Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

various roles: ansible-lint 6.22.0 cleanup #557

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,7 @@
block:

# Reason for noqa: We can safely fail at the last command in the pipeline.
- name: Create a list of minimum required package versions to be installed # noqa risky-shell-pipe
- name: Create a list of minimum required package versions to be installed # noqa risky-shell-pipe
# How does it work?
# 1 - Print the required package name and version with a prefix "1" followed by a space.
# 2 - In the same output sequence, list all installed versions of this package with a prefix "2" followed by a space.
Expand Down
3 changes: 3 additions & 0 deletions roles/sap_hana_install/.ansible-lint
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
---
exclude_paths:
- tests/
enable_list:
- yaml
skip_list:
- meta-runtime[unsupported-version] # We don't want to enforce new Ansible versions for Galaxy
- ignore-errors # We use ignore_errors for all the assert tasks, which should be acceptable
- schema # We want to allow single digit version numbers in a role's meta/main.yml file. This is allowed as per https://galaxy.ansible.com/docs/contributing/creating_role.html and https://galaxy.ansible.com/api/v1/platforms/?page=6.
- name[template] # Allow templating inside name. During dev and qa, it should be possible to identify cases where it doesn't work
7 changes: 4 additions & 3 deletions roles/sap_hana_install/tasks/hana_addhosts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,8 @@
when: not ansible_check_mode
block:

- name: SAP HANA Add Hosts - Run 'hdblcm --list_systems'
# Reason for noqa: We can safely fail at the last command in the pipeline.
- name: SAP HANA Add Hosts - Run 'hdblcm --list_systems' # noqa risky-shell-pipe
ansible.builtin.shell: |
./hdblcm --list_systems | awk '/\/hana\/shared\/{{ sap_hana_install_sid }}/{a=1}
/hosts:/{if (a==1){
Expand All @@ -32,7 +33,7 @@
args:
chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm"
register: __sap_hana_install_register_hdblcm_list_systems
changed_when: no
changed_when: false

- name: SAP HANA Add Hosts - Show the output of hdblcm --list_systems
ansible.builtin.debug:
Expand Down Expand Up @@ -88,7 +89,7 @@
args:
chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm"
register: __sap_hana_install_register_addhosts_result
changed_when: no
changed_when: false
when: not ansible_check_mode

- name: SAP HANA Add Hosts - Show the HANA version and hosts
Expand Down
26 changes: 13 additions & 13 deletions roles/sap_hana_install/tasks/hana_exists.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,16 @@
- name: SAP HANA Checks - Check if saphostctrl is installed
ansible.builtin.stat:
path: /usr/sap/hostctrl/exe/saphostctrl
check_mode: no
check_mode: false
register: __sap_hana_install_register_stat_saphostctrl
failed_when: no
failed_when: false

- name: SAP HANA Checks - Check if SAP instances are installed with saphostctrl
when: __sap_hana_install_register_stat_saphostctrl.stat.exists
block:

- name: SAP HANA Checks - Get list of installed SAP instances
ansible.builtin.shell: /usr/sap/hostctrl/exe/saphostctrl -function ListInstances | cut -d":" -f2-
ansible.builtin.shell: set -o pipefail && /usr/sap/hostctrl/exe/saphostctrl -function ListInstances | cut -d":" -f2-
register: __sap_hana_install_register_instancelist
changed_when: false

Expand Down Expand Up @@ -66,9 +66,9 @@
- name: SAP HANA Checks - Get status of '/hana/shared/{{ sap_hana_install_sid }}'
ansible.builtin.stat:
path: "/hana/shared/{{ sap_hana_install_sid }}"
check_mode: no
check_mode: false
register: __sap_hana_install_register_stat_hana_shared_sid_assert
failed_when: no
failed_when: false

- name: SAP HANA Checks - Get contents of '/hana/shared/{{ sap_hana_install_sid }}'
ansible.builtin.find:
Expand All @@ -87,9 +87,9 @@
- name: SAP HANA Checks - Get status of '/usr/sap/{{ sap_hana_install_sid }}'
ansible.builtin.stat:
path: "/usr/sap/{{ sap_hana_install_sid }}"
check_mode: no
check_mode: false
register: __sap_hana_install_register_stat_usr_sap_sid_assert
failed_when: no
failed_when: false

- name: SAP HANA Checks - Get contents of '/usr/sap/{{ sap_hana_install_sid }}'
ansible.builtin.find:
Expand All @@ -113,10 +113,10 @@

