From 738efaa2b5d63af884c6a4f4a1df961079da0b98 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 22 Dec 2023 15:23:48 +0100 Subject: [PATCH 1/5] various roles: Fix issue sap-linuxlab#556 for non-assert runs This commit makes the roles compatible with the following versions of `ansible-core`: - 2.16.1 - 2.15.8 - 2.14.12 when running in normal (=non-assert) mode. The preconfigure roles also support an extended check mode, called assert mode, in which the roles do not change anything but verify if all settings are correct. This commit will not cover the assert mode. So several tasks of the preconfigure roles in assert mode will fail. By using the `_assert_ignore_errors` role parameters in assert mode, the roles will not fail but the affected tasks will not be executed so those settings will not be validated. Relates to issues #555 and #556. Signed-off-by: Bernd Finger --- .../tasks/RedHat/generic/configure-hostname.yml | 2 +- roles/sap_hana_install/tasks/hana_addhosts.yml | 2 +- roles/sap_hana_install/tasks/hana_exists.yml | 7 ++++++- roles/sap_hana_preconfigure/tasks/RedHat/installation.yml | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml index 12c0123bb..9d3798601 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-hostname.yml @@ -50,5 +50,5 @@ - name: "Ensure that the length of the hostname is not longer than 'sap_general_preconfigure_max_hostname_length'" ansible.builtin.assert: - that: "{{ sap_hostname | length | int }} <= {{ sap_general_preconfigure_max_hostname_length | int }}" + that: (sap_hostname | length | int) <= (sap_general_preconfigure_max_hostname_length | int) msg: "The length of the hostname is {{ sap_hostname | length | int }} but must be less or equal to {{ sap_general_preconfigure_max_hostname_length }} (variable 'sap_general_preconfigure_max_hostname_length')!" diff --git a/roles/sap_hana_install/tasks/hana_addhosts.yml b/roles/sap_hana_install/tasks/hana_addhosts.yml index c641c8c6d..94e21d847 100644 --- a/roles/sap_hana_install/tasks/hana_addhosts.yml +++ b/roles/sap_hana_install/tasks/hana_addhosts.yml @@ -40,7 +40,7 @@ - name: SAP HANA Add Hosts - Assert that the additional hosts are not shown in hdblcm --list_systems ansible.builtin.assert: - that: "'{{ line_item }}' not in __sap_hana_install_register_hdblcm_list_systems.stdout" + that: line_item not in __sap_hana_install_register_hdblcm_list_systems.stdout fail_msg: - "FAIL: Host '{{ line_item }}' is already part of system '{{ sap_hana_install_sid }}'" - "Because of this, the addhost operation will not be performed." diff --git a/roles/sap_hana_install/tasks/hana_exists.yml b/roles/sap_hana_install/tasks/hana_exists.yml index 3a450cfc0..0aa2be9bc 100644 --- a/roles/sap_hana_install/tasks/hana_exists.yml +++ b/roles/sap_hana_install/tasks/hana_exists.yml @@ -140,9 +140,14 @@ changed_when: no failed_when: no + - name: SAP HANA Checks - Define new variable for the assertion + ansible.builtin.set_fact: + __sap_hana_install_existing_sapsys_gid: "{{ __sap_hana_install_register_getent_group_sapsys.stdout.split(':')[2] }}" + when: __sap_hana_install_register_getent_group_sapsys.rc == 0 + - name: SAP HANA Checks - In case there is a group 'sapsys', assert that its group ID is identical to 'sap_hana_install_groupid' ansible.builtin.assert: - that: "{{ __sap_hana_install_register_getent_group_sapsys.stdout.split(':')[2] }} == {{ sap_hana_install_groupid }}" + that: (__sap_hana_install_existing_sapsys_gid | int) == (sap_hana_install_groupid | int) success_msg: "PASS: The group ID of 'sapsys' is identical to the value of variable sap_hana_install_groupid, which is '{{ sap_hana_install_groupid }}'" fail_msg: "FAIL: Group 'sapsys' exists but with a different group ID than '{{ sap_hana_install_groupid }}' diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml b/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml index ca8ede591..e4d3cb19b 100644 --- a/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml +++ b/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml @@ -6,7 +6,7 @@ - name: Ensure that the system is running a RHEL release which is supported for SAP HANA ansible.builtin.assert: - that: ansible_distribution_version in "{{ sap_hana_preconfigure_supported_rhel_minor_releases }}" + that: ansible_distribution_version in sap_hana_preconfigure_supported_rhel_minor_releases fail_msg: "The RHEL release {{ ansible_distribution_version }} is not supported for SAP HANA!" success_msg: "The RHEL release {{ ansible_distribution_version }} is supported for SAP HANA." ignore_errors: "{{ not sap_hana_preconfigure_min_rhel_release_check }}" From 7c461e6b6694f55848bda023f9bf5979899b94c8 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 22 Dec 2023 20:14:21 +0100 Subject: [PATCH 2/5] collection: adapt README.md for v1.3.3 Signed-off-by: Bernd Finger --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index db49c28ce..d714954d4 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,27 @@ This Ansible Collection executes various SAP Software installations for differen - Install Linux Pacemaker, configure Pacemaker Fencing Agents and Pacemaker Resource Agents - Set HA/DR with distributed SAP System installations (i.e. ERS) +### Note + +Starting with `ansible-core` versions 2.16.1, 2.15.8, and 2.14.12, templating operations inside the `that` statement of `assert` tasks +are no longer allowed. + +A typical error message is: +``` +fatal: [host01]: FAILED! => + msg: 'The conditional check ''13 <= 128'' failed. The error was: Conditional is marked as unsafe, and cannot be evaluated.' +``` + +This version of the collection ensures the compatibility with the above mentioned versions of `ansible-core` for the following roles: +- sap_general_preconfigure +- sap_netweaver_preconfigure +- sap_hana_preconfigure +- sap_hana_install + +When running the preconfigure roles with the above mentioned versions of `ansible-core` and with the parameters +`sap_general_preconfigure_assert`, `sap_netweaver_preconfigure_assert`, or `sap_hana_preconfigure_assert`, the roles will abort +in the first `assert` task which contains a templating operation. + ## Contents An Ansible Playbook can call either an Ansible Role, or the individual Ansible Modules: From 98c67530d8bd1f35870fccd5aabbf17d9c0a7dd5 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 22 Dec 2023 20:14:41 +0100 Subject: [PATCH 3/5] collection: adapt galaxy.yml for v1.3.3 Signed-off-by: Bernd Finger --- galaxy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/galaxy.yml b/galaxy.yml index 5238b650d..2a2ddd20e 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -10,7 +10,7 @@ namespace: community name: sap_install # The version of the collection. Must be compatible with semantic versioning -version: 1.3.2 +version: 1.3.3 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md From ac45f26145af738afa99cc4a98a19a2a7e73c67e Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 22 Dec 2023 20:19:20 +0100 Subject: [PATCH 4/5] collection: adapt CHANGELOG.rst for v1.3.3 Signed-off-by: Bernd Finger --- CHANGELOG.rst | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index a49d20c77..72a9995c1 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,15 @@ community.sap_install Release Notes .. contents:: Topics +v1.3.3 +====== + +Release Summary +--------------- + +| Release Date: 2023-12-22 +collection: Make the preconfigure and sap_hana_install roles compatible with CVE-2023-5764 + v1.3.2 ====== From 2b67b0481c063a5fbb221f20a2614dfbba5bfab0 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Fri, 22 Dec 2023 21:25:00 +0100 Subject: [PATCH 5/5] collection: adapt changelogs/changelog.yaml for v1.3.3, fix wrong formatting in CHANGELOG.rst Signed-off-by: Bernd Finger --- CHANGELOG.rst | 42 +++++++-------- changelogs/changelog.yaml | 110 +++++++++++++++++++++++++++++++++++++- 2 files changed, 130 insertions(+), 22 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 72a9995c1..db32a0bb9 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -12,7 +12,7 @@ Release Summary --------------- | Release Date: 