diff --git a/README.md b/README.md index 03a04fd0e..d413df34e 100644 --- a/README.md +++ b/README.md @@ -2,48 +2,143 @@ ![Ansible Lint](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint.yml/badge.svg?branch=main) -This Ansible Collection executes various SAP Software installations and configuration tasks for running various SAP solutions and deployment scenarios on Linux operating systems (RHEL or SLES). +## Description -This includes handlers for SAP HANA database lifecycle manager (HDBLCM) and SAP Software Provisioning Manager (SWPM), and can be combined with other Ansible Collections to provide end-to-end automation _(e.g. provision, download, install, operations)_. +This Ansible Collection executes various SAP Software installations and configuration tasks for various SAP solutions and deployment scenarios on supported Linux operating systems. +Included roles cover range of tasks: +- Preparation of Operating system and SAP installation media before installation +- Installation of SAP Database, either SAP HANA or Oracle Database +- Installation of SAP Products, like SAP S4HANA, SAP BW4HANA, SAP Netweaver, SAP Solution Manager and others. +- Configuration of replication of SAP HANA and High Availability clusters for SAP HANA and SAP Netweaver -**Examples of verified installations include:** +## Requirements + +### Control Nodes +Operating system: +- Any operating system with required Python and Ansible versions. + +Python: 3.11 or higher + +Ansible: 9.9.x + +Ansible-core: 2.16.x + +**NOTE: Ansible 10 and ansible-core 2.17.x are not supported, because of breaking changes requiring higher Python version on managed nodes.** + +### Managed Nodes +Operating system: +- SUSE Linux Enterprise Server for SAP applications 15 SP5+ (SLE4SAP) +- Red Hat Enterprise Linux for SAP Solutions 8.x 9.x (RHEL4SAP) + +**NOTE: Operating system needs to have access to required package repositories either directly or via subscription registration.** + + +Python: 3.6 or higher + + +## Installation Instructions + +### Installation +Install this collection with Ansible Galaxy command: +```console +ansible-galaxy collection install community.sap_install +``` + +Optionally you can include collection in requirements.yml file and include it together with other collections using: `ansible-galaxy collection install -r requirements.yml` +Requirements file need to be maintained in following format: +```yaml +collections: + - name: community.sap_install +``` + +### Upgrade +Installed Ansible Collection will not be upgraded automatically when Ansible package is upgraded. + +To upgrade the collection to the latest available version, run the following command: +```console +ansible-galaxy collection install community.sap_install --upgrade +``` + +You can also install a specific version of the collection, when you encounter issues with latest version. Please report these issues in affected Role repository if that happens. +Example of downgrading collection to version 1.4.0: +``` +ansible-galaxy collection install community.sap_install:==1.4.0 +``` + +See [Installing collections](https://docs.ansible.com/ansible/latest/collections_guide/collections_installing.html) for more details on installation methods. + + +## Use Cases + +### Example Scenarios +- Preparation of Operating system for SAP installation +- Preparation of SAP installation media for SAP installation +- Installation of SAP HANA (including High Availability with replication) or Oracle Database +- Installation of SAP S4HANA or other SAP products +- Configuration of Pacemaker cluster for SAP HANA and SAP Netweaver + +More deployment scenarios are available in [ansible.playbooks_for_sap](https://github.com/sap-linuxlab/ansible.playbooks_for_sap) repository. + +### Ansible Roles +All included roles can be executed independently or as part of [ansible.playbooks_for_sap](https://github.com/sap-linuxlab/ansible.playbooks_for_sap) playbooks. + +| Name | Summary | +| :--- | :--- | +| [sap_anydb_install_oracle](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_anydb_install_oracle) | Install Oracle DB 19.x for SAP | +| [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) | Configure general OS settings for SAP software | +| [sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_install_hana_hsr) | Configure and enable SAP HANA System Replication | +| [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster) | Configure Pacemaker cluster for SAP HANA and SAP Netweaver | +| [sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_install) | Install SAP HANA via HDBLCM | +| [sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) | Configure OS settings for SAP HANA database server | +| [sap_hostagent](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hostagent) | Install SAP Host Agent | +| [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) | Detect and extract SAP Software installation media | +| [sap_maintain_etc_hosts](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_maintain_etc_hosts) | Maintain the /etc/hosts file of an SAP software host | +| [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure) | Configure OS settings for SAP NetWeaver application server | +| [sap_storage_setup](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_storage_setup) | Configure storage for SAP system (Folder structure, LVM, XFS, NFS) | +| [sap_swpm](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_swpm) | Install SAP Software via SWPM | + + +## Testing +This Ansible Collection was tested across different Operating Systems, SAP products and scenarios. You can find examples of some of them below. + +Operating systems: +- SUSE Linux Enterprise Server for SAP applications 15 SP5+ (SLE4SAP) +- Red Hat Enterprise Linux for SAP Solutions 8.x 9.x (RHEL4SAP) + +Deployment scenarios: +- All scenarios included in [ansible.playbooks_for_sap](https://github.com/sap-linuxlab/ansible.playbooks_for_sap) repository + +SAP Products: - SAP S/4HANA AnyPremise (1809, 1909, 2020, 2021, 2022, 2023) with setup as Standard, Distributed, High Availability and optional Maintenance Planner or Restore System Copy - SAP Business Suite (ECC) on HANA and SAP Business Suite (ECC) with SAP AnyDB - SAP ASE, SAP MaxDB, IBM Db2, Oracle DB - SAP BW/4HANA (2021, 2023) with setup as Standard or Scale-Out - SAP HANA 2.0 (SPS04+) with setup as Scale-Up, Scale-Out, High Availability - Other SAP installation activities; such as System Rename, System Copy Export, SAP Solution Manager and SAP Web Dispatcher +**NOTE: It is not possible to test every Operating System and SAP Product combination with every release. Testing is regularly done for common scenarios: SAP HANA, SAP HANA HA, SAP S4HANA Distributed HA** -**Please read the [full documentation](/docs#readme) for how-to guidance, requirements, and all other details. Summary documentation is below:** +## Contributing +You can find more information about ways you can contribute at [sap-linuxlab website](https://sap-linuxlab.github.io/initiative_contributions/). -## Contents +## Support +You can report any issues using [Issues](https://github.com/sap-linuxlab/community.sap_install/issues) section. -Within this Ansible Collection, there are various Ansible Roles and no custom Ansible Modules. -### Ansible Roles +## Release Notes and Roadmap +You can find the release notes of this collection in [Changelog file](https://github.com/sap-linuxlab/community.sap_install/blob/main/CHANGELOG.rst) -| Name | Summary | -| :--- | :--- | -| [sap_anydb_install_oracle](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_anydb_install_oracle) | install Oracle DB 19.x for SAP | -| [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) | configure general OS settings for SAP software | -| [sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_install_hana_hsr) | install SAP HANA System Replication | -| [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster) | install and configure pacemaker and SAP resources | -| [sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_install) | install SAP HANA via HDBLCM | -| [sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) | configure settings for SAP HANA database server | -| [sap_hostagent](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hostagent) | install SAP Host Agent | -| [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) | detect and extract SAP Software installation media | -| [sap_maintain_etc_hosts](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_maintain_etc_hosts) | maintain the /etc/hosts file of an SAP software host | -| [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure) | configure settings for SAP NetWeaver application server | -| [sap_storage_setup](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_storage_setup) | configure storage for SAP HANA, with LVM partitions and XFS filesystem | -| [sap_swpm](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_swpm) | install SAP Software via SWPM | -## License +## Further Information -- [Apache 2.0](./LICENSE) +### Variable Precedence Rules +Please follow [Ansible Precedence guidelines](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable) on how to pass variables when using this collection. -## Contributors +### Getting Started +More information on how to execute Ansible playbooks is in [Getting started guide](https://github.com/sap-linuxlab/community.sap_install/blob/main/docs/getting_started/README.md). -Contributors to the Ansible Roles within this Ansible Collection, are shown within [/docs/contributors](./docs/CONTRIBUTORS.md). + +## License +[Apache 2.0](https://github.com/sap-linuxlab/community.sap_install/blob/main/LICENSE) diff --git a/docs/README.md b/docs/README.md deleted file mode 100644 index b71bedb27..000000000 --- a/docs/README.md +++ /dev/null @@ -1,135 +0,0 @@ -# Documentation of community.sap_install Ansible Collection - -## Introduction - -The `sap_install` Ansible Collection provides a variety of automated tasks for the configuration and installation of SAP Software. - -Each Ansible Role contained within this Ansible Collection, performs a distinct set of tasks and are designed to be run independently or cohesively - depending on the outcome desired by an end-user. - - -## Functionality - -This Ansible Collection executes various SAP Software installations for different SAP solution scenarios. The code structure and logic has been separated to support a flexible execution of different steps for various scenarios. - -Any Ansible Roles labelled "preconfigure" and "prepare" are prerequisites, executed before the corresponding installation Ansible Roles (such as `sap_hana_install` or `sap_swpm`). - -At a high-level, the key installation functionality of this Ansible Collection includes: - -1. **OS Preparation activities for SAP HANA Database Server, SAP AnyDB Database Server or SAP NetWeaver Application Server** - -2. **SAP HANA installations via SAP HANA database lifecycle manager (HDBLCM)** - - Configure Firewall rules and Hosts file for SAP HANA database server instance/s - - Install SAP Host Agent - - Install SAP HANA database server, with any SAP HANA Component (e.g. Live Cache Apps, Application Function Library etc.) - - Apply license to SAP HANA - -3. **SAP HANA High Availability tasks** - - Install SAP HANA System Replication - - Install Linux Pacemaker, configure Pacemaker Fencing Agents for a given Infrastructure Platform - - Configure Linux Pacemaker Resource Agents for SAP HANA - -4. **Every SAP Software installation via SAP Software Provisioning Manager (SWPM)** - - Execute SAP SWPM Unattended installation - - Using on-the-fly generated inifile.params from Ansible Variables - - Using a list of inifile parameters in an Ansible Dictionary - - Re-using an existing inifile.params - -5. **SAP NetWeaver High Availability tasks** - - Install Linux Pacemaker, configure Pacemaker Fencing Agents for a given Infrastructure Platform - - Configure Linux Pacemaker Resource Agents for SAP NetWeaver ASCS/ERS - - -## Execution - -An Ansible Playbook is the file created and executed by an end-user, which imports from Ansible Collections to perform various activities on the target hosts. - -The Ansible Playbook can call either an Ansible Role, or directly call the individual Ansible Modules: - -- **Ansible Roles** (runs multiple Ansible Modules) -- **Ansible Modules** (and adjoining Python/Bash Functions) - -It is strongly recommended to execute these Ansible Roles in accordance to best practice Ansible usage, where an Ansible Playbook is executed from a host and Ansible will login to a target host to perform the activities. - -> If an Ansible Playbook is executed from the target host itself (similar to logging in and running a shell script), this is known as an Ansible Playbook 'localhost execution' and is not recommended as it has limitations on SAP Software installations (particularly installations across multiple hosts). - -At a high-level, complex executions with various interlinked activities are run in parallel or sequentially using the following execution structure: - -``` -Ansible Playbook --> source Ansible Collection --> execute Ansible Task ----> run Ansible Role ------> run Ansible Module (e.g. built-in Ansible Module for Shell) -``` - -### Execution examples - -There are various methods to execute the Ansible Collection, dependent on the use case. - -For more information, see [Getting started](./getting_started#readme) and edit the [sample Ansible Playbooks in `/playbooks`](../playbooks/). - - -## Requirements and Dependencies - -### Target host - Operating System requirements - -Designed for Linux operating systems, e.g. RHEL (7.x, 8.x, 9.x) and SLES (15 SPx). - -This Ansible Collection has not been tested and amended for SAP NetWeaver Application Server instantiations on IBM AIX or Windows Server. - -Assumptions for executing the Ansible Roles from this Ansible Collection include: - -- Registered OS -- OS Package repositories are available (from the relevant content delivery network of the OS vendor) - -N.B. The Ansible Collection works with SLES from version 15 SP3 and upwards, for the following reasons: - -- firewalld is used within the Ansible Collection. In SLES 15 SP3, firewalld became the replacement for nftables. See changelog [SLE-16300](https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15-SP3/index.html#jsc-SLE-16300) -- SELinux is used within the Ansible Collection. While introduced earlier with community support, full support for SELinux was provided as of SLES 15 SP3. See changelog [SLE-17307](https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15-SP3/index.html#jsc-SLE-17307) - -### Execution/Controller host - Operating System requirements - -Execution of Ansible Playbooks using this Ansible Collection have been tested with: -- Python 3.10.14 and above (i.e. CPython distribution) -- Ansible Core 2.16.9 and above _(included with optional installation of Ansible Community Edition 5.0 and above)_ -- OS: macOS with Homebrew, RHEL, SLES, and containers in Task Runners (e.g. Azure DevOps) - -#### Ansible Core version - -This Ansible Collection was designed for maximum backwards compatibility, with full compatibility starting from Ansible Core 2.16.9 and above. - -**Note 1:** Ansible 2.9 was the last release before the Ansible project was split into Ansible Core and Ansible Community Edition, and was before Ansible Collections functionality was introduced. This Ansible Collection should execute when Ansible 2.9 is used, but it is not recommended and errors should be expected (and will not be resolved). - -**Note 2:** Ansible Core versions prior to 2.14.12 , 2.15.8 , and 2.16.1 where `CVE-2023-5764` (templating inside `that` statement of `assert` Ansible Tasks) security fix was addressed, will work after `v1.3.4` of this Ansible Collection. Otherwise an error similar to the following will occur: - -```yaml -fatal: [host01]: FAILED! => - msg: 'The conditional check ''13 <= 128'' failed. The error was: Conditional is marked as unsafe, and cannot be evaluated.' -``` - - -## Testing - -Various SAP Software solutions have been extensively tested. - -Prior to each release, basic scenarios are executed to confirm functionality is working as expected; including SAP S/4HANA installation. - -Important note: it is not possible for the project maintainers to test every SAP Software installation and solution scenario for each OS hosted on each Infrastructure Platform, if an error is identified please raise a [GitHub Issue](/../../issues/). - - -### Ansible Roles Lint Status - -| Role Name | Ansible Lint Status | -| :--- | :--- | -| [sap_anydb_install_oracle](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_anydb_install_oracle) | N/A | -| [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) | [![Ansible Lint for sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_general_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_general_preconfigure.yml) | -| [sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_install_hana_hsr) | [![Ansible Lint for sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_install_hana_hsr.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_install_hana_hsr.yml) | -| [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster) | [![Ansible Lint for sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_pacemaker_cluster.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_pacemaker_cluster.yml) | -| [sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_install) | [![Ansible Lint for sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_install.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_install.yml) | -| [sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) | [![Ansible Lint for sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_preconfigure.yml) | -| [sap_hostagent](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hostagent) | N/A | -| [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) | N/A | -| [sap_maintain_etc_hosts](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_maintain_etc_hosts) | [![Ansible Lint for sap_maintain_etc_hosts](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_maintain_etc_hosts.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_maintain_etc_hosts.yml) | -| [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure) | [![Ansible Lint for sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_netweaver_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_netweaver_preconfigure.yml) | -| [sap_storage_setup](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_storage_setup) | N/A | -| [sap_swpm](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_swpm) | [![Ansible Lint for sap_swpm](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_swpm.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_swpm.yml) | diff --git a/docs/getting_started/README.md b/docs/getting_started/README.md index 7788e3c4d..c5b79b2c1 100644 --- a/docs/getting_started/README.md +++ b/docs/getting_started/README.md @@ -6,6 +6,7 @@ In this folder you will find sample files, a few additional tips for using the p - [Inventory and variable parameters](#inventory-and-variable-parameters) - [Security parameters](#security-parameters) - [Other useful options](#other-useful-options) + - [Improve readability of playbook output in terminal](#improve-readability-of-playbook-output-in-terminal) ## How to run playbooks @@ -95,3 +96,34 @@ These are not all available options, but ones that may help getting familiar wit Be careful to choose a task which covers pre-requisites, i.e. tasks that discover information which is used in subsequent tasks have to be run to fulfill conditionals. - `-C` attempts a dry-run of the playbook without applying actual changes. This is limited to simple tasks that do not require other changes already been done in previous tasks. - `--step` this executes the playbook but will prompt for every task to be run or skipped. At the prompt it can also be told to continue and not ask again, however. Useful to slow down execution and review each tasks result before proceeding with the next task. + +### Improve readability of playbook output in terminal +Note: For terminals with dark background, replace the color code `30m` by `37m`. +In case you need to make an invisible font readable on a terminal with dark background, run the following command in the terminal: +```yaml +printf "\033[37mreadable font\n" +``` +In case you need to make an invisible font readable on a terminal with bright background, run the following command in the terminal: +```yaml +printf "\033[30mreadable font\n" +``` + +Execution of `sap_general_preconfigure` playbook with a nice compact and colored output, this time for two hosts: +```console +ansible-playbook sap.yml -l host_1,host_2 -e "{sap_general_preconfigure_assert: yes, sap_general_preconfigure_assert_ignore_errors: yes}" | +awk '{sub (" \"msg\": ", "")} + /TASK/{task_line=$0} + /fatal:/{fatal_line=$0; nfatal[host]++} + /...ignoring/{nfatal[host]--; if (nfatal[host]<0) nfatal[host]=0} + /^[a-z]/&&/: \[/{gsub ("\\[", ""); gsub ("]", ""); gsub (":", ""); host=$2} + /SAP note/{print "\033[30m[" host"] "$0} + /FAIL:/{nfail[host]++; print "\033[31m[" host"] "$0} + /WARN:/{nwarn[host]++; print "\033[33m[" host"] "$0} + /PASS:/{npass[host]++; print "\033[32m[" host"] "$0} + /INFO:/{print "\033[34m[" host"] "$0} + /changed/&&/unreachable/{print "\033[30m[" host"] "$0} + END{print ("---"); for (var in npass) {printf ("[%s] ", var); if (nfatal[var]>0) { + printf ("\033[31mFATAL ERROR!!! Playbook might have been aborted!!!\033[30m Last TASK and fatal output:\n"); print task_line, fatal_line + } + else printf ("\033[31mFAIL: %d \033[33mWARN: %d \033[32mPASS: %d\033[30m\n", nfail[var], nwarn[var], npass[var])}}' +``` diff --git a/requirements.yml b/requirements.yml index 16eeebcac..f5fb3c623 100644 --- a/requirements.yml +++ b/requirements.yml @@ -5,5 +5,5 @@ collections: version: '>=1.13.0' type: galaxy - name: community.general - version: latest + version: '>=9.0.0' type: galaxy diff --git a/roles/sap_anydb_install_oracle/README.md b/roles/sap_anydb_install_oracle/README.md index 9db03c630..c7e0cdd2c 100644 --- a/roles/sap_anydb_install_oracle/README.md +++ b/roles/sap_anydb_install_oracle/README.md @@ -1,54 +1,159 @@ + # sap_anydb_install_oracle Ansible Role + -Ansible role for Oracle DB 19.x installation for SAP +## Description + +The Ansible role `sap_anydb_install_oracle` is used to install Oracle Database 19.x for SAP system. + + + + + ## Prerequisites +Managed Nodes: +- Directory with installation media is present and `sap_anydb_install_oracle_extract_path` updated.
+ Download can be completed using [community.sap_launchpad](https://github.com/sap-linuxlab/community.sap_launchpad) Ansible Collection. + -### Software Installation files +## Execution + + + + + + +### Execution Flow + +1. Prepare OS: Install packages, create users, create folders and copy installation media. +2. Install Oracle Database in desired method +3. Execute post installation tasks +4. Apply Oracle Patches if available + + +### Example + +```yaml +--- +- name: Ansible Play for Oracle Database installation + hosts: oracle_host + become: true + tasks: + - name: Execute Ansible Role sap_anydb_install_oracle + ansible.builtin.include_role: + name: community.sap_install.sap_anydb_install_oracle + vars: + sap_anydb_install_oracle_method: minimal + sap_anydb_install_oracle_sid: "OR1" + sap_anydb_install_oracle_base: "/oracle" + sap_anydb_install_oracle_system_password: "Password1%" + sap_anydb_install_oracle_extract_path: "/software/oracledb_extracted" +``` + -Download installation media from SAP Download Center on host, and set Ansible Variable `sap_anydb_install_oracle_extract_path` to this path. + + -### Default Parameters + + -Please check the default parameters file for more information on other parameters that can be used as an input -- [**sap_anydb_install_oracle** default parameters](defaults/main.yml) +## License + +Apache 2.0 + -## Execution +## Maintainers + +- [Sean Freeman](https://github.com/sean-freeman) + -Sample Ansible Playbook Execution: +## Role Variables + +### sap_anydb_install_oracle_prep_reboot_ok -- Local Host Installation - - `ansible-playbook --connection=local --limit localhost -i "localhost," sap-anydb-oracle-install.yml -e "@inputs/oracledb.install"` +- _Type:_ `bool` +- _Default:_ `True` -- Target Host Installation - - `ansible-playbook -i "" sap-anydb-oracle-install.yml -e "@inputs/oracledb.install"` +Allows reboot of Managed node after packages are installed during pre-steps tasks. -## Sample playbook +### sap_anydb_install_oracle_prep_fail_if_reboot_required -```yaml ---- -- hosts: all - become: true +- _Type:_ `bool` +- _Default:_ `False` - collections: - - community.sap_install +Enable to fail execution if packages are installed during pre-steps tasks, but you don't want to proceed with reboot. - vars: - sap_anydb_install_oracle_method: minimal - sap_anydb_install_oracle_sid: "OR1" - sap_anydb_install_oracle_base: "/oracle" - sap_anydb_install_oracle_system_password: "Password1%" - sap_anydb_install_oracle_extract_path: "/software/oracledb_extracted" +### sap_anydb_install_oracle_prep_precheck - - name: Execute Ansible Role sap_anydb_install_oracle - include_role: - name: { role: community.sap_install.sap_anydb_install_oracle } -``` +- _Type:_ `bool` +- _Default:_ `False` -## License +Enable to execute installation in Check mode to verify all inputs. This is extra validation and it does not disable installation. + +### sap_anydb_install_oracle_method + +- _Type:_ `string` +- _Default:_ `minimal` + +Select installation method out of available: `minimal` or `responsefile`. + +### sap_anydb_install_oracle_sid: + +- _Type:_ `string` +- _Default:_ `OR1` + +Enter Oracle Database SID. + +### sap_anydb_install_oracle_base + +- _Type:_ `string` +- _Default:_ `/oracle` + +Enter base folder for Oracle Database installation. + +### sap_anydb_install_oracle_filesystem_storage + +- _Type:_ `string` +- _Default:_ `/oradata` + +Enter path for `oracle.install.db.config.starterdb.fileSystemStorage.dataLocation` + +### sap_anydb_install_oracle_inventory_central + +- _Type:_ `string` +- _Default:_ `/oraInventory` + +Enter path for `INVENTORY_LOCATION` + +### sap_anydb_install_oracle_system_password + +- _Type:_ `string` + +Enter password for Oracle SYSTEM user. + +### sap_anydb_install_oracle_extract_path + +- _Type:_ `string` + +Enter path of Installation media, for example: `/software`. + +### sap_anydb_install_oracle_patch_opatch_zip + +- _Type:_ `string` + +Enter name of Oracle opatch file, for example: `OPATCH19P_2308-70004508.ZIP` + +### sap_anydb_install_oracle_patch_sap_zip + +- _Type:_ `string` + +Enter name of Oracle SAP patch file, for example: `SAP19P_2311-70004508.ZIP` -Apache license 2.0 +### sap_anydb_install_oracle_patch_enable -## Author Information +- _Type:_ `bool` +- _Default:_ `False` -Sean Freeman +Enable to allow post-installation patching. + \ No newline at end of file diff --git a/roles/sap_anydb_install_oracle/defaults/main.yml b/roles/sap_anydb_install_oracle/defaults/main.yml index 5fb993aae..ef7a5e71c 100644 --- a/roles/sap_anydb_install_oracle/defaults/main.yml +++ b/roles/sap_anydb_install_oracle/defaults/main.yml @@ -1,11 +1,11 @@ # SPDX-License-Identifier: Apache-2.0 --- -sap_anydb_install_oracle_prep_reboot_ok: yes +sap_anydb_install_oracle_prep_reboot_ok: true -sap_anydb_install_oracle_prep_fail_if_reboot_required: no +sap_anydb_install_oracle_prep_fail_if_reboot_required: false -sap_anydb_install_oracle_prep_precheck: no +sap_anydb_install_oracle_prep_precheck: false # minimal, responsefile sap_anydb_install_oracle_method: minimal diff --git a/roles/sap_general_preconfigure/README.md b/roles/sap_general_preconfigure/README.md index 65875d070..3511e61e9 100644 --- a/roles/sap_general_preconfigure/README.md +++ b/roles/sap_general_preconfigure/README.md @@ -1,32 +1,144 @@ + # sap_general_preconfigure Ansible Role + +![Ansible Lint for sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_general_preconfigure.yml/badge.svg) -This role installs required packages and performs configuration steps which are required for installing and running SAP NetWeaver or SAP HANA. Specific installation and configuration steps on top of these basic steps are performed with roles sap-netweaver-preconfigure and sap-hana-preconfigure. Future implementations may reduce the scope of this role, for example if certain installation or configuration steps are done in the more specific roles. +## Description + +The Ansible role `sap_general_preconfigure` installs required packages and performs basic OS configuration steps according to applicable SAP notes for installing and running SAP HANA or SAP ABAP Application Platform (formerly known as SAP NetWeaver). -For SLES systems, this role may not be necessary. The majority of SAP preparation and tuning is covered by `saptune` which is configured in the `sap_hana_preconfigure` and `sap_netweaver_preconfigure` roles. +Specific installation and configuration steps then have to be performed with the roles [sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) and [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure). + -## Requirements - -The role requires additional collections which are specified in `meta/collection-requirements.yml`. Before using this role, -make sure that the required collections are installed, for example by using the following command: - -`ansible-galaxy install -vv -r meta/collection-requirements.yml` - -To use this role, your system needs to be installed according to: -- RHEL 7: SAP note 2002167, Red Hat Enterprise Linux 7.x: Installation and Upgrade, section "Installing Red Hat Enterprise Linux 7" -- RHEL 8: SAP note 2772999, Red Hat Enterprise Linux 8.x: Installation and Configuration, section "Installing Red Hat Enterprise Linux 8". -- RHEL 9: SAP note 3108316, Red Hat Enterprise Linux 9.x: Installation and Configuration, section "Installing Red Hat Enterprise Linux 9". - -Note ----- -Do not run this role against an SAP or other production system. The role will enforce a certain configuration on the managed node(s), which might not be intended. + +## Dependencies +- `fedora.linux_system_roles` + - Roles: + - `selinux` +- `community.sap_install` (This collection) + - Roles: + - `sap_maintain_etc_hosts` + +Install required collections by `ansible-galaxy install -vv -r meta/collection-requirements.yml`. + + + +## Prerequisites + +(Red Hat specific) Ensure system is installed according to: +- RHEL 8: SAP note 2772999, Red Hat Enterprise Linux 8.x: Installation and Configuration, section `Installing Red Hat Enterprise Linux 8`. +- RHEL 9: SAP note 3108316, Red Hat Enterprise Linux 9.x: Installation and Configuration, section `Installing Red Hat Enterprise Linux 9`. + + + +## Execution + +**:warning: Do not execute this Ansible Role against existing SAP systems unless you know what you are doing and you prepare inputs to avoid unintended changes caused by default inputs.** + + + + + +### Execution Flow + +1. Assert that required inputs were provided. +2. Install required packages and patch system if `sap_general_preconfigure_update:true` +3. Apply configurations based on SAP Notes +4. Reboot Managed nodes if packages were installed or patched and `sap_general_preconfigure_reboot_ok: true` + + +### Example + +```yaml +--- +- name: Ansible Play for SAP HANA HA Scale-up preconfigure + hosts: hana_primary, hana_secondary + become: true + tasks: + - name: Execute Ansible Role sap_general_preconfigure + ansible.builtin.include_role: + name: community.sap_install.sap_general_preconfigure +``` +Further referenced as `example.yml` + - -## Role Input Parameters + +### Role Tags +With the following tags, the role can be called to perform certain activities only: +- tag `sap_general_preconfigure_installation`: Perform only the installation tasks +- tag `sap_general_preconfigure_configuration`: Perform only the configuration tasks +- tag `sap_general_preconfigure_3108316`: Perform only the tasks(s) related to this SAP note. +- tag `sap_general_preconfigure_2772999_03`: Perform only the tasks(s) related to step 3 of the SAP note. +- tag `sap_general_preconfigure_etc_hosts`: Perform only the tasks(s) related to this step. This step might be one of multiple + configuration activities of a SAP note. Also this step might be valid for multiple RHEL major releases. -#### Minimum required parameters: +
+ How to run sap_general_preconfigure with tags + + #### Perform only installation tasks: + ```console + ansible-playbook sap.yml --tags=sap_general_preconfigure_installation + ``` + + #### Perform only configuration tasks: + ```console + ansible-playbook sap.yml --tags=sap_general_preconfigure_configuration + ``` + + #### Verify and modify /etc/hosts file: + ```console + ansible-playbook sap.yml --tags=sap_general_preconfigure_etc_hosts + ``` + + #### Perform all configuration steps except verifying and modifying the /etc/hosts file + ``` + ansible-playbook sap.yml --tags=sap_general_preconfigure_configuration --skip_tags=sap_general_preconfigure_etc_hosts + ``` + + #### (Red Hat) Perform configuration activities related to SAP note 3108316 (RHEL 9) + ``` + ansible-playbook sap.yml --tags=sap_general_preconfigure_3108316 + ``` + + #### (Red Hat) Perform configuration activities related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9) + ``` + ansible-playbook sap.yml --tags=sap_general_preconfigure_3108316_02 + ``` + + #### (Red Hat) Perform all configuration activities except those related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific) + ``` + ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration --skip_tags=sap_general_preconfigure_3108316_02 + ``` +
+ + + +## Further Information +For more examples on how to use this role in different installation scenarios, refer to the [ansible.playbooks_for_sap](https://github.com/sap-linuxlab/ansible.playbooks_for_sap) playbooks. + -This role does not require any parameter to be set in the playbook or inventory. +## License + +Apache 2.0 + + +## Maintainers + +- [Bernd Finger](https://github.com/berndfinger) + + +## Role Variables + +### Controlling execution with input parameters +Extended Check (assert) run, aborting for any error which has been found: +```yaml +ansible-playbook sap.yml -l remote_host -e "{sap_general_preconfigure_assert: yes}" +``` +Extended Check (assert) run, not aborting even if an error has been found: +```yaml +ansible-playbook sap.yml -l remote_host -e "{sap_general_preconfigure_assert: yes,sap_general_preconfigure_assert_ignore_errors: no}" +``` ### sap_general_preconfigure_config_all - _Type:_ `bool` @@ -72,13 +184,11 @@ This is useful if the role is used for reporting a system's SAP notes compliance ### sap_general_preconfigure_system_roles_collection - _Type:_ `str` - _Default:_ `'fedora.linux_system_roles'` -- _Possible Values:_
- - `fedora.linux_system_roles` - - `redhat.rhel_system_roles` Set which Ansible Collection to use for the Linux System Roles.
-For community/upstream, use 'fedora.linux_system_roles'
-For the RHEL System Roles for SAP, or for Red Hat Automation Hub, use 'redhat.rhel_system_roles'
+Available values: +- `fedora.linux_system_roles` - for community/upstream.
+- `redhat.rhel_system_roles` - for the RHEL System Roles for SAP, or for Red Hat Automation Hub.
### sap_general_preconfigure_enable_repos - _Type:_ `bool` @@ -331,125 +441,4 @@ Example: ```yaml sap_general_preconfigure_db_group_name: dba ``` - - - -## Tags (RHEL systems only) - -With the following tags, the role can be called to perform certain activities only: -- tag `sap_general_preconfigure_installation`: Perform only the installation tasks -- tag `sap_general_preconfigure_configuration`: Perform only the configuration tasks -- tag `sap_general_preconfigure_3108316`: Perform only the tasks(s) related to this SAP note. -- tag `sap_general_preconfigure_2772999_03`: Perform only the tasks(s) related to step 3 of the SAP note. -- tag `sap_general_preconfigure_etc_hosts`: Perform only the tasks(s) related to this step. This step might be one of multiple - configuration activities of a SAP note. Also this step might be valid for multiple RHEL major releases. - -Sample call for only performing all installation and configuration tasks (sample playbook name sap.yml, see the next section for -an example). This is the default behavior. If no tag is specified, all installation and configuration tasks are enabled: -``` -# ansible-playbook sap.yml -``` - -Sample call for only performing all installation tasks: -``` -# ansible-playbook sap.yml --tags=sap_general_preconfigure_installation -``` - -Sample call for only performing all configuration tasks: -``` -# ansible-playbook sap.yml --tags=sap_general_preconfigure_configuration -``` - -Sample call for only verifying and modifying the /etc/hosts file: -``` -# ansible-playbook sap.yml --tags=sap_general_preconfigure_etc_hosts -``` - -Sample call for performing all configuration steps except verifying and modifying the /etc/hosts file: -``` -# ansible-playbook sap.yml --tags=sap_general_preconfigure_configuration --skip_tags=sap_general_preconfigure_etc_hosts -``` - -Sample call for only performing the configuration activities related to SAP note 3108316 (RHEL 9 specific): -``` -# ansible-playbook sap.yml --tags=sap_general_preconfigure_3108316 -``` - -Sample call for performing all configuration activities except those related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): -Sample call for only performing the configuration activities related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): -``` -# ansible-playbook sap.yml --tags=sap_general_preconfigure_3108316_02 -``` - -Sample call for performing all configuration activities except those related to step 2 (SELinux settings) of SAP note 3108316 (RHEL 9 specific): -``` -# ansible-playbook sap-general-preconfigure.yml --tags=sap_general_preconfigure_configuration --skip_tags=sap_general_preconfigure_3108316_02 -``` - -## Dependencies - -This role does not depend on any other role. - -## Example Playbook - -Simple playbook, named sap.yml: -```yaml ---- -- hosts: all - roles: - - role: sap_general_preconfigure -``` - -## Example Usage - -Normal run: -```yaml -ansible-playbook sap.yml -l remote_host -``` - -Extended Check (assert) run, aborting for any error which has been found: -```yaml -ansible-playbook sap.yml -l remote_host -e "{sap_general_preconfigure_assert: yes}" -``` - -Extended Check (assert) run, not aborting even if an error has been found: -```yaml -ansible-playbook sap.yml -l remote_host -e "{sap_general_preconfigure_assert: yes, sap_general_preconfigure_assert_ignore_errors: no}" -``` - -Same as above, with a nice compact and colored output, this time for two hosts: -```yaml -ansible-playbook sap.yml -l host_1,host_2 -e "{sap_general_preconfigure_assert: yes, sap_general_preconfigure_assert_ignore_errors: yes}" | -awk '{sub (" \"msg\": ", "")} - /TASK/{task_line=$0} - /fatal:/{fatal_line=$0; nfatal[host]++} - /...ignoring/{nfatal[host]--; if (nfatal[host]<0) nfatal[host]=0} - /^[a-z]/&&/: \[/{gsub ("\\[", ""); gsub ("]", ""); gsub (":", ""); host=$2} - /SAP note/{print "\033[30m[" host"] "$0} - /FAIL:/{nfail[host]++; print "\033[31m[" host"] "$0} - /WARN:/{nwarn[host]++; print "\033[33m[" host"] "$0} - /PASS:/{npass[host]++; print "\033[32m[" host"] "$0} - /INFO:/{print "\033[34m[" host"] "$0} - /changed/&&/unreachable/{print "\033[30m[" host"] "$0} - END{print ("---"); for (var in npass) {printf ("[%s] ", var); if (nfatal[var]>0) { - printf ("\033[31mFATAL ERROR!!! Playbook might have been aborted!!!\033[30m Last TASK and fatal output:\n"); print task_line, fatal_line - } - else printf ("\033[31mFAIL: %d \033[33mWARN: %d \033[32mPASS: %d\033[30m\n", nfail[var], nwarn[var], npass[var])}}' -``` -Note: For terminals with dark background, replace the color code `30m` by `37m`. -In case you need to make an invisible font readable on a terminal with dark background, run the following command in the terminal: -```yaml -printf "\033[37mreadable font\n" -``` -In case you need to make an invisible font readable on a terminal with bright background, run the following command in the terminal: -```yaml -printf "\033[30mreadable font\n" -``` - -## License - -Apache license 2.0 - -## Author Information - -Red Hat for SAP Community of Practice, Bernd Finger, Markus Koch, Rainer Leber + \ No newline at end of file diff --git a/roles/sap_ha_install_anydb_ibmdb2/README.md b/roles/sap_ha_install_anydb_ibmdb2/README.md index 808f032ed..92e604b03 100644 --- a/roles/sap_ha_install_anydb_ibmdb2/README.md +++ b/roles/sap_ha_install_anydb_ibmdb2/README.md @@ -1,82 +1,111 @@ `EXPERIMENTAL` - + # sap_ha_install_anydb_ibmdb2 Ansible Role + -Ansible Role for instantiation of IBM Db2 'Integrated Linux Pacemaker' HADR cluster +## Description + +The Ansible Role for instantiation of IBM Db2 'Integrated Linux Pacemaker' HADR cluster. -Note: IBM Db2 with 'Integrated Linux Pacemaker' can use two deployment models: +**NOTE:** IBM Db2 with 'Integrated Linux Pacemaker' can use two deployment models: - Mutual Failover option, **not** covered by this Ansible Role -- High Availability and Disaster Recovery (HADR) option for Idle Standby, initialised by this Ansible Role +- High Availability and Disaster Recovery (HADR) option for Idle Standby, initialized by this Ansible Role + + + + ## Prerequisites +Managed nodes: +- Directory with installation media is present and `sap_ha_install_anydb_ibmdb2_software_directory` updated. Download can be completed using [community.sap_launchpad](https://github.com/sap-linuxlab/community.sap_launchpad) Ansible Collection. -### Software Installation files - -Download IBM Db2 installation media from SAP Download Center on host, and set Ansible Variable `sap_ha_install_anydb_ibmdb2_software_directory` to this path. - -### Variables - -- `sap_ha_install_anydb_ibmdb2_hostname_primary` with the IBM Db2 Primary node hostname -- `sap_ha_install_anydb_ibmdb2_hostname_secondary` with the IBM Db2 Secondary node hostname -- `sap_ha_install_anydb_ibmdb2_sid` with the IBM Db2 System ID -- `sap_ha_install_anydb_ibmdb2_software_directory` with the IBM Db2 installation media path - -These are listed in the default variables file, but commented-out to enforce the required variables: -- [**sap_ha_install_anydb_ibmdb2** default parameters](defaults/main.yml) - -## Requirements and Dependencies +Software compatibility: +- This Ansible Role is applicable to IBM Db2 11.5 certified for SAP. +- It is applicable to 11.5.9 and later, which provides `db2cm` binary compatibility for AWS, GCP and MS Azure. + -This Ansible Role is applicable to IBM Db2 11.5 certified for SAP. - -It is applicable to 11.5.9 and later, which provides `db2cm` binary compatibility for AWS, GCP and MS Azure. +## Execution + +### Supported Platforms +| Platform | Status | Notes | +| -------- | --------- | --------- | +| AWS EC2 Virtual Servers | :heavy_check_mark: | | +| Google Cloud Compute Engine Virtual Machine | :heavy_check_mark: | | +| Microsoft Azure Virtual Machines | :heavy_check_mark: | | +| IBM Cloud Virtual Server | :heavy_check_mark: | | + + + + + +### Execution Flow + +1. Assert that required inputs were provided. +2. Detect target infrastructure platform. +3. Execute platform specific configuration. +4. Instantiate IBM Db2 'Integrated Linux Pacemaker' HADR cluster. + + +### Example + +```yaml +--- +- name: Ansible Play for IBM Db2 Database installation + hosts: db2_host + become: true + tasks: + - name: Execute Ansible Role sap_ha_install_anydb_ibmdb2 + ansible.builtin.include_role: + name: community.sap_install.sap_ha_install_anydb_ibmdb2 + vars: + sap_ha_install_anydb_ibmdb2_sid: SD1 # Sandbox Database for D01 SAP System + sap_ha_install_anydb_ibmdb2_hostname_primary: db2-p + sap_ha_install_anydb_ibmdb2_hostname_secondary: db2-s + sap_ha_install_anydb_ibmdb2_software_directory: /software/ibmdb2_extracted +``` + -### Target host - Infrastructure Platforms + + -This Ansible Role contains Infrastructure Platform specific alterations for: -- AWS EC2 Virtual Servers -- Microsoft Azure Virtual Machines -- Google Cloud Compute Engine Virtual Machine -- IBM Cloud Virtual Server + + -### Target host - Operating System requirements +## License + +Apache 2.0 + -Designed for Linux operating systems, e.g. RHEL (7.x and 8.x) and SLES (15.x). +## Maintainers + +- [Sean Freeman](https://github.com/sean-freeman) + -## Execution +## Role Variables + +### sap_ha_install_anydb_ibmdb2_hostname_primary -Sample Ansible Playbook Execution: +- _Type:_ `string` -- Local Host Installation - - `ansible-playbook --connection=local --limit localhost -i "localhost," sap-ha-anydb-ibmdb2-init.yml -e "@inputs/ibmdb2_vars.yml` +Enter IBM Db2 Primary node hostname -- Target Host Installation - - `ansible-playbook -i "" sap-ha-anydb-ibmdb2-init.yml -e "@inputs/ibmdb2_vars.yml"` -## Sample Ansible Playbook +### sap_ha_install_anydb_ibmdb2_hostname_secondary -```yaml ---- -- hosts: all +- _Type:_ `string` - collections: - - community.sap_install +Enter IBM Db2 Secondary node hostname - vars: - sap_ha_install_anydb_ibmdb2_sid: SD1 # Sandbox Database for D01 SAP System - sap_ha_install_anydb_ibmdb2_hostname_primary: db2-p - sap_ha_install_anydb_ibmdb2_hostname_secondary: db2-s - sap_ha_install_anydb_ibmdb2_software_directory: /software/ibmdb2_extracted +### sap_ha_install_anydb_ibmdb2_sid - - name: Execute Ansible Role sap_ha_install_anydb_ibmdb2 - ansible.builtin.include_role: - name: community.sap_install.sap_ha_install_anydb_ibmdb2 -``` +- _Type:_ `string` -## License +Enter IBM Db2 System ID -Apache license 2.0 +### sap_ha_install_anydb_ibmdb2_software_directory -## Author Information +- _Type:_ `string` -Sean Freeman +Enter IBM Db2 installation media path + \ No newline at end of file diff --git a/roles/sap_ha_install_hana_hsr/README.md b/roles/sap_ha_install_hana_hsr/README.md index f8a5730b3..9d2a1ae21 100644 --- a/roles/sap_ha_install_hana_hsr/README.md +++ b/roles/sap_ha_install_hana_hsr/README.md @@ -1,70 +1,132 @@ + # sap_ha_install_hana_hsr Ansible Role + +![Ansible Lint for sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_install_hana_hsr.yml/badge.svg) -Ansible role for SAP HANA System Replication Setup on 2 nodes. +## Description + +The Ansible Role `sap_ha_install_hana_hsr` is used to configure and enable SAP HANA System Replication between 2 nodes. + + + + + ## Prerequisites +Managed nodes: +- Same Operating system version +- SAP HANA is installed with same version on both nodes. + + +## Execution + + + + +### Recommended +It is recommended to execute this role together with other roles in this collection, in the following order: +1. [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) +2. [sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) +3. [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) +4. [sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_install) +5. *`sap_ha_install_hana_hsr`* + + +### Execution Flow + +1. Assert that required inputs were provided. +2. Verify connection between nodes. +3. Update /etc/hosts, hdbuserstore, Log mode, PKI +4. Execute database backup +5. Configure SAP HANA System Replication + + +### Example + +```yaml +--- +- name: Ansible Play for SAP HANA System Replication setup + hosts: hana_primary, hana_secondary + become: true + tasks: + - name: Execute Ansible Role sap_ha_install_hana_hsr + ansible.builtin.include_role: + name: community.sap_install.sap_ha_install_hana_hsr + vars: + sap_ha_install_hana_hsr_cluster_nodes: + - node_name: h01hana0 + node_ip: "10.10.10.10" + node_role: primary + hana_site: DC01 + + - node_name: h01hana1 + node_ip: "10.10.10.11" + node_role: secondary + hana_site: DC02 + + sap_ha_install_hana_hsr_sid: H01 + sap_ha_install_hana_hsr_instance_number: "01" + sap_ha_install_hana_hsr_hdbuserstore_system_backup_user: "HDB_SYSTEMDB" + sap_ha_install_hana_hsr_db_system_password: "Password" + sap_ha_install_hana_hsr_fqdn: example.com +``` + -- target nodes are on the same OS level -- target nodes are using the same SAP HANA release + + -## Overview + +## Further Information +For more examples on how to use this role in different installation scenarios, refer to the [ansible.playbooks_for_sap](https://github.com/sap-linuxlab/ansible.playbooks_for_sap) playbooks. + -The **sap_ha_install_hana_hsr** role is part of this system role sequence: +## License + +Apache 2.0 + -| Sequence | System Role | Description | -| :------: | :----------------------- | :----------------------------------------------------------- | -| 1. | sap_general_preconfigure | System Preparation for SAP | -| 2. | sap_hana_preconfigure | System Preparation for SAP HANA | -| 3. | sap_hana_install | Installation of SAP HANA Database | -| _4._ | _sap_ha_install_hana_hsr_ | _Configuration of SAP HANA System Replication_ | -| 5. | sap_ha_pacemaker_cluster | Linux Pacemaker cluster setup and SAP resources configuration | +## Maintainers + +- [Janine Fuchs](https://github.com/ja9fuchs) + -The **sap_ha_install_hana_hsr** roles configures a HANA system replication relationship which is used by the pacemaker cluster to automate SAP HANA System Replication (HSR). Prerequisite is the SAP HANA installation on the nodes. +## Role Variables + +### sap_ha_install_hana_hsr_sid -## Tasks included +- _Type:_ `string` +- _Default:_ `{{ sap_hana_sid }}` -| Task | Description | -| ---------------------- | ----------------------------------------------------------------------------------- | -| update_etchosts.yml | ensures that all nodes of the cluster are configured in all nodes' /etc/hosts | -| configure_firewall.yml | this will configure the firewall für HANA system replication (disabled) | -| hdbuserstore.yml | create a user in the hdbuserstore | -| log_mode.yml | check/set database logmode | -| pki_files.yml | copy pki file from primary to secondary database | -| run_backup.yml | perform backup on the primary note as pre required step for HANA system replication | -| configure_hsr.yml | enable HANA system replication on primary node and register secondary database node | +Enter SID of SAP HANA database. -## Common Variables/Parameters Used +### sap_ha_install_hana_hsr_instance_number -| Name | Description | Value | -| -------------------------------- | ------------------------------- | ---------------------- | -| sap_domain | Domain Name | example: `example.com` | -| sap_hana_sid | SAP ID | example: `RH1` | -| sap_hana_instance_number | Instance Number | example: `"00"` | -| sap_hana_install_master_password | DB System Password | -| sap_hana_cluster_nodes | Parameter list of cluster nodes | -| sap_hana_hacluster_password | Pacemaker hacluster Password | +- _Type:_ `string` +- _Default:_ `{{ sap_hana_instance_number }}` -## Role specific Variables +Enter string value of SAP HANA SID. -| Name | Description | Value | -| --------------------------------- | ---------------- | -------------------- | -| sap_ha_install_hana_hsr_rep_mode | replication mode | default is sync | -| sap_ha_install_hana_hsr_oper_mode | operation mode | default is logreplay | +### sap_ha_install_hana_hsr_cluster_nodes -## Example Parameter File +- _Type:_ `list` +- _Default:_ `{{ sap_hana_cluster_nodes }}` -```yaml -sap_hana_sid: "DB1" -sap_hana_instance_number: "00" -sap_hana_install_master_password: "my_hana-password" +List of cluster nodes and associated attributes to describe the target SAP HA environment.
