diff --git a/.ansible-lint b/.ansible-lint
index 38637804..ee164092 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -2,6 +2,7 @@
 # Collection wide lint-file
 # DO NOT CHANGE
 exclude_paths:
+  - .ansible/
   - .cache/
   - .github/
   #- docs/
@@ -9,11 +10,12 @@ exclude_paths:
   - playbooks/
   - roles/sap_anydb_install_oracle
   #- roles/sap_general_preconfigure
+  #- roles/sap_ha_install_anydb_ibmdb2
   #- roles/sap_ha_install_hana_hsr
   #- roles/sap_ha_pacemaker_cluster
   #- roles/sap_hana_install
   #- roles/sap_hana_preconfigure
-  - roles/sap_hostagent
+  #- roles/sap_hostagent
   #- roles/sap_install_media_detect
   #- roles/sap_netweaver_preconfigure
   #- roles/sap_storage_setup
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 5191af6d..87c0ef79 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -5,6 +5,49 @@ community.sap_install Release Notes
 .. contents:: Topics
 
 
+1.5.2
+Release Summary
+---------------
+- Release Date: 2025-01-24
+
+This is a bugfix release of the `community.sap_install` collection.
+
+Changes
+-------------
+- sap_*_preconfigure: Add code for RHEL 10 support (https://github.com/sap-linuxlab/community.sap_install/pull/938)
+- sap_*_preconfigure/Suse: Rework of preconfigure roles for Suse, add missing notes. (https://github.com/sap-linuxlab/community.sap_install/pull/930)
+
+Bugfixes
+--------
+- sap_netweaver_preconfigure: fix argument_specs validation error (https://github.com/sap-linuxlab/community.sap_install/pull/940)
+- sap_general_preconfigure: No longer install locale packages in RHEL 7 (https://github.com/sap-linuxlab/community.sap_install/pull/937)
+- sap_general_preconfigure: Fix check mode (https://github.com/sap-linuxlab/community.sap_install/pull/935)
+
+
+1.5.1
+Release Summary
+---------------
+- Release Date: 2025-01-15
+
+This is a bugfix release of the `community.sap_install` collection.
+
+Minor Changes
+-------------
+- sap_ha_pacemaker_cluster: enable Simple Mount on RHEL (https://github.com/sap-linuxlab/community.sap_install/pull/931)
+- sap_ha_pacemaker_cluster/SUSE: Rework SAPHanaSR-angi pre-steps and add SLES 16 vars (https://github.com/sap-linuxlab/community.sap_install/pull/928)
+- sap_swpm, sap_general_preconfigure: Add variables for sap_install FQCN collection name for calling roles (https://github.com/sap-linuxlab/community.sap_install/pull/925)
+- sap_general_preconfigure: Implement SAP note 2369910 (https://github.com/sap-linuxlab/community.sap_install/pull/914)
+- sap_ha_pacemaker_cluster: ANGI on RHEL and small improvements (https://github.com/sap-linuxlab/community.sap_install/pull/911)
+- sap_*_preconfigure, sap_ha_pacemaker_cluster: Reworked loading vars (https://github.com/sap-linuxlab/community.sap_install/pull/910)
+
+Bugfixes
+--------
+- sap_swpm: Use master password only when necessary (https://github.com/sap-linuxlab/community.sap_install/pull/920)
+- sap_swpm: Fix error when using tag sap_swpm_generate_inifile (https://github.com/sap-linuxlab/community.sap_install/pull/918)
+- sap_swpm: Fix error when installing SAP NW750 JAVA or SOLMAN72SR2 JAVA instances (https://github.com/sap-linuxlab/community.sap_install/pull/916)
+- sap_install_media_detect: Fix wrong sap_export_solman_java detection (https://github.com/sap-linuxlab/community.sap_install/pull/913)
+
+
 v1.5.0
 ======
 
diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
index b81cefc3..4671a302 100644
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@@ -273,3 +273,32 @@ releases:
         - sap_ha_install_anydb_ibmdb2: Linting and sles bug fixes (https://github.com/sap-linuxlab/community.sap_install/pull/803)
         '
     release_date: '2024-11-29'
+  1.5.1:
+    changes:
+      release_summary: '| Release Date: 2025-01-15
+        minor_changes:
+        - sap_ha_pacemaker_cluster: enable Simple Mount on RHEL (https://github.com/sap-linuxlab/community.sap_install/pull/931)
+        - sap_ha_pacemaker_cluster/SUSE: Rework SAPHanaSR-angi pre-steps and add SLES 16 vars (https://github.com/sap-linuxlab/community.sap_install/pull/928)
+        - sap_swpm, sap_general_preconfigure: Add variables for sap_install FQCN collection name for calling roles (https://github.com/sap-linuxlab/community.sap_install/pull/925)
+        - sap_general_preconfigure: Implement SAP note 2369910 (https://github.com/sap-linuxlab/community.sap_install/pull/914)
+        - sap_ha_pacemaker_cluster: ANGI on RHEL and small improvements (https://github.com/sap-linuxlab/community.sap_install/pull/911)
+        - sap_*_preconfigure, sap_ha_pacemaker_cluster: Reworked loading vars (https://github.com/sap-linuxlab/community.sap_install/pull/910)
+        bugfixes:
+        - sap_swpm: Use master password only when necessary (https://github.com/sap-linuxlab/community.sap_install/pull/920)
+        - sap_swpm: Fix error when using tag sap_swpm_generate_inifile (https://github.com/sap-linuxlab/community.sap_install/pull/918)
+        - sap_swpm: Fix error when installing SAP NW750 JAVA or SOLMAN72SR2 JAVA instances (https://github.com/sap-linuxlab/community.sap_install/pull/916)
+        - sap_install_media_detect: Fix wrong sap_export_solman_java detection (https://github.com/sap-linuxlab/community.sap_install/pull/913)
+        '
+    release_date: '2025-01-15'
+  1.5.2:
+    changes:
+      release_summary: '| Release Date: 2025-01-24
+        changes:
+        - sap_*_preconfigure: Add code for RHEL 10 support (https://github.com/sap-linuxlab/community.sap_install/pull/938)
+        - sap_*_preconfigure/Suse: Rework of preconfigure roles for Suse, add missing notes. (https://github.com/sap-linuxlab/community.sap_install/pull/930)
+        bugfixes:
+        - sap_netweaver_preconfigure: fix argument_specs validation error (https://github.com/sap-linuxlab/community.sap_install/pull/940)
+        - sap_general_preconfigure: No longer install locale packages in RHEL 7 (https://github.com/sap-linuxlab/community.sap_install/pull/937)
+        - sap_general_preconfigure: Fix check mode (https://github.com/sap-linuxlab/community.sap_install/pull/935)
+        '
+    release_date: '2025-01-24'
diff --git a/galaxy.yml b/galaxy.yml
index bb5e3566..1162dd11 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -11,7 +11,7 @@ namespace: community
 name: sap_install
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.5.0
+version: 1.5.2
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md
diff --git a/requirements-workflow.txt b/requirements-workflow.txt
index 559499b7..c4faa85e 100644
--- a/requirements-workflow.txt
+++ b/requirements-workflow.txt
@@ -1,4 +1,4 @@
-ansible==9.5.1
-ansible-compat==24.7.0
-ansible-core==2.16.9
-ansible-lint==24.7.0
+ansible==11.0.0
+ansible-compat==24.10.0
+ansible-core==2.18.0
+ansible-lint==24.10.0
diff --git a/roles/sap_general_preconfigure/README.md b/roles/sap_general_preconfigure/README.md
index 3511e61e..46622beb 100644
--- a/roles/sap_general_preconfigure/README.md
+++ b/roles/sap_general_preconfigure/README.md
@@ -432,7 +432,7 @@ The IPV4 address to be used for updating or checking `/etc/hosts` entries.<br>
 ### sap_general_preconfigure_db_group_name
 - _Type:_ `str`
 
-Use this variable to specify the name of the RHEL group which is used for the database processes.<br>
+(RedHat specific) Use this variable to specify the name of the RHEL group which is used for the database processes.<br>
 If defined, it will be used to configure process limits as per step<br>
 Configuring Process Resource Limits<br>
 
diff --git a/roles/sap_general_preconfigure/defaults/main.yml b/roles/sap_general_preconfigure/defaults/main.yml
index 5cef8b73..e8db802c 100644
--- a/roles/sap_general_preconfigure/defaults/main.yml
+++ b/roles/sap_general_preconfigure/defaults/main.yml
@@ -31,6 +31,9 @@ sap_general_preconfigure_system_roles_collection: 'fedora.linux_system_roles'
 # - fedora.linux_system_roles
 # - redhat.rhel_system_roles
 
+sap_general_preconfigure_sap_install_collection: 'community.sap_install'
+# Set which Ansible Collection to use when calling sap_install roles.
+
 sap_general_preconfigure_enable_repos: false
 # Set to `true` if you want the role to enable the repos as configured by the following repo related parameters.
 # The default is `false`, meaning that the role will not enable repos.
@@ -76,7 +79,7 @@ sap_general_preconfigure_envgroups: "{{ __sap_general_preconfigure_envgroups }}"
 # Example: See README.md
 
 sap_general_preconfigure_packages: "{{ __sap_general_preconfigure_packages }}"
-# The list of packages to install.
+# The list of packages to be installed.
 # The default for this variable is set in the vars file which corresponds to the detected OS version.
 
 sap_general_preconfigure_min_package_check: true
@@ -161,9 +164,21 @@ sap_general_preconfigure_domain: "{{ sap_domain | d(ansible_domain) }}"
 # The DNS domain name to be used for updating or checking `/etc/hosts` entries.
 
