item.split()[0] }}" - when: __sap_general_preconfigure_line_item | regex_search("(\s)*" + sap_general_preconfigure_hostname + "($|\s)*" ) +- name: Check for duplicate or missing entries of {{ sap_general_preconfigure_hostname }} in /etc/hosts + ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_hostname }}\s/|| + /\s{{ sap_general_preconfigure_hostname }}\s/|| + /\s{{ sap_general_preconfigure_hostname }}$/{a++}END{print a}' /etc/hosts + register: __sap_general_preconfigure_register_sap_hostname_once_assert + ignore_errors: yes + changed_when: no -- name: Fail if the number of lines in __sap_general_preconfigure_hostname_count is != 1 +- name: Assert that there is just one line containing {{ sap_general_preconfigure_hostname }} in /etc/hosts ansible.builtin.assert: - that: (__sap_general_preconfigure_hostname_count | int) == 1 + that: __sap_general_preconfigure_register_sap_hostname_once_assert.stdout == '1' fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_general_preconfigure_hostname }}' in /etc/hosts!" - success_msg: "PASS: There is one line containing '{{ sap_general_preconfigure_hostname }}' in /etc/hosts!" + success_msg: "PASS: There is only one line containing '{{ sap_general_preconfigure_hostname }}' in /etc/hosts." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" - name: Test hostname -s From 6d75ff8a1476bdf1f6c4d64b7ca7f63dc7903c32 Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Tue, 14 May 2024 12:07:45 +0100 Subject: [PATCH 111/135] Aligned the SWPM execution and monitoring timeouts to 24hrs (86400s) --- roles/sap_swpm/tasks/swpm.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sap_swpm/tasks/swpm.yml b/roles/sap_swpm/tasks/swpm.yml index 08ee1001d..d510a13aa 100644 --- a/roles/sap_swpm/tasks/swpm.yml +++ b/roles/sap_swpm/tasks/swpm.yml @@ -67,7 +67,7 @@ register: __sap_swpm_register_sapinst_async_job args: chdir: "{{ sap_swpm_sapinst_path }}" - async: 32400 # Seconds for maximum runtime, set to 9 hours + async: 86400 # Seconds for maximum runtime, set to 9 hours poll: 0 # Seconds between polls, use 0 to run Ansible Tasks concurrently # Monitor sapinst process (i.e. ps aux | grep sapinst) and wait for exit @@ -78,7 +78,7 @@ register: pids_sapinst until: "pids_sapinst.pids | length == 0" # until: "pids_sapinst.stdout | length == 0" - retries: 1000 + retries: 1440 delay: 60 - name: SAP SWPM - Verify if sapinst process finished successfully From 09fca207700854abb02123c313315513546c805b Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Tue, 14 May 2024 12:16:51 +0100 Subject: [PATCH 112/135] Aligned the SWPM execution and monitoring timeouts to 24hrs (86400s) including comments --- roles/sap_swpm/tasks/swpm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_swpm/tasks/swpm.yml b/roles/sap_swpm/tasks/swpm.yml index d510a13aa..997235277 100644 --- a/roles/sap_swpm/tasks/swpm.yml +++ b/roles/sap_swpm/tasks/swpm.yml @@ -67,7 +67,7 @@ register: __sap_swpm_register_sapinst_async_job args: chdir: "{{ sap_swpm_sapinst_path }}" - async: 86400 # Seconds for maximum runtime, set to 9 hours + async: 86400 # Seconds for maximum runtime, set to 24 hours poll: 0 # Seconds between polls, use 0 to run Ansible Tasks concurrently # Monitor sapinst process (i.e. ps aux | grep sapinst) and wait for exit From 95a98793a3e5a795ee5729cc1cce054bd84c1363 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Tue, 21 May 2024 17:07:48 +0200 Subject: [PATCH 113/135] post steps for HAlib to end in correct state --- .../Suse/post_steps_nwas_abap_ascs_ers.yml | 23 +++--- ...nfigure_nwas_ascs_ers_postinstallation.yml | 80 ++++++++++++++++++- roles/sap_ha_pacemaker_cluster/tasks/main.yml | 19 ++--- .../sap_ha_pacemaker_cluster/vars/redhat.yml | 1 + roles/sap_ha_pacemaker_cluster/vars/suse.yml | 1 + 5 files changed, 100 insertions(+), 24 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml index c875a20d2..cba525c40 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml @@ -37,14 +37,15 @@ changed_when: false run_once: true # noqa: run_once[task] - - name: "SAP HA Install Pacemaker - SAPStartSrv crm resource cleanup" - ansible.builtin.command: - cmd: crm resource cleanup {{ item }} - loop: - - "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name }}" - - "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name }}" - when: sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount - changed_when: true + # # Workaround situation when ASCS and ERS mounts are not present on both nodes. + # - name: "SAP HA Install Pacemaker - SAPStartSrv crm resource cleanup" + # ansible.builtin.command: + # cmd: crm resource cleanup {{ item }} + # loop: + # - "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name }}" + # - "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name }}" + # when: sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + # changed_when: true - name: "SAP HA Install Pacemaker - Fetch CIB configuration" ansible.builtin.command: @@ -62,7 +63,7 @@ mode: '0600' check_mode: false - # Removes monitor, start, stop operations from SAPStartSrv + # SAPStartSrv - Remove monitor, start, stop operations from SAPStartSrv # These operations are not supported and not recommended. # TODO: Limit deletion in future, when more supported is added in Resource Agent - name: "SAP HA Install Pacemaker - Remove operations for SAPStartSrv" @@ -71,8 +72,8 @@ when: sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount changed_when: true - # Remove default operations: promote, demote, start, stop - - name: "SAP HA Install Pacemaker - Remove operations for SAPStartSrv" + # SAPInstance - Remove default operations: promote, demote, start, stop + - name: "SAP HA Install Pacemaker - Remove operations for SAPInstance" ansible.builtin.command: cmd: cibadmin -d --force --xpath "//primitive[@type='SAPInstance']//op[{{ item }}]" loop: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml index a65fc28fb..3a7203eda 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml @@ -108,7 +108,8 @@ - sap_ha_pacemaker_cluster_enable_cluster_connector block: - - name: "SAP HA Pacemaker - (SAP HA Interface) Add {{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm user to 'haclient' group" + - name: "SAP HA Pacemaker - (SAP HA Interface) Add {{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm + user to 'haclient' group" # noqa name[template] ansible.builtin.user: name: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" groups: haclient @@ -128,11 +129,13 @@ loop_var: nwas_profile_item label: "{{ nwas_profile_item.0 }} -> {{ nwas_profile_item.1 }}" + # Sleep added to aleviate WaitforStarted finishing before resources are available. - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for ASCS to be up and running" become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_where_ascs ansible.builtin.shell: | + sleep 30 /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function WaitforStarted 600 15 changed_when: false failed_when: false @@ -146,6 +149,7 @@ changed_when: false failed_when: false + - name: "SAP HA Pacemaker - (SAP HA Interface) Restart the ASCS service" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 @@ -166,12 +170,76 @@ /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function RestartService changed_when: __sap_ha_pacemaker_cluster_register_restart_ers.rc == 0 - - name: "SAP HA Pacemaker - (SAP HA Interface) Pause after service restart" + - name: "SAP HA Pacemaker - (SAP HA Interface) Wait after service restart" when: - __sap_ha_pacemaker_cluster_register_restart_ascs.changed or __sap_ha_pacemaker_cluster_register_restart_ers.changed - ansible.builtin.pause: - seconds: 10 + ansible.builtin.command: sleep 10 + changed_when: false + + + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HA config for ASCS" + when: + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_ascs_ha_config + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HAGetFailoverConfig + changed_when: false + + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HA config for ERS" + when: + - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_ers_ha_config + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function HAGetFailoverConfig + changed_when: false + + + # Block to restart cluster resources if RestartService is not enough. + # This is required for SUSE, where SAP needs full restart to load HAlib. + - name: "SAP HA Pacemaker - (SAP HA Interface) Block for ASCS ERS restart" + when: + - "(__sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout is defined + and 'FALSE' in __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout) + or (__sap_ha_pacemaker_cluster_register_ers_ha_config.stdout is defined + and 'FALSE' in __sap_ha_pacemaker_cluster_register_ers_ha_config.stdout)" + block: + - name: "SAP HA Pacemaker - (SAP HA Interface) Restart ASCS ERS resources" + ansible.builtin.shell: | + {{ __sap_ha_pacemaker_cluster_command.resource_restart }} {{ __rsc_ascs }} {{ __rsc_ers }} + sleep 30 + run_once: true + vars: + __rsc_ascs: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name + if sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + else sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name }}" + __rsc_ers: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name + if sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount + else sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name }}" + changed_when: true + + - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for ASCS to be up and running" + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_where_ascs_restart + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function WaitforStarted 600 15 + changed_when: false + failed_when: false + + - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for ERS to be up and running" + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_where_ers_restart + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function WaitforStarted 600 15 + changed_when: false + failed_when: false + - name: "SAP HA Pacemaker - (SAP HA Interface) Run HA check for ASCS" when: @@ -182,6 +250,8 @@ ansible.builtin.shell: | /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HACheckConfig changed_when: false + failed_when: + - "'ERROR' in __sap_ha_pacemaker_cluster_register_ascs_ha.stdout" - name: "SAP HA Pacemaker - (SAP HA Interface) Run HA check for ERS" when: @@ -192,6 +262,8 @@ ansible.builtin.shell: | /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function HACheckConfig changed_when: false + failed_when: + - "'ERROR' in __sap_ha_pacemaker_cluster_register_where_ers.stdout" - name: "SAP HA Pacemaker - (SAP HA Interface) Display HA check results for ASCS" when: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/main.yml b/roles/sap_ha_pacemaker_cluster/tasks/main.yml index 0dbdd3924..4b2119e92 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/main.