Skip to content

Commit

Permalink
Feature/saphanasr angi (#1)
Browse files Browse the repository at this point in the history 
Implements SAPHanaSR-angi configuration and enhances HANA Pacemaker functionality with improved Azure Fencing Agent integration. Adds support for SLES 15.6 and updates Python version handling across SLES SAP distributions. Fixes critical variable interpolation issues in DB and SAP installation pipelines and standardizes configuration management. Includes comprehensive improvements to error handling, logging, and system compatibility checks.
  • Loading branch information
@hdamecharla
hdamecharla authored Nov 23, 2024
1 parent 8d0ff70 commit bff0da2
Show file tree
Hide file tree
Showing 16 changed files with 1,327 additions and 886 deletions.
37 changes: 36 additions & 1 deletion .editorconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,17 +4,52 @@
root = true

[*]
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
indent_style = space
indent_size = 2

# Python files
[*.py]
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
indent_style = space
indent_size = 4

[*.yml, *.yaml]
[*.{y{a,}ml}]
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
indent_style = space
indent_size = 2

[*.{diff,md}]
trim_trailing_whitespace = false
insert_final_newline = false

[*.{sh,bat}]
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
indent_style = tab

[*.cs]
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
indent_style = space
indent_size = 4

# reference: https://github.com/microsoft/vscode-python/blob/main/.editorconfig
# The indent size used in the `package.json` file cannot be changed
# https://github.com/npm/npm/pull/3180#issuecomment-16336516
[{.travis.yml,npm-shrinkwrap.json,package.json}]
indent_style = space
indent_size = 4
10 changes: 7 additions & 3 deletions deploy/ansible/ansible.cfg
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,16 +9,20 @@ display_skipped_hosts = False
conditional_bare_variables = False
interpreter_python = auto_silent
callbacks_enabled = profile_tasks
#stdout_callback = json
stdout_callback = yaml
stdout_callback = json
# stdout_callback = yaml
# Use the stdout_callback when running ad-hoc commands.
bin_ansible_callbacks = True
host_key_checking = False
error_on_undefined_vars = True
log_path = /var/tmp/ansible.log
# log_path = /var/tmp/ansible.log

allow_world_readable_tmpfiles = True

[callback_log_plays]
log_folder = /var/tmp/ansible/hosts
log_path = /var/tmp/ansible/hosts

[connection]
# ServerAliveInternal - Coming from Achmea, keeps the connection alive and
# prevent timeouts.
Expand Down
92 changes: 47 additions & 45 deletions deploy/ansible/playbook_04_00_01_db_ha.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
# +------------------------------------4--------------------------------------*/

- hosts: localhost
name: Get SAP Password from KeyVault
name: "Get SAP Password from KeyVault"
gather_facts: true
vars_files:
- vars/ansible-input-api.yaml # API Input template with defaults
Expand All @@ -19,19 +19,20 @@
- db_high_availability is defined
- database_high_availability is not defined

- name: Initialization
- name: "Initialization"
when: database_high_availability
block:

- name: Create Progress folder
- name: "Create Progress folder"
ansible.builtin.file:
path: "{{ _workspace_directory }}/.progress"
state: directory
mode: 0755

- name: Remove db-ha-done flag
- name: "Remove db-ha-done flag"
ansible.builtin.file:
path: "{{ _workspace_directory }}/.progress/db-ha-done"
state: absent
state: absent

- name: "Ensure passlib is installed on the controller"
become: true
Expand All @@ -54,46 +55,46 @@
# ansible.builtin.set_fact:
# tier: fencing

- name: "Run the misc/password role"
- name: "Run the misc/password role"
ansible.builtin.include_role:
name: roles-misc/0.1-passwords
public: true
name: roles-misc/0.1-passwords
public: true
tags:
- 0.1-passwords
- 0.1-passwords

- name: "OS configuration playbook: - Read password"
- name: "OS configuration playbook: - Read password"
ansible.builtin.include_role:
name: roles-misc/0.1-passwords
tasks_from: windows.yaml
public: true
when: platform == "SQLSERVER"
name: roles-misc/0.1-passwords
tasks_from: windows.yaml
public: true
when: platform == "SQLSERVER"
tags:
- 0.1-win-passwords
- 0.1-win-passwords

