diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a49d20c77..db32a0bb9 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,15 @@ community.sap_install Release Notes .. contents:: Topics +v1.3.3 +====== + +Release Summary +--------------- + +| Release Date: 2023-12-22 +| collection: Make the preconfigure and sap_hana_install roles compatible with CVE-2023-5764 + v1.3.2 ====== @@ -12,26 +21,26 @@ Release Summary --------------- | Release Date: 2023-09-29 -sap_general_preconfigure: Update to latest SAP documentation for RHEL 9 package libxcrypt-compat -sap_general_preconfigure: Bug fix for directory creation and SELinux Labels -sap_ha_pacemaker_cluster: Bug fix for AWS EC2 Virtual Servers -sap_ha_pacemaker_cluster: Bug fix for Google Cloud Compute Engine VM netmask lock on Virtual IP -sap_ha_pacemaker_cluster: Feature add for improved SAP NetWeaver HA compatibility -sap_ha_pacemaker_cluster: Feature add for ENSA1 compatibility -sap_ha_pacemaker_cluster: Feature add for SAP HA Interface Cluster Connector after cluster init -sap_ha_pacemaker_cluster: Feature add for IBM PowerVM hypervisor -sap_ha_pacemaker_cluster: Feature add for multiple network interfaces with Virtual IP -sap_hana_install: Bug fix for SELinux disable when SLES4SAP -sap_install_media_detect: Feature add for NFS compatibility -sap_install_media_detect: Feature add for idempotency -sap_install_media_detect: Feature add for new file detection after code restructure -sap_install_media_detect: Bug fix for setting SAP Maintenance Planner Stack XML path -sap_storage_setup: Feature add for Multipathing detection -sap_storage_setup: Bug fix for NFS throttle from customer test on MS Azure -sap_storage_setup: Bug fix for packages on SLES and Google Cloud -sap_swpm: Bug fix for RDBMS var name -sap_swpm: Bug fix for SAP HANA Client hdbuserstore connection -sap_swpm: Bug fix for SAP Maintenance Planner Stack XML path +| sap_general_preconfigure: Update to latest SAP documentation for RHEL 9 package libxcrypt-compat +| sap_general_preconfigure: Bug fix for directory creation and SELinux Labels +| sap_ha_pacemaker_cluster: Bug fix for AWS EC2 Virtual Servers +| sap_ha_pacemaker_cluster: Bug fix for Google Cloud Compute Engine VM netmask lock on Virtual IP +| sap_ha_pacemaker_cluster: Feature add for improved SAP NetWeaver HA compatibility +| sap_ha_pacemaker_cluster: Feature add for ENSA1 compatibility +| sap_ha_pacemaker_cluster: Feature add for SAP HA Interface Cluster Connector after cluster init +| sap_ha_pacemaker_cluster: Feature add for IBM PowerVM hypervisor +| sap_ha_pacemaker_cluster: Feature add for multiple network interfaces with Virtual IP +| sap_hana_install: Bug fix for SELinux disable when SLES4SAP +| sap_install_media_detect: Feature add for NFS compatibility +| sap_install_media_detect: Feature add for idempotency +| sap_install_media_detect: Feature add for new file detection after code restructure +| sap_install_media_detect: Bug fix for setting SAP Maintenance Planner Stack XML path +| sap_storage_setup: Feature add for Multipathing detection +| sap_storage_setup: Bug fix for NFS throttle from customer test on MS Azure +| sap_storage_setup: Bug fix for packages on SLES and Google Cloud +| sap_swpm: Bug fix for RDBMS var name +| sap_swpm: Bug fix for SAP HANA Client hdbuserstore connection +| sap_swpm: Bug fix for SAP Maintenance Planner Stack XML path v1.3.1 ====== diff --git a/README.md b/README.md index db49c28ce..d714954d4 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,27 @@ This Ansible Collection executes various SAP Software installations for differen - Install Linux Pacemaker, configure Pacemaker Fencing Agents and Pacemaker Resource Agents - Set HA/DR with distributed SAP System installations (i.e. ERS) +### Note + +Starting with `ansible-core` versions 2.16.1, 2.15.8, and 2.14.12, templating operations inside the `that` statement of `assert` tasks +are no longer allowed. + +A typical error message is: +``` +fatal: [host01]: FAILED! => + msg: 'The conditional check ''13 <= 128'' failed. The error was: Conditional is marked as unsafe, and cannot be evaluated.' +``` + +This version of the collection ensures the compatibility with the above mentioned versions of `ansible-core` for the following roles: +- sap_general_preconfigure +- sap_netweaver_preconfigure +- sap_hana_preconfigure +- sap_hana_install + +When running the preconfigure roles with the above mentioned versions