+This is required for the HANA System Replication configuration.
-### Cluster Definition -sap_ha_install_pacemaker_cluster_name: cluster1 -sap_hana_hacluster_password: "my_hacluster-password" +- **hana_site**
+ Site of the cluster and/or SAP HANA System Replication node (for example 'DC01').
Mandatory for HANA clusters (sudo config for system replication). +- **node_ip**
+ IP address of the node used for HANA System Replication.
_Optional. Currently not needed/used in cluster configuration._ +- **node_name**
+ Name of the cluster node, should match the remote systems' hostnames.
_Optional. Currently not needed/used in cluster configuration._ +- **node_role**
+ Role of the defined `node_name` in the SAP HANA cluster setup.
There must be only **one** primary, but there can be multiple secondary nodes.
_Optional. Currently not needed/used in cluster configuration._ -sap_domain: example.com +Example: -sap_hana_cluster_nodes: +```yaml +sap_ha_install_hana_hsr_cluster_nodes: - node_name: node1 node_ip: 192.168.1.11 node_role: primary @@ -76,28 +138,44 @@ sap_hana_cluster_nodes: hana_site: DC02 ``` -### Execution Design +### sap_ha_install_hana_hsr_hdbuserstore_system_backup_user -Having the parameters specified as above, it can be executed with one command: +- _Type:_ `string` +- _Default:_ `HDB_SYSTEMDB` -```text -ansible-playbook example_playbook_with_parameters.ymnl -``` +Enter name of SYSTEM user for backup execution. -If you need to execute the role using an external handled, you can also limit the playbook for specific a **host** adding parameter defined in e **parameter_file**. +### sap_ha_install_hana_hsr_db_system_password -```text -ansible-playbook -l node1 example_playbook.yml -e @parameter_file.yml -``` +- _Type:_ `string` +- _Default:_ `{{ sap_hana_install_master_password }}` -A good way to start is executing the playbook with the option _--list_tasks_. You can than start a playbook with the option _--start-at-task_ at a specific point. _--list_task_ will not start any task. +Enter password of SYSTEM user for backup execution. -For more information please check +### sap_ha_install_hana_hsr_fqdn -```text -ansible-playbook --help -``` +- _Type:_ `string` +- _Default:_ {{ sap_domain }} -## License +Enter domain of SAP system, for example `example.com`. + +### sap_ha_install_hana_hsr_rep_mode + +- _Type:_ `string` +- _Default:_ `sync` + +Enter SAP HANA System Replication mode. + +### sap_ha_install_hana_hsr_oper_mode + +- _Type:_ `string` +- _Default:_ `logreplay` + +Enter SAP HANA System Replication operation mode. + +### sap_ha_install_hana_hsr_update_etchosts +- _Type:_ `bool` +- _Default:_ `True` -Apache license 2.0 +Enable to update /etc/hosts file. + \ No newline at end of file diff --git a/roles/sap_ha_pacemaker_cluster/README.md b/roles/sap_ha_pacemaker_cluster/README.md index de8c02791..97491599f 100644 --- a/roles/sap_ha_pacemaker_cluster/README.md +++ b/roles/sap_ha_pacemaker_cluster/README.md @@ -1,146 +1,180 @@ - + # sap_ha_pacemaker_cluster Ansible Role - + ![Ansible Lint for sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_pacemaker_cluster.yml/badge.svg) -Ansible Role for installation and configuration of Linux Pacemaker for High Availability of SAP Systems run on various Infrastructure Platforms. - -## Scope - -This Ansible Role provides: -- installation of Linux Pacemaker packages and dependencies -- configuration of Linux Pacemaker cluster with all relevant fencing agent and resource agent for an Infrastructure Platform and SAP Software (SAP HANA or SAP NetWeaver) -- setup and instantiation of Linux Pacemaker cluster (using `ha_cluster` Linux System Role) - -This Ansible Role has been tested for the following SAP Software Solution scenario deployments: -- SAP HANA Scale-up High Availability (SAPHanaSR Classic and SAPHanaSR-angi) -- SAP NetWeaver (ABAP) AS ASCS and ERS High Availability -- `Experimental:` SAP NetWeaver (ABAP) AS PAS and AAS High Availability -- `Experimental:` SAP NetWeaver (JAVA) AS SCS and ERS High Availability - -This Ansible Role contains Infrastructure Platform specific alterations for: -- AWS EC2 Virtual Servers -- `Beta:` Microsoft Azure Virtual Machines -- `Experimental:` Google Cloud Compute Engine Virtual Machine -- `Experimental:` IBM Cloud Virtual Server -- `Experimental:` IBM Power Virtual Server from IBM Cloud -- `Experimental:` IBM PowerVC hypervisor Virtual Machine - -Please note, this Ansible Role `sap_ha_pacemaker_cluster` is acting as a wrapper and generates the parameter definitions for a given SAP System, Infrastructure Platform specific variables and other additional steps to complete the SAP High Availability setup using Linux Pacemaker clusters. - -### Warnings :warning: - -- :warning: Do **not** execute this Ansible Role against already configured Linux Pacemaker cluster nodes; unless you know what you are doing and have prepared the input variables for the Ansible Role according to / matching to the existing Linux Pacemaker setup! -- :warning: Infrastructure Platforms not explicitly listed as available/tested are very unlikely to work. - -## Functionality - -_All of the following functionality is provided as **Technology Preview**._ - -### SAP HANA scale-up (performance-optimized) with SAP HANA System Replication, High Availability using Linux Pacemaker 2-node cluster - -| Platform | Usability | -| -------- | --------- | -| :heavy_check_mark: physical server | expected to work with any fencing method that is supported by the `ha_cluster` Linux System Role | -| :heavy_check_mark: OVirt VM | tested and working | -| :heavy_check_mark: AWS EC2 VS | platform detection and awscli setup included, tested and expected to work | +## Description + +The Ansible Role `sap_ha_pacemaker_cluster` is used to install and configure Linux Pacemaker High Availability clusters for SAP HANA and SAP Netweaver systems on various infrastructure platforms. + -### SAP NetWeaver (ABAP) ASCS and ERS, High Availability using Linux Pacemaker 2-node cluster + +## Dependencies +- `fedora.linux_system_roles` + - Roles: + - `ha_cluster` -| Platform | Usability | -| -------- | --------- | -| :heavy_check_mark: physical server | expected to work with any fencing method that is supported by the `ha_cluster` Linux System Role | -| :heavy_check_mark: OVirt VM | tested and working | -| :heavy_check_mark: AWS EC2 VS | platform detection and awscli setup included, tested and expected to work | - -## Requirements - -The Ansible Role requires the SAP HANA Database Server or SAP NetWeaver Application Server software installation to already exist on the target host/s. - -The target host must be either: -- Red Hat - - OS version: Registered RHEL4SAP (HA and US) 8.4+ - - OS package repositories enabled: SAP and High Availability -- SUSE - - OS version: Registered SLES for SAP 15+ (SLES4SAP 15+) - - OS package repositories enabled: HA Extension is part of registered SLES4SAP - - - -The Ansible Control System (where Ansible is executed from) must have: -- Ansible Core 2.9+ -- Access to dependency Ansible Collections and Ansible Roles: - - **Upstream**: - - Ansible Collection [`community.sap_install` from Ansible Galaxy](https://galaxy.ansible.com/community/sap_install) version `1.4.1` or later - - Ansible Collection [`fedora.linux_system_roles` from Ansible Galaxy](https://galaxy.ansible.com/fedora/linux_system_roles) version `1.82.0` or later - - **Supported (Downstream)** via Red Hat Ansible Automation Platform (AAP) license: - - Ansible Collection [`redhat.sap_install` from Red Hat Ansible Automation Platform Hub](https://console.redhat.com/ansible/automation-hub/repo/published/redhat/sap_install) version `1.3.0` or later - - Ansible Collection [`redhat.rhel_system_roles` from Red Hat Ansible Automation Platform Hub](https://console.redhat.com/ansible/automation-hub/repo/published/redhat/rhel_system_roles) version `1.20.0` or later - - **Supported (Downstream)** via RHEL4SAP license: - - RHEL System Roles for SAP RPM Package `rhel-system-roles-sap-3.6.0` or later - - RHEL System Roles RPM Package `rhel-system-roles-1.20.0` or later +Install required collections by `ansible-galaxy install -vv -r meta/collection-requirements.yml`. + + ## Prerequisites +Infrastructure: +- It is required to create them manually or using [sap_vm_provision](https://github.com/sap-linuxlab/community.sap_infrastructure/tree/main/roles/sap_vm_provision) role, because this role does not create any Cloud platform resources that are required by Resource Agents. -All SAP Software must be installed, and all remote/file storage mounts must be available with correct permissions defined by SAP documentation. For SAP HANA High Availability, SAP HANA System Replication must already be installed. +Managed nodes: +- Supported SAP system is installed. See [Recommended](#recommended) section. +- SAP HANA System Replication is configured for SAP HANA HA cluster. See [Recommended](#recommended) section. +- Operating system has access to all required packages +- All required ports are open (details below) -In addition, the following network ports must be available: - -| **SAP Technical Application and Component** | **Port** | +| SAP HANA System Replication process | Port | +| --- | --- | +| hdbnameserver
used for log and data shipping from a primary site to a secondary site.
System DB port number plus 10,000 | 4``01 | +| hdbnameserver
unencrypted metadata communication between sites.
System DB port number plus 10,000 | 4``02 | +| hdbnameserver
used for encrypted metadata communication between sites.
System DB port number plus 10,000 | 4``06 | +| hdbindexserver
used for first MDC Tenant database schema | 4``03 | +| hdbxsengine
used for SAP HANA XSC/XSA | 4``07| +| hdbscriptserver
used for log and data shipping from a primary site to a secondary site.
Tenant port number plus 10,000 | 4``40-97 | +| hdbxsengine
used for log and data shipping from a primary site to a secondary site.
Tenant port number plus 10,000 | 4``40-97 | + +| Linux Pacemaker process | Port | | --- | --- | -| **_SAP HANA System Replication_** | | -| hdbnameserver
used for log and data shipping from a primary site to a secondary site.
System DB port number plus 10,000 | 4``01 | -| hdbnameserver
unencrypted metadata communication between sites.
System DB port number plus 10,000 | 4``02 | -| hdbnameserver
used for encrypted metadata communication between sites.
System DB port number plus 10,000 | 4``06 | -| hdbindexserver
used for first MDC Tenant database schema | 4``03 | -| hdbxsengine
used for SAP HANA XSC/XSA | 4``07| -| hdbscriptserver
used for log and data shipping from a primary site to a secondary site.
Tenant port number plus 10,000 | 4``40-97 | -| hdbxsengine
used for log and data shipping from a primary site to a secondary site.
Tenant port number plus 10,000 | 4``40-97 | -| **_Linux Pacemaker_** | | | pcsd
cluster nodes requirement for node-to-node communication | 2224 (TCP)| | pacemaker
cluster nodes requirement for Pacemaker Remote service daemon | 3121 (TCP) | | corosync
cluster nodes requirement for node-to-node communication | 5404-5412 (UDP) | + + +## Execution + +**:warning: This ansible role will destroy and then recreate Linux Pacemaker cluster in process.**
+:warning: Do not execute this Ansible Role against existing Linux Pacemaker clusters unless you know what you are doing and you prepare inputs according to existing cluster. + +### Supported Platforms +| Platform | Status | Notes | +| -------- | --------- | --------- | +| Physical server | :heavy_check_mark: | Need to specify valid fence agent | +| AWS EC2 Virtual Servers | :heavy_check_mark: | | +| Google Cloud Compute Engine Virtual Machine | :heavy_check_mark: | | +| Microsoft Azure Virtual Machines | :heavy_check_mark: | | +| IBM Cloud Virtual Server | :heavy_check_mark: | | +| IBM Power Virtual Server from IBM Cloud | :heavy_check_mark: | | +| IBM PowerVC hypervisor Virtual Machine | :heavy_check_mark: | | +| OVirt VM | :heavy_check_mark: | | + +### Supported scenarios + +| Platform | Variant | Status | +| -------- | --------- | --------- | +| SAP HANA scale-up (performance-optimized) 2 nodes | SAPHanaSR Classic | :heavy_check_mark: | +| SAP HANA scale-up (performance-optimized) 2 nodes | SAPHanaSR-angi | :heavy_check_mark: | +| SAP NetWeaver (ABAP) ASCS and ERS 2 nodes | Classic | :heavy_check_mark: | +| SAP NetWeaver (ABAP) ASCS and ERS 2 nodes | Simple Mount | :heavy_check_mark: | + + + +### Recommended +It is recommended to execute this role together with other roles in this collection, in the following order:
+#### SAP HANA cluster +1. [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) +2. [sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) +3. [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) +4. [sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_install) +5. [sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_install_hana_hsr) +6. *`sap_ha_pacemaker_cluster`* + +#### SAP Netweaver cluster +1. [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) +2. [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure) +3. [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) +4. [sap_swpm](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_swpm) +5. *`sap_ha_pacemaker_cluster`* + + +### Execution Flow + +1. Assert that required inputs were provided. +2. Detect target infrastructure platform and prepare recommended inputs unless they were provided. +3. Prepare variables with all cluster parameters and resources. +4. Execute role `ha_cluster` from Ansible Collection `fedora.linux_system_roles` with prepared inputs. +5. Execute SAP product specific post tasks and verify cluster is running. + + +### Example + +```yaml +--- +- name: Ansible Play for SAP HANA HA Scale-up cluster setup + hosts: hana_primary, hana_secondary + become: true + tasks: + - name: Execute Ansible Role sap_ha_pacemaker_cluster + ansible.builtin.include_role: + name: community.sap_install.sap_ha_pacemaker_cluster + vars: + sap_ha_pacemaker_cluster_cluster_name: clusterhdb + sap_ha_pacemaker_cluster_hacluster_user_password: 'clusterpass' + + sap_ha_pacemaker_cluster_sap_type: saphana_scaleup + sap_ha_pacemaker_cluster_host_type: + - hana_scaleup_perf + + sap_ha_pacemaker_cluster_hana_sid: "H01" + sap_ha_pacemaker_cluster_hana_instance_nr: "01" + + sap_ha_pacemaker_cluster_cluster_nodes: + - node_name: h01hana0 + node_ip: "10.10.10.10" + node_role: primary + hana_site: DC01 + + - node_name: h01hana1 + node_ip: "10.10.10.11" + node_role: secondary + hana_site: DC02 + sap_ha_pacemaker_cluster_replication_type: none + sap_ha_pacemaker_cluster_vip_resource_group_name: viphdb +``` + -## Execution Flow - -The Ansible Role is sequential: -- Validate input Ansible Variables -- Identify host's Infrastructure Platform -- Generate Linux Pacemaker definition for given Infrastructure Platform and SAP Software -- Execute `ha_cluster` Ansible Role with Linux Pacemaker definition -- Instantiate Linux Pacemaker cluster - -## Tips - -Check out the [role variables of the `ha_cluster` Linux System Role](https://github.com/linux-system-roles/ha_cluster/blob/main/README.md) for additional possible settings that can be applied when using the `sap_ha_pacemaker_cluster` role. - -For example:
-Adding `ha_cluster_start_on_boot: false` to disable the automatic start of cluster services on boot. + + -## Sample + +## Further Information +For more examples on how to use this role in different installation scenarios, refer to the [ansible.playbooks_for_sap](https://github.com/sap-linuxlab/ansible.playbooks_for_sap) playbooks. -Please see a full sample using multiple hosts to create an SAP S/4HANA Distributed deployment in the [/playbooks](../../playbooks/) directory of the Ansible Collection `sap_install`. +Cluster can be further customized with inputs available from underlying role [ha_cluster](https://github.com/linux-system-roles/ha_cluster/blob/main/README.md), which will take precedence over `sap_ha_pacemaker_cluster` inputs. + ## License - + Apache 2.0 + -## Author Information - -Red Hat for SAP Community of Practice, Janine Fuchs, IBM Lab for SAP Solutions - - - ---- - -## Role Input Parameters +## Maintainers + +- [Janine Fuchs](https://github.com/ja9fuchs) +- [Marcel Mamula](https://github.com/marcelmamula) + +## Role Variables + Minimum required parameters for all clusters: - [sap_ha_pacemaker_cluster_hacluster_user_password](#sap_ha_pacemaker_cluster_hacluster_user_password) Additional minimum requirements depend on the type of cluster setup and on the target platform. +### sap_ha_pacemaker_cluster_hacluster_user_password + +- _Type:_ `string` + +**Mandatory Input Parameter.**
+The password of the `hacluster` user which is created during pacemaker installation.
+Inherits the value of `ha_cluster_hacluster_password`, when defined.
+ + ### sap_ha_pacemaker_cluster_aws_access_key_id - _Type:_ `string` @@ -315,13 +349,6 @@ sap_ha_pacemaker_cluster_ha_cluster: node_name: nodeA ``` -### sap_ha_pacemaker_cluster_hacluster_user_password required - -- _Type:_ `string` - -The password of the `hacluster` user which is created during pacemaker installation.
-Inherits the value of `ha_cluster_hacluster_password`, when defined.
- ### sap_ha_pacemaker_cluster_hana_automated_register - _Type:_ `bool` @@ -877,7 +904,7 @@ sap_ha_pacemaker_cluster_sbd_devices: Set this parameter to 'true' to enable workflow to add Stonith SBD resource.
Stonith SBD resource has to be provided as part of `sap_ha_pacemaker_cluster_stonith_custom`.
-Default SBD agents are: stonith:external/sbd for SLES and stonith:fence_sbd for RHEL
+Default SBD agents are: `stonith:external/sbd` for SUSE and `stonith:fence_sbd` for Red Hat.
Example: @@ -1042,9 +1069,10 @@ Default address of the NFS server, if not defined individually by filesystem.
-For community/upstream, use 'fedora.linux_system_roles'.
-For RHEL System Roles for SAP, or Red Hat Automation Hub, use 'redhat.rhel_system_roles'.
+Set which Ansible Collection to use for the Linux System Roles.
+Available values: +- `fedora.linux_system_roles` - for community/upstream.
+- `redhat.rhel_system_roles` - for the RHEL System Roles for SAP, or for Red Hat Automation Hub.
### sap_ha_pacemaker_cluster_vip_client_interface @@ -1150,5 +1178,4 @@ Name of the SAPInstance resource for NetWeaver PAS.
- _Default:_ `rsc_vip__HDB_readonly` Customize the name of the resource managing the Virtual IP of read-only access to the secondary HANA instance.
- - + \ No newline at end of file diff --git a/roles/sap_hana_install/README.md b/roles/sap_hana_install/README.md index 35d439c27..265c7f92e 100644 --- a/roles/sap_hana_install/README.md +++ b/roles/sap_hana_install/README.md @@ -1,80 +1,79 @@ + # sap_hana_install Ansible Role + +![Ansible Lint for sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_install.yml/badge.svg) -Ansible role for SAP HANA Installation +## Description + +The Ansible role `sap_hana_install` installs SAP HANA using the SAP HANA database lifecycle manager (HDBLCM). + -## Requirements + +## Dependencies +- `fedora.linux_system_roles` + - Roles: + - `selinux` -The role requires additional collections which are specified in `meta/collection-requirements.yml`. Before using this role, -make sure that the required collections are installed, for example by using the following command: +Install required collections by `ansible-galaxy install -vv -r meta/collection-requirements.yml`. + -`ansible-galaxy install -vv -r meta/collection-requirements.yml` +## Prerequisites + +Managed nodes: +- Directory with SAP Installation media is present and `sap_install_media_detect_source_directory` updated. Download can be completed using [community.sap_launchpad](https://github.com/sap-linuxlab/community). +- Ensure that servers are configured for SAP HANA. See [Recommended](#recommended) section. +- Ensure that volumes and filesystems are configured correctly. See [Recommended](#recommended) section. -### Configure your system for the installation of SAP HANA - -- Make sure required volumes and filesystems are configured in the host. -You can use the role `sap_storage_setup` to configure this. More info [here](/roles/sap_storage_setup) - -- Run the roles `sap_general_preconfigure` and `sap_hana_preconfigure` for installing required packages and -for configuring system settings. - -### SAP HANA Software Installation .SAR Files +### Prepare SAP HANA installation media Place the following files in directory /software/hana or in any other directory specified by variable `sap_hana_install_software_directory`: - 1. The SAPCAR executable for the correct hardware architecture - 2. The SAP HANA Installation .SAR file - SAP HANA 2.0 Server - `IMDB_SERVER*.SAR` file - 3. Optional - SAP HANA Components .SAR files - Include other optional components such as `IMDB_AFL*.SAR` or `IMDB_LCAPPS*.SAR` - 4. Optional - SAP Host Agent .SAR file - Include other optional components such as `SAPHOSTAGENT*SAR` -#### Sample Directory Contents - with .SAR files - -- Sample directory `sap_hana_install_software_directory` containing SAP HANA software installation files - ```console - [root@hanahost SAP_HANA_INSTALLATION]# ls -l *.EXE *.SAR - -rwxr-xr-x. 1 nobody nobody 149561376 Mar 4 2021 IMDB_AFL20_054_1-80001894.SAR - -rwxr-xr-x. 1 nobody nobody 211762405 Mar 4 2021 IMDB_CLIENT20_007_23-80002082.SAR - -rwxr-xr-x. 1 nobody nobody 4483040 Mar 4 2021 SAPCAR_1010-70006178.EXE - -rwxr-xr-x. 1 nobody nobody 109492976 Mar 4 2021 IMDB_LCAPPS_2054_0-20010426.SAR - -rwxr-xr-x. 1 nobody nobody 109752805 Mar 4 2021 VCH202000_2054_0-80005463.SAR - -rwxr-xr-x. 1 nobody nobody 3694683699 Mar 4 2021 IMDB_SERVER20_054_0-80002031.SAR - -rwxr-xr-x. 1 nobody nobody 89285401 Sep 30 04:24 SAPHOSTAGENT51_51-20009394.SAR - ``` - -If more than one SAPCAR EXE file is present in the software directory, the role will select the latest version -for the current hardware architecture. Alternatively, the file name of the SAPCAR EXE file can also be set with -variable `sap_hana_install_sapcar_filename`. Example: -``` -sap_hana_install_sapcar_filename: SAPCAR_1115-70006178.EXE -``` - -If more than one SAR file for a certain software product is present in the software directory, the automatic -handling of such SAR files will fail after extraction, when moving the newly created product directories -(like `SAP_HOST_AGENT`) to already existing destinations. -For avoiding such situations, use following variable to provide a list of SAR files to extract: - -`sap_hana_install_sarfiles`. - -Example: +Example of `sap_hana_install_software_directory` content for SAP HANA installation: +```console +[root@hanahost SAP_HANA_INSTALLATION]# ls -l *.EXE *.SAR +-rwxr-xr-x. 1 nobody nobody 149561376 Mar 4 2021 IMDB_AFL20_054_1-80001894.SAR +-rwxr-xr-x. 1 nobody nobody 211762405 Mar 4 2021 IMDB_CLIENT20_007_23-80002082.SAR +-rwxr-xr-x. 1 nobody nobody 4483040 Mar 4 2021 SAPCAR_1010-70006178.EXE +-rwxr-xr-x. 1 nobody nobody 109492976 Mar 4 2021 IMDB_LCAPPS_2054_0-20010426.SAR +-rwxr-xr-x. 1 nobody nobody 109752805 Mar 4 2021 VCH202000_2054_0-80005463.SAR +-rwxr-xr-x. 1 nobody nobody 3694683699 Mar 4 2021 IMDB_SERVER20_054_0-80002031.SAR +-rwxr-xr-x. 1 nobody nobody 89285401 Sep 30 04:24 SAPHOSTAGENT51_51-20009394.SAR ``` -sap_hana_install_sarfiles: - - SAPHOSTAGENT54_54-80004822.SAR - - IMDB_SERVER20_060_0-80002031.SAR -``` - -If there is a file named `.sha256` in the software download directory -`sap_hana_install_software_directory` which contains the checksum and the file name similar to the output -of the sha256sum command, the role will examine the sha256sum for the corresponding SAPCAR or SAR file and the -processing will continue only if the checksum matches. - -#### Extracted SAP HANA Software Installation Files +**Considerations:** +- If more than one SAPCAR EXE file is present in the software directory, the role will select the latest version + for the current hardware architecture. Alternatively, the file name of the SAPCAR EXE file can also be set with + variable `sap_hana_install_sapcar_filename`. Example: + ``` + sap_hana_install_sapcar_filename: SAPCAR_1115-70006178.EXE + ``` +- If more than one SAR file for a certain software product is present in the software directory, the automatic + handling of such SAR files will fail after extraction, when moving the newly created product directories + (like `SAP_HOST_AGENT`) to already existing destinations. + For avoiding such situations, use following variable to provide a list of SAR files to extract: `sap_hana_install_sarfiles`. + + Example: + ``` + sap_hana_install_sarfiles: + - SAPHOSTAGENT54_54-80004822.SAR + - IMDB_SERVER20_060_0-80002031.SAR + ``` + +- If there is a file named `.sha256` in the software download directory + `sap_hana_install_software_directory` which contains the checksum and the file name similar to the output + of the sha256sum command, the role will examine the sha256sum for the corresponding SAPCAR or SAR file and the + processing will continue only if the checksum matches. + + +### Extracted SAP HANA Software Installation Files This role will detect if there is a file `hdblcm` already present in the directory specified by variable `sap_hana_install_software_extract_directory` or in any directory below. If If found, it will skip the .SAR extraction phase and proceed with the installation. @@ -94,16 +93,16 @@ software extract directory is required then set `sap_hana_install_cleanup_extrac these cleanup actions are false. -- Sample directory `sap_hana_install_software_extract_directory` containing extracted SAP HANA software installation files - ```console - [root@hanahost extracted]# ll -lrt - drwxr-xr-x 4 root root 4096 Sep 30 04:55 SAP_HANA_AFL - drwxr-xr-x 5 root root 4096 Sep 30 04:55 SAP_HANA_CLIENT - drwxr-xr-x 4 root root 4096 Sep 30 04:55 SAP_HANA_LCAPPS - drwxr-xr-x 8 root root 4096 Sep 30 04:57 SAP_HANA_DATABASE - drwxr-xr-x 2 root root 4096 Sep 30 04:58 SAP_HOST_AGENT - drwxr-xr-x 4 root root 4096 Sep 30 04:58 VCH_AFL_2020 - ``` +- Example of directory `sap_hana_install_software_extract_directory` containing extracted SAP HANA software installation files +```console +[root@hanahost extracted]# ll -lrt +drwxr-xr-x 4 root root 4096 Sep 30 04:55 SAP_HANA_AFL +drwxr-xr-x 5 root root 4096 Sep 30 04:55 SAP_HANA_CLIENT +drwxr-xr-x 4 root root 4096 Sep 30 04:55 SAP_HANA_LCAPPS +drwxr-xr-x 8 root root 4096 Sep 30 04:57 SAP_HANA_DATABASE +drwxr-xr-x 2 root root 4096 Sep 30 04:58 SAP_HOST_AGENT +drwxr-xr-x 4 root root 4096 Sep 30 04:58 VCH_AFL_2020 +``` #### SAP HANA hdblcm Configfile Processing @@ -140,111 +139,23 @@ Note: If there is a file named `configfile.cfg` in the directory specified by ro will be performed. Be aware that when using this file, any modifications to role variables after creation of this file will not be reflected. -## Further Variables and Parameters - -### Input Parameters - -If the variable `sap_hana_install_check_sidadm_user` is set to `no`, the role will install SAP HANA even -if the sidadm user exists. Default is `yes`, in which case the installation will not be performed if the -sidadm user exists. - -The variable `sap_hana_install_new_system` determines if the role will perform a fresh SAP HANA installation -or if it will add further hosts to an existing SAP HANA system as specified by variable -`sap_hana_install_addhosts`. Default is `yes` for a fresh SAP HANA installation. - -The role can be configured to also set the required firewall ports for SAP HANA. If this is desired, set -the variable `sap_hana_install_update_firewall` to `yes` (default is `no`). The firewall ports are defined -in a variable which is compatible with the variable structure used by Linux System Role `firewall`. -The firewall ports for SAP HANA are defined in member `port` of the first field of variable -`sap_hana_install_firewall` (`sap_hana_install_firewall[0].port`), see file `defaults/main.yml`. If the -member `state` is set to `enabled`, the ports will be enabled. If the member `state` is set to `disabled`, -the ports will be disabled, which might be useful for testing. - -Certain parameters have identical meanings, for supporting different naming schemes in playbooks and inventories. -You can find those in the task `Rename some variables used by hdblcm configfile` of the file `tasks/main.yml`. -Example: The parameter `sap_hana_install_number`, which is used by the role to define the hdblm parameter `number` -(= SAP HANA instance number) can be defined by setting `sap_hana_instance_number`, `sap_hana_install_instance_nr`, -`sap_hana_install_instance_number`, or `sap_hana_install_number`. The order of precedence is from left to right. - -### Default Parameters - -Please check the default parameters file for more information on other parameters that can be used as an input -- [**sap_hana_install** default parameters](defaults/main.yml) + ## Execution - -Sample Ansible Playbook Execution - -- Local Host Installation - - `ansible-playbook --connection=local --limit localhost -i "localhost," sap-hana-install.yml -e "@inputs/HDB.install"` - -- Target Host Installation - - `ansible-playbook -i "" sap-hana-install.yml -e "@inputs/HDB.install"` - -## Sample playbooks - -### Sample playbook for installing a new scale-up (=single node) SAP HANA system - -```yaml ---- -- hosts: all - collections: - - community.sap_install - become: true - vars: - sap_hana_install_software_directory: /software/hana - sap_hana_install_common_master_password: 'NewPass$321' - sap_hana_install_sid: 'H01' - sap_hana_install_instance_nr: '00' - roles: - - sap_hana_install -``` - -### Sample playbook for installing a new scale-out SAP HANA system - -```yaml ---- -- hosts: all - collections: - - community.sap_install - become: true - vars: - sap_hana_install_software_directory: /software/hana - sap_hana_install_common_master_password: 'NewPass$321' - sap_hana_install_root_password: 'NewPass$321' - sap_hana_install_addhosts: 'host2:role=worker,host3:role=worker:group=g02,host4:role=standby:group=g02' - sap_hana_install_sid: 'H01' - sap_hana_install_instance_nr: '00' - roles: - - sap_hana_install -``` - -### Sample playbook for adding additional nodes to an existing SAP HANA installation - -```yaml ---- -- hosts: all - collections: - - community.sap_install - become: true - vars: - sap_hana_install_software_directory: /software/hana - sap_hana_install_new_system: no - sap_hana_install_addhosts: 'host2:role=worker,host3:role=worker:group=g02,host4:role=standby:group=g02' - sap_hana_install_common_master_password: 'NewPass$321' - sap_hana_install_root_password: 'NewPass$321' - sap_hana_install_sid: 'H01' - sap_hana_install_instance_nr: '00' - roles: - - sap_hana_install -``` - -You can find more complex playbooks in directory `playbooks` of the collection `community.sap_install`. - -## Flow - -### New SAP HANA Installation - + + + + +### Recommended +It is recommended to execute this role together with other roles in this collection, in the following order:
+1. [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) +2. [sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) +3. [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) +4. *`sap_hana_install`* + + +### Execution Flow + #### Perform Initial Checks These checks will be performed by default but can be skipped by setting `sap_hana_install_force` to `true`. @@ -338,9 +249,70 @@ in a temporary directory for use by the hdblcm command in the next step. #### Post-Install - Print a short summary of the result of the installation. + + +### Example + +#### Example playbook for installing a new scale-up (=single node) SAP HANA system +```yaml +--- +- name: Ansible Play for SAP HANA installation - One host + hosts: all + become: true + tasks: + - name: Execute Ansible Role sap_hana_install + ansible.builtin.include_role: + name: community.sap_install.sap_hana_install + vars: + sap_hana_install_software_directory: /software/hana + sap_hana_install_common_master_password: 'NewPass$321' + sap_hana_install_sid: 'H01' + sap_hana_install_instance_nr: '00' +``` -## Tags +#### Example playbook for installing a new scale-out SAP HANA system +```yaml +--- +- name: Ansible Play for SAP HANA installation - Scale-out + hosts: all + become: true + tasks: + - name: Execute Ansible Role sap_hana_install + ansible.builtin.include_role: + name: community.sap_install.sap_hana_install + vars: + sap_hana_install_software_directory: /software/hana + sap_hana_install_common_master_password: 'NewPass$321' + sap_hana_install_root_password: 'NewPass$321' + sap_hana_install_addhosts: 'host2:role=worker,host3:role=worker:group=g02,host4:role=standby:group=g02' + sap_hana_install_sid: 'H01' + sap_hana_install_instance_nr: '00' +``` +#### Example playbook for adding additional nodes to an existing SAP HANA installation +```yaml +--- +- name: Ansible Play for SAP HANA installation - Add host + hosts: all + become: true + tasks: + - name: Execute Ansible Role sap_hana_install + ansible.builtin.include_role: + name: community.sap_install.sap_hana_install + vars: + sap_hana_install_software_directory: /software/hana + sap_hana_install_new_system: no + sap_hana_install_addhosts: 'host2:role=worker,host3:role=worker:group=g02,host4:role=standby:group=g02' + sap_hana_install_common_master_password: 'NewPass$321' + sap_hana_install_root_password: 'NewPass$321' + sap_hana_install_sid: 'H01' + sap_hana_install_instance_nr: '00' +``` + + + + +### Role Tags With the following tags, the role can be called to perform certain activities only: - tag `sap_hana_install_check_installation`: Perform an installation check, using `hdbcheck` or `hdblcm --action=check_installation`. @@ -373,30 +345,99 @@ With the following tags, the role can be called to perform certain activities on `overwrite`. - tag `sap_hana_install_store_connection_information`: Only run the `hdbuserstore` command -Sample call for only processing the SAPCAR and SAR files and creating the hdblcm configfile: -``` -# ansible-playbook sap-hana-install.yml --tags=sap_hana_install_preinstall --skip-tags=sap_hana_install_chown_hana_directories -``` +
+ How to run sap_hana_install with tags -Sample call for only processing the SAPCAR files: -``` -# ansible-playbook sap-hana-install.yml --tags=sap_hana_install_prepare_sapcar -``` + #### Process SAPCAR and SAR files and create the hdblcm configfile: + ```console + ansible-playbook sap-hana-install.yml --tags=sap_hana_install_preinstall --skip-tags=sap_hana_install_chown_hana_directories + ``` -Sample call for only processing the SAPCAR and SAR files, without extracting the SAR files: -``` -# ansible-playbook sap-hana-install.yml --tags=sap_hana_install_prepare_sarfiles --skip-tags=sap_hana_install_extract_sarfiles -``` + #### Process only SAPCAR files: + ```console + ansible-playbook sap-hana-install.yml --tags=sap_hana_install_prepare_sapcar + ``` -Sample call for only displaying the SAP HANA hdblcm command line: -``` -# ansible-playbook sap-hana-install.yml --tags=sap_hana_install_hdblcm_commandline -``` + #### Process SAPCAR and SAR files without extracting SAR files: + ```console + ansible-playbook sap-hana-install.yml --tags=sap_hana_install_prepare_sarfiles --skip-tags=sap_hana_install_extract_sarfiles + ``` + + #### Display SAP HANA hdblcm command without using it + ``` + ansible-playbook sap-hana-install.yml --tags=sap_hana_install_hdblcm_commandline + ``` +
+ + + + + +## Further Information +For more examples on how to use this role in different installation scenarios, refer to the [ansible.playbooks_for_sap](https://github.com/sap-linuxlab/ansible.playbooks_for_sap) playbooks. + ## License + +Apache 2.0 + + +## Maintainers + +- [Bernd Finger](https://github.com/berndfinger) + + +## Role Variables + +### sap_hana_install_sid + +- _Type:_ `string` + +Enter SAP HANA System ID (SID). + +### sap_hana_install_number + +- _Type:_ `string` + +Enter SAP HANA Instance number. + +### sap_hana_install_fapolicyd_integrity + +- _Type:_ `string` +- _Default:_ `sha256` + +Select `fapolicyd` integrity check option.
+Available values: `none`, `size`, `sha256`, `ima`. + +### sap_hana_install_check_sidadm_user + +- _Type:_ `bool` +- _Default:_ `True` + +Set to `False` to install SAP HANA even if the `sidadm` user exists.
+Default is `True`, in which case the installation will not be performed if the `sidadm` user exists. + +### sap_hana_install_new_system + +- _Type:_ `bool` +- _Default:_ `True` + +Set to `False` to use existing SAP HANA database and add more hosts using variable `sap_hana_install_addhosts`.
+Default is `True`, in which case fresh SAP HANA installation will be performed. + +### sap_hana_install_update_firewall -Apache license 2.0 +- _Type:_ `bool` +- _Default:_ `False` -## Author Information +The role can be configured to also set the required firewall ports for SAP HANA. If this is desired, set the variable `sap_hana_install_update_firewall` to `yes` (default is `no`).
+The firewall ports are defined in a variable which is compatible with the variable structure used by Linux System Role `firewall`.
+The firewall ports for SAP HANA are defined in member `port` of the first field of variable `sap_hana_install_firewall` (`sap_hana_install_firewall[0].port`), see file `defaults/main.yml`.
+If the member `state` is set to `enabled`, the ports will be enabled. If the member `state` is set to `disabled`, the ports will be disabled, which might be useful for testing.
-Red Hat for SAP Community of Practice, IBM Lab for SAP Solutions, Markus Koch, Thomas Bludau, Bernd Finger, Than Ngo, Rainer Leber +Certain parameters have identical meanings, for supporting different naming schemes in playbooks and inventories.
+You can find those in the task `Rename some variables used by hdblcm configfile` of the file `tasks/main.yml`.
+Example: The parameter `sap_hana_install_number`, which is used by the role to define the hdblm parameter `number` (= SAP HANA instance number)
+ can be defined by setting `sap_hana_instance_number`, `sap_hana_install_instance_nr`, `sap_hana_install_instance_number`, or `sap_hana_install_number`.