 # sap_general_preconfigure_db_group_name: (not defined by default)
-# Use this variable to specify the name of the RHEL group which is used for the database processes.
+# (RedHat specific) Use this variable to specify the name of the RHEL group which is used for the database processes.
 # If defined, it will be used to configure process limits as per step
 # Configuring Process Resource Limits
 # Example: See README.md
 
+sap_general_preconfigure_run_grub2_mkconfig: true
+# By default, the role will run `grub2-mkconfig` to update the Grub configuration if necessary.
+# Set this parameter to `false` if this is not desired.
+
+# (SUSE specific) Version of saptune to install.
+# It is recommended to install latest version by keeping this variable empty.
+# This will replace the current installed version if present, even downgrade if necessary.
+sap_general_preconfigure_saptune_version: ''
+
+# in SAP Note 2369910 SAP requires English locale
+# If you want to define the locale set this to e.g. en_US.UTF-8
+sap_general_preconfigure_default_locale: ""
 # END: Default Variables for sap_general_preconfigure
diff --git a/roles/sap_general_preconfigure/handlers/main.yml b/roles/sap_general_preconfigure/handlers/main.yml
index e54f6dd5..e9972197 100644
--- a/roles/sap_general_preconfigure/handlers/main.yml
+++ b/roles/sap_general_preconfigure/handlers/main.yml
@@ -1,52 +1,136 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
-# handlers file for sap_general_preconfigure
+
+# BEGIN - GRUB section
+- name: "Check if server is booted in BIOS or UEFI mode"
+  ansible.builtin.stat:
+    path: /sys/firmware/efi
+    get_checksum: false
+  register: __sap_general_preconfigure_register_stat_sys_firmware_efi
+  listen: __sap_general_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - sap_general_preconfigure_run_grub2_mkconfig | d(true)
+
+- name: Debug BIOS or UEFI
+  ansible.builtin.debug:
+    var: __sap_general_preconfigure_register_stat_sys_firmware_efi.stat.exists
+  listen: __sap_general_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - sap_general_preconfigure_run_grub2_mkconfig | d(true)
+
+- name: "Run grub-mkconfig (BIOS mode)"
+  ansible.builtin.command:
+    cmd: grub2-mkconfig -o /boot/grub2/grub.cfg
+  register: __sap_general_preconfigure_register_grub2_mkconfig_bios_mode
+  changed_when: true
+  listen: __sap_general_preconfigure_regenerate_grub2_conf_handler
+  notify: __sap_general_preconfigure_reboot_handler
+  when:
+    - not __sap_general_preconfigure_register_stat_sys_firmware_efi.stat.exists
+    - sap_general_preconfigure_run_grub2_mkconfig | d(true)
+
+- name: "Debug grub-mkconfig BIOS mode"
+  ansible.builtin.debug:
+    var: __sap_general_preconfigure_register_grub2_mkconfig_bios_mode.stdout_lines,
+         __sap_general_preconfigure_register_grub2_mkconfig_bios_mode.stderr_lines
+  listen: __sap_general_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - not __sap_general_preconfigure_register_stat_sys_firmware_efi.stat.exists
+    - sap_general_preconfigure_run_grub2_mkconfig | d(true)
+
+- name: "Set the grub.cfg location RHEL"
+  ansible.builtin.set_fact:
+    __sap_general_preconfigure_uefi_boot_dir: /boot/efi/EFI/redhat/grub.cfg
+  listen: __sap_general_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - ansible_distribution == 'RedHat'
+
+- name: "Set the grub.cfg location SLES"
+  ansible.builtin.set_fact:
+    __sap_general_preconfigure_uefi_boot_dir: /boot/efi/EFI/BOOT/grub.cfg
+  listen: __sap_general_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - ansible_distribution == 'SLES' or ansible_distribution == 'SLES_SAP'
+
+- name: "Run grub-mkconfig (UEFI mode)"
+  ansible.builtin.command:
+    cmd: "grub2-mkconfig -o {{ __sap_general_preconfigure_uefi_boot_dir }}"
+  register: __sap_general_preconfigure_register_grub2_mkconfig_uefi_mode
+  changed_when: true
+  listen: __sap_general_preconfigure_regenerate_grub2_conf_handler
+  notify: __sap_general_preconfigure_reboot_handler
+  when:
+    - __sap_general_preconfigure_register_stat_sys_firmware_efi.stat.exists
+    - sap_general_preconfigure_run_grub2_mkconfig | d(true)
+
+- name: "Debug grub-mkconfig UEFI"
+  ansible.builtin.debug:
+    var: __sap_general_preconfigure_register_grub2_mkconfig_uefi_mode.stdout_lines,
+         __sap_general_preconfigure_register_grub2_mkconfig_uefi_mode.stderr_lines
+  listen: __sap_general_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - __sap_general_preconfigure_register_stat_sys_firmware_efi.stat.exists
+    - sap_general_preconfigure_run_grub2_mkconfig | d(true)
+
+# END - GRUB section
+
 
 - name: Reboot the managed node
   ansible.builtin.reboot:
     test_command: /bin/true
   listen: __sap_general_preconfigure_reboot_handler
   when:
-    - sap_general_preconfigure_reboot_ok|d(false)
+    - sap_general_preconfigure_reboot_ok | d(false)
+
 
 # Kernel update triggers zypper purge-kernels and lock after reboot.
 - name: Wait for Zypper lock to be released
   ansible.builtin.command:
     cmd: zypper info zypper
-  retries: 60
-  timeout: 5
+  retries: 20
+  timeout: 30
   listen: __sap_general_preconfigure_reboot_handler
   when:
     - ansible_os_family == 'Suse'
     - sap_general_preconfigure_reboot_ok | d(false)
   changed_when: false
 
+
 - name: Let the role fail if a reboot is required
   ansible.builtin.fail:
     msg: Reboot is required!
   listen: __sap_general_preconfigure_reboot_handler
   when:
-    - sap_general_preconfigure_fail_if_reboot_required|d(true)
-    - not sap_general_preconfigure_reboot_ok|d(false)
+    - sap_general_preconfigure_fail_if_reboot_required | d(true)
+    - not sap_general_preconfigure_reboot_ok | d(false)
 
 - name: Show a warning message if a reboot is required
   ansible.builtin.debug:
     msg: "WARN: Reboot is required!"
   listen: __sap_general_preconfigure_reboot_handler
   when:
-    - not sap_general_preconfigure_fail_if_reboot_required|d(true)
-    - not sap_general_preconfigure_reboot_ok|d(false)
+    - not sap_general_preconfigure_fail_if_reboot_required | d(true)
+    - not sap_general_preconfigure_reboot_ok | d(false)
+
+- name: Unmask packagekit.service
+  ansible.builtin.systemd_service:
+    name: packagekit.service
+    masked: false
+  listen: __sap_general_preconfigure_packagekit_handler
+
 
 # Reasons for noqa:
 # - command-instead-of-module: We want to avoid non-ansible.builtin modules where possible
 # - no-changed-when: Remounting does not do any harm and does not affect idempotency.
 - name: Remount /dev/shm # noqa command-instead-of-module no-changed-when
-  ansible.builtin.command: mount -o remount /dev/shm
+  ansible.builtin.command:
+    cmd: mount -o remount /dev/shm
   listen: __sap_general_preconfigure_mount_tmpfs_handler
   tags: molecule-idempotence-notest
 