- name: SAP HANA Checks - Get info about '{{ sap_hana_install_sid | lower }}adm' user
ansible.builtin.command: getent passwd {{ sap_hana_install_sid | lower }}adm
check_mode: no
check_mode: false
register: __sap_hana_install_register_getent_passwd_sidadm
changed_when: no
failed_when: no
changed_when: false
failed_when: false

- name: SAP HANA Checks - Fail if the user '{{ sap_hana_install_sid | lower }}adm' exists
ansible.builtin.fail:
Expand All @@ -135,10 +135,10 @@

- name: SAP HANA Checks - Get info about the ID of the 'sapsys' group
ansible.builtin.command: getent group sapsys
check_mode: no
check_mode: false
register: __sap_hana_install_register_getent_group_sapsys
changed_when: no
failed_when: no
changed_when: false
failed_when: false

- name: SAP HANA Checks - In case there is a group 'sapsys', assert that its group ID is identical to 'sap_hana_install_groupid'
ansible.builtin.assert:
Expand Down
2 changes: 2 additions & 0 deletions roles/sap_hana_install/tasks/post_install.yml
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,7 @@
args:
chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/global/hdb/install/bin"
register: __sap_hana_install_register_installation_check
changed_when: false
when: sap_hana_install_use_hdbcheck | d(true)

- name: SAP HANA hdblcm installation check with hdbcheck - Display the result
Expand All @@ -133,6 +134,7 @@
args:
chdir: "{{ sap_hana_install_install_path }}/{{ sap_hana_install_sid }}/hdblcm"
register: __sap_hana_install_register_installation_check
changed_when: false
when: not sap_hana_install_use_hdbcheck | d(true)

- name: SAP HANA hdblcm installation check with hdblcm - Display the result
Expand Down
2 changes: 2 additions & 0 deletions roles/sap_hana_install/tasks/pre_install/extract_sarfile.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,14 @@
mv ${extracted_dir} ..
args:
chdir: "{{ __sap_hana_install_tmp_software_extract_directory }}"
changed_when: true
when: "'SAPHOST' not in __sap_hana_install_passed_sarfile"

- name: SAP HANA hdblcm prepare - Move files into the correct place, SAP Host Agent
ansible.builtin.command: mv ./tmp/SAP_HOST_AGENT .
args:
chdir: "{{ sap_hana_install_software_extract_directory }}"
changed_when: true
when: "'SAPHOST' in __sap_hana_install_passed_sarfile"

- name: SAP HANA hdblcm prepare - Remove temporary extraction directory '{{ sap_hana_install_software_extract_directory }}/tmp'
Expand Down
3 changes: 3 additions & 0 deletions roles/sap_hana_preconfigure/.ansible-lint
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
---
exclude_paths:
- tests/
enable_list:
- yaml
skip_list:
- meta-runtime[unsupported-version] # We don't want to enforce new Ansible versions for Galaxy
- ignore-errors # We use ignore_errors for all the assert tasks, which should be acceptable
- schema # We want to allow single digit version numbers in a role's meta/main.yml file. This is allowed as per https://galaxy.ansible.com/docs/contributing/creating_role.html and https://galaxy.ansible.com/api/v1/platforms/?page=6.
- name[template] # Allow templating inside name. During dev and qa, it should be possible to identify cases where it doesn't work
5 changes: 4 additions & 1 deletion roles/sap_hana_preconfigure/handlers/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
- name: "Check if server is booted in BIOS or UEFI mode"
ansible.builtin.stat:
path: /sys/firmware/efi
get_checksum: no
get_checksum: false
register: __sap_hana_preconfigure_register_stat_sys_firmware_efi
listen: __sap_hana_preconfigure_regenerate_grub2_conf_handler
when:
Expand All @@ -19,6 +19,7 @@
- name: "Run grub-mkconfig (BIOS mode)"
ansible.builtin.command: grub2-mkconfig -o /boot/grub2/grub.cfg
register: __sap_hana_preconfigure_register_grub2_mkconfig_bios_mode
changed_when: true
listen: __sap_hana_preconfigure_regenerate_grub2_conf_handler
notify: __sap_hana_preconfigure_reboot_handler
when:
Expand Down Expand Up @@ -51,6 +52,7 @@
- name: "Run grub-mkconfig (UEFI mode)"
ansible.builtin.command: "grub2-mkconfig -o {{ __sap_hana_preconfigure_uefi_boot_dir }}"
register: __sap_hana_preconfigure_register_grub2_mkconfig_uefi_mode
changed_when: true
listen: __sap_hana_preconfigure_regenerate_grub2_conf_handler
notify: __sap_hana_preconfigure_reboot_handler
when:
Expand All @@ -69,6 +71,7 @@
- name: "Run grubby for enabling TSX"
ansible.builtin.command: grubby --args="tsx=on" --update-kernel=ALL
register: __sap_hana_preconfigure_register_grubby_update
changed_when: true
listen: __sap_hana_preconfigure_grubby_update_handler
notify: __sap_hana_preconfigure_reboot_handler