+ The order of precedence is from left to right. + \ No newline at end of file diff --git a/roles/sap_hana_preconfigure/README.md b/roles/sap_hana_preconfigure/README.md index bb581b58c..52014f2a4 100644 --- a/roles/sap_hana_preconfigure/README.md +++ b/roles/sap_hana_preconfigure/README.md @@ -1,114 +1,147 @@ + # sap_hana_preconfigure Ansible Role + +![Ansible Lint for sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_preconfigure.yml/badge.svg) + +## Description + +The Ansible role `sap_hana_preconfigure` installs additional required packages and performs additional OS configuration steps according to applicable SAP notes for installing and running SAP HANA after the role [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) has been executed. + + + +## Dependencies +- `fedora.linux_system_roles` + - Roles: + - `selinux` + +Install required collections by `ansible-galaxy install -vv -r meta/collection-requirements.yml`. + + + +## Prerequisites +Managed nodes: +- Ensure that general operating system configuration for SAP is performed by [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure). See [Recommended](#recommended) section. + +
+ (Red Hat) Ensure required repositories are available + + Managed nodes need to be properly registered to a repository source and have at least the following Red Hat repositories accessible: + + for RHEL 7.x: + - rhel-7-[server|for-power-le]-e4s-rpms + - rhel-sap-hana-for-rhel-7-[server|for-power-le]-e4s-rpms + + for RHEL 8.x: + - rhel-8-for-[x86_64|ppc64le]-baseos-e4s-rpms + - rhel-8-for-[x86_64|ppc64le]-appstream-e4s-rpms + - rhel-8-for-[x86_64|ppc64le]-sap-solutions-e4s-rpms + + for RHEL 9.x: + - rhel-9-for-[x86_64|ppc64le]-baseos-e4s-rpms + - rhel-9-for-[x86_64|ppc64le]-appstream-e4s-rpms + - rhel-9-for-[x86_64|ppc64le]-sap-solutions-e4s-rpms + + For details on configuring Red Hat, see the knowledge base article: [How to subscribe SAP HANA systems to the Update Services for SAP Solutions](https://access.redhat.com/solutions/3075991)). If you set role parameter sap_hana_preconfigure_enable_sap_hana_repos to `yes`, the role can enable these repos. + + To install HANA on Red Hat Enterprise Linux 7, 8, or 9, you need some additional packages which are contained in one of following repositories + - rhel-sap-hana-for-rhel-7-[server|for-power-le]-e4s-rpms + - rhel-8-for-[x86_64|ppc64le]-sap-solutions-e4s-rpms + - rhel-9-for-[x86_64|ppc64le]-sap-solutions-e4s-rpms + + To get this repository you need to have one of the following products: + - [RHEL for SAP Solutions](https://access.redhat.com/solutions/3082481) (premium, standard) + - RHEL for Business Partner NFRs + - [RHEL Developer Subscription](https://developers.redhat.com/products/sap/download/) + + To get a personal developer edition of RHEL for SAP solutions, please register as a developer and download the developer edition. + + - [Registration Link](http://developers.redhat.com/register) : + Here you can either register a new personal account or link it to an already existing + **personal** Red Hat Network account. + - [Download Link](https://access.redhat.com/downloads/content/69/ver=/rhel---7/7.2/x86_64/product-software): + Here you can download the Installation DVD for RHEL with your previously registered + account + + *NOTE:* This is a regular RHEL installation DVD as RHEL for SAP Solutions is no additional + product but only a special bundling. The subscription grants you access to the additional + packages through our content delivery network (CDN) after installation. + + For supported RHEL releases [click here](https://access.redhat.com/solutions/2479121). + + It is also important that your disks are setup according to the [SAP storage requirements for SAP HANA](https://www.sap.com/documents/2015/03/74cdb554-5a7c-0010-8F2c7-eda71af511fa.html). This [BLOG](https://blogs.sap.com/2017/03/07/the-ultimate-guide-to-effective-sizing-of-sap-hana/) is also quite helpful when sizing HANA systems. + You can use the [storage](https://galaxy.ansible.com/linux-system-roles/storage) role to automate this process + + If you want to use this system in production, make sure that the time service is configured correctly. You can use [rhel-system-roles](https://access.redhat.com/articles/3050101) to automate this. + + Note + ---- + For finding out which SAP notes will be used by this role for Red Hat systems, please check the contents of variable `__sap_hana_preconfigure_sapnotes` in files `vars/*.yml` (choose the file which matches your OS distribution and version). +
+ + +## Execution + +**:warning: Do not execute this Ansible Role against existing SAP systems unless you know what you are doing and you prepare inputs to avoid unintended changes caused by default inputs.** + +**NOTE: It is recommended to execute `timesync` role from Ansible Collection `fedora.linux_system_roles` before or after executing this role.** + + + +### Recommended +It is recommended to execute this role together with other roles in this collection, in the following order:
+1. [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) +2. *`sap_hana_preconfigure`* + + +### Execution Flow + +1. Assert that required inputs were provided. +2. Install required packages and patch system if `sap_hana_preconfigure_update:true` +3. Apply configurations + - Execute configuration tasks based on SAP Notes + - (SUSE) Execute saptune with solution `sap_hana_preconfigure_saptune_solution` (Default: `HANA`) +4. Reboot Managed nodes if packages were installed or patched and `sap_hana_preconfigure_reboot_ok: true` + + +### Example + +Example of execution together with prerequisite role [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) +```yaml +--- +- name: Ansible Play for SAP HANA HA Scale-up preconfigure + hosts: hana_primary, hana_secondary + become: true + tasks: + - name: Execute Ansible Role sap_general_preconfigure + ansible.builtin.include_role: + name: community.sap_install.sap_general_preconfigure + + - name: Execute Ansible Role sap_hana_preconfigure + ansible.builtin.include_role: + name: community.sap_install.sap_hana_preconfigure +``` + -This role installs additional required packages and performs additional configuration steps for installing and running SAP HANA. -If you want to configure a RHEL system for the installation and later usage of SAP HANA, you have to first run role sap_general_preconfigure -and then role sap_hana_preconfigure. However, if we wish to run SLES for HANA, you may run only this role. - -## Requirements - -The role requires additional collections which are specified in `meta/collection-requirements.yml`. Before using this role, -make sure that the required collections are installed, for example by using the following command: - -`ansible-galaxy install -vv -r meta/collection-requirements.yml` - -To use this role, your system needs to be configured with the basic requirements for SAP NetWeaver or SAP HANA. This is typically done by running role sap_general_preconfigure (for RHEL managed nodes before RHEL 7.6, community maintained role sap-base-settings can be used). - -It is also strongly recommended to run role linux-system-roles.timesync for all systems running SAP HANA, to maintain an identical system time, before or after running role sap_hana_preconfigure. - -Managed nodes need to be properly registered to a repository source and have at least the following Red Hat repositories accessible (see also example playbook): - -for RHEL 7.x: -- rhel-7-[server|for-power-le]-e4s-rpms -- rhel-sap-hana-for-rhel-7-[server|for-power-le]-e4s-rpms - -for RHEL 8.x: -- rhel-8-for-[x86_64|ppc64le]-baseos-e4s-rpms -- rhel-8-for-[x86_64|ppc64le]-appstream-e4s-rpms -- rhel-8-for-[x86_64|ppc64le]-sap-solutions-e4s-rpms - -for RHEL 9.x: -- rhel-9-for-[x86_64|ppc64le]-baseos-e4s-rpms -- rhel-9-for-[x86_64|ppc64le]-appstream-e4s-rpms -- rhel-9-for-[x86_64|ppc64le]-sap-solutions-e4s-rpms - -for SLES 15.x: -- SLE-Module-SAP-Applications15-[SP number]-Pool -- SLE-Module-SAP-Applications15-[SP number]-Updates -- SLE-Product-SLES_SAP15-[SP number]-Pool -- SLE-Product-SLES_SAP15-[SP number]-Updates - -For details on configuring Red Hat, see the knowledge base article: [How to subscribe SAP HANA systems to the Update Services for SAP Solutions](https://access.redhat.com/solutions/3075991)). If you set role parameter sap_hana_preconfigure_enable_sap_hana_repos to `yes`, the role can enable these repos. - -To install HANA on Red Hat Enterprise Linux 7, 8, or 9, you need some additional packages which are contained in the -- rhel-sap-hana-for-rhel-7-[server|for-power-le]-e4s-rpms, -- rhel-8-for-[x86_64|ppc64le]-sap-solutions-e4s-rpms, or -- rhel-9-for-[x86_64|ppc64le]-sap-solutions-e4s-rpms - -repository. - -To get this repository you need to have one of the following products: - -- [RHEL for SAP Solutions](https://access.redhat.com/solutions/3082481) (premium, standard) -- RHEL for Business Partner NFRs -- [RHEL Developer Subscription](https://developers.redhat.com/products/sap/download/) - -To get a personal developer edition of RHEL for SAP solutions, please register as a developer and download the developer edition. - -- [Registration Link](http://developers.redhat.com/register) : - Here you can either register a new personal account or link it to an already existing - **personal** Red Hat Network account. -- [Download Link](https://access.redhat.com/downloads/content/69/ver=/rhel---7/7.2/x86_64/product-software): - Here you can download the Installation DVD for RHEL with your previously registered - account - -*NOTE:* This is a regular RHEL installation DVD as RHEL for SAP Solutions is no additional - product but only a special bundling. The subscription grants you access to the additional - packages through our content delivery network (CDN) after installation. - -For supported RHEL releases [click here](https://access.redhat.com/solutions/2479121). - -Details on configuring SLES repositories can be found on the following articles for [on-premise systems](https://www.suse.com/support/kb/doc/?id=000018564) or [BYOS cloud images](https://www.suse.com/c/byos-instances-and-the-suse-public-cloud-update-infrastructure/) - - -It is also important that your disks are setup according to the [SAP storage requirements for SAP HANA](https://www.sap.com/documents/2015/03/74cdb554-5a7c-0010-8F2c7-eda71af511fa.html). This [BLOG](https://blogs.sap.com/2017/03/07/the-ultimate-guide-to-effective-sizing-of-sap-hana/) is also quite helpful when sizing HANA systems. -You can use the [storage](https://galaxy.ansible.com/linux-system-roles/storage) role to automate this process - -If you want to use this system in production, make sure that the time service is configured correctly. You can use [rhel-system-roles](https://access.redhat.com/articles/3050101) to automate this. - -Note ----- -For finding out which SAP notes will be used by this role for Red Hat systems, please check the contents of variable `__sap_hana_preconfigure_sapnotes` in files `vars/*.yml` (choose the file which matches your OS distribution and version). - -For SLES, notes are applied using the saptune service. Saptune supports a number of solutions. A solution implements several SAP notes. The default solution for this role is 'HANA'. To see a list of supported solutions and the notes that they implement, you can run `saptune solution list` on the command line. - -Do not run this role against an SAP HANA or other production system. The role will enforce a certain configuration on the managed node(s), which might not be intended. - -Changes -------- -1) Previous versions of this role used the variable sap_hana_preconfigure_use_tuned_where_possible to switch between either tuned settings -or kernel command line settings (where applicable). -The current version modifies this behavior: -- The variable sap_hana_preconfigure_use_tuned_where_possible has been renamed to sap_hana_preconfigure_use_tuned -- The variable sap_hana_preconfigure_switch_to_tuned_profile_sap_hana has been removed. -- If sap_hana_preconfigure_use_tuned is set to `yes`, which is also the default, the role will configure the system for using tuned and also switch to tuned profile sap-hana. - If sap_hana_preconfigure_use_tuned is set to `no`, the role will perform a static configuration, including the modification of the linux command line in grub. -- The role can use tuned, or configure the kernel command line, or both. - -2) Previous versions of this role used variable sap_hana_preconfigure_selinux_state to set the SELinux state to disabled. -As the role sap_general_preconfigure already allows to specify the desired SELinux state, and as sap_general_preconfigure -is always run before sap_hana_preconfigure, there is no need any more to let sap_hana_preconfigure configure the SELinux state. -The same applies to the assertion of the SELinux state. - -3) SLES systems are now configured using saptune rather than the ansible implementation of the notes. - - -## Role Input Parameters + + -#### Minimum required parameters: + +## Further Information +For more examples on how to use this role in different installation scenarios, refer to the [ansible.playbooks_for_sap](https://github.com/sap-linuxlab/ansible.playbooks_for_sap) playbooks. + -This role does not require any parameter to be set in the playbook or inventory. +## License + +Apache 2.0 + +## Maintainers + +- [Bernd Finger](https://github.com/berndfinger) + +## Role Variables + ### sap_hana_preconfigure_config_all - _Type:_ `bool` @@ -160,13 +193,11 @@ This is useful if the role is used for reporting a system's SAP notes compliance ### sap_hana_preconfigure_system_roles_collection - _Type:_ `str` - _Default:_ `'fedora.linux_system_roles'` -- _Possible Values:_
- - `fedora.linux_system_roles` - - `redhat.rhel_system_roles` Set which Ansible Collection to use for the Linux System Roles.
-For community/upstream, use 'fedora.linux_system_roles'
-For the RHEL System Roles for SAP, or for Red Hat Automation Hub, use 'redhat.rhel_system_roles'
+Available values: +- `fedora.linux_system_roles` - for community/upstream.
+- `redhat.rhel_system_roles` - for the RHEL System Roles for SAP, or for Red Hat Automation Hub.
### sap_hana_preconfigure_min_rhel_release_check - _Type:_ `bool` @@ -385,6 +416,12 @@ Set this parameter to `true` to modify the Grub boot command line.
By default, the role will run `grub2-mkconfig` to update the Grub configuration if necessary.
Set this parameter to `false` if this is not desired.
+### sap_hana_preconfigure_thp +- _Type:_ `str` +- _Default:_ `` + +Override the default setting for THP, which is determined automatically by the role, depending on the RHEL version. + ### sap_hana_preconfigure_db_group_name - _Type:_ `str` @@ -401,104 +438,21 @@ sap_hana_preconfigure_db_group_name: dba - _Type:_ `str` - _Default:_ `''` -Version of saptune to install (SLES for SAP Applications).
+(SUSE specific) Specifies the saptune version.
This will replace the current installed version if present, even downgrade if necessary.
### sap_hana_preconfigure_saptune_solution - _Type:_ `str` - _Default:_ `'HANA'` -- _Possible Values:_
- - `HANA` - - `NETWEAVER+HANA` - - `S4HANA-APP+DB` - - `S4HANA-DBSERVER` -The saptune solution to apply (SLES for SAP Applications).
+(SUSE specific) Specifies the saptune solution to apply.
+Available values: `HANA`, `NETWEAVER+HANA`, `S4HANA-APP+DB`, `S4HANA-DBSERVER` ### sap_hana_preconfigure_saptune_azure - _Type:_ `bool` - _Default:_ `false` -On Azure, TCP timestamps, reuse and recycle should be disabled (SLES for SAP Applications).
+(SUSE specific) On Azure, TCP timestamps, reuse and recycle should be disabled.
If the variable is set, an override file for saptune will be created (/etc/saptune/override/2382421) to set net.ipv4.tcp_timestamps and net.ipv4.tcp_tw_reuse to 0.
Set this parameter to `true` on Azure.
- - - -## Example Playbook - -Simple playbook, named sap+hana.yml: -```yaml ---- -- hosts: all - roles: - - role: sap_general_preconfigure - - role: sap_hana_preconfigure -``` - -Simple playbook for an extended check (assert) run, named sap+hana-assert.yml: -```yaml ---- -- hosts: all - vars: - sap_general_preconfigure_assert: yes - sap_general_preconfigure_assert_ignore_errors: yes - sap_hana_preconfigure_assert: yes - sap_hana_preconfigure_assert_ignore_errors: yes - roles: - - role: sap_general_preconfigure - - role: sap_hana_preconfigure -``` - -## Example Usage - -Normal run, for configuring server host_1 for SAP HANA: -```yaml -ansible-playbook sap+hana.yml -l host_1 -``` - -Extended Check (assert) run, not aborting if an error has been found: -```yaml -ansible-playbook sap+hana-assert.yml -l host_1 -``` - -Same as above, with a nice compact and colored output, this time for two hosts: -```yaml -ansible-playbook sap+hana-assert.yml -l host_1,host_2 | -awk '{sub (" \"msg\": ", "")} - /TASK/{task_line=$0} - /fatal:/{fatal_line=$0; nfatal[host]++} - /...ignoring/{nfatal[host]--; if (nfatal[host]<0) nfatal[host]=0} - /^[a-z]/&&/: \[/{gsub ("\\[", ""); gsub ("]", ""); gsub (":", ""); host=$2} - /SAP note/{print "\033[30m[" host"] "$0} - /FAIL:/{nfail[host]++; print "\033[31m[" host"] "$0} - /WARN:/{nwarn[host]++; print "\033[33m[" host"] "$0} - /PASS:/{npass[host]++; print "\033[32m[" host"] "$0} - /INFO:/{print "\033[34m[" host"] "$0} - /changed/&&/unreachable/{print "\033[30m[" host"] "$0} - END{print ("---"); for (var in npass) {printf ("[%s] ", var); if (nfatal[var]>0) { - printf ("\033[31mFATAL ERROR!!! Playbook might have been aborted!!!\033[30m Last TASK and fatal output:\n"); print task_line, fatal_line - } - else printf ("\033[31mFAIL: %d \033[33mWARN: %d \033[32mPASS: %d\033[30m\n", nfail[var], nwarn[var], npass[var])}}' -``` -Note: For terminals with dark background, replace the color code `30m` by `37m`. -In case you need to make an invisible font readable on a terminal with dark background, run the following command in the terminal: -```yaml -printf "\033[37mreadable font\n" -``` -In case you need to make an invisible font readable on a terminal with bright background, run the following command in the terminal: -```yaml -printf "\033[30mreadable font\n" -``` - -## Contribution - -Please read the [developer guidelines](./README.DEV.md) if you want to contribute - -## License - -Apache license 2.0 - -## Author Information - -Red Hat for SAP Community of Practice, Markus Koch, Thomas Bludau, Bernd Finger, Than Ngo, Rainer Leber + diff --git a/roles/sap_hana_preconfigure/defaults/main.yml b/roles/sap_hana_preconfigure/defaults/main.yml index 741fed623..393a1b016 100644 --- a/roles/sap_hana_preconfigure/defaults/main.yml +++ b/roles/sap_hana_preconfigure/defaults/main.yml @@ -166,18 +166,19 @@ sap_hana_preconfigure_run_grub2_mkconfig: true # It will be used to configure process limits as per step "Configuring Process Resource Limits" of SAP note 2772999. # Example: See README.md -sap_hana_preconfigure_saptune_version: '' -# Version of saptune to install (SLES for SAP Applications). +# sap_hana_preconfigure_thp: (not defined by default) +# Override the default setting for THP, which is determined automatically by the role, depending on the RHEL version. +# Can be one of 'always', 'madvise', or 'never'. + +# (SUSE specific) Version of saptune to install. # It is recommended to install latest version by keeping this variable empty. # This will replace the current installed version if present, even downgrade if necessary. +sap_hana_preconfigure_saptune_version: '' +# (SUSE specific) Saptune solution to be applied. +# Available options for HANA are: HANA, NETWEAVER+HANA, S4HANA-APP+DB, S4HANA-DBSERVER sap_hana_preconfigure_saptune_solution: 'HANA' -# The saptune solution to apply (SLES for SAP Applications). -# Possible Values: -# - HANA -# - NETWEAVER+HANA -# - S4HANA-APP+DB -# - S4HANA-DBSERVER + sap_hana_preconfigure_saptune_azure: false # On Azure, TCP timestamps, reuse and recycle should be disabled (SLES for SAP Applications). diff --git a/roles/sap_hana_preconfigure/handlers/main.yml b/roles/sap_hana_preconfigure/handlers/main.yml index afebc5699..4f3887f6f 100644 --- a/roles/sap_hana_preconfigure/handlers/main.yml +++ b/roles/sap_hana_preconfigure/handlers/main.yml @@ -71,11 +71,16 @@ - name: "Run grubby for enabling TSX" ansible.builtin.command: grubby --args="tsx=on" --update-kernel=ALL - register: __sap_hana_preconfigure_register_grubby_update changed_when: true listen: __sap_hana_preconfigure_grubby_update_handler notify: __sap_hana_preconfigure_reboot_handler +- name: "Run grubby for setting THP to '{{ __sap_hana_preconfigure_fact_thp }}'" + ansible.builtin.command: grubby --args="transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}" --update-kernel=ALL + changed_when: true + listen: __sap_hana_preconfigure_grubby_thp_handler + notify: __sap_hana_preconfigure_reboot_handler + - name: Reboot the managed node ansible.builtin.reboot: test_command: /bin/true diff --git a/roles/sap_hana_preconfigure/meta/argument_specs.yml b/roles/sap_hana_preconfigure/meta/argument_specs.yml index 53df54c5e..098aa7db4 100644 --- a/roles/sap_hana_preconfigure/meta/argument_specs.yml +++ b/roles/sap_hana_preconfigure/meta/argument_specs.yml @@ -341,6 +341,18 @@ argument_specs: required: false type: bool + sap_hana_preconfigure_thp: + default: '' + description: + - Override the default setting for THP, which is determined automatically by the role, depending on the RHEL version. + choices: + - '' + - 'always' + - 'madvise' + - 'never' + required: false + type: str + sap_hana_preconfigure_db_group_name: description: - Use this parameter to specify the name of the RHEL group which is used for the database processes. @@ -353,7 +365,7 @@ argument_specs: sap_hana_preconfigure_saptune_version: default: '' description: - - Version of saptune to install (SLES for SAP Applications). + - (SUSE specific) Version of saptune to install. - This will replace the current installed version if present, even downgrade if necessary. required: false type: str @@ -361,7 +373,7 @@ argument_specs: sap_hana_preconfigure_saptune_solution: default: HANA description: - - The saptune solution to apply (SLES for SAP Applications). + - (SUSE specific) Saptune solution to be applied. choices: - 'HANA' - 'NETWEAVER+HANA' diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/generic/assert-thp.yml b/roles/sap_hana_preconfigure/tasks/RedHat/generic/assert-thp.yml index e97efd54d..b13bf9966 100644 --- a/roles/sap_hana_preconfigure/tasks/RedHat/generic/assert-thp.yml +++ b/roles/sap_hana_preconfigure/tasks/RedHat/generic/assert-thp.yml @@ -1,8 +1,8 @@ # SPDX-License-Identifier: Apache-2.0 --- -# can be configured by tuned profile sap-hana, entry "transparent_hugepages=never" -- name: Perform steps for setting transparent_hugepage=never +# can be configured by tuned profile sap-hana, entry "transparent_hugepages=never" or "transparent_hugepages=madvise" +- name: Assert correct setting of THP when: not sap_hana_preconfigure_use_tuned or sap_hana_preconfigure_modify_grub_cmdline_linux or sap_hana_preconfigure_assert_all_config | d(false) @@ -11,23 +11,61 @@ - name: THP - Get contents of GRUB_CMDLINE_LINUX in /etc/default/grub ansible.builtin.command: grep GRUB_CMDLINE_LINUX /etc/default/grub register: __sap_hana_preconfigure_register_default_grub_cmdline_thp_assert - changed_when: no - - - name: Assert that transparent_hugepage=never is in GRUB_CMDLINE_LINUX in /etc/default/grub - ansible.builtin.assert: - that: "'transparent_hugepage=never' in __sap_hana_preconfigure_register_default_grub_cmdline_thp_assert.stdout" - fail_msg: "FAIL: 'transparent_hugepage=never' is not in GRUB_CMDLINE_LINUX in /etc/default/grub!" - success_msg: "PASS: 'transparent_hugepage=never' is in GRUB_CMDLINE_LINUX in /etc/default/grub." - ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" + changed_when: false - name: THP - Get contents of /proc/cmdline ansible.builtin.command: cat /proc/cmdline register: __sap_hana_preconfigure_register_proc_cmdline_thp_assert - changed_when: no + changed_when: false + + - name: THP - Get current status of THP + ansible.builtin.command: cat /sys/kernel/mm/transparent_hugepage/enabled + register: __sap_hana_preconfigure_register_sys_kernel_thp_assert + changed_when: false + + - name: Set fact for THP, RHEL up to RHEL 9.1 + ansible.builtin.set_fact: + __sap_hana_preconfigure_fact_thp: 'never' + when: + - sap_hana_preconfigure_thp is undefined or sap_hana_preconfigure_thp | length == 0 + - ansible_distribution == 'RedHat' + - ansible_distribution_major_version == '7' or + ansible_distribution_major_version == '8' or + ansible_distribution_version == '9.0' or + ansible_distribution_version == '9.1' + + - name: Set fact for THP, RHEL 9.2 and later + ansible.builtin.set_fact: + __sap_hana_preconfigure_fact_thp: 'madvise' + when: + - sap_hana_preconfigure_thp is undefined or sap_hana_preconfigure_thp | length == 0 + - ansible_distribution == 'RedHat' + - ansible_distribution_major_version == '9' and + __sap_hana_preconfigure_fact_ansible_distribution_minor_version | int >= 2 + + - name: Set fact for THP if 'sap_hana_preconfigure_thp' is defined + ansible.builtin.set_fact: + __sap_hana_preconfigure_fact_thp: "{{ sap_hana_preconfigure_thp }}" + when: + - sap_hana_preconfigure_thp is defined and sap_hana_preconfigure_thp + + - name: Assert that 'transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}' is in GRUB_CMDLINE_LINUX in /etc/default/grub + ansible.builtin.assert: + that: "'transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}' in __sap_hana_preconfigure_register_default_grub_cmdline_thp_assert.stdout" + fail_msg: "FAIL: 'transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}' is not in GRUB_CMDLINE_LINUX in /etc/default/grub!" + success_msg: "PASS: 'transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}' is in GRUB_CMDLINE_LINUX in /etc/default/grub." + ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" + + - name: Assert that 'transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}' is in /proc/cmdline + ansible.builtin.assert: + that: "'transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}' in __sap_hana_preconfigure_register_proc_cmdline_thp_assert.stdout" + fail_msg: "FAIL: 'transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}' is not in /proc/cmdline!" + success_msg: "PASS: 'transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}' is in /proc/cmdline." + ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" - - name: Assert that transparent_hugepage=never is in /proc/cmdline + - name: Assert that THP currently has the correct status ansible.builtin.assert: - that: "'transparent_hugepage=never' in __sap_hana_preconfigure_register_proc_cmdline_thp_assert.stdout" - fail_msg: "FAIL: 'transparent_hugepage=never' is not in /proc/cmdline!" - success_msg: "PASS: 'transparent_hugepage=never' is in /proc/cmdline." + that: __sap_hana_preconfigure_register_sys_kernel_thp_assert.stdout.split('[')[1].split(']')[0] == '{{ __sap_hana_preconfigure_fact_thp }}' + fail_msg: "FAIL: THP is currently configured with the status of '{{ __sap_hana_preconfigure_register_sys_kernel_thp_assert.stdout.split('[')[1].split(']')[0] }}' but it needs to be '{{ __sap_hana_preconfigure_fact_thp }}'!" + success_msg: "PASS: THP is currently configured with the correct status of '{{ __sap_hana_preconfigure_fact_thp }}'!" ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-thp.yml b/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-thp.yml new file mode 100644 index 000000000..1c60776b9 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-thp.yml @@ -0,0 +1,60 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Get boot command line + ansible.builtin.slurp: + src: /proc/cmdline + register: __sap_hana_preconfigure_register_proc_cmdline_thp + +- name: Set fact for THP, RHEL up to RHEL 9.1 + ansible.builtin.set_fact: + __sap_hana_preconfigure_fact_thp: 'never' + when: + - sap_hana_preconfigure_thp is undefined or sap_hana_preconfigure_thp | length == 0 + - ansible_distribution == 'RedHat' + - ansible_distribution_major_version == '7' or + ansible_distribution_major_version == '8' or + ansible_distribution_version == '9.0' or + ansible_distribution_version == '9.1' + +- name: Set fact for THP, RHEL 9.2 and later + ansible.builtin.set_fact: + __sap_hana_preconfigure_fact_thp: 'madvise' + when: + - sap_hana_preconfigure_thp is undefined or sap_hana_preconfigure_thp | length == 0 + - ansible_distribution == 'RedHat' + - ansible_distribution_major_version == '9' and + __sap_hana_preconfigure_fact_ansible_distribution_minor_version | int >= 2 + +- name: Set fact for THP if 'sap_hana_preconfigure_thp' is defined + ansible.builtin.set_fact: + __sap_hana_preconfigure_fact_thp: "{{ sap_hana_preconfigure_thp }}" + when: + - sap_hana_preconfigure_thp is defined and sap_hana_preconfigure_thp + +- name: Set THP to '{{ __sap_hana_preconfigure_fact_thp }}' at boot time + ansible.builtin.command: /bin/true + notify: __sap_hana_preconfigure_grubby_thp_handler + changed_when: true + when: not ( __sap_hana_preconfigure_register_proc_cmdline_thp['content'] | b64decode | regex_findall('transparent_hugepage=' + __sap_hana_preconfigure_fact_thp) ) + tags: grubconfig + +- name: Configure - Get initial status of THP + ansible.builtin.command: cat /sys/kernel/mm/transparent_hugepage/enabled + register: __sap_hana_preconfigure_register_thp_status_before + changed_when: false + +- name: Set THP to '{{ __sap_hana_preconfigure_fact_thp }}' on the running system + ansible.builtin.shell: echo '{{ __sap_hana_preconfigure_fact_thp }}' > /sys/kernel/mm/transparent_hugepage/enabled + changed_when: true + when: __sap_hana_preconfigure_register_thp_status_before.stdout.split('[')[1].split(']')[0] != __sap_hana_preconfigure_fact_thp + +- name: Configure - Get the status of THP + ansible.builtin.command: cat /sys/kernel/mm/transparent_hugepage/enabled + register: __sap_hana_preconfigure_register_thp_status + ignore_errors: true + changed_when: false + +- name: Display the status of THP + ansible.builtin.debug: + var: __sap_hana_preconfigure_register_thp_status.stdout_lines, __sap_hana_preconfigure_register_thp_status.stderr_lines diff --git a/roles/sap_hana_preconfigure/tasks/main.yml b/roles/sap_hana_preconfigure/tasks/main.yml index e977d796d..1708ca6aa 100644 --- a/roles/sap_hana_preconfigure/tasks/main.yml +++ b/roles/sap_hana_preconfigure/tasks/main.yml @@ -5,12 +5,20 @@ ansible.builtin.debug: var: role_path +# Load variable file starting with actual version up to OS family. +# Example for SUSE Linux Enterprise Server for SAP Applications 15 SP6: +# 1. SLES_SAP_15.6.yml - Specific to distribution with major and minor release. +# 2. SLES_SAP_15.yml - Specific to distribution and major release regardless of minor release. +# 3. SLES_15.6.yml - Specific to distribution family (SLES and SLES4SAP) and minor release. +# 4. SLES_15.yml - Specific to distribution. +# 5. Suse.yml - Specific to OS family. - name: Include OS specific vars ansible.builtin.include_vars: '{{ item }}' with_first_found: - - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_major_version }}.yml' - '{{ ansible_distribution }}_{{ ansible_distribution_version }}.yml' - '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml' + - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_version }}.yml' + - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_major_version }}.yml' - '{{ ansible_os_family }}.yml' - name: Set filename prefix to empty string if role is run in normal mode diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2777782.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2777782.yml index 9dce5fb8a..d200a097d 100644 --- a/roles/sap_hana_preconfigure/tasks/sapnote/2777782.yml +++ b/roles/sap_hana_preconfigure/tasks/sapnote/2777782.yml @@ -23,8 +23,8 @@ ansible.builtin.import_tasks: 2777782/04-turn-off-auto-numa-balancing.yml when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_04|d(false) -- name: Import tasks from '2777782/05-disable-thp.yml' - ansible.builtin.import_tasks: 2777782/05-disable-thp.yml +- name: Import tasks from '2777782/05-configure-thp.yml' + ansible.builtin.import_tasks: 2777782/05-configure-thp.yml when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_05|d(false) - name: Import tasks from '2777782/06-configure-c-states-for-lower-latency.yml' diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2777782/05-disable-thp.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2777782/05-configure-thp.yml similarity index 66% rename from roles/sap_hana_preconfigure/tasks/sapnote/2777782/05-disable-thp.yml rename to roles/sap_hana_preconfigure/tasks/sapnote/2777782/05-configure-thp.yml index 8430fbba3..ee541f7cc 100644 --- a/roles/sap_hana_preconfigure/tasks/sapnote/2777782/05-disable-thp.yml +++ b/roles/sap_hana_preconfigure/tasks/sapnote/2777782/05-configure-thp.yml @@ -6,5 +6,5 @@ ansible.builtin.debug: msg: "SAP note 2777782 Step 5: Disable Transparent Hugepages (THP)" -- name: Import ../../RedHat/generic/disable-thp.yml - ansible.builtin.import_tasks: ../../RedHat/generic/disable-thp.yml +- name: Import ../../RedHat/generic/configure-thp.yml + ansible.builtin.import_tasks: ../../RedHat/generic/configure-thp.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3108302.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3108302.yml index 81f00d5f5..f2cf27499 100644 --- a/roles/sap_hana_preconfigure/tasks/sapnote/3108302.yml +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3108302.yml @@ -23,8 +23,8 @@ ansible.builtin.import_tasks: 3108302/04-turn-off-auto-numa-balancing.yml when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3108302_04|d(false) -- name: Import tasks from '3108302/05-disable-thp.yml' - ansible.builtin.import_tasks: 3108302/05-disable-thp.yml +- name: Import tasks from '3108302/05-configure-thp.yml' + ansible.builtin.import_tasks: 3108302/05-configure-thp.yml when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3108302_05|d(false) - name: Import tasks from '3108302/06-configure-c-states-for-lower-latency.yml' diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3108302/05-assert-thp.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3108302/05-assert-thp.yml index 58e3d400e..9573a190e 100644 --- a/roles/sap_hana_preconfigure/tasks/sapnote/3108302/05-assert-thp.yml +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3108302/05-assert-thp.yml @@ -4,7 +4,7 @@ # can be configured by tuned profile sap-hana, entry "transparent_hugepages=never" - name: Assert 3108302-5 ansible.builtin.debug: - msg: "SAP note 3108302 Step 5: Disable Transparent Hugepages (THP)" + msg: "SAP note 3108302 Step 5: Configure Transparent Hugepages (THP)" - name: Import ../../RedHat/generic/assert-thp.yml ansible.builtin.import_tasks: ../../RedHat/generic/assert-thp.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3108302/05-configure-thp.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3108302/05-configure-thp.yml new file mode 100644 index 000000000..f9d1fa746 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3108302/05-configure-thp.yml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# can be configured by tuned profile sap-hana, entry "transparent_hugepages=never" or "transparent_hugepages=madvise" +- name: Configure 3108302-5 + ansible.builtin.debug: + msg: "SAP note 3108302 Step 5: Configure Transparent Hugepages (THP)" + +- name: Import ../../RedHat/generic/configure-thp.yml + ansible.builtin.import_tasks: ../../RedHat/generic/configure-thp.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3108302/05-disable-thp.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3108302/05-disable-thp.yml deleted file mode 100644 index bf2db0e63..000000000 --- a/roles/sap_hana_preconfigure/tasks/sapnote/3108302/05-disable-thp.yml +++ /dev/null @@ -1,10 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -# can be configured by tuned profile sap-hana, entry "transparent_hugepages=never" -- name: Configure 3108302-5 - ansible.builtin.debug: - msg: "SAP note 3108302 Step 5: Disable Transparent Hugepages (THP)" - -- name: Import ../../RedHat/generic/disable-thp.yml - ansible.builtin.import_tasks: ../../RedHat/generic/disable-thp.yml diff --git a/roles/sap_hana_preconfigure/vars/RedHat_9.yml b/roles/sap_hana_preconfigure/vars/RedHat_9.yml index ebc31864c..7a9e75350 100644 --- a/roles/sap_hana_preconfigure/vars/RedHat_9.yml +++ b/roles/sap_hana_preconfigure/vars/RedHat_9.yml @@ -120,15 +120,15 @@ __sap_hana_preconfigure_req_repos_redhat_9_10_ppc64le: # required SAP notes for RHEL 9: __sap_hana_preconfigure_sapnotes_versions_x86_64: - - { number: '3108302', version: '9' } - - { number: '2382421', version: '45' } - - { number: '3024346', version: '10' } + - { number: '3108302', version: '11' } + - { number: '2382421', version: '47' } + - { number: '3024346', version: '11' } __sap_hana_preconfigure_sapnotes_versions_ppc64le: - { number: '2055470', version: '90' } - - { number: '3108302', version: '9' } - - { number: '2382421', version: '45' } - - { number: '3024346', version: '10' } + - { number: '3108302', version: '11' } + - { number: '2382421', version: '47' } + - { number: '3024346', version: '11' } __sap_hana_preconfigure_sapnotes_versions: "{{ lookup('vars', '__sap_hana_preconfigure_sapnotes_versions_' + ansible_architecture) }}" @@ -212,6 +212,8 @@ __sap_hana_preconfigure_packages: - nfs-utils # SAP NOTE 3108302: - tuned-profiles-sap-hana +# SAP NOTE 3449186 - Required for HANA 2.0 SPS08: + - compat-sap-c++-13 __sap_hana_preconfigure_packages_min_install: # SAP NOTE 3108316: @@ -240,6 +242,8 @@ __sap_hana_preconfigure_packages_min_install: # - nfs-utils # SAP NOTE 3108302: - tuned-profiles-sap-hana +# SAP NOTE 3449186 - Required for HANA 2.0 SPS08: + - compat-sap-c++-13 # URL for the IBM Power Systems service and productivity tools, see https://www.ibm.com/support/pages/service-and-productivity-tools __sap_hana_preconfigure_ibm_power_repo_url: 'https://public.dhe.ibm.com/software/server/POWER/Linux/yum/download/ibm-power-repo-latest.noarch.rpm' @@ -249,8 +253,7 @@ __sap_hana_preconfigure_required_ppc64le: # Network related kernel parameters as set in SAP Note 2382421: __sap_hana_preconfigure_kernel_parameters_default: -# The following two parameter should always be set: - - { name: net.core.somaxconn, value: 4096 } +# The following parameter should always be set: - { name: net.ipv4.tcp_max_syn_backlog, value: 8192 } # The following two parameters are automatically set by SAP Host Agent # - { name: net.ipv4.ip_local_port_range, value: "40000 61000" } diff --git a/roles/sap_hana_preconfigure/vars/SLES_15.yml b/roles/sap_hana_preconfigure/vars/SLES_15.yml index a52238bad..1f98593b5 100644 --- a/roles/sap_hana_preconfigure/vars/SLES_15.yml +++ b/roles/sap_hana_preconfigure/vars/SLES_15.yml @@ -1,7 +1,8 @@ # SPDX-License-Identifier: Apache-2.0 --- - -# required SAP Notes for SLES 15 +# Variables specific to following versions: +# - SUSE Linux Enterprise Server for SAP Applications 15 +# - SUSE Linux Enterprise Server 15 __sap_hana_preconfigure_sapnotes: # - "{% if ansible_architecture == 'ppc64le' %}2055470{% endif %}" diff --git a/roles/sap_hostagent/README.md b/roles/sap_hostagent/README.md index 13aa84fa4..e72fc7cc7 100644 --- a/roles/sap_hostagent/README.md +++ b/roles/sap_hostagent/README.md @@ -1,150 +1,266 @@ + # sap_hostagent Ansible Role + + +## Description + +The Ansible Role `sap_hostagent` is used install SAP Host Agent. SAP Host Agent is an agent that can accomplish several life-cycle management tasks, such as operating system monitoring, database monitoring, system instance control and provisioning. -It is recommended to install SAP Host Agent upfront in any HA environment. +This role installs SAP Host Agent with following source methods: +- SAP SAR file +- SAP Bundle +- RPM package (Red Hat only) + + + + + + +## Prerequisites +Managed nodes: +- Ensure that servers are configured for SAP Systems. See [Recommended](#recommended) section. + + +## Execution + + + + +### Recommended +It is recommended to execute this role together with other roles in this collection, in the following order:
+1. [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) +2. *`sap_hostagent`* + + +### Execution Flow + +1. Create temporary directory. +2. Execute deployment based on chosen method. +3. Configure SSL if `sap_hostagent_config_ssl` was set. +4. Cleanup temporary directory + + +### Example + +#### Example playbook for installing using SAR file located on control node +```yaml +--- +- name: Ansible Play for SAP Host Agent installation - Local SAR + hosts: all + become: true + tasks: + - name: Execute Ansible Role sap_hostagent + ansible.builtin.include_role: + name: community.sap_install.sap_hostagent + vars: + sap_hostagent_installation_type: "sar" + sap_hostagent_sar_local_path: "/software/SAPHOSTAGENT" + sap_hostagent_sar_file_name: "SAPHOSTAGENT44_44-20009394.SAR" + sap_hostagent_sapcar_local_path: "/software/SAPHOSTAGENT" + sap_hostagent_sapcar_file_name: "SAPCAR_1311-80000935.EXE" + sap_hostagent_clean_tmp_directory: true +``` +#### Example playbook for installing using SAR file located on managed node +```yaml +--- +- name: Ansible Play for SAP Host Agent installation - Remote SAR + hosts: all + become: true + tasks: + - name: Execute Ansible Role sap_hostagent + ansible.builtin.include_role: + name: community.sap_install.sap_hostagent + vars: + sap_hostagent_installation_type: "sar" + sap_hostagent_sar_remote_path: "/software/SAPHOSTAGENT" + sap_hostagent_sar_file_name: "SAPHOSTAGENT44_44-20009394.SAR" + sap_hostagent_sapcar_remote_path: "/software/SAPHOSTAGENT" + sap_hostagent_sapcar_file_name: "SAPCAR_1311-80000935.EXE" + sap_hostagent_clean_tmp_directory: true +``` +#### Example playbook for installing using SAP Bundle +```yaml +--- +- name: Ansible Play for SAP Host Agent installation - SAP bundle + hosts: all + become: true + tasks: + - name: Execute Ansible Role sap_hostagent + ansible.builtin.include_role: + name: community.sap_install.sap_hostagent + vars: + sap_hostagent_installation_type: "bundle" + sap_hostagent_bundle_path: "/usr/local/src/HANA-BUNDLE/51053381" + sap_hostagent_clean_tmp_directory: true +``` +#### Example playbook for installing using RPM on Red Hat +```yaml +--- +- name: Ansible Play for SAP Host Agent installation - SAP bundle + hosts: all + become: true + tasks: + - name: Execute Ansible Role sap_hostagent + ansible.builtin.include_role: + name: community.sap_install.sap_hostagent + vars: + sap_hostagent_installation_type: "rpm" + sap_hostagent_rpm_local_path: "/mylocaldir/SAPHOSTAGENT" + sap_hostagent_rpm_file_name: "saphostagentrpm_44-20009394.rpm" + sap_hostagent_clean_tmp_directory: true +``` + -You can find the latest Documentation in [SAP NOTE 1907566](https://launchpad.support.sap.com/#/notes/1907566) + + -This role installs or updates the SAP Host Agent on a RHEL 7.x or 8.x system. It is provided as RPM package, tarball or as part of an SAP softwarebundle. -While Red Hat recommends RPM for easier upgrade, this role take care of all formats. + + -## Requirements +## License + +Apache 2.0 + -This role is intended to use on a RHEL system that gets SAP software. -So your system needs to be installed with at least the RHEL core packages, properly registered and prepared for HANA or Netweaver installation. +## Maintainers + +- [Markus Koch](https://github.com/rhmk) +- [Bernd Finger](https://github.com/berndfinger) + -It needs access to the software repositories required to install SAP HANA (see also: [How to subscribe SAP HANA systems to the Update Services for SAP Solutions](https://access.redhat.com/solutions/3075991)) +## Role Variables + +### sap_hostagent_installation_type -You can use the [redhat_sap.sap_rhsm](https://galaxy.ansible.com/redhat_sap/sap_rhsm) Galaxy Role to automate this process +- _Type:_ `string` +- _Default:_ `rpm` -To install SAP software on Red Hat Enterprise Linux you need some additional packages which come in a special repository. To get this repository you need to have one -of the following products: +Select type of installation source for SAPHOSTAGENT.