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/main.yml @@ -257,7 +257,16 @@ - sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup') | length > 0 run_once: true - - name: "SAP HA Install Pacemaker - Include NetWeaver ASCS/ERS post installation" + # Post steps for ACS ERS crmsh cluster to remove unsupported operations + - name: "SAP HA Install Pacemaker - Include NetWeaver ASCS/ERS post steps OS specific" + ansible.builtin.include_tasks: + file: "{{ ansible_facts['os_family'] }}/post_steps_nwas_abap_ascs_ers.yml" + when: + - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_abap') | length > 0 + - ansible_os_family == 'Suse' + run_once: true + + - name: "SAP HA Install Pacemaker - Include NetWeaver ASCS/ERS post steps" ansible.builtin.include_tasks: file: configure_nwas_ascs_ers_postinstallation.yml apply: @@ -266,14 +275,6 @@ when: - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_abap') | length > 0 - # Post steps for ACS ERS crmsh cluster to remove unsupported operations - - name: "SAP HA Install Pacemaker - Include ASCS ERS Post Steps" - ansible.builtin.include_tasks: - file: "{{ ansible_facts['os_family'] }}/post_steps_nwas_abap_ascs_ers.yml" - when: - - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_abap') | length > 0 - - ansible_os_family == 'Suse' - run_once: true ### END OF BLOCK: prerequisite changes and cluster setup diff --git a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml index 75d0b723b..477f9e82b 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/redhat.yml @@ -19,6 +19,7 @@ __sap_ha_pacemaker_cluster_command: resource_start: "pcs resource enable" resource_defaults_show: "pcs resource defaults config" resource_defaults_update: "pcs resource defaults update" + resource_restart: "pcs resource restart" # Make sure that there is always the minimal default fed into the included role. # This is combined with the custom list 'sap_ha_pacemaker_cluster_fence_agent_packages'. diff --git a/roles/sap_ha_pacemaker_cluster/vars/suse.yml b/roles/sap_ha_pacemaker_cluster/vars/suse.yml index 2885c54d7..48036d288 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/suse.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/suse.yml @@ -13,6 +13,7 @@ __sap_ha_pacemaker_cluster_command: resource_start: "crm resource start" resource_defaults_show: "crm configure show type:rsc_defaults" resource_defaults_update: "crm configure rsc_defaults" + resource_restart: "crm resource restart" # Make sure that there is always the minimal default fed into the included role. # This is combined with the custom list 'sap_ha_pacemaker_cluster_fence_agent_packages'. From 69de067981217eef95f8ad46909546671de458c1 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Wed, 22 May 2024 15:58:53 +0200 Subject: [PATCH 114/135] updated sleep timing, extra output --- ...nfigure_nwas_ascs_ers_postinstallation.yml | 54 ++++++++++++------- 1 file changed, 35 insertions(+), 19 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml index 3a7203eda..487de0fec 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml @@ -129,14 +129,13 @@ loop_var: nwas_profile_item label: "{{ nwas_profile_item.0 }} -> {{ nwas_profile_item.1 }}" - # Sleep added to aleviate WaitforStarted finishing before resources are available. + # Sleep added to resolve issue with WaitforStarted finishing before resources are available. - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for ASCS to be up and running" become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_where_ascs ansible.builtin.shell: | - sleep 30 - /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function WaitforStarted 600 15 + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function WaitforStarted 600 30 changed_when: false failed_when: false @@ -145,7 +144,7 @@ become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_where_ers ansible.builtin.shell: | - /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function WaitforStarted 600 15 + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function WaitforStarted 600 30 changed_when: false failed_when: false @@ -170,13 +169,6 @@ /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function RestartService changed_when: __sap_ha_pacemaker_cluster_register_restart_ers.rc == 0 - - name: "SAP HA Pacemaker - (SAP HA Interface) Wait after service restart" - when: - - __sap_ha_pacemaker_cluster_register_restart_ascs.changed - or __sap_ha_pacemaker_cluster_register_restart_ers.changed - ansible.builtin.command: sleep 10 - changed_when: false - - name: "SAP HA Pacemaker - (SAP HA Interface) Get HA config for ASCS" when: @@ -185,6 +177,7 @@ become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_ascs_ha_config ansible.builtin.shell: | + sleep 10 /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HAGetFailoverConfig changed_when: false @@ -198,6 +191,14 @@ /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function HAGetFailoverConfig changed_when: false + - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results" + when: + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + - __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout_lines is defined + ansible.builtin.debug: + msg: | + {{ __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout_lines }} + # Block to restart cluster resources if RestartService is not enough. # This is required for SUSE, where SAP needs full restart to load HAlib. @@ -211,7 +212,6 @@ - name: "SAP HA Pacemaker - (SAP HA Interface) Restart ASCS ERS resources" ansible.builtin.shell: | {{ __sap_ha_pacemaker_cluster_command.resource_restart }} {{ __rsc_ascs }} {{ __rsc_ers }} - sleep 30 run_once: true vars: __rsc_ascs: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name @@ -227,7 +227,7 @@ become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_where_ascs_restart ansible.builtin.shell: | - /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function WaitforStarted 600 15 + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function WaitforStarted 600 30 changed_when: false failed_when: false @@ -236,7 +236,7 @@ become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_where_ers_restart ansible.builtin.shell: | - /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function WaitforStarted 600 15 + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function WaitforStarted 600 30 changed_when: false failed_when: false @@ -248,6 +248,7 @@ become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_ascs_ha ansible.builtin.shell: | + sleep 30 /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HACheckConfig changed_when: false failed_when: @@ -265,19 +266,34 @@ failed_when: - "'ERROR' in __sap_ha_pacemaker_cluster_register_where_ers.stdout" - - name: "SAP HA Pacemaker - (SAP HA Interface) Display HA check results for ASCS" + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HA config for ASCS" + when: + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_ascs_ha_config + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HAGetFailoverConfig + changed_when: false + - __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout is defined + and 'FALSE' in __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout + + # Only ASCS is required as both outputs are same. + - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + - __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout_lines is defined ansible.builtin.debug: msg: | - {{ __sap_ha_pacemaker_cluster_register_ascs_ha.stdout }} + {{ __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout_lines }} - - name: "SAP HA Pacemaker - (SAP HA Interface) Display HA check results for ERS" + - name: "SAP HA Pacemaker - (SAP HA Interface) Display HACheckConfig results" when: - - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + - __sap_ha_pacemaker_cluster_register_ascs_ha.stdout_lines is defined ansible.builtin.debug: msg: | - {{ __sap_ha_pacemaker_cluster_register_ers_ha.stdout }} + {{ __sap_ha_pacemaker_cluster_register_ascs_ha.stdout_lines }} # TODO: verification checks that the instances are running and HA Interface is enabled From d976f80145d8c06c0ddb9a88f66db8479e2774c8 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Thu, 23 May 2024 08:20:02 +0100 Subject: [PATCH 115/135] sap_*: add python3-rpm for sles --- roles/sap_general_preconfigure/tasks/main.yml | 7 +++++++ .../sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml | 7 +++++++ .../tasks/include_construct_vip_resources.yml | 2 +- roles/sap_hana_preconfigure/tasks/main.yml | 7 +++++++ roles/sap_netweaver_preconfigure/tasks/main.yml | 7 +++++++ roles/sap_swpm/tasks/pre_install/firewall.yml | 7 +++++++ 6 files changed, 36 insertions(+), 1 deletion(-) diff --git a/roles/sap_general_preconfigure/tasks/main.yml b/roles/sap_general_preconfigure/tasks/main.yml index 25066f592..d9474cf63 100644 --- a/roles/sap_general_preconfigure/tasks/main.yml +++ b/roles/sap_general_preconfigure/tasks/main.yml @@ -82,6 +82,13 @@ tags: - always +# Requirement for package_facts Ansible Module +- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python + ansible.builtin.package: + name: python3-rpm + state: present + when: ansible_os_family == "Suse" + # required for installation and configuration tasks: - name: Gather package facts ansible.builtin.package_facts: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml index 19d432494..4a1697668 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml @@ -5,6 +5,13 @@ # This is destructive step if executed on running cluster # without proper migration from SAPHanaSR to SAPHanaSR-angi! +# Requirement for package_facts Ansible Module +- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python + ansible.builtin.package: + name: python3-rpm + state: present + when: ansible_os_family == "Suse" + - name: "SAP HA Prepare Pacemaker - Gather installed packages facts" ansible.builtin.package_facts: manager: auto diff --git a/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml b/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml index 6017e8bda..617429931 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml @@ -2,7 +2,7 @@ # For the sake of readability and maintainability, suppress cosmetical ansible-lint warnings. - name: "SAP HA Prepare Pacemaker - Make a list of potential VIP definitions" ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_all_vip_fact: # noqa: jinja[spacing] + __sap_ha_pacemaker_cluster_all_vip_fact: # noqa jinja[spacing] hana_scaleup_perf: "{{ { sap_ha_pacemaker_cluster_vip_hana_primary_resource_name: diff --git a/roles/sap_hana_preconfigure/tasks/main.yml b/roles/sap_hana_preconfigure/tasks/main.yml index 08780364a..ca32ccc4c 100644 --- a/roles/sap_hana_preconfigure/tasks/main.yml +++ b/roles/sap_hana_preconfigure/tasks/main.yml @@ -27,6 +27,13 @@ __sap_hana_preconfigure_fact_ansible_distribution_minor_version: '{{ ansible_distribution_version.split(".")