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,8 @@
- sap_hana_preconfigure_assert_ignore_errors | d(false)
block:

- name: Assert - Create a list of minimum required package versions to be installed
# Reason for noqa: We can safely fail at the last command in the pipeline.
- name: Assert - Create a list of minimum required package versions to be installed # noqa risky-shell-pipe
# How does it work?
# 1 - Print the required package name and version with a prefix "1" followed by a space.
# 2 - In the same output sequence, list all installed versions of this package with a prefix "2" followed by a space.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

# There are CPUs which are not capable of enabling the rtm flag, so we just report the status:
- name: Get all CPU flags
ansible.builtin.shell: lscpu | grep "^Flags:"
ansible.builtin.shell: set -o pipefail && lscpu | grep "^Flags:"
register: __sap_hana_preconfigure_register_lscpu_flags
changed_when: no

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
owner: root
group: root
mode: '0644'
backup: yes
backup: true

- name: Perform steps for setting tuned profile
when: sap_hana_preconfigure_use_tuned
Expand All @@ -32,11 +32,11 @@
ansible.builtin.service:
name: tuned
state: started
enabled: yes
enabled: true

- name: Get currently active tuned profile
ansible.builtin.shell: /usr/sbin/tuned-adm active | grep ":" | cut -d ":" -f 2 | awk '{$1=$1;print}'
check_mode: no
ansible.builtin.shell: set -o pipefail && /usr/sbin/tuned-adm active | awk '/:/{print $NF}'
check_mode: false
register: __sap_hana_preconfigure_register_current_tuned_profile
changed_when: false

Expand All @@ -53,8 +53,8 @@
changed_when: true

- name: Show new active tuned profile
ansible.builtin.shell: /usr/sbin/tuned-adm active | grep ":" | cut -d ":" -f 2 | awk '{$1=$1;print}'
check_mode: no
ansible.builtin.shell: set -o pipefail && /usr/sbin/tuned-adm active | awk '/:/{print $NF}'
check_mode: false
register: __sap_hana_preconfigure_register_new_tuned_profile
changed_when: false

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,15 @@

- name: Configure - Get initial status of KSM
ansible.builtin.command: cat /sys/kernel/mm/ksm/run
check_mode: no
check_mode: false
register: __sap_hana_preconfigure_register_ksm_status_before
ignore_errors: true
changed_when: false

- name: Disable KSM on the running system
ansible.builtin.shell: echo 0 > /sys/kernel/mm/ksm/run
register: __sap_hana_preconfigure_register_disable_ksm
changed_when: true
when: __sap_hana_preconfigure_register_ksm_status_before.stdout != '0'

- name: Configure - Get status of KSM
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
- name: Enable TSX at boot time
ansible.builtin.command: /bin/true
notify: __sap_hana_preconfigure_grubby_update_handler
changed_when: true
when:
- ansible_architecture == 'x86_64'
- ansible_distribution == 'RedHat'
Expand Down
7 changes: 6 additions & 1 deletion roles/sap_hana_preconfigure/tasks/RedHat/installation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@

- name: Set the minor RHEL release
ansible.builtin.command: subscription-manager release --set="{{ ansible_distribution_version }}"
changed_when: true
when:
- sap_hana_preconfigure_set_minor_release
- __sap_hana_preconfigure_register_subscription_manager_release.stdout != ansible_distribution_version
Expand Down Expand Up @@ -94,6 +95,7 @@

- name: Accept the license for the IBM Service and Productivity Tools
ansible.builtin.shell: LESS=+q /opt/ibm/lop/configure <<<'y'
changed_when: true
when:
- ansible_architecture == "ppc64le"
- sap_hana_preconfigure_install_ibm_power_tools | d(true)
Expand Down Expand Up @@ -131,7 +133,8 @@
- __sap_hana_preconfigure_min_pkgs | d([])
block:

