initial porting options of the checks catalog to the new DSL

runner/ansible/roles/catalog/1.1.1-156F64.yaml

@@ -0,0 +1,64 @@
+id: 156F64
+name: orosync `token` timeout
+# name: 1.1.1
+group: Corosync
+description: |
+  Corosync `token` timeout is set to `{{ values.expected_token_timeout }}`
+# As a user I want the dsl to support interpolation of values/env in the description section
+# As a user I want the dsl to support interpolation of values/env in the remediation section
+remediation: |
+  ## Abstract
+  The value of the Corosync `token` timeout is not set as recommended.
+
+  ## Remediation
+
+  Adjust the corosync `token` timeout as recommended on the best practices, and reload the corosync configuration
+
+  1. Set the correct `token` timeout in the totem session in the corosync config file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster.
+     ```
+     [...]
+     totem { 
+            token: <timeout value> 
+           }
+     [...]
+     ```   
+  2. Reload the corosync configuration:
+     `crm corosync reload`
+
+  ## References
+  Azure:
+
+    - https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/high-availability-guide-suse-pacemaker
+
+  SUSE / KVM:
+
+    - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf
+
+  GCP: 
+
+    - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files
+
+  AWS:
+
+    -	https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html
+
+facts:
+  - name: corosync_token_timeout
+    gatherer: corosync.conf
+    argument: totem.token
+
+values:
+  - name: expected_token_timeout
+    default: 5000
+    conditions:
+      - value: 30000
+        # when: env.provider == "azure" || env.provider == "aws"
+        when: return env.provider == "azure" or env.provider == "aws"
+      - value: 20000
+        # when: env.provider == "gcp"
+        when: return env.provider == "gcp"
+
+expectations:
+  - name: token_timeout
+    # expect: facts.corosync_token_timeout == values.expected_token_timeout
+    expect: return facts.corosync_token_timeout == values.expected_token_timeout

runner/ansible/roles/catalog/1.1.2-A1244C.yaml

@@ -0,0 +1,47 @@
+id: A1244C
+name: Corosync `consensus` timeout
+# name: 1.1.2
+group: Corosync
+description: |
+  Corosync `consensus` timeout is set to `{{ values.expected_consensus_timeout }}`
+remediation: |
+  ## Remediation
+  Adjust the Corosync `consensus` timeout as recommended by the Azure best practices.
+
+  ## References
+  Azure:
+
+    - https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/high-availability-guide-suse-pacemaker
+
+  AWS:
+
+    - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html
+
+  GCP:
+
+    - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf
+
+  SUSE / KVM:
+
+    - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf
+
+facts:
+  - name: corosync_consensus_timeout
+    gatherer: corosync.conf
+    argument: totem.consensus
+
+values:
+  - name: expected_consensus_timeout
+    default: 6000
+    conditions:
+      - value: 36000
+        # when: env.provider == "azure" || env.provider == "aws"
+        when: return env.provider == "azure" or env.provider == "aws"
+      - value: 24000
+        # when: env.provider == "gcp"
+        when: return env.provider == "gcp"
+
+expectations:
+  - name: consensus_timeout
+    # expect: facts.corosync_consensus_timeout == values.expected_consensus_timeout
+    expect: return facts.corosync_consensus_timeout == values.expected_consensus_timeout

runner/ansible/roles/catalog/1.1.3-845CC9.yaml

@@ -0,0 +1,40 @@
+id: 845CC9
+name: Corosync `max_messages`
+# name: 1.1.3
+group: Corosync
+description: |
+  Corosync `max_messages` is set to `{{ values.expected_max_messages }}`
+remediation: |
+  ## Remediation
+  Adjust the Corosync `max_messages` parameter as recommended by the Azure best practices.
+
+  ## References
+  AZURE:
+
+    - https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/high-availability-guide-suse-pacemaker#install-the-cluster
+
+  AWS:
+
+    - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf
+
+  GCP:
+
+    - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles
+
+  SUSE / KVM:
+
+    - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf
+
+facts:
+  - name: corosync_max_messages
+    gatherer: corosync.conf
+    argument: totem.max_messages
+
+# As a user I want the DSL to support checks without values section
+# so that I can reduce the boiler code in the DSL itself
+# and simply use a hardcoded value that is environment independent
+
+expectations:
+  - name: max_messages
+    # expect: facts.corosync_max_messages == 20
+    expect: return facts.corosync_max_messages == 20

runner/ansible/roles/catalog/1.1.4-24ABCB.yaml

@@ -0,0 +1,36 @@
+id: 24ABCB
+name: Corosync `join`
+# name: 1.1.4
+group: Corosync
+description: |
+  Corosync `join` is set to `{{ values.expected_join }}`
+remediation: |
+  ## Remediation
+  Adjust the Corosync `join` parameter as recommended by the Azure best practices.
+
+  ## References
+  AZURE:
+
+    - https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/high-availability-guide-suse-pacemaker#install-the-cluster
+
+  AWS:
+
+    - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf
+
+  GCP:
+
+    - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles
+
+  SUSE / KVM:
+
+    - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf
+
+facts:
+  - name: corosync_join
+    gatherer: corosync.conf
+    argument: totem.join
+
+expectations:
+  - name: join
+    # expect: facts.corosync_join == 60
+    expect: return facts.corosync_join == 60