+Available options: `sar`, `sar-remote`, `bundle`, `rpm` -- [RHEL for SAP Solutions](https://access.redhat.com/solutions/3082481) (premium, standard, developer Edition) -- [RHEL for Business Partner NFRs](https://partnercenter.redhat.com/NFRPageLayout) -[Click here](https://developers.redhat.com/products/sap/download/) to achieve a personal developer edition of RHEL for SAP Solutions. Please register as a developer and download the developer edition. +### Input Parameters for SAR +Following input parameters are used by both Local SAR and Remote SAR. -- [Registration Link](http://developers.redhat.com/register) : - Here you can either register a new personal account or link it to an already existing **personal** Red Hat Network account. -- [Download Link](https://access.redhat.com/downloads/): - Here you can download the Installation DVD for RHEL with your previously registered account +#### sap_hostagent_sar_file_name -*NOTE:* This is a regular RHEL installation DVD as RHEL for SAP Solutions is no additional - product but only a special bundling. The subscription grants you access to the additional - packages through our content delivery network(CDN) after installation. +- _Type:_ `string` -It is also important that your disks are setup according to the [SAP storage requirements for SAP HANA](https://www.sap.com/documents/2015/03/74cdb554-5a7c-0010-82c7-eda71af511fa.html). This [BLOG](https://blogs.sap.com/2017/03/07/the-ultimate-guide-to-effective-sizing-of-sap-hana/) is also quite helpful when sizing HANA systems. +Name of SAR file containing SAPHOSTAGENT. -## Role Variables +#### sap_hostagent_sapcar_file_name -### RPM based installations +- _Type:_ `string` -| variable | info | required? | -|:--------:|:----:|:---------:| -|sap_hostagent_installation_type|Source type of the installation for SAPHOSTAGENT|yes, with `rpm` value| -|sap_hostagent_rpm_local_path|Local directory path where RPM file is located|yes, unless `sap_hostagent_rpm_remote_path` is used| -|sap_hostagent_rpm_remote_path|Local directory path where RPM file is located|yes, unless `sap_hostagent_rpm_local_path` is used| -|sap_hostagent_rpm_file_name|Local RPM file name|yes| -|sap_hostagent_agent_tmp_directory|Temporary directory path that will be created on the target host|no (defaulted in the role)| -|sap_hostagent_clean_tmp_directory|Boolean variable to indicate if the temporary directory will be removed or not after the installation| no (defaulted in the role)| +Name of SAR file containing SAPCAR. -### SAR based installations (content on ansible control node) +### Input Parameters for Local SAR -| variable | info | required? | -|:--------:|:----:|:---------:| -|sap_hostagent_installation_type|Source type of the installation for SAPHOSTAGENT|yes with `sar` value| -|sap_hostagent_sar_local_path|Local directory path where SAR file is located|yes| -|sap_hostagent_sar_file_name|Local SAR file name|yes| -|sap_hostagent_sapcar_local_path|Local directory path where SAPCAR tool file is located|yes| -|sap_hostagent_sapcar_file_name|Local SAPCAR tool file name|yes| -|sap_hostagent_agent_tmp_directory|Temporary directory path that will be created on the target host|no (defaulted in the role)| -|sap_hostagent_clean_tmp_directory|Boolean variable to indicate if the temporary directory will be removed or not after the installation| no (defaulted in the role)| +#### sap_hostagent_sar_local_path -### SAR based installations (with content existing on target node) +- _Type:_ `string` -| variable | info | required? | -|:--------:|:----:|:---------:| -|sap_hostagent_installation_type|Source type of the installation for SAPHOSTAGENT|yes with `sar-remote` value| -|sap_hostagent_sar_remote_path|Remote directory path where SAR tool file is located|yes| -|sap_hostagent_sar_file_name|SAR tool file name|yes| -|sap_hostagent_sapcar_remote_path|Remote directory path of SAR archive|yes| -|sap_hostagent_sapcar_file_name|Remote file name of SAR archive|yes| -|sap_hostagent_agent_tmp_directory|Temporary directory path that will be created on the target host|no (defaulted in the role)| -|sap_hostagent_clean_tmp_directory|Boolean variable to indicate if the temporary directory will be removed or not after the installation| no (defaulted in the role)| +Local directory path where SAR file is located.
+**Do not use together with `sap_hostagent_sar_remote_path`.** +#### sap_hostagent_sapcar_local_path -### SAP Bundle based installations +- _Type:_ `string` -| variable | info | required? | -|:--------:|:----:|:---------:| -|sap_hostagent_installation_type|Source type of the installation for SAPHOSTAGENT|yes with `bundle` value| -|sap_hostagent_bundle_path|Target host directory path where SAP Installation Bundle has been unarchived| -|sap_hostagent_agent_tmp_directory|Temporary directory path that will be created on the target host|no (defaulted in the role)| -|sap_hostagent_clean_tmp_directory|Boolean variable to indicate if the temporary directory will be removed or not after the installation| no (defaulted in the role)| +Local directory path where SAPCAR file is located.
+**Do not use together with `sap_hostagent_sapcar_remote_path`.** -### SSL Configuration +### Input Parameters for Remote SAR -Right now the role will configure the PSE and create a CSR. Adding signed certificates from a valid CA is not supported yet +#### sap_hostagent_sar_remote_path -| variable | info | required? | -|:--------:|:----:|:---------:| -|sap_hostagent_config_ssl|This boolean variable will configure Agent for SSL communication|no (defaulted in the role)| -|sap_hostagent_ssl_passwd|Password to be used for the CSR|yes when `sap_hostagent_config_ssl` True| -|sap_hostagent_ssl_org|Organization information for the CSR|yes when `sap_hostagent_config_ssl` True| -|sap_hostagent_ssl_country|Country information for the CSR|yes when `sap_hostagent_config_ssl` True| +- _Type:_ `string` -## Dependencies +Remote directory path where SAR file is located.
+**Do not use together with `sap_hostagent_sar_local_path`.** -Before using this role ensure your system has been configured properly to run SAP applications. +#### sap_hostagent_sapcar_remote_path -You can use the supported role `sap_general_preconfigure` coming with RHEL 7 and 8 with RHEL for SAP Solutions Subscription +- _Type:_ `string` -The upstream version of this role can be found [here](https://github.com/linux-system-roles/sap_general_preconfigure) +Local directory path where SAPCAR file is located.
+**Do not use together with `sap_hostagent_sapcar_local_path`.** -## Example Playbook -```yaml - - hosts: servers - roles: - - role: sap_hostagent -``` +### Input Parameters for RPM -## Example Inventory +#### sap_hostagent_rpm_local_path -When using RPM: +- _Type:_ `string` -```yaml -sap_hostagent_installation_type: "rpm" -sap_hostagent_rpm_local_path: "/mylocaldir/SAPHOSTAGENT" -sap_hostagent_rpm_file_name: "saphostagentrpm_44-20009394.rpm" -sap_hostagent_clean_tmp_directory: true -``` +Local directory path where RPM file is located.
+**Do not use together with `sap_hostagent_rpm_remote_path`.** -When using SAR: +#### sap_hostagent_rpm_remote_path -```yaml -sap_hostagent_installation_type: "sar" -sap_hostagent_sar_local_path: "/mylocaldir/SAPHOSTAGENT" -sap_hostagent_sar_file_name: "SAPHOSTAGENT44_44-20009394.SAR" -sap_hostagent_sapcar_local_path: "/mylocaldir/SAPHOSTAGENT" -sap_hostagent_sapcar_file_name: "SAPCAR_1311-80000935.EXE" -sap_hostagent_clean_tmp_directory: true -``` +- _Type:_ `string` -When using SAP Bundle: +Remote directory path where RPM file is located.
+**Do not use together with `sap_hostagent_rpm_local_path`.** -```yaml -sap_hostagent_installation_type: "bundle" -sap_hostagent_bundle_path: "/usr/local/src/HANA-BUNDLE/51053381" -sap_hostagent_clean_tmp_directory: true -``` +#### sap_hostagent_rpm_file_name -## License +- _Type:_ `string` + +Name of RPM package containing SAPHOSTAGENT. + + +### Input Parameters for SAP Bundle + +#### sap_hostagent_bundle_path + +- _Type:_ `string` + +Remote directory path where SAP Bundle file is located after being extracted. + + +### Input Parameters for SSL setup + +#### sap_hostagent_config_ssl + +- _Type:_ `bool` +- _Default:_ `False` + +Enable to configure PSE and create CSR.
+Adding signed certificates from a valid CA is not supported yet. + +#### sap_hostagent_ssl_passwd + +- _Type:_ `string` + +Enter password for the CSR. It is used when `sap_hostagent_config_ssl` is set. + +#### sap_hostagent_ssl_org + +- _Type:_ `string` + +Enter Organization information for the CSR. It is used when `sap_hostagent_config_ssl` is set. + +#### sap_hostagent_ssl_country + +- _Type:_ `string` + +Enter Country information for the CSR. It is used when `sap_hostagent_config_ssl` is set. + + +#### sap_hostagent_agent_tmp_directory + +- _Type:_ `string` +- _Default:_ `/tmp/hostagent` + +Temporary directory for processing of source file. -Apache license 2.0 +#### sap_hostagent_clean_tmp_directory -## Author Information +- _Type:_ `bool` +- _Default:_ `False` -IBM Lab for SAP Solutions, Red Hat for SAP Community of Practice +Enable to remove temporary directory after installation. + \ No newline at end of file diff --git a/roles/sap_install_media_detect/README.md b/roles/sap_install_media_detect/README.md index 23dfaa60c..1c0a100c5 100644 --- a/roles/sap_install_media_detect/README.md +++ b/roles/sap_install_media_detect/README.md @@ -1,48 +1,103 @@ + # sap_install_media_detect Ansible Role + +![Ansible Lint for sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_install_media_detect.yml/badge.svg) -Ansible Role for detection and extraction of SAP Software installation media +## Description + +The Ansible Role `sap_install_media_detect` is used to detect and extract SAP installation media. -This role is used to prepare for installation of SAP Software, by searching a given directory for SAP installation media (e.g. SAR files), -moving files to subdirectories (i.e. `/sap_hana` and `/sap_swpm`) with the directory/file ownership permissions, then extracting the detected files. +This role searches provided source directory, sorts files based on type and extracts them to target directory. Extraction can be further adjusted to create individual folders based on defined inputs. -Detection of installation media is available for SAP HANA and the various key installation files when using SAP SWPM to install -SAP Business Applications based upon SAP NetWeaver (e.g. SAP S/4HANA, SAP BW/4HANA, SAP ECC, SAP BW, SAP WebDispatcher etc). -As an example, SAP HANA Client would be detected and the SAP Kernel Part I/II would be detected. +Detection of supported installation media is available for SAP HANA and wide range of SAP Applications (example: SAP S/4HANA, SAP BW/4HANA, SAP ECC, SAP BW, SAP WebDispatcher, SAP Business Applications based upon SAP NetWeaver, etc). + -Once detection (e.g. using `zipinfo -1` and `unrar lb`) and extraction are completed, the file paths are shown and stored as variables for subsequent use by other Ansible Tasks. + + -RAR files can be either handled by the unar package from EPEL or by another package which can list the contents of, and extract files from, -RAR files. See the comments and examples for the RAR file handling in `defaults/main.yml`. If the EPEL repo had been enabled at the time -when the role was run, it will remain enabled. If the EPEL repo was not present, the associated GPG key will be removed and the EPEL repo -will be disabled as the last task. + +## Prerequisites +Managed nodes: +- Directory with SAP Installation media is present and `sap_install_media_detect_source_directory` updated. Download can be completed using [community.sap_launchpad](https://github.com/sap-linuxlab/community.sap_launchpad) Ansible Collection. + -## Execution Flow +## Execution + + -- At the beginning of the execution of the role, a new tool `sapfile` is pushed to a temporary directory on the managed node. -- Also a package which contains a command for extracting and listing content of files of type `RAR` is installed. -- The next step is to check if source and/or target directories exist. If role parameter `sap_install_media_detect_target_directory` is defined, files will later be copied from `sap_install_media_detect_source_directory`. This is the `remote_dir` case. -- If the system on which the `sap_install_media_detect_source_directory` is not writable, the role would normally fail because one or both of the following conditions are not met: - - The SAPCAR EXE file is not executable. - - There are one or more `ZIP` or `RAR` files without extension. -- In this `remote_dir` case, to make sure the role does not fail, it needs to be run first on the node on which `sap_install_media_detect_source_directory` is writable, with role parameter `sap_install_media_detect_file_server_only` set to `true` so the role will not perform and further file detection activities. -- After the SAPCAR EXE file is executable and there are no more `ZIP` or `RAR` files without extension, the role can be called on a managed node where `sap_install_media_detect_source_directory` is not writable. -- A new list of all files with the correct final file names will then be created, and for each of the files, the SAP file types are determined using the `sapfile` tool, either using the file names or - if this information is not sufficient - from information inside the file. -- We then assert that there is at least (or exactly, depending on the file type) one file available for each of the `sap_install_media_detect_*` parameters. For example, if `sap_install_media_detect_kernel_db` is set to `saphana`, then there must be one SAP Kernel DB dependent file for SAP HANA. -- In case of `remote_dir`, the next step is to copy all files from `sap_install_media_detect_source_directory` to `sap_install_media_detect_target_directory`. -- Then we extract files which are configured in `sapfile` to be extracted, and copy or move files which are configured in `sapfile` to be copied or moved. Certain files like `SAPCAR*.EXE` and the SAP Host Agent will be copied to two different directories. -- Once all necessary files have been extracted and all files are copied or moved to where we want them to be, we are using the Ansible find module to identify the different file types by using file or directory name patterns. -- The last step is to fill all required `sap_swpm` parameters from the result of the previous find step, and display all the variables. + +### Recommended +It is recommended to execute this role together with other roles in this collection, in the following order:
+#### SAP HANA +1. [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) +2. [sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) +3. *`sap_install_media_detect`* +4. [sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_install) +5. [sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_install_hana_hsr) - High Availability specific +6. [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster) - High Availability specific -## Variables and Parameters +#### SAP Netweaver +1. [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) +2. [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure) +3. *`sap_install_media_detect`* +4. [sap_swpm](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_swpm) +5. [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster) - High Availability specific + -See the file `defaults/main.yml`. +### Execution Flow + +1. At the beginning of the execution of the role, a new tool `sapfile` is pushed to a temporary directory on the managed node. +2. Also a package which contains a command for extracting and listing content of files of type `RAR` is installed. +3. The next step is to check if source and/or target directories exist. If role parameter `sap_install_media_detect_target_directory` is defined, files will later be copied from `sap_install_media_detect_source_directory`. This is the `remote_dir` case. +4. If the system on which the `sap_install_media_detect_source_directory` is not writable, the role would normally fail because one or both of the following conditions are not met: + - The SAPCAR EXE file is not executable. + - There are one or more `ZIP` or `RAR` files without extension. +5. In this `remote_dir` case, to make sure the role does not fail, it needs to be run first on the node on which `sap_install_media_detect_source_directory` is writable, with role parameter `sap_install_media_detect_file_server_only` set to `true` so the role will not perform and further file detection activities. +6. After the SAPCAR EXE file is executable and there are no more `ZIP` or `RAR` files without extension, the role can be called on a managed node where `sap_install_media_detect_source_directory` is not writable. +7. A new list of all files with the correct final file names will then be created, and for each of the files, the SAP file types are determined using the `sapfile` tool, either using the file names or - if this information is not sufficient - from information inside the file. +8. We then assert that there is at least (or exactly, depending on the file type) one file available for each of the `sap_install_media_detect_*` parameters. For example, if `sap_install_media_detect_kernel_db` is set to `saphana`, then there must be one SAP Kernel DB dependent file for SAP HANA. +9. In case of `remote_dir`, the next step is to copy all files from `sap_install_media_detect_source_directory` to `sap_install_media_detect_target_directory`. +10. Then we extract files which are configured in `sapfile` to be extracted, and copy or move files which are configured in `sapfile` to be copied or moved. Certain files like `SAPCAR*.EXE` and the SAP Host Agent will be copied to two different directories. +11. Once all necessary files have been extracted and all files are copied or moved to where we want them to be, we are using the Ansible find module to identify the different file types by using file or directory name patterns. +12. The last step is to fill all required `sap_swpm` parameters from the result of the previous find step, and display all the variables. + - Once detection (e.g. using `zipinfo -1` and `unrar lb`) and extraction are completed, the file paths are shown and stored as variables for subsequent use by other Ansible Tasks. -## Dependencies +
+ (Red Hat) Additional steps for RAR files -This role does not depend on any other Ansible Role. + RAR files can be either handled by the unar package from EPEL or by another package which can list the contents of, and extract files from, RAR files. See the comments and examples for the RAR file handling in `defaults/main.yml`. -## Tags + - If the EPEL repo had been enabled at the time when the role was run, it will remain enabled. + - If the EPEL repo was not present, the associated GPG key will be removed and the EPEL repo will be disabled as the last task. +
+ +### Example + +Example playbook to extract SAP Installation media for SAP ASCS Netweaver. +```yaml +--- +- name: Ansible Play for SAP NetWeaver ASCS - Extract SAP Installation media + hosts: nwas_ascs + become: true + any_errors_fatal: true + max_fail_percentage: 0 + tasks: + + - name: Execute Ansible Role sap_install_media_detect + ansible.builtin.include_role: + name: community.sap_install.sap_install_media_detect + vars: + sap_install_media_detect_swpm: true + sap_install_media_detect_hostagent: true + sap_install_media_detect_igs: true + sap_install_media_detect_kernel: true + sap_install_media_detect_webdisp: false +``` + + + +### Role Tags With the following tags, the role can be called to perform certain activities only: - tag `sap_install_media_detect_zip_handling`: Only perform the task for enabling the listing and extracting of files of type `ZIP`. - tag `sap_install_media_detect_rar_handling`: Only perform the tasks for enabling the listing and extracting of files of type `RAR`. This @@ -59,11 +114,209 @@ With the following tags, the role can be called to perform certain activities on Note: After running the role with the following four tags, the SAP archive files will be in the same place as before running the role the first time. The directories with pattern `*_extracted` will remain in place. `sap_install_media_detect_provide_sapfile_utility,sap_install_media_detect_check_directories,sap_install_media_detect_create_file_list_phase_1,sap_install_media_detect_move_files_to_main_directory` + + + +## Further Information +For more examples on how to use this role in different installation scenarios, refer to the [ansible.playbooks_for_sap](https://github.com/sap-linuxlab/ansible.playbooks_for_sap) playbooks. + ## License + +Apache 2.0 + + +## Maintainers + +- [Bernd Finger](https://github.com/berndfinger) + + +## Role Variables + +### sap_install_media_detect_rar_handling + +- _Type:_ `bool` +- _Default:_ `True` + +Set this parameter to `false` for skipping the handling of RAR files. In this case, also no `unar` or other RAR handling software will be installed. + + +### sap_install_media_detect_rar_package + +- _Type:_ `str` +- _Default:_ `EPEL` + +Set this parameter to use either the `unar` package from `EPEL` or another software package for handling RAR files.
+Based on this setting, the commands for listing and extracting RAR files are being set in tasks/prepare/enable_rar_handling.yml + +### sap_install_media_detect_epel_gpg_key_url + +- _Type:_ `str` +- _Default:_ `https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}` + +URL for the EPEL GPG key + +### sap_install_media_detect_use_rpm_key_module_for_removing_the_key + +- _Type:_ `bool` +- _Default:_ `True` + +The `EPEL` GPG key can be removed with the rpm_key module and the URL for the key, or by using the `rpm -e` command.
+For using the rpm -e command, set this variable to 'false'. + +### sap_install_media_detect_file_server_only + +- _Type:_ `bool` +- _Default:_ `False` + +If this role is running on a file server on which the SAP software is not to be installed, set the following to true.
+If this role is running on a system on which the SAP software is to be installed, set the following to false. + +### sap_install_media_detect_rar_list + +- _Type:_ `str` +- _Default:_ `/usr/bin/unrar lb` + +Fully qualified path to the program for listing RAR files, including the argument for listing files.
+If not specified, the `lsar` program (or a link with the name `lsar`, pointing to the actual `lsar` program) is expected to be located in one of the PATH directories.
+If sap_install_media_detect_rar_package is set to `EPEL`, this variable is not used. + +### sap_install_media_detect_rar_extract + +- _Type:_ `str` +- _Default:_ `/usr/bin/unrar x` + +Fully qualified path to the program for extracting RAR files, including the argument for extracting files.
+If not specified, the `unar` program (or a link with the name `unar`, pointing to the actual `unar` program) is expected to be located in one of the PATH directories.
+If sap_install_media_detect_rar_package is set to `EPEL`, this variable is not used. + +### sap_install_media_detect_rar_extract_directory_argument + +- _Type:_ `str` + +Fully qualified path to an additional argument to the program for extracting RAR files, for specifying the directory into which the archive is to be extracted.
+Needs to be empty or start with a space character.
+If sap_install_media_detect_rar_package is set to 'EPEL', this variable is not used. + +### sap_install_media_detect_source_directory + +- _Type:_ `str` +- _Default:_ `/software` + +Directory where the SAP software is located + +### sap_install_media_detect_target_directory + +- _Type:_ `str` + +Directory where the SAP software is located after the role is run, if different from `sap_install_media_detect_source_directory` + +### sap_install_media_detect_create_target_directory + +- _Type:_ `bool` +- _Default:_ `True` + +Create target directory if it does not yet exist. If set to false, perform a check only + +### sap_install_media_detect_rename_target_file_exists + +- _Type:_ `str` +- _Default:_ `skip` + +If there are two files of the same RAR or ZIP type, one with and one without suffix, the following parameter will determine what the role will do for such a file:
+- `skip` the file renaming. +- `fail` execution. +- `overwrite` the file with the suffix by the file without suffix. + +### sap_install_media_detect_extract_archives + +- _Type:_ `bool` +- _Default:_ `True` + +If you want the role to not extract archives which have the extract flag set, set the following parameter to `false`. + +### sap_install_media_detect_move_or_copy_archives + +- _Type:_ `bool` +- _Default:_ `True` + +If you want the role to not move or copy archive files to the `target_dir` subdirectories, set the following parameter to `false`. + +### sap_install_media_detect_assert_after_sapfile + +- _Type:_ `bool` +- _Default:_ `True` + +By default, the presence of at least one file for each file type according to the configured role parameters is asserted. Set the following parameter to 'false' to skip this step. + +### sap_install_media_detect_db + +- _Type:_ `str` + +Select which database type to detect.
+Available values: `saphana`, `sapase`, `sapmaxdb`, `oracledb`, `ibmdb2` + +### sap_install_media_detect_db_client + +- _Type:_ `str` + +Select which database client to detect.
+Available values: `saphana`, `sapase`, `sapmaxdb`, `oracledb`, `ibmdb2` + +### sap_install_media_detect_swpm + +- _Type:_ `bool` +- _Default:_ `False` + +Enable to detect SWPM. + +### sap_install_media_detect_hostagent + +- _Type:_ `bool` +- _Default:_ `False` + +Enable to detect SAP Hostagent. + +### sap_install_media_detect_igs + +- _Type:_ `bool` +- _Default:_ `False` + +Enable to detect SAP IGS. + +### sap_install_media_detect_kernel + +- _Type:_ `bool` +- _Default:_ `False` + +Enable to detect SAP Kernel files. + +### sap_install_media_detect_kernel_db + +- _Type:_ `str` + +Select which database kernel to detect.
+Available values: `saphana`, `sapase`, `sapmaxdb`, `oracledb`, `ibmdb2`
+Only necessary if there is more than one SAPEXEDB file in the source directory + +### sap_install_media_detect_webdisp + +- _Type:_ `bool` +- _Default:_ `False` + +Enable to detect SAP Web Dispatcher. + +### sap_install_media_detect_mpstack + +- _Type:_ `bool` +- _Default:_ `False` + +Enable to detect SAP Maintenance Planner stack file. -Apache license 2.0 +### sap_install_media_detect_export -## Author Information +- _Type:_ `str` -IBM Lab for SAP Solutions, Red Hat for SAP Community of Practice, Bernd Finger +Select which database export to detect.
+Available values: `saps4hana`, `sapbw4hana`, `sapecc`, `sapecc_ides`, `sapnwas_abap`, `sapnwas_java`, `sapsolman_abap`, `sapsolman_java` + \ No newline at end of file diff --git a/roles/sap_maintain_etc_hosts/README.md b/roles/sap_maintain_etc_hosts/README.md index 98fab9adf..a308d2042 100644 --- a/roles/sap_maintain_etc_hosts/README.md +++ b/roles/sap_maintain_etc_hosts/README.md @@ -1,142 +1,170 @@ -# Role Name: sap_maintain_etc_hosts - -This role can be used to reliably update the /etc/hosts file. - - - -## Role Input Parameters - -This role requires the dictionary `sap_maintain_etc_hosts_list` which contains the parameters for the hostfile. The default value is the definition of the cluster nodes like in the role `sap_ha_pacemaker_cluster`. If the value `sap_hana_cluster_nodes`or `sap_ha_pacemaker_cluster_cluster_nodes` is not defined the role creates a default value from `ansible_facts`. - -Caution: If you want to use this role to remove entries from /etc/hosts it is a good practise to do this before adding entries. The adding/removal is done in the order the entries are listed. - -### sap_maintain_etc_hosts_list - -- _Type:_ `list` - - List of nodes to be added or removed in /etc/hosts - possible list options: - -#### node_ip - -- _Type:_ `string` - - IP address of the node. - It is required for adding a node. - When deleting a node use only when node_name and node_domain are not defined - -#### node_name - -- _Type:_ `string` - - Hostname of the node - It is required for adding a node. - When deleting a node use only when node_ip is not defined - -#### node_domain - -- _Type:_ `string` - - Domainname of the node - Defaults to sap_domain, if set, otherwise ansible_domain is the default - When deleting a node use only when node_name is defined + +# sap_maintain_etc_hosts Ansible Role + + +## Description + +The Ansible role `sap_maintain_etc_hosts` is used to maintain the `/etc/hosts` file.. + + + + + + + + +## Execution + + + + + + +### Execution Flow + +1. Assert that required inputs were provided. +2. Verify duplicate entries and conflicts; +3. Update `/etc/hosts` file. + + +### Example + +Example playbook will update `/etc/hosts`: +- Remove node with IP `10.10.10.10`. +- Remove node with name `host2`. +- Add node with IP `10.10.10.11`, name `host1`, aliases `alias1, alias2` and comment `host1 comment`. +```yaml +- name: Ansible Play for add entry in /etc/hosts + hosts: all + become: true + tasks: + - name: Execute Ansible Role sap_sap_maintain_etc_hosts + ansible.builtin.include_role: + name: community.sap_install.sap_sap_maintain_etc_hosts + vars: + sap_maintain_etc_hosts_list: + - node_ip: 10.10.10.10 + state: absent + - node_name: host2 + state: absent + - node_ip: 10.10.10.11 + node_name: host1 + aliases: + - alias1 + - alias2 + node_comment: "host1 comment" # Comment is created after hash sign (defaults to hana_site) + state: present +``` -#### aliases +Example playbook when executed together with [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster) role which uses either `sap_ha_pacemaker_cluster_cluster_nodes` or `sap_hana_cluster_nodes`. +```yaml +- name: Ansible Play for add entry in /etc/hosts + hosts: all + become: true + tasks: + - name: Execute Ansible Role sap_sap_maintain_etc_hosts + ansible.builtin.include_role: + name: community.sap_install.sap_sap_maintain_etc_hosts + vars: + sap_maintain_etc_hosts_list: "{{ sap_ha_pacemaker_cluster_cluster_nodes }}" +``` + -- _Type:_ `list` + + - List of aliases for the node - Not used when state is absent + +## Further Information +For more examples on how to use this role in different installation scenarios, refer to the [ansible.playbooks_for_sap](https://github.com/sap-linuxlab/ansible.playbooks_for_sap) playbooks. + -#### alias_mode +## License + +Apache 2.0 + -- _Type:_ `string` +## Maintainers + +- [Markus Koch](https://github.com/rhmk) +- [Bernd Finger](https://github.com/berndfinger) + - Options: +## Role Variables + - - `merge` : merges the list of aliases with the exiting aliases of the node. (default) - - `overwrite` : overwrites the aliases of the node. +This role requires the dictionary `sap_maintain_etc_hosts_list` which contains the parameters for the `/etc/hosts` file. - Not used when state is absent +The default value is the definition of the cluster nodes like in the role [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster).
+If the value `sap_hana_cluster_nodes`or `sap_ha_pacemaker_cluster_cluster_nodes` is not defined, then the role creates a default value from `ansible_facts`. -#### node_comment +**NOTE: If you want to use this role to remove entries from /etc/hosts it is a good practice to do this before adding entries. The adding/removal is done in the order the entries are listed.** -- _Type:_ `string` - - default: managed by ansible sap_maintain_etc_hosts role` - String which is appended to line in hosts after comment string - Not used when state is absent +### sap_maintain_etc_hosts_list -#### hana_site +- _Type:_ `list` with elements of type `dict` -- _Type:_ `string` +Mandatory list of nodes in form of dictionaries to be added or removed in `/etc/hosts` file. - if set (e.g. for configuring cluster) it is appended to the comment - Not used when state is absent +Following dictionary keys can be defined: +- **node_ip**
+ IP address of the managed node.
+ **Required** for adding new entries to `/etc/hosts`.
+ _Optional_ for removing entries, where `node_name` and `node_domain` can be used instead. -#### node_role + - _Type:_ `string` - Not used. For compatibility reason only. +- **node_name**
+ Hostname of the managed node.
+ **Required** for adding new entries to `/etc/hosts`.
+ _Optional_ for removing entries, when `node_ip` is not used. -#### state + - _Type:_ `string` -- _Type:_ `string` +- **node_domain**
+ Domain name of the managed node. Defaults to `sap_domain` if set or `ansible_domain`.
+ **Required** for adding new entries to `/etc/hosts`.
+ _Optional_ for removing entries, when `node_name` is used. - Options: + - _Type:_ `string` + - _Default:_ `sap_domain` - - `present` : creates a host entry (default)` - - `absent` : removes a host entry by ip or hostname +- **aliases**
+ List of aliases for the managed node.
+ _Optional_ for adding new entries to `/etc/hosts`. - +- **alias_mode**
+ Select method of updating `/etc/hosts` file:
+ - `merge` : merges the list of aliases with the exiting aliases of the node.
+ - `overwrite` : overwrites the aliases of the node. + _Optional_ for adding new entries to `/etc/hosts`. -Example Playbook ----------------- + - _Type:_ `string` + - _Default:_ `merge` -If you want to setup/add entries your etc hosts you can use this snippet +- **node_comment**
+ Node comment is appended at end of line of managed node.
+ _Optional_ for adding new entries to `/etc/hosts`. -```[yaml] -- name: Ensure /etc/hosts is updated - include_role: sap_sap_maintain_etc_hosts - var: - sap_maintain_etc_hosts_list: - - node_ip: 1.2.3.5 - state: absent - - node_name: host2 - state: absent - - node_ip: 1.2.3.4 - node_name: host1 - aliases: - - alias1 - - anotheralias2 - node_comment: "Here comes text after hashsign" (defaults to hana_site) - state: present -``` + - _Type:_ `string` + - _Default:_ `managed by ansible sap_maintain_etc_hosts role` -If you have defined a cluster and the variable `sap_ha_pacemaker_cluster_cluster_nodes` or `sap_hana_cluster_nodes` is set, you can use the following play: +- **hana_site**
+ Used by [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster) and it is appended to `node_comment`
+ _Optional_ for adding new entries to `/etc/hosts`. -```[yaml] -- name: ensure all cluster nodes are in /etc/hosts - include_role: sap_maintain_etc_hosts - var: - sap_maintain_etc_hosts_list: "{{ sap_hana_cluster_nodes }}" -``` + - _Type:_ `string` -License -------- +- **node_role**
+ Not used, but mentioned for compatibility reasons for [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster) role.
-Apache-2.0 + - _Type:_ `string` -Author Information ------------------- +- **state**
+ Select `present` for adding new entries, `absent` for removing them.
+ **Required** for removing entries, otherwise default `present` is used. -@rhmk 10/10/23 + - _Type:_ `string` + - _Default:_ `present` + \ No newline at end of file diff --git a/roles/sap_netweaver_preconfigure/README.md b/roles/sap_netweaver_preconfigure/README.md index ae666ccd8..fc321756a 100644 --- a/roles/sap_netweaver_preconfigure/README.md +++ b/roles/sap_netweaver_preconfigure/README.md @@ -1,37 +1,85 @@ + # sap_netweaver_preconfigure Ansible Role + + +## Description + +The Ansible role `sap_netweaver_preconfigure` installs additional required packages and performs additional OS configuration steps according to applicable SAP notes for installing and running SAP ABAP Application Platform (formerly known as SAP NetWeaver) after the role [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) has been executed. + + + + + + +## Prerequisites +Managed nodes: +- Ensure that general operating system configuration for SAP is performed by [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure). See [Recommended](#recommended) section. + + +## Execution + +**:warning: Do not execute this Ansible Role against existing SAP systems unless you know what you are doing and you prepare inputs to avoid unintended changes caused by default inputs.** + +**NOTE: It is recommended to execute `timesync` role from Ansible Collection `fedora.linux_system_roles` before or after executing this role.** + + + +### Recommended +It is recommended to execute this role together with other roles in this collection, in the following order:
+1. [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) +2. *`sap_netweaver_preconfigure`* + + +### Execution Flow + +1. Assert that required inputs were provided. +2. Install required packages +3. Apply configurations + - Execute configuration tasks based on SAP Notes + - (SUSE) Execute saptune with solution `sap_netweaver_preconfigure_saptune_solution` (Default: `NETWEAVER`) + +**Note: (Red Hat) Due to SAP notes 2002167, 2772999, and 3108316, the role will switch to tuned profile sap-netweaver no matter if another tuned profile (e.g. virtual-guest) had been active before or not.** + + +### Example + +Example of execution together with prerequisite role [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) +```yaml +--- +- name: Ansible Play for SAP Netweaver preconfigure + hosts: nwas_ascs, nwas_ers + become: true + tasks: + - name: Execute Ansible Role sap_general_preconfigure + ansible.builtin.include_role: + name: community.sap_install.sap_general_preconfigure + + - name: Execute Ansible Role sap_netweaver_preconfigure + ansible.builtin.include_role: + name: community.sap_install.sap_netweaver_preconfigure +``` + -This role installs additional required packages and performs additional configuration steps for installing and running SAP NetWeaver. -If you want to configure a RHEL system for the installation and later usage of SAP NetWeaver, you have to first run role `sap_general_preconfigure` and then role sap_netweaver_preconfigure. -For SLES, running the `sap_general_preconfigure` role is not necessary. - -## Requirements - -To use this role, your system needs to be configured with the basic requirements for SAP NetWeaver or SAP HANA. This is typically done by -running role sap_general_preconfigure (for RHEL managed nodes before RHEL 7.6, community maintained role sap-base-settings can be used). -It is also strongly recommended to run role linux-system-roles.timesync for all systems running SAP NetWeaver, to maintain an identical -system time, before or after running role sap_netweaver_preconfigure. - -Note ----- -On RHEL, as per SAP notes 2002167, 2772999, and 3108316, the role will switch to tuned profile sap-netweaver no matter if another tuned profile -(e.g. virtual-guest) had been active before or not. - -On SLES, this role will switch the saptune solution to the one specified by the configuration and will override any previously set solution. -The default solution is `NETWEAVER`. - -The role can check if enough swap space - as per the prerequisite checker in sapinst - has been configured on the managed node. -Please check the SAP NetWeaver installation guide for swap space requirements. - -Do not run this role against an SAP NetWeaver or other production system. The role will enforce a certain configuration on the managed -node(s), which might not be intended. + + - -## Role Input Parameters + +## Further Information +For more examples on how to use this role in different installation scenarios, refer to the [ansible.playbooks_for_sap](https://github.com/sap-linuxlab/ansible.playbooks_for_sap) playbooks. + -Minimum required parameters: -This role does not require any parameter to be set in the playbook or inventory. +## License + +Apache 2.0 + +## Maintainers + +- [Bernd Finger](https://github.com/berndfinger) + +## Role Variables + ### sap_netweaver_preconfigure_config_all - _Type:_ `bool` - _Default:_ `true` @@ -99,93 +147,13 @@ Set this parameter to `true` when using Adobe Document Services, to ensure all r ### sap_netweaver_preconfigure_saptune_version - _Type:_ `str` -- _Default:_ `3.0.2` -On SLES systems, specifies the saptune version
+(SUSE specific) Specifies the saptune version. ### sap_netweaver_preconfigure_saptune_solution - _Type:_ `str` - _Default:_ `NETWEAVER` -- _Possible Values:_
- - `NETWEAVER` - - `NETWEAVER+HANA` - - `S4HANA-APP+DB` - - `S4HANA-APPSERVER` - - `S4HANA-DBSERVER` - -On SLES systems, specifies the saptune solution to apply.
- - - -## Example Playbook - -Simple playbook, named sap+netweaver.yml: -```yaml ---- -- hosts: all - roles: - - role: sap_general_preconfigure - - role: sap_netweaver_preconfigure -``` - -Simple playbook for an extended check (assert) run, named sap+netweaver-assert.yml: -```yaml ---- -- hosts: all - vars: - sap_preconfigure_assert: yes - sap_preconfigure_assert_ignore_errors: yes - sap_netweaver_preconfigure_assert: yes - sap_netweaver_preconfigure_assert_ignore_errors: yes - roles: - - role: sap_general_preconfigure - - role: sap_netweaver_preconfigure -``` - -## Example Usage -Normal run, for configuring server host_1 for SAP NetWeaver: -```yaml -ansible-playbook sap+netweaver.yml -l host_1 -``` - -Extended Check (assert) run, not aborting if an error has been found: -```yaml -ansible-playbook sap+netweaver-assert.yml -l host_1 -``` - -Same as above, with a nice compact and colored output, this time for two hosts: -```yaml -ansible-playbook sap+netweaver-assert.yml -l host_1,host_2 | -awk '{sub (" \"msg\": ", "")} - /TASK/{task_line=$0} - /fatal:/{fatal_line=$0; nfatal[host]++} - /...ignoring/{nfatal[host]--; if (nfatal[host]<0) nfatal[host]=0} - /^[a-z]/&&/: \[/{gsub ("\\[", ""); gsub ("]", ""); gsub (":", ""); host=$2} - /SAP note/{print "\033[30m[" host"] "$0} - /FAIL:/{nfail[host]++; print "\033[31m[" host"] "$0} - /WARN:/{nwarn[host]++; print "\033[33m[" host"] "$0} - /PASS:/{npass[host]++; print "\033[32m[" host"] "$0} - /INFO:/{print "\033[34m[" host"] "$0} - /changed/&&/unreachable/{print "\033[30m[" host"] "$0} - END{print ("---"); for (var in npass) {printf ("[%s] ", var); if (nfatal[var]>0) { - printf ("\033[31mFATAL ERROR!!! Playbook might have been aborted!!!\033[30m Last TASK and fatal output:\n"); print task_line, fatal_line - } - else printf ("\033[31mFAIL: %d \033[33mWARN: %d \033[32mPASS: %d\033[30m\n", nfail[var], nwarn[var], npass[var])}}' -``` -Note: For terminals with dark background, replace the color code `30m` by `37m`. -In case you need to make an invisible font readable on a terminal with dark background, run the following command in the terminal: -```yaml -printf "\033[37mreadable font\n" -``` -In case you need to make an invisible font readable on a terminal with bright background, run the following command in the terminal: -```yaml -printf "\033[30mreadable font\n" -``` - -## License - -Apache license 2.0 - -## Author Information -Red Hat for SAP Community of Practice, Bernd Finger, Rainer Leber +(SUSE specific) Specifies the saptune solution to apply.