2023-12-22 -collection: Make the preconfigure and sap_hana_install roles compatible with CVE-2023-5764 +| collection: Make the preconfigure and sap_hana_install roles compatible with CVE-2023-5764 v1.3.2 ====== @@ -21,26 +21,26 @@ Release Summary --------------- | Release Date: 2023-09-29 -sap_general_preconfigure: Update to latest SAP documentation for RHEL 9 package libxcrypt-compat -sap_general_preconfigure: Bug fix for directory creation and SELinux Labels -sap_ha_pacemaker_cluster: Bug fix for AWS EC2 Virtual Servers -sap_ha_pacemaker_cluster: Bug fix for Google Cloud Compute Engine VM netmask lock on Virtual IP -sap_ha_pacemaker_cluster: Feature add for improved SAP NetWeaver HA compatibility -sap_ha_pacemaker_cluster: Feature add for ENSA1 compatibility -sap_ha_pacemaker_cluster: Feature add for SAP HA Interface Cluster Connector after cluster init -sap_ha_pacemaker_cluster: Feature add for IBM PowerVM hypervisor -sap_ha_pacemaker_cluster: Feature add for multiple network interfaces with Virtual IP -sap_hana_install: Bug fix for SELinux disable when SLES4SAP -sap_install_media_detect: Feature add for NFS compatibility -sap_install_media_detect: Feature add for idempotency -sap_install_media_detect: Feature add for new file detection after code restructure -sap_install_media_detect: Bug fix for setting SAP Maintenance Planner Stack XML path -sap_storage_setup: Feature add for Multipathing detection -sap_storage_setup: Bug fix for NFS throttle from customer test on MS Azure -sap_storage_setup: Bug fix for packages on SLES and Google Cloud -sap_swpm: Bug fix for RDBMS var name -sap_swpm: Bug fix for SAP HANA Client hdbuserstore connection -sap_swpm: Bug fix for SAP Maintenance Planner Stack XML path +| sap_general_preconfigure: Update to latest SAP documentation for RHEL 9 package libxcrypt-compat +| sap_general_preconfigure: Bug fix for directory creation and SELinux Labels +| sap_ha_pacemaker_cluster: Bug fix for AWS EC2 Virtual Servers +| sap_ha_pacemaker_cluster: Bug fix for Google Cloud Compute Engine VM netmask lock on Virtual IP +| sap_ha_pacemaker_cluster: Feature add for improved SAP NetWeaver HA compatibility +| sap_ha_pacemaker_cluster: Feature add for ENSA1 compatibility +| sap_ha_pacemaker_cluster: Feature add for SAP HA Interface Cluster Connector after cluster init +| sap_ha_pacemaker_cluster: Feature add for IBM PowerVM hypervisor +| sap_ha_pacemaker_cluster: Feature add for multiple network interfaces with Virtual IP +| sap_hana_install: Bug fix for SELinux disable when SLES4SAP +| sap_install_media_detect: Feature add for NFS compatibility +| sap_install_media_detect: Feature add for idempotency +| sap_install_media_detect: Feature add for new file detection after code restructure +| sap_install_media_detect: Bug fix for setting SAP Maintenance Planner Stack XML path +| sap_storage_setup: Feature add for Multipathing detection +| sap_storage_setup: Bug fix for NFS throttle from customer test on MS Azure +| sap_storage_setup: Bug fix for packages on SLES and Google Cloud +| sap_swpm: Bug fix for RDBMS var name +| sap_swpm: Bug fix for SAP HANA Client hdbuserstore connection +| sap_swpm: Bug fix for SAP Maintenance Planner Stack XML path v1.3.1 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index bd7411429..3c47209ba 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -17,4 +17,112 @@ releases: | Add SAP HANA Two-Node Scale-Up Cluster Installation ' - release_date: '2022-07-06' + release_date: '2022-06-30' + 1.2.0: + changes: + release_summary: '| Release Date: 2022-12-20 + + | Consolidate sap_ha_install_pacemaker, sap_ha_prepare_pacemaker, and sap_ha_set_hana into new sap_ha_pacemaker_cluster role + | Use the ha_cluster Linux System Role and its enhanced features in the new role sap_ha_pacemaker_cluster + | Improve SID and instance checking in role sap_hana_install + | Enable modifying SELinux file labels for SAP directories + | Upgrade SAP SWPM handling for compatibility with more scenarios when generating inifile.params + | Add Ansible Role for basic Oracle DB installations for SAP + | Various minor enhancements + | Various fixes + + ' + release_date: '2022-12-20' + 1.2.1: + changes: + release_summary: '| Release Date: 2023-01-26 + + | A few minor fixes + + ' + release_date: '2023-01-26' + 1.2.2: + changes: + release_summary: '| Release Date: 2023-02-01 + + | Fix for sap_hana_preconfigure on SLES when tuned is not installed + + ' + release_date: '2023-02-01' + 1.2.3: + changes: + release_summary: '| Release Date: 2023-04-25 + + | sap_hana_preconfigure: Some modifications for HANA on RHEL 9 + | sap_ha_pacemaker_cluster: Compatibility for custom stonith resource definitions containing more than one element + | sap_hana_preconfigure: Be more flexible with IBM service and productivity tools + + ' + release_date: '2023-04-25' + 1.3.0: + changes: + release_summary: '| Release Date: 2023-07-21 + + | sap_general_preconfigure: Updates for new IBM Power packages with RHEL + | sap_hana_preconfigure: Updates for new IBM Power packages with RHEL + | sap_hana_install: Default Log Mode to normal and not Overwrite + | sap_ha_pacemaker_cluster: Detection of and compatibility for additional Infrastructure Platforms + | sap_ha_pacemaker_cluster: SAP NetWeaver compatibility added + | sap_install_media_detect: Restructure and add execution controls + | sap_storage_setup: Overhaul/Rewrite with breaking changes + | sap_storage_setup: SAP NetWeaver and NFS compatibility added + | sap_swpm: Minor alterations from High Availability test scenarios + | collection: Sample Playbooks updated + + ' + release_date: '2023-07-21' + 1.3.1: + changes: + release_summary: '| Release Date: 2023-08-14 + + | sap_ha_pacemaker_cluster: Improved AWS constructs based on feedback + | sap_ha_pacemaker_cluster: Improved no STONITH resource definition handling + | sap_hana_install: Bug fix for arg spec on deprecated vars + | sap_hostagent: Bug fix for media handling + | sap_install_media_detect: Improved handling based on feedback + | sap_storage_setup: Bug fix for existing storage devices + | sap_swpm: Make full log output optional and replace with sapcontrol log final status + | collection: Bug fix for sample Ansible Playbooks + + ' + release_date: '2023-08-14' + 1.3.2: + changes: + release_summary: '| Release Date: 2023-09-29 + + | sap_general_preconfigure: Update to latest SAP documentation for RHEL 9 package libxcrypt-compat + | sap_general_preconfigure: Bug fix for directory creation and SELinux Labels + | sap_ha_pacemaker_cluster: Bug fix for AWS EC2 Virtual Servers + | sap_ha_pacemaker_cluster: Bug fix for Google Cloud Compute Engine VM netmask lock on Virtual IP + | sap_ha_pacemaker_cluster: Feature add for improved SAP NetWeaver HA compatibility + | sap_ha_pacemaker_cluster: Feature add for ENSA1 compatibility + | sap_ha_pacemaker_cluster: Feature add for SAP HA Interface Cluster Connector after cluster init + | sap_ha_pacemaker_cluster: Feature add for IBM PowerVM hypervisor + | sap_ha_pacemaker_cluster: Feature add for multiple network interfaces with Virtual IP + | sap_hana_install: Bug fix for SELinux disable when SLES4SAP + | sap_install_media_detect: Feature add for NFS compatibility + | sap_install_media_detect: Feature add for idempotency + | sap_install_media_detect: Feature add for new file detection after code restructure + | sap_install_media_detect: Bug fix for setting SAP Maintenance Planner Stack XML path + | sap_storage_setup: Feature add for Multipathing detection + | sap_storage_setup: Bug fix for NFS throttle from customer test on MS Azure + | sap_storage_setup: Bug fix for packages on SLES and Google Cloud + | sap_swpm: Bug fix for RDBMS var name + | sap_swpm: Bug fix for SAP HANA Client hdbuserstore connection + | sap_swpm: Bug fix for SAP Maintenance Planner Stack XML path + + ' + release_date: '2023-09-29' + 1.3.3: + changes: + release_summary: '| Release Date: 2023-12-22 + + | collection: Make the preconfigure and sap_hana_install roles compatible with CVE-2023-5764 + + ' + release_date: '2023-12-22'