runner/ansible/roles/catalog/1.1.5-21FCA6.yaml

@@ -0,0 +1,44 @@
+id: 21FCA6
+name: Corosync `token_retransmits_before_loss_const`
+# name: 1.1.5
+group: Corosync
+description: |
+  Corosync `token_retransmits_before_loss_const` is set to: `{{ values.expected_token_retransmits_before_loss_const }}`
+remediation: |
+  ## Remediation
+  Adjust the corosync `token_retransmits_before_loss_const` parameter to `{{ values.expected_token_retransmits_before_loss_const }}` as recommended by the Azure best practices.
+
+  ## References
+  AZURE:
+
+    - https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/high-availability-guide-suse-pacemaker#install-the-cluster
+
+  AWS:
+
+    - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html
+
+  GCP:
+
+    - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles
+
+  SUSE / KVM:
+
+    - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf
+
+facts:
+  - name: corosync_token_retransmits_before_loss_const
+    gatherer: corosync.conf
+    argument: totem.token_retransmits_before_loss_const
+
+values:
+  - name: expected_token_retransmits_before_loss_const
+    default: 10
+    conditions:
+      - value: 6
+        # when: env.provider == "aws"
+        when: return env.provider == "aws"
+
+expectations:
+  - name: token_retransmits_before_loss_const
+    # expect: facts.corosync_token_retransmits_before_loss_const == values.expected_token_retransmits_before_loss_const
+    expect: return facts.corosync_token_retransmits_before_loss_const == values.expected_token_retransmits_before_loss_const

runner/ansible/roles/catalog/1.1.6-33403D.yaml

@@ -0,0 +1,68 @@
+id: 33403D
+name: Corosync `transport`
+# name: 1.1.6
+group: Corosync
+description: |
+  Corosync `transport` is set to `{{ values.expected_transport }}`
+remediation: |
+  ## Remediation
+  To change the corosync MCAST transport to UCAST edit the /etc/corosync/corosync.conf
+  as in the example
+  ```
+      max_messages: 20
+      interface {
+          ringnumber: 0
+  -       bindnetaddr: 10.162.32.167
+  -       mcastaddr: 239.11.100.41
+          mcastport: 5405
+          ttl: 1
+      }
+  +   transport: udpu
+  ...
+  +nodelist {
+  +       node {
+  +               ring0_addr: 10.162.32.167
+  +               nodeid: 1
+  +       }
+  +
+  +       node {
+  +               ring0_addr: 10.162.32.89
+  +               nodeid: 2
+  +       }
+  +
+  +}
+  ```
+  1. stop the already running cluster by using **systemctl stop pacemaker**
+  2. In the totem section, in the interface subsection remove the
+  keys-value pairs **bindnetaddr** and **mcastaddr**
+  3. In the totem section add key-value pair **transport: udpu**
+  4. Add section nodelist and subsections node for each nodes of the
+  cluster, where the **ring0_addr** is the IP address of the node
+
+  ## References
+  Azure:
+
+    - https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/high-availability-guide-suse-pacemaker
+
+  AWS:
+
+    - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html
+
+  GCP:
+
+    - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files
+
+  SUSE / KVM:
+
+    - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-adapting-the-corosync-and-sbd-configuration
+    - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf
+
+facts:
+  - name: corosync_transport
+    gatherer: corosync.conf
+    argument: totem.transport
+
+expectations:
+  - name: transport
+    # expect: facts.corosync_transport == "udpu"
+    expect: return facts.corosync_transport == "udpu"

runner/ansible/roles/catalog/1.1.7-C620DC.yaml

@@ -0,0 +1,36 @@
+id: C620DC
+name: Corosync `expected_votes`
+# name: 1.1.7
+group: Corosync
+description: |
+  Corosync `expected_votes` is set to `{{ values.expected_votes }}`
+remediation: |
+  ## Remediation
+  Adjust the corosync `expected_votes` parameter to `{{ values.expected_votes }}` to make sure pacemaker calculates the actions properly for a two-node cluster.
+
+  ## References
+  Azure:
+
+    - https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/high-availability-guide-suse-pacemaker#install-the-cluster
+
+  AWS:
+
+    - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html
+
+  GCP:
+
+    - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles
+
+  SUSE / KVM:
+
+    - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf
+
+facts:
+  - name: corosync_expected_votes
+    gatherer: corosync.conf
+    argument: quorum.expected_votes
+
+expectations:
+  - name: expected_votes
+    # expect: facts.corosync_expected_votes == 2
+    expect: return facts.corosync_expected_votes == 2

runner/ansible/roles/catalog/1.1.8-6E9B82.yaml

@@ -0,0 +1,39 @@
+id: 6E9B82
+name: Corosync `expected_votes`
+# name: 1.1.8
+group: Corosync
+description: |
+  Corosync `two_node` is set to `{{ values.expected_two_node }}`
+remediation: |
+  ## Abstract
+  The runtime value of the corosync `two_node` parameter is not set as recommended.
+
+  ## Remediation
+  Adjust the corosync two_node parameter to `{{ values.expected_two_node }}` to make sure Pacemaker calculates the actions properly for a two-node cluster.
+
+  ## References
+  Azure:
+
+    - https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/high-availability-guide-suse-pacemaker#install-the-cluster
+
+  AWS:
+
+    - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html
+
+  GCP:
+
+    - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles
+
+  SUSE / KVM:
+
+    - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf
+
+facts:
+  - name: corosync_two_node
+    gatherer: corosync.conf
+    argument: quorum.two_node
+
+expectations:
+  - name: two_node
+    # expect: facts.corosync_two_node == 1
+    expect: return facts.corosync_two_node == 1