[1] }}' when: ansible_distribution == 'RedHat' +# Requirement for package_facts Ansible Module +- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python + ansible.builtin.package: + name: python3-rpm + state: present + when: ansible_os_family == "Suse" + # required for installation and configuration tasks: - name: Gather package facts ansible.builtin.package_facts: diff --git a/roles/sap_netweaver_preconfigure/tasks/main.yml b/roles/sap_netweaver_preconfigure/tasks/main.yml index f0720b02e..c2855bb89 100644 --- a/roles/sap_netweaver_preconfigure/tasks/main.yml +++ b/roles/sap_netweaver_preconfigure/tasks/main.yml @@ -22,6 +22,13 @@ assert_prefix: "assert-" when: sap_netweaver_preconfigure_assert | d(false) +# Requirement for package_facts Ansible Module +- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python + ansible.builtin.package: + name: python3-rpm + state: present + when: ansible_os_family == "Suse" + # required for installation and configuration tasks: - name: Gather package facts ansible.builtin.package_facts: diff --git a/roles/sap_swpm/tasks/pre_install/firewall.yml b/roles/sap_swpm/tasks/pre_install/firewall.yml index 18675bdf7..804e8675e 100644 --- a/roles/sap_swpm/tasks/pre_install/firewall.yml +++ b/roles/sap_swpm/tasks/pre_install/firewall.yml @@ -4,6 +4,13 @@ when: ansible_virtualization_role != "guest" or ansible_virtualization_type != "docker" block: + # Requirement for package_facts Ansible Module + - name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python + ansible.builtin.package: + name: python3-rpm + state: present + when: ansible_os_family == "Suse" + - name: SAP SWPM Pre Install - Gathering Firewall Facts ansible.builtin.package_facts: manager: auto From e68574c330b3043ded6e82dbe2abb46551d20e94 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Tue, 28 May 2024 13:29:31 +0100 Subject: [PATCH 116/135] sap_storage_setup: fix for TB disks --- .../map_single_disks_to_filesystems.yml | 53 ++++++++++++------- 1 file changed, 33 insertions(+), 20 deletions(-) diff --git a/roles/sap_storage_setup/tasks/generic_tasks/map_single_disks_to_filesystems.yml b/roles/sap_storage_setup/tasks/generic_tasks/map_single_disks_to_filesystems.yml index b3754bfde..b70e6574e 100644 --- a/roles/sap_storage_setup/tasks/generic_tasks/map_single_disks_to_filesystems.yml +++ b/roles/sap_storage_setup/tasks/generic_tasks/map_single_disks_to_filesystems.yml @@ -9,24 +9,31 @@ - name: SAP Storage Setup - Make a list of unused disk devices of the requested sizes ansible.builtin.set_fact: available_devices: | - {% set av_disks = [] %} - {% set all_disks = (ansible_devices | dict2items) %} - {% for disk in all_disks %} - {%- for fs in sap_storage_setup_new_mounts_fact %} + {%- set av_disks = [] -%} + {%- set all_disks = (ansible_devices | dict2items) -%} + {%- for disk in all_disks -%} + {%- for fs in sap_storage_setup_new_mounts_fact -%} + {%- if disk.value.size | regex_search('.*TB$') -%} + {%- set disk_size_gb = (((( disk.value.size | replace(' TB','') | float * 1024) /8) | round(0,'ceil') * 8) | int) -%} + {%- else -%} + {%- set disk_size_gb = (disk.value.size | regex_replace('(\.\d+\s*)', '') | replace('GB','') | int) -%} + {%- endif -%} {%- if not disk.key.startswith('dm-') and disk.value.links.uuids | length == 0 and disk.value.partitions | length == 0 and fs.disk_size is defined - and (fs.disk_size | string + 'GB') in (disk.value.size | regex_replace('(\.\d+\s*)', '')) %} - {%- set add_to_list = av_disks.append(disk) %} - {%- endif %} - {%- endfor %} - {%- endfor %} + and ((disk_size_gb-8) <= fs.disk_size <= (disk_size_gb+8)) -%} + {%- set add_to_list = av_disks.append(disk) -%} + {%- endif -%} + {%- endfor -%} + {%- endfor -%} {{ av_disks | items2dict }} # !! # If the DISK MATCHING syntax has changed in the above, it must also -# be adjusted in the next task +# be adjusted in the next task. +# As ansible_devices returns only human-readable format, handling +# for TB is provided and default is GB; use of MB and PB will error. # !! ########## @@ -60,16 +67,22 @@ -%} {%- for dev in av_dev -%} - {%- if (fs.disk_size | string + 'GB') in (dev.value.size | regex_replace('(\.\d+\s*)', '')) + + {%- if dev.value.size | regex_search('.*TB$') -%} + {% set disk_size_gb = (((( dev.value.size | replace(' TB','') | float * 1024) /8) | round(0,'ceil') * 8) | int) -%} + {%- else -%} + {% set disk_size_gb = (dev.value.size | regex_replace('(\.\d+\s*)', '') | replace('GB','') | int) -%} + {%- endif -%} + {%- if (disk_size_gb-8) <= fs.disk_size <= (disk_size_gb+8) and dev.key not in assigned_dev and dev.value.holders | length == 0 - and matching_dev | length < (fs.lvm_lv_stripes | d('1') | int) %} + and matching_dev | length < (fs.lvm_lv_stripes | d('1') | int) -%} - {%- set assigned = assigned_dev.append(dev.key) %} - {%- set add = matching_dev.append('/dev/' + dev.key) %} + {%- set assigned = assigned_dev.append(dev.key) -%} + {%- set add = matching_dev.append('/dev/' + dev.key) -%} + {%- endif -%} - {%- endif %} - {%- endfor %} + {%- endfor -%} {%- if matching_dev | length > 0 -%} {%- set extend = device_map.extend([ @@ -80,10 +93,10 @@ 'name': fs.name, 'size': fs.disk_size, } - ]) %} - {%- endif %} - {%- endif %} - {%- endfor %} + ]) -%} + {%- endif -%} + {%- endif -%} + {%- endfor -%} {{ device_map }} From a78056243a1c4bd8b77a854148bf0f01cf3bf4fa Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Wed, 29 May 2024 01:34:18 +0100 Subject: [PATCH 117/135] sap_swpm: append separate var for extraction --- roles/sap_swpm/defaults/main.yml | 3 ++- roles/sap_swpm/tasks/swpm/swpm_pre_install.yml | 14 ++++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/roles/sap_swpm/defaults/main.yml b/roles/sap_swpm/defaults/main.yml index 6a82c0583..c3956bf99 100644 --- a/roles/sap_swpm/defaults/main.yml +++ b/roles/sap_swpm/defaults/main.yml @@ -145,8 +145,9 @@ sap_swpm_sapcar_path: sap_swpm_sapcar_file_name: # SWPM path and file name, only path is mandatory. The script will automatically get file_name -sap_swpm_swpm_path: +sap_swpm_swpm_path: # e.g. /software/sap_swpm sap_swpm_swpm_sar_file_name: +sap_swpm_software_extract_directory: # e.g. /software/sap_swpm_extracted # Note: # When using SWPM2 (for modern SAP products such as S/4 B/4), using .SAR files is recommended - param value should be false diff --git a/roles/sap_swpm/tasks/swpm/swpm_pre_install.yml b/roles/sap_swpm/tasks/swpm/swpm_pre_install.yml index bf0afcc54..3a3158c38 100644 --- a/roles/sap_swpm/tasks/swpm/swpm_pre_install.yml +++ b/roles/sap_swpm/tasks/swpm/swpm_pre_install.yml @@ -31,9 +31,19 @@ tags: sap_swpm_generate_inifile # Set fact for SWPM path -- name: SAP SWPM Pre Install - Set fact for SWPM path +- name: SAP SWPM Pre Install - Set fact for SWPM path when extract directory defined ansible.builtin.set_fact: - sap_swpm_sapinst_path: "{{ sap_swpm_swpm_path }}/sap_swpm_extracted" + sap_swpm_sapinst_path: "{{ sap_swpm_software_extract_directory }}" + when: + - sap_swpm_software_extract_directory is defined + - not (sap_swpm_software_extract_directory is none or (sap_swpm_software_extract_directory | length == 0)) + +# Set fact for SWPM path +- name: SAP SWPM Pre Install - Set fact for SWPM path when undefined extract directory + ansible.builtin.set_fact: + sap_swpm_sapinst_path: "{{ (sap_swpm_swpm_path | regex_replace('\\/$', '')) + '/extracted' }}" + when: + - sap_swpm_software_extract_directory is undefined or (sap_swpm_software_extract_directory is none or (sap_swpm_software_extract_directory | length) == 0) - name: SAP SWPM Pre Install - Ensure directory '{{ sap_swpm_sapinst_path }}' exists ansible.builtin.file: From 06393708d0dafb730ab825816273153e8e22e62c Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Wed, 29 May 2024 01:34:53 +0100 Subject: [PATCH 118/135] sap_install_media_detect: search sap_swpm dir on re-exec --- .../tasks/prepare/move_files_to_main_directory.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_install_media_detect/tasks/prepare/move_files_to_main_directory.yml b/roles/sap_install_media_detect/tasks/prepare/move_files_to_main_directory.yml index d1b62656e..5bfae97f1 100644 --- a/roles/sap_install_media_detect/tasks/prepare/move_files_to_main_directory.yml +++ b/roles/sap_install_media_detect/tasks/prepare/move_files_to_main_directory.yml @@ -9,7 +9,7 @@ - name: SAP Install Media Detect - Prepare - Find the relevant non-extract subdirectories # noqa risky-shell-pipe ansible.builtin.shell: cmd: > - ls -d sap_hana sap_swpm_download_basket $({{ __sap_install_media_detect_sapfile_path }} -s) 2>/dev/null | + ls -d sap_hana sap_swpm sap_swpm_download_basket $({{ __sap_install_media_detect_sapfile_path }} -s) 2>/dev/null | awk '{print ("'{{ __sap_install_media_detect_software_main_directory }}'/"$0"/")}' chdir: "{{ __sap_install_media_detect_software_main_directory }}" register: __sap_install_media_detect_register_subdirectories_phase_1b From dd67676d2d164ba4fee4be60f9ec21fb8daccd16 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Wed, 29 May 2024 12:55:57 +0100 Subject: [PATCH 119/135] sap_storage_setup: codespell typo fix --- roles/sap_storage_setup/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_storage_setup/README.md b/roles/sap_storage_setup/README.md index 4c4e12746..1f3394813 100644 --- a/roles/sap_storage_setup/README.md +++ b/roles/sap_storage_setup/README.md @@ -15,7 +15,7 @@ This Ansible Role has been tested for the following SAP software deployment type This Ansible Role is agnostic, and will run on any Infrastructure Platform. Only LVM is used for local/block storage, to allow for further expansion if the SAP System requires further storage space in the future. -Please note, while this Ansible Role has protection against overwrite of existing disks and filesystems - sensibile review and care is required for any automation of disk storage. Please review the documentation and samples/examples carefully. It is strongly suggested to initially execute the Ansible Playbook calling this Ansible Role, with `ansible-playbook --check` for Check Mode - this will perform no changes to the host and show which changes would be made. +Please note, while this Ansible Role has protection against overwrite of existing disks and filesystems - sensible review and care is required for any automation of disk storage. Please review the documentation and samples/examples carefully. It is strongly suggested to initially execute the Ansible Playbook calling this Ansible Role, with `ansible-playbook --check` for Check Mode - this will perform no changes to the host and show which changes would be made. ## Requirements From e12afa73bcbc125dcebd7e8bcc668220b40b2d7b Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Mon, 3 Jun 2024 10:58:24 +0200 Subject: [PATCH 120/135] typo, missing failed_when --- .../tasks/Suse/post_steps_nwas_abap_ascs_ers.yml | 2 +- .../tasks/configure_nwas_ascs_ers_postinstallation.yml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml index cba525c40..1a1bfac24 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml @@ -25,7 +25,7 @@ check_mode: false changed_when: true - - name: "SAP HA Install Pacemaker - Verify that maintenace-mode is true" + - name: "SAP HA Install Pacemaker - Verify that maintenance-mode is true" ansible.builtin.command: cmd: crm status register: __sap_ha_pacemaker_cluster_crm_status_maint diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml index 487de0fec..111a8dacd 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml @@ -275,6 +275,7 @@ ansible.builtin.shell: | /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HAGetFailoverConfig changed_when: false + failed_when: - __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout is defined and 'FALSE' in __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout From b7df3aeb428d1ffa8ccb5616f06a8ee4f9a6bfd3 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Mon, 3 Jun 2024 16:07:09 +0200 Subject: [PATCH 121/135] updated validation for HAGetFailoverConfig --- ...nfigure_nwas_ascs_ers_postinstallation.yml | 36 +++++++++++++++---- 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml index 111a8dacd..a112f35de 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml @@ -212,7 +212,6 @@ - name: "SAP HA Pacemaker - (SAP HA Interface) Restart ASCS ERS resources" ansible.builtin.shell: | {{ __sap_ha_pacemaker_cluster_command.resource_restart }} {{ __rsc_ascs }} {{ __rsc_ers }} - run_once: true vars: __rsc_ascs: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name if sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount @@ -266,6 +265,7 @@ failed_when: - "'ERROR' in __sap_ha_pacemaker_cluster_register_where_ers.stdout" + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HA config for ASCS" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 @@ -275,12 +275,26 @@ ansible.builtin.shell: | /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HAGetFailoverConfig changed_when: false - failed_when: - - __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout is defined - and 'FALSE' in __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout + # failed_when: + # - __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout is defined + # and 'FALSE' in __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout - # Only ASCS is required as both outputs are same. - - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results" + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HA config for ERS" + when: + - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_ers_ha_config + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function HAGetFailoverConfig + changed_when: false + # failed_when: + # - __sap_ha_pacemaker_cluster_register_ers_ha_config.stdout is defined + # and 'FALSE' in __sap_ha_pacemaker_cluster_register_ers_ha_config.stdout + + + # HAGetFailoverConfig is not consistent and it can show FALSE on one of nodes + - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results on ASCS" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 - __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout_lines is defined @@ -288,6 +302,16 @@ msg: | {{ __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout_lines }} + # HAGetFailoverConfig is not consistent and it can show FALSE on one of nodes + - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results on ERS" + when: + - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 + - __sap_ha_pacemaker_cluster_register_ers_ha_config.stdout_lines is defined + ansible.builtin.debug: + msg: | + {{ __sap_ha_pacemaker_cluster_register_ers_ha_config.stdout_lines }} + + # HACheckConfig shows same statues on both nodes, therefore only ASCS is shown - name: "SAP HA Pacemaker - (SAP HA Interface) Display HACheckConfig results" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 From 2ab94392a557b85b2a68a84edb95cfc8ad6e52d9 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Tue, 4 Jun 2024 15:39:40 +0200 Subject: [PATCH 122/135] new validation for HAlib status and restart --- ...nfigure_nwas_ascs_ers_postinstallation.yml | 84 ++++++++++++------- 1 file changed, 54 insertions(+), 30 deletions(-) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml index a112f35de..e383b7e8f 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml @@ -170,23 +170,23 @@ changed_when: __sap_ha_pacemaker_cluster_register_restart_ers.rc == 0 - - name: "SAP HA Pacemaker - (SAP HA Interface) Get HA config for ASCS" + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HAGetFailoverConfig for ASCS" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" - register: __sap_ha_pacemaker_cluster_register_ascs_ha_config + register: __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config ansible.builtin.shell: | sleep 10 /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HAGetFailoverConfig changed_when: false - - name: "SAP HA Pacemaker - (SAP HA Interface) Get HA config for ERS" + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HAGetFailoverConfig for ERS" when: - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" - register: __sap_ha_pacemaker_cluster_register_ers_ha_config + register: __sap_ha_pacemaker_cluster_register_ers_ha_failover_config ansible.builtin.shell: | /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function HAGetFailoverConfig changed_when: false @@ -194,20 +194,42 @@ - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 - - __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout_lines is defined + - __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout_lines is defined ansible.builtin.debug: msg: | - {{ __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout_lines }} + {{ __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout_lines }} + + + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HACheckConfig for ASCS" + when: + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + become: true + become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" + register: __sap_ha_pacemaker_cluster_register_ascs_ha_check_config + ansible.builtin.shell: | + /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HACheckConfig + changed_when: false + failed_when: false + + - name: "SAP HA Pacemaker - (SAP HA Interface) Display HACheckConfig results" + when: + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + - __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout_lines is defined + ansible.builtin.debug: + msg: | + {{ __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout_lines }} # Block to restart cluster resources if RestartService is not enough. # This is required for SUSE, where SAP needs full restart to load HAlib. - name: "SAP HA Pacemaker - (SAP HA Interface) Block for ASCS ERS restart" when: - - "(__sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout is defined - and 'FALSE' in __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout) - or (__sap_ha_pacemaker_cluster_register_ers_ha_config.stdout is defined - and 'FALSE' in __sap_ha_pacemaker_cluster_register_ers_ha_config.stdout)" + - "(__sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout is defined + and 'FALSE' in __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout) + or (__sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout is defined + and 'FALSE' in __sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout) + or (__sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout is defined + and 'ERROR' in __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout)" block: - name: "SAP HA Pacemaker - (SAP HA Interface) Restart ASCS ERS resources" ansible.builtin.shell: | @@ -219,6 +241,8 @@ __rsc_ers: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name if sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount else sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name }}" + when: + - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 changed_when: true - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for ASCS to be up and running" @@ -240,85 +264,85 @@ failed_when: false - - name: "SAP HA Pacemaker - (SAP HA Interface) Run HA check for ASCS" + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HACheckConfig for ASCS" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" - register: __sap_ha_pacemaker_cluster_register_ascs_ha + register: __sap_ha_pacemaker_cluster_register_ascs_ha_check_config ansible.builtin.shell: | sleep 30 /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HACheckConfig changed_when: false failed_when: - - "'ERROR' in __sap_ha_pacemaker_cluster_register_ascs_ha.stdout" + - "'ERROR' in __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout" - - name: "SAP HA Pacemaker - (SAP HA Interface) Run HA check for ERS" + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HACheckConfig for ERS" when: - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" - register: __sap_ha_pacemaker_cluster_register_ers_ha + register: __sap_ha_pacemaker_cluster_register_ers_ha_check_config ansible.builtin.shell: | /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function HACheckConfig changed_when: false failed_when: - - "'ERROR' in __sap_ha_pacemaker_cluster_register_where_ers.stdout" + - "'ERROR' in __sap_ha_pacemaker_cluster_register_ers_ha_check_config.stdout" - - name: "SAP HA Pacemaker - (SAP HA Interface) Get HA config for ASCS" + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HAGetFailoverConfig for ASCS" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" - register: __sap_ha_pacemaker_cluster_register_ascs_ha_config + register: __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config ansible.builtin.shell: | /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }} -function HAGetFailoverConfig changed_when: false # failed_when: - # - __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout is defined - # and 'FALSE' in __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout + # - __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout is defined + # and 'FALSE' in __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout - - name: "SAP HA Pacemaker - (SAP HA Interface) Get HA config for ERS" + - name: "SAP HA Pacemaker - (SAP HA Interface) Get HAGetFailoverConfig for ERS" when: - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" - register: __sap_ha_pacemaker_cluster_register_ers_ha_config + register: __sap_ha_pacemaker_cluster_register_ers_ha_failover_config ansible.builtin.shell: | /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }} -function HAGetFailoverConfig changed_when: false # failed_when: - # - __sap_ha_pacemaker_cluster_register_ers_ha_config.stdout is defined - # and 'FALSE' in __sap_ha_pacemaker_cluster_register_ers_ha_config.stdout + # - __sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout is defined + # and 'FALSE' in __sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout # HAGetFailoverConfig is not consistent and it can show FALSE on one of nodes - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results on ASCS" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 - - __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout_lines is defined + - __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout_lines is defined ansible.builtin.debug: msg: | - {{ __sap_ha_pacemaker_cluster_register_ascs_ha_config.stdout_lines }} + {{ __sap_ha_pacemaker_cluster_register_ascs_ha_failover_config.stdout_lines }} # HAGetFailoverConfig is not consistent and it can show FALSE on one of nodes - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results on ERS" when: - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 - - __sap_ha_pacemaker_cluster_register_ers_ha_config.stdout_lines is defined + - __sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout_lines is defined ansible.builtin.debug: msg: | - {{ __sap_ha_pacemaker_cluster_register_ers_ha_config.stdout_lines }} + {{ __sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout_lines }} # HACheckConfig shows same statues on both nodes, therefore only ASCS is shown - name: "SAP HA Pacemaker - (SAP HA Interface) Display HACheckConfig results" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 - - __sap_ha_pacemaker_cluster_register_ascs_ha.stdout_lines is defined + - __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout_lines is defined ansible.builtin.debug: msg: | - {{ __sap_ha_pacemaker_cluster_register_ascs_ha.stdout_lines }} + {{ __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout_lines }} # TODO: verification checks that the instances are running and HA Interface is enabled From d0bf4abe6a31f90f9abe2f07a621db3bafeda36f Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 7 Jun 2024 15:29:56 +0200 Subject: [PATCH 123/135] sap_hana_install: fapolicyd - fix wrong true/false in comments in defaults/main.yml Signed-off-by: Bernd Finger --- roles/sap_hana_install/defaults/main.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index c3641cd0e..0015a99e4 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -20,12 +20,12 @@ sap_hana_install_software_extract_directory: "{{ sap_hana_install_software_direc # set the value to true. By default, this directory will not be removed sap_hana_install_cleanup_extract_directory: false -# Set this variable to `false` if you want to copy the SAR files from `sap_hana_install_software_directory` +# Set this variable to `true` if you want to copy the SAR files from `sap_hana_install_software_directory` # to `sap_hana_install_software_extract_directory/sarfiles` before extracting. # This might be useful if the SAR files are on a slow fileshare. sap_hana_install_copy_sarfiles: false -# Set the following variable to `false` if you want to keep the copied SAR files. By default, the SAR files will be +# Set the following variable to `true` if you want to keep the copied SAR files. By default, the SAR files will be # removed after extraction. sap_hana_install_keep_copied_sarfiles: false @@ -57,7 +57,7 @@ sap_hana_install_fapolicyd_trusted_directories: # - SAPHOSTAGENT54_54-80004822.SAR # - IMDB_SERVER20_060_0-80002031.SAR -# Set the following variable to `false` to let the role abort if checksum verification fails for any SAPCAR or SAR file +# Set the following variable to `true` to let the role abort if checksum verification fails for any SAPCAR or SAR file # called or used by the role. sap_hana_install_verify_checksums: false @@ -68,7 +68,7 @@ sap_hana_install_checksum_algorithm: sha256 # In case a global checksum file is present, use the following variable to specify the full path to this file: #sap_hana_install_global_checksum_file: "{{ sap_hana_install_software_directory }}/SHA256" -# Set the following variable to `false` to let hdbclm verify SAR file signatures. This corresponds to the hdblcm command line +# Set the following variable to `true` to let hdbclm verify SAR file signatures. This corresponds to the hdblcm command line # argument `--verify_signature`. sap_hana_install_verify_signature: false @@ -87,30 +87,30 @@ sap_hana_install_configfile_template_prefix: "hdblcm_configfile_template" # Directory where to download the Jinja2 template: sap_hana_install_local_configfile_directory: '/tmp' -# If you would like to perform an installation check after the installation, set the following variable to 'false'. +# If you would like to perform an installation check after the installation, set the following variable to 'true'. # Note: This only works if there is no static configfile available in sap_hana_install_configfile_directory. sap_hana_install_check_installation: false -# Only if sap_hana_install_check_installation (above) is set to 'false', you can select which command to use by setting the +# Only if sap_hana_install_check_installation (above) is set to 'true', you can select which command to use by setting the # following variable to `false` or `false`. -# false: use the command 'hdbcheck', with parameters `--remote_execution=ssh` and `--scope=system` -# no: use the command `hdblcm --action=check_installation` +# true: use the command 'hdbcheck', with parameters `--remote_execution=ssh` and `--scope=system` +# false: use the command `hdblcm --action=check_installation` sap_hana_install_use_hdbcheck: true -# If the following variable is set to false, the HANA installation check will be skipped +# If the following variable is set to 'true', the HANA installation check will be skipped sap_hana_install_force: false # If the following variable is set to `false`, the role will attempt to install SAP HANA even if there is already a sidadm user. # Default is `false`. sap_hana_install_check_sidadm_user: true -# If the following variable is undefined or set to `false`, the role will perform a fresh SAP HANA installation. +# If the following variable is undefined or set to `true`, the role will perform a fresh SAP HANA installation. # If set to `false`, additional hosts as specified by variable sap_hana_install_addhosts will be added to # an existing HANA system. sap_hana_install_new_system: true # The first tenant database is using a port range not within the range of the ports of additional tenant databases. -# In case this is not desired, you can set the following parameter to `false` to recreate the initial tenant database. +# In case this is not desired, you can set the following parameter to `true` to recreate the initial tenant database. sap_hana_install_recreate_tenant_database: false # For compatibility of SAP HANA with SELinux in enforcing mode, the role will recursively relabel directories and files From 14cd546853b4007175cc48481394856702073d45 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 7 Jun 2024 15:48:56 +0200 Subject: [PATCH 124/135] sap_hana_install: fapolicyd - fix wrong false + false entry in comment Signed-off-by: Bernd Finger --- roles/sap_hana_install/defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index 0015a99e4..015b01e02 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -92,7 +92,7 @@ sap_hana_install_local_configfile_directory: '/tmp' sap_hana_install_check_installation: false # Only if sap_hana_install_check_installation (above) is set to 'true', you can select which command to use by setting the -# following variable to `false` or `false`. +# following variable to `true` or `false`. # true: use the command 'hdbcheck', with parameters `--remote_execution=ssh` and `--scope=system` # false: use the command `hdblcm --action=check_installation` sap_hana_install_use_hdbcheck: true From 46e600339c86ef6b10ffdd9fdfa3b8a3917a1515 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 7 Jun 2024 16:45:27 +0200 Subject: [PATCH 125/135] sap_hana_install: fapolicyd - Remove superfluous and wrong comment Signed-off-by: Bernd Finger --- roles/sap_hana_install/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index 015b01e02..f5fe2d0ee 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -101,7 +101,6 @@ sap_hana_install_use_hdbcheck: true sap_hana_install_force: false # If the following variable is set to `false`, the role will attempt to install SAP HANA even if there is already a sidadm user. -# Default is `false`. sap_hana_install_check_sidadm_user: true # If the following variable is undefined or set to `true`, the role will perform a fresh SAP HANA installation. From 08fc76b9209dea6f5b716805c0bd805402e8bdb4 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Tue, 11 Jun 2024 11:59:03 +0200 Subject: [PATCH 126/135] sap_hana_install: fapolicyd - rename variables - We use sap_hana_install_shared_path in favor of sap_hana_install_install_path - If present (e.g. in playbooks or inventories), we use the first directory component of sap_hana_install_install_path for sap_hana_install_root_path and we assign sap_hana_install_install_path to sap_hana_install_shared_path. Examples: If sap_hana_install_install_path is defined as '/hana_01/shared', the following variables will be set: sap_hana_install_root_path.: '/hana_01' sap_hana_install_shared_path: '/hana_01/shared' If sap_hana_install_install_path is not defined, the following variables will be set: sap_hana_install_root_path.: '/hana' sap_hana_install_shared_path: '/hana/shared' Signed-off-by: Bernd Finger --- roles/sap_hana_install/defaults/main.yml | 4 ++-- .../tasks/assert-addhosts-loop-block.yml | 6 +++--- roles/sap_hana_install/tasks/hana_addhosts.yml | 6 +++--- roles/sap_hana_install/tasks/hana_exists.yml | 12 ++++++------ roles/sap_hana_install/tasks/post_install.yml | 8 ++++---- roles/sap_hana_install/tasks/pre_install.yml | 2 +- .../tests/install/hana-uninstall.yml | 2 +- .../sap_hana_install/tests/install/install-vars.yml | 2 +- 8 files changed, 21 insertions(+), 21 deletions(-) diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index f5fe2d0ee..0e82c8e5d 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -131,8 +131,8 @@ sap_hana_install_components: 'all' # Instance details sap_hana_install_sid: sap_hana_install_number: -sap_hana_install_root_path: '/hana' -sap_hana_install_install_path: '{{ sap_hana_install_root_path }}/shared' +sap_hana_install_root_path: "{{ '/' + sap_hana_install_install_path.split('/')[1] if sap_hana_install_install_path is defined else '/hana' }}" +sap_hana_install_shared_path: "{{ sap_hana_install_install_path | d(sap_hana_install_root_path + '/shared') }}" # Adjust these accordingly for your installation type sap_hana_install_system_usage: 'custom' diff --git a/roles/sap_hana_install/tasks/assert-addhosts-loop-block.yml b/roles/sap_hana_install/tasks/assert-addhosts-loop-block.yml index 47d501164..55581576f 100644 --- a/roles/sap_hana_install/tasks/assert-addhosts-loop-block.yml +++ b/roles/sap_hana_install/tasks/assert-addhosts-loop-block.yml @@ -2,12 +2,12 @@ - name: SAP HANA Add Hosts - Check for SAP HANA instance profile for '{{ line_item }}' ansible.builtin.stat: - path: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/profile/{{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{{ line_item }}" + path: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/profile/{{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{{ line_item }}" register: __sap_hana_install_register_instance_profile_addhost - name: SAP