+Available values: `NETWEAVER`, `NETWEAVER+HANA`, `S4HANA-APP+DB`, `S4HANA-APPSERVER`, `S4HANA-DBSERVER` + \ No newline at end of file diff --git a/roles/sap_netweaver_preconfigure/defaults/main.yml b/roles/sap_netweaver_preconfigure/defaults/main.yml index 6b46f5183..0a458da5b 100644 --- a/roles/sap_netweaver_preconfigure/defaults/main.yml +++ b/roles/sap_netweaver_preconfigure/defaults/main.yml @@ -3,30 +3,24 @@ # defaults file for sap_netweaver_preconfigure # Perform an assertion run: -sap_netweaver_preconfigure_assert: no +sap_netweaver_preconfigure_assert: false # In case of an assertion run, if set to "yes", the role will abort for any assertion error: -sap_netweaver_preconfigure_assert_ignore_errors: no +sap_netweaver_preconfigure_assert_ignore_errors: false sap_netweaver_preconfigure_min_swap_space_mb: '20480' -sap_netweaver_preconfigure_fail_if_not_enough_swap_space_configured: yes +sap_netweaver_preconfigure_fail_if_not_enough_swap_space_configured: true sap_netweaver_preconfigure_rpath: '/usr/sap/lib' -sap_netweaver_preconfigure_use_adobe_doc_services: no +sap_netweaver_preconfigure_use_adobe_doc_services: false -#SLES Only -sap_netweaver_preconfigure_saptune_version: '3.0.2' - -## The following variables control aspects of saptune and are only relevant for SLES for SAP Application - -# The saptune solution to apply. For netweaver, the only appropriate options are: -#NETWEAVER -#NETWEAVER+HANA -#S4HANA-APP+DB -#S4HANA-APPSERVER -#S4HANA-DBSERVER -# The default value is NETWEAVER +# (SUSE specific) Version of saptune to install. +# It is recommended to install latest version by keeping this variable empty. +# This will replace the current installed version if present, even downgrade if necessary. +sap_netweaver_preconfigure_saptune_version: '' +# (SUSE specific) Saptune solution to be applied. +# Available options for Netweaver are: NETWEAVER, NETWEAVER+HANA, S4HANA-APP+DB, S4HANA-APPSERVER, S4HANA-DBSERVER sap_netweaver_preconfigure_saptune_solution: NETWEAVER diff --git a/roles/sap_netweaver_preconfigure/meta/argument_specs.yml b/roles/sap_netweaver_preconfigure/meta/argument_specs.yml index 4f4554643..f9392052a 100644 --- a/roles/sap_netweaver_preconfigure/meta/argument_specs.yml +++ b/roles/sap_netweaver_preconfigure/meta/argument_specs.yml @@ -96,16 +96,17 @@ argument_specs: type: bool sap_netweaver_preconfigure_saptune_version: - default: '3.0.2' + default: '' description: - - On SLES systems, specifies the saptune version + - (SUSE specific) Version of saptune to install. + - This will replace the current installed version if present, even downgrade if necessary. required: false type: str sap_netweaver_preconfigure_saptune_solution: default: 'NETWEAVER' description: - - On SLES systems, specifies the saptune solution to apply. + - (SUSE specific) Saptune solution to be applied. choices: - 'NETWEAVER' - 'NETWEAVER+HANA' diff --git a/roles/sap_netweaver_preconfigure/tasks/RedHat/installation.yml b/roles/sap_netweaver_preconfigure/tasks/RedHat/installation.yml index 551c046f8..bbd3763b0 100644 --- a/roles/sap_netweaver_preconfigure/tasks/RedHat/installation.yml +++ b/roles/sap_netweaver_preconfigure/tasks/RedHat/installation.yml @@ -6,8 +6,10 @@ state: present name: "{{ __sap_netweaver_preconfigure_packages }}" -- name: Ensure required packages for Adobe Document Services are installed +- name: Ensure required packages for Adobe Document Services are installed, x86_64 only ansible.builtin.package: state: present name: "{{ __sap_netweaver_preconfigure_adobe_doc_services_packages }}" - when: sap_netweaver_preconfigure_use_adobe_doc_services + when: + - ansible_architecture == 'x86_64' + - sap_netweaver_preconfigure_use_adobe_doc_services diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml index 14764a4f4..72981ca44 100644 --- a/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml @@ -20,15 +20,30 @@ - '"SLES" in sles_baseproduct.stat.lnk_target' - ansible_os_family == 'Suse' -# The use of zypper here allows exact saptune version to be declared and used. -- name: Ensure saptune is installed - community.general.zypper: - type: package - name: "saptune={{ sap_netweaver_preconfigure_saptune_version }}" - state: present - force: true + +- name: Prepare saptune when: - __sap_netweaver_preconfigure_run_saptune + block: + - name: Ensure latest saptune is installed + community.general.zypper: + type: package + name: saptune + state: present + when: + - sap_netweaver_preconfigure_saptune_version is undefined + or sap_netweaver_preconfigure_saptune_version | length == 0 + + - name: Ensure specific saptune version is installed + community.general.zypper: + type: package + name: "saptune={{ sap_netweaver_preconfigure_saptune_version }}" + state: present + force: true + when: + - sap_netweaver_preconfigure_saptune_version is defined + - sap_netweaver_preconfigure_saptune_version | length > 0 + - name: Ensure sapconf is installed community.general.zypper: diff --git a/roles/sap_netweaver_preconfigure/tasks/main.yml b/roles/sap_netweaver_preconfigure/tasks/main.yml index 016d3a7a7..f0a525abd 100644 --- a/roles/sap_netweaver_preconfigure/tasks/main.yml +++ b/roles/sap_netweaver_preconfigure/tasks/main.yml @@ -5,12 +5,20 @@ ansible.builtin.debug: var: role_path +# Load variable file starting with actual version up to OS family. +# Example for SUSE Linux Enterprise Server for SAP Applications 15 SP6: +# 1. SLES_SAP_15.6.yml - Specific to distribution with major and minor release. +# 2. SLES_SAP_15.yml - Specific to distribution and major release regardless of minor release. +# 3. SLES_15.6.yml - Specific to distribution family (SLES and SLES4SAP) and minor release. +# 4. SLES_15.yml - Specific to distribution. +# 5. Suse.yml - Specific to OS family. - name: Include OS specific vars ansible.builtin.include_vars: '{{ item }}' with_first_found: - - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_major_version }}.yml' - '{{ ansible_distribution }}_{{ ansible_distribution_version }}.yml' - '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml' + - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_version }}.yml' + - '{{ ansible_distribution.split("_")[0] }}_{{ ansible_distribution_major_version }}.yml' - '{{ ansible_os_family }}.yml' - name: Set filename prefix to empty string if role is run in normal mode diff --git a/roles/sap_netweaver_preconfigure/vars/RedHat_7.yml b/roles/sap_netweaver_preconfigure/vars/RedHat_7.yml index 4e8fe4de5..1443046a3 100644 --- a/roles/sap_netweaver_preconfigure/vars/RedHat_7.yml +++ b/roles/sap_netweaver_preconfigure/vars/RedHat_7.yml @@ -12,6 +12,7 @@ __sap_netweaver_preconfigure_sapnotes_versions: __sap_netweaver_preconfigure_packages: - tuned-profiles-sap +# SAP note 2135057 v11: __sap_netweaver_preconfigure_adobe_doc_services_packages: - autoconf.noarch - automake.noarch @@ -19,26 +20,26 @@ __sap_netweaver_preconfigure_adobe_doc_services_packages: - expat.x86_64 - fontconfig.x86_64 - freetype.x86_64 - - glibc.x86_64 - - glibc-devel.x86_64 + - glibc.i686 + - glibc-devel.i686 - keyutils-libs.x86_64 - krb5-libs.x86_64 - libcom_err.x86_64 - - libgcc.x86_64 + - libgcc.i686 - libidn.x86_64 - libidn-devel.x86_64 - libselinux.x86_64 - libssh2.x86_64 - - libX11.x86_64 - - libXau.x86_64 - - libxcb.x86_64 + - libX11.i686 + - libXau.i686 + - libxcb.i686 - nspr.x86_64 - nss.x86_64 - nss-softokn.x86_64 - - nss-softokn-freebl.x86_64 + - nss-softokn-freebl.i686 - nss-util.x86_64 - openldap.x86_64 - openssl.x86_64 - transfig.x86_64 - zlib.x86_64 - - libuuid.x86_64 + - libuuid.i686 diff --git a/roles/sap_netweaver_preconfigure/vars/RedHat_8.yml b/roles/sap_netweaver_preconfigure/vars/RedHat_8.yml index c74c0a8b7..ad9dba4ea 100644 --- a/roles/sap_netweaver_preconfigure/vars/RedHat_8.yml +++ b/roles/sap_netweaver_preconfigure/vars/RedHat_8.yml @@ -14,6 +14,7 @@ __sap_netweaver_preconfigure_sapnotes_versions: __sap_netweaver_preconfigure_packages: - tuned-profiles-sap +# SAP note 2920407 v6: __sap_netweaver_preconfigure_adobe_doc_services_packages: - autoconf.noarch - automake.noarch @@ -26,7 +27,6 @@ __sap_netweaver_preconfigure_adobe_doc_services_packages: - libcom_err.x86_64 - libidn2.x86_64 - libselinux.x86_64 - - libssh2.x86_64 - libxcb.i686 - nspr.x86_64 - nss.x86_64 diff --git a/roles/sap_netweaver_preconfigure/vars/RedHat_9.yml b/roles/sap_netweaver_preconfigure/vars/RedHat_9.yml index 07320f104..b6ad0222e 100644 --- a/roles/sap_netweaver_preconfigure/vars/RedHat_9.yml +++ b/roles/sap_netweaver_preconfigure/vars/RedHat_9.yml @@ -12,6 +12,7 @@ __sap_netweaver_preconfigure_sapnotes_versions: __sap_netweaver_preconfigure_packages: - tuned-profiles-sap +# SAP note 3242422 v2: __sap_netweaver_preconfigure_adobe_doc_services_packages: - autoconf.noarch - automake.noarch @@ -24,7 +25,6 @@ __sap_netweaver_preconfigure_adobe_doc_services_packages: - libcom_err.x86_64 - libidn2.x86_64 - libselinux.x86_64 - - libssh2.x86_64 - libxcb.i686 - nspr.x86_64 - nss.x86_64 diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml b/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml new file mode 100644 index 000000000..34ad9619a --- /dev/null +++ b/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# Variables specific to following versions: +# - SUSE Linux Enterprise Server for SAP Applications 15 SP6 +# - SUSE Linux Enterprise Server 15 SP6 + +__sap_netweaver_preconfigure_sapnotes: + - "1275776" + +__sap_netweaver_preconfigure_packages: + - libstdc++6 + - libatomic1 + - libgcc_s1 + - libltdl7 + - insserv-compat + - cpupower + - hicolor-icon-theme + - libcpupower1 # libcpupower0 was removed in SP6 + - libsensors4 + - patterns-base-basesystem + - patterns-server-enterprise-sap_server + - patterns-yast-yast2_basis + - procmail + - sysstat + - system-user-uuidd + - uuidd + - yast2-auth-client + - yast2-auth-server + - yast2-theme + - yast2-vpn + - tcsh + - acl + +# SLES_SAP is using saptune, but SLES is using sapconf. +# Default value true runs saptune, but installation.yml auto-detects base product and adjusts. +__sap_netweaver_preconfigure_run_saptune: true diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_15.yml b/roles/sap_netweaver_preconfigure/vars/SLES_15.yml index 454c589b0..b6f0bacc6 100644 --- a/roles/sap_netweaver_preconfigure/vars/SLES_15.yml +++ b/roles/sap_netweaver_preconfigure/vars/SLES_15.yml @@ -1,6 +1,8 @@ # SPDX-License-Identifier: Apache-2.0 --- -# required SAP Notes for SLES 15 +# Variables specific to following versions: +# - SUSE Linux Enterprise Server for SAP Applications 15 +# - SUSE Linux Enterprise Server 15 __sap_netweaver_preconfigure_sapnotes: - "1275776" diff --git a/roles/sap_storage_setup/README.md b/roles/sap_storage_setup/README.md index d5e5ff23c..7105d1454 100644 --- a/roles/sap_storage_setup/README.md +++ b/roles/sap_storage_setup/README.md @@ -1,71 +1,129 @@ + # sap_storage_setup Ansible Role + +![Ansible Lint for sap_storage_setup](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_storage_setup.yml/badge.svg) -Ansible Role for preparing a host with the storage requirements of an SAP System (prior to software installation) +## Description + +The Ansible Role `sap_storage_setup` is used to prepare a host with the storage requirements of an SAP System (prior to software installation). -## Scope - -This Ansible Role provides: -- local/block storage volumes setup as LVM Logical Volumes, Filesystem formatting and mount to defined directory path -- remote/file storage mount (and subdirectories as required) -- swap file or swap partition - -This Ansible Role has been tested for the following SAP software deployment types: -- SAP HANA Scale-up, Scale-out and Scale-up High Availability -- SAP NetWeaver AS in Sandbox (Two-Tier/OneHost), Standard (Three-Tier/DualHost), Distributed (Multi-Tier) and Distributed High Availability +This role can prepare host with: +- Local block storage volume setup as LVM Logical Volumes, Filesystem formatting and mount to defined directory path +- Remote file storage mount (and subdirectories as required) +- SWAP file or SWAP partition This Ansible Role is agnostic, and will run on any Infrastructure Platform. Only LVM is used for local/block storage, to allow for further expansion if the SAP System requires further storage space in the future. - -Please note, while this Ansible Role has protection against overwrite of existing disks and filesystems - sensible review and care is required for any automation of disk storage. Please review the documentation and samples/examples carefully. It is strongly suggested to initially execute the Ansible Playbook calling this Ansible Role, with `ansible-playbook --check` for Check Mode - this will perform no changes to the host and show which changes would be made. - -In addition, this Ansible Role: - -- Does not permit static definition for mountpoint to use a specific device (e.g. `/dev/sdk`). The definition will define the disk size to use for the mountpoint, and match accordingly. -- Enforces 1 mountpoint will use 1 LVM Logical Volume (LV) that consumes 100% of an LVM Volume Group (VG), with the LVM Volume Group (VG) consuming 100% of 1..n LVM Physical Volumes (PV). - - For granular control of LVM setup, the suggestion is to instead use Ansible Role `storage` from the `fedora.linux_system_roles` Ansible Collection or the Ansible Roles `lvg/lvol/filesystem` from `community.general` Ansible Collection - - -## Requirements - -The Ansible Role requires the `community.general` Ansible Collection (uses the `lvg`, `lvol` and `filesystem` Ansible Modules). - -Before using this Ansible Role, please make sure that the required collections are installed; for example, by using the command `ansible-galaxy install community.general` - + + + +## Dependencies +- `community.general` + - Modules: + - `lvg` + - `lvol` + - `filesystem` +Install required collection by `ansible-galaxy install community.general`. + + + ## Prerequisites +Managed nodes: +- All local/block storage volumes must be attached to the host +- All remote/file storage mounts must be available with host accessibility (e.g. port 2049). + + +## Execution + +**:warning: Do not execute this Ansible Role against existing SAP systems unless you know what you are doing and you prepare inputs to avoid unintended changes caused by default inputs.**
+:warning: While this Ansible Role has protection against overwrite of existing disks and filesystems - sensible review and care is required for any automation of disk storage. Please review the documentation and samples/examples carefully. It is strongly suggested to initially execute the Ansible Playbook calling this Ansible Role, with `ansible-playbook --check` for Check Mode - this will perform no changes to the host and show which changes would be made. + +**Considerations** +- This role does not permit static definition for mountpoint to use a specific device (e.g. `/dev/sdk`). The definition will define the disk size to use for the mountpoint, and match accordingly. +- This role enforces that 1 mountpoint will use 1 LVM Logical Volume (LV) that consumes 100% of an LVM Volume Group (VG), with the LVM Volume Group (VG) consuming 100% of 1..n LVM Physical Volumes (PV). + - Following roles and modules offer alternative for more granular control of LVM setup: + - Role `storage` from [fedora.linux_system_roles](https://github.com/linux-system-roles/storage) + - Modules `filesystem`, `lvg`, `lvol` from [community.general](https://galaxy.ansible.com/ui/repo/published/community/general/) + + + + + +### Execution Flow + +1. Gather facts about hosts. +2. Create list of unused disk devices +3. Match/Map unused disk devices to the `sap_storage_setup_definition` +4. Create LVM Logical Volumes (and prerequisite LVM Volume Groups and LVM Physical Volumes) +5. Create swap file or swap partition +6. Mount NFS temporarily, create required subdirectories, unmount and mount subdirectory on the NFS share + + + +Example playbook to configure SAP HANA OneHost node on AWS that includes: +- 3 disks for `/hana/data`, `/hana/log` and ` /hana/shared` +- Remote filesystem for `/software` +- SWAP +```yaml +--- +- name: Ansible Play for SAP HANA HA storage setup + hosts: hana_primary + become: true + tasks: + - name: Execute Ansible Role sap_storage_setup + ansible.builtin.include_role: + name: community.sap_install.sap_storage_setup + vars: + sap_storage_setup_sid: "H01" + sap_storage_setup_host_type: "hana_primary" + sap_storage_setup_definition: + - name: hana_data + mountpoint: /hana/data + disk_size: 150 + filesystem_type: xfs + + - name: hana_log + mountpoint: /hana/log + disk_size: 100 + filesystem_type: xfs + + - name: hana_shared + mountpoint: /hana/shared + disk_size: 200 + filesystem_type: xfs + + - name: software + mountpoint: /software + nfs_path: /software + nfs_server: "fs-00000000000000000.efs.eu-central-1.amazonaws.com:/software" + nfs_filesystem_type: "nfs4" + nfs_mount_options: "vers=4.1,hard,timeo=600,retrans=2,acl" + + - name: swap + disk_size: 96 + filesystem_type: swap +``` + -All local/block storage volumes must be attached to the host, and all remote/file storage mounts must be available with host accessibility (e.g. port 2049). - -## Variables and Parameters - -The 3 critical variables are: -- `sap_storage_setup_definition` - a list with a dictionary for each mountpoint (e.g. /hana/data) for the host -- `sap_storage_setup_host_type` - a list which defines SAP Software on the host (e.g. list containing both hana_primary and nwas_abap_ascs values if creating a Sandbox Two-Tier/OneHost) -- `sap_storage_setup_sid` - a string with the SAP System ID of the logical system (e.g. D01) - -## Execution Flow - -The Ansible Role is sequential: -- Get host facts -- Create list of unused disk devices -- Match/Map unused disk devices to the `sap_storage_setup_definition` -- Create LVM Logical Volumes (and prerequisite LVM Volume Groups and LVM Physical Volumes) -- Create swap file or swap partition -- Mount NFS temporarily, create required subdirectories, unmount and mount subdictory on the NFS share - -## Sample + + -Please see a full sample using multiple hosts to create an SAP S/4HANA Distributed deployment in the [/playbooks](../../playbooks/) directory of the Ansible Collection `sap_install`. + +## Further Information +For more examples on how to use this role in different installation scenarios, refer to the [ansible.playbooks_for_sap](https://github.com/sap-linuxlab/ansible.playbooks_for_sap) playbooks. + ## License - + Apache 2.0 + -## Author Information - -Red Hat for SAP Community of Practice, Janine Fuchs, IBM Lab for SAP Solutions +## Maintainers + +- [Janine Fuchs](https://github.com/ja9fuchs) + ---- - -## Role Input Parameters +## Role Variables + Minimum required parameters: @@ -78,41 +136,83 @@ Minimum required parameters: - _Type:_ `list` -Describes the filesystems to be configured.
+Describes list of the filesystems to be configured.
- **disk_size**
Size of the disk device that is used for the filesystem.
For filesystems with no LVM logical volume striping, this is the total size of the filesystem.
For filesystems with LVM LV striping defined (`lvm_lv_stripes`), this is the size of each disk. The resulting filesystem size will be `disk_size` multiplied by `lvm_lv_stripes` (=disks). + + - _Type:_ `int` + - **filesystem_type**
- _Default:_ `xfs`
The type of filesystem that will be created on the logical volume. + + - _Type:_ `str` + - _Default:_ `xfs` + - **lvm_lv_name**
The name of the LVM volume.
The default name is derived from the name value of the filesystem definition entry, for example 'lv_hanalog'. + + - _Type:_ `str` + - **lvm_lv_stripe_size**
When setting up a striped volume, the stripe size can be defined.
Example format - "128K". + + - _Type:_ `str` + - **lvm_lv_stripes**
- _Default:_ `1`
Number of disks that will be configured in a striped volume.
This requires the availability of the same amount of unused disks, which must be of the size defined in `disk_size`. + + - _Type:_ `int` + _Default:_ `1` + - **lvm_vg_name**
The name of the LVM volume group.
The default name is derived from the name value of the filesystem definition entry, for example 'vg_hanalog'. + + - _Type:_ `str` + - **lvm_vg_physical_extent_size**
- _Default:_ `4`
Adjustable size of the physical extents of the volume group in LVM. + + - _Type:_ `int` + - _Default:_ `4` + - **mountpoint**
The path to where the filesystem will be mounted.
This can be left out for the definition of a swap volume. + + - _Type:_ `str` + - **name**
A name of the filesystem definition entry.
This name is used to generate volume group name and logical volume name. + + - _Type:_ `str` + - **nfs_filesystem_type**
- _Default:_ `nfs4`
The type of the NFS filesystem, for example `nfs`, `nfs4`. + + - _Type:_ `str` + - _Default:_ `nfs4` + - **nfs_mount_options**
Mount options to use for the NFS mount.
Generic default is `hard,acl`.
Defaults depend on the specific platform detected by the role or defined explicitly. + + - _Type:_ `str` + - _Default:_ `hard,acl` + - **nfs_path**
When defining an NFS filesystem, this is the directory path of the filesystem to be mounted. + + - _Type:_ `str` + - **nfs_server**
When defining an NFS filesystem, this is the address of the NFS server.
The address must contain the root path, in which the mount directories exist or will be created.
For example, `192.168.1.100:/`. + + - _Type:_ `str` + - **swap_path**
The path to the swap file.
When this option is defined for a swap filesystem definition, it will create a swap file on an existing filesystem. + - _Type:_ `str` + Example: ```yaml @@ -139,10 +239,12 @@ sap_storage_setup_definition: ### sap_storage_setup_host_type required +- _Type:_ `list` The type of service the target system is going to be configured for.
This can be a list of multiple types which apply to a single host.
If not defined, the default will be inherited from the global parameter `sap_host_type`. One of these parameters must be defined.
+Available values: `hana_primary`, `hana_secondary`, `nwas_abap_ascs`, `nwas_abap_ers`, `nwas_abap_pas`, `nwas_abap_aas`, `nwas_java_scs`, `nwas_java_ers` ### sap_storage_setup_multipath_enable_and_detect @@ -157,5 +259,4 @@ Define if multipathing should be enabled and dynamic multipath devices detected SID of the SAP service.
If not defined, the default will be inherited from the global parameter `sap_system_sid`. One of these parameters must be defined.
- - + \ No newline at end of file diff --git a/roles/sap_swpm/README.md b/roles/sap_swpm/README.md index f8a16e789..aafa3f751 100644 --- a/roles/sap_swpm/README.md +++ b/roles/sap_swpm/README.md @@ -1,236 +1,861 @@ + # sap_swpm Ansible Role + +![Ansible Lint for sap_swpm](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_swpm.yml/badge.svg) + +## Description + +The Ansible role `sap_swpm` installs various SAP Systems installable by SAP Software Provisioning Manager (SWPM). + + + +## Dependencies +- `fedora.linux_system_roles` + - Roles: + - `selinux` + +Install required collections by `ansible-galaxy install -vv -r meta/collection-requirements.yml`. + + +## Prerequisites + +Managed nodes: +- Directory with SAP Installation media is present and `sap_swpm_software_path` updated. Download can be completed using [community.sap_launchpad](https://github.com/sap-linuxlab/community). +- Ensure that servers are configured for SAP Systems. See [Recommended](#recommended) section. +- Ensure that volumes and filesystems are configured correctly. See [Recommended](#recommended) section. + +### Prepare SAP installation media +Place a valid SAPCAR executable file in a directory specified by variable `sap_swpm_sapcar_path` (e.g. /software/sapcar). Example: `SAPCAR_1300-70007716.EXE` + +Place a valid SWPM SAR file in a directory specified by variable `sap_swpm_swpm_path` (e.g. /software/sap_swpm). Example: `SWPM20SP18_3-80003424.SAR` + +Place the following files in a directory specified by variable `sap_swpm_software_path` (e.g. /software/sap_swpm_download_basket): + - For a new installation + - Download the appropriate software from SAP Software Download Center, Maintenance Planner, etc. + - For a restore or new installation + - SAP IGS - `igs*.sar` + - SAP IGS HELPER - `igshelper*sar` + - SAP Host Agent - `SAPHOSTAGENT*SAR` + - SAP Kernel DB - `SAPEXEDB_*SAR` + - SAP Kernel DB Independent - `SAPEXE_*SAR` + - SAP HANA Client - `IMDB_CLIENT*SAR` + +Alternatively, you can place all the files mentioned above into a single directory and use the role [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) to identify the required files and set the role variables automatically so that the role `sap_swpm` has access to all the files needed for a successful installation of SAP System. + -Ansible role for SAP software installation using SWPM +## Execution + + -## Requirements + +### Recommended +It is recommended to execute this role together with other roles in this collection, in the following order:
+1. [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) +2. [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) +3. [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) +4. *`sap_swpm`* -The role requires additional collections which are specified in `meta/collection-requirements.yml`. Before using this role, -make sure that the required collections are installed, for example by using the following command: +Note: For most scenarios, a database like SAP HANA must be available. Use the role [sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_install) for installing the SAP HANA database. + -`ansible-galaxy install -vv -r meta/collection-requirements.yml` +### Execution Flow + -## Scope +### Pre-Install -This role has been tested and working for the following scenarios -- One Host Installation -- Dual Host Installation -- Distributed Installation -- System Restore -- High Availability Installation +- Determine installation type + - The product id specified determines the installation type + - standard installation + - system restore + - generic product installation + - high availability installation -This role has been tested and working for the following SAP products -- SAP S/4HANA 1809, 1909, 2020, 2021 -- SAP BW/4HANA -- SAP Solution Manager 7.2 -- SAP Netweaver Business Suite Applications (ECC, GRC, etc) -- SAP Web Dispatcher +- Get SAPCAR executable filename from `sap_swpm_sapcar_path` -> The general rule is - if the installation uses SAP SWPM then this Ansible Role can be used. +- Get SWPM executable filename from `sap_swpm_swpm_path` -### SAP Preconfigure +- Get all .SAR filenames from `sap_swpm_software_path` -- Ensure the required volumes and filesystems are configured in the host. You can use the role `sap_storage_setup` to configure this. More info [here](/roles/sap_storage_setup) +- (Optional) Update `/etc/hosts` if `sap_swpm_update_etchosts` is set to `true` (Default: `false`). -- Please run the RHEL SAP System Role `sap_general_preconfigure` for initial host configuration; as necessary, also use `sap_netweaver_preconfigure` and `sap_hana_preconfigure` +- (Optional) Apply firewall rules for SAP HANA if `sap_swpm_setup_firewall` is set to `true` (Default: `false`). -- For further guidance on using SAP SWPM for different SAP Software installations, please see System Provisioning with Software Provisioning Manager (SWPM) - [User Guides for SAP SWPM 1.0](30839dda13b2485889466316ce5b39e9/c8ed609927fa4e45988200b153ac63d1.html?locale=en-US) and [User Guides for SAP SWPM 2.0](https://help.sap.com/docs/SOFTWARE_PROVISIONING_MANAGER/30839dda13b2485889466316ce5b39e9/6865029dacbe473fadd8eff339bfa568.html?locale=en-US) +- At this stage, the role is searching for a sapinst inifile on the managed node, or it will create one: -### SAP Software Installation .SAR Files + - If a file `inifile.params` is located on the managed node in the directory specified in `sap_swpm_inifile_directory`, + the role will not create a new one but rather download this file to the control node. -1. SAPCAR executable + - If such a file does *not* exist, the role will create an SAP SWPM `inifile.params` file by one of the following methods: -2. Software Provisioning Manager .SAR file - - `SWPM*.SAR` + Method 1: Predefined sections of the file `inifile_params.j2` will be used to create the file `inifile.params`. The variable `sap_swpm_inifile_sections_list` contains a list of sections which will part of the file `inifile.params`. All other sections will be ignored. The inifile parameters themselves will be set according to other role parameters. Example: The inifile parameter `archives.downloadBasket` will be set to the content of the role parameter `sap_swpm_software_path`. -3. SAP Installation files - - For New Installation - - Download appropriate software from SAP Software Download Center, Maintenance Planner, etc - - For Restore or New Installation - - SAP IGS - `igs*.sar` - - SAP IGS HELPER - `igshelper*sar` - - SAP Host Agent - `SAPHOSTAGENT*SAR` - - SAP Kernel DB - `SAPEXEDB_*SAR` - - SAP Kernel DB Independent - `SAPEXE_*SAR` - - SAP HANA Client - `IMDB_CLIENT*SAR` + Method 2: The file `inifile.params` will be configured from the content of the dictionary `sap_swpm_inifile_parameters_dict`. This dictionary is defined like in the following example: -4. SAP HANA Database MDC DB Tenant Backup (for restore) - - stored on the local disk of the machine where the SAP HANA database server will reside +``` +sap_swpm_inifile_parameters_dict: + archives.downloadBasket: /software/download_basket + NW_getFQDN.FQDN: example.com +``` - NOTE: Specific media requirements will use format `SAPINST.CD.PACKAGE. = `, and the media names can be discovered by using this command on the SWPM directory `grep -rwh " -Please check the default parameters file for more information on other parameters that can be used as an input: -- [**sap_swpm** default parameters](defaults/main.yml) +### Example + -Sample Playbooks and sample parameters are shown in the Ansible Collection `/playbooks` directory. +#### Playbook for installing a SAP ABAP ASCS instance in distributed system with [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) role +Example shows execution together with [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) role, which sets required variables for `sap_swpm` role.
+```yaml +--- +- name: Ansible Play for SAP ABAP ASCS installation in distributed system + hosts: nwas_ascs + become: true + any_errors_fatal: true + max_fail_percentage: 0 + tasks: + + - name: Execute Ansible Role sap_install_media_detect + ansible.builtin.include_role: + name: community.sap_install.sap_install_media_detect + vars: + sap_install_media_detect_swpm: true + sap_install_media_detect_hostagent: true + sap_install_media_detect_igs: true + sap_install_media_detect_kernel: true + sap_install_media_detect_webdisp: false + sap_install_media_detect_source_directory: /software + + - name: Execute Ansible Role sap_swpm + ansible.builtin.include_role: + name: community.sap_install.sap_swpm + vars: + sap_swpm_sid: AE1 + sap_swpm_virtual_hostname: ae1ascs + sap_swpm_ascs_instance_nr: "01" + sap_swpm_master_password: "Password@1" # Do not use, this is example only! + sap_swpm_ddic_000_password: "Password@1" # Do not use, this is example only! + sap_swpm_sapadm_uid: "3000" + sap_swpm_sapsys_gid: "3001" + sap_swpm_sidadm_uid: "3001" + sap_swpm_product_catalog_id: NW_ABAP_ASCS:NW750.HDB.ABAPHA + sap_swpm_inifile_sections_list: + - swpm_installation_media + - swpm_installation_media_swpm1 + - credentials + - credentials_hana + - db_config_hana + - db_connection_nw_hana + - nw_config_other + - nw_config_central_services_abap + - nw_config_primary_application_server_instance + - nw_config_ports + - nw_config_host_agent + - sap_os_linux_user + + sap_swpm_role_parameters_dict: + sap_swpm_install_saphostagent: 'true' +``` -The Ansible Collection `/playbooks` directory includes sample playbooks for using the `sap_swpm` Ansible Role in the following 'modes': -- Default -- Default Templates -- Advanced -- Advanced Templates -- Inifile Reuse + -The Ansible Collection `/playbooks/vars` directory includes sample variable files for: -- `sap_swpm` 'Default mode' to generate inifile.params of... - - SAP BW/4HANA OneHost - - SAP S/4HANA Distributed - ASCS, DBCI, ERS, PAS - - SAP S/4HANA OneHost - - SAP S/4HANA System Copy OneHost - - SAP Solution Manager (ABAP) - - SAP Solution Manager (JAVA) - - SAP Web Dispatcher - - SAP System Rename -- `sap_swpm` 'Default Templates mode' to generate inifile.params of... - - SAP S/4HANA OneHost - - SAP S/4HANA System Copy OneHost - - SAP System Rename -- `sap_swpm` 'Advanced mode' to generate inifile.params of... - - SAP S/4HANA OneHost -- `sap_swpm` 'Advanced Templates mode' to generate inifile.params of... - - SAP BW/4HANA OneHost - - SAP S/4HANA Distributed - ASCS, DBCI, ERS, PAS - - SAP S/4HANA OneHost - - SAP S/4HANA System Copy OneHost - - SAP Solution Manager (ABAP) - - SAP Solution Manager (JAVA) - - SAP Web Dispatcher - - SAP System Rename -- `sap_swpm` 'Inifile Reuse mode' inifile.params file for... - - SAP S/4HANA OneHost - -NOTE: these are only sample files, they are meant to be edited by the user before execution and do not cover all scenarios possible (the Ansible Role can execute ant SAP SWPM installation) + +### Role Tags +With the following tags, the role can be called to perform certain activities only: +- tag `sap_swpm_generate_inifile`: Only create the sapinst inifile, without running most of the preinstall steps. + This can be useful for checking if the inifile is created as desired. +- tag `sap_swpm_sapinst_commandline`: Only show the sapinst command line. +- tag `sap_swpm_pre_install`: Perform all preinstallation steps, then exit. +- tag `sap_swpm_setup_firewall`: Only perform the firewall preinstallation settings (but only if variable `sap_swpm_setup_firewall` is set to `true`). +- tag `sap_swpm_update_etchosts`: Only update file `/etc/hosts` (but only if variable `sap_swpm_update_etchosts` is set to `true`). + -## Execution +## License + +Apache 2.0 + + +## Maintainers + +- [Bernd Finger](https://github.com/berndfinger) +- [Sean Freeman](https://github.com/seanfreeman) + + +## Role Variables + +**NOTE: Discontinued variables:** +- `sap_swpm_ansible_role_mode` -Sample Ansible Playbook Execution +### Variables for creating sapinst inifile -- Local Host Installation - - `ansible-playbook --connection=local --limit localhost -i "localhost," sap-swpm.yml -e "@inputs/S4H.install"` +#### sap_swpm_run_sapinst +- _Type:_ `bool` +- _Default:_ `true` -- Target Host Installation - - `ansible-playbook -i "" sap-swpm.yml -e "@inputs/S4H.install"` +Set to `false` to disable execution of sapinst after creation of inifile. -### Sample Playbook +### Variables for controlling contents of inifile + +#### sap_swpm_inifile_sections_list +- _Type:_ `list` +- _Default:_ ```yaml ---- -- hosts: all - become: true - roles: - - { role: sap_swpm } +sap_swpm_inifile_sections_list: + - swpm_installation_media + - swpm_installation_media_swpm2_hana + - credentials + - credentials_hana + - db_config_hana + - db_connection_nw_hana + - db_restore_hana + - nw_config_other + - nw_config_central_services_abap + - nw_config_primary_application_server_instance + - nw_config_ports + - nw_config_host_agent + - sap_os_linux_user ``` -## Execution Flow +Define list of sections that will be used to control parameters added into sapinst inifile. +Available values: +```yaml +sap_swpm_inifile_sections_list: + - swpm_installation_media + - swpm_installation_media_swpm2_hana + - swpm_installation_media_swpm1 + - swpm_installation_media_swpm1_exportfiles + - swpm_installation_media_swpm1_ibmdb2 + - swpm_installation_media_swpm1_oracledb_121 + - swpm_installation_media_swpm1_oracledb_122 + - swpm_installation_media_swpm1_oracledb_19 + - swpm_installation_media_swpm1_sapase + - swpm_installation_media_swpm1_sapmaxdb + - maintenance_plan_stack_tms_config + - maintenance_plan_stack_tms_transports + - maintenance_plan_stack_spam_config + - maintenance_plan_stack_sum_config + - maintenance_plan_stack_sum_10_batch_mode + - credentials + - credentials_hana + - credentials_anydb_ibmdb2 + - credentials_anydb_oracledb + - credentials_anydb_sapase + - credentials_anydb_sapmaxdb + - credentials_nwas_ssfs + - credentials_hdbuserstore + - db_config_hana + - db_config_anydb_all + - db_config_anydb_ibmdb2 + - db_config_anydb_oracledb + - db_config_anydb_oracledb_121 + - db_config_anydb_oracledb_122 + - db_config_anydb_oracledb_19 + - db_config_anydb_sapase + - db_config_anydb_sapmaxdb + - db_connection_nw_hana + - db_connection_nw_anydb_ibmdb2 + - db_connection_nw_anydb_oracledb + - db_connection_nw_anydb_sapase + - db_restore_hana + - nw_config_anydb + - nw_config_other + - nw_config_central_services_abap + - nw_config_central_services_java + - nw_config_primary_application_server_instance + - nw_config_additional_application_server_instance + - nw_config_ers + - nw_config_ports + - nw_config_java_ume + - nw_config_java_feature_template_ids + - nw_config_java_icm_credentials + - nw_config_webdisp_generic + - nw_config_webdisp_gateway + - nw_config_host_agent + - nw_config_post_load_abap_reports + - nw_config_livecache + - nw_config_sld + - nw_config_abap_language_packages + - sap_os_linux_user +``` -### Pre-Install -- Determine installation type - - The product id specified determines the installation type - - standard installation - - system restore - - generic product installation - - high availability installation +### Variables to define software paths -- Get SAPCAR executable filename from `sap_swpm_sapcar_path` +#### sap_swpm_sapcar_path +- _Type:_ `string` -- Get SWPM executable filename from `sap_swpm_swpm_path` +Define path to directory with SAPCAR file. -- Get all .SAR filenames from `sap_swpm_software_path` +#### sap_swpm_sapcar_file_name +- _Type:_ `string` -- Update `/etc/hosts` (optional - yes by default) +(Optional) Define name of SAPCAR file, or leave for auto-detection. -- Apply firewall rules for SAP HANA (optional - no by default) +#### sap_swpm_swpm_path +- _Type:_ `string` -- Process SAP SWPM `inifile.params` based on inputs +Define path to directory with SWPM. -### SAP SWPM +#### sap_swpm_swpm_sar_file_name +- _Type:_ `string` -- Execute SWPM +(Optional) Define name of SWPM file, or leave for auto-detection. -### Post-Install +#### sap_swpm_software_extract_directory +- _Type:_ `string` -- Set expiry of Unix created users to 'never' +(Optional) Define path to directory with unpacked SWPM file. -- Apply firewall rules for SAP NW (optional - no by default) +#### sap_swpm_software_use_media +- _Type:_ `bool` +- _Default:_ `false` +Set to `true` to use SAP Media files instead of SAR files.
+- SWPM2 (New SAP products like S4H, BW4H) uses SAR files.
+- SWPM1 (Older SAP products) use CD Media files. -## Execution Modes +#### sap_swpm_inifile_directory +- _Type:_ `string` -Every SAP Software installation via SAP Software Provisioning Manager (SWPM) is possible, there are different Ansible Role execution modes available: +Define directory where sapinst inifile will be stored. -- Default (`sap_swpm_templates_product_input: default`), run software install tasks using easy Ansible Variable to generate SWPM Unattended installations - - Default Templates (`sap_swpm_templates_product_input: default_templates`), optional use of templating definitions for repeated installations -- Advanced (`sap_swpm_templates_product_input: advanced`), run software install tasks with Ansible Variables one-to-one matched to SWPM Unattended Inifile parameters to generate bespoke SWPM Unattended installations - - Advanced Templates (`sap_swpm_templates_product_input: advanced_templates`), optional use of templating definitions for repeated installations -- Inifile Reuse (`sap_swpm_templates_product_input: inifile_reuse`), run previously-defined installations with an existing SWPM Unattended inifile.params +#### sap_swpm_install_saphostagent +- _Type:_ `bool` +- _Default:_ `true` -### Default Templates mode variables +Set to `false` to disable installation of SAP Hostagent. **Not recommended** -Example using all inifile list parameters with the Default Templates mode to install SAP ECC EhP8 on IBM Db2: -``` -sap_swpm_ansible_role_mode: default_templates -sap_swpm_templates_product_input: default_templates - -sap_swpm_templates_install_dictionary: - - template_name_ecc_ehp8_ibmdb2: - - sap_swpm_product_catalog_id: NW_ABAP_OneHost:BS2016.ERP608.DB6.PD - sap_swpm_inifile_dictionary: - sap_swpm_sid: - ... - sap_swpm_inifile_list: - - swpm_installation_media - - swpm_installation_media_swpm1 - - swpm_installation_media_swpm1_exportfiles - - swpm_installation_media_swpm1_ibmdb2 - - sum_config - - credentials - - credentials_anydb_ibmdb2 - - db_config_anydb_all - - db_config_anydb_ibmdb2 - - db_connection_nw_anydb_ibmdb2 - - nw_config_anydb - - nw_config_other - - nw_config_central_services_abap - # - nw_config_central_services_java - - nw_config_primary_application_server_instance - - nw_config_ports - - nw_config_host_agent - # - nw_config_post_abap_reports - - sap_os_linux_user -``` +### Variables specific to SAP Netweaver -## Tags +#### sap_swpm_product_catalog_id +- _Type:_ `string` -With the following tags, the role can be called to perform certain activities only: -- tag `sap_swpm_generate_inifile`: Only create the sapinst inifile. This can be useful for checking if the inifile is created as desired. -- tag `sap_swpm_sapinst_commandline`: Only show the sapinst command line. -- tag `sap_swpm_pre_install`: Perform all preinstallation steps, then exit. -- tag `sap_swpm_setup_firewall`: Only perform the firewall preinstallation settings (but only if variable `sap_swpm_setup_firewall` is set to `true`). -- tag `sap_swpm_update_etchosts`: Only update file `/etc/hosts` (but only if variable `sap_swpm_update_etchosts` is set to `true`). +Define SWPM Product catalog ID for installation. Example for SAP ASCS Netweaver: `NW_ABAP_ASCS:NW750.HDB.ABAPHA`. -## License +#### sap_swpm_sid +- _Type:_ `string` + +Define SAP System ID (SID) for installation. + +#### sap_swpm_ascs_instance_nr +- _Type:_ `string` + +Define SAP Netweaver ABAP Central Services (ASCS) instance number. + +#### sap_swpm_ascs_instance_hostname +- _Type:_ `string` + +Define SAP Netweaver ABAP Central Services (ASCS) hostname. + +#### sap_swpm_ers_instance_nr +- _Type:_ `string` + +Define SAP Netweaver Enqueue Replication Server (ERS) instance number. + +#### sap_swpm_ers_instance_hostname +- _Type:_ `string` + +Define SAP Netweaver Enqueue Replication Server (ERS) hostname. + +#### sap_swpm_pas_instance_nr +- _Type:_ `string` + +Define SAP Netweaver Primary Application Server (PAS) instance number. + +#### sap_swpm_pas_instance_hostname +- _Type:_ `string` + +Define SAP Netweaver Primary Application Server (PAS) hostname. + +#### sap_swpm_aas_instance_nr +- _Type:_ `string` + +Define SAP Netweaver Additional Application Server (AAS) instance number. + +#### sap_swpm_aas_instance_hostname +- _Type:_ `string` + +Define SAP Netweaver Additional Application Server (AAS) hostname. + +#### sap_swpm_java_scs_instance_nr +- _Type:_ `string` + +Define SAP Netweaver JAVA Central Services (SCS) instance number. + +#### sap_swpm_java_scs_instance_hostname +- _Type:_ `string` + +Define SAP Netweaver JAVA Central Services (SCS) hostname. + +#### sap_swpm_master_password +- _Type:_ `string` + +Define master password used for all users created during SWPM execution. + +#### sap_swpm_ddic_000_password +- _Type:_ `string` + +Define DDIC user password in client 000 for new install, or existing for restore. + +#### sap_swpm_virtual_hostname +- _Type:_ `string` + +Define virtual hostname when installing High Available instances (e.g. SAP ASCS/ERS cluster). +The role attempts to resolve `sap_swpm_virtual_hostname` on the managed node, using DNS and /etc/hosts, and will fail +if this hostname resolution fails. The role will also fail if the IPv4 address for `sap_swpm_virtual_hostname` is +not part of the IPv4 addresses of the managed node. + +### Variables specific to SAP HANA Database Installation + +#### sap_swpm_db_ip +- _Type:_ `string` + +Define IP Address of database host for /etc/hosts update. + +#### sap_swpm_db_fqdn +- _Type:_ `string` + +Define FQDN of database host for /etc/hosts update. + +#### sap_swpm_db_host +- _Type:_ `string` + +Define hostname of database host for /etc/hosts update. + +#### sap_swpm_db_sid +- _Type:_ `string` + +Define database ID (SID). + +#### sap_swpm_db_instance_nr +- _Type:_ `string` + +Define database instance number. + +#### sap_swpm_db_system_password +- _Type:_ `string` + +Define database SYSTEM user password. + +#### sap_swpm_db_systemdb_password +- _Type:_ `string` + +Define database SYSTEMDB user password. + +#### sap_swpm_db_sidadm_password +- _Type:_ `string` + +Define database sidadm user password. + +#### sap_swpm_db_schema_abap +- _Type:_ `string` + +Define ABAP database schema name based on database type:
+- `SAPHANADB` for SAP HANA +- `ABAP` or `SAPABAP1` on IBM Db2 +- `SAPSR3` on Oracle DB + +#### sap_swpm_db_schema_abap_password +- _Type:_ `string` + +Define ABAP database schema password for new installation or restore from backup. + +#### sap_swpm_db_schema_java +- _Type:_ `string` + +Define JAVA database schema name. + +#### sap_swpm_db_schema_java_password +- _Type:_ `string` + +Define JAVA database schema password for new installation or restore from backup. + +#### sap_swpm_db_schema +- _Type:_ `string` + +#### sap_swpm_db_schema_password: +- _Type:_ `string` + + +### Variables specific to SAP JAVA UME + +#### sap_swpm_ume_client_nr +- _Type:_ `string` +- _Default:_ `000` + +Define client number of JAVA UME. + +#### sap_swpm_ume_type +- _Type:_ `string` + +Define type of JAVA UME. + +#### sap_swpm_ume_instance_nr +- _Type:_ `string` +- _Default:_ `{{ sap_swpm_pas_instance_nr }}` + +Define instance number of JAVA UME. + +#### sap_swpm_ume_j2ee_admin_password +- _Type:_ `string` + +Define admin password for JAVA UME. + +#### sap_swpm_ume_j2ee_guest_password +- _Type:_ `string` + +Define guest password for JAVA UME. + +#### sap_swpm_ume_sapjsf_password +- _Type:_ `string` + +Define sapjsf password for JAVA UME. + +#### sap_swpm_ume_instance_hostname +- _Type:_ `string` + +Define instance hostname of JAVA UME. + + +### Variables specific to SAP HANA Database Restore + +#### sap_swpm_backup_location +- _Type:_ `string` + +Define directory with SAP HANA Backup files. + +#### sap_swpm_backup_prefix +- _Type:_ `string` + +Define prefix of SAP HANA Backup files. + +#### sap_swpm_backup_system_password +- _Type:_ `string` + +Define SAP HANA SYSTEM password from source database. + + +### Variables specific to SAP Web Dispatcher + +#### sap_swpm_wd_instance_nr +- _Type:_ `string` + +Define instance number of SAP Web Dispatcher. + +#### sap_swpm_wd_system_connectivity +- _Type:_ `bool` +- _Default:_ `false` + +Set to `true` to set parameter `configureSystemConnectivity` to true during installation. + +#### sap_swpm_wd_activate_icf +- _Type:_ `bool` +- _Default:_ `false` + +Set to `true` to activate ICF. + +#### sap_swpm_wd_backend_sid +- _Type:_ `string` + +Define backend SID for SAP Web Dispatcher connection. + +#### sap_swpm_wd_backend_ms_http_port +- _Type:_ `string` + +Define backend message server HTTP port for SAP Web Dispatcher connection. + +#### sap_swpm_wd_backend_ms_host +- _Type:_ `string` + +Define backend message server hostname for SAP Web Dispatcher connection. + +#### sap_swpm_wd_backend_rfc_host +- _Type:_ `string` + +Define backend hostname for SAP Web Dispatcher RFC connection. + +#### sap_swpm_wd_backend_rfc_instance_nr +- _Type:_ `string` + +Define backend instance number for SAP Web Dispatcher RFC connection. + +#### sap_swpm_wd_backend_rfc_client_nr +- _Type:_ `string` +- _Default:_ `000` + +Define backend SAP client for SAP Web Dispatcher RFC connection. + +#### sap_swpm_wd_backend_rfc_user +- _Type:_ `string` +- _Default:_ `DDIC` + +Define backend SAP user for SAP Web Dispatcher RFC connection. + +#### sap_swpm_wd_backend_rfc_user_password +- _Type:_ `string` + +Define password for backend SAP user for SAP Web Dispatcher RFC connection. + +#### sap_swpm_wd_backend_scenario_size +- _Type:_ `string` + +Define to set parameter `scenarioSize` during installation. + +#### sap_swpm_wd_virtual_host +- _Type:_ `string` + +Define virtual hostname of SAP Web Dispatcher. + + +### Variables for Linux User + +#### sap_swpm_sapadm_password +- _Type:_ `string` + +Define password for Linux user SAPADM. + +#### sap_swpm_sap_sidadm_password +- _Type:_ `string` + +Define password for Linux user SIDADM. + +#### sap_swpm_sapadm_uid +- _Type:_ `string` + +Define UID of Linux user SAPADM. + +#### sap_swpm_sapsys_gid +- _Type:_ `string` + +Define GID of Linux group SAPSYS. + +#### sap_swpm_sidadm_uid +- _Type:_ `string` + +Define UID of Linux user SIDADM. + + +### Miscellaneous Variables + +#### sap_swpm_ascs_install_gateway +- _Type:_ `string` +- _Default:_ `true` + +Enable to install gateway as part of ASCS installation. + +#### sap_swpm_parallel_jobs_nr +- _Type:_ `string` +- _Default:_ `23` + +Define to limit number of parallel extraction SAP HANA jobs. + +#### sap_swpm_diagnostics_agent_password +- _Type:_ `string` + +Define password for Diagnostic Agent. + +#### sap_swpm_igs_path +- _Type:_ `string` +- _Default:_ `{{ sap_swpm_software_path }}` + +Define individual path for SAP IGS file. `sap_swpm_software_path` is used by default. + +#### sap_swpm_igs_file_name +- _Type:_ `string` + +Define individual name of SAP IGS file. Newest file is auto-detected in `sap_swpm_igs_path`. + +#### sap_swpm_igs_helper_path +- _Type:_ `string` +- _Default:_ `{{ sap_swpm_software_path }}` + +Define individual path for SAP IGS Helper file. `sap_swpm_software_path` is used by default. + +#### sap_swpm_igs_helper_file_name +- _Type:_ `string` + +Define individual name of SAP IGS Helper file. Newest file is auto-detected in `sap_swpm_igs_helper_path`. + +#### sap_swpm_kernel_dependent_path +- _Type:_ `string` +- _Default:_ `{{ sap_swpm_software_path }}` + +Define individual path for Database dependent kernel files. `sap_swpm_software_path` is used by default. + +#### sap_swpm_kernel_dependent_file_name +- _Type:_ `string` + +Define individual name of Database dependent kernel file. Newest file is auto-detected in `sap_swpm_kernel_dependent_path`. + +#### sap_swpm_kernel_independent_path +- _Type:_ `string` +- _Default:_ `{{ sap_swpm_software_path }}` + +Define individual path for Database independent kernel files. `sap_swpm_software_path` is used by default. + +#### sap_swpm_kernel_independent_file_name +- _Type:_ `string` + +Define individual name of Database independent kernel file. Newest file is auto-detected in `sap_swpm_kernel_independent_path`. + +#### sap_swpm_web_dispatcher_path +- _Type:_ `string` +- _Default:_ `{{ sap_swpm_software_path }}` + +Define individual path for SAP Web Dispatcher files. `sap_swpm_software_path` is used by default. + +#### sap_swpm_web_dispatcher_file_name +- _Type:_ `string` + +Define individual name of SAP Web Dispatcher file. Newest file is auto-detected in `sap_swpm_web_dispatcher_path`. + +#### sap_swpm_fqdn +- _Type:_ `string` + +Define FQDN for SAP Installation. + +#### sap_swpm_set_fqdn +- _Type:_ `bool` +- _Default:_ `true` + +Set to `false` to disable enabling of FQDN during SWPM. + +#### sap_swpm_use_password_file +- _Type:_ `string` +- _Default:_ `n` + +Set to `y` to use encrypted password file for SWPM execution.