 - name: Check if /dev/shm is available
-  ansible.builtin.command: df -h /dev/shm
+  ansible.builtin.command:
+    cmd: df -h /dev/shm
   register: __sap_general_preconfigure_command_df_shm_result
   changed_when: false
   listen: __sap_general_preconfigure_mount_tmpfs_handler
diff --git a/roles/sap_general_preconfigure/meta/argument_specs.yml b/roles/sap_general_preconfigure/meta/argument_specs.yml
index aaf3cf4a..11e2bc0b 100644
--- a/roles/sap_general_preconfigure/meta/argument_specs.yml
+++ b/roles/sap_general_preconfigure/meta/argument_specs.yml
@@ -75,6 +75,12 @@ argument_specs:
         required: false
         type: str
 
+      sap_general_preconfigure_sap_install_collection:
+        default: 'community.sap_install'
+        description: Set which Ansible Collection to use when calling sap_install roles.
+        required: false
+        type: str
+
       sap_general_preconfigure_enable_repos:
         default: false
         description:
@@ -166,7 +172,7 @@ argument_specs:
       sap_general_preconfigure_packages:
         default: "{{ __sap_general_preconfigure_packages }}"
         description:
-          - The list of packages to install.
+          - The list of packages to be installed.
           - The default for this variable is set in the vars file which corresponds to the detected OS version.
         required: false
         type: list
@@ -341,3 +347,11 @@ argument_specs:
           sap_general_preconfigure_db_group_name: 'dba'
         required: false
         type: str
+
+      sap_general_preconfigure_default_locale:
+        description:
+          - Use this variable to specify the default system locale.
+        example:
+          sap_general_preconfigure_default_locale: 'en_US.UTF-8'
+        required: false
+        type: str
diff --git a/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml b/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml
index ff021f3a..af1587a5 100644
--- a/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml
+++ b/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml
@@ -1,6 +1,11 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+- name: Gather package facts again after the installation phase
+  ansible.builtin.package_facts:
+  tags:
+    - always
+
 - name: Assert - List required SAP Notes
   ansible.builtin.debug:
     var: __sap_general_preconfigure_sapnotes_versions | difference([''])
diff --git a/roles/sap_general_preconfigure/tasks/RedHat/assert-installation.yml b/roles/sap_general_preconfigure/tasks/RedHat/assert-installation.yml
index bba57f19..026e9b14 100644
--- a/roles/sap_general_preconfigure/tasks/RedHat/assert-installation.yml
+++ b/roles/sap_general_preconfigure/tasks/RedHat/assert-installation.yml
@@ -1,6 +1,11 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+- name: Gather package facts
+  ansible.builtin.package_facts:
+  tags:
+    - sap_general_preconfigure_installation
+
 - name: Check enabled repos
   when: sap_general_preconfigure_enable_repos
   block:
diff --git a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml
index 3d5f8044..42f8dcb8 100644
--- a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml
+++ b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml
@@ -1,6 +1,11 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+- name: Gather package facts again after the installation phase
+  ansible.builtin.package_facts:
+  tags:
+    - always
+
 - name: Configure - List required SAP Notes
   ansible.builtin.debug:
     var: __sap_general_preconfigure_sapnotes_versions | difference([''])
diff --git a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-kernel-parameters.yml
index 44989960..f0c9f704 100644
--- a/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-kernel-parameters.yml
+++ b/roles/sap_general_preconfigure/tasks/RedHat/generic/configure-kernel-parameters.yml
@@ -19,6 +19,7 @@
 - name: Construct the command for getting all current parameters of file '{{ sap_general_preconfigure_etc_sysctl_sap_conf }}'
   ansible.builtin.command: awk 'BEGIN{FS="="; printf ("sysctl ")}{printf ("%s ", $1)}' "{{ sap_general_preconfigure_etc_sysctl_sap_conf }}"
   register: __sap_general_preconfigure_register_sap_conf_sysctl_command
+  check_mode: false
   changed_when: false
 
 # Reason for noqa: The command module tries to run the complete string as a single command
diff --git a/roles/sap_general_preconfigure/tasks/RedHat/installation.yml b/roles/sap_general_preconfigure/tasks/RedHat/installation.yml
index 2e39f2fe..c79e58d2 100644
--- a/roles/sap_general_preconfigure/tasks/RedHat/installation.yml
+++ b/roles/sap_general_preconfigure/tasks/RedHat/installation.yml
@@ -1,6 +1,11 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+- name: Gather package facts
+  ansible.builtin.package_facts:
+  tags:
+    - sap_general_preconfigure_installation
+
 - name: Perform steps for enabling required repos
   when: sap_general_preconfigure_enable_repos
   block:
diff --git a/roles/sap_general_preconfigure/tasks/SLES/assert-configuration.yml b/roles/sap_general_preconfigure/tasks/SLES/assert-configuration.yml
index d4e8b934..eb316d43 100644
--- a/roles/sap_general_preconfigure/tasks/SLES/assert-configuration.yml
+++ b/roles/sap_general_preconfigure/tasks/SLES/assert-configuration.yml
@@ -10,6 +10,6 @@
 
 - name: Assert - Include configuration actions for required sapnotes
   ansible.builtin.include_tasks: "sapnote/assert-{{ sap_note_line_item.number }}.yml"
-  with_items: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}"
+  loop: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}"
   loop_control:
     loop_var: sap_note_line_item
diff --git a/roles/sap_general_preconfigure/tasks/SLES/assert-installation.yml b/roles/sap_general_preconfigure/tasks/SLES/assert-installation.yml
index 6aa78761..bfa79057 100644
--- a/roles/sap_general_preconfigure/tasks/SLES/assert-installation.yml
+++ b/roles/sap_general_preconfigure/tasks/SLES/assert-installation.yml
@@ -1,96 +1,94 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+# Both sap_general_preconfigure_packages and __sap_general_preconfigure_min_pkgs are checked at same time.
+# Check rpm --whatprovides only if package cannot be found directly.
+- name: Query RPM packages
+  ansible.builtin.shell:
+    cmd: |
+      if rpm -q {{ item }} &> /dev/null;
+      then rpm -q {{ item }}
+      else rpm -q --whatprovides {{ item }};
+      fi
+  register: __sap_general_preconfigure_register_packages
+  changed_when: false
+  ignore_errors: true
+  loop: "{{ sap_general_preconfigure_packages if not sap_general_preconfigure_min_package_check | bool
+    else ((sap_general_preconfigure_packages | d([])) + (__sap_general_preconfigure_min_pkgs | d([])) | map(attribute='0') | unique) }}"
+
+
 - name: Assert that all required packages are installed
   ansible.builtin.assert:
-    that: line_item in ansible_facts.packages
-    fail_msg: "FAIL: Package '{{ line_item }}' is not installed!"
-    success_msg: "PASS: Package '{{ line_item }}' is installed."
-  with_items:
-    - "{{ sap_general_preconfigure_packages }}"
-  loop_control:
-    loop_var: line_item
+    that: __sap_general_preconfigure_register_packages.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0
+    fail_msg: "FAIL: Package '{{ item }}' is not installed!"
+    success_msg: "PASS: Package '{{ item }}' is installed."
+  loop: "{{ sap_general_preconfigure_packages if not sap_general_preconfigure_min_package_check | bool
+    else ((sap_general_preconfigure_packages | d([])) + (__sap_general_preconfigure_min_pkgs | d([])) | map(attribute='0') | unique) }}"
   ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
 