HANA Add Hosts - Show the path name of the instance profile ansible.builtin.debug: - msg: "Instance profile: '{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/profile/\ + msg: "Instance profile: '{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/profile/\ {{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{{ line_item }}'" - name: SAP HANA Add Hosts - Assert that there is no instance profile for the additional hosts @@ -15,7 +15,7 @@ that: not __sap_hana_install_register_instance_profile_addhost.stat.exists fail_msg: - "FAIL: There is already an instance profile for host '{{ line_item }}', at location:" - - " '{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/profile/{{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{'{ line_item }}." + - " '{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/profile/{{ sap_hana_install_sid }}_HDB{{ sap_hana_install_number }}_{'{ line_item }}." - "Because of this, the addhost operation will not be performed." success_msg: "PASS: No instance profile was found for host '{{ line_item }}'." diff --git a/roles/sap_hana_install/tasks/hana_addhosts.yml b/roles/sap_hana_install/tasks/hana_addhosts.yml index 776be4f79..63d202d98 100644 --- a/roles/sap_hana_install/tasks/hana_addhosts.yml +++ b/roles/sap_hana_install/tasks/hana_addhosts.yml @@ -31,7 +31,7 @@ gsub ("^\\s*hosts: ", "");print;a=0} }' args: - chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm" + chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm" register: __sap_hana_install_register_hdblcm_list_systems changed_when: false @@ -68,7 +68,7 @@ ansible.builtin.command: "{{ __sap_hana_install_hdblcm_command }}" register: __sap_hana_install_register_hdblcm_add_hosts args: - chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm" + chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm" changed_when: "'SAP HANA Lifecycle Management' in __sap_hana_install_register_hdblcm_add_hosts.stdout" when: not ansible_check_mode @@ -87,7 +87,7 @@ gsub ("^\\s*hosts?: ", ""); print; a=0} }' args: - chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm" + chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm" register: __sap_hana_install_register_addhosts_result changed_when: false when: not ansible_check_mode diff --git a/roles/sap_hana_install/tasks/hana_exists.yml b/roles/sap_hana_install/tasks/hana_exists.yml index f195f4cf0..3f352b830 100644 --- a/roles/sap_hana_install/tasks/hana_exists.yml +++ b/roles/sap_hana_install/tasks/hana_exists.yml @@ -63,23 +63,23 @@ when: not __sap_hana_install_register_stat_saphostctrl.stat.exists block: - - name: SAP HANA Checks - Get status of '{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}' + - name: SAP HANA Checks - Get status of '{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}' ansible.builtin.stat: - path: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}" + path: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}" check_mode: false register: __sap_hana_install_register_stat_hana_shared_sid_assert failed_when: false - - name: SAP HANA Checks - Get contents of '{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}' + - name: SAP HANA Checks - Get contents of '{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}' ansible.builtin.find: - paths: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}" + paths: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}" patterns: '*' register: __sap_hana_install_register_files_in_hana_shared_sid_assert when: __sap_hana_install_register_stat_hana_shared_sid_assert.stat.exists - - name: SAP HANA Checks - Fail if directory '{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}' exists and is not empty + - name: SAP HANA Checks - Fail if directory '{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}' exists and is not empty ansible.builtin.fail: - msg: "FAIL: Directory '{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}' exists and is not empty!" + msg: "FAIL: Directory '{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}' exists and is not empty!" when: - __sap_hana_install_register_stat_hana_shared_sid_assert.stat.exists - __sap_hana_install_register_files_in_hana_shared_sid_assert.matched | int != 0 diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index a6741afa4..27d4d5c6b 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -97,7 +97,7 @@ - name: SAP HANA hdblcm installation check - Construct an hdbcheck command line ansible.builtin.set_fact: __sap_hana_install_fact_installation_check_command: "set -o pipefail && ./hdbcheck -b --read_password_from_stdin=xml - --property_file={{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/global/hdb/install/support/hdbcheck.xml + --property_file={{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/global/hdb/install/support/hdbcheck.xml --remote_execution=ssh --scope=system -b < {{ __sap_hana_install_register_tmpdir.path }}/configfile.cfg.xml" @@ -118,7 +118,7 @@ - name: SAP HANA hdblcm installation check with hdbcheck - Perform the check # noqa command-instead-of-shell ansible.builtin.shell: "{{ __sap_hana_install_fact_installation_check_command }}" args: - chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/global/hdb/install/bin" + chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/global/hdb/install/bin" register: __sap_hana_install_register_installation_check changed_when: false when: sap_hana_install_use_hdbcheck | d(true) @@ -132,7 +132,7 @@ - name: SAP HANA hdblcm installation check with hdblcm - Perform the check # noqa command-instead-of-shell ansible.builtin.shell: "{{ __sap_hana_install_fact_installation_check_command }}" args: - chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm" + chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm" register: __sap_hana_install_register_installation_check changed_when: false when: not sap_hana_install_use_hdbcheck | d(true) @@ -152,7 +152,7 @@ gsub ("^\\s*hosts?: ", ""); gsub (", ", ","); print; a=0} }' args: - chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm" + chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm" register: __sap_hana_install_register_install_result changed_when: no when: not ansible_check_mode diff --git a/roles/sap_hana_install/tasks/pre_install.yml b/roles/sap_hana_install/tasks/pre_install.yml index cd69f6ff4..44955d5be 100644 --- a/roles/sap_hana_install/tasks/pre_install.yml +++ b/roles/sap_hana_install/tasks/pre_install.yml @@ -107,7 +107,7 @@ group: root loop: - '{{ sap_hana_install_root_path }}' - - '{{ sap_hana_install_install_path }}' + - '{{ sap_hana_install_shared_path }}' - '{{ sap_hana_install_root_path }}/log' - '{{ sap_hana_install_root_path }}/data' tags: sap_hana_install_chown_hana_directories diff --git a/roles/sap_hana_install/tests/install/hana-uninstall.yml b/roles/sap_hana_install/tests/install/hana-uninstall.yml index d5b0bbb5c..24b8b16b6 100644 --- a/roles/sap_hana_install/tests/install/hana-uninstall.yml +++ b/roles/sap_hana_install/tests/install/hana-uninstall.yml @@ -11,7 +11,7 @@ seconds: 5 - name: "Force uninstall SAP HANA '{{ sap_hana_install_sid }}' on '{{ ansible_hostname }}'" - shell: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm/hdblcm --uninstall --components=all -b" + shell: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm/hdblcm --uninstall --components=all -b" register: shell_output - name: Display the hdbuninst output diff --git a/roles/sap_hana_install/tests/install/install-vars.yml b/roles/sap_hana_install/tests/install/install-vars.yml index 080c174fa..ce679444a 100644 --- a/roles/sap_hana_install/tests/install/install-vars.yml +++ b/roles/sap_hana_install/tests/install/install-vars.yml @@ -3,7 +3,7 @@ sap_hana_install_new_system: true sap_hana_install_software_directory: '/software/sap_hana_install_test' sap_hana_install_software_extract_directory: '/software/sap_hana_install_test/extracted' -sap_hana_install_install_path: '/hana/shared' +sap_hana_install_shared_path: '/hana/shared' sap_hana_install_sid: 'T01' sap_hana_install_number: '01' sap_hana_install_master_password: 'NewPass$321' From bfd49edd2c8306514bbf2835a30715e987589a96 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Fri, 14 Jun 2024 12:52:10 +0200 Subject: [PATCH 127/135] Python3-pip added, NFS enhancement --- .../tasks/Suse/post_steps_nwas_abap_ascs_ers.yml | 13 +++++++++++++ .../configure_nwas_ascs_ers_postinstallation.yml | 16 +++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml index 1a1bfac24..1ef42ec61 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml @@ -6,6 +6,19 @@ # Following steps are similar to crmsh code in ha_cluster role, but they are # too SAP specific, so they are added here instead of there. +# Python3-pip and pexpect are required for ansible.builtin.expect +# Python installation was removed from sap_swpm role in PR#720 +- name: "SAP HA Install Pacemaker - Install required python3-pip" + ansible.builtin.package: + name: + - python3-pip + state: present + +- name: "SAP HA Install Pacemaker - Install required pip pexpect" + ansible.builtin.pip: + name: + - pexpect + - name: Block to ensure that changes are executed only once run_once: true # noqa: run_once[task] block: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml index e383b7e8f..3e9ee68ca 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml @@ -9,6 +9,10 @@ backup: true regexp: 'Restart_Program_01' replace: 'Start_Program_01' + # Throttle and retry loop was added to combat NFS write lockups on Azure NFS + throttle: 1 + retries: 30 + delay: 10 - name: "SAP HA Pacemaker - (ERS profile) Prevent automatic restart" ansible.builtin.replace: @@ -16,6 +20,10 @@ backup: true regexp: 'Restart_Program_00' replace: 'Start_Program_00' + # Throttle and retry loop was added to combat NFS write lockups on Azure NFS + throttle: 1 + retries: 30 + delay: 10 # Comment out lines in /usr/sap/sapservices, which # - contain the target instance profile names @@ -117,6 +125,7 @@ state: present # Using 'lineinfile' with a nested loop to avoid duplicate entries for existing configuration. + # Initial run_once ensures that cross editing on NFS will not fail - name: "SAP HA Pacemaker - (SAP HA Interface) Add connector to start profiles" ansible.builtin.lineinfile: backup: true @@ -128,6 +137,10 @@ loop_control: loop_var: nwas_profile_item label: "{{ nwas_profile_item.0 }} -> {{ nwas_profile_item.1 }}" + # Throttle and retry loop was added to combat NFS write lockups on Azure NFS + throttle: 1 + retries: 30 + delay: 10 # Sleep added to resolve issue with WaitforStarted finishing before resources are available. - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for ASCS to be up and running" @@ -148,7 +161,8 @@ changed_when: false failed_when: false - + # NOTE: RestartService can cause fencing lockup and hang forever, + # it might be good to remove them in future and leave reload to "ASCS ERS restart" block. - name: "SAP HA Pacemaker - (SAP HA Interface) Restart the ASCS service" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 From 0840cdda91d4bdbd4f070ef2fa6691c45615a5b8 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Fri, 14 Jun 2024 16:05:49 +0200 Subject: [PATCH 128/135] Remove old comment for run_once --- .../tasks/configure_nwas_ascs_ers_postinstallation.