Location has to be same as parameter file location. + +#### sap_swpm_password_file_path +- _Type:_ `string` + +Define path to encrypted password file, used when `sap_swpm_use_password_file` is set to `y`. + +#### sap_swpm_use_livecache +- _Type:_ `bool` +- _Default:_ `false` + +Enable to use Livecache + +#### sap_swpm_load_type +- _Type:_ `string` +- _Default:_ `SAP` + +Define load type parameter `loadType`. + +#### sap_swpm_generic +- _Type:_ `bool` +- _Default:_ `false` + +Set to `true` to execute `sap_swpm` role in generic auto-detection mode, ignoring steps for individual detection. + +#### sap_swpm_swpm_installation_type +- _Type:_ `string` + +Define installation type method. Available types: `restore`, `ha`, `maint_plan_stack`, `ha_maint_plan_stack`.
+Installation type is auto-detected from `sap_swpm_product_catalog_id`. + +#### sap_swpm_swpm_command_virtual_hostname +- _Type:_ `string` + +Define to override default virtual hostname `sap_swpm_virtual_hostname` sapinst command used for HA installation. + +#### sap_swpm_swpm_command_mp_stack +- _Type:_ `string` + +Define to override default sapinst command parameter for Maintenance Plan stack file. + +#### sap_swpm_setup_firewall +- _Type:_ `bool` +- _Default:_ `false` + +Set to `true` to configure firewall after SWPM execution. + +#### sap_swpm_update_etchosts +- _Type:_ `bool` +- _Default:_ `false` + +Set to `true` to to update `/etc/hosts` file with SAP system details for SWPM execution. + +#### sap_swpm_display_unattended_output +- _Type:_ `bool` +- _Default:_ `false` + +Set to `true` to display what sapinst command is being executed. + + +### Variables for setting owner, group, and permissions for the SAP files in `sap_swpm_software_path` + +#### sap_swpm_set_file_permissions +- _Type:_ `bool` +- _Default:_ `true` + +Set to `false` to not change the owner, group, and permissions of the files in `sap_swpm_software_path`. + +#### sap_swpm_software_directory_mode +- _Type:_ `string` +- _Default:_ `0755` + +Set permissions for all directories in `sap_swpm_software_path`. + +#### sap_swpm_software_directory_owner +- _Type:_ `string` +- _Default:_ `root` + +Set owner for all directories in `sap_swpm_software_path`. + +#### sap_swpm_software_directory_group +- _Type:_ `string` +- _Default:_ `root` + +Set group ownership for all directories in `sap_swpm_software_path`. + +#### sap_swpm_files_sapcar_mode +- _Type:_ `string` +- _Default:_ `0755` + +Set permissions for SAPCAR file in `sap_swpm_sapcar_path`. + +#### sap_swpm_files_sapcar_owner +- _Type:_ `string` +- _Default:_ `root` + +Set owner for SAPCAR file in `sap_swpm_sapcar_path`. + +#### sap_swpm_files_sapcar_group +- _Type:_ `string` +- _Default:_ `root` + +Set group ownership for SAPCAR file in `sap_swpm_sapcar_path`. + +#### sap_swpm_files_non_sapcar_mode +- _Type:_ `string` +- _Default:_ `0644` + +Set permissions for all non-SAPCAR files in `sap_swpm_software_path` and for SWPM*.SAR files in `sap_swpm_swpm_path`. + +#### sap_swpm_files_non_sapcar_owner +- _Type:_ `string` +- _Default:_ `root` -Apache license 2.0 +Set owner for all non-SAPCAR files in `sap_swpm_software_path` and for SWPM*.SAR files in `sap_swpm_swpm_path`. -## Author Information +#### sap_swpm_files_non_sapcar_group +- _Type:_ `string` +- _Default:_ `root` -IBM Lab for SAP Solutions, Red Hat for SAP Community of Practice, Jason Masipiquena, Sean Freeman, Bernd Finger, Markus Koch +Set group ownership for all non-SAPCAR files in `sap_swpm_software_path` and for SWPM*.SAR files in `sap_swpm_swpm_path`. + diff --git a/roles/sap_swpm/defaults/main.yml b/roles/sap_swpm/defaults/main.yml index 5ab134ff8..45d31984d 100644 --- a/roles/sap_swpm/defaults/main.yml +++ b/roles/sap_swpm/defaults/main.yml @@ -5,7 +5,8 @@ # SWPM Ansible Role variables ######################################## -sap_swpm_ansible_role_mode: "default" +# We do not use role modes any more: +# sap_swpm_ansible_role_mode: "default" # default # default_templates # advanced @@ -45,22 +46,21 @@ sap_swpm_files_non_sapcar_group: root ######################################## # SWPM Ansible Role variables -# for Inifile Reuse, Advanced, and Defaults/Advanced Templates Mode +# for creating the sapinst inifile ######################################## +# Have the role run the sapinst command with an existing inifile or after creating the inifile: +sap_swpm_run_sapinst: true + # Inifile Reuse Mode sap_swpm_inifile_reuse_source: sap_swpm_inifile_reuse_destination: -# Advanced Mode -#sap_swpm_inifile_custom_values_dictionary: +#sap_swpm_inifile_parameters_dict: # archives.downloadBasket: /software/download_basket # NW_getFQDN.FQDN: poc.cloud ## add.additional.parameters: '' -# Default/Advanced Templates Mode -#sap_swpm_templates_product_input: "" - ######################################## # SWPM Ansible Role variables @@ -68,7 +68,7 @@ sap_swpm_inifile_reuse_destination: # - List of inifile parameters to generate ######################################## -sap_swpm_inifile_list: +sap_swpm_inifile_sections_list: - swpm_installation_media - swpm_installation_media_swpm2_hana # - swpm_installation_media_swpm1 @@ -139,7 +139,8 @@ sap_swpm_inifile_list: ######################################## # SAP product that will be installed and passed as argument to the sapinst installer, example 'NW_ABAP_OneHost:S4HANA2020.CORE.HDB.ABAP' -sap_swpm_product_catalog_id: +# Needs to be defined in the playbook or inventory or can be determined from an existing inifile.params file. +#sap_swpm_product_catalog_id: # SAPCAR path and file name, only path is mandatory. The script will automatically get file_name sap_swpm_sapcar_path: @@ -153,10 +154,10 @@ sap_swpm_software_extract_directory: # e.g. /software/sap_swpm_extracted # Note: # When using SWPM2 (for modern SAP products such as S/4 B/4), using .SAR files is recommended - param value should be false # When using SWPM1 (for older SAP products), using CD Media is the only choice - param value should be true -sap_swpm_software_use_media: 'false' +sap_swpm_software_use_media: false # Main path that this role will look for .SAR files -sap_swpm_software_path: +#sap_swpm_software_path: /software/sapfiles ## This directory path should include these files: ## - igs*sar ## - igshelper*sar @@ -165,6 +166,10 @@ sap_swpm_software_path: ## - IMDB_CLIENT*SAR ## - SAPHOSTAGENT*SAR +# Directory in which a sapinst inifile which is to be used by the role can be stored: +sap_swpm_inifile_directory: '/software/sap_swpm/inifiles' +#sap_swpm_local_inifile_directory: '/tmp/inifiles' + # SWPM1 - paths that this role will look for CD Media software sap_swpm_cd_export_pt1_path: sap_swpm_cd_export_pt2_path: @@ -185,12 +190,12 @@ sap_swpm_ibmdb2_unpack_path: "/db2/db2{{ sap_swpm_db_sid | lower }}/db2_software sap_swpm_mp_stack_path: sap_swpm_mp_stack_file_name: # SUM -sap_swpm_sum_prepare: 'false' -sap_swpm_sum_start: 'false' +sap_swpm_sum_prepare: false +sap_swpm_sum_start: false sap_swpm_sum_batch_file: -sap_swpm_spam_update: 'false' +sap_swpm_spam_update: false sap_swpm_spam_update_sar: -sap_swpm_configure_tms: 'true' +sap_swpm_configure_tms: true sap_swpm_tmsadm_password: sap_swpm_tms_tr_files_path: # --- Experimental --- # @@ -205,7 +210,7 @@ sap_swpm_swpm_observer_mode: false sap_swpm_swpm_remote_access_user: # --- Experimental - SWPM Observer mode --- # -sap_swpm_install_saphostagent: 'true' +sap_swpm_install_saphostagent: true ######################################## @@ -231,12 +236,17 @@ sap_swpm_java_scs_instance_hostname: "" sap_swpm_master_password: # New Install - define DDIC 000 password -# Restore - DDIC 000 password from backup +# If not set, DDIC will be set to the master password +# Restore - DDIC 000 password from sap_swpm_ddic_000_password: +# New Install - define SAP* 000 password +# If not set, SAP* will be set to the master password +sap_swpm_sapstar_000_password: + # initial = not an HA setup # set this in the input file when installing ascs, ers to indicate an HA setup -sap_swpm_virtual_hostname: "initial" +sap_swpm_virtual_hostname: ######################################## @@ -352,7 +362,7 @@ sap_swpm_backup_prefix: sap_swpm_backup_system_password: # ASCS Install Gateway -sap_swpm_ascs_install_gateway: "true" +sap_swpm_ascs_install_gateway: true ######################################## @@ -363,8 +373,8 @@ sap_swpm_ascs_install_gateway: "true" sap_swpm_wd_instance_nr: -sap_swpm_wd_system_connectivity: 'false' -sap_swpm_wd_activate_icf: 'false' +sap_swpm_wd_system_connectivity: false +sap_swpm_wd_activate_icf: false sap_swpm_wd_backend_sid: sap_swpm_wd_backend_ms_http_port: sap_swpm_wd_backend_ms_host: @@ -417,18 +427,18 @@ sap_swpm_kernel_independent_file_name: sap_swpm_web_dispatcher_path: sap_swpm_web_dispatcher_file_name: sap_swpm_fqdn: -sap_swpm_set_fqdn: "true" +sap_swpm_set_fqdn: true # If the template to use already has the passwords and they are encrypted the password file must be in the same path as the parameter file -sap_swpm_use_password_file: "n" +sap_swpm_use_password_file: false sap_swpm_password_file_path: -sap_swpm_use_livecache: "false" +sap_swpm_use_livecache: false sap_swpm_ddic_001_password: sap_swpm_load_type: 'SAP' -sap_swpm_generic: 'false' +sap_swpm_generic: false # SWPM sap_swpm_swpm_installation_type: "" @@ -437,10 +447,10 @@ sap_swpm_swpm_command_virtual_hostname: "" sap_swpm_swpm_command_mp_stack: "" # Firewall setup -sap_swpm_setup_firewall: 'false' +sap_swpm_setup_firewall: false # Update /etc/hosts -sap_swpm_update_etchosts: 'false' +sap_swpm_update_etchosts: false # Display SAP SWPM Unattended Mode output (sapinst stdout) sap_swpm_display_unattended_output: false diff --git a/roles/sap_swpm/requirements.yml b/roles/sap_swpm/requirements.yml deleted file mode 100644 index 57520f357..000000000 --- a/roles/sap_swpm/requirements.yml +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- -collections: - - name: https://github.com/ansible-collections/community.general - type: git - version: main diff --git a/roles/sap_swpm/tasks/main.yml b/roles/sap_swpm/tasks/main.yml index aa784ef91..a35c3967d 100644 --- a/roles/sap_swpm/tasks/main.yml +++ b/roles/sap_swpm/tasks/main.yml @@ -9,8 +9,10 @@ - name: SAP SWPM - run swpm ansible.builtin.import_tasks: swpm.yml + when: sap_swpm_run_sapinst tags: - sap_swpm_install - name: SAP SWPM - run postinstall task ansible.builtin.import_tasks: post_install.yml + when: sap_swpm_run_sapinst diff --git a/roles/sap_swpm/tasks/post_install.yml b/roles/sap_swpm/tasks/post_install.yml index 935ed0571..65fba3cf0 100644 --- a/roles/sap_swpm/tasks/post_install.yml +++ b/roles/sap_swpm/tasks/post_install.yml @@ -17,7 +17,7 @@ - name: SAP SWPM Post Install - Firewall Setup ansible.builtin.include_tasks: post_install/firewall.yml when: - - "sap_swpm_setup_firewall | bool" + - sap_swpm_setup_firewall ######################################################################################################################## diff --git a/roles/sap_swpm/tasks/pre_install.yml b/roles/sap_swpm/tasks/pre_install.yml index 9907a412a..9d406993f 100644 --- a/roles/sap_swpm/tasks/pre_install.yml +++ b/roles/sap_swpm/tasks/pre_install.yml @@ -1,45 +1,165 @@ # SPDX-License-Identifier: Apache-2.0 --- +- name: SAP SWPM Pre Install - Define 'sap_swpm_inifile_sections_list' from 'sap_swpm_inifile_list' if necessary + ansible.builtin.set_fact: + sap_swpm_inifile_sections_list: "{{ sap_swpm_inifile_list }}" + when: + - sap_swpm_inifile_sections_list is undefined + - sap_swpm_inifile_list is defined + tags: always + +- name: SAP SWPM Pre Install - Define 'sap_swpm_inifile_parameters_dict' from 'sap_swpm_inifile_custom_values_dictionary' if necessary + ansible.builtin.set_fact: + sap_swpm_inifile_parameters_dict: "{{ sap_swpm_inifile_custom_values_dictionary }}" + when: + - sap_swpm_inifile_parameters_dict is undefined + - sap_swpm_inifile_custom_values_dictionary is defined + tags: always + +# Note: Variable definitions in sap_swpm_templates_install_dictionary will overwrite existing top level definitions. +- name: SAP SWPM Pre Install - Define variables from 'sap_swpm_templates_install_dictionary' if present + when: sap_swpm_templates_install_dictionary is defined + tags: always + block: + + - name: SAP SWPM Pre Install - Display 'sap_swpm_templates_product_input' + ansible.builtin.debug: + msg: + - "sap_swpm_templates_product_input: >{{ sap_swpm_templates_product_input }}<" + ignore_errors: true + + - name: SAP SWPM Pre Install - Fail if 'sap_swpm_inifile_sections_list' and 'sap_swpm_inifile_list' are both defined in the dict + ansible.builtin.fail: + msg: + - "FAIL: In 'sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]', both" + - "'sap_swpm_inifile_sections_list' and 'sap_swpm_inifile_list' are defined!" + - "Only one of these variables may be defined in 'sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]'." + when: + - sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_sections_list'] is defined + - sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_list'] is defined + + - name: SAP SWPM Pre Install - Fail if 'sap_swpm_inifile_parameters_dict' and 'sap_swpm_inifile_custom_values_dictionary' are both defined in the dict + ansible.builtin.fail: + msg: + - "FAIL: In 'sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]', both" + - "'sap_swpm_inifile_parameters_dict', and 'sap_swpm_inifile_custom_values_dictionary', are defined!" + - "Only one of these variables may be defined in 'sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]'." + when: + - sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_parameters_dict'] is defined + - sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_custom_values_dictionary'] is defined + +# Unconditionally define sap_swpm_product_catalog_id from low level member. + - name: SAP SWPM Pre Install - Define 'sap_swpm_product_catalog_id' from low level member with the same name + ansible.builtin.set_fact: +# sap_swpm_product_catalog_id: "{{ sap_swpm_product_catalog_id | +# d(sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_product_catalog_id']) }}" + sap_swpm_product_catalog_id: "{{ sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_product_catalog_id'] }}" + when: sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_product_catalog_id'] is defined + + - name: SAP SWPM Pre Install - Display 'sap_swpm_product_catalog_id' + ansible.builtin.debug: + msg: "sap_swpm_product_catalog_id: >{{ sap_swpm_product_catalog_id }}<" + +# Unconditionally define sap_swpm_inifile_sections_list from low level member. + - name: SAP SWPM Pre Install - Define 'sap_swpm_inifile_sections_list' from low level member + ansible.builtin.set_fact: + sap_swpm_inifile_sections_list: "{{ sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_list'] | + d(sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_sections_list']) }}" + when: sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_list'] is defined or + sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_sections_list'] is defined + +# Define sap_swpm_role_parameters_dict from low level member. + - name: SAP SWPM Pre Install - Define 'sap_swpm_role_parameters_dict' from low level member + ansible.builtin.set_fact: + sap_swpm_role_parameters_dict: "{{ sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_dictionary'] | + d(sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_role_parameters_dict']) }}" + when: sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_dictionary'] is defined or + sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_role_parameters_dict'] is defined + + - name: SAP SWPM Pre Install - Display 'sap_swpm_role_parameters_dict' + ansible.builtin.debug: + msg: "sap_swpm_role_parameters_dict: >{{ sap_swpm_role_parameters_dict }}<" + when: sap_swpm_role_parameters_dict is defined and sap_swpm_role_parameters_dict + ignore_errors: true + +# Define role variables from low level member, looping over 'sap_swpm_role_parameters_dict'. +# Reason for noqa: We are setting variables from the content of a dict, and the variable names are in the dict keys. + - name: SAP SWPM Pre Install - Define role variables from low level member, looping over 'sap_swpm_role_parameters_dict' # noqa var-naming[no-jinja] + ansible.builtin.set_fact: + "{{ line_item.key }}": "{{ line_item.value }}" + loop: "{{ sap_swpm_role_parameters_dict | dict2items if sap_swpm_role_parameters_dict is mapping else [] }}" + loop_control: + loop_var: line_item + when: + - sap_swpm_role_parameters_dict is defined and sap_swpm_role_parameters_dict + + - name: SAP SWPM Pre Install - Display all vars and values of 'sap_swpm_role_parameters_dict' + ansible.builtin.debug: + msg: "{{ line_item.key }}: >{{ lookup('vars', line_item.key) }}<" + loop: "{{ sap_swpm_role_parameters_dict | dict2items if sap_swpm_role_parameters_dict is mapping else [] }}" + loop_control: + loop_var: line_item + when: sap_swpm_role_parameters_dict is defined and sap_swpm_role_parameters_dict + ignore_errors: true + +# Define sap_swpm_inifile_parameters_dict from low level member, or use top level variable if defined. Low level definition has precedence. + - name: SAP SWPM Pre Install - Define 'sap_swpm_inifile_parameters_dict' from low level member + ansible.builtin.set_fact: + sap_swpm_inifile_parameters_dict: "{{ sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_custom_values_dictionary'] | + d(sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_parameters_dict']) }}" + when: sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_custom_values_dictionary'] is defined or + sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_parameters_dict'] is defined + +# The following task ensures that the two main inifile creation parameters are defined. +# This is necessary when creating the file 'inifile.params'. +- name: SAP SWPM Pre Install - Define the main inifile creation parameters as empty if necessary + ansible.builtin.set_fact: + sap_swpm_inifile_sections_list: "{{ sap_swpm_inifile_sections_list | d([]) }}" + sap_swpm_inifile_parameters_dict: "{{ sap_swpm_inifile_parameters_dict | d({}) }}" + tags: always + +# Assert correct hostname and IP resolution of virtual hostname and IP if: +# - sapinst is requested to be run, and +# - /etc/hosts file is requested to be updated, and +# - sap_swpm_virtual_hostname has been defined + +- name: SAP SWPM Pre Install - Assert hostname resolution for HA + ansible.builtin.include_tasks: + file: pre_install/assert_hostname_resolution_for_ha.yml + apply: + tags: sap_swpm_update_etchosts + when: + - sap_swpm_run_sapinst + - sap_swpm_update_etchosts + - sap_swpm_virtual_hostname | type_debug != 'NoneType' + - sap_swpm_virtual_hostname | length > 0 + tags: sap_swpm_update_etchosts + ################ # Run Preinstallation Steps Based on Run Mode ################ - name: SAP SWPM Pre Install - Run Preinstallation Steps - ansible.builtin.include_tasks: swpm/swpm_pre_install.yml + ansible.builtin.include_tasks: pre_install/swpm_prepare.yml tags: - sap_swpm_generate_inifile - sap_swpm_sapinst_commandline -################ -# Set sapinst command -################ - -- name: SAP SWPM Pre Install - Set sapinst command - vars: - sap_swpm_swpm_command_guiserver: "{{ 'SAPINST_START_GUISERVER=false' if not sap_swpm_swpm_observer_mode else '' }}" - sap_swpm_swpm_command_observer: "{{ 'SAPINST_REMOTE_ACCESS_USER=' + sap_swpm_swpm_remote_access_user + ' SAPINST_REMOTE_ACCESS_USER_IS_TRUSTED=true' if sap_swpm_swpm_observer_mode and sap_swpm_swpm_remote_access_user | d('', true) | length > 0 else '' }}" - ansible.builtin.set_fact: - sap_swpm_swpm_command_inifile: "SAPINST_INPUT_PARAMETERS_URL={{ sap_swpm_tmpdir.path }}/inifile.params" - sap_swpm_swpm_command_product_id: "SAPINST_EXECUTE_PRODUCT_ID={{ sap_swpm_product_catalog_id }}" - # If SWPM is running a normal install Ansible Variable sap_swpm_swpm_command_virtual_hostname is blank - # IF SWPM is running a HA installation, Ansible Variable sap_swpm_swpm_command_virtual_hostname is set and contains "SAPINST_USE_HOSTNAME={{ sap_swpm_virtual_hostname }} IS_HOST_LOCAL_USING_STRING_COMPARE=true" - # If SWPM is running a MP Stack XML installation, Ansible Variable sap_swpm_swpm_command_mp_stack is set and contains "SAPINST_STACK_XML={{ sap_swpm_mp_stack_path }} + '/' (if needed) + {{ sap_swpm_mp_stack_file_name }}" - sap_swpm_swpm_command_extra_args: "SAPINST_SKIP_DIALOGS=true {{ sap_swpm_swpm_command_guiserver }} {{ sap_swpm_swpm_command_observer }} {{ sap_swpm_swpm_command_virtual_hostname }} {{ sap_swpm_swpm_command_mp_stack }}" - tags: sap_swpm_sapinst_commandline - ################ # Pre Install Optional Tasks ################ # Firewall -- name: SAP SWPM Pre Install - Firewall Setup +- name: SAP SWPM Pre Install - Setup Firewall ansible.builtin.include_tasks: file: pre_install/firewall.yml apply: tags: sap_swpm_setup_firewall - when: "sap_swpm_setup_firewall | bool" + when: + - sap_swpm_run_sapinst + - sap_swpm_setup_firewall tags: sap_swpm_setup_firewall # /etc/hosts @@ -49,7 +169,9 @@ file: pre_install/update_etchosts.yml apply: tags: sap_swpm_update_etchosts - when: "sap_swpm_update_etchosts | bool" + when: + - sap_swpm_run_sapinst + - sap_swpm_update_etchosts tags: sap_swpm_update_etchosts ################ @@ -81,3 +203,32 @@ - ' The installation can take up to 3 hours. Run the following command as root' - ' on {{ ansible_hostname }} to display the installation logs:' - ' # tail -f $(cat /tmp/sapinst_instdir/.lastInstallationLocation)/sapinst.log' + +################ +# Set sapinst command +################ + +- name: SAP SWPM Pre Install - Set the sapinst command parameters + vars: + sap_swpm_swpm_command_guiserver: "{{ 'SAPINST_START_GUISERVER=false' if not sap_swpm_swpm_observer_mode else '' }}" + sap_swpm_swpm_command_observer: "{{ 'SAPINST_REMOTE_ACCESS_USER=' + sap_swpm_swpm_remote_access_user + ' SAPINST_REMOTE_ACCESS_USER_IS_TRUSTED=true' if sap_swpm_swpm_observer_mode and sap_swpm_swpm_remote_access_user | d('', true) | length > 0 else '' }}" + ansible.builtin.set_fact: + sap_swpm_swpm_command_inifile: "SAPINST_INPUT_PARAMETERS_URL={{ sap_swpm_tmpdir.path }}/inifile.params" + sap_swpm_swpm_command_product_id: "SAPINST_EXECUTE_PRODUCT_ID={{ sap_swpm_product_catalog_id }}" + # If SWPM is running a normal install Ansible Variable sap_swpm_swpm_command_virtual_hostname is blank + # IF SWPM is running a HA installation, Ansible Variable sap_swpm_swpm_command_virtual_hostname is set and contains "SAPINST_USE_HOSTNAME={{ sap_swpm_virtual_hostname }} IS_HOST_LOCAL_USING_STRING_COMPARE=true" + # If SWPM is running a MP Stack XML installation, Ansible Variable sap_swpm_swpm_command_mp_stack is set and contains "SAPINST_STACK_XML={{ sap_swpm_mp_stack_path }} + '/' (if needed) + {{ sap_swpm_mp_stack_file_name }}" + sap_swpm_swpm_command_extra_args: "SAPINST_SKIP_DIALOGS=true {{ sap_swpm_swpm_command_guiserver }} {{ sap_swpm_swpm_command_observer }} {{ sap_swpm_swpm_command_virtual_hostname }} {{ sap_swpm_swpm_command_mp_stack }}" + tags: sap_swpm_sapinst_commandline + +- name: Set fact for the sapinst command line + ansible.builtin.set_fact: + __sap_swpm_sapinst_command: "umask {{ sap_swpm_umask | d('022') }} ; ./sapinst {{ sap_swpm_swpm_command_inifile }} + {{ sap_swpm_swpm_command_product_id }} + {{ sap_swpm_swpm_command_extra_args }}" + tags: sap_swpm_sapinst_commandline + +- name: Display the sapinst command line + ansible.builtin.debug: + msg: "SAP SWPM install command: '{{ __sap_swpm_sapinst_command }}'" + tags: sap_swpm_sapinst_commandline diff --git a/roles/sap_swpm/tasks/pre_install/assert_hostname_resolution_for_ha.yml b/roles/sap_swpm/tasks/pre_install/assert_hostname_resolution_for_ha.yml new file mode 100644 index 000000000..97b7c594a --- /dev/null +++ b/roles/sap_swpm/tasks/pre_install/assert_hostname_resolution_for_ha.yml @@ -0,0 +1,49 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# Assert HA settings + +- name: SAP SWPM Pre Install - HA settings - Ensure the dig command is present + ansible.builtin.package: + name: bind-utils + state: present + +- name: SAP SWPM Pre Install - HA settings - Try to resolve sap_swpm_virtual_hostname from DNS + ansible.builtin.command: dig +short +tries=1 +time=1 "{{ sap_swpm_virtual_hostname }}" + register: __sap_swpm_register_virtual_ip_dns + changed_when: false + failed_when: false + +- name: SAP SWPM Pre Install - HA settings - Assign sap_swpm_virtual_ip from DNS + ansible.builtin.set_fact: + __sap_swpm_fact_virtual_ip: "{{ __sap_swpm_register_virtual_ip_dns.stdout_lines[-1] }}" + when: __sap_swpm_register_virtual_ip_dns.stdout_lines | length > 0 + +- name: SAP SWPM Pre Install - HA settings - Try using /etc/hosts for name resolution + when: __sap_swpm_register_virtual_ip_dns.stdout_lines | length == 0 + block: + +# We assign the IP address only if there is exactly one line containing ipv4 and hostname: + - name: SAP SWPM Pre Install - HA settings - Try to resolve sap_swpm_virtual_hostname from /etc/hosts + ansible.builtin.shell: | + awk 'BEGIN{a=0}/^[^#]/&&(/\s{{ sap_swpm_virtual_hostname }}\./||/\s{{ sap_swpm_virtual_hostname }}/){a++; ipaddr=$1}END{if(a==1){print ipaddr}}' /etc/hosts + register: __sap_swpm_register_virtual_ip_etc_hosts + changed_when: false + failed_when: false + + - name: SAP SWPM Pre Install - HA settings - Assign sap_swpm_virtual_ip from /etc/hosts + ansible.builtin.set_fact: + __sap_swpm_fact_virtual_ip: "{{ __sap_swpm_register_virtual_ip_etc_hosts.stdout_lines[-1] }}" + when: __sap_swpm_register_virtual_ip_etc_hosts.stdout_lines | length > 0 + +- name: SAP SWPM Pre Install - HA settings - Assert that sap_swpm_virtual_hostname can be resolved + ansible.builtin.assert: + that: __sap_swpm_fact_virtual_ip is defined and __sap_swpm_fact_virtual_ip | length > 0 + fail_msg: "FAIL: 'sap_swpm_virtual_hostname' is not defined, cannot be resolved, or has multiple entries in /etc/hosts!" + success_msg: "PASS: {{ sap_swpm_virtual_hostname }} can be resolved." + +- name: SAP SWPM Pre Install - HA settings - Assert that sap_swpm_fact_virtual_ip is part of ansible_all_ipv4_addresses + ansible.builtin.assert: + that: __sap_swpm_fact_virtual_ip in ansible_all_ipv4_addresses + fail_msg: "FAIL: {{ __sap_swpm_fact_virtual_ip }} is not part of ansible_all_ipv4_addresses!" + success_msg: "PASS: {{ __sap_swpm_fact_virtual_ip }} is part of ansible_all_ipv4_addresses." diff --git a/roles/sap_swpm/tasks/pre_install/detect_variables_from_inifile.yml b/roles/sap_swpm/tasks/pre_install/detect_variables_from_inifile.yml new file mode 100644 index 000000000..541378960 --- /dev/null +++ b/roles/sap_swpm/tasks/pre_install/detect_variables_from_inifile.yml @@ -0,0 +1,80 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# Detect and set Product ID +- name: SAP SWPM Pre Install - Detect Product ID from inifile + ansible.builtin.command: | + awk 'BEGIN{IGNORECASE=1;a=0} + /Product ID/&&a==0{a=1; gsub ("#", ""); gsub ("\047", ""); product_id=$NF} + END{print product_id}' {{ sap_swpm_tmpdir_local.path }}/inifile.params + delegate_to: localhost + register: sap_swpm_inifile_product_id_detect + changed_when: false + +- name: SAP SWPM Pre Install - Report if 'sap_swpm_product_catalog_id' has been defined differently + ansible.builtin.debug: + msg: "NOTE: The Product ID in '{{ sap_swpm_tmpdir_local.path }}/inifile.params' is different from the role parameter 'sap_swpm_inifile_product_id_detect'." + when: + - sap_swpm_product_catalog_id + - sap_swpm_inifile_product_id_detect.stdout != sap_swpm_product_catalog_id + +- name: SAP SWPM Pre Install - Set SAP product ID + ansible.builtin.set_fact: + sap_swpm_product_catalog_id: "{{ sap_swpm_inifile_product_id_detect.stdout }}" + +# Detect and set Software Path +- name: SAP SWPM Pre Install - Detect Software Path from inifile + ansible.builtin.command: | + awk '!/^#/&&/archives.downloadBasket/{print $3}' {{ sap_swpm_tmpdir_local.path }}/inifile.params + delegate_to: localhost + register: sap_swpm_inifile_software_path_detect + changed_when: false + +- name: SAP SWPM Pre Install - Report if 'sap_swpm_software_path' has been defined differently + ansible.builtin.debug: + msg: "NOTE: The Software Path in '{{ sap_swpm_tmpdir_local.path }}/inifile.params' is different from the role parameter 'sap_swpm_software_path'." + when: + - sap_swpm_software_path + - sap_swpm_inifile_software_path_detect.stdout != sap_swpm_software_path + +- name: SAP SWPM Pre Install - Set Software Path + ansible.builtin.set_fact: + sap_swpm_software_path: "{{ sap_swpm_inifile_software_path_detect.stdout }}" + +# Detect and set SID +- name: SAP SWPM Pre Install - Detect SID from inifile + ansible.builtin.command: | + awk '!/^#/&&/NW_GetSidNoProfiles.sid/{print $3}' {{ sap_swpm_tmpdir_local.path }}/inifile.params + delegate_to: localhost + register: sap_swpm_inifile_sid_detect + changed_when: false + +- name: SAP SWPM Pre Install - Report if 'sap_swpm_sid' has been defined differently + ansible.builtin.debug: + msg: "NOTE: The SID in '{{ sap_swpm_tmpdir_local.path }}/inifile.params' is different from the role parameter 'sap_swpm_sid'." + when: + - sap_swpm_sid + - sap_swpm_inifile_sid_detect.stdout != sap_swpm_sid + +- name: SAP SWPM Pre Install - Set SID + ansible.builtin.set_fact: + sap_swpm_sid: "{{ sap_swpm_inifile_sid_detect.stdout }}" + +# Detect and set FQDN +- name: SAP SWPM Pre Install - Detect FQDN from inifile + ansible.builtin.command: | + awk '!/^#/&&/NW_getFQDN.FQDN/{print $3}' {{ sap_swpm_tmpdir_local.path }}/inifile.params + delegate_to: localhost + register: sap_swpm_inifile_fqdn_detect + changed_when: false + +- name: SAP SWPM Pre Install - Report if 'sap_swpm_fqdn' has been defined differently + ansible.builtin.debug: + msg: "NOTE: The FQDN in '{{ sap_swpm_tmpdir_local.path }}/inifile.params' is different from the role parameter 'sap_swpm_fqdn'." + when: + - sap_swpm_fqdn + - sap_swpm_inifile_sid_detect.stdout != sap_swpm_fqdn + +- name: SAP SWPM Pre Install - Set FQDN + ansible.builtin.set_fact: + sap_swpm_fqdn: "{{ sap_swpm_inifile_fqdn_detect.stdout }}" diff --git a/roles/sap_swpm/tasks/pre_install/firewall.yml b/roles/sap_swpm/tasks/pre_install/firewall.yml index f27aea554..a36cb1644 100644 --- a/roles/sap_swpm/tasks/pre_install/firewall.yml +++ b/roles/sap_swpm/tasks/pre_install/firewall.yml @@ -54,7 +54,7 @@ - "51000" - "64997" when: - - not sap_swpm_generic | bool + - not sap_swpm_generic - name: SAP SWPM Pre Install - Add Ports Based on NR - {{ sap_swpm_db_instance_nr }} ansible.builtin.include_tasks: update_firewall.yml @@ -62,7 +62,7 @@ loop_control: loop_var: passed_port when: - - not sap_swpm_generic | bool + - not sap_swpm_generic # Reason for noqa: We currently do not determine if reloading the firewall changes anything - name: SAP SWPM Pre Install - Reload Firewall # noqa no-changed-when diff --git a/roles/sap_swpm/tasks/pre_install/generate_inifile.yml b/roles/sap_swpm/tasks/pre_install/generate_inifile.yml new file mode 100644 index 000000000..53f4809ff --- /dev/null +++ b/roles/sap_swpm/tasks/pre_install/generate_inifile.yml @@ -0,0 +1,193 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# The following task is used for checking if an inifile exists on the managed node +- name: SAP SWPM Pre Install - Ensure the sapinst inifile directory '{{ sap_swpm_inifile_directory }}' exists on the managed node + ansible.builtin.file: + path: "{{ sap_swpm_inifile_directory }}" + state: directory + owner: 'root' + group: 'root' + mode: '0755' + +- name: SAP SWPM Pre Install - Check if file '{{ sap_swpm_inifile_directory }}/inifile.params' exists on the managed node + ansible.builtin.stat: + path: "{{ sap_swpm_inifile_directory }}/inifile.params" + check_mode: no + register: __sap_swpm_register_stat_sapinst_inifile + +- name: SAP SWPM Pre Install - Try using existing SWPM inifile 'inifile.params' + when: __sap_swpm_register_stat_sapinst_inifile.stat.exists + block: + + - name: SAP SWPM Pre Install, existing inifile - Notify about existing sapinst inifile on the managed node + ansible.builtin.debug: + msg: "INFO: Using existing sapinst inifile '{{ sap_swpm_inifile_directory }}/inifile.params'." + +# Note: Attempting to fetch and store into sap_swpm_tmpdir_local.path results in a 'Permission denied' error. +# So we are using 'slurp' and 'copy' for this purpose. + - name: SAP SWPM Pre Install, existing inifile - Slurp the remote 'inifile.params' for copying to control node + ansible.builtin.slurp: + src: "{{ sap_swpm_inifile_directory }}/inifile.params" + register: sap_swpm_slurped_remote_inifile + + - name: SAP SWPM Pre Install, existing inifile - Copy 'inifile.params' to the control node + ansible.builtin.copy: + content: "{{ sap_swpm_slurped_remote_inifile['content'] | b64decode }}" + dest: "{{ sap_swpm_tmpdir_local.path }}/inifile.params" + owner: 'root' + group: 'root' + mode: '0640' + delegate_to: localhost + +# Now we need to confirm that des25 is not in the inifile + - name: SAP SWPM Pre Install, existing inifile - Search inifile for for des25 + ansible.builtin.shell: | + set -o pipefail && awk 'BEGIN{a=0}!