- name: "WinCluster-Create: Get witness account details"
- name: "WinCluster-Create: Get witness account details"
ansible.builtin.include_role:
name: roles-misc/0.2-kv-secrets
tasks_from: wincluster-witness.yaml
public: true
name: roles-misc/0.2-kv-secrets
tasks_from: wincluster-witness.yaml
public: true
vars:
operation: fencing
operation: fencing
when:
- platform | upper == "SQLSERVER"
- platform | upper == "SQLSERVER"
tags:
- 0.2-wincluster-witness
- 0.2-wincluster-witness

- name: Run the keyvault role
- name: "Run the keyvault role"
ansible.builtin.include_role:
name: roles-misc/0.2-kv-secrets
name: roles-misc/0.2-kv-secrets
vars:
operation: fencing
operation: fencing
tags:
- kv-secrets
- kv-secrets


when: database_high_availability
# +------------------------------------4--------------------------------------*/

- hosts: "{{ sap_sid | upper }}_DB"
- hosts: "{{ sap_sid | upper }}_DB"
name: HANA DB HA Configuration
remote_user: "{{ orchestration_ansible_user }}"
gather_facts: true # Important to collect hostvars information
Expand All @@ -107,11 +108,12 @@
#
# -------------------------------------+---------------------------------------8
- name: "Backward Compatibility - Check required Database HA variables"
when:
- db_high_availability is defined
- database_high_availability is not defined
ansible.builtin.set_fact:
database_high_availability: "{{ db_high_availability | default(false) }}"
when:
- db_high_availability is defined
- database_high_availability is not defined


- name: "0.0 Validations: - Gather facts for first time"
ansible.builtin.setup:
Expand All @@ -120,6 +122,9 @@

- name: "HANA HA Setup"
become: true
when:
- database_high_availability
- platform == 'HANA'
block:
- name: "Install HANA System Replication"
block:
Expand All @@ -129,7 +134,7 @@
use_proxy: false
headers:
Metadata: true
register: azmetadata
register: azmetadata

- name: "Show IMDS results"
ansible.builtin.debug:
Expand All @@ -154,9 +159,9 @@
ansible.builtin.include_role:
name: roles-db/4.0.1-hdb-hsr
when:
- node_tier == 'hana'
- node_tier == 'hana'
tags:
- 4.0.1-hdb-hsr
- 4.0.1-hdb-hsr

- name: "Install HANA Pacemaker resources"
block:
Expand All @@ -173,35 +178,32 @@
fencing_spn_client_pwd: "{% if not use_msi_for_clusters %}{{ hostvars.localhost.sap_fencing_spn_pwd }}{% endif %}"
fencing_spn_tenant_id: "{% if not use_msi_for_clusters %}{{ hostvars.localhost.sap_fencing_spn_tenant_id }}{% endif %}"
tags:
- always
- always

- name: "HANA HA Setup: - Ensure the needed services are started"
ansible.builtin.include_role:
name: roles-os/1.16-services
tags:
- 1.16-services
- 1.16-services

- name: "HANA HA Setup: - run the Pacemaker role"
ansible.builtin.include_role:
name: roles-sap/5.5-hanadb-pacemaker
when:
- database_high_availability
- not database_scale_out
- database_high_availability
- not database_scale_out
tags:
- 5.5-hanadb-pacemaker
- 5.5-hanadb-pacemaker

- name: "HANA HA Setup: - run the Pacemaker role for scale out"
ansible.builtin.include_role:
name: roles-sap/5.8-hanadb-scaleout-pacemaker
when:
- database_high_availability
- database_scale_out
- database_high_availability
- database_scale_out
tags:
- 5.8-hanadb-scaleout-pacemaker
- 5.8-hanadb-scaleout-pacemaker

when:
- database_high_availability
- platform == 'HANA'

# -------------------------------------+---------------------------------------8
#
Expand Down
29 changes: 16 additions & 13 deletions deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.2.0-cluster-Suse.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,15 +183,8 @@
- name: "1.17 Generic Pacemaker - Remove false positives"
ansible.builtin.shell: crm_resource -C