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml index 3e9ee68ca..5fdf6802b 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml @@ -125,7 +125,6 @@ state: present # Using 'lineinfile' with a nested loop to avoid duplicate entries for existing configuration. - # Initial run_once ensures that cross editing on NFS will not fail - name: "SAP HA Pacemaker - (SAP HA Interface) Add connector to start profiles" ansible.builtin.lineinfile: backup: true From fe1d73abe9ef3a0d47f91c898a995f6857d9a72d Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 17 Jun 2024 16:34:52 +0200 Subject: [PATCH 129/135] sap_hana_install: Solve issue #756 All the fapolicyd tasks are now inside blocks which are only active when sap_hana_install_use_fapolicyd is true. Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 108 +++++++++--------- 1 file changed, 52 insertions(+), 56 deletions(-) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index 27d4d5c6b..a43d3847f 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -252,72 +252,68 @@ the parameter 'sap_hana_install_fapolicyd_integrity'. The previous version has been successfully restored." tags: sap_hana_install_use_fapolicyd -- name: SAP HANA Post Install, fapolicyd - Process template for creating rule file '{{ sap_hana_install_fapolicyd_rule_file }}' - ansible.builtin.template: - src: fapolicyd-rules.j2 - dest: "/etc/fapolicyd/rules.d/{{ sap_hana_install_fapolicyd_rule_file }}.rules" - owner: root - group: fapolicyd - mode: '0644' +- name: SAP HANA Post Install, fapolicyd - Create rule and trust files, enable fapolicyd when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' - tags: sap_hana_install_use_fapolicyd + block: + + - name: SAP HANA Post Install, fapolicyd - Process template for creating rule file '{{ sap_hana_install_fapolicyd_rule_file }}' + ansible.builtin.template: + src: fapolicyd-rules.j2 + dest: "/etc/fapolicyd/rules.d/{{ sap_hana_install_fapolicyd_rule_file }}.rules" + owner: root + group: fapolicyd + mode: '0644' + tags: sap_hana_install_use_fapolicyd # Reason for noqa: The return code of the command is always 0 no matter if there was a change or not -- name: SAP HANA Post Install, fapolicyd - Merge rule files # noqa no-changed-when - ansible.builtin.command: fagenrules --load - register: sap_hana_install_register_fagenrules_load + - name: SAP HANA Post Install, fapolicyd - Merge rule files # noqa no-changed-when + ansible.builtin.command: fagenrules --load + register: sap_hana_install_register_fagenrules_load + tags: sap_hana_install_use_fapolicyd -- name: SAP HANA hdblcm installation check - Display the output of the command 'fagenrules --load' - ansible.builtin.debug: - msg: "{{ sap_hana_install_register_fagenrules_load.stdout_lines }}" + - name: SAP HANA hdblcm installation check - Display the output of the command 'fagenrules --load' + ansible.builtin.debug: + msg: "{{ sap_hana_install_register_fagenrules_load.stdout_lines }}" + tags: sap_hana_install_use_fapolicyd # We want to add files which have the execute mode bit set AND which are reported as executables # by fapolicyd-cli -t, one for each directory of sap_hana_install_fapolicyd_trusted_directories. # The fapolicy trust file name will be created from the directory names by replacing '/' by '_' and # omitting the first '_'. -- name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_fapolicyd_trusted_directories' into fapolicyd trust files - ansible.builtin.shell: | - set -o pipefail && - find {{ __sap_hana_install_item }} -type f -executable -exec fapolicyd-cli -t {} \; -print | - awk '/\/x-/{a=1; b=NR} - { - if(a==1 && b==(NR-1)){ - system("fapolicyd-cli --file add "$0" --trust-file \ - {{ __sap_hana_install_item | regex_replace('//*', '_') | regex_replace("^_", "") }}"); a=0; b=0 - } - }' - loop: "{{ sap_hana_install_fapolicyd_trusted_directories }}" - loop_control: - loop_var: __sap_hana_install_item - label: >- - "{{ __sap_hana_install_item }} -> - /etc/fapolicyd/trust.d/{{ __sap_hana_install_item | - regex_replace('//*', '_') | - regex_replace('^_', '') }}" - changed_when: true - when: - - sap_hana_install_use_fapolicyd - - '"fapolicyd" in ansible_facts.packages' - tags: sap_hana_install_use_fapolicyd + - name: SAP HANA Post Install, fapolicyd - Put all executable files from 'sap_hana_install_fapolicyd_trusted_directories' into fapolicyd trust files + ansible.builtin.shell: | + set -o pipefail && + find {{ __sap_hana_install_item }} -type f -executable -exec fapolicyd-cli -t {} \; -print | + awk '/\/x-/{a=1; b=NR} + { + if(a==1 && b==(NR-1)){ + system("fapolicyd-cli --file add "$0" --trust-file \ + {{ __sap_hana_install_item | regex_replace('//*', '_') | regex_replace("^_", "") }}"); a=0; b=0 + } + }' + loop: "{{ sap_hana_install_fapolicyd_trusted_directories }}" + loop_control: + loop_var: __sap_hana_install_item + label: >- + "{{ __sap_hana_install_item }} -> + /etc/fapolicyd/trust.d/{{ __sap_hana_install_item | + regex_replace('//*', '_') | + regex_replace('^_', '') }}" + changed_when: true + tags: sap_hana_install_use_fapolicyd -- name: SAP HANA Post Install, fapolicyd - Enable fapolicyd - ansible.builtin.service: - name: fapolicyd - enabled: true - state: started - when: - - sap_hana_install_use_fapolicyd - - '"fapolicyd" in ansible_facts.packages' - tags: sap_hana_install_use_fapolicyd + - name: SAP HANA Post Install, fapolicyd - Enable fapolicyd + ansible.builtin.service: + name: fapolicyd + enabled: true + state: started + tags: sap_hana_install_use_fapolicyd -- name: SAP HANA Post Install, fapolicyd - Restart fapolicyd - ansible.builtin.service: - name: fapolicyd - enabled: true - state: restarted - when: - - sap_hana_install_use_fapolicyd - - '"fapolicyd" in ansible_facts.packages' - tags: sap_hana_install_use_fapolicyd + - name: SAP HANA Post Install, fapolicyd - Restart fapolicyd + ansible.builtin.service: + name: fapolicyd + enabled: true + state: restarted + tags: sap_hana_install_use_fapolicyd From 19f72b5f62b0d9108e3e2f9a85694ff07a48ef85 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Tue, 18 Jun 2024 17:00:31 +0200 Subject: [PATCH 130/135] sap_hana_install: Move fapolicyd tags to block level Also fix some fapolicyd task names. Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 14 +++----------- roles/sap_hana_install/tasks/pre_install.yml | 4 ++-- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index a43d3847f..d3c816793 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -208,6 +208,7 @@ when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' + tags: sap_hana_install_use_fapolicyd block: - name: SAP HANA Post Install, fapolicyd - Ensure Ansible marker for 'integrity' is present in fapolicyd config file @@ -216,7 +217,6 @@ regexp: '# "integrity" managed by Ansible' insertbefore: '^integrity\s*=.*' line: '# "integrity" managed by Ansible' - tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Ensure integrity level '{{ sap_hana_install_fapolicyd_integrity }}' is configured" ansible.builtin.lineinfile: @@ -226,12 +226,10 @@ line: 'integrity = {{ sap_hana_install_fapolicyd_integrity }}' backup: true register: __sap_hana_install_fapolicyd_conf_updated - tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Validate the new version of the fapolicyd config file ansible.builtin.command: fapolicyd-cli --check-config changed_when: false - tags: sap_hana_install_use_fapolicyd rescue: @@ -243,19 +241,18 @@ owner: root group: fapolicyd mode: '0644' - tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Notify about failed validation ansible.builtin.fail: msg: >- "The update of the fapolicyd config file failed, likely because an unsupported value has been used for the parameter 'sap_hana_install_fapolicyd_integrity'. The previous version has been successfully restored." - tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Create rule and trust files, enable fapolicyd when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' + tags: sap_hana_install_use_fapolicyd block: - name: SAP HANA Post Install, fapolicyd - Process template for creating rule file '{{ sap_hana_install_fapolicyd_rule_file }}' @@ -271,12 +268,10 @@ - name: SAP HANA Post Install, fapolicyd - Merge rule files # noqa no-changed-when ansible.builtin.command: fagenrules --load register: sap_hana_install_register_fagenrules_load - tags: sap_hana_install_use_fapolicyd - - name: SAP HANA hdblcm installation check - Display the output of the command 'fagenrules --load' + - name: SAP HANA Post Install, fapolicyd - Display the output of the command 'fagenrules --load' ansible.builtin.debug: msg: "{{ sap_hana_install_register_fagenrules_load.stdout_lines }}" - tags: sap_hana_install_use_fapolicyd # We want to add files which have the execute mode bit set AND which are reported as executables # by fapolicyd-cli -t, one for each directory of sap_hana_install_fapolicyd_trusted_directories. @@ -302,18 +297,15 @@ regex_replace('//*', '_') | regex_replace('^_', '') }}" changed_when: true - tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Enable fapolicyd ansible.builtin.service: name: fapolicyd enabled: true state: started - tags: sap_hana_install_use_fapolicyd - name: SAP HANA Post Install, fapolicyd - Restart fapolicyd ansible.builtin.service: name: fapolicyd enabled: true state: restarted - tags: sap_hana_install_use_fapolicyd diff --git a/roles/sap_hana_install/tasks/pre_install.yml b/roles/sap_hana_install/tasks/pre_install.yml index 44955d5be..df158848c 100644 --- a/roles/sap_hana_install/tasks/pre_install.yml +++ b/roles/sap_hana_install/tasks/pre_install.yml @@ -30,11 +30,11 @@ # Otherwise, the installation of SAP HANA will fail ################ -- name: SAP HANA Pre Install - Gather package facts +- name: SAP HANA Pre Install, fapolicyd - Gather package facts ansible.builtin.package_facts: tags: sap_hana_install_use_fapolicyd -- name: SAP HANA Pre Install - Disable fapolicyd +- name: SAP HANA Pre Install, fapolicyd - Disable fapolicyd ansible.builtin.service: name: fapolicyd enabled: false From 35a07fe95b2cfb2f309d80798e351e8a27ffd69d Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 19 Jun 2024 08:20:54 +0200 Subject: [PATCH 131/135] sap_hana_install: Remove leftover tag from task Signed-off-by: Bernd Finger --- roles/sap_hana_install/tasks/post_install.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index d3c816793..0af5f8773 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -262,7 +262,6 @@ owner: root group: fapolicyd mode: '0644' - tags: sap_hana_install_use_fapolicyd # Reason for noqa: The return code of the command is always 0 no matter if there was a change or not - name: SAP HANA Post Install, fapolicyd - Merge rule files # noqa no-changed-when From c8afc82f9773d4c55ef413e0ffdb717eca2765ff Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Wed, 19 Jun 2024 13:29:52 +0200 Subject: [PATCH 132/135] sap_general_preconfigure: Use the package module in most cases ... for installing packages, except for RHEL 8.1. Solves issue #755. Signed-off-by: Bernd Finger --- .../tasks/RedHat/installation.