of `ansible-core` and with the parameters +`sap_general_preconfigure_assert`, `sap_netweaver_preconfigure_assert`, or `sap_hana_preconfigure_assert`, the roles will abort +in the first `assert` task which contains a templating operation. + ## Contents An Ansible Playbook can call either an Ansible Role, or the individual Ansible Modules: diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index bd7411429..3c47209ba 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -17,4 +17,112 @@ releases: | Add SAP HANA Two-Node Scale-Up Cluster Installation ' - release_date: '2022-07-06' + release_date: '2022-06-30' + 1.2.0: + changes: + release_summary: '| Release Date: 2022-12-20 + + | Consolidate sap_ha_install_pacemaker, sap_ha_prepare_pacemaker, and sap_ha_set_hana into new sap_ha_pacemaker_cluster role + | Use the ha_cluster Linux System Role and its enhanced features in the new role sap_ha_pacemaker_cluster + | Improve SID and instance checking in role sap_hana_install + | Enable modifying SELinux file labels for SAP directories + | Upgrade SAP SWPM handling for compatibility with more scenarios when generating inifile.params + | Add Ansible Role for basic Oracle DB installations for SAP + | Various minor enhancements + | Various fixes + + ' + release_date: '2022-12-20' + 1.2.1: + changes: + release_summary: '| Release Date: 2023-01-26 + + | A few minor fixes + + ' + release_date: '2023-01-26' + 1.2.2: + changes: + release_summary: '| Release Date: 2023-02-01 + + | Fix for sap_hana_preconfigure on SLES when tuned is not installed + + ' + release_date: '2023-02-01' + 1.2.3: + changes: + release_summary: '| Release Date: 2023-04-25 + + | sap_hana_preconfigure: Some modifications for HANA on RHEL 9 + | sap_ha_pacemaker_cluster: Compatibility for custom stonith resource definitions containing more than one element + | sap_hana_preconfigure: Be more flexible with IBM service and productivity tools + + ' + release_date: '2023-04-25' + 1.3.0: + changes: + release_summary: '| Release Date: 2023-07-21 + + | sap_general_preconfigure: Updates for new IBM Power packages with RHEL + | sap_hana_preconfigure: Updates for new IBM Power packages with RHEL + | sap_hana_install: Default Log Mode to normal and not Overwrite + | sap_ha_pacemaker_cluster: Detection of and compatibility for additional Infrastructure Platforms + | sap_ha_pacemaker_cluster: SAP NetWeaver compatibility added + | sap_install_media_detect: Restructure and add execution controls + | sap_storage_setup: Overhaul/Rewrite with breaking changes + | sap_storage_setup: SAP NetWeaver and NFS compatibility added + | sap_swpm: Minor alterations from High Availability test scenarios + | collection: Sample Playbooks updated + + ' + release_date: '2023-07-21' + 1.3.1: + changes: + release_summary: '| Release Date: 2023-08-14 + + | sap_ha_pacemaker_cluster: Improved AWS constructs based on feedback + | sap_ha_pacemaker_cluster: Improved no STONITH resource definition handling + | sap_hana_install: Bug fix for arg spec on deprecated vars + | sap_hostagent: Bug fix for media handling + | sap_install_media_detect: Improved handling based on feedback + | sap_storage_setup: Bug fix for existing storage devices + | sap_swpm: Make full log output optional and replace with sapcontrol log final status + | collection: Bug fix for sample Ansible Playbooks + + ' + release_date: '2023-08-14' + 1.3.2: + changes: + release_summary: '| Release Date: 2023-09-29 + + | sap_general_preconfigure: Update to latest SAP documentation for RHEL 9 package libxcrypt-compat + | sap_general_preconfigure: Bug fix for directory creation and SELinux Labels + | sap_ha_pacemaker_cluster: Bug fix for AWS EC2 Virtual Servers + | sap_ha_pacemaker_cluster: Bug fix for Google Cloud Compute Engine VM netmask lock on Virtual IP + | sap_ha_pacemaker_cluster: Feature add for improved SAP NetWeaver HA compatibility + | sap_ha_pacemaker_cluster: Feature add for ENSA1 compatibility + | sap_ha_pacemaker_cluster: Feature add for SAP HA Interface Cluster Connector after cluster init + | sap_ha_pacemaker_cluster: Feature add for IBM PowerVM hypervisor + | sap_ha_pacemaker_cluster: Feature add for multiple network interfaces with Virtual IP + | sap_hana_install: Bug fix for SELinux disable when SLES4SAP + | sap_install_media_detect: Feature add for NFS compatibility + | sap_install_media_detect: Feature add for idempotency + | sap_install_media_detect: Feature add