From bb0e98257fbbfadf2903724adcb9b39497b61a51 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Mon, 9 Dec 2024 10:47:53 +0100 Subject: [PATCH] feat: vars loading reworked, linting yes/no cleanup --- .../tasks/RedHat/assert-installation.yml | 22 ++++---- .../generic/assert-dns-name-resolution.yml | 6 +-- .../tasks/RedHat/generic/assert-etc-hosts.yml | 24 ++++----- .../tasks/RedHat/generic/assert-firewall.yml | 6 +-- .../tasks/RedHat/generic/assert-hostname.yml | 4 +- .../assert-kernel-parameters-loop-block.yml | 8 +-- .../RedHat/generic/assert-nofile-limits.yml | 16 +++--- .../RedHat/generic/assert-nproc-limits.yml | 16 +++--- .../tasks/RedHat/generic/assert-selinux.yml | 6 +-- .../tasks/RedHat/generic/assert-tmpfs.yml | 8 +-- .../tasks/RedHat/generic/assert-uuidd.yml | 4 +- .../RedHat/generic/configure-etc-hosts.yml | 4 +- .../RedHat/generic/configure-firewall.yml | 2 +- .../generic/configure-kernel-parameters.yml | 2 +- .../RedHat/generic/configure-selinux.yml | 6 +-- .../generic/configure-systemd-tmpfiles.yml | 4 +- .../tasks/RedHat/generic/configure-tmpfs.yml | 6 +-- .../tasks/RedHat/generic/configure-uuidd.yml | 4 +- .../RedHat/generic/increase-nofile-limits.yml | 4 +- .../RedHat/generic/increase-nproc-limits.yml | 4 +- .../tasks/RedHat/installation.yml | 4 +- .../tasks/SLES/assert-installation.yml | 10 ++-- .../tasks/SLES/installation.yml | 4 +- roles/sap_general_preconfigure/tasks/main.yml | 34 ++++++++++-- .../04-assert-network-time-and-date.yml | 4 +- .../04-configure-network-time-and-date.yml | 2 +- .../04-assert-network-time-and-date.yml | 4 +- .../04-configure-network-time-and-date.yml | 2 +- .../vars/{SLES_15.yml => Suse.yml} | 7 ++- .../Suse/post_steps_nwas_abap_ascs_ers.yml | 27 ++-------- .../Suse/post_steps_nwas_java_scs_ers.yml | 27 ++-------- .../tasks/include_vars_common.yml | 25 ++++++--- .../vars/{redhat.yml => RedHat.yml} | 0 .../sap_ha_pacemaker_cluster/vars/SLES_15.yml | 20 +++++++ .../vars/{suse.yml => Suse.yml} | 3 +- roles/sap_hana_install/defaults/main.yml | 42 ++++++++------- roles/sap_hana_install/tasks/post_install.yml | 12 +++-- .../tasks/post_install/firewall.yml | 10 ++-- .../tasks/post_install/update_firewall.yml | 4 +- roles/sap_hana_install/tasks/pre_install.yml | 53 ++++++++++--------- .../tasks/pre_install/hdblcm_prepare.yml | 2 +- .../tasks/pre_install/prepare_sarfiles.yml | 4 +- .../tasks/SLES/configuration.yml | 2 +- roles/sap_hana_preconfigure/tasks/main.yml | 43 ++++++++++----- .../defaults/main.yml | 2 +- .../tasks/RedHat/assert-installation.yml | 2 +- .../tasks/RedHat/configuration.yml | 12 +++-- .../sap_netweaver_preconfigure/tasks/main.yml | 43 ++++++++++----- .../vars/SLES_15.6.yml | 23 +++++--- .../vars/SLES_15.yml | 20 ++++--- 50 files changed, 342 insertions(+), 261 deletions(-) rename roles/sap_general_preconfigure/vars/{SLES_15.yml => Suse.yml} (62%) rename roles/sap_ha_pacemaker_cluster/vars/{redhat.yml => RedHat.yml} (100%) create mode 100644 roles/sap_ha_pacemaker_cluster/vars/SLES_15.yml rename roles/sap_ha_pacemaker_cluster/vars/{suse.yml => Suse.yml} (98%) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/assert-installation.yml b/roles/sap_general_preconfigure/tasks/RedHat/assert-installation.yml index 135c2ccd4..bba57f19d 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/assert-installation.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/assert-installation.yml @@ -49,7 +49,7 @@ - name: Assert - Get info about enabled repos ansible.builtin.shell: set -o pipefail && subscription-manager repos --list-enabled | awk '/Repo ID:/{print $NF}' register: __sap_general_preconfigure_register_enabled_repos_assert - changed_when: no + changed_when: false - name: Assert that all required repos are enabled ansible.builtin.assert: @@ -69,8 +69,8 @@ - name: Detect if and how the minor RHEL release is set ansible.builtin.shell: set -o pipefail && subscription-manager release | awk 'NF==2{printf $NF}NF!=2{print}' register: __sap_general_preconfigure_register_subscription_manager_release_assert - changed_when: no - ignore_errors: yes + changed_when: false + ignore_errors: true - name: Assert that the RHEL release is locked correctly ansible.builtin.assert: @@ -104,7 +104,7 @@ - name: Check if required RHEL 7 package groups are installed # noqa command-instead-of-shell ansible.builtin.shell: "{{ __sap_general_preconfigure_fact_yum_group_list_installed_command_assert }}" register: __sap_general_preconfigure_register_yum_group_assert - changed_when: no + changed_when: false - name: Assert that all required RHEL 7 package groups are installed ansible.builtin.assert: @@ -133,7 +133,7 @@ - name: Check if required RHEL 8 environment groups are installed # noqa command-instead-of-shell ansible.builtin.shell: "{{ __sap_general_preconfigure_fact_yum_envgroup_list_installed_command_assert }}" register: __sap_general_preconfigure_register_yum_envgroup_assert - changed_when: no + changed_when: false - name: Assert that all required RHEL 8 environment groups are installed ansible.builtin.assert: @@ -162,7 +162,7 @@ set -o pipefail && yum info installed {{ __sap_general_preconfigure_required_ppc64le | map('quote') | join(' ') }} | awk '/Name/{n=$NF}/Version/{v=$NF}/Release/{r=$NF}/Description/{printf ("%s\n", n)}' register: __sap_general_preconfigure_register_required_ppc64le_packages_assert - changed_when: no + changed_when: false when: ansible_architecture == "ppc64le" ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" @@ -223,9 +223,9 @@ with_list: "{{ __sap_general_preconfigure_min_pkgs }}" loop_control: loop_var: pkg - check_mode: no + check_mode: false register: __sap_general_preconfigure_register_minpkglist_assert - changed_when: no + changed_when: false - name: Assert that minimum required package versions are installed # If the output includes the string "is already installed" (case 2b), we have a PASS. Otherwise, it's a FAIL. @@ -237,12 +237,12 @@ loop_control: loop_var: line_item label: "" - ignore_errors: yes + ignore_errors: true - name: Report if no minimum required package version is defined for this RHEL release ansible.builtin.debug: msg: "INFO: No minimum required package version defined (variable __sap_general_preconfigure_min_pkgs)." - ignore_errors: yes + ignore_errors: true when: not __sap_general_preconfigure_min_pkgs | d([]) # Reason for noqa: The yum module appears to not support the check-update option @@ -265,7 +265,7 @@ - name: Report if checking for possible package updates is not requested ansible.builtin.debug: msg: "INFO: Not checking for possible package updates (variable sap_general_preconfigure_update)." - ignore_errors: yes + ignore_errors: true when: not sap_general_preconfigure_update - name: "Assert - Set needs-restarting command in case of RHEL 7" diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-dns-name-resolution.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-dns-name-resolution.yml index 091a538d1..c9465aa5d 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-dns-name-resolution.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-dns-name-resolution.yml @@ -7,7 +7,7 @@ fail_msg: "FAIL: The DNS domain is not configured! So variable 'sap_general_preconfigure_domain' needs to be configured!" success_msg: "PASS: The DNS domain is configured." # ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" - ignore_errors: yes + ignore_errors: true - name: Assert that variable sap_general_preconfigure_domain is set ansible.builtin.assert: @@ -25,8 +25,8 @@ - name: Check if IP address for sap_general_preconfigure_hostname.sap_general_preconfigure_domain is resolved correctly ansible.builtin.command: dig {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} +short register: __sap_general_preconfigure_register_dig_short_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false when: "'bind-utils' in ansible_facts.packages" - name: Assert that ansible_default_ipv4.address is set diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml index 282226b8b..cd8771b94 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-etc-hosts.yml @@ -11,8 +11,8 @@ - name: Check if ipv4 address, FQDN, and hostname are once in /etc/hosts ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_ip }}\s/&&/\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/&&(/\s{{ sap_general_preconfigure_hostname }}\s/||/\s{{ sap_general_preconfigure_hostname }}$/){a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_ipv4_fqdn_sap_hostname_once_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false - name: Assert that ipv4 address, FQDN, and hostname are once in /etc/hosts ansible.builtin.assert: @@ -25,8 +25,8 @@ - name: Count the number of sap_general_preconfigure_ip ({{ sap_general_preconfigure_ip }}) entries in /etc/hosts ansible.builtin.command: awk 'BEGIN{a=0}/^{{ sap_general_preconfigure_ip }}\s/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_sap_ip_once_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false - name: Assert that there is exactly one line containing {{ sap_general_preconfigure_ip }} in /etc/hosts ansible.builtin.assert: @@ -40,8 +40,8 @@ /\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}\s/|| /\s{{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }}$/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_fqdn_once_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false - name: Assert that there is just one line containing {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} in /etc/hosts ansible.builtin.assert: @@ -55,8 +55,8 @@ /\s{{ sap_general_preconfigure_hostname }}\s/|| /\s{{ sap_general_preconfigure_hostname }}$/{a++}END{print a}' /etc/hosts register: __sap_general_preconfigure_register_sap_hostname_once_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false - name: Assert that there is just one line containing {{ sap_general_preconfigure_hostname }} in /etc/hosts ansible.builtin.assert: @@ -68,8 +68,8 @@ - name: Test hostname -s ansible.builtin.shell: test "$(hostname -s)" = "$(hostname)" register: __sap_general_preconfigure_register_hostname_s_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false - name: Assert that hostname -s matches the output of hostname ansible.builtin.assert: @@ -81,8 +81,8 @@ - name: Test hostname -f ansible.builtin.shell: test "$(hostname -f)" = "$(hostname).$(hostname -d)" register: __sap_general_preconfigure_register_hostname_f_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false - name: Assert that hostname -f matches the output of hostname.hostname -d ansible.builtin.assert: diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-firewall.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-firewall.yml index 4b0a0de8d..ab5326cf2 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-firewall.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-firewall.yml @@ -18,9 +18,9 @@ - name: Get status of firewalld # noqa command-instead-of-module ansible.builtin.command: systemctl status firewalld register: __sap_general_preconfigure_register_firewalld_status_assert - ignore_errors: yes - changed_when: no - no_log: yes + ignore_errors: true + changed_when: false + no_log: true - name: Assert that firewalld is disabled ansible.builtin.assert: diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-hostname.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-hostname.yml index 83ff80aa2..60374bc18 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-hostname.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-hostname.yml @@ -4,8 +4,8 @@ - name: Check if hostname is set ansible.builtin.command: hostname register: __sap_general_preconfigure_register_hostname_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false - name: Assert that the output of hostname matches the content of variable sap_general_preconfigure_hostname ansible.builtin.assert: diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-kernel-parameters-loop-block.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-kernel-parameters-loop-block.yml index a5d2fa4b5..2660929cd 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-kernel-parameters-loop-block.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-kernel-parameters-loop-block.yml @@ -6,8 +6,8 @@ - name: Get {{ line_item.name }} from {{ sap_general_preconfigure_etc_sysctl_sap_conf }} ansible.builtin.shell: awk 'BEGIN{FS="="}/{{ line_item.name }}/{gsub ("^\\s*", "", $NF); print $NF}' {{ sap_general_preconfigure_etc_sysctl_sap_conf }} register: __sap_general_preconfigure_register_sysctl_sap_conf_kernel_parameter_assert - changed_when: no - ignore_errors: yes + changed_when: false + ignore_errors: true when: __sap_general_preconfigure_register_stat_sysctl_sap_conf_assert.stat.exists - name: Assert that {{ line_item.name }} is set correctly in {{ sap_general_preconfigure_etc_sysctl_sap_conf }} @@ -23,8 +23,8 @@ - name: Get {{ line_item.name }} from sysctl ansible.builtin.shell: sysctl -n {{ line_item.name }} | awk '{gsub ("\t", " "); print}' register: __sap_general_preconfigure_register_sysctl_kernel_parameter_assert - changed_when: no - ignore_errors: yes + changed_when: false + ignore_errors: true - name: Assert that {{ line_item.name }} is set correctly as per sysctl ansible.builtin.assert: diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-nofile-limits.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-nofile-limits.yml index ef40e8843..ac4e3a5cb 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-nofile-limits.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-nofile-limits.yml @@ -4,8 +4,8 @@ - name: Check if the hard limit of nofile for group sapsys is 1048576 ansible.builtin.command: awk '!/^#/&&/sapsys/&&/nofile/&&/hard/{print $NF}' /etc/security/limits.d/99-sap.conf register: __sap_general_preconfigure_register_limits_sap_conf_nofile_hard_assert - changed_when: no - ignore_errors: yes + changed_when: false + ignore_errors: true when: - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.exists - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg @@ -25,8 +25,8 @@ - name: Check if the soft limit of nofile for group sapsys is 1048576 ansible.builtin.command: awk '!/^#/&&/sapsys/&&/nofile/&&/soft/{print $NF}' /etc/security/limits.d/99-sap.conf register: __sap_general_preconfigure_register_limits_sap_conf_nofile_soft_assert - changed_when: no - ignore_errors: yes + changed_when: false + ignore_errors: true when: - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.exists - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg @@ -46,8 +46,8 @@ - name: Get the hard limit of nofile for the database group ansible.builtin.command: awk '!/^#/&&/@{{ sap_general_preconfigure_db_group_name }}/&&/nofile/&&/hard/{print $NF}' /etc/security/limits.d/99-sap.conf register: __sap_general_preconfigure_register_limits_sap_conf_db_group_nofile_hard_assert - changed_when: no - ignore_errors: yes + changed_when: false + ignore_errors: true when: - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.exists - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg @@ -67,8 +67,8 @@ - name: Get the soft limit of nofile for the database group ansible.builtin.command: awk '!/^#/&&/@{{ sap_general_preconfigure_db_group_name }}/&&/nofile/&&/soft/{print $NF}' /etc/security/limits.d/99-sap.conf register: __sap_general_preconfigure_register_limits_sap_conf_db_group_nofile_soft_assert - changed_when: no - ignore_errors: yes + changed_when: false + ignore_errors: true when: - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.exists - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-nproc-limits.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-nproc-limits.yml index db05b0f1d..703202013 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-nproc-limits.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-nproc-limits.yml @@ -4,8 +4,8 @@ - name: Check if the hard limit of nproc for group sapsys is unlimited ansible.builtin.command: awk '/sapsys/&&/nproc/&&/hard/{print $NF}' /etc/security/limits.d/99-sap.conf register: __sap_general_preconfigure_register_limits_sap_conf_nproc_hard_assert - changed_when: no - ignore_errors: yes + changed_when: false + ignore_errors: true when: - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.exists - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg @@ -25,8 +25,8 @@ - name: Check if the soft limit of nproc for group sapsys is unlimited ansible.builtin.command: awk '/sapsys/&&/nproc/&&/soft/{print $NF}' /etc/security/limits.d/99-sap.conf register: __sap_general_preconfigure_register_limits_sap_conf_nproc_soft_assert - changed_when: no - ignore_errors: yes + changed_when: false + ignore_errors: true when: - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.exists - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg @@ -46,8 +46,8 @@ - name: Get the hard limit of nproc for the database group ansible.builtin.command: awk '/@{{ sap_general_preconfigure_db_group_name }}/&&/nproc/&&/hard/{print $NF}' /etc/security/limits.d/99-sap.conf register: __sap_general_preconfigure_register_limits_sap_conf_db_group_nproc_hard_assert - changed_when: no - ignore_errors: yes + changed_when: false + ignore_errors: true when: - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.exists - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg @@ -69,8 +69,8 @@ - name: Get the soft limit of nproc for the database group ansible.builtin.command: awk '/@{{ sap_general_preconfigure_db_group_name }}/&&/nproc/&&/soft/{print $NF}' /etc/security/limits.d/99-sap.conf register: __sap_general_preconfigure_register_limits_sap_conf_db_group_nproc_soft_assert - changed_when: no - ignore_errors: yes + changed_when: false + ignore_errors: true when: - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.exists - __sap_general_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-selinux.