-- name: Minimum required package version check
+
+- name: Block for minimum required packages assert
   when:
     - sap_general_preconfigure_min_package_check | bool
     - __sap_general_preconfigure_min_pkgs | d([])
   block:
-
-# Reason for noqa: We can safely fail at the last command in the pipeline.
-    - name: Assert - Create a list of minimum required package versions to be installed # noqa risky-shell-pipe
-# How does it work?
-# 1 - Print the required package name and version with a prefix "1" followed by a space.
-# 2 - In the same output sequence, list all installed versions of this package with a prefix "2" followed by a space.
-# 3 - Replace all occurrences of ".el" by ".0.0" so that the sort -V correctly sorts packages with ".el" in its name
-# 4 - Sort the list by the name and version.
-# 5 - Replace ".0.0" by ".el" again to get back the original names.
-# 6 - Store the last installed version of the package in variable latestpkg.
-# 7 - Store the last content of column 1 in variable col1, the last content of column 2 in variable col2,
-#     and the last number of fields in variable _nf.
-# 8 - case 1: If the last number of output fields is greater than 2, it indicates that the package is not installed
-#             because the output of "rpm -q" will be similar to "package XXX is not installed".
-# 8 - case 2a: If the first column of the last line of the output is "1", it means that the required package is
-#              the latest of all required and installed versions of the package, so it means that the package needs
-#              to be updated.
-# 8 - case 2b: If the first column of the last line of the output is "2", it means that at least of the installed
-#              versions the package is equal to or greater than the required package version.
-      ansible.builtin.shell: |
-        (echo "1 {{ pkg[0] }}-{{ pkg[1] }}";rpm -q --qf "%{NAME}-%{VERSION}-%{RELEASE}\n" {{ pkg[0] }} |
-         awk '{printf ("2 %s\n", $0)}') |
-         awk '{gsub ("\\.el", ".0.0"); print}' |
-         sort -k 2 -k 1 -V |
-         awk '{gsub ("\\.0\\.0", ".el"); col1=$1; col2=$2; _nf=NF}
-           $1==2{latestpkg=$2}
-           END {
-               if (_nf>2) {
-                  printf ("Package '\''{{ pkg[0] }}'\'' needs to be installed as {{ pkg[0] }}-{{ pkg[1] }}!\n")
-               } else {
-                  if (col1==1) {
-                     printf ("Package '\''{{ pkg[0] }}'\'' needs to be updated to %s! Currently installed latest version: %s.\n", $2, latestpkg)
-                  }
-                  if (col1==2) {
-                     printf ("Package '\''{{ pkg[0] }}'\'' is already installed as {{ pkg[0] }}-{{ pkg[1] }} or later. Currently installed latest version: %s.\n", latestpkg)
-                  }
-               }
-            }'
-      with_list: "{{ __sap_general_preconfigure_min_pkgs }}"
-      loop_control:
-        loop_var: pkg
-      check_mode: false
-      register: __sap_general_preconfigure_register_minpkglist_assert
+    - name: Query RPM packages for minimum required packages
+      ansible.builtin.shell:
+        cmd: |
+          if rpm -q {{ item[0] }} &> /dev/null;
+          then rpm -q --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}\n' {{ item[0] }}
+          else rpm -q --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}\n' --whatprovides {{ item[0] }};
+          fi
+      register: __sap_general_preconfigure_register_packages_minimum
       changed_when: false
+      ignore_errors: true
+      loop: "{{ __sap_general_preconfigure_min_pkgs }}"
+
 
-    - name: Assert that minimum required package versions are installed
-# If the output includes the string "is already installed" (case 2b), we have a PASS. Otherwise, it's a FAIL.
+    - name: Assert that all minimum required packages are installed with minimum version
       ansible.builtin.assert:
-        that: "'is already installed' in line_item.stdout"
-        fail_msg: "FAIL: {{ line_item.stdout }}"
-        success_msg: "PASS: {{ line_item.stdout }}"
-      with_items: "{{ __sap_general_preconfigure_register_minpkglist_assert.results }}"
-      loop_control:
-        loop_var: line_item
-        label: ""
-      ignore_errors: true
+        that:
+          - __version[0] is version(item[1], '>=')
+        fail_msg: "FAIL: Minimum package version '{{ item[0] }}-{{ item[1] }}' is not installed! Current version: '{{ __version[0] }}'"
+        success_msg: "PASS: Minimum package version '{{ item[0] }}-{{ item[1] }}' is installed."
+      vars:
+        __version:
+          "{{ __sap_general_preconfigure_register_packages_minimum.results | selectattr('item', 'equalto', item) | map(attribute='stdout') }}"
+      loop: "{{ __sap_general_preconfigure_min_pkgs }}"
+      ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
+      when: __sap_general_preconfigure_register_packages.results | selectattr('item', 'equalto', item[0]) | map(attribute='rc') | first == 0
 
-- name: Report if no minimum required package version is defined for this RHEL release
-  ansible.builtin.debug:
-    msg: "INFO: No minimum required package version defined (variable __sap_general_preconfigure_min_pkgs)."
-  ignore_errors: true
-  when: not __sap_general_preconfigure_min_pkgs | d([])
 
-# Reason for noqa: The yum module appears to not support the check-update option
+- name: Gather service facts
+  ansible.builtin.service_facts:
+
+# Service packagekit is part of PackageKit-backend-zypp (SLE-Module-Desktop-Applications)
+# This service creates zypper locks and causes package install failures.
+- name: Wait for stop of packagekit.service
+  ansible.builtin.shell: |
+    set -o pipefail && bash -c '
+    while (ps aux | grep "[z]ypper" | grep -v grep) || (ps aux | grep "/usr/lib/packagekitd" | grep -v grep) ||
+     ([ -f /var/run/zypp.pid ] && [ -s /var/run/zypp.pid ]); do
+      sleep 10;
+    done'
+  register: __packagekit_service_check
+  changed_when: false
+  until: __packagekit_service_check.rc == 0
+  retries: 60
+  when: "'packagekit.service' in ansible_facts.services"
+
 - name: Get info about possible package updates # noqa command-instead-of-module
-  ansible.builtin.command: yum check-update
-  register: __sap_general_preconfigure_register_yum_check_update_assert
+  ansible.builtin.command:
+    cmd: zypper -q patch-check
+  timeout: 60
+  register: __sap_general_preconfigure_register_zypper_check_update_assert
   changed_when: false
-  ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
+  ignore_errors: true  # true, because unpatched system is always error.
   when: sap_general_preconfigure_update
 
 - name: Assert that there are no more possible package updates
   ansible.builtin.assert:
-    that: __sap_general_preconfigure_register_yum_check_update_assert is success
+    that: __sap_general_preconfigure_register_zypper_check_update_assert.rc == 0
     fail_msg: "FAIL: System needs to be updated!"
     success_msg: "PASS: There are no more outstanding package updates."
   ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
@@ -99,45 +97,18 @@
 - name: Report if checking for possible package updates is not requested
   ansible.builtin.debug:
     msg: "INFO: Not checking for possible package updates (variable sap_general_preconfigure_update)."
-  ignore_errors: true
+  ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
   when: not sap_general_preconfigure_update
 
-- name: "Assert - Set needs-restarting command in case of RHEL 7"
-  ansible.builtin.set_fact:
-    __sap_general_preconfigure_fact_needs_restarting_command_assert: "needs-restarting -r"
-  when:
-    - ansible_os_family == 'RedHat'
-    - ansible_distribution_major_version == '7'
-
-- name: "Assert - Set needs-restarting command in case of RHEL 8 or RHEL 9, except RHEL 8.0"
-  ansible.builtin.set_fact:
-    __sap_general_preconfigure_fact_needs_restarting_command_assert: "yum needs-restarting -r"
-  when:
-    - ansible_os_family == 'RedHat'
-    - (ansible_distribution_major_version == '8' or
-         ansible_distribution_major_version == '9'
-      )
-    - ansible_distribution_version != '8.0'
-
-- name: "Assert - Set customized needs-restarting command in case of RHEL 8.0"
-  ansible.builtin.set_fact:
-    __sap_general_preconfigure_fact_needs_restarting_command_assert: "_IKRNL=$(rpm -q --last kernel | awk 'NR==1{sub(/kernel-/,\"\"); print $1}');
-                                                              _CKRNL=$(uname -r); if [ ${_IKRNL} != ${_CKRNL} ]; then exit 1; else exit 0; fi"
-  when:
-    - ansible_os_family == 'RedHat'
-    - ansible_distribution_version == '8.0'
-
-- name: Assert - Display the command for checking a reboot requirement
-  ansible.builtin.debug:
-    var: __sap_general_preconfigure_fact_needs_restarting_command_assert
 
 # Reason for noqa: The command to be executed might contain pipes
-- name: Assert - Determine if the system needs to be restarted # noqa command-instead-of-shell
-  ansible.builtin.shell: "{{ __sap_general_preconfigure_fact_needs_restarting_command_assert }}"
+- name: Determine if the system needs to be restarted # noqa command-instead-of-shell
+  ansible.builtin.shell:
+    cmd: "zypper ps"
   register: __sap_general_preconfigure_register_needs_restarting_assert
   changed_when: false
   check_mode: false
-  ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
+  ignore_errors: true  # true, because output is too large.
 