- name: Create a list of minimum required package versions to be installed
# Reason for noqa: We can safely fail at the last command in the pipeline.
- name: Create a list of minimum required package versions to be installed # noqa risky-shell-pipe
# How does it work?
# 1 - Print the required package name and version with a prefix "1" followed by a space.
# 2 - In the same output sequence, list all installed versions of this package with a prefix "2" followed by a space.
Expand Down Expand Up @@ -237,9 +240,11 @@
- name: Call reboot handler if necessary as per role sap_general_preconfigure
ansible.builtin.command: /bin/true
notify: __sap_hana_preconfigure_reboot_handler
changed_when: true
when: sap_general_preconfigure_fact_reboot_required | d(false)

- name: Call reboot handler if necessary as per this role
ansible.builtin.command: /bin/true
notify: __sap_hana_preconfigure_reboot_handler
changed_when: true
when: __sap_hana_preconfigure_register_needs_restarting is failed
18 changes: 10 additions & 8 deletions roles/sap_hana_preconfigure/tasks/SLES/configuration.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,16 @@
ansible.builtin.systemd:
name: saptune
state: started
enabled: yes
enabled: true

- name: Ensure saptune_check executes correctly
ansible.builtin.command: saptune_check
changed_when: no
changed_when: false

- name: Discover active solution
ansible.builtin.command: saptune solution enabled
register: __sap_hana_preconfigure_register_saptune_status
changed_when: no
changed_when: false

- name: Set fact for active solution
ansible.builtin.set_fact:
Expand All @@ -34,8 +34,8 @@
- name: Disable TCP timestamps, recycle & reuse
ansible.builtin.blockinfile:
path: /etc/saptune/override/2382421
create: yes
backup: yes
create: true
backup: true
owner: root
group: root
mode: '0640'
Expand All @@ -51,22 +51,24 @@
- name: Check if saptune solution needs to be applied
ansible.builtin.command: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}"
register: __sap_hana_preconfigure_register_saptune_verify
changed_when: no # We're only checking, not changing!
failed_when: no # We expect this to fail if it has not previously been applied
changed_when: false # We're only checking, not changing!
failed_when: false # We expect this to fail if it has not previously been applied

- name: Ensure no solution is currently applied
ansible.builtin.command: "saptune solution revert {{ __sap_hana_preconfigure_fact_solution_configured }}"
changed_when: true
when:
- __sap_hana_preconfigure_fact_solution_configured != 'NONE'
- __sap_hana_preconfigure_register_saptune_verify.rc != 0

- name: Ensure saptune solution is applied
ansible.builtin.command: "saptune solution apply {{ sap_hana_preconfigure_saptune_solution }}"
changed_when: true
when: __sap_hana_preconfigure_register_saptune_verify.rc != 0

- name: Ensure solution was successful
ansible.builtin.command: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}"
changed_when: no # We're only checking, not changing!
changed_when: false # We're only checking, not changing!

- name: Make sure that sapconf and tuned are stopped and disabled
ansible.builtin.command: "saptune service takeover"
Expand Down
3 changes: 2 additions & 1 deletion roles/sap_hana_preconfigure/tasks/sapnote/2055470.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@
msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2055470$') | first).number }}
(version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2055470$') | first).version }}): SAP HANA on POWER settings"

- name: Ensure MTU size is 9000 on all interfaces
# Reason for noqa: Failing early can cause unpredictable outputs.
- name: Ensure MTU size is 9000 on all interfaces # noqa risky-shell-pipe
ansible.builtin.shell: |
mtu=$(nmcli conn show {{ line_item }} | grep 802-3-ethernet.mtu | awk -F: '{printf("%d", $2)}')
if [ "$mtu" != "9000" ]; then
Expand Down
3 changes: 3 additions & 0 deletions roles/sap_hostagent/.ansible-lint
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
---
exclude_paths:
- tests/
enable_list:
- yaml
skip_list:
- meta-runtime[unsupported-version] # We don't want to enforce new Ansible versions for Galaxy
- ignore-errors # We use ignore_errors for all the assert tasks, which should be acceptable
- schema # We want to allow single digit version numbers in a role's meta/main.yml file. This is allowed as per https://galaxy.ansible.com/docs/contributing/creating_role.html and https://galaxy.ansible.com/api/v1/platforms/?page=6.
- name[template] # Allow templating inside name. During dev and qa, it should be possible to identify cases where it doesn't work
Loading