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-selinux.yml index 36e1c0c7d..b2df48f28 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-selinux.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-selinux.yml @@ -16,21 +16,21 @@ - name: Info about SELinux being set to 'enforcing' ansible.builtin.debug: msg: "INFO: The SELinux state has been set to 'enforcing' (variable sap_general_preconfigure_selinux_state)." - ignore_errors: yes + ignore_errors: true when: "sap_general_preconfigure_selinux_state == 'enforcing'" - name: Warn about how SELinux would be set when role is run in normal mode ansible.builtin.debug: msg: "INFO: When running in normal mode, the role will set the SELinux state to '{{ sap_general_preconfigure_selinux_state }}' (variable sap_general_preconfigure_selinux_state)." - ignore_errors: yes + ignore_errors: true when: "sap_general_preconfigure_selinux_state != 'enforcing'" - name: "Check if the permanent configuration of the SELinux state is '{{ sap_general_preconfigure_selinux_state }}'" ansible.builtin.command: awk 'BEGIN{FS="="}/^SELINUX=/{print $NF}' /etc/selinux/config register: __sap_general_preconfigure_register_selinux_conf_assert changed_when: false - ignore_errors: yes + ignore_errors: true when: __sap_general_preconfigure_register_stat_selinux_conf_assert.stat.isreg - name: "Assert that the permanent configuration of the SELinux state is set to '{{ sap_general_preconfigure_selinux_state }}'" diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-tmpfs.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-tmpfs.yml index 290c9814c..9a1588b7a 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-tmpfs.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-tmpfs.yml @@ -4,8 +4,8 @@ - name: Check the size of tmpfs ansible.builtin.command: awk '/\/dev\/shm/&&/tmpfs/{gsub ("defaults,size=", "", $4); print $4}' /etc/fstab register: __sap_general_preconfigure_register_fstab_tmpfs_size_gb_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false - name: Assert that there is an entry for tmpfs in /etc/fstab ansible.builtin.assert: @@ -26,8 +26,8 @@ - name: Check if /dev/shm is available and has the expected size ansible.builtin.shell: df -kl /dev/shm | awk '/\/dev\/shm/&&/tmpfs/{printf ("%.0fG\n", $2/1024/1024)}' register: __sap_general_preconfigure_register_df_shm_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false - name: Assert that the current size of tmpfs is large enough as per df output ansible.builtin.assert: diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-uuidd.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-uuidd.yml index 51e462356..360ef7908 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-uuidd.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/assert-uuidd.yml @@ -20,8 +20,8 @@ - name: Get status of uuidd.socket # noqa command-instead-of-module ansible.builtin.command: systemctl status uuidd.socket register: __sap_general_preconfigure_register_uuidd_socket_status_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false - name: Report uuidd.socket service status ansible.builtin.debug: diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-etc-hosts.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-etc-hosts.yml index 1b517f915..306a8e043 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-etc-hosts.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-etc-hosts.yml @@ -67,7 +67,7 @@ fi register: __sap_general_preconfigure_register_duplicate_ip_check changed_when: false - ignore_errors: yes + ignore_errors: true when: not ansible_check_mode - name: Verify that variable sap_general_preconfigure_domain is set @@ -89,7 +89,7 @@ path: /etc/hosts regexp: '^{{ sap_general_preconfigure_ip }}\s' line: "{{ sap_general_preconfigure_ip }} {{ sap_general_preconfigure_hostname }}.{{ sap_general_preconfigure_domain }} {{ sap_general_preconfigure_hostname }}{{ __sap_general_preconfigure_register_sap_hostname_aliases.stdout }}" - backup: yes + backup: true when: - not ansible_check_mode - sap_general_preconfigure_domain | length > 0 diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-firewall.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-firewall.yml index 643b39689..3f31c1ff8 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-firewall.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-firewall.yml @@ -5,5 +5,5 @@ ansible.builtin.systemd: name: firewalld state: stopped - enabled: no + enabled: false when: "'firewalld' in ansible_facts.packages" diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-kernel-parameters.yml index f498cdce8..449899606 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-kernel-parameters.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-kernel-parameters.yml @@ -4,7 +4,7 @@ - name: Set kernel parameters ansible.builtin.lineinfile: path: "{{ sap_general_preconfigure_etc_sysctl_sap_conf }}" - create: yes + create: true mode: '0644' regexp: ^{{ line_item.name }}.* line: "{{ line_item.name }}={{ line_item.value }}" diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml index d39c1883e..595a40671 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml @@ -54,7 +54,7 @@ - name: SELinux - Examine grub entries ansible.builtin.shell: set -o pipefail && grubby --info=ALL | awk 'BEGIN{a=0;b=0}/^args/{a++}/selinux=0/{b++}END{print a, b}' register: __sap_general_preconfigure_register_grubby_info_all_selinux - check_mode: no + check_mode: false changed_when: false - name: Disable SELinux on the kernel command line, RHEL 8 and RHEL 9 @@ -70,7 +70,7 @@ - name: Disable SELinux also on the kernel command line, RHEL 8 and RHEL 9 ansible.builtin.command: grubby --args="selinux=0" --update-kernel=ALL notify: __sap_general_preconfigure_reboot_handler - changed_when: yes + changed_when: true # Reason for noqa: We need to notify a handler in another role, which is not possible from a handler in the current role - name: SELinux, disable on the kernel command line - Set the flag that reboot is needed to apply changes # noqa no-handler @@ -89,7 +89,7 @@ - name: Make sure SELinux is not disabled on the kernel command line, RHEL 8 and RHEL 9 ansible.builtin.command: grubby --remove-args="selinux" --update-kernel=ALL notify: __sap_general_preconfigure_reboot_handler - changed_when: yes + changed_when: true # Reason for noqa: We need to notify a handler in another role, which is not possible from a handler in the current role - name: SELinux, enable on the kernel command line - Set the flag that reboot is needed to apply changes # noqa no-handler diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-systemd-tmpfiles.yml index 750d1e962..4d12fa3b2 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-systemd-tmpfiles.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-systemd-tmpfiles.yml @@ -8,7 +8,7 @@ owner: root group: root mode: '0644' - backup: yes + backup: true when: ansible_distribution_major_version != '9' - name: Copy file /etc/tmpfiles.d/sap.conf, RHEL 9 @@ -18,5 +18,5 @@ owner: root group: root mode: '0644' - backup: yes + backup: true when: ansible_distribution_major_version == '9' diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-tmpfs.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-tmpfs.yml index 1f7197b13..78fa3d264 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-tmpfs.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-tmpfs.yml @@ -14,9 +14,9 @@ - name: Get the current size of /dev/shm ansible.builtin.shell: df -hl /dev/shm | awk '/\/dev\/shm/&&/tmpfs/{gsub ("G", ""); print $2}' register: __sap_general_preconfigure_register_df_shm - ignore_errors: yes - changed_when: no - check_mode: no + ignore_errors: true + changed_when: false + check_mode: false - name: Trigger remounting if /dev/shm has not the expected size ansible.builtin.command: /bin/true diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-uuidd.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-uuidd.yml index 4e3e6cf70..8e1450176 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-uuidd.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-uuidd.yml @@ -4,11 +4,11 @@ - name: Enable and start service uuidd ansible.builtin.systemd: name: uuidd - enabled: yes + enabled: true state: started - name: Enable and start service uuidd.socket ansible.builtin.systemd: name: uuidd.socket - enabled: yes + enabled: true state: started diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/increase-nofile-limits.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/increase-nofile-limits.yml index 350d64056..c83e1652c 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/increase-nofile-limits.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/increase-nofile-limits.yml @@ -8,7 +8,7 @@ for group 'sapsys' # noqa no-tabs ansible.builtin.lineinfile: path: /etc/security/limits.d/99-sap.conf - create: yes + create: true mode: "0644" regexp: '^@sapsys\s+{{ line_item }}\s+nofile\s.