for new file detection after code restructure + | sap_install_media_detect: Bug fix for setting SAP Maintenance Planner Stack XML path + | sap_storage_setup: Feature add for Multipathing detection + | sap_storage_setup: Bug fix for NFS throttle from customer test on MS Azure + | sap_storage_setup: Bug fix for packages on SLES and Google Cloud + | sap_swpm: Bug fix for RDBMS var name + | sap_swpm: Bug fix for SAP HANA Client hdbuserstore connection + | sap_swpm: Bug fix for SAP Maintenance Planner Stack XML path + + ' + release_date: '2023-09-29' + 1.3.3: + changes: + release_summary: '| Release Date: 2023-12-22 + + | collection: Make the preconfigure and sap_hana_install roles compatible with CVE-2023-5764 + + ' + release_date: '2023-12-22' diff --git a/galaxy.yml b/galaxy.yml index 5238b650d..2a2ddd20e 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -10,7 +10,7 @@ namespace: community name: sap_install # The version of the collection. Must be compatible with semantic versioning -version: 1.3.2 +version: 1.3.3 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml index 12c0123bb..9d3798601 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml @@ -50,5 +50,5 @@ - name: "Ensure that the length of the hostname is not longer than 'sap_general_preconfigure_max_hostname_length'" ansible.builtin.assert: - that: "{{ sap_hostname | length | int }} <= {{ sap_general_preconfigure_max_hostname_length | int }}" + that: (sap_hostname | length | int) <= (sap_general_preconfigure_max_hostname_length | int) msg: "The length of the hostname is {{ sap_hostname | length | int }} but must be less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')!" diff --git a/roles/sap_hana_install/tasks/hana_addhosts.yml b/roles/sap_hana_install/tasks/hana_addhosts.yml index 024aa2c71..776be4f79 100644 --- a/roles/sap_hana_install/tasks/hana_addhosts.yml +++ b/roles/sap_hana_install/tasks/hana_addhosts.yml @@ -41,7 +41,7 @@ - name: SAP HANA Add Hosts - Assert that the additional hosts are not shown in hdblcm --list_systems ansible.builtin.assert: - that: "'{{ line_item }}' not in __sap_hana_install_register_hdblcm_list_systems.stdout" + that: line_item not in __sap_hana_install_register_hdblcm_list_systems.stdout fail_msg: - "FAIL: Host '{{ line_item }}' is already part of system '{{ sap_hana_install_sid }}'" - "Because of this, the addhost operation will not be performed." diff --git a/roles/sap_hana_install/tasks/hana_exists.yml b/roles/sap_hana_install/tasks/hana_exists.yml index 9634ce387..9dbeb50a3 100644 --- a/roles/sap_hana_install/tasks/hana_exists.yml +++ b/roles/sap_hana_install/tasks/hana_exists.yml @@ -140,9 +140,14 @@ changed_when: false failed_when: false + - name: SAP HANA Checks - Define new variable for the assertion + ansible.builtin.set_fact: + __sap_hana_install_existing_sapsys_gid: "{{ __sap_hana_install_register_getent_group_sapsys.stdout.split(':')[2] }}" + when: __sap_hana_install_register_getent_group_sapsys.rc == 0 + - name: SAP HANA Checks - In case there is a group 'sapsys', assert that its group ID is identical to 'sap_hana_install_groupid' ansible.builtin.assert: - that: "{{ __sap_hana_install_register_getent_group_sapsys.stdout.split(':')[2] }} == {{ sap_hana_install_groupid }}" + that: (__sap_hana_install_existing_sapsys_gid | int) == (sap_hana_install_groupid | int) success_msg: "PASS: The group ID of 'sapsys' is identical to the value of variable sap_hana_install_groupid, which is '{{ sap_hana_install_groupid }}'" fail_msg: "FAIL: Group 'sapsys' exists but with a different group ID than '{{ sap_hana_install_groupid }}' diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml b/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml index c3b68c0e6..c93046e30 100644 --- a/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml +++ b/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml @@ -15,7 +15,7 @@ - name: Fail if the system is running a RHEL release which may not be supported for SAP HANA ansible.builtin.assert: - that: ansible_distribution_version in "{{ sap_hana_preconfigure_supported_rhel_minor_releases }}" + that: ansible_distribution_version in sap_hana_preconfigure_supported_rhel_minor_releases fail_msg: - "The RHEL release '{{ ansible_distribution_version }}' may not (yet) be supported for SAP HANA. Please check SAP note 2235581!" - "If necessary, adapt role parameter `sap_hana_preconfigure_supported_rhel_minor_releases` accordingly."