/^#/&&/des25\(/{a++}END{print a}' {{ sap_swpm_tmpdir_local.path }}/inifile.params + delegate_to: localhost + register: sap_swpm_inifile_count_des25 + changed_when: false + + - name: SAP SWPM Pre Install, existing inifile - Ensure that des25 is not present in inifile + ansible.builtin.fail: + msg: + - "Inifile '{{ sap_swpm_inifile_directory }}/inifile.params' cannot be reused because it contains des25 encrypted data." + - "See also SAP notes 2609804." + when: sap_swpm_inifile_count_des25.stdout != '0' + + - name: SAP SWPM Pre Install - Detect Variables + ansible.builtin.import_tasks: + file: detect_variables_from_inifile.yml + +# At this point, the following variables need to be set: +# sap_swpm_product_catalog_id, sap_swpm_software_path, sap_swpm_sid, sap_swpm_fqdn +- name: SAP SWPM Pre Install - Assert that certain variables are set + ansible.builtin.assert: + that: "{{ __sap_swpm_vars_line_item }} is defined and {{ __sap_swpm_vars_line_item }}" + fail_msg: "FAIL: '{{ __sap_swpm_vars_line_item }}' is either undefined or empty!" + success_msg: "PASS: '{{ __sap_swpm_vars_line_item }}' is set." + loop: + - sap_swpm_product_catalog_id + - sap_swpm_software_path + - sap_swpm_sid + - sap_swpm_fqdn + loop_control: + loop_var: __sap_swpm_vars_line_item + label: __sap_swpm_vars_line_item + tags: sap_swpm_generate_inifile + +- name: SAP SWPM Pre Install - Display these variables + ansible.builtin.debug: + msg: + - "sap_swpm_product_catalog_id: >{{ sap_swpm_product_catalog_id }}<" + - "sap_swpm_software_path: >{{ sap_swpm_software_path }}<" + - "sap_swpm_sid: >{{ sap_swpm_sid }}<" + - "sap_swpm_fqdn: >{{ sap_swpm_fqdn }}<" + +# We are creating the inifile dynamically in one of the two cases: +# 1 - The tag sap_swpm_generate_inifile is specified +# 2 - There is no file 'inifile.params' available in 'sap_swpm_inifile_directory' +# Prerequisite: Role parameter 'sap_swpm_product_catalog_id' is defined +- name: SAP SWPM Pre Install, create inifile - Create the SWPM inifile 'inifile.params' dynamically + when: "'sap_swpm_generate_inifile' in ansible_run_tags or (not __sap_swpm_register_stat_sapinst_inifile.stat.exists)" + tags: sap_swpm_generate_inifile + block: + +# - name: SAP SWPM Pre Install - Ensure role parameter 'sap_swpm_product_catalog_id' is defined +# ansible.builtin.fail: +# msg: +# - "Role parameter 'sap_swpm_product_catalog_id' is empty or not defined, so certain inifile entries cannot be determined." +# - "Remediation: Define the role parameter 'sap_swpm_product_catalog_id' in your playbook or inventory and re-run the playbook." +# when: sap_swpm_product_catalog_id is not defined or not sap_swpm_product_catalog_id + +# 3 tasks for setting password Facts, required by the template: + - name: SAP SWPM Pre Install - Set password facts when ABAP + ansible.builtin.set_fact: + sap_swpm_db_schema: "{{ sap_swpm_db_schema_abap }}" + sap_swpm_db_schema_password: "{{ sap_swpm_db_schema_abap_password }}" + when: "'ABAP' in sap_swpm_product_catalog_id" + + - name: SAP SWPM Pre Install - Set password facts when Java + ansible.builtin.set_fact: + sap_swpm_db_schema: "{{ sap_swpm_db_schema_java }}" + sap_swpm_db_schema_password: "{{ sap_swpm_db_schema_java_password }}" + when: "'Java' in sap_swpm_product_catalog_id" + + - name: SAP SWPM Pre Install - Set other user passwords using master password + ansible.builtin.set_fact: + sap_swpm_sapadm_password: "{{ sap_swpm_master_password }}" + sap_swpm_sap_sidadm_password: "{{ sap_swpm_master_password }}" + sap_swpm_diagnostics_agent_password: "{{ sap_swpm_master_password }}" + +# Generate inifile.params, step 1: Process SWPM Configfile template locally for creating inifile.params + - name: SAP SWPM Pre Install, create inifile - Process SWPM inifile template for for creating 'inifile.params' + ansible.builtin.template: + src: "{{ role_path }}/templates/inifile_params.j2" + dest: "{{ sap_swpm_tmpdir_local.path }}/inifile.params" + owner: 'root' + group: 'root' + mode: '0640' + delegate_to: localhost + when: + - sap_swpm_inifile_sections_list is defined + - sap_swpm_inifile_sections_list | length > 0 + +# Generate inifile.params, step 2: Use any entries from sap_swpm_inifile_parameters_dict + - name: SAP SWPM Pre Install, create inifile - Use any 'inifile.params' entries from 'sap_swpm_inifile_parameters_dict' + when: + - sap_swpm_inifile_parameters_dict is defined + - sap_swpm_inifile_parameters_dict | length > 0 + block: + + - name: SAP SWPM Pre Install, create inifile - Configure entries in 'inifile.params' from 'sap_swpm_inifile_parameters_dict' + ansible.builtin.lineinfile: + path: "{{ sap_swpm_tmpdir_local.path }}/inifile.params" + create: true + state: present + line: "{{ sap_swpm_line_item.key }} = {{ sap_swpm_line_item.value }}" + regexp: "^{{ sap_swpm_line_item.key }}[\\s]*=[\\s]*.*" + owner: 'root' + group: 'root' + mode: '0640' + loop: "{{ sap_swpm_inifile_parameters_dict | dict2items }}" + loop_control: + loop_var: sap_swpm_line_item + register: replace_result + delegate_to: localhost + + - name: SAP SWPM Pre Install, create inifile - Detect variables again if 'sap_swpm_inifile_parameters_dict' had been used + ansible.builtin.import_tasks: + file: detect_variables_from_inifile.yml + delegate_to: localhost + + - name: SAP SWPM Pre Install, create inifile - Display these variables again if 'sap_swpm_inifile_parameters_dict' had been used + ansible.builtin.debug: + msg: + - "sap_swpm_product_catalog_id: >{{ sap_swpm_product_catalog_id }}<" + - "sap_swpm_software_path: >{{ sap_swpm_software_path }}<" + - "sap_swpm_sid: >{{ sap_swpm_sid }}<" + - "sap_swpm_fqdn: >{{ sap_swpm_fqdn }}<" + delegate_to: localhost + +- name: SAP SWPM Pre Install - Display the path of the local 'inifile.params' + ansible.builtin.debug: + msg: "The local inifile.params is: '{{ sap_swpm_tmpdir_local.path }}/inifile.params'" + tags: sap_swpm_generate_inifile + +- name: SAP SWPM Pre Install - Slurp the local 'inifile.params' for copying to managed node + ansible.builtin.slurp: + src: "{{ sap_swpm_tmpdir_local.path }}/inifile.params" + register: sap_swpm_slurped_local_inifile + delegate_to: localhost + +- name: SAP SWPM Pre Install - Copy 'inifile.params' to the managed node + ansible.builtin.copy: + content: "{{ sap_swpm_slurped_local_inifile['content'] | b64decode }}" + dest: "{{ sap_swpm_tmpdir.path }}/inifile.params" + owner: 'root' + group: 'root' + mode: '0640' + +- name: SAP SWPM Pre Install - Display the path of the remote 'inifile.params' + ansible.builtin.debug: + msg: "The local inifile.params has been copied to: '{{ sap_swpm_tmpdir.path }}/inifile.params'" diff --git a/roles/sap_swpm/tasks/pre_install/install_type.yml b/roles/sap_swpm/tasks/pre_install/install_type.yml index ced5bbc98..b5afe12f0 100644 --- a/roles/sap_swpm/tasks/pre_install/install_type.yml +++ b/roles/sap_swpm/tasks/pre_install/install_type.yml @@ -4,7 +4,7 @@ - name: SAP SWPM Pre Install - Determine Installation Type ansible.builtin.set_fact: sap_swpm_swpm_installation_type: "" - sap_swpm_swpm_installation_header: "" + sap_swpm_swpm_installation_header: "Standard installation of SAP Software" sap_swpm_swpm_command_virtual_hostname: "" sap_swpm_swpm_command_mp_stack: "" @@ -58,9 +58,45 @@ # Run Installation Type Steps ################ -- name: SAP SWPM Pre Install - Display the Installation Type - ansible.builtin.debug: - var: sap_swpm_swpm_installation_type +- name: SAP SWPM Pre Install - Assert installation type is defined (including empty) + ansible.builtin.assert: + that: + - sap_swpm_swpm_installation_type is defined + fail_msg: + - "The installation type (variable 'sap_swpm_swpm_installation_type') is not defined!" + success_msg: + - "The installation type (variable 'sap_swpm_swpm_installation_type') is defined (including an empty string)." + +- name: SAP SWPM Pre Install - Assert supported installation types + ansible.builtin.assert: + that: + - sap_swpm_swpm_installation_type == '' or + sap_swpm_swpm_installation_type == 'restore' or + sap_swpm_swpm_installation_type == 'ha' or + sap_swpm_swpm_installation_type == 'maint_plan_stack' or + sap_swpm_swpm_installation_type == 'ha_maint_plan_stack' + fail_msg: + - "The specified installation type, '{{ sap_swpm_swpm_installation_type }}', is not supported!" + - "The following installation types are supported:" + - "- '' (empty string, the default)" + - "- 'restore'" + - "- 'ha'" + - "- 'maint_plan_stack'" + - "- 'ha_maint_plan_stack'" + success_msg: + - "The specified installation type, '{{ sap_swpm_swpm_installation_type }}', is supported." + +- name: SAP SWPM Pre Install - Assert that necessary variable for HA is defined + ansible.builtin.assert: + that: sap_swpm_virtual_hostname is defined and sap_swpm_virtual_hostname + fail_msg: "FAIL: {{ sap_swpm_virtual_hostname }} is not defined!" + success_msg: "PASS: The variable 'sap_swpm_virtual_hostname' is defined, as '{{ sap_swpm_virtual_hostname }}'." + when: + - sap_swpm_swpm_installation_type | regex_search('ha') + +################ +# Installation Type file will not be included if install type is empty (= the default): +################ - name: SAP SWPM Pre Install - Run Installation Type Steps ansible.builtin.include_tasks: "install_type/{{ sap_swpm_swpm_installation_type }}_install.yml" diff --git a/roles/sap_swpm/tasks/pre_install/password_facts.yml b/roles/sap_swpm/tasks/pre_install/password_facts.yml deleted file mode 100644 index 850283d88..000000000 --- a/roles/sap_swpm/tasks/pre_install/password_facts.yml +++ /dev/null @@ -1,22 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -- name: SAP SWPM Pre Install - Set password facts when ABAP - ansible.builtin.set_fact: - sap_swpm_db_schema: "{{ sap_swpm_db_schema_abap }}" - sap_swpm_db_schema_password: "{{ sap_swpm_db_schema_abap_password }}" - when: - - "'ABAP' in sap_swpm_product_catalog_id" - -- name: SAP SWPM Pre Install - Set password facts when Java - ansible.builtin.set_fact: - sap_swpm_db_schema: "{{ sap_swpm_db_schema_java }}" - sap_swpm_db_schema_password: "{{ sap_swpm_db_schema_java_password }}" - when: - - "'Java' in sap_swpm_product_catalog_id" - -- name: SAP SWPM Pre Install - Set other user passwords using master password - ansible.builtin.set_fact: - sap_swpm_sapadm_password: "{{ sap_swpm_master_password }}" - sap_swpm_sap_sidadm_password: "{{ sap_swpm_master_password }}" - sap_swpm_diagnostics_agent_password: "{{ sap_swpm_master_password }}" diff --git a/roles/sap_swpm/tasks/swpm/prepare_software.yml b/roles/sap_swpm/tasks/pre_install/prepare_software.yml similarity index 99% rename from roles/sap_swpm/tasks/swpm/prepare_software.yml rename to roles/sap_swpm/tasks/pre_install/prepare_software.yml index 62ca21d1f..26e40fb98 100644 --- a/roles/sap_swpm/tasks/swpm/prepare_software.yml +++ b/roles/sap_swpm/tasks/pre_install/prepare_software.yml @@ -177,7 +177,7 @@ - sap_swpm_set_file_permissions - name: SAP SWPM Pre Install - Full SAP System - when: not sap_swpm_generic | bool + when: not sap_swpm_generic block: # 3. IGS diff --git a/roles/sap_swpm/tasks/swpm/swpm_pre_install.yml b/roles/sap_swpm/tasks/pre_install/swpm_prepare.yml similarity index 61% rename from roles/sap_swpm/tasks/swpm/swpm_pre_install.yml rename to roles/sap_swpm/tasks/pre_install/swpm_prepare.yml index 360df233f..f2ae6cb62 100644 --- a/roles/sap_swpm/tasks/swpm/swpm_pre_install.yml +++ b/roles/sap_swpm/tasks/pre_install/swpm_prepare.yml @@ -1,16 +1,24 @@ # SPDX-License-Identifier: Apache-2.0 --- -# Create temporary directory -- name: SAP SWPM Pre Install - Create temporary directory +- name: SAP SWPM Pre Install - Create temporary directory on control node ansible.builtin.tempfile: state: directory - suffix: swpmconfig - register: sap_swpm_tmpdir + suffix: _swpm_tmp + delegate_to: localhost + register: sap_swpm_tmpdir_local tags: - sap_swpm_generate_inifile - sap_swpm_sapinst_commandline +- name: SAP SWPM Pre Install - Create temporary directory on managed node + ansible.builtin.tempfile: + state: directory + suffix: _swpm_config + register: sap_swpm_tmpdir + tags: + - sap_swpm_sapinst_commandline + # Copy password file to the same location as inifile.params - name: SAP SWPM Pre Install - Copy password file to the same location as inifile.params ansible.builtin.copy: @@ -18,24 +26,33 @@ dest: "{{ sap_swpm_tmpdir.path }}/instkey.pkey" remote_src: yes mode: '0640' - when: sap_swpm_use_password_file == "y" - tags: sap_swpm_generate_inifile + when: sap_swpm_use_password_file -# Run SWPM inifile generation based on ansible role mode -- name: SAP SWPM Pre Install - generate swpm inifile - ansible.builtin.include_tasks: "swpm_inifile_generate_{{ sap_swpm_ansible_role_mode }}.yml" +# Create the SWPM inifile +- name: SAP SWPM Pre Install - Generate the SWPM inifile + ansible.builtin.include_tasks: "generate_inifile.yml" tags: sap_swpm_generate_inifile -- name: SAP SWPM Pre Install - Display the location of file 'inifile.params' - ansible.builtin.debug: - msg: "{{ sap_swpm_tmpdir.path }}/inifile.params" - tags: sap_swpm_generate_inifile +# Determine Installation Type, e.g. System Copy, HA, Maintenance Planner, ... +- name: SAP SWPM default mode - Determine Installation Type + ansible.builtin.include_tasks: + file: install_type.yml +# apply: +# tags: sap_swpm_generate_inifile +# tags: sap_swpm_generate_inifile + +# Requires variables - sap_swpm_software_path (e.g. /software/download_basket), sap_swpm_sapcar_path (e.g. /software/sapcar), sap_swpm_swpm_path (e.g. /software/swpm) +# Prepare Software +- name: SAP SWPM Pre Install - Prepare Software + ansible.builtin.include_tasks: prepare_software.yml + when: sap_swpm_run_sapinst # Set fact for SWPM path - name: SAP SWPM Pre Install - Set fact for SWPM path when extract directory defined ansible.builtin.set_fact: sap_swpm_sapinst_path: "{{ sap_swpm_software_extract_directory }}" when: + - sap_swpm_run_sapinst - sap_swpm_software_extract_directory is defined - not (sap_swpm_software_extract_directory is none or (sap_swpm_software_extract_directory | length == 0)) @@ -44,6 +61,7 @@ ansible.builtin.set_fact: sap_swpm_sapinst_path: "{{ (sap_swpm_swpm_path | regex_replace('\\/$', '')) + '/extracted' }}" when: + - sap_swpm_run_sapinst - sap_swpm_software_extract_directory is undefined or (sap_swpm_software_extract_directory is none or (sap_swpm_software_extract_directory | length) == 0) - name: SAP SWPM Pre Install - Ensure directory '{{ sap_swpm_sapinst_path }}' exists @@ -51,6 +69,7 @@ path: "{{ sap_swpm_sapinst_path }}" state: directory mode: '0755' + when: sap_swpm_run_sapinst # Extract SWPM - name: SAP SWPM Pre Install - Extract SWPM @@ -62,3 +81,4 @@ args: chdir: "{{ sap_swpm_sapinst_path }}" changed_when: "'SAPCAR: processing archive' in sap_swpm_extractswpm.stdout" + when: sap_swpm_run_sapinst diff --git a/roles/sap_swpm/tasks/pre_install/update_etchosts.yml b/roles/sap_swpm/tasks/pre_install/update_etchosts.yml index 4adbdcf34..815ae29e6 100644 --- a/roles/sap_swpm/tasks/pre_install/update_etchosts.yml +++ b/roles/sap_swpm/tasks/pre_install/update_etchosts.yml @@ -1,75 +1,61 @@ # SPDX-License-Identifier: Apache-2.0 --- -# Update etc hosts for NW +# Update /etc/hosts for NW -- name: SAP SWPM Pre Install - Display warning message if '/etc/hosts' is not configured for NW due to missing 'sap_swpm_fqdn' +- name: SAP SWPM Pre Install - Display warning message if '/etc/hosts' will not be configured for NW due to missing 'sap_swpm_fqdn' ansible.builtin.debug: msg: "WARN: Not configuring NW entries in '/etc/hosts' because 'sap_swpm_fqdn' is not defined!" when: (sap_swpm_fqdn | type_debug == 'NoneType') or (sap_swpm_fqdn | length == 0) -# Update etc hosts for HANA - - name: SAP SWPM Pre Install - Update '/etc/hosts' for NW + ansible.builtin.import_role: + name: 'community.sap_install.sap_maintain_etc_hosts' + vars: + sap_maintain_etc_hosts_list: + - node_ip: "{{ ansible_default_ipv4.address | d(ansible_all_ipv4_addresses[0]) }}" + node_name: "{{ ansible_hostname }}" + node_domain: "{{ sap_swpm_fqdn }}" + state: present when: - "sap_swpm_fqdn | type_debug != 'NoneType'" - "sap_swpm_fqdn | length > 0" - block: - - - name: SAP SWPM Pre Install - Deduplicate values from '/etc/hosts' - ansible.builtin.lineinfile: - path: /etc/hosts - create: false - regexp: (?i)^\s*{{ ansible_default_ipv4.address | d(ansible_all_ipv4_addresses[0]) }}\s+ - state: absent -# Reason for noqa: 1. Tabs can increase readability; -# 2. Tabs are allowed for /etc/hosts - - name: SAP SWPM Pre Install - Update '/etc/hosts' with NW entry # noqa no-tabs - ansible.builtin.lineinfile: - path: /etc/hosts - line: "{{ ansible_default_ipv4.address | d(ansible_all_ipv4_addresses[0]) }}\t{{ ansible_hostname }}.{{ sap_swpm_fqdn }}\t{{ ansible_hostname }}" +# Update /etc/hosts for HANA -- name: SAP SWPM Pre Install - Display warning message if '/etc/hosts' is not configured for HANA due to missing 'sap_swpm_db_ip' +- name: SAP SWPM Pre Install - Display warning message if '/etc/hosts' will not be configured for HANA due to missing 'sap_swpm_db_ip' ansible.builtin.debug: msg: "WARN: Not configuring HANA entries in '/etc/hosts' because 'sap_swpm_db_ip' is not defined!" when: (sap_swpm_db_ip | type_debug == 'NoneType') or (sap_swpm_db_ip | length == 0) -- name: SAP SWPM Pre Install - Display warning message if '/etc/hosts' is not configured for HANA due to missing 'sap_swpm_db_host' +- name: SAP SWPM Pre Install - Display warning message if '/etc/hosts' will not be configured for HANA due to missing 'sap_swpm_db_host' ansible.builtin.debug: msg: "WARN: Not configuring HANA entries in '/etc/hosts' because 'sap_swpm_db_host' is not defined!" when: (sap_swpm_db_host | type_debug == 'NoneType') or (sap_swpm_db_host | length == 0) -- name: SAP SWPM Pre Install - Display warning message if '/etc/hosts' is not configured for HANA because 'sap_swpm_db_host' is the current host +- name: SAP SWPM Pre Install - Display warning message if '/etc/hosts' will not be configured for HANA because 'sap_swpm_db_host' is the current host ansible.builtin.debug: msg: "WARN: Not configuring HANA entries in '/etc/hosts' because 'sap_swpm_db_host' is the current host!" when: sap_swpm_db_host == ansible_hostname - name: SAP SWPM Pre Install - Update '/etc/hosts' for HANA + ansible.builtin.import_role: + name: 'community.sap_install.sap_maintain_etc_hosts' + vars: + sap_maintain_etc_hosts_list: + - node_ip: "{{ sap_swpm_db_ip }}" + node_name: "{{ sap_swpm_db_host }}" + node_domain: "{{ sap_swpm_fqdn }}" + state: present when: - "sap_swpm_db_ip | type_debug != 'NoneType'" - "sap_swpm_db_ip | length > 0" - "sap_swpm_db_host | type_debug != 'NoneType'" - "sap_swpm_db_host | length > 0" - "sap_swpm_db_host != ansible_hostname" - block: - - - name: SAP SWPM Pre Install - Deduplicate values from '/etc/hosts' - ansible.builtin.lineinfile: - path: /etc/hosts - create: false - regexp: (?i)^\s*{{ sap_swpm_db_ip }}\s+ - state: absent - -# Reason for noqa: 1. Tabs can increase readability; -# 2. Tabs are allowed for /etc/hosts - - name: SAP SWPM Pre Install - Update '/etc/hosts' with HANA entry # noqa no-tabs - ansible.builtin.lineinfile: - path: /etc/hosts - line: "{{ sap_swpm_db_ip }}\t{{ sap_swpm_db_host }}.{{ sap_swpm_fqdn }}\t{{ sap_swpm_db_host }}" diff --git a/roles/sap_swpm/tasks/swpm.yml b/roles/sap_swpm/tasks/swpm.yml index 462587505..d9d0bd4eb 100644 --- a/roles/sap_swpm/tasks/swpm.yml +++ b/roles/sap_swpm/tasks/swpm.yml @@ -23,17 +23,19 @@ ### Async method -- name: Set fact for the sapinst command line - ansible.builtin.set_fact: - __sap_swpm_sapinst_command: "umask {{ sap_swpm_umask | d('022') }} ; ./sapinst {{ sap_swpm_swpm_command_inifile }} - {{ sap_swpm_swpm_command_product_id }} - {{ sap_swpm_swpm_command_extra_args }}" - tags: sap_swpm_sapinst_commandline - -- name: Display the sapinst command line - ansible.builtin.debug: - msg: "SAP SWPM install command: '{{ __sap_swpm_sapinst_command }}'" - tags: sap_swpm_sapinst_commandline +# now in file pre_install.yml: +#- name: Set fact for the sapinst command line +# ansible.builtin.set_fact: +# __sap_swpm_sapinst_command: "umask {{ sap_swpm_umask | d('022') }} ; ./sapinst {{ sap_swpm_swpm_command_inifile }} +# {{ sap_swpm_swpm_command_product_id }} +# {{ sap_swpm_swpm_command_extra_args }}" +# tags: sap_swpm_sapinst_commandline + +# now in file pre_install.yml: +#- name: Display the sapinst command line +# ansible.builtin.debug: +# msg: "SAP SWPM install command: '{{ __sap_swpm_sapinst_command }}'" +# tags: sap_swpm_sapinst_commandline # Call sapinst synchronously # Reason for noqa: This command installs software, so it will change things diff --git a/roles/sap_swpm/tasks/swpm/detect_variables.yml b/roles/sap_swpm/tasks/swpm/detect_variables.yml deleted file mode 100644 index 557c988ad..000000000 --- a/roles/sap_swpm/tasks/swpm/detect_variables.yml +++ /dev/null @@ -1,80 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -# Detect Product ID -- name: SAP SWPM - Detect Product ID - ansible.builtin.command: | - awk 'BEGIN{IGNORECASE=1;a=0} - /Product ID/&&a==0{a=1; gsub ("#", ""); gsub ("\047", ""); product_id=$NF} - END{print product_id}' {{ sap_swpm_tmpdir.path }}/inifile.params - register: sap_swpm_inifile_product_id_detect - changed_when: false - when: not sap_swpm_product_catalog_id is defined - -# Set fact for product id -- name: SAP SWPM - Set SAP product ID - ansible.builtin.set_fact: - sap_swpm_product_catalog_id: "{{ sap_swpm_inifile_product_id_detect.stdout }}" - when: not sap_swpm_product_catalog_id is defined - -- name: SAP SWPM - Display SAP product ID - ansible.builtin.debug: - msg: - - "Product ID is {{ sap_swpm_product_catalog_id }}" - -# Detect Software Path -- name: SAP SWPM - Detect Software Path - ansible.builtin.command: | - awk '!/^#/&&/archives.downloadBasket/{print $3}' {{ sap_swpm_tmpdir.path }}/inifile.params - register: sap_swpm_inifile_software_path - changed_when: false - when: not sap_swpm_software_path is defined - -# Set fact for software path -- name: SAP SWPM - Set Software Path - ansible.builtin.set_fact: - sap_swpm_software_path: "{{ sap_swpm_inifile_software_path.stdout }}" - when: not sap_swpm_software_path is defined - -- name: SAP SWPM - Display Software Path - ansible.builtin.debug: - msg: - - "Software path is {{ sap_swpm_software_path }}" - -# Detect SID -- name: SAP SWPM - Detect SID - ansible.builtin.command: | - awk '!/^#/&&/NW_GetSidNoProfiles.sid/{print $3}' {{ sap_swpm_tmpdir.path }}/inifile.params - register: sap_swpm_inifile_sid - changed_when: false - when: not sap_swpm_sid is defined - -# Set fact for SID -- name: SAP SWPM - Set SID - ansible.builtin.set_fact: - sap_swpm_sid: "{{ sap_swpm_inifile_sid.stdout }}" - when: not sap_swpm_sid is defined - -- name: SAP SWPM - Display SAP SID - ansible.builtin.debug: - msg: - - "SAP SID {{ sap_swpm_sid }}" - -# Detect FQDN -- name: SAP SWPM - Detect FQDN - ansible.builtin.command: | - awk '!/^#/&&/NW_getFQDN.FQDN/{print $3}' {{ sap_swpm_tmpdir.path }}/inifile.params - register: sap_swpm_inifile_fqdn - changed_when: false - when: not sap_swpm_fqdn is defined - -# Set fact for FQDN -- name: SAP SWPM - Set FQDN - ansible.builtin.set_fact: - sap_swpm_fqdn: "{{ sap_swpm_inifile_fqdn.stdout }}" - when: not sap_swpm_fqdn is defined - -- name: SAP SWPM - Display FQDN - ansible.builtin.debug: - msg: - - "SAP fqdn {{ sap_swpm_fqdn }}" diff --git a/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_advanced.yml b/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_advanced.yml deleted file mode 100644 index 234dfb5db..000000000 --- a/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_advanced.yml +++ /dev/null @@ -1,35 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -# Remove Existing inifile.params -- name: SAP SWPM advanced mode - Ensure 'inifile.params' exists - ansible.builtin.copy: - dest: "{{ sap_swpm_tmpdir.path }}/inifile.params" - mode: '0640' - content: | - ### inifile.params generated for SWPM Catalog Product ID is {{ sap_swpm_product_catalog_id }} - tags: sap_swpm_generate_inifile - -- name: SAP SWPM advanced mode - Loop over the dictionary and output to file - ansible.builtin.lineinfile: - path: "{{ sap_swpm_tmpdir.path }}/inifile.params" - state: present - insertafter: EOF - line: "{{ item.key }} = {{ item.value }}" - with_dict: "{{ sap_swpm_inifile_custom_values_dictionary }}" - tags: sap_swpm_generate_inifile - -# NOTE: Values in Dictionary Keys for instance numbers must be string using '01' single quote, otherwise SAP SWPM will crash - -# Detect variables from generated inifile -- name: SAP SWPM advanced mode - Detect Variables - ansible.builtin.include_tasks: - file: detect_variables.yml - apply: - tags: sap_swpm_generate_inifile - tags: sap_swpm_generate_inifile - -# Requires variables - sap_swpm_software_path (e.g. /software/download_basket), sap_swpm_sapcar_path (e.g. /software/sapcar), sap_swpm_swpm_path (e.g. /software/swpm) -# Prepare Software -- name: SAP SWPM advanced mode - Prepare Software - ansible.builtin.include_tasks: prepare_software.yml diff --git a/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_advanced_templates.yml b/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_advanced_templates.yml deleted file mode 100644 index b6685e343..000000000 --- a/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_advanced_templates.yml +++ /dev/null @@ -1,64 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -# Set facts based on the install dictionary -- name: SAP SWPM advanced_templates mode - Set product_catalog_id - ansible.builtin.set_fact: - sap_swpm_product_catalog_id: "{{ sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_product_catalog_id'] }}" - tags: sap_swpm_generate_inifile - -- name: SAP SWPM advanced_templates mode - Create temporary directory - ansible.builtin.tempfile: - state: directory - suffix: swpmconfig - register: sap_swpm_tmpdir - tags: sap_swpm_generate_inifile - -# Remove Existing inifile.params -- name: SAP SWPM advanced_templates mode - Ensure 'inifile.params' exists - ansible.builtin.copy: - dest: "{{ sap_swpm_tmpdir.path }}/inifile.params" - mode: '0640' - content: | - ### inifile.params generated for SWPM Catalog Product ID is {{ sap_swpm_product_catalog_id }} - tags: sap_swpm_generate_inifile - -- name: SAP SWPM advanced_templates mode - Loop over the dictionary and output to file - ansible.builtin.lineinfile: - path: "{{ sap_swpm_tmpdir.path }}/inifile.params" - state: present - insertafter: EOF - line: "{{ item.key }} = {{ item.value }}" - with_dict: "{{ sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_custom_values_dictionary'] }}" - tags: sap_swpm_generate_inifile - -# NOTE: Values in Dictionary Keys for instance numbers must be string using '01' single quote, otherwise SAP SWPM will crash - - -# Detect variables from generated inifile -- name: SAP SWPM advanced_templates mode - Detect Variables - ansible.builtin.include_tasks: - file: detect_variables.yml - apply: - tags: sap_swpm_generate_inifile - tags: sap_swpm_generate_inifile - -# Requires variables - sap_swpm_software_path (e.g. /software/download_basket), sap_swpm_sapcar_path (e.g. /software/sapcar), sap_swpm_swpm_path (e.g. /software/swpm) -# Prepare Software -- name: SAP SWPM advanced_templates mode - Prepare Software - ansible.builtin.include_tasks: prepare_software.yml - -# ALT: Generate complete inifile.params with all parameters from control.xml, for every SAP software product -#- name: ALT: SAP SWPM advanced_templates mode - Generate complete inifile.params -# script: ./plugins/module_utils/swpm2_parameters_inifile_generate.py '/path/to/controlxml/' -# args: -# executable: /bin/python3 - -# ALT: Replace values of generated inifile with custom values -#- name: ALT: SAP SWPM advanced_templates mode - Replace values of generated inifile with custom values -# replace: -# path: "{{ sap_swpm_tmpdir.path }}/inifile.params" -# regexp: '^{{ item.key }}.*$' -# replace: '{{ item.key }}={{ item.value }}' -# backup: yes -# with_dict: "{{ sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_custom_values_dictionary'] }}" diff --git a/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_default.yml b/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_default.yml deleted file mode 100644 index b04362cb6..000000000 --- a/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_default.yml +++ /dev/null @@ -1,31 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -# Determine Installation Type -- name: SAP SWPM default mode - Determine Installation Type - ansible.builtin.include_tasks: - file: ../pre_install/install_type.yml - apply: - tags: sap_swpm_generate_inifile - tags: sap_swpm_generate_inifile - -# Password Facts -- name: SAP SWPM default mode - Password Facts - ansible.builtin.include_tasks: - file: ../pre_install/password_facts.yml - apply: - tags: sap_swpm_generate_inifile - tags: sap_swpm_generate_inifile - -# Prepare Software -- name: SAP SWPM default mode - Prepare Software - ansible.builtin.include_tasks: prepare_software.yml - -# Process SWPM Configfile Template -- name: SAP SWPM default mode - Process SWPM Configfile Template - ansible.builtin.template: - src: "{{ role_path }}/templates/configfile.j2" - dest: "{{ sap_swpm_tmpdir.path }}/inifile.params" - mode: '0640' - register: sap_swpm_cftemplate - tags: sap_swpm_generate_inifile diff --git a/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_default_templates.yml b/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_default_templates.yml deleted file mode 100644 index b51706218..000000000 --- a/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_default_templates.yml +++ /dev/null @@ -1,51 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -# Set facts based on the install dictionary -- name: SAP SWPM default_templates mode - Set product_catalog_id and inifile_list - ansible.builtin.set_fact: - sap_swpm_product_catalog_id: "{{ sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_product_catalog_id'] }}" - sap_swpm_inifile_list: "{{ sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_list'] }}" - tags: sap_swpm_generate_inifile - -- name: SAP SWPM default_templates mode - Set product_catalog_id and inifile_list - ansible.builtin.set_fact: - sap_swpm_java_template_id_selected_list: "{{ sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_java_template_id_selected_list'] }}" - when: "'java' in sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_product_catalog_id'] | lower" - tags: sap_swpm_generate_inifile - -# Reason for noqa: We want to define variable names based on what is in the dictionary. -- name: SAP SWPM default_templates mode - If not already defined, use the default variable for the template # noqa var-naming[no-jinja] - ansible.builtin.set_fact: - "{{ item.key }}": "{{ item.value }}" - with_dict: "{{ sap_swpm_templates_install_dictionary[sap_swpm_templates_product_input]['sap_swpm_inifile_dictionary'] }}" - tags: sap_swpm_generate_inifile - -# Determine Installation Type -- name: SAP SWPM default_templates mode - Determine Installation Type - ansible.builtin.include_tasks: - file: ../pre_install/install_type.yml - apply: - tags: sap_swpm_generate_inifile - tags: sap_swpm_generate_inifile - -# Password Facts -- name: SAP SWPM default_templates mode - Password Facts - ansible.builtin.include_tasks: - file: ../pre_install/password_facts.yml - apply: - tags: sap_swpm_generate_inifile - tags: sap_swpm_generate_inifile - -# Prepare Software -- name: SAP SWPM default_templates mode - Prepare Software - ansible.builtin.include_tasks: prepare_software.yml - -# Process SWPM Configfile Template -- name: SAP SWPM default_templates mode - Process SWPM Configfile Template - ansible.builtin.template: - src: "{{ role_path }}/templates/configfile.j2" - dest: "{{ sap_swpm_tmpdir.path }}/inifile.params" - mode: '0640' - register: sap_swpm_cftemplate - tags: sap_swpm_generate_inifile diff --git a/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_inifile_reuse.yml b/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_inifile_reuse.yml deleted file mode 100644 index b22ef3481..000000000 --- a/roles/sap_swpm/tasks/swpm/swpm_inifile_generate_inifile_reuse.yml +++ /dev/null @@ -1,39 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -# Copy reused inifile -- name: SAP SWPM inifile_reuse mode - Copy reused inifile - ansible.builtin.copy: - src: "{{ sap_swpm_inifile_reuse_source }}" - dest: "{{ sap_swpm_tmpdir.path }}/inifile.params" - mode: '0640' - tags: sap_swpm_generate_inifile - -# Check inifile for the presence of a line containing "des25(" -- name: SAP SWPM inifile_reuse mode - Check inifile for des25 - ansible.builtin.shell: | - set -o pipefail && cat "{{ sap_swpm_tmpdir.path }}/inifile.params" | - awk 'BEGIN{a=0}!