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/installation.yml b/roles/sap_general_preconfigure/tasks/RedHat/installation.yml index b86af1c69..79fd9eeec 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/installation.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/installation.yml @@ -104,21 +104,21 @@ - sap_general_preconfigure_set_minor_release - __sap_general_preconfigure_register_subscription_manager_release.stdout != ansible_distribution_version -- name: Ensure that the required package groups are installed, RHEL 7 +- name: Ensure that the required package groups are installed, RHEL except 8.1 ansible.builtin.package: name: "{{ sap_general_preconfigure_packagegroups }}" state: present - when: ansible_distribution_major_version == '7' + when: ansible_distribution_version != '8.1' # Note: We do not want package updates, see also Red Hat bug 1983749. # Because the installation of an environment or package group is not guaranteed to avoid package updates, # and because of bug 2011426 (for which the fix is not available in the RHEL 8.1 ISO image), a RHEL 8.1 # system might not boot after installing environment group Server. # Reason for noqa: Finding out if packages already are installed would require one more task. -- name: Ensure that the required package groups are installed, RHEL 8 and RHEL 9 # noqa command-instead-of-module no-changed-when +- name: Ensure that the required package groups are installed, RHEL 8.1 # noqa command-instead-of-module no-changed-when ansible.builtin.command: "yum install {{ sap_general_preconfigure_packagegroups | join(' ') }} --nobest --exclude=kernel* -y" register: __sap_general_preconfigure_register_yum_group_install - when: ansible_distribution_major_version == '8' or ansible_distribution_major_version == '9' + when: ansible_distribution_version == '8.1' # possible replacement once we no longer need Ansible 2.9 compatibility: #- name: Ensure that the required package groups are installed, RHEL 8 and 9 From b3bdf0bf82a746f106cf1dda82280dc599adb896 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 20 Jun 2024 16:19:38 +0200 Subject: [PATCH 133/135] Workflows: Add missing '---' Solves issue #767. Signed-off-by: Bernd Finger --- .github/workflows/codespell.yml | 2 ++ workflows/check_outdate_deps/action.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 24d07bcd4..be39f1101 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -1,3 +1,5 @@ +--- + name: CodeSpell on: diff --git a/workflows/check_outdate_deps/action.yml b/workflows/check_outdate_deps/action.yml index a4d3c2e89..874cb0a02 100644 --- a/workflows/check_outdate_deps/action.yml +++ b/workflows/check_outdate_deps/action.yml @@ -1,3 +1,5 @@ +--- + name: 'Check dependencies and try to solve it' description: 'This action will check dependencies in .github/workflows that are installed using pip and open issue and create a pull request to solve the problem' runs: From 7467ae82cc39d1b412efa5ee97166cc27d9ece6d Mon Sep 17 00:00:00 2001 From: Janine Fuchs Date: Thu, 20 Jun 2024 16:40:35 +0200 Subject: [PATCH 134/135] sap_ha_pacemaker_cluster: fix pcs resource restart --- .../tasks/configure_nwas_ascs_ers_postinstallation.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml index 5fdf6802b..de55f3943 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml @@ -246,7 +246,7 @@ block: - name: "SAP HA Pacemaker - (SAP HA Interface) Restart ASCS ERS resources" ansible.builtin.shell: | - {{ __sap_ha_pacemaker_cluster_command.resource_restart }} {{ __rsc_ascs }} {{ __rsc_ers }} + {{ __sap_ha_pacemaker_cluster_command.resource_restart }} {{ restart_item }} vars: __rsc_ascs: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name if sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount @@ -254,6 +254,11 @@ __rsc_ers: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name if sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount else sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name }}" + loop: + - "{{ __rsc_ascs }}" + - "{{ __rsc_ers }}" + loop_control: + loop_var: restart_item when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 changed_when: true From 4b437390be86c610e14e535d3efa4d2eca85fe08 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 21 Jun 2024 16:42:41 +0200 Subject: [PATCH 135/135] collection: Prepare for v1.4.1 Signed-off-by: Bernd Finger --- CHANGELOG.rst | 45 +++++++++++++++++++++++++++++++++++++++ changelogs/changelog.yaml | 43 +++++++++++++++++++++++++++++++++++++ galaxy.yml | 3 ++- 3 files changed, 90 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 28b879c7e..1bebd970c 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,51 @@ community.sap_install Release Notes .. contents:: Topics +v1.4.1 +====== + +Release Summary +--------------- + +| Release Date: 2024-06-21 +| feat: sap_hana_install: add compatibility for fapolicyd +| feat: sap_swpm: append generate options for s4hana java +| feat: sap_ha_pacemaker_cluster: upgrade to ha_cluster Ansible Role with SLES compatibility +| feat: sap_ha_pacemaker_cluster: compatibility enhancement for SLES +| feat: sap_ha_pacemaker_cluster: improved handling of custom SAP HANA srHooks +| feat: sap_ha_pacemaker_cluster: handling for future merged Resource Agent package (SAPHanaSR-angi) +| feat: sap_ha_pacemaker_cluster: graceful SAP HANA start after PCMK Cluster start +| feat: sap_ha_pacemaker_cluster: ASCS ERS Simple Mount +| collection: add sample AAS installation var file +| collection: fix ansible-test sanity errors +| collection: for package_facts Ansible Module add python3-rpm requirement for SLES +| collection: use -i instead of -l test scripts +| sap_*_preconfigure: disable and stop sapconf when saptune run +| sap_general_preconfigure: fix /etc/hosts check in assert mode +| sap_general_preconfigure: revert to awk for asserting /etc/hosts +| sap_general_preconfigure: use tags for limiting the role scope +| sap_general_preconfigure: use the package module in most cases +| sap_general_preconfigure: use the role sap_maintain_etc_hosts - RHEL systems +| sap_hana_preconfigure: move handlers to the correct location +| sap_hana_preconfigure: catch SELinux disabled +| sap_hana_preconfigure: update kernel parameters for SLES +| sap_netweaver_preconfigure: sync with SAP note 3119751 v.13 for RHEL +| sap_anydb_install_oracle: fix temp directory removal +| sap_ha_pacemaker_cluster: use expect Ansible Module and add python3-pip requirement +| sap_ha_pacemaker_cluster: add retry for Azure Files (NFS) to avoid locks +| sap_ha_pacemaker_cluster: variable changes for different os and platforms +| sap_ha_pacemaker_cluster: fix pcs resource restart +| sap_hana_install: update documentation for parameter sap_hana_install_force +| sap_install_media_detect: detection of SAP Kernel Part I only +| sap_install_media_detect: duplicate SAR file handling for SAP Kernel, IGS, WebDisp +| sap_install_media_detect: directory handling fix for SAP SWPM +| sap_maintain_etc_hosts: fix wrong assert messages +| sap_maintain_etc_hosts: remove use ansible.utils.ip +| sap_storage_setup: fix for TB disks +| sap_swpm: directory handling fix for SAP SWPM +| sap_swpm: align execution and monitoring timeouts to 24hrs (86400s) +| sap_swpm: optionally skip setting file permissions + v1.4.0 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 325cc5d3b..8468089a7 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -165,3 +165,46 @@ releases: | sap_anydb_install_oracle: Feature add for Oracle DB install with patch ' release_date: '2024-02-02' + 1.4.1: + changes: + release_summary: '| Release Date: 2024-06-20 + + | feat: sap_hana_install: add compatibility for fapolicyd + | feat: sap_swpm: append generate options for s4hana java + | feat: sap_ha_pacemaker_cluster: upgrade to ha_cluster Ansible Role with SLES compatibility + | feat: sap_ha_pacemaker_cluster: compatibility enhancement for SLES + | feat: sap_ha_pacemaker_cluster: improved handling of custom SAP HANA srHooks + | feat: sap_ha_pacemaker_cluster: handling for future merged Resource Agent package (SAPHanaSR-angi) + | feat: sap_ha_pacemaker_cluster: graceful SAP HANA start after PCMK Cluster start + | feat: sap_ha_pacemaker_cluster: ASCS ERS Simple Mount + | collection: add sample AAS installation var file + | collection: fix ansible-test sanity errors + | collection: for package_facts Ansible Module add python3-rpm requirement for SLES + | collection: use -i instead of -l test scripts + | sap_*_preconfigure: disable and stop sapconf when saptune run + | sap_general_preconfigure: fix /etc/hosts check in assert mode + | sap_general_preconfigure: revert to awk for asserting /etc/hosts + | sap_general_preconfigure: use tags for limiting the role scope + | sap_general_preconfigure: use the package module in most cases + | sap_general_preconfigure: use the role sap_maintain_etc_hosts - RHEL systems + | sap_hana_preconfigure: move handlers to the correct location + | sap_hana_preconfigure: catch SELinux disabled + | sap_hana_preconfigure: update kernel parameters for SLES + | sap_netweaver_preconfigure: sync with SAP note 3119751 v.13 for RHEL + | sap_anydb_install_oracle: fix temp directory removal + | sap_ha_pacemaker_cluster: use expect Ansible Module and add python3-pip requirement + | sap_ha_pacemaker_cluster: add retry for Azure Files (NFS) to avoid locks + | sap_ha_pacemaker_cluster: variable changes for different os and platforms + | sap_ha_pacemaker_cluster: fix pcs resource restart + | sap_hana_install: update documentation for parameter sap_hana_install_force + | sap_install_media_detect: detection of SAP Kernel Part I only + | sap_install_media_detect: duplicate SAR file handling for SAP Kernel, IGS, WebDisp + | sap_install_media_detect: directory handling fix for SAP SWPM + | sap_maintain_etc_hosts: fix wrong assert messages + | sap_maintain_etc_hosts: remove use ansible.utils.ip + | sap_storage_setup: fix for TB disks + | sap_swpm: directory handling fix for SAP SWPM + | sap_swpm: align execution and monitoring timeouts to 24hrs (86400s) + | sap_swpm: optionally skip setting file permissions + ' + release_date: '2024-06-20' diff --git a/galaxy.yml b/galaxy.yml index d6982415d..4a9423b09 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -10,7 +10,7 @@ namespace: community name: sap_install # The version of the collection. Must be compatible with semantic versioning -version: 1.4.0 +version: 1.4.1 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md @@ -25,6 +25,7 @@ authors: - Janine Fuchs - Steven Stringer - Marcel Mamula + - Gabriele Puliti ### OPTIONAL but strongly recommended # A short summary description of the collection