*' line: "@sapsys\t{{ line_item }}\tnofile\t1048576" @@ -25,7 +25,7 @@ for group '{{ sap_general_preconfigure_db_group_name }}' # noqa no-tabs ansible.builtin.lineinfile: path: /etc/security/limits.d/99-sap.conf - create: yes + create: true mode: "0644" regexp: '^@{{ sap_general_preconfigure_db_group_name }}\s+{{ line_item }}\s+nofile\s.*' line: "@{{ sap_general_preconfigure_db_group_name }}\t{{ line_item }}\tnofile\t1048576" diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/increase-nproc-limits.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/increase-nproc-limits.yml index fa62cd8c7..85ec1e900 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/generic/increase-nproc-limits.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/increase-nproc-limits.yml @@ -8,7 +8,7 @@ for group 'sapsys' # noqa no-tabs ansible.builtin.lineinfile: path: /etc/security/limits.d/99-sap.conf - create: yes + create: true mode: "0644" regexp: '^@sapsys\s+{{ line_item }}\s+nproc\s.*' line: "@sapsys\t{{ line_item }}\tnproc\tunlimited" @@ -25,7 +25,7 @@ for group '{{ sap_general_preconfigure_db_group_name }}' # noqa no-tabs ansible.builtin.lineinfile: path: /etc/security/limits.d/99-sap.conf - create: yes + create: true mode: "0644" regexp: '^@{{ sap_general_preconfigure_db_group_name }}\s+{{ line_item }}\s+nproc\s.*' line: "@{{ sap_general_preconfigure_db_group_name }}\t{{ line_item }}\tnproc\tunlimited" diff --git a/roles/sap_general_preconfigure/tasks/RedHat/installation.yml b/roles/sap_general_preconfigure/tasks/RedHat/installation.yml index 73bc2f490..2e39f2fea 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/installation.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/installation.yml @@ -208,9 +208,9 @@ with_list: "{{ __sap_general_preconfigure_min_pkgs }}" loop_control: loop_var: pkg - check_mode: no + check_mode: false register: __sap_general_preconfigure_register_minpkglist - changed_when: no + changed_when: false - name: Display the content of the minimum package list variable ansible.builtin.debug: diff --git a/roles/sap_general_preconfigure/tasks/SLES/assert-installation.yml b/roles/sap_general_preconfigure/tasks/SLES/assert-installation.yml index ecf4468e5..6aa787615 100644 --- a/roles/sap_general_preconfigure/tasks/SLES/assert-installation.yml +++ b/roles/sap_general_preconfigure/tasks/SLES/assert-installation.yml @@ -58,9 +58,9 @@ with_list: "{{ __sap_general_preconfigure_min_pkgs }}" loop_control: loop_var: pkg - check_mode: no + check_mode: false register: __sap_general_preconfigure_register_minpkglist_assert - changed_when: no + changed_when: false - name: Assert that minimum required package versions are installed # If the output includes the string "is already installed" (case 2b), we have a PASS. Otherwise, it's a FAIL. @@ -72,12 +72,12 @@ loop_control: loop_var: line_item label: "" - ignore_errors: yes + ignore_errors: true - name: Report if no minimum required package version is defined for this RHEL release ansible.builtin.debug: msg: "INFO: No minimum required package version defined (variable __sap_general_preconfigure_min_pkgs)." - ignore_errors: yes + ignore_errors: true when: not __sap_general_preconfigure_min_pkgs | d([]) # Reason for noqa: The yum module appears to not support the check-update option @@ -99,7 +99,7 @@ - name: Report if checking for possible package updates is not requested ansible.builtin.debug: msg: "INFO: Not checking for possible package updates (variable sap_general_preconfigure_update)." - ignore_errors: yes + ignore_errors: true when: not sap_general_preconfigure_update - name: "Assert - Set needs-restarting command in case of RHEL 7" diff --git a/roles/sap_general_preconfigure/tasks/SLES/installation.yml b/roles/sap_general_preconfigure/tasks/SLES/installation.yml index 047d2337c..4f9daed97 100644 --- a/roles/sap_general_preconfigure/tasks/SLES/installation.yml +++ b/roles/sap_general_preconfigure/tasks/SLES/installation.yml @@ -49,9 +49,9 @@ with_list: "{{ __sap_general_preconfigure_min_pkgs }}" loop_control: loop_var: pkg - check_mode: no + check_mode: false register: __sap_general_preconfigure_register_minpkglist - changed_when: no + changed_when: false - name: Display the content of the minimum package list variable ansible.builtin.debug: diff --git a/roles/sap_general_preconfigure/tasks/main.yml b/roles/sap_general_preconfigure/tasks/main.yml index 5682a761f..69a8ece34 100644 --- a/roles/sap_general_preconfigure/tasks/main.yml +++ b/roles/sap_general_preconfigure/tasks/main.yml @@ -7,15 +7,39 @@ tags: - always +# Load variable files in order: +# Example for SUSE Linux Enterprise Server for SAP Applications 15 SP6: +# 1. Suse.yml - Specific to OS family. +# 2. SLES_15.yml - Specific to distribution (SLES and SLES_SAP) and major release. +# 3. SLES_15.6.yml - Specific to distribution (SLES and SLES_SAP) and minor release. +# 4. SLES_SAP_15.yml - Specific to distribution SLES_SAP and major release. +# 5. SLES_SAP_15.6.yml - Specific to distribution SLES_SAP and minor release. - name: Include OS specific vars, specific - ansible.builtin.include_vars: '{{ item }}' - with_first_found: - - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_version }}.yml' - - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_os_family }}.yml' + ansible.builtin.include_vars: "{{ __vars_file }}" + loop: + - "{{ ansible_os_family }}.yml" + - "{{ ansible_distribution }}.yml" + # Enables loading of shared vars between SLES and SLES_SAP + - >- + {{ ansible_distribution.split("_")[0] ~ '_' ~ + ansible_distribution_major_version }}.yml + - >- + {{ ansible_distribution.split("_")[0] ~ '_' ~ + ansible_distribution_version }}.yml + + - >- + {{ ansible_distribution ~ '_' ~ + ansible_distribution_major_version }}.yml + - >- + {{ ansible_distribution ~ '_' ~ + ansible_distribution_version }}.yml + vars: + __vars_file: "{{ role_path }}/vars/{{ item }}" + when: __vars_file is file tags: - always + - name: Rename user sap_preconfigure variables if found, generic ansible.builtin.set_fact: sap_general_preconfigure_config_all: "{{ (sap_preconfigure_config_all | d(sap_general_preconfigure_config_all)) | d(true) }}" diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-assert-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-assert-network-time-and-date.yml index b23b7ca93..ba3ebe2ae 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-assert-network-time-and-date.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-assert-network-time-and-date.yml @@ -11,8 +11,8 @@ - name: Get status of chronyd # noqa command-instead-of-module ansible.builtin.command: systemctl status chronyd register: __sap_general_preconfigure_register_chronyd_status_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false tags: - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-configure-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-configure-network-time-and-date.yml index e796f0e47..3e92e9a63 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-configure-network-time-and-date.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/04-configure-network-time-and-date.yml @@ -11,6 +11,6 @@ ansible.builtin.systemd: name: chronyd state: started - enabled: yes + enabled: true tags: - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-assert-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-assert-network-time-and-date.yml index 4113c99ea..e87a2d456 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-assert-network-time-and-date.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-assert-network-time-and-date.yml @@ -11,8 +11,8 @@ - name: Get status of chronyd # noqa command-instead-of-module ansible.builtin.command: systemctl status chronyd register: __sap_general_preconfigure_register_chronyd_status_assert - ignore_errors: yes - changed_when: no + ignore_errors: true + changed_when: false tags: - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-configure-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-configure-network-time-and-date.yml index 7bfb16d8b..d369d843d 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-configure-network-time-and-date.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/04-configure-network-time-and-date.yml @@ -11,6 +11,6 @@ ansible.builtin.systemd: name: chronyd state: started - enabled: yes + enabled: true tags: - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/vars/SLES_15.yml b/roles/sap_general_preconfigure/vars/Suse.yml similarity index 62% rename from roles/sap_general_preconfigure/vars/SLES_15.yml rename to roles/sap_general_preconfigure/vars/Suse.yml index b6b7f7bf0..c1bba28a1 100644 --- a/roles/sap_general_preconfigure/vars/SLES_15.yml +++ b/roles/sap_general_preconfigure/vars/Suse.yml @@ -1,5 +1,11 @@ # SPDX-License-Identifier: Apache-2.0 --- +# Variables specific to following versions: +# - SUSE Linux Enterprise Server for SAP Applications 15 +# - SUSE Linux Enterprise Server 15 +# - SUSE Linux Enterprise Server for SAP Applications 16 +# - SUSE Linux Enterprise Server 16 + __sap_general_preconfigure_sapnotes_versions: - '' @@ -9,7 +15,6 @@ __sap_general_preconfigure_packages: - psmisc - nfs-utils - bind-utils -# package hostname: needed by rhel-system-roles-sap - hostname __sap_general_preconfigure_min_pkgs: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml index 2d5c7d733..d1e876f99 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml @@ -7,19 +7,6 @@ # Following steps are similar to crmsh code in ha_cluster role, but they are # too SAP specific, so they are added here instead of there. -# Python3-pip and pexpect are required for ansible.builtin.expect -# Python installation was removed from sap_swpm role in PR#720 -- name: "SAP HA Install Pacemaker - Install required python3-pip" - ansible.builtin.package: - name: - - python3-pip - state: present - -- name: "SAP HA Install Pacemaker - Install required pip pexpect" - ansible.builtin.pip: - name: - - pexpect - - name: Block to ensure that changes are executed only once run_once: true # noqa: run_once[task] block: @@ -31,11 +18,8 @@ register: __sap_ha_pacemaker_cluster_cib_xml_backup - name: "SAP HA Install Pacemaker - Put cluster in maintenance mode" - ansible.builtin.expect: - command: crm configure property maintenance-mode=true - responses: - ".*is-managed.*": "n" - ".*already.*": "n" + ansible.builtin.command: + cmd: crm --force configure property maintenance-mode=true check_mode: false changed_when: true @@ -88,10 +72,7 @@ changed_when: true - name: "SAP HA Install Pacemaker - Disable maintenance mode" - ansible.builtin.expect: - command: crm configure property maintenance-mode=false - responses: - ".*is-managed.*": "n" - ".*already.*": "n" + ansible.builtin.command: + cmd: crm --force configure property maintenance-mode=false check_mode: false changed_when: true diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_java_scs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_java_scs_ers.yml index 2d5c7d733..d1e876f99 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_java_scs_ers.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_java_scs_ers.yml @@ -7,19 +7,6 @@ # Following steps are similar to crmsh code in ha_cluster role, but they are # too SAP specific, so they are added here instead of there. -# Python3-pip and pexpect are required for ansible.builtin.expect -# Python installation was removed from sap_swpm role in PR#720 -- name: "SAP HA Install Pacemaker - Install required python3-pip" - ansible.builtin.package: - name: - - python3-pip - state: present - -- name: "SAP HA Install Pacemaker - Install required pip pexpect" - ansible.builtin.pip: - name: - - pexpect - - name: Block to ensure that changes are executed only once run_once: true # noqa: run_once[task] block: @@ -31,11 +18,8 @@ register: __sap_ha_pacemaker_cluster_cib_xml_backup - name: "SAP HA Install Pacemaker - Put cluster in maintenance mode" - ansible.builtin.expect: - command: crm configure property maintenance-mode=true - responses: - ".*is-managed.*": "n" - ".*already.*": "n" + ansible.builtin.command: + cmd: crm --force configure property maintenance-mode=true check_mode: false changed_when: true @@ -88,10 +72,7 @@ changed_when: true - name: "SAP HA Install Pacemaker - Disable maintenance mode" - ansible.builtin.expect: - command: crm configure property maintenance-mode=false - responses: - ".*is-managed.*": "n" - ".*already.*": "n" + ansible.builtin.command: + cmd: crm --force configure property maintenance-mode=false check_mode: false changed_when: true diff --git a/roles/sap_ha_pacemaker_cluster/tasks/include_vars_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/include_vars_common.yml index 38b7e3aea..a122d2af7 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/include_vars_common.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/include_vars_common.yml @@ -26,19 +26,32 @@ - sap_ha_pacemaker_cluster_vip_client_interface == '' -# Include vars files based on the environment. -# Respect order for potential variable precedence. +# Load variable files in order: +# Example for SUSE Linux Enterprise Server for SAP Applications 15 SP6: +# 1. Suse.yml - Specific to OS family. +# 2. SLES_15.yml - Specific to distribution (SLES and SLES_SAP) and major release. +# 3. SLES_15.6.yml - Specific to distribution (SLES and SLES_SAP) and minor release. +# 4. SLES_SAP_15.yml - Specific to distribution SLES_SAP and major release. +# 5. SLES_SAP_15.6.yml - Specific to distribution SLES_SAP and minor release. - name: "SAP HA Prepare Pacemaker - Include environment specific variables" when: __sap_ha_pacemaker_cluster_vars_file is file ansible.builtin.include_vars: "{{ __sap_ha_pacemaker_cluster_vars_file }}" loop: - - "{{ ansible_os_family | lower }}.yml" - - "{{ ansible_distribution | lower }}.yml" + - "{{ ansible_os_family }}.yml" + - "{{ ansible_distribution }}.yml" + # Enables loading of shared vars between SLES and SLES_SAP - >- - {{ ansible_distribution | lower ~ '_' ~ + {{ ansible_distribution.split("_")[0] ~ '_' ~ ansible_distribution_major_version }}.yml - >- - {{ ansible_distribution | lower ~ '_' ~ + {{ ansible_distribution.split("_")[0] ~ '_' ~ + ansible_distribution_version }}.yml + + - >- + {{ ansible_distribution ~ '_' ~ + ansible_distribution_major_version }}.yml + - >- + {{ ansible_distribution ~ '_' ~ ansible_distribution_version }}.yml vars: __sap_ha_pacemaker_cluster_vars_file: "{{ role_path }}/vars/{{ item }}" diff --git a/roles/sap_ha_pacemaker_cluster/vars/redhat.yml b/roles/sap_ha_pacemaker_cluster/vars/RedHat.yml similarity index 100% rename from roles/sap_ha_pacemaker_cluster/vars/redhat.yml rename to roles/sap_ha_pacemaker_cluster/vars/RedHat.yml diff --git a/roles/sap_ha_pacemaker_cluster/vars/SLES_15.yml b/roles/sap_ha_pacemaker_cluster/vars/SLES_15.yml new file mode 100644 index 000000000..e97f264f1 --- /dev/null +++ b/roles/sap_ha_pacemaker_cluster/vars/SLES_15.yml @@ -0,0 +1,20 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# Variables specific to following versions: +# - SUSE Linux Enterprise Server for SAP Applications 15 +# - SUSE Linux Enterprise Server 15 + +__sap_ha_pacemaker_cluster_sap_extra_packages_dict: + minimal: + # Pattern contains all required cluster packages + - patterns-ha-ha_sles + - ClusterTools2 + hana_scaleout: + - SAPHanaSR-ScaleOut + hana_scaleup: + - SAPHanaSR + hana_angi: + - SAPHanaSR-angi + nwas: + - sap-suse-cluster-connector + - sapstartsrv-resource-agents diff --git a/roles/sap_ha_pacemaker_cluster/vars/suse.yml b/roles/sap_ha_pacemaker_cluster/vars/Suse.yml similarity index 98% rename from roles/sap_ha_pacemaker_cluster/vars/suse.yml rename to roles/sap_ha_pacemaker_cluster/vars/Suse.yml index e8fe64ee8..8e8d5f797 100644 --- a/roles/sap_ha_pacemaker_cluster/vars/suse.yml +++ b/roles/sap_ha_pacemaker_cluster/vars/Suse.yml @@ -52,8 +52,9 @@ __sap_ha_pacemaker_cluster_platform_extra_packages_dict: # Dictionary with additional cluster packages for specific scenarios __sap_ha_pacemaker_cluster_sap_extra_packages_dict: minimal: + # Pattern contains all required cluster packages + - patterns-ha-ha_sles - ClusterTools2 - - resource-agents hana_scaleout: - SAPHanaSR-ScaleOut hana_scaleup: diff --git a/roles/sap_hana_install/defaults/main.yml b/roles/sap_hana_install/defaults/main.yml index 6d4f47d38..6971068cf 100644 --- a/roles/sap_hana_install/defaults/main.yml +++ b/roles/sap_hana_install/defaults/main.yml @@ -30,19 +30,23 @@ sap_hana_install_copy_sarfiles: false # removed after extraction. sap_hana_install_keep_copied_sarfiles: false +# (RedHat specific) fapolicyd package is present on RedHat systems # For installing SAP HANA with fapolicyd support, set the following variable to `true`: sap_hana_install_use_fapolicyd: false +# (RedHat specific) fapolicyd package is present on RedHat systems # When using fapolicyd, you can set the following variable to one of `none`, `size`, `sha256`, or `ima`. Note that before setting # to `ima`, it is essential to prepare the system accordingly (e.g. boot with a different kernel parameter). See the # RHEL 9 Managing, monitoring, and updating the kernel guide for more information on this topic. sap_hana_install_fapolicyd_integrity: 'sha256' +# (RedHat specific) fapolicyd package is present on RedHat systems # When using fapolicyd, the following variable is used to define the fapolicyd rule file in which the rules for # protecting shell scripts are stored. The rule file will be created in the directory '/etc/fapolicyd/rules.d'. # Note: The mandatory file ending '.rules' will be added in the corresponding task of this role. sap_hana_install_fapolicyd_rule_file: '71-sap-shellscripts' +# (RedHat specific) fapolicyd package is present on RedHat systems # When using fapolicyd, modify the following variable to change or add the directories which contain SAP HANA executables: sap_hana_install_fapolicyd_trusted_directories: - "{{ sap_hana_install_root_path }}" @@ -50,11 +54,11 @@ sap_hana_install_fapolicyd_trusted_directories: # File name of SAPCAR*EXE in the software directory. If the variable is not set and there is more than one SAPCAR executable # in the software directory, the latest SAPCAR executable for the CPU architecture will be selected automatically. -#sap_hana_install_sapcar_filename: SAPCAR_1115-70006178.EXE +# sap_hana_install_sapcar_filename: SAPCAR_1115-70006178.EXE # List of file names of SAR files to extract. Can be set in case there are more SAR files in the software directory # than needed or desired for the HANA installation. -#sap_hana_install_sarfiles: +# sap_hana_install_sarfiles: # - SAPHOSTAGENT54_54-80004822.SAR # - IMDB_SERVER20_060_0-80002031.SAR @@ -67,7 +71,7 @@ sap_hana_install_verify_checksums: false sap_hana_install_checksum_algorithm: sha256 # In case a global checksum file is present, use the following variable to specify the full path to this file: -#sap_hana_install_global_checksum_file: "{{ sap_hana_install_software_directory }}/SHA256" +# sap_hana_install_global_checksum_file: "{{ sap_hana_install_software_directory }}/SHA256" # Set the following variable to `true` to let hdbclm verify SAR file signatures. This corresponds to the hdblcm command line # argument `--verify_signature`. @@ -126,8 +130,8 @@ sap_hana_install_modify_selinux_labels: true sap_hana_install_components: 'all' # Pass some extra arguments to hdblcm, see some examples below. -#sap_hana_install_hdblcm_extraargs: '--verify_signature' -#sap_hana_install_hdblcm_extraargs: '--ignore=check_diskspace,check_min_mem' +# sap_hana_install_hdblcm_extraargs: '--verify_signature' +# sap_hana_install_hdblcm_extraargs: '--ignore=check_diskspace,check_min_mem' # Instance details sap_hana_install_sid: @@ -154,15 +158,15 @@ sap_hana_install_groupid: # Setting master password to 'y' will use that master password for all passwords - recommended sap_hana_install_use_master_password: 'y' # Set one or more of the following password variables in your playbook or inventory. -#sap_hana_install_master_password: -#sap_hana_install_sidadm_password: -#sap_hana_install_db_system_password: -#sap_hana_install_lss_user_password: -#sap_hana_install_lss_backup_password: -#sap_hana_install_ase_user_password: -#sap_hana_install_root_password: -#sap_hana_install_sapadm_password: -#sap_hana_install_xs_org_password: +# sap_hana_install_master_password: +# sap_hana_install_sidadm_password: +# sap_hana_install_db_system_password: +# sap_hana_install_lss_user_password: +# sap_hana_install_lss_backup_password: +# sap_hana_install_ase_user_password: +# sap_hana_install_root_password: +# sap_hana_install_sapadm_password: +# sap_hana_install_xs_org_password: # Optional steps sap_hana_install_update_firewall: false @@ -191,7 +195,7 @@ sap_hana_install_firewall: state: 'enabled' } # The following variable is no longer used. Setting /etc/hosts entries is done in role sap_general_preconfigure. -#sap_hana_install_update_etchosts: true +# sap_hana_install_update_etchosts: true # Post install parameters sap_hana_install_hdbuserstore_key: 'HDB_SYSTEMDB' @@ -199,8 +203,8 @@ sap_hana_install_nw_input_location: '/tmp' # License sap_hana_install_apply_license: false -#sap_hana_install_license_path: -#sap_hana_install_license_file_name: +# sap_hana_install_license_path: +# sap_hana_install_license_file_name: # Misc @@ -220,13 +224,13 @@ sap_hana_install_create_initial_tenant: 'y' # If unset or set to 'normal', the role will leave the log_mode to 'normal', which is required for SAP HANA # System Replication. The log_mode 'overwrite' is useful for limiting cost or capacity if System Replication # is not used. -#sap_hana_install_log_mode: 'overwrite' +# sap_hana_install_log_mode: 'overwrite' # If the following variable is specified, the role will perform a scaleout installation or it will add additional # hosts to an existing HANA system. # Corresponding hdblcm parameter: addhosts # Example: -#sap_hana_install_addhosts: 'host2:role=worker,host3:role=worker:group=g02,host4:role=standby:group=g02' +# sap_hana_install_addhosts: 'host2:role=worker,host3:role=worker:group=g02,host4:role=standby:group=g02' # The hostname is set by 'hdblcm --dump_configfile_template' during the preinstall phase but can also # be set to a different value in your playbook or hostvars: diff --git a/roles/sap_hana_install/tasks/post_install.yml b/roles/sap_hana_install/tasks/post_install.yml index c276775b3..b774b3716 100644 --- a/roles/sap_hana_install/tasks/post_install.yml +++ b/roles/sap_hana_install/tasks/post_install.yml @@ -33,7 +33,7 @@ # Optional Post Install Tasks # not needed because already done in sap_general_preconfigure -#- name: SAP HANA Post Install - Update /etc/hosts +# - name: SAP HANA Post Install - Update /etc/hosts # ansible.builtin.include_tasks: post_install/update_etchosts.yml # when: # - "sap_hana_install_update_etchosts | bool" @@ -70,11 +70,13 @@ !/^ /&&/^\n")} /^ /{split ($0, b, "[\*\*\*]"); gsub (">", ""); split ($0, a, "<"); printf ("%s\{\{ sap_hana_install_%s | d(sap_hana_install_master_password) \}\}%s\n", b[1], a[2], b[4])}' {{ sap_hana_install_configfile_directory }}/{{ sap_hana_install_configfile_template_prefix }}.cfg.xml > {{ sap_hana_install_configfile_directory }}/{{ sap_hana_install_configfile_template_prefix }}.xml.j2 register: __sap_hana_install_create_jinja2_template - changed_when: no + changed_when: false - name: SAP HANA hdblcm installation check - Display the location of the remote Jinja2 template ansible.builtin.debug: - msg: "The Jinja2 template for creating the hdblcm configfile xml has been saved to '{{ sap_hana_install_configfile_directory }}/{{ sap_hana_install_configfile_template_prefix }}.xml.j2'." + msg: | + The Jinja2 template for creating the hdblcm configfile xml has been saved to + '{{ sap_hana_install_configfile_directory }}/{{ sap_hana_install_configfile_template_prefix }}.xml.j2'. - name: SAP HANA hdblcm installation check - Download the Jinja2 template ansible.builtin.fetch: @@ -155,7 +157,7 @@ args: chdir: "{{ sap_hana_install_shared_path }}/{{ sap_hana_install_sid }}/hdblcm" register: __sap_hana_install_register_install_result - changed_when: no + changed_when: false when: not ansible_check_mode - name: Configure '/usr/sap' SELinux file contexts @@ -205,7 +207,7 @@ # - ' FQDN - {{ ansible_fqdn }}' when: not ansible_check_mode -- name: SAP HANA Post Install, fapolicyd - Update config for desired integrity level and backout if validation fails +- name: SAP HANA Post Install, fapolicyd - Update config for desired integrity level and revert if validation fails when: - sap_hana_install_use_fapolicyd - '"fapolicyd" in ansible_facts.packages' diff --git a/roles/sap_hana_install/tasks/post_install/firewall.yml b/roles/sap_hana_install/tasks/post_install/firewall.yml index aa7ede64e..a213584ac 100644 --- a/roles/sap_hana_install/tasks/post_install/firewall.yml +++ b/roles/sap_hana_install/tasks/post_install/firewall.yml @@ -5,7 +5,7 @@ ansible.builtin.systemd: name: firewalld state: started - enabled: yes + enabled: true tags: sap_hana_install_configure_firewall - name: SAP HANA Post Install - Construct the argument list for 'firewall-cmd --add-port' @@ -38,12 +38,12 @@ # of the no-changed-when rule, we just set changed_when to true here. - name: SAP HANA Post Install - Enable the required ports immediately ansible.builtin.command: "{{ __sap_hana_install_fact_firewall_cmd_command }}" - changed_when: yes + changed_when: true tags: sap_hana_install_configure_firewall - name: SAP HANA Post Install - Get the current firewall configuration of the default zone ansible.builtin.command: firewall-cmd --list-all - changed_when: no + changed_when: false register: __sap_hana_install_register_current_firewall_ports tags: sap_hana_install_configure_firewall @@ -57,12 +57,12 @@ # of the no-changed-when rule, we just set changed_when to true here. - name: SAP HANA Post Install - Enable the required ports permanently ansible.builtin.command: "{{ __sap_hana_install_fact_firewall_cmd_command }} --permanent" - changed_when: yes + changed_when: true tags: sap_hana_install_configure_firewall - name: SAP HANA Post Install - Get the permanent firewall configuration of the default zone ansible.builtin.command: firewall-cmd --list-all - changed_when: no + changed_when: false register: __sap_hana_install_register_permanent_firewall_ports tags: sap_hana_install_configure_firewall diff --git a/roles/sap_hana_install/tasks/post_install/update_firewall.yml b/roles/sap_hana_install/tasks/post_install/update_firewall.yml index a00d83048..d5fca3fe3 100644 --- a/roles/sap_hana_install/tasks/post_install/update_firewall.yml +++ b/roles/sap_hana_install/tasks/post_install/update_firewall.yml @@ -6,6 +6,6 @@ ansible.posix.firewalld: zone: public port: "{{ passed_port }}/tcp" - permanent: yes - immediate: yes + permanent: true + immediate: true state: enabled diff --git a/roles/sap_hana_install/tasks/pre_install.yml b/roles/sap_hana_install/tasks/pre_install.yml index 22fef6159..d0c576020 100644 --- a/roles/sap_hana_install/tasks/pre_install.yml +++ b/roles/sap_hana_install/tasks/pre_install.yml @@ -4,16 +4,16 @@ # Password Facts ################ -#- name: SAP HANA Pre Install - Set password facts when using master password -# ansible.builtin.set_fact: -# sap_hana_install_sapadm_password: "{{ sap_hana_install_master_password }}" -# sap_hana_install_sidadm_password: "{{ sap_hana_install_master_password }}" -# sap_hana_install_db_system_password: "{{ sap_hana_install_master_password }}" -# sap_hana_install_ase_user_password: "{{ sap_hana_install_master_password }}" -# sap_hana_install_xs_org_password: "{{ sap_hana_install_master_password }}" -# sap_hana_install_lss_user_password: "{{ sap_hana_install_master_password }}" -# sap_hana_install_lss_backup_password: "{{ sap_hana_install_master_password }}" -# when: sap_hana_install_use_master_password == 'y' +# - name: SAP HANA Pre Install - Set password facts when using master password +# ansible.builtin.set_fact: +# sap_hana_install_sapadm_password: "{{ sap_hana_install_master_password }}" +# sap_hana_install_sidadm_password: "{{ sap_hana_install_master_password }}" +# sap_hana_install_db_system_password: "{{ sap_hana_install_master_password }}" +# sap_hana_install_ase_user_password: "{{ sap_hana_install_master_password }}" +# sap_hana_install_xs_org_password: "{{ sap_hana_install_master_password }}" +# sap_hana_install_lss_user_password: "{{ sap_hana_install_master_password }}" +# sap_hana_install_lss_backup_password: "{{ sap_hana_install_master_password }}" +# when: sap_hana_install_use_master_password == 'y' ################ # Handle fapolicyd @@ -23,7 +23,10 @@ ansible.builtin.package: name: fapolicyd state: present - when: sap_hana_install_use_fapolicyd + when: + - sap_hana_install_use_fapolicyd + # Ensure fapolicyd is installed only on supported systems. + - ansible_os_family == 'RedHat' tags: sap_hana_install_use_fapolicyd ################ @@ -59,9 +62,9 @@ - name: SAP HANA Pre Install - Check availability of software directory '{{ __sap_hana_install_fact_software_directory }}' ansible.builtin.stat: path: "{{ __sap_hana_install_fact_software_directory }}" - check_mode: no + check_mode: false register: __sap_hana_install_register_stat_software_directory - failed_when: no + failed_when: false - name: SAP HANA Pre Install - Assert that the software directory exists ansible.builtin.assert: @@ -69,7 +72,9 @@ fail_msg: "FAIL: The software directory '{{ __sap_hana_install_fact_software_directory }}' does not exist!" success_msg: "PASS: The software directory '{{ __sap_hana_install_fact_software_directory }}' exist." - - name: SAP HANA Pre Install - Assert directory permissions in case `sap_hana_install_software_extract_directory` is below `sap_hana_install_software_extract_directory` + - name: > + SAP HANA Pre Install - Assert directory permissions in case `sap_hana_install_software_extract_directory` + is below `sap_hana_install_software_extract_directory` when: sap_hana_install_software_extract_directory is search(sap_hana_install_software_directory) block: @@ -135,15 +140,15 @@ - name: SAP HANA Pre Install - Get info about software extract directory '{{ sap_hana_install_software_extract_directory }}' ansible.builtin.stat: path: "{{ sap_hana_install_software_extract_directory }}" - check_mode: no + check_mode: false register: __sap_hana_install_register_stat_software_extract_directory - failed_when: no + failed_when: false - name: SAP HANA Pre Install - Change ownership of software extract directory '{{ sap_hana_install_software_extract_directory }}' ansible.builtin.file: path: "{{ sap_hana_install_software_extract_directory }}" state: directory - recurse: yes + recurse: true mode: '0755' owner: root group: root @@ -154,12 +159,12 @@ ansible.builtin.wait_for: path: "{{ sap_hana_install_software_extract_directory }}/__EXTRACTION_ONGOING__" state: absent - failed_when: no + failed_when: false - name: SAP HANA Pre Install - Find directory 'SAP_HANA_DATABASE' if '{{ sap_hana_install_software_extract_directory }}' exists ansible.builtin.find: paths: "{{ sap_hana_install_software_extract_directory }}" - recurse: yes + recurse: true file_type: directory patterns: 'SAP_HANA_DATABASE' register: __sap_hana_install_register_find_directory_sap_hana_database_initial @@ -178,9 +183,9 @@ - name: SAP HANA Pre Install - Get info about '{{ __sap_hana_install_fact_hdblcm_path }}/hdblcm' if found initially ansible.builtin.stat: path: "{{ __sap_hana_install_fact_hdblcm_path + '/hdblcm' }}" - check_mode: no + check_mode: false register: __sap_hana_install_register_stat_hdblcm_initial - failed_when: no + failed_when: false - name: SAP HANA Pre Install - Assert that file 'hdblcm' is available if found initially ansible.builtin.assert: @@ -207,9 +212,9 @@ - name: SAP HANA Pre Install - Get info about '{{ __sap_hana_install_fact_hdblcm_path }}/hdblcm' ansible.builtin.stat: path: "{{ __sap_hana_install_fact_hdblcm_path + '/hdblcm' }}" - check_mode: no + check_mode: false register: __sap_hana_install_register_stat_hdblcm - failed_when: no + failed_when: false - name: SAP HANA Pre Install - Assert that file 'hdblcm' is available ansible.builtin.assert: @@ -227,7 +232,7 @@ - name: SAP HANA Pre Install - Find directory 'SAP_HANA_DATABASE' in '{{ sap_hana_install_software_extract_directory }}' ansible.builtin.find: paths: "{{ sap_hana_install_software_extract_directory }}" - recurse: yes + recurse: true file_type: directory patterns: 'SAP_HANA_DATABASE' register: __sap_hana_install_register_find_directory_sap_hana_database_addhosts diff --git a/roles/sap_hana_install/tasks/pre_install/hdblcm_prepare.yml b/roles/sap_hana_install/tasks/pre_install/hdblcm_prepare.yml index bdff8d74d..b112b322c 100644 --- a/roles/sap_hana_install/tasks/pre_install/hdblcm_prepare.yml +++ b/roles/sap_hana_install/tasks/pre_install/hdblcm_prepare.yml @@ -55,7 +55,7 @@ - name: SAP HANA hdblcm prepare - Find 'SAP_HANA_DATABASE' in '{{ sap_hana_install_software_extract_directory }}' ansible.builtin.find: paths: "{{ sap_hana_install_software_extract_directory }}" - recurse: yes + recurse: true file_type: directory patterns: 'SAP_HANA_DATABASE' register: __sap_hana_install_register_find_directory_sap_hana_database diff --git a/roles/sap_hana_install/tasks/pre_install/prepare_sarfiles.yml b/roles/sap_hana_install/tasks/pre_install/prepare_sarfiles.yml index 299e8dbbe..3131e844c 100644 --- a/roles/sap_hana_install/tasks/pre_install/prepare_sarfiles.yml +++ b/roles/sap_hana_install/tasks/pre_install/prepare_sarfiles.yml @@ -23,7 +23,7 @@ - name: SAP HANA hdblcm prepare - Find all SAR files in '{{ __sap_hana_install_fact_software_directory }}' ansible.builtin.find: paths: "{{ __sap_hana_install_fact_software_directory }}" - recurse: no + recurse: false file_type: file patterns: '*.SAR' register: __sap_hana_install_register_find_sarfiles @@ -37,7 +37,7 @@ ansible.builtin.debug: var: __sap_hana_install_fact_sarfiles -- name: Copy SAR files to final destination if 'sap_hana_install_copy_sarfiles' is 'yes' +- name: Copy SAR files to final destination if 'sap_hana_install_copy_sarfiles' is 'true' when: sap_hana_install_copy_sarfiles block: diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index 61b9b0818..c58c71598 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -1,6 +1,6 @@ # SPDX-License-Identifier: Apache-2.0 --- -- name: Takover saptune and enable +- name: Takeover saptune and enable when: __sap_hana_preconfigure_run_saptune block: - name: Ensure sapconf is stopped and disabled diff --git a/roles/sap_hana_preconfigure/tasks/main.yml b/roles/sap_hana_preconfigure/tasks/main.yml index 1708ca6aa..38404abba 100644 --- a/roles/sap_hana_preconfigure/tasks/main.yml +++ b/roles/sap_hana_preconfigure/tasks/main.yml @@ -5,21 +5,36 @@ ansible.builtin.debug: var: role_path -# Load variable file starting with actual version up to OS family. +# Load variable files in order: # Example for SUSE Linux Enterprise Server for SAP Applications 15 SP6: -# 1. SLES_SAP_15.6.yml - Specific to distribution with major and minor release. -# 2. SLES_SAP_15.yml - Specific to distribution and major release regardless of minor release. -# 3. SLES_15.6.yml - Specific to distribution family (SLES and SLES4SAP) and minor release. -# 4. SLES_15.yml - Specific to distribution. -# 5. Suse.yml - Specific to OS family. -- name: Include OS specific vars - ansible.builtin.include_vars: '{{ item }}' - with_first_found: - - '{{ ansible_distribution }}_{{ ansible_distribution_version }}.yml' - - '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_version }}.yml' - - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_os_family }}.yml' +# 1. Suse.yml - Specific to OS family. +# 2. SLES_15.yml - Specific to distribution (SLES and SLES_SAP) and major release. +# 3. SLES_15.6.yml - Specific to distribution (SLES and SLES_SAP) and minor release. +# 4. SLES_SAP_15.yml - Specific to distribution SLES_SAP and major release. +# 5. SLES_SAP_15.6.yml - Specific to distribution SLES_SAP and minor release. +- name: Include OS specific vars, specific + ansible.builtin.include_vars: "{{ __vars_file }}" + loop: + - "{{ ansible_os_family }}.yml" + - "{{ ansible_distribution }}.yml" + # Enables loading of shared vars between SLES and SLES_SAP + - >- + {{ ansible_distribution.split("_")[0] ~ '_' ~ + ansible_distribution_major_version }}.yml + - >- + {{ ansible_distribution.split("_")[0] ~ '_' ~ + ansible_distribution_version }}.yml + + - >- + {{ ansible_distribution ~ '_' ~ + ansible_distribution_major_version }}.yml + - >- + {{ ansible_distribution ~ '_' ~ + ansible_distribution_version }}.yml + vars: + __vars_file: "{{ role_path }}/vars/{{ item }}" + when: __vars_file is file + - name: Set filename prefix to empty string if role is run in normal mode ansible.builtin.set_fact: diff --git a/roles/sap_netweaver_preconfigure/defaults/main.yml b/roles/sap_netweaver_preconfigure/defaults/main.yml index 0a458da5b..1e735b950 100644 --- a/roles/sap_netweaver_preconfigure/defaults/main.yml +++ b/roles/sap_netweaver_preconfigure/defaults/main.yml @@ -5,7 +5,7 @@ # Perform an assertion run: sap_netweaver_preconfigure_assert: false -# In case of an assertion run, if set to "yes", the role will abort for any assertion error: +# In case of an assertion run, if set to "true", the role will abort for any assertion error: sap_netweaver_preconfigure_assert_ignore_errors: false sap_netweaver_preconfigure_min_swap_space_mb: '20480' diff --git a/roles/sap_netweaver_preconfigure/tasks/RedHat/assert-installation.yml b/roles/sap_netweaver_preconfigure/tasks/RedHat/assert-installation.yml index d5d271e27..2c1f8eac1 100644 --- a/roles/sap_netweaver_preconfigure/tasks/RedHat/assert-installation.yml +++ b/roles/sap_netweaver_preconfigure/tasks/RedHat/assert-installation.yml @@ -16,7 +16,7 @@ - name: Check if required packages for Adobe Document Services are installed # noqa command-instead-of-module ansible.builtin.shell: rpm -q --qf "%{NAME}.%{ARCH}\n" {{ __sap_netweaver_preconfigure_adobe_doc_services_packages | map('quote') | join(' ') }} register: __sap_netweaver_preconfigure_register_rpm_q_ads_packages - changed_when: no + changed_when: false when: sap_netweaver_preconfigure_use_adobe_doc_services | d(false) ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" diff --git a/roles/sap_netweaver_preconfigure/tasks/RedHat/configuration.yml b/roles/sap_netweaver_preconfigure/tasks/RedHat/configuration.yml index 7ab03d9dd..d169bfe26 100644 --- a/roles/sap_netweaver_preconfigure/tasks/RedHat/configuration.yml +++ b/roles/sap_netweaver_preconfigure/tasks/RedHat/configuration.yml @@ -14,17 +14,19 @@ - name: Warn if not enough swap space is configured ansible.builtin.fail: - msg: "The system has only {{ ansible_swaptotal_mb }} MB of swap space configured, - which is less than the minimum required amount of {{ sap_netweaver_preconfigure_min_swap_space_mb }} MB for SAP NetWeaver!" - ignore_errors: yes + msg: | + The system has only {{ ansible_swaptotal_mb }} MB of swap space configured, + which is less than the minimum required amount of {{ sap_netweaver_preconfigure_min_swap_space_mb }} MB for SAP NetWeaver! + ignore_errors: true when: - ansible_swaptotal_mb < sap_netweaver_preconfigure_min_swap_space_mb|int - not sap_netweaver_preconfigure_fail_if_not_enough_swap_space_configured|d(true) - name: Fail if not enough swap space is configured ansible.builtin.fail: - msg: "The system has only {{ ansible_swaptotal_mb }} MB of swap space configured, - which is less than the minimum required amount of {{ sap_netweaver_preconfigure_min_swap_space_mb }} MB for SAP NetWeaver!" + msg: | + The system has only {{ ansible_swaptotal_mb }} MB of swap space configured, + which is less than the minimum required amount of {{ sap_netweaver_preconfigure_min_swap_space_mb }} MB for SAP NetWeaver! when: - ansible_swaptotal_mb < sap_netweaver_preconfigure_min_swap_space_mb|int - sap_netweaver_preconfigure_fail_if_not_enough_swap_space_configured|d(true) diff --git a/roles/sap_netweaver_preconfigure/tasks/main.yml b/roles/sap_netweaver_preconfigure/tasks/main.yml index f0a525abd..451e1c520 100644 --- a/roles/sap_netweaver_preconfigure/tasks/main.yml +++ b/roles/sap_netweaver_preconfigure/tasks/main.yml @@ -5,21 +5,36 @@ ansible.builtin.debug: var: role_path -# Load variable file starting with actual version up to OS family. +# Load variable files in order: # Example for SUSE Linux Enterprise Server for SAP Applications 15 SP6: -# 1. SLES_SAP_15.6.yml - Specific to distribution with major and minor release. -# 2. SLES_SAP_15.yml - Specific to distribution and major release regardless of minor release. -# 3. SLES_15.6.yml - Specific to distribution family (SLES and SLES4SAP) and minor release. -# 4. SLES_15.yml - Specific to distribution. -# 5. Suse.yml - Specific to OS family. -- name: Include OS specific vars - ansible.builtin.include_vars: '{{ item }}' - with_first_found: - - '{{ ansible_distribution }}_{{ ansible_distribution_version }}.yml' - - '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_version }}.yml' - - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_major_version }}.yml' - - '{{ ansible_os_family }}.yml' +# 1. Suse.yml - Specific to OS family. +# 2. SLES_15.yml - Specific to distribution (SLES and SLES_SAP) and major release. +# 3. SLES_15.6.yml - Specific to distribution (SLES and SLES_SAP) and minor release. +# 4. SLES_SAP_15.yml - Specific to distribution SLES_SAP and major release. +# 5. SLES_SAP_15.6.yml - Specific to distribution SLES_SAP and minor release. +- name: Include OS specific vars, specific + ansible.builtin.include_vars: "{{ __vars_file }}" + loop: + - "{{ ansible_os_family }}.yml" + - "{{ ansible_distribution }}.yml" + # Enables loading of shared vars between SLES and SLES_SAP + - >- + {{ ansible_distribution.split("_")[0] ~ '_' ~ + ansible_distribution_major_version }}.yml + - >- + {{ ansible_distribution.split("_")[0] ~ '_' ~ + ansible_distribution_version }}.yml + + - >- + {{ ansible_distribution ~ '_' ~ + ansible_distribution_major_version }}.yml + - >- + {{ ansible_distribution ~ '_' ~ + ansible_distribution_version }}.yml + vars: + __vars_file: "{{ role_path }}/vars/{{ item }}" + when: __vars_file is file + - name: Set filename prefix to empty string if role is run in normal mode ansible.builtin.set_fact: diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml b/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml index 34ad9619a..42032de73 100644 --- a/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml +++ b/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml @@ -8,28 +8,35 @@ __sap_netweaver_preconfigure_sapnotes: - "1275776" __sap_netweaver_preconfigure_packages: + # Mandatory packages + - tcsh + - acl + - insserv-compat + - system-user-uuidd + - uuidd + # gcc packages - libstdc++6 - libatomic1 - libgcc_s1 - libltdl7 - - insserv-compat + # System monitoring + - sysstat - cpupower - - hicolor-icon-theme - - libcpupower1 # libcpupower0 was removed in SP6 + - libcpupower1 - libsensors4 + # Patterns - patterns-base-basesystem - patterns-server-enterprise-sap_server - patterns-yast-yast2_basis + # Additional packages - procmail - - sysstat - - system-user-uuidd - - uuidd + # Not needed but kept for compatibility + - hicolor-icon-theme - yast2-auth-client - yast2-auth-server - yast2-theme - yast2-vpn - - tcsh - - acl + # SLES_SAP is using saptune, but SLES is using sapconf. # Default value true runs saptune, but installation.yml auto-detects base product and adjusts. diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_15.yml b/roles/sap_netweaver_preconfigure/vars/SLES_15.yml index b6f0bacc6..cc632e33f 100644 --- a/roles/sap_netweaver_preconfigure/vars/SLES_15.yml +++ b/roles/sap_netweaver_preconfigure/vars/SLES_15.yml @@ -8,28 +8,34 @@ __sap_netweaver_preconfigure_sapnotes: - "1275776" __sap_netweaver_preconfigure_packages: + # Mandatory packages + - tcsh + - acl + - insserv-compat + - system-user-uuidd + - uuidd + # gcc packages - libstdc++6 - libatomic1 - libgcc_s1 - libltdl7 - - insserv-compat + # System monitoring + - sysstat - cpupower - - hicolor-icon-theme - libcpupower0 - libsensors4 + # Patterns - patterns-base-basesystem - patterns-server-enterprise-sap_server - patterns-yast-yast2_basis + # Additional packages - procmail - - sysstat - - system-user-uuidd - - uuidd + # Not needed but kept for compatibility + - hicolor-icon-theme - yast2-auth-client - yast2-auth-server - yast2-theme - yast2-vpn - - tcsh - - acl # SLES_SAP is using saptune, but SLES is using sapconf. # Default value true runs saptune, but installation.yml auto-detects base product and adjusts.