/^#/&&/des25\(/{a++}END{print a}' - register: sap_swpm_inifile_read_file - changed_when: false - tags: sap_swpm_generate_inifile - -# Check if inifile is reusable - function des25 must not be present in inifile -- name: SAP SWPM inifile_reuse mode - Check if inifile is reusable, meaning function des25 is not present - ansible.builtin.fail: - msg: "{{ sap_swpm_inifile_reuse_source }} is not reusable" - when: sap_swpm_inifile_read_file.stdout != '0' - tags: sap_swpm_generate_inifile - -# Detect variables from generated inifile -- name: SAP SWPM inifile_reuse mode - Detect Variables - ansible.builtin.include_tasks: - file: detect_variables.yml - apply: - tags: sap_swpm_generate_inifile - tags: sap_swpm_generate_inifile - -# Requires variables - sap_swpm_software_path (e.g. /software/download_basket), sap_swpm_sapcar_path (e.g. /software/sapcar), sap_swpm_swpm_path (e.g. /software/swpm) -# Prepare Software -- name: SAP SWPM inifile_reuse mode - Prepare Software - ansible.builtin.include_tasks: prepare_software.yml diff --git a/roles/sap_swpm/templates/configfile.j2 b/roles/sap_swpm/templates/configfile.j2 index e71291e11..f107f1cc7 100644 --- a/roles/sap_swpm/templates/configfile.j2 +++ b/roles/sap_swpm/templates/configfile.j2 @@ -254,6 +254,25 @@ HDB_Userstore.useABAPSSFS = false # NW_HDB_DBClient.checkCreateUserstore = true # NW_HDB_DBClient.clientPathStrategy = LOCAL {% endif %} +{% if sap_swpm_ddic_000_password | d('',true) | length > 0 %} + +###### +# newinstall_ddic_000_password_not_master +###### +# Are the passwords for the DDIC users different from the default value? +NW_CI_Instance_ABAP_Reports.ddic000Password = {{ sap_swpm_ddic_000_password }} +NW_CI_Instance_ABAP_Reports.needNewDDIC000Password = true +{% endif %} +{% if sap_swpm_sapstar_000_password | d('',true) | length > 0 %} + +###### +# newinstall_sapstar_000_password_not_master +###### +# Are the passwords for the SAP* users different from the default value? +NW_CI_Instance_ABAP_Reports.ddic000Password = +NW_CI_Instance_ABAP_Reports.needNewSapStar000Password = true +NW_CI_Instance_ABAP_Reports.sapStar000Password = {{ sap_swpm_sapstar_000_password }} +{% endif %} {% if 'credentials_syscopy' in sap_swpm_inifile_list %} ###### diff --git a/roles/sap_swpm/templates/inifile_params.j2 b/roles/sap_swpm/templates/inifile_params.j2 new file mode 100644 index 000000000..4f15893dc --- /dev/null +++ b/roles/sap_swpm/templates/inifile_params.j2 @@ -0,0 +1,959 @@ +### inifile.params generated for SWPM Catalog Product ID is {{ sap_swpm_product_catalog_id }} + +{% if 'swpm_installation_media' in sap_swpm_inifile_sections_list %} +###### +# swpm_installation_media +###### +archives.downloadBasket = {{ sap_swpm_software_path }} + +# installation_export.archivesFolder = {{ sap_swpm_cd_export_path }} + +# NOTE: Specific media requirements will use format +# SAPINST.CD.PACKAGE. = +{% endif %} +{% if 'swpm_installation_media_swpm2_hana' in sap_swpm_inifile_sections_list %} + +###### +# swpm_installation_media_swpm2_hana +###### +HDB_Software_Dialogs.useMediaCD = {{ sap_swpm_software_use_media }} +{% endif %} +{% if 'swpm_installation_media_swpm1' in sap_swpm_inifile_sections_list %} + +###### +# swpm_installation_media_swpm1 +###### +SAPINST.CD.PACKAGE.LANGUAGE = {{ sap_swpm_cd_language_path }} +SAPINST.CD.PACKAGE.JAVA = {{ sap_swpm_cd_java_path }} +SAPINST.CD.PACKAGE.RDBMS = {{ sap_swpm_cd_rdbms_path }} +# SAPINST.CD.PACKAGE.KERNEL = +# SAPINST.CD.PACKAGE.KERNEL2 = +# SAPINST.CD.PACKAGE.KERNEL3 = + +# SAPINST.CD.PACKAGE.JAVA_EXPORT = /path/JAVA_EXPORT +# SAPINST.CD.PACKAGE.JDMP = /path/JAVA_EXPORT_JDMP +# SAPINST.CD.PACKAGE.J2EE = /path/JAVA_J2EE_OSINDEP +# SAPINST.CD.PACKAGE.J2EE-INST = /path/JAVA_J2EE_OSINDEP_J2EE_INST +# SAPINST.CD.PACKAGE.SCA = /path/JAVA_J2EE_OSINDEP_UT +{% endif %} +{% if 'swpm_installation_media_swpm1_exportfiles' in sap_swpm_inifile_sections_list %} + +###### +# swpm_installation_media_swpm1_exportfiles +###### +SAPINST.CD.PACKAGE.EXPORT = {{ sap_swpm_cd_export_path }} +# SAPINST.CD.PACKAGE.LOAD = +SAPINST.CD.PACKAGE.LOAD1 = {{ sap_swpm_cd_export_pt1_path }} +SAPINST.CD.PACKAGE.LOAD2 = {{ sap_swpm_cd_export_pt2_path }} +# SAPINST.CD.PACKAGE.JMIG = +{% endif %} +{% if 'swpm_installation_media_swpm1_ibmdb2' in sap_swpm_inifile_sections_list %} + +###### +# swpm_installation_media_swpm1_ibmdb2 +###### +# Requested package : RDBMS-DB6 +SAPINST.CD.PACKAGE.DB2 = {{ sap_swpm_cd_ibmdb2_path }} + +# Requested package : RDBMS-DB6 CLIENT +SAPINST.CD.PACKAGE.DB2CLIENT = {{ sap_swpm_cd_ibmdb2_client_path }} + +# IBM DB2 software unpack path e.g. /db2/db2x01/db2_software +db6.DB2SoftwarePath = {{ sap_swpm_ibmdb2_unpack_path }} +{% endif %} +{% if 'swpm_installation_media_swpm1_oracledb_121' in sap_swpm_inifile_sections_list %} + +###### +# swpm_installation_media_swpm1_oracledb_121 +###### +# Requested package : RDBMS-ORA +SAPINST.CD.PACKAGE.RDBMS-ORA121 = {{ sap_swpm_cd_oracle_path }} + +# Requested package : RDBMS-ORA CLIENT +SAPINST.CD.PACKAGE.ORACLI121 = {{ sap_swpm_cd_oracle_client_path }} +{% endif %} +{% if 'swpm_installation_media_swpm1_oracledb_122' in sap_swpm_inifile_sections_list %} + +###### +# swpm_installation_media_swpm1_oracledb_122 +###### +# Requested package : RDBMS-ORA +SAPINST.CD.PACKAGE.RDBMS-ORA122 = {{ sap_swpm_cd_oracle_path }} + +# Requested package : RDBMS-ORA CLIENT +SAPINST.CD.PACKAGE.ORACLI122 = {{ sap_swpm_cd_oracle_client_path }} +{% endif %} +{% if 'swpm_installation_media_swpm1_oracledb_19' in sap_swpm_inifile_sections_list %} + +###### +# swpm_installation_media_swpm1_oracledb_19 +###### +# Requested package : RDBMS-ORA +SAPINST.CD.PACKAGE.RDBMS-ORA19 = {{ sap_swpm_cd_oracle_path }} + +# Requested package : RDBMS-ORA CLIENT +SAPINST.CD.PACKAGE.ORACLI19 = {{ sap_swpm_cd_oracle_client_path }} +{% endif %} +{% if 'swpm_installation_media_swpm1_sapase' in sap_swpm_inifile_sections_list %} + +###### +# swpm_installation_media_swpm1_sapase +###### +# Requested package : RDBMS-SYB +SAPINST.CD.PACKAGE.RDBMS-SYB = {{ sap_swpm_cd_sapase_path }} +SAPINST.CD.PACKAGE.RDBMS-SYB-CLIENT = {{ sap_swpm_cd_sapase_client_path }} + +{% endif %} +{% if 'swpm_installation_media_swpm1_sapmaxdb' in sap_swpm_inifile_sections_list %} + +###### +# swpm_installation_media_swpm1_sapmaxdb +###### +# Requested package : RDBMS-ADA +SAPINST.CD.PACKAGE.RDBMS-ADA = {{ sap_swpm_cd_sapmaxdb_path }} +{% endif %} +{% if 'maintenance_plan_stack_tms_config' in sap_swpm_inifile_sections_list %} + +###### +# maintenance_plan_stack_tms_config +###### +NW_ABAP_TMSConfig.configureTMS = {{ sap_swpm_configure_tms | lower }} +NW_ABAP_TMSConfig.transportPassword = {{ sap_swpm_tmsadm_password }} +{% endif %} +{% if 'maintenance_plan_stack_tms_transports' in sap_swpm_inifile_sections_list %} + +###### +# maintenance_plan_stack_tms_transports +###### +NW_ABAP_Include_Corrections.includeTransports = true +NW_ABAP_Include_Corrections.transportFilesLocations = {{ sap_swpm_tms_tr_files_path }} +{% endif %} +{% if 'maintenance_plan_stack_spam_config' in sap_swpm_inifile_sections_list %} + +###### +# maintenance_plan_stack_spam_config +###### +NW_ABAP_SPAM_Update.SPAMUpdateDecision = {{ sap_swpm_spam_update | lower }} +{% if sap_swpm_spam_update %} +NW_ABAP_SPAM_Update.SPAMUpdateArchive = {{ sap_swpm_spam_update_sar }} +{% else %} +#NW_ABAP_SPAM_Update.SPAMUpdateArchive = +{% endif %} +{% endif %} +{% if 'maintenance_plan_stack_sum_config' in sap_swpm_inifile_sections_list %} + +###### +# maintenance_plan_stack_sum_config +###### +NW_ABAP_Prepare_SUM.prepareSUM = {{ sap_swpm_sum_prepare | lower }} +NW_ABAP_Prepare_SUM.startSUM = {{ sap_swpm_sum_start | lower }} + +# Password for SUM must be for 'adm' user +NW_ABAP_Prepare_SUM.Password = {{ sap_swpm_sap_sidadm_password }} +{% endif %} +{% if 'maintenance_plan_stack_sum_10_batch_mode' in sap_swpm_inifile_sections_list %} + +###### +# maintenance_plan_stack_sum_10_batch_mode +###### +# Re-run of existing BatchModeInputFile.xml for NWAS JAVA (generated by SUM 1.0 on previous host into the /sdt/param/ subdirectory) +NW_ABAP_Prepare_SUM.SUMBatchFile = {{ sap_swpm_sum_batch_file }} +{% endif %} +{% if 'credentials' in sap_swpm_inifile_sections_list %} + +###### +# credentials +###### +# Master password +NW_GetMasterPassword.masterPwd = {{ sap_swpm_master_password }} + +# 'adm' user +nwUsers.sidadmPassword = {{ sap_swpm_sap_sidadm_password }} + +DiagnosticsAgent.dasidAdmPassword = {{ sap_swpm_diagnostics_agent_password }} + +# 'sapadm' user of the SAP Host Agent +hostAgent.sapAdmPassword = {{ sap_swpm_sapadm_password }} +{% endif %} +{% if 'credentials_hana' in sap_swpm_inifile_sections_list %} + +###### +# credentials_hana +###### +HDB_Schema_Check_Dialogs.schemaPassword = {{ sap_swpm_db_schema_password }} +storageBasedCopy.hdb.systemPassword = {{ sap_swpm_db_system_password }} +{% endif %} +{% if 'credentials_anydb_ibmdb2' in sap_swpm_inifile_sections_list %} + +###### +# credentials_anydb_ibmdb2 +###### +nwUsers.db6.db2sidPassword = {{ sap_swpm_sap_sidadm_password }} +# nwUsers.db6.db2sidUid = +{% endif %} +{% if 'credentials_anydb_oracledb' in sap_swpm_inifile_sections_list %} + +###### +# credentials_anydb_oracledb +###### +# Oracle database software owner +ora.oraclePassword = {{ sap_swpm_sap_sidadm_password }} + +# 'ora' user +ora.orasidPassword = {{ sap_swpm_sap_sidadm_password }} + +# Oracle 'SYS' password +ora.SysPassword = {{ sap_swpm_db_system_password }} + +# Oracle 'SYSTEM' password +ora.SystemPassword = {{ sap_swpm_db_system_password }} +{% endif %} +{% if 'credentials_anydb_sapase' in sap_swpm_inifile_sections_list %} + +###### +# credentials_anydb_sapase +###### +nwUsers.syb.sybsidPassword = {{ sap_swpm_sap_sidadm_password }} +SYB.NW_DB.sa_pass = {{ sap_swpm_master_password }} +SYB.NW_DB.sapsa_pass = {{ sap_swpm_master_password }} +SYB.NW_DB.sapsr3_pass = {{ sap_swpm_master_password }} +SYB.NW_DB.sapsr3db_pass = {{ sap_swpm_db_system_password }} +# SYB.NW_DB.encryptionMasterKeyPassword = +# SYB.NW_DB.sapsso_pass = +# SYB.NW_DB.sslPassword = +{% endif %} +{% if 'credentials_anydb_sapmaxdb' in sap_swpm_inifile_sections_list %} + +###### +# credentials_anydb_sapmaxdb +# +# The password of user DBUser may only consist of alphanumeric characters and the special characters #, $, @ and _ +###### +nwUsers.ada.sqdsidPassword = {{ sap_swpm_sap_sidadm_password }} +Sdb_DBUser.dbaPassword = {{ sap_swpm_db_system_password }} +Sdb_DBUser.dbmPassword = {{ sap_swpm_db_system_password }} +Sdb_Schema_Dialogs.dbSchemaPassword = {{ sap_swpm_db_schema_password }} +{% endif %} +{% if 'credentials_nwas_ssfs' in sap_swpm_inifile_sections_list %} + +###### +# credentials_nwas_ssfs +###### +HDB_Userstore.useABAPSSFS = true +# NW_ABAP_SSFS_CustomKey.ssfsKeyInputFile = +{% endif %} +{% if 'credentials_hdbuserstore' in sap_swpm_inifile_sections_list %} + +###### +# credentials_hdbuserstore +###### +HDB_Userstore.useABAPSSFS = false +# HDB_Userstore.doNotResolveHostnames = +# HDB_Userstore.HDB_USE_IDENT = +# HDB_Userstore.systemDBPort = +# NW_HDB_DBClient.checkCreateUserstore = true +# NW_HDB_DBClient.clientPathStrategy = LOCAL +{% endif %} +{% if 'credentials_syscopy' in sap_swpm_inifile_sections_list %} + +###### +# credentials_syscopy +###### +# Are the passwords for the DDIC users different from the default value? +NW_DDIC_Password.needDDICPasswords = true +NW_DDIC_Password.ddic000Password = {{ sap_swpm_ddic_000_password }} +#NW_DDIC_Password.ddic001Password = +{% endif %} +{% if 'db_config_hana' in sap_swpm_inifile_sections_list %} + +###### +# db_config_hana +###### +storageBasedCopy.hdb.instanceNumber = {{ sap_swpm_db_instance_nr }} +HDB_Schema_Check_Dialogs.schemaName = {{ sap_swpm_db_schema }} +{% if 'nw_config_additional_application_server_instance' in sap_swpm_inifile_sections_list %} + +HDB_Schema_Check_Dialogs.validateSchemaName = true +{% else %} +HDB_Schema_Check_Dialogs.validateSchemaName = false +{% endif %} + +# HDB_Schema_Check_Dialogs.dropSchema = false +# hdb.create.dbacockpit.user = false +{% endif %} +{% if 'db_config_anydb_all' in sap_swpm_inifile_sections_list %} + +###### +# db_config_anydb_all +###### +NW_ABAP_Import_Dialog.dbCodepage = 4103 +{% endif %} +{% if 'db_config_anydb_ibmdb2' in sap_swpm_inifile_sections_list %} + +###### +# db_config_anydb_ibmdb2 +###### +NW_ABAP_Import_Dialog.migmonJobNum = 3 +NW_ABAP_Import_Dialog.migmonLoadArgs = -stop_on_error -loadprocedure fast LOAD:COMPRESS_ALL:DEF_CRT +NW_getDBInfoGeneric.dbhost = {{ sap_swpm_db_host }} +NW_getDBInfoGeneric.dbsid = {{ sap_swpm_db_sid }} +NW_getUnicode.isUnicode = true +# db6.useMcod = true +# db6.useBluSettings = false +# db6.gid_sysadm = +# db6.gid_sysctrl = +# db6.gid_sysmaint = +# db6.gid_sysmon = +db6.allowUnsignedDatabaseSoftware = true +db6.cluster.ClusterType = HADR (High Availability Disaster Recovery) +db6.createTablespacesUsingSapinst = true +db6.minimizeDatabaseSizeCompression = true +db6.TablespacePoolSizes = SAPSID#DATA{20} +db6.useAutoStorage = true +db6.useExtraSapdataSaptmpDirLayout = false +db6.UseStandardTablespacePool = true +db6.usesLDAP = false +storageBasedCopy.db6.CommunicationPortNumber = 5912 +storageBasedCopy.db6.PortRangeEnd = 5917 +storageBasedCopy.db6.PortRangeStart = 5914 +{% endif %} +{% if 'db_config_anydb_oracledb' in sap_swpm_inifile_sections_list %} + +###### +# db_config_anydb_oracledb +###### +NW_ABAP_Import_Dialog.migmonJobNum = 3 +NW_ABAP_Import_Dialog.migmonLoadArgs = -stop_on_error -loadprocedure fast +NW_getDBInfoGeneric.dbsid = {{ sap_swpm_db_sid }} +storageBasedCopy.ora.listenerName = SAPORALISTENER +# storageBasedCopy.ora.listenerPort = +storageBasedCopy.ora.ABAPSchema = {{ sap_swpm_db_schema_abap }} +# storageBasedCopy.ora.JavaSchema = {{ sap_swpm_db_schema_java }} +# storageBasedCopy.ora.swowner = oracle +ora.createStatisticsCodeABAP = SKIP +ora.createStatisticsCodeJAVA = SKIP +ora.multitenant.pdbsid = {{ sap_swpm_sid | upper }} +ora.whatInstallation = isSingle +# ora.IgnoreClientVersion = false +# ora.maxDatafileSize = 2000 + +#### Oracle Multitenant Pluggable DB: #### +#### a single Oracle Container Database (CDB) can host multiple Oracle Pluggable Databases (PDB) #### +## FALSE: no pluggable installation (default value) +## CDB_PDB: install CDB and PDB +## PDB_ONLY: install PDB only in an existing CDB. +## CDB_ONLY: install CDB only. +ora.multitenant.installMT = FALSE +{% endif %} +{% if 'db_config_anydb_oracledb_121' in sap_swpm_inifile_sections_list %} + +###### +# db_config_anydb_oracledb_121 +# Use path to Oracle Home - Runtime (i.e. $OHRDBMS env var) +###### +ora.dbhome = /oracle/{{ sap_swpm_db_sid }}/121 +storageBasedCopy.ora.clientVersion = 121 +storageBasedCopy.ora.serverVersion = 121 +{% endif %} +{% if 'db_config_anydb_oracledb_122' in sap_swpm_inifile_sections_list %} + +###### +# db_config_anydb_oracledb_122 +# Use path to Oracle Home - Runtime (i.e. $OHRDBMS env var) +###### +ora.dbhome = /oracle/{{ sap_swpm_db_sid }}/122 +storageBasedCopy.ora.clientVersion = 122 +storageBasedCopy.ora.serverVersion = 122 +{% endif %} +{% if 'db_config_anydb_oracledb_19' in sap_swpm_inifile_sections_list %} + +###### +# db_config_anydb_oracledb_19 +# Use path to Oracle Home - Runtime (i.e. $OHRDBMS env var) +###### +ora.dbhome = /oracle/{{ sap_swpm_db_sid }}/19 +storageBasedCopy.ora.clientVersion = 19 +storageBasedCopy.ora.serverVersion = 19 +{% endif %} +{% if 'db_config_anydb_sapase' in sap_swpm_inifile_sections_list %} + +###### +# db_config_anydb_sapase +###### +NW_ABAP_Import_Dialog.migmonJobNum = 3 +NW_ABAP_Import_Dialog.migmonLoadArgs = -c 100000 -loadprocedure fast +NW_SYB_DBPostload.numberParallelStatisticJobs = 0 +SYB.NW_DB.aseSortOrder = binaryalt +SYB.NW_DB.databaseDevices = data device for SAP,/sybase/{{ sap_swpm_sid | upper }}/sapdata_1,88,,,{{ sap_swpm_sid | upper }}_data_001,log device for SAP,/sybase/{{ sap_swpm_sid | upper }}/saplog_1,10,,,{{ sap_swpm_sid | upper }}_log_001,data device for saptools,/sybase/{{ sap_swpm_sid | upper }}/sapdiag,2,,,saptools_data_001,log device for saptools,/sybase/{{ sap_swpm_sid | upper }}/sapdiag,2,,,saptools_log_001,data device for sybsecurity,/sybase/{{ sap_swpm_sid | upper }}/sybsecurity,1,,,sybsecurity_data_001,data device for sybsecurity,/sybase/{{ sap_swpm_sid | upper }}/sybsecurity,1,,,sybsecurity_data_002,log device for sybsecurity,/sybase/{{ sap_swpm_sid | upper }}/sybsecurity,0.5,,,sybsecurity_log_001,temp device for SAP,/sybase/{{ sap_swpm_sid | upper }}/saptemp,8,,,saptempdb_data_001, +SYB.NW_DB.databaseType = ase +SYB.NW_DB.enableGranularPermissions = true +SYB.NW_DB.enableStrongCipherSuitesForSSL = false +SYB.NW_DB.folderDatabaseSoftware = /sybase/{{ sap_swpm_sid | upper }} +SYB.NW_DB.folderDiagDevice = /sybase/{{ sap_swpm_sid | upper }}/sapdiag +SYB.NW_DB.folderSAPTempdbDevice = /sybase/{{ sap_swpm_sid | upper }}/saptemp +SYB.NW_DB.folderSecurityDevices = /sybase/{{ sap_swpm_sid | upper }}/sybsecurity +SYB.NW_DB.folderSystemDevices = /sybase/{{ sap_swpm_sid | upper }}/sybsystem +SYB.NW_DB.folderTempdbDevice = /sybase/{{ sap_swpm_sid | upper }}/sybtemp +SYB.NW_DB.indexConsumers = 3 +SYB.NW_DB.initializeDefaultSystemEncryptionPassword = false +SYB.NW_DB.maxIndexParallelDegree = 10 +SYB.NW_DB.maxQueryParallelDegree = 10 +SYB.NW_DB.numberWorkerProcesses = 50 +SYB.NW_DB.sqlServerConnections = 200 +SYB.NW_DB.sqlServerHostname = {{ sap_swpm_db_host }} +SYB.NW_DB.sybmgmtdbDataDeviceFolder = /sybase/{{ sap_swpm_sid | upper }}/sybsystem +SYB.NW_DB.sybmgmtdbLogDeviceFolder = /sybase/{{ sap_swpm_sid | upper }}/sybsystem +SYB.NW_DB.userstore_hostname = {{ sap_swpm_ascs_instance_hostname }} + +# To avoid conflicts, leave all Ports blank and SAP SWPM will auto-assign +# Ports by default are in order 4901, 4902, 4903, 4904. For each new ASE DB Server instance on the host, each port number is incremented by 4 +SYB.NW_DB.portDatabaseServer = +SYB.NW_DB.portBackupServer = +SYB.NW_DB.portJobScheduler = +SYB.NW_DB.portXPServer = +{% endif %} +{% if 'db_config_anydb_sapmaxdb' in sap_swpm_inifile_sections_list %} + +###### +# db_config_anydb_sapmaxdb +###### +NW_ABAP_Import_Dialog.migmonJobNum = 90 +NW_ABAP_Import_Dialog.migmonLoadArgs = -para_cnt 90 +NW_ADA_getDBInfo.dbsid = {{ sap_swpm_db_sid }} +SdbInstanceDialogs.DB_sessions = 100 +SdbInstanceDialogs.minlogsize = 4000 +SdbInstanceDialogs.sapdataFolder = sapdata +SdbInstanceDialogs.saplogFolder = saplog +{% endif %} +{% if 'db_connection_nw_hana' in sap_swpm_inifile_sections_list %} + +###### +# db_connection_nw_hana +###### +NW_HDB_getDBInfo.dbhost = {{ sap_swpm_db_host }} +NW_HDB_getDBInfo.dbsid = {{ sap_swpm_db_sid }} +NW_HDB_getDBInfo.instanceNumber = {{ sap_swpm_db_instance_nr }} +NW_HDB_getDBInfo.systemid = {{ sap_swpm_db_sid }} +NW_HDB_getDBInfo.systemPassword = {{ sap_swpm_db_system_password }} +# NW_HDB_getDBInfo.systemDbSid = SystemDB +NW_HDB_getDBInfo.systemDbPassword = {{ sap_swpm_db_systemdb_password }} +NW_HDB_DB.abapSchemaName = {{ sap_swpm_db_schema_abap }} +NW_HDB_DB.abapSchemaPassword = {{ sap_swpm_db_schema_abap_password }} +NW_HDB_DB.javaSchemaName = {{ sap_swpm_db_schema_java }} +NW_HDB_DB.javaSchemaPassword = {{ sap_swpm_db_schema_java_password }} +NW_Recovery_Install_HDB.extractLocation = /usr/sap/{{ sap_swpm_db_sid }}/HDB{{ sap_swpm_db_instance_nr }}/backup/data/DB_HDB +NW_Recovery_Install_HDB.extractParallelJobs = {{ sap_swpm_parallel_jobs_nr }} +NW_Recovery_Install_HDB.sidAdmName = {{ sap_swpm_db_sid | lower }}adm +NW_Recovery_Install_HDB.sidAdmPassword = {{ sap_swpm_db_sidadm_password }} +# NW_HDB_getDBInfo.dbadmin = SYSTEM +# NW_HDB_getDBInfo.tenantOsGroup = {{ sap_swpm_db_sid | lower }}grp +# NW_HDB_getDBInfo.tenantOsUser = {{ sap_swpm_db_sid | lower }}usr +# NW_HDB_getDBInfo.tenantPort = +{% endif %} +{% if 'db_connection_nw_anydb_ibmdb2' in sap_swpm_inifile_sections_list %} + +###### +# db_connection_nw_anydb_ibmdb2 +###### +# db6.UseDb2SSLClientServerComm = false +nwUsers.db6.sapsidPassword = {{ sap_swpm_sapadm_password }} +# nwUsers.db6.sapsidUid = + +# nwUsers.db6.sapsiddbPassword = +# nwUsers.db6.sapsiddbUid = + +# Database Schema and Database Connect User for ABAP (default is sap and not sap) +NW_DB6_DB.db6.abap.connect.user = sap{{ sap_swpm_sid | lower }} +NW_DB6_DB.db6.abap.schema = sap{{ sap_swpm_sid | lower }} +# NW_DB6_DB.db6.java.connect.user = +# NW_DB6_DB.db6.java.schema = +{% endif %} +{% if 'db_connection_nw_anydb_oracledb' in sap_swpm_inifile_sections_list %} + +###### +# db_connection_nw_anydb_oracledb +###### +storageBasedCopy.abapSchemaPassword = {{ sap_swpm_db_schema_abap_password }} +storageBasedCopy.javaSchemaPassword = {{ sap_swpm_db_schema_java_password }} +{% endif %} +{% if 'db_connection_nw_anydb_sapase' in sap_swpm_inifile_sections_list %} + +###### +# db_connection_nw_anydb_sapase +###### +# NW_SYB_CIABAP.sapsaPassword = +{% endif %} +{% if 'db_restore_hana' in sap_swpm_inifile_sections_list %} + +###### +# db_restore_hana +###### +NW_HDB_getDBInfo.systemPasswordBackup = {{ sap_swpm_backup_system_password }} +HDB_Recovery_Dialogs.backupLocation = {{ sap_swpm_backup_location }} +HDB_Recovery_Dialogs.backupName = {{ sap_swpm_backup_prefix }} +HDB_Recovery_Dialogs.sapControlWsdlUrl = http://{{ sap_swpm_db_host }}:5{{ sap_swpm_db_instance_nr }}13/SAPControl?wsdl +HDB_Recovery_Dialogs.sidAdmName = {{ sap_swpm_db_sid | lower }}adm +HDB_Recovery_Dialogs.sidAdmPassword = {{ sap_swpm_db_sidadm_password }} +# HDB_Recovery_Dialogs.backupDestinationType = File +# HDB_Recovery_Dialogs.licenseFile = +# HDB_Recovery_Dialogs.skipExistenceCheck = false +# HDB_Recovery_Dialogs.sourceDatabaseSid = +# HDB_Recovery_Dialogs.useLicenseFile = false +# NW_Recovery_Install_HDB.checkIntegrity = false +# NW_Recovery_Install_HDB.backupLocationHANA = +# NW_Recovery_Install_HDB.backupLocationSAP = +# NW_Recovery_Install_HDB.loadOrMount = load +# HDB_System_Check_Dialogs.initTopology = false +# NW_CreateDBandLoad.movePVCforUsagePiAndDi = +{% endif %} +{% if 'nw_config_anydb' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_anydb +###### +# Distributed installation or system copy with any database and SAP Basis release 740 or higher: +# Execute ABAP program 'RUTPOADAPT' for depooling. Set it to 'true' if declustering / depooling is selected for the distributed database instance installation option +NW_CI_Instance_ABAP_Reports.executeReportsForDepooling = false +{% endif %} +{% if 'nw_config_other' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_other +###### +# NW_Delete_Sapinst_Users.removeUsers = false +NW_getFQDN.FQDN = {{ sap_swpm_fqdn }} +NW_getFQDN.setFQDN = {{ sap_swpm_set_fqdn | lower }} +# NW_getFQDN.resolve = true +NW_GetSidNoProfiles.sid = {{ sap_swpm_sid }} +# NW_GetSidNoProfiles.sapmnt = /sapmnt +# NW_GetSidNoProfiles.strictSidCheck = true +# NW_GetSidNoProfiles.unicode = true +NW_readProfileDir.profileDir = /sapmnt/{{ sap_swpm_sid | upper }}/profile +# NW_readProfileDir.profilesAvailable = +NW_getLoadType.loadType = {{ sap_swpm_load_type }} +# NW_getUnicode.isUnicode = +# MessageServer.configureAclInfo = false +# NW_Exit_Before_Systemstart.exit = false +# NW_adaptProfile.skipSecurityProfileSettings = false +# OS4.DestinationASP = +{% endif %} +{% if 'nw_config_central_services_abap' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_central_services_abap +# Central Services (ASCS) contains the Message server (MS) and Enqueue work processes (EN) for the ABAP Dispatcher. +# Formerly the processes were contained in the Central Instance (CI). +###### +NW_CI_Instance.ascsVirtualHostname = {{ sap_swpm_ascs_instance_hostname }} +NW_CI_Instance.ascsInstanceNumber = {{ sap_swpm_ascs_instance_nr }} +# NW_SCS_Instance.ascsVirtualHostname = {{ sap_swpm_ascs_instance_hostname }} +NW_SCS_Instance.ascsInstanceNumber = {{ sap_swpm_ascs_instance_nr }} +{% endif %} +{% if 'nw_config_central_services_java' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_central_services_java +# SAP Java Central Services Instance (SCS) contains the Java Message server (MS), Java Enqueue server (EN), Java Gateway (GW) and Java Internal Web Dispatcher (WD). +###### +NW_CI_Instance.scsVirtualHostname = {{ sap_swpm_java_scs_instance_hostname }} +NW_CI_Instance.scsInstanceNumber = {{ sap_swpm_java_scs_instance_nr }} +NW_SCS_Instance.scsVirtualHostname = {{ sap_swpm_java_scs_instance_hostname }} +# NW_SCS_Instance.scsInstanceNumber = +NW_SCS_Instance.instanceNumber = {{ sap_swpm_java_scs_instance_nr }} +NW_JAVA_Export.keyPhrase = {{ sap_swpm_master_password }} +{% endif %} +{% if 'nw_config_primary_application_server_instance' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_primary_application_server_instance +# Primary Application Server (PAS) contains the Internet Communication Manager (ICM), Gateway (GW), and ABAP Dispatcher (DI/WP) work processes. +# Formerly called the Central Instance (CI). +###### +NW_CI_Instance.ciVirtualHostname = {{ sap_swpm_pas_instance_hostname }} +NW_CI_Instance.ciInstanceNumber = {{ sap_swpm_pas_instance_nr }} +# NW_CI_Instance.nodesNum = +# NW_CI_Instance.nodesNumber = defNodes +# NW_WPConfiguration.ciBtcWPNumber = 6 +# NW_WPConfiguration.ciDialogWPNumber = 10 +{% endif %} +{% if 'nw_config_additional_application_server_instance' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_additional_application_server_instance +# Additional Application Server (AAS) contains ABAP Dispatcher (DI/WP) work processes. +# Formerly called the Dialog Instance (DI). +###### +# Instance number of SAP NetWeaver Application Server. Leave empty for default. +NW_AS.instanceNumber = {{ sap_swpm_aas_instance_nr }} + +# Do not skip unpacking archives if adding the SAP NetWeaver Application Server to another operating system / host. Default is 'false'. +# NW_AS.skipUnpacking = false + +# Start the SAP NetWeaver Application Server at the end of the installation. Default is 'true'. +# NW_AS.start = true + +# Virtual host name of the SAP NetWeaver Application Server instance. Leave empty to use the existing host name +NW_DI_Instance.virtualHostname = {{ sap_swpm_aas_instance_hostname }} +{% endif %} +{% if 'nw_config_ers' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_ers +###### +nw_instance_ers.ersVirtualHostname = {{ sap_swpm_ers_instance_hostname }} +nw_instance_ers.ersInstanceNumber = {{ sap_swpm_ers_instance_nr }} + +# Disable 'Automatic Instance and Service Restart' for SAP SWPM Unattended Mode, +# otherwise by default SAP SWPM will use sapcontrol -queryuser -function Stop and will cause error +# "User? Password? Stop. FAIL: Invalid Credentials" +nw_instance_ers.restartSCS = false +{% endif %} +{% if 'nw_config_ports' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_ports +###### +NW_CI_Instance.ciMSPort = 36{{ sap_swpm_ascs_instance_nr }} +NW_checkMsgServer.abapMSPort = 36{{ sap_swpm_ascs_instance_nr }} +# NW_CI_Instance.ciMSPortInternal = +# NW_CI_Instance.createGlobalProxyInfoFile = false +# NW_CI_Instance.createGlobalRegInfoFile = false +# NW_CI_Instance.scsMSPortInternal = +# NW_SCS_Instance.scsMSPort = +# NW_SCS_Instance.createGlobalProxyInfoFile = false +# NW_SCS_Instance.createGlobalRegInfoFile = false +{% endif %} +{% if 'nw_config_java_ume' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_java_ume +###### +UmeConfiguration.adminName = J2EE_ADM_{{ sap_swpm_sid }} +UmeConfiguration.adminPassword = {{ sap_swpm_ume_j2ee_admin_password }} +UmeConfiguration.guestName = J2EE_GST_{{ sap_swpm_sid }} +UmeConfiguration.sapjsfPassword = {{ sap_swpm_ume_sapjsf_password }} +UmeConfiguration.umeClient = {{ sap_swpm_ume_client_nr }} +UmeConfiguration.umeHost = {{ sap_swpm_pas_instance_hostname }} +UmeConfiguration.umeInstance = {{ sap_swpm_ume_instance_nr }} +UmeConfiguration.umeType = {{ sap_swpm_ume_type }} +# UmeConfiguration.sapjsfName = SAPJSF +{% endif %} +{% if 'nw_config_java_feature_template_ids' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_java_feature_template_ids +###### +NW_internal.useProductVersionDescriptor = true +nw_java_import.buildJEEusingExtraMileTool = {{ true if sap_swpm_java_import_method == 'extramile' else false }} + +# If use PV = true +# SAP SWPM 1.0 for SAP NetWeaver AS (JAVA), Product Version Software Instance **Feature Template IDs** comma-separated list +Select_PPMS_Instances.ListOfSelectedInstances = {% set selected_ids = [] %}{%- for item_selected in sap_swpm_java_template_id_selected_list %} +{%- if item_selected in sap_swpm_java_template_id_lookup_dictionary -%} +{{ selected_ids.append(sap_swpm_java_template_id_lookup_dictionary[item_selected]) }} +{%- endif %} +{%- endfor %}{{ selected_ids | flatten | join(',') }} + +## If use PV = false [LEGACY for before NWAS JAVA 7.40] +## Comma-separated value list containing which product instances (formerly known as usage types) are installed. Used for handling product instances in unattended mode. +## SAP_Software_Features_Select.selectedInstancesForInstallation = AS,AAS,BASIC,NW-MODEL,ESR,PI,PI-AF +{%- endif %} +{% if 'nw_config_webdisp_generic' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_webdisp_generic +###### +NW_Webdispatcher_Instance.wdInstanceNumber = {{ sap_swpm_wd_instance_nr }} +# NW_webdispatcher_Instance.encryptionMode = Always +# NW_webdispatcher_Instance.useWdHTTPPort = false +NW_webdispatcher_Instance.wdHTTPPort = 80{{ sap_swpm_wd_instance_nr }} +NW_webdispatcher_Instance.wdHTTPSPort = 443{{ sap_swpm_wd_instance_nr }} +NW_webdispatcher_Instance.wdVirtualHostname = {{ sap_swpm_wd_virtual_host }} + +NW_Webdispatcher_Instance.configureSystemConnectivity = {{ sap_swpm_wd_system_connectivity | lower }} +NW_webdispatcher_Instance.backEndSID = {{ sap_swpm_wd_backend_sid }} +NW_webdispatcher_Instance.msHTTPPort = {{ sap_swpm_wd_backend_ms_http_port }} +NW_webdispatcher_Instance.msHost = {{ sap_swpm_wd_backend_ms_host }} +NW_webdispatcher_Instance.scenarioSize = {{ sap_swpm_wd_backend_scenario_size }} + +NW_webdispatcher_Instance.activateICF = {{ sap_swpm_wd_activate_icf | lower }} +NW_webdispatcher_Instance.rfcHost = {{ sap_swpm_wd_backend_rfc_host }} +NW_webdispatcher_Instance.rfcInstance = {{ sap_swpm_wd_backend_rfc_instance_nr }} +NW_webdispatcher_Instance.rfcClient = {{ sap_swpm_wd_backend_rfc_client_nr }} +NW_webdispatcher_Instance.rfcUser = {{ sap_swpm_wd_backend_rfc_user }} +NW_webdispatcher_Instance.rfcPassword = {{ sap_swpm_wd_backend_rfc_user_password }} +{% endif %} +{% if 'nw_config_webdisp_gateway' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_webdisp_gateway +# +# It is recommended to install gateway as part of ASCS +# It is NOT recommended to install webdispatcher as part of ASCS. A separate Web Dispatcher instance should be installed (SAP Note 908097) +###### +NW_CI_Instance.ascsInstallGateway = {{ sap_swpm_ascs_install_gateway | lower }} +# NW_SCS_Instance.ascsInstallGateway = {{ sap_swpm_ascs_install_gateway | lower }} + +# Embedded SAP Web Dispatcher +# NW_CI_Instance.ascsInstallWebDispatcher = false +# NW_SCS_Instance.ascsInstallWebDispatcher = false +{% endif %} +{% if 'nw_config_host_agent' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_host_agent +###### +NW_System.installSAPHostAgent = {{ sap_swpm_install_saphostagent | lower }} +{% endif %} +{% if 'nw_config_post_load_abap_reports' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_post_load_abap_reports +###### +# Activate ICF node '/SAP/BC/REST/SLPROTOCOL' +NW_CI_Instance_ABAP_Reports.enableActivateICFService = true + +# SAP INTERNAL USE ONLY +# NW_CI_Instance_ABAP_Reports.enableSPAMUpdateWithoutStackXml = false + +# SAP INTERNAL USE ONLY +# NW_CI_Instance_ABAP_Reports.enableTMSConfigWithoutStackXml = false + +# SAP INTERNAL USE ONLY +# NW_CI_Instance_ABAP_Reports.enableTransportsWithoutStackXml = false + +# Need specific new password of the DDIC user in client 000, different from Master Password +# NW_CI_Instance_ABAP_Reports.needNewDDIC000Password = false + +# Need specific new password of the DDIC user in client 001, different from Master Password +# NW_CI_Instance_ABAP_Reports.needNewDDIC001Password = false + +# Need specific new password of the SAP* user in client 000, different from Master Password +# NW_CI_Instance_ABAP_Reports.needNewSapStar000Password = false + +# Need specific new password of the SAP* user in client 001, different from Master Password +# NW_CI_Instance_ABAP_Reports.needNewSapStar001Password = false + +# Specify new password of the DDIC user in client 000, different from Master Password +# NW_CI_Instance_ABAP_Reports.ddic000Password = + +# Specify new password of the DDIC user in client 001, different from Master Password +# NW_CI_Instance_ABAP_Reports.ddic001Password = + +# Specify new password of the SAP* user in client 000, different from Master Password +# NW_CI_Instance_ABAP_Reports.sapStar000Password = + +# Specify new password of the SAP* user in client 001, different from Master Password +# NW_CI_Instance_ABAP_Reports.sapStar001Password = +{% endif %} +{% if 'nw_config_livecache' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_livecache +###### +NW_liveCache.controlUserPwd = +NW_liveCache.liveCacheHost = +NW_liveCache.liveCacheID = +NW_liveCache.liveCacheUser = +NW_liveCache.liveCacheUserPwd = +NW_liveCache.useLiveCache = +{% endif %} +{% if 'nw_config_sld' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_sld +###### +NW_SLD_Configuration.configureSld = +NW_SLD_Configuration.sldHost = +NW_SLD_Configuration.sldPort = +NW_SLD_Configuration.sldUseHttps = +NW_SLD_Configuration.sldUser = +NW_SLD_Configuration.sldUserPassword = +{% endif %} +{% if 'nw_config_abap_language_packages' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_abap_language_packages +###### +NW_Language_Inst_Dialogs.install = true +# Path to language archive files (e.g. S4HANAOP***_LANG_EN.SAR) +NW_Language_Inst_Dialogs.folders = /software +# Selected languages comma-separated list (by default DE,EN are installed) +NW_Language_Inst_Dialogs.languages = AR,BG,CA,CS,DA,EL,ES,ET,FI,FR,HE,HI,HR,HU,IT,JA,KK,KO,LT,LV,MS,NL,NO,PL,PT,RO,RU,SH,SK,SL,SV,TH,TR,UK,VI,ZF,ZH +{% endif %} +{% if 'sap_os_linux_user' in sap_swpm_inifile_sections_list %} + +###### +# sap_os_linux_user +###### +nwUsers.sapadmUID = {{ sap_swpm_sapadm_uid }} +nwUsers.sapsysGID = {{ sap_swpm_sapsys_gid }} +nwUsers.sidAdmUID = {{ sap_swpm_sidadm_uid }} +{% endif %} +{% if 'swpm_installation_media_download_service' in sap_swpm_inifile_sections_list %} + +###### +# swpm_installation_media_download_service +# Not in use by sap_swpm Ansible Role +###### +# nwUsers.sapServiceSIDPassword = +# download_service.directory = +# DownloadService.EnableProxy = +# DownloadService.HostName = +# DownloadService.Password = +# DownloadService.Port = +# DownloadService.ProvideAuthentication = +# DownloadService.Username = +# DownloadService.planNumber = +{% endif %} +{% if 'nw_config_java_icm_credentials' in sap_swpm_inifile_sections_list %} + +###### +# nw_config_java_icm_credentials +###### +NW_IcmAuth.webadmPassword = {{ sap_swpm_ume_j2ee_admin_password }} +{% endif %} +{% if 'solman_abap_swpm1' in sap_swpm_inifile_sections_list %} + +###### +# solman_abap_swpm1 +# Not in use by sap_swpm Ansible Role +###### +InitDeclusteringForImport.decluster = false +{% endif %} +{% if 'solman_daa_swpm1' in sap_swpm_inifile_sections_list %} + +###### +# solman_daa_swpm1 +# Not in use by sap_swpm Ansible Role +###### +# DiagnosticsAgent.dasidAdmPassword = {{ sap_swpm_diagnostics_agent_password }} +# DiagnosticsAgent.installSAPHostAgent +# DiagnosticsAgent.InstanceNumber +# DiagnosticsAgent.LogicalHostName +# DiagnosticsAgent.SAPJVMVersion +# DiagnosticsAgent.SAProuter.Password +# DiagnosticsAgent.SAProuter.RouteString +# DiagnosticsAgent.SID +# DiagnosticsAgent.SLD.Connection +# DiagnosticsAgent.SLD.HostName +# DiagnosticsAgent.SLD.Password +# DiagnosticsAgent.SLD.PortNumber +# DiagnosticsAgent.SLD.UseHTTPS +# DiagnosticsAgent.SLD.UserName +# DiagnosticsAgent.SolMan.Connection +# DiagnosticsAgent.SolMan.HostName +# DiagnosticsAgent.SolMan.Password +# DiagnosticsAgent.SolMan.PortNumber +# DiagnosticsAgent.SolMan.UserName +# DiagnosticsAgent.SolMan.UseSSL +{% endif %} +{% if 'syscopy_export_anydb' in sap_swpm_inifile_sections_list %} + +###### +# syscopy_export_anydb +# Not in use by sap_swpm Ansible Role +###### +# InitDeclusteringForExport.decluster = +# NW_ABAP_Export_Dialog.customPackageOrder = +# NW_ABAP_Export_Dialog.customSortOrderFile = +# NW_ABAP_Export_Dialog.exportTimeFile = +# NW_ABAP_Export_Dialog.importTimeFile = +# NW_ABAP_Export_Dialog.jobNumberGroupLarge = 7 +# NW_ABAP_Export_Dialog.jobNumberGroupSmall = 4 +# NW_ABAP_Export_Dialog.migmonComHost = +# NW_ABAP_Export_Dialog.migmonComPort = +# NW_ABAP_Export_Dialog.migmonComType = EXCHANGE +# NW_ABAP_Export_Dialog.migmonDataTransferType = NET +# NW_ABAP_Export_Dialog.migmonFtpExchangeDir = +# NW_ABAP_Export_Dialog.migmonFtpExportDir = +# NW_ABAP_Export_Dialog.migmonFtpHost = +# NW_ABAP_Export_Dialog.migmonFtpPassword = +# NW_ABAP_Export_Dialog.migmonFtpUser = +NW_ABAP_Export_Dialog.migmonJobNum = 3 +NW_ABAP_Export_Dialog.migmonLoadArgs = -stop_on_error +# NW_ABAP_Export_Dialog.migmonNetExchangeDir = +# NW_ABAP_Export_Dialog.migmonTaskArgs = +# NW_ABAP_Export_Dialog.nonStandardAbapObjectsHandlingSkip = false +NW_ABAP_Export_Dialog.parallelR3szchkExecution = true +NW_ABAP_Export_Dialog.r3szchkDetermineSizeValue = DB +# NW_ABAP_Export_Dialog.r3szchkJobNum = 10 +NW_ABAP_Export_Dialog.repeatExport = COMPLETE +NW_ABAP_Export_Dialog.splitPackageLimitVal = 5000 +# NW_ABAP_Export_Dialog.splitMaxTableNumVal = 1000 +# NW_ABAP_Export_Dialog.splitTableFile = +# NW_ABAP_Export_Dialog.splitTableLimitVal = 300 +# NW_ABAP_Export_Dialog.splitTableNumVal = 10 +# NW_ABAP_Export_Dialog.splitUseMaxTableNum = false +# NW_ABAP_Export_Dialog.splitUsePackageLimit = true +# NW_ABAP_Export_Dialog.splitUseTableFile = false +# NW_ABAP_Export_Dialog.splitUseTableLimit = false +# NW_ABAP_Export_Dialog.splitUseTableNum = true +# NW_ABAP_Export_Dialog.sqlFileDir = +NW_ABAP_Export_Dialog.targetHardwarePlatform = LITTLE_ENDIAN + +## Target database types for Linux are ADA, HDB, DB6, ORA, SYB +NW_ABAP_Export_Dialog.targetDbType = {{ sap_swpm_export_target_db_type }} + +# NW_ABAP_Export_Dialog.useAdditionalExportHosts = false +# NW_ABAP_Export_Dialog.useAdvancedUnloadConfig = false +# NW_ABAP_Export_Dialog.useCustomPackageOrder = false +# NW_ABAP_Export_Dialog.useCustomSortOrder = false +# NW_ABAP_Export_Dialog.useMigMonConfig = false +# NW_ABAP_Export_Dialog.useParallelExportImport = false +# NW_ABAP_Export_Dialog.useSplit = true +NW_ABAP_Export_Dialog.useSqlFiles = NOSQL +# NW_ABAP_Export_Dialog.useUnicodeTargetSystem = +NW_ABAP_Export_Dialog.useUnsortedUnload = true + +NW_Export.accessLevel4ExportDir = DEFAULT +NW_Export.choiceSepKernel = false +NW_Export.mainExportDir = {{ sap_swpm_export_files_path }} + +# Do not stop SAP System before data is unloaded +# SAP SWPM is unable to automatically stop the SAP System (i.e. DB, ASCS, PAS instances), +# if stop is true then SAP SWPM Unattended will fail on step mainExportParameters +NW_Export.stopRunningSystem = true + +NW_readProfileDir.profileDir = /sapmnt/{{ sap_swpm_sid | upper }}/profile + +NW_getLoadType.loadType = {{ sap_swpm_load_type }} +NW_getLoadType.importManuallyExecuted = false +{% endif %} +{% if 'syscopy_import_anydb_ibmdb2' in sap_swpm_inifile_sections_list %} + +###### +# syscopy_import_anydb_ibmdb2 +# Not in use by sap_swpm Ansible Role +###### +# db6.Additional_DbServer = +# db6.cluster.HADRPort1 = +# db6.cluster.HADRPort2 = +# db6.cluster.SyncMode = +# db6.ConfigureCluster = false +# db6.DropSchemaList = +# db6.InstallPureScale = false +# db6.InstallTSA = false +# db6.minimizeDatabaseSizeCompression = +# db6.minimizeDatabaseSizeCompressionJava = +# db6.minimizeDatabaseSizeDeferredTable = true +# db6.notuseMcod = +# db6.NumAdditionalPartitions = +# db6.useDB2ControlFiles = false +# db6.UseDb2NativeEncryption = false +# NW_adaptProfile.templateFiles = +# NW_CreateDBandLoad.movePVCforUsagePiAndDi = +db6.allowUnsignedDatabaseSoftware = true +db6.cluster.ClusterType = HADR (High Availability Disaster Recovery) +db6.usingSystemCopyBRforHADR = true +NW_getDBInfoGeneric.dbhost = {{ sap_swpm_db_host }} +NW_getDBInfoGeneric.dbsid = {{ sap_swpm_db_sid }} +NW_getLoadType.loadType = {{ sap_swpm_load_type }} +NW_getLoadType.importManuallyExecuted = false +NW_getUnicode.isUnicode = true +# NW_getDBInfoGeneric.strictDbSidCheck = true +storageBasedCopy.db6.CommunicationPortNumber = 5912 +storageBasedCopy.db6.PortRangeEnd = 5917 +storageBasedCopy.db6.PortRangeStart = 5914 +# storageBasedCopy.db6.db6updatedbpath = +{% endif %}