- name: "1.17 Generic Pacemaker - Enable Stonith"
ansible.builtin.shell: |
crm configure property stonith-enabled=true
crm configure property concurrent-fencing=true
register: crm_configure_result
failed_when: crm_configure_result.rc > 1

- name: "1.17 Generic Pacemaker - Create Azure Fencing Agent"
ansible.builtin.shell: >
ansible.builtin.shell: |
crm configure primitive rsc_st_azure stonith:fence_azure_arm params \
subscriptionId="{{ fencing_spn_subscription_id }}" \
resourceGroup="{{ resource_group_name }}" \
Expand All @@ -207,10 +200,11 @@
op monitor interval=3600 timeout=120
when:
- not use_msi_for_clusters or distribution_full_id in ["sles_sap12.4"]
register: crm_configure_result
failed_when: crm_configure_result.rc > 1

- name: "1.17 Generic Pacemaker - Create Azure Fencing Agent (MSI)"
ansible.builtin.shell: >
ansible.builtin.shell: |
crm configure primitive rsc_st_azure stonith:fence_azure_arm params \
subscriptionId="{{ fencing_spn_subscription_id }}" \
resourceGroup="{{ resource_group_name }}" \
Expand All @@ -222,6 +216,7 @@
pcmk_delay_max=15 \
pcmk_host_map="{{ primary_instance_name }}:{{ hostvars[primary_instance_name]['primary_vm_name'] }};{{ secondary_instance_name }}:{{ hostvars[secondary_instance_name]['secondary_vm_name'] }}" \
op monitor interval=3600 timeout=120
register: crm_configure_result
failed_when: crm_configure_result.rc > 1
when:
- use_msi_for_clusters
Expand All @@ -231,6 +226,14 @@
- name: "1.17 Generic Pacemaker - Stonith Timeout Property"
become: true
ansible.builtin.shell: crm configure property stonith-timeout=900
register: crm_configure_result
failed_when: crm_configure_result.rc > 1

- name: "1.17 Generic Pacemaker - Enable Stonith"
ansible.builtin.shell: |
crm configure property stonith-enabled=true;
crm configure property concurrent-fencing=true
register: crm_configure_result
failed_when: crm_configure_result.rc > 1

when:
Expand Down Expand Up @@ -293,14 +296,14 @@
ansible.builtin.shell: crm configure delete stonith-sbd

- name: "1.17 Generic Pacemaker - Recreate Stonith SBD in cluster"
ansible.builtin.shell: >-
ansible.builtin.shell: |
crm configure primitive stonith-sbd stonith:external/sbd \
params pcmk_delay_max="15" \
op monitor interval="600" timeout="15"
- name: "1.17 Generic Pacemaker - Ensure Stonith SBD is configured in cluster"
when: stonith_sbd_configured.rc != 0
ansible.builtin.shell: >-
ansible.builtin.shell: |
crm configure primitive stonith-sbd stonith:external/sbd \
params pcmk_delay_max="15" \
op monitor interval="600" timeout="15"
Expand Down Expand Up @@ -379,7 +382,7 @@
ansible.builtin.shell: crm configure property node-health-strategy=custom

- name: "1.17 Generic Pacemaker - Set the pacemaker cluster node health constraint"
ansible.builtin.shell: >-
ansible.builtin.shell: |
crm configure location loc_azure_health \
/'!health-.*'/ rule '#health-azure': defined '#uname'
Expand All @@ -390,7 +393,7 @@
ansible.builtin.shell: crm_attribute --node {{ secondary_instance_name }} --name '#health-azure' --update 0

- name: "1.17 Generic Pacemaker - Ensure Pacemaker resources for the Azure agent is created"
ansible.builtin.shell: >-
ansible.builtin.shell: |
crm configure primitive health-azure-events ocf:heartbeat:azure-events-az \
meta allow-unhealthy-nodes=true failure-timeout=120s \
op start start-delay=90s \
Expand Down
2 changes: 1 addition & 1 deletion deploy/ansible/roles-os/1.3-repository/vars/repos.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ repos:
sles15.3:
sles15.4:
sles15.5:

sles15.6:
# Oracle

# Adding the entries for Oracle-Linux for testing. cat /etc/oracle-release is the command to get the os version info in Oracle linux.
Expand Down
Loading

0 comments on commit bff0da2

Please sign in to comment.