 - name: Assert that system needs no restart
   ansible.builtin.assert:
@@ -145,3 +116,26 @@
     fail_msg: "FAIL: System needs to be restarted!"
     success_msg: "PASS: System needs no restart."
   ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
+
+
+- name: Block to assert that correct saptune version is installed
+  when:
+    - __sap_general_preconfigure_use_saptune
+    - sap_general_preconfigure_saptune_version is defined
+    - sap_general_preconfigure_saptune_version | length > 0
+  block:
+    # We are checking for %{VERSION} (e.g. 3.1.4), not full %{VERSION}-%{RELEASE}.%{ARCH}
+    - name: Check saptune version  # noqa: command-instead-of-module
+      ansible.builtin.command:
+        cmd: rpm -q --queryformat '%{VERSION}\n' saptune
+      register: __sap_general_preconfigure_register_saptune_version
+      changed_when: false
+      ignore_errors: true
+
+    - name: Assert saptune is at requested version
+      ansible.builtin.assert:
+        that: __sap_general_preconfigure_register_saptune_version.stdout == sap_general_preconfigure_saptune_version
+        fail_msg: "FAIL: saptune version installed is {{ __sap_general_preconfigure_register_saptune_version.stdout
+          }} but the version {{ sap_general_preconfigure_saptune_version }} was expected"
+        success_msg: "PASS: the installed version of saptune meets the expected version: {{ sap_general_preconfigure_saptune_version }}"
+      when: __sap_general_preconfigure_register_saptune_version.rc == 0
diff --git a/roles/sap_general_preconfigure/tasks/SLES/configuration.yml b/roles/sap_general_preconfigure/tasks/SLES/configuration.yml
index cde628b4..dfcf3ef4 100644
--- a/roles/sap_general_preconfigure/tasks/SLES/configuration.yml
+++ b/roles/sap_general_preconfigure/tasks/SLES/configuration.yml
@@ -7,6 +7,6 @@
 
 - name: Configure - Include configuration actions for required sapnotes
   ansible.builtin.include_tasks: "sapnote/{{ sap_note_line_item.number }}.yml"
-  with_items: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}"
+  loop: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}"
   loop_control:
     loop_var: sap_note_line_item
diff --git a/roles/sap_general_preconfigure/tasks/SLES/generic/grub_update.yml b/roles/sap_general_preconfigure/tasks/SLES/generic/grub_update.yml
new file mode 100644
index 00000000..81469d3a
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/SLES/generic/grub_update.yml
@@ -0,0 +1,39 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# Generic task for updating GRUB configuration using provided list
+
+- name: Update existing GRUB entries
+  ansible.builtin.lineinfile:
+    path: /etc/default/grub
+    regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=".*?)(\b{{ item.split("=")[0] }}=[^ ]*\b)(.*")'
+    line: '\1{{ item }}\3'
+    backrefs: true
+  register: __sap_general_preconfigure_grub_update
+  loop: "{{ __sap_general_preconfigure_grub_cmdline }}"
+
+
+- name: Get current contents of GRUB
+  ansible.builtin.slurp:
+    path: /etc/default/grub
+  register: __sap_general_preconfigure_grub_contents
+
+
+- name: Add new GRUB entries
+  ansible.builtin.lineinfile:
+    path: /etc/default/grub
+    regexp: '^GRUB_CMDLINE_LINUX_DEFAULT="(.*?)"'
+    line: 'GRUB_CMDLINE_LINUX_DEFAULT="\1 {{ item }}"'
+    backrefs: true
+  register: __sap_general_preconfigure_grub_add
+  loop: "{{ __sap_general_preconfigure_grub_cmdline }}"
+  when: item not in (__sap_general_preconfigure_grub_contents.content | b64decode)
+
+
+- name: Trigger grub update if necessary # noqa no-changed-when
+  ansible.builtin.command:
+    cmd: /bin/true
+  notify: __sap_general_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - (__sap_general_preconfigure_grub_update.results | selectattr('changed', 'equalto', true) | list | length > 0)
+      or (__sap_general_preconfigure_grub_add.results | selectattr('changed', 'equalto', true) | list | length > 0)
diff --git a/roles/sap_general_preconfigure/tasks/SLES/generic/saptune_install.yml b/roles/sap_general_preconfigure/tasks/SLES/generic/saptune_install.yml
new file mode 100644
index 00000000..d7e88ae3
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/SLES/generic/saptune_install.yml
@@ -0,0 +1,47 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# 1275776 - Linux: Preparing SLES for SAP environments
+
+- name: Get contents of /etc/products.d/baseproduct
+  ansible.builtin.stat:
+    path: /etc/products.d/baseproduct
+  register: __sap_general_preconfigure_register_baseproduct
+
+
+- name: Set fact if baseproduct contains SLES without SLES_SAP
+  ansible.builtin.set_fact:
+    __sap_general_preconfigure_use_saptune: false
+  when:
+    - '"SLES_SAP" not in __sap_general_preconfigure_register_baseproduct.stat.lnk_target'
+    - '"SLES" in __sap_general_preconfigure_register_baseproduct.stat.lnk_target
+      and ansible_distribution_major_version | int < 16'
+
+
+- name: Block to ensure saptune is installed
+  when: __sap_general_preconfigure_use_saptune | d(true)
+  block:
+    # Reason for noqa: Zypper supports "state: latest"
+    - name: Ensure latest saptune is installed  # noqa package-latest
+      ansible.builtin.package:
+        name: saptune
+        state: latest
+      when:
+        - sap_general_preconfigure_saptune_version is undefined
+         or sap_general_preconfigure_saptune_version | length == 0
+
+    - name: Ensure specific saptune version is installed
+      ansible.builtin.package:
+        name: "saptune={{ sap_general_preconfigure_saptune_version }}"
+        state: present
+      when:
+        - sap_general_preconfigure_saptune_version is defined
+        - sap_general_preconfigure_saptune_version | length > 0
+
+
+- name: Block to ensure sapconf is installed
+  when: not __sap_general_preconfigure_use_saptune | d(true)
+  block:
+    - name: Ensure sapconf is installed
+      ansible.builtin.package:
+        name: "sapconf"
+        state: present
diff --git a/roles/sap_general_preconfigure/tasks/SLES/generic/saptune_takeover.yml b/roles/sap_general_preconfigure/tasks/SLES/generic/saptune_takeover.yml
new file mode 100644
index 00000000..56089c7e
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/SLES/generic/saptune_takeover.yml
@@ -0,0 +1,100 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# 1275776 - Linux: Preparing SLES for SAP environments
+
+- name: Execute saptune_check - before takeover
+  ansible.builtin.command:
+    cmd: saptune_check
+  register: __sap_general_preconfigure_register_saptune_check_before
+  when: __sap_general_preconfigure_use_saptune
+  changed_when: false
+  failed_when: false
+
+- name: Takeover and enable saptune
+  when:
+    - __sap_general_preconfigure_use_saptune
+    - __sap_general_preconfigure_register_saptune_check_before.rc != 0
+  block:
+    - name: Check saptune version  # noqa: command-instead-of-module
+      ansible.builtin.command:
+        cmd: rpm -q sapconf
+      register: __sap_general_preconfigure_register_sapconf
+      changed_when: false
+      ignore_errors: true
+
+    - name: Ensure sapconf is stopped and disabled
+      ansible.builtin.systemd:
+        name: sapconf
+        state: stopped
+        enabled: false
+      when: __sap_general_preconfigure_register_sapconf
+
+    - name: Make sure that sapconf and tuned are stopped and disabled
+      ansible.builtin.command:
+        cmd: "saptune service takeover"
+      register: __sap_general_preconfigure_register_saptune_takeover
+      changed_when: __sap_general_preconfigure_register_saptune_takeover.rc == 0
+
+    # saptune_check can fail if sapconf is in failed state
+    - name: Check if sapconf.service is failed  # noqa command-instead-of-module
+      ansible.builtin.command:
+        cmd: systemctl is-failed sapconf.service
+      register: __sap_general_preconfigure_register_sapconf_failed
+      changed_when: false
+      ignore_errors: true
+
+    - name: Execute systemctl reset-failed sapconf.service  # noqa command-instead-of-module
+      ansible.builtin.command:
+        cmd: systemctl reset-failed sapconf.service
+      when: __sap_general_preconfigure_register_sapconf_failed.rc == 0
+      changed_when: true
+
+    - name: Ensure saptune is running and enabled
+      ansible.builtin.systemd:
+        name: saptune
+        state: started
+        enabled: true
+
+    - name: Ensure saptune_check executes correctly
+      ansible.builtin.command:
+        cmd: saptune_check
+      register: __sap_general_preconfigure_register_saptune_check_after
+      changed_when: false
+
+
+- name: Check active saptune solution
+  when:
+    - __sap_general_preconfigure_use_saptune
+    - __sap_general_preconfigure_register_saptune_check_before.rc == 0
+      or (__sap_general_preconfigure_register_saptune_check_after.rc == 0)
+  block:
+    - name: Discover active solution
+      ansible.builtin.command:
+        cmd: saptune solution enabled
+      register: __sap_general_preconfigure_register_saptune_status
+      changed_when: false
+
+    - name: Set fact for active solution
+      ansible.builtin.set_fact:
+        # Capture the first block on none whitespace
+        __sap_general_preconfigure_register_solution_configured:
+          "{{ (__sap_general_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}"
+
+    - name: Show configured solution
+      ansible.builtin.debug:
+        var: __sap_general_preconfigure_register_solution_configured
+
+
+- name: Enable sapconf
+  when: not __sap_general_preconfigure_use_saptune
+  block:
+    - name: Enable sapconf service
+      ansible.builtin.systemd:
+        name: sapconf
+        state: started
+        enabled: true
+
+    - name: Restart sapconf service
+      ansible.builtin.systemd:
+        name: sapconf
+        state: restarted
diff --git a/roles/sap_general_preconfigure/tasks/SLES/installation.yml b/roles/sap_general_preconfigure/tasks/SLES/installation.yml
index 4f9daed9..a6d99249 100644
--- a/roles/sap_general_preconfigure/tasks/SLES/installation.yml
+++ b/roles/sap_general_preconfigure/tasks/SLES/installation.yml
@@ -1,80 +1,76 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+- name: Gather service facts
+  ansible.builtin.service_facts:
+
+# Service packagekit is part of PackageKit-backend-zypp (SLE-Module-Desktop-Applications)
+# This service creates zypper locks and causes package install failures.
+# Service cannot be disabled and we have to mask its execution.
+- name: Mask packagekit.service when present
+  ansible.builtin.systemd_service:
+    name: packagekit.service
+    masked: true
+  when: "'packagekit.service' in ansible_facts.services"
+  notify: __sap_general_preconfigure_packagekit_handler
+
+
+- name: Wait for stop of packagekit.service
+  ansible.builtin.shell: |
+    set -o pipefail && bash -c '
+    while (ps aux | grep "[z]ypper" | grep -v grep) || (ps aux | grep "/usr/lib/packagekitd" | grep -v grep) ||
+     ([ -f /var/run/zypp.pid ] && [ -s /var/run/zypp.pid ]); do
+      sleep 10;
+    done'
+  register: __packagekit_service_check
+  changed_when: false
+  until: __packagekit_service_check.rc == 0
+  retries: 60
+  when: "'packagekit.service' in ansible_facts.services"
+
+
 - name: Ensure that the required packages are installed
   ansible.builtin.package:
     state: present
-    name: "{{ sap_general_preconfigure_packages }}"
+    name: "{{ sap_general_preconfigure_packages if not sap_general_preconfigure_min_package_check | bool
+      else ((sap_general_preconfigure_packages | d([])) + (__sap_general_preconfigure_min_pkgs | d([])) | map(attribute='0') | unique) }}"
+
 
-- name: Ensure that the minimum required package versions are installed
+- name: Install minimum packages if required
+  ansible.builtin.package:
+    name: '{{ line_item[0] }}>={{ line_item[1] }}'
+    state: present
+  loop: "{{ __sap_general_preconfigure_min_pkgs }}"
+  loop_control:
+    loop_var: line_item
   when:
     - sap_general_preconfigure_min_package_check|bool
-    - __sap_general_preconfigure_min_pkgs|d([])
-  block:
-
-# Reason for noqa: We can safely fail at the last command in the pipeline.
-    - name: Create a list of minimum required package versions to be installed  # noqa risky-shell-pipe
-# How does it work?
-# 1 - Print the required package name and version with a prefix "1" followed by a space.
-# 2 - In the same output sequence, list all installed versions of this package with a prefix "2" followed by a space.
-# 3 - Replace all occurrences of ".el" by ".0.0" so that the sort -V correctly sorts packages with ".el" in its name
-# 4 - Sort the list by the name and version.
-# 5 - Replace ".0.0" by ".el" again to get back the original names.
-# 6 - Store the last installed version of the package in variable latestpkg.
-# 7 - Store the last content of column 1 in variable col1, the last content of column 2 in variable col2,
-#     and the last number of fields in variable _nf.
-# 8 - case 1: If the last number of output fields is greater than 2, it indicates that the package is not installed
-#             because the output of "rpm -q" will be similar to "package XXX is not installed".
-# 8 - case 2a: If the first column of the last line of the output is "1", it means that the required package is
-#              the latest of all required and installed versions of the package, so it means that the package needs
-#              to be updated.
-# 8 - case 2b: If the first column of the last line of the output is "2", it means that at least of the installed
-#              versions the package is equal to or greater than the required package version.
-      ansible.builtin.shell: |
-        (echo "1 {{ pkg[0] }}-{{ pkg[1] }}";rpm -q --qf "%{NAME}-%{VERSION}-%{RELEASE}\n" {{ pkg[0] }} |
-         awk '{printf ("2 %s\n", $0)}') |
-         awk '{gsub ("\\.el", ".0.0"); print}' |
-         sort -k 2 -k 1 -V |
-         awk '{gsub ("\\.0\\.0", ".el"); col1=$1; col2=$2; _nf=NF}
-           $1==2{latestpkg=$2}
-           END {
-               if (_nf>2) {
-                  printf ("{{ pkg[0] }}-{{ pkg[1] }}\n")
-               } else {
-                  if (col1==1) {
-                     printf ("{{ pkg[0] }}-{{ pkg[1] }}\n")
-                  }
-               }
-            }'
-      with_list: "{{ __sap_general_preconfigure_min_pkgs }}"
-      loop_control:
-        loop_var: pkg
-      check_mode: false
-      register: __sap_general_preconfigure_register_minpkglist
-      changed_when: false
-
-    - name: Display the content of the minimum package list variable
-      ansible.builtin.debug:
-        var: __sap_general_preconfigure_register_minpkglist
-
-    - name: Install minimum packages if required
-      ansible.builtin.package:
-        name: "{{ line_item.stdout }}"
-        state: present
-      with_items: "{{ __sap_general_preconfigure_register_minpkglist.results }}"
-      loop_control:
-        loop_var: line_item
-
-# Reason for noqa: Both yum and dnf support "state: latest"
+    - __sap_general_preconfigure_min_pkgs | d([])
+
+
+# Reason for noqa: Zypper supports "state: latest"
 - name: Ensure that the system is updated to the latest patchlevel # noqa package-latest
   ansible.builtin.package:
     state: latest
     name: "*"
-  when: sap_general_preconfigure_update
+  register: __sap_general_preconfigure_register_update_latest
+  when: sap_general_preconfigure_update | bool
+
+
+# 1275776 - Linux: Preparing SLES for SAP environments
+- name: Install saptune if available
+  ansible.builtin.include_tasks:
+    file: generic/saptune_install.yml
+
+- name: Takeover and enable saptune if available
+  ansible.builtin.include_tasks:
+    file: generic/saptune_takeover.yml
+
 
 # Reason for noqa: The command to be executed might contain pipes
 - name: Determine if the system needs to be restarted # noqa command-instead-of-shell
-  ansible.builtin.shell: "zypper ps"
+  ansible.builtin.shell:
+    cmd: "zypper ps"
   register: __sap_general_preconfigure_register_needs_restarting
   ignore_errors: true
   changed_when: false
@@ -84,6 +80,8 @@
   ansible.builtin.debug:
     var: __sap_general_preconfigure_register_needs_restarting
 
+
+# sap_general_preconfigure_fact_reboot_required is used by follow up role: sap_hana_preconfigure
 - name: Set the reboot requirement flag to false
   ansible.builtin.set_fact:
     sap_general_preconfigure_fact_reboot_required: false
@@ -91,14 +89,21 @@
 - name: For needs-restarting - Set the flag that reboot is needed to apply changes
   ansible.builtin.set_fact:
     sap_general_preconfigure_fact_reboot_required: true
-  when: __sap_general_preconfigure_register_needs_restarting is failed
+  when:
+    - __sap_general_preconfigure_register_needs_restarting is failed
+      or __sap_general_preconfigure_register_update_latest.changed
 
 - name: For needs-restarting - Display the content of sap_general_preconfigure_fact_reboot_required
   ansible.builtin.debug:
     var: sap_general_preconfigure_fact_reboot_required
 
+
 - name: Call Reboot handler if necessary
-  ansible.builtin.command: /bin/true
+  ansible.builtin.command:
+    cmd: /bin/true
   notify: __sap_general_preconfigure_reboot_handler
   changed_when: true
-  when: __sap_general_preconfigure_register_needs_restarting is failed
+  when:
+    - __sap_general_preconfigure_register_needs_restarting is failed
+      or __sap_general_preconfigure_register_needs_restarting.rc == 102
+      or __sap_general_preconfigure_register_update_latest.changed
diff --git a/roles/sap_general_preconfigure/tasks/main.yml b/roles/sap_general_preconfigure/tasks/main.yml
index 0cdd514c..829cc313 100644
--- a/roles/sap_general_preconfigure/tasks/main.yml
+++ b/roles/sap_general_preconfigure/tasks/main.yml
@@ -106,19 +106,6 @@
   tags:
     - always
 
-# Requirement for package_facts Ansible Module
-- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python
-  ansible.builtin.package:
-    name: python3-rpm
-    state: present
-  when: ansible_os_family == "Suse"
-
-# required for installation and configuration tasks:
-- name: Gather package facts
-  ansible.builtin.package_facts:
-  tags:
-    - sap_general_preconfigure_installation
-
 - name: Include tasks from 'installation.yml'
   ansible.builtin.include_tasks:
     file: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}installation.yml'
@@ -132,11 +119,6 @@
   tags:
     - sap_general_preconfigure_installation
 
-- name: Gather package facts again after the installation phase
-  ansible.builtin.package_facts:
-  tags:
-    - always
-
 - name: Include tasks from 'configuration.yml'
   ansible.builtin.include_tasks:
     file: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}configuration.yml'
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml
index 9e96a265..bf642b1a 100644
--- a/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml
+++ b/roles/sap_general_preconfigure/tasks/sapnote/2002167/03-setting-the-hostname.yml
@@ -16,7 +16,7 @@
 
 - name: Import role sap_maintain_etc_hosts
   ansible.builtin.import_role:
-    name: 'community.sap_install.sap_maintain_etc_hosts'
+    name: '{{ sap_general_preconfigure_sap_install_collection }}.sap_maintain_etc_hosts'
   vars:
     sap_maintain_etc_hosts_list:
       - node_ip: "{{ sap_general_preconfigure_ip }}"
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2369910.yml b/roles/sap_general_preconfigure/tasks/sapnote/2369910.yml
new file mode 100644
index 00000000..85a256c4
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/2369910.yml
@@ -0,0 +1,39 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+- name: Configure - Display SAP note number 2369910 and its version
+  ansible.builtin.debug:
+    msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2369910$') | first).number }}
+          (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2369910$') | first).version }}): SAP Software on Linux: General Information"
+  tags:
+    - always
+
+- name: Check locales
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_2369910 | d(false)
+  tags:
+    - sap_general_preconfigure_2369910
+    - sap_general_preconfigure_configure_locale
+  block:
+    - name: Configure an English locale
+      ansible.builtin.command: "localectl set-locale LANG={{ sap_general_preconfigure_default_locale }}"
+      changed_when: true
+      when:
+        - sap_general_preconfigure_default_locale is defined and sap_general_preconfigure_default_locale
+        - sap_general_preconfigure_default_locale == 'C.UTF-8' or
+          sap_general_preconfigure_default_locale == 'C.utf8' or
+          sap_general_preconfigure_default_locale.startswith('en_') and
+            (sap_general_preconfigure_default_locale.endswith('UTF-8') or
+             sap_general_preconfigure_default_locale.endswith('utf8'))
+
+    - name: Get the current default locale
+      ansible.builtin.command: awk '{gsub("\"","")}/^LANG=/&&(/=C\./||/=en_/)&&(/utf8$/||/UTF-8$/){print}' /etc/locale.conf
+      check_mode: false
+      register: __sap_general_preconfigure_current_default_locale
+      changed_when: false
+
+    - name: Assert that an English locale is the default
+      ansible.builtin.assert:
+        that: __sap_general_preconfigure_current_default_locale.stdout_lines | length > 0
+        fail_msg: >
+          "FAIL: English is not set as the default locale. Please define an English default locale
+          with the 'sap_general_preconfigure_default_locale' variable!"
+        success_msg: "PASS: An English default locale is set."
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2578899.yml b/roles/sap_general_preconfigure/tasks/sapnote/2578899.yml
new file mode 100644
index 00000000..af6699a1
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/2578899.yml
@@ -0,0 +1,28 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# 2578899 - SUSE Linux Enterprise Server 15: Installation Note
+
+- name: Configure - Display SAP note number 2578899 and its version
+  ansible.builtin.debug:
+    msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2578899$') | first).number }}
+          (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2578899$') | first).version }}):
+           SUSE Linux Enterprise Server 15: Installation Note"
+  tags:
+    - always
+
+- name: Set fact for SAP note number 2578899
+  ansible.builtin.set_fact:
+    __sap_general_preconfigure_services_2578899:
+      - uuidd.socket
+      - sysstat
+      - sysctl-logger.service
+
+    __sap_general_preconfigure_grub_cmdline_2578899: []
+      # I/O Scheduler parameter is already part of default saptune and sapconf configuration.
+      # - "elevator=noop"
+
+- name: Import tasks from '2578899/installation.yml'
+  ansible.builtin.import_tasks: 2578899/installation.yml
+
+- name: Import tasks from '2578899/configuration.yml'
+  ansible.builtin.import_tasks: 2578899/configuration.yml
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2578899/assert-configuration.yml b/roles/sap_general_preconfigure/tasks/sapnote/2578899/assert-configuration.yml
new file mode 100644
index 00000000..672ffd83
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/2578899/assert-configuration.yml
@@ -0,0 +1,85 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# ansible_facts.services do not work for socket services!
+# uuidd.socket is not found, while uuidd.service service is.
+- name: Check status of services - Active  # noqa command-instead-of-module
+  ansible.builtin.command:
+    cmd: "systemctl is-active {{ item }}"
+  loop: "{{ __sap_general_preconfigure_services_2578899 }}"
+  register: __sap_general_preconfigure_register_services_active
+  changed_when: false
+  ignore_errors: true  # Disabled is RC 1
+
+- name: Check status of services - Enabled  # noqa command-instead-of-module
+  ansible.builtin.command:
+    cmd: "systemctl is-enabled {{ item }}"
+  loop: "{{ __sap_general_preconfigure_services_2578899 }}"
+  register: __sap_general_preconfigure_register_services_enabled
+  changed_when: false
+  ignore_errors: true  # Disabled is RC 1
+
+- name: Assert that services are running and enabled
+  ansible.builtin.assert:
+    that:
+      - __sap_general_preconfigure_register_services_active.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0
+      - __sap_general_preconfigure_register_services_enabled.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0
+    fail_msg: "FAIL: Service '{{ item }}' is not running or not enabled!"
+    success_msg: "PASS: Package '{{ item }}' is running and enabled."
+  loop: "{{ __sap_general_preconfigure_services_2578899 }}"
+  ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
+
+
+- name: Verify SAP Note using saptune
+  when: __sap_general_preconfigure_use_saptune | d(true)
+  block:
+
+    - name: Verify SAP note 2578899 using saptune
+      ansible.builtin.command:
+        cmd: saptune note verify --show-non-compliant 2578899
+      register: __sap_general_preconfigure_saptune_verify_2578899
+      changed_when: false
+      ignore_errors: true
+
+    - name: Assert that SAP note 2578899 is verified by saptune
+      ansible.builtin.assert:
+        that: "{{ __sap_general_preconfigure_saptune_verify_2578899.rc == 0 }}"
+        success_msg: "PASS: SAP note 2578899 is verified by saptune."
+        fail_msg: |
+          "FAIL: SAP note 2578899 is not verified by saptune! See details below:"
+          {{ __sap_general_preconfigure_saptune_verify_2578899.stdout_lines }}
+          {{ __sap_general_preconfigure_saptune_verify_2578899.stderr_lines }}
+      ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
+
+
+- name: Verify SAP Note without using saptune
+  when: not __sap_general_preconfigure_use_saptune | d(true)
+  block:
+
+    - name: Gather kernel parameters
+      ansible.builtin.command: sysctl kernel.pid_max
+      register: __sap_general_preconfigure_register_pid_max
+      changed_when: false
+
+    - name: Assert that kernel parameter pid_max is set to 4194304
+      ansible.builtin.assert:
+        that:
+          - "__sap_general_preconfigure_register_pid_max.stdout.split('=')[1] | trim == '4194304'"
+        fail_msg: "FAIL: Kernel parameter kernel.pid_max is not set to 4194304!"
+        success_msg: "PASS: Kernel parameter kernel.pid_max is set to 4194304."
+      ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
+
+    - name: Get current contents of GRUB
+      ansible.builtin.slurp:
+        path: /etc/default/grub
+      register: __sap_general_preconfigure_grub_contents
+
+    - name: Assert that GRUB cmdline parameters are set
+      ansible.builtin.assert:
+        that:
+          - "'{{ item }}' in __sap_general_preconfigure_grub_contents.content | b64decode | string"
+        fail_msg: "FAIL: GRUB cmdline parameter {{ item }} is not set!"
+        success_msg: "PASS: GRUB cmdline parameter {{ item }} is set."
+      loop: "{{ __sap_general_preconfigure_grub_cmdline_2578899 }}"
+      when: __sap_general_preconfigure_grub_cmdline_2578899 | length > 0
+      ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2578899/assert-installation.yml b/roles/sap_general_preconfigure/tasks/sapnote/2578899/assert-installation.yml
new file mode 100644
index 00000000..ba5d3501
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/2578899/assert-installation.yml
@@ -0,0 +1,23 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# Check rpm --whatprovides only if package cannot be found directly.
+- name: Query RPM packages
+  ansible.builtin.shell:
+    cmd: |
+      if rpm -q {{ item }} &> /dev/null;
+      then rpm -q {{ item }}
+      else rpm -q --whatprovides {{ item }};
+      fi
+  register: __sap_general_preconfigure_register_packages
+  changed_when: false
+  ignore_errors: true
+  loop: "{{ __sap_general_preconfigure_packages_2578899 }}"
+
+- name: Assert that all required packages are installed
+  ansible.builtin.assert:
+    that: __sap_general_preconfigure_register_packages.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0
+    fail_msg: "FAIL: Package '{{ item }}' is not installed!"
+    success_msg: "PASS: Package '{{ item }}' is installed."
+  loop: "{{ __sap_general_preconfigure_packages_2578899 }}"
+  ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2578899/configuration.yml b/roles/sap_general_preconfigure/tasks/sapnote/2578899/configuration.yml
new file mode 100644
index 00000000..c8fea7a8
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/2578899/configuration.yml
@@ -0,0 +1,52 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Ensure that the services are enabled and started
+  ansible.builtin.systemd:
+    name: "{{ item }}"
+    state: started
+    enabled: true
+  loop: "{{ __sap_general_preconfigure_services_2578899 }}"
+
+
+- name: Execute task to update GRUB entries
+  ansible.builtin.include_tasks:
+    file: ../../SLES/generic/grub_update.yml
+  vars:
+    __sap_general_preconfigure_grub_cmdline: "{{ __sap_general_preconfigure_grub_cmdline_2578899 }}"
+  when: __sap_general_preconfigure_grub_cmdline | length > 0
+
+
+- name: Apply SAP note 2578899 using saptune
+  when: __sap_general_preconfigure_use_saptune | d(true)
+  block:
+
+    - name: Apply SAP note 2578899 using saptune
+      ansible.builtin.command:
+        cmd: saptune note apply 2578899
+      changed_when: true
+
+    - name: Verify SAP note 2578899 using saptune
+      ansible.builtin.command:
+        cmd: saptune note verify 2578899
+      register: __sap_general_preconfigure_saptune_verify_2578899
+      changed_when: false
+      ignore_errors: true
+
+    - name: Display error if saptune verify failed
+      ansible.builtin.debug:
+        msg: |
+          {{ __sap_general_preconfigure_saptune_verify_2578899.stdout_lines }}
+          {{ __sap_general_preconfigure_saptune_verify_2578899.stderr_lines }}
+      when:
+        __sap_general_preconfigure_saptune_verify_2578899.rc != 0
+
+
+- name: Configuration changes without saptune
+  when: not __sap_general_preconfigure_use_saptune | d(true)
+  block:
+
+    - name: Increase kernel.pid_max to 4194304
+      ansible.builtin.command:
+        cmd: sysctl -w kernel.pid_max=4194304
+      changed_when: true
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2578899/installation.yml b/roles/sap_general_preconfigure/tasks/sapnote/2578899/installation.yml
new file mode 100644
index 00000000..164296be
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/2578899/installation.yml
@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Ensure that the required packages are installed
+  ansible.builtin.package:
+    name: "{{ __sap_general_preconfigure_packages_2578899 }}"
+    state: present
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml
index 1a22f7c6..3f04c4e2 100644
--- a/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml
+++ b/roles/sap_general_preconfigure/tasks/sapnote/2772999/03-configure-hostname.yml
@@ -16,7 +16,7 @@
 
 - name: Import role sap_maintain_etc_hosts
   ansible.builtin.import_role:
-    name: 'community.sap_install.sap_maintain_etc_hosts'
+    name: '{{ sap_general_preconfigure_sap_install_collection }}.sap_maintain_etc_hosts'
   vars:
     sap_maintain_etc_hosts_list:
       - node_ip: "{{ sap_general_preconfigure_ip }}"
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml
index fab19c6b..15b884b9 100644
--- a/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3108316/03-configure-hostname.yml
@@ -16,7 +16,7 @@
 
 - name: Import role sap_maintain_etc_hosts
   ansible.builtin.import_role:
-    name: 'community.sap_install.sap_maintain_etc_hosts'
+    name: '{{ sap_general_preconfigure_sap_install_collection }}.sap_maintain_etc_hosts'
   vars:
     sap_maintain_etc_hosts_list:
       - node_ip: "{{ sap_general_preconfigure_ip }}"
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909.yml
new file mode 100644
index 00000000..b671d639
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909.yml
@@ -0,0 +1,72 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure - Display SAP note number 3562909 and its version
+  ansible.builtin.debug:
+    msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562909$') | first).number }}
+          (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562909$') | first).version }}): Configure RHEL 9"
+  tags:
+    - always
+
+- name: Import tasks from '3562909/02-configure-selinux.yml'
+  ansible.builtin.import_tasks: 3562909/02-configure-selinux.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_02 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_02
+
+- name: Import tasks from '3562909/03-configure-hostname.yml'
+  ansible.builtin.import_tasks: 3562909/03-configure-hostname.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_03 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_03
+
+- name: Import tasks from '3562909/04-configure-network-time-and-date.yml'
+  ansible.builtin.import_tasks: 3562909/04-configure-network-time-and-date.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_04 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_04
+
+- name: Import tasks from '3562909/05-configure-firewall.yml'
+  ansible.builtin.import_tasks: 3562909/05-configure-firewall.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_05 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_05
+
+- name: Import tasks from '3562909/06-configure-uuidd.yml'
+  ansible.builtin.import_tasks: 3562909/06-configure-uuidd.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_06 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_06
+
+- name: Import tasks from '3562909/07-configure-tmpfs.yml'
+  ansible.builtin.import_tasks: 3562909/07-configure-tmpfs.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_07 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_07
+
+- name: Import tasks from '3562909/08-configure-linux-kernel-parameters.yml'
+  ansible.builtin.import_tasks: 3562909/08-configure-linux-kernel-parameters.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_08 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_08
+
+- name: Import tasks from '3562909/09-configure-process-resource-limits.yml'
+  ansible.builtin.import_tasks: 3562909/09-configure-process-resource-limits.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_09 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_09
+
+- name: Import tasks from '3562909/10-configure-systemd-tmpfiles.yml'
+  ansible.builtin.import_tasks: 3562909/10-configure-systemd-tmpfiles.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_10 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_10
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/02-assert-selinux.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/02-assert-selinux.yml
new file mode 100644
index 00000000..0513f28a
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/02-assert-selinux.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562909-2
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 2: Configure SELinux"
+  tags:
+    - sap_general_preconfigure_selinux
+
+- name: Import tasks from '../../RedHat/generic/assert-selinux.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-selinux.yml
+  tags:
+    - sap_general_preconfigure_selinux
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/02-configure-selinux.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/02-configure-selinux.yml
new file mode 100644
index 00000000..a4172ad7
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/02-configure-selinux.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562909-2
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 2: Configure SELinux"
+  tags:
+    - sap_general_preconfigure_selinux
+
+- name: Import tasks from '../../RedHat/generic/configure-selinux.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-selinux.yml
+  tags:
+    - sap_general_preconfigure_selinux
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/03-assert-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/03-assert-hostname.yml
new file mode 100644
index 00000000..8ca01d11
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/03-assert-hostname.yml
@@ -0,0 +1,25 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562909-3
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 3: Configure Hostname"
+  tags:
+    - sap_general_preconfigure_hostname
+    - sap_general_preconfigure_etc_hosts
+    - sap_general_preconfigure_dns_name_resolution
+
+- name: Import tasks from '../../RedHat/generic/assert-hostname.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-hostname.yml
+  tags:
+    - sap_general_preconfigure_hostname
+
+- name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml
+  tags:
+    - sap_general_preconfigure_etc_hosts
+
+- name: Import tasks from '../../RedHat/generic/assert-dns-name-resolution.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-dns-name-resolution.yml
+  tags:
+    - sap_general_preconfigure_dns_name_resolution
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/03-configure-hostname.yml
new file mode 100644
index 00000000..d586c011
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/03-configure-hostname.yml
@@ -0,0 +1,39 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562909-3
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 3: Configure Hostname"
+  tags:
+    - sap_general_preconfigure_hostname
+    - sap_general_preconfigure_etc_hosts
+    - sap_general_preconfigure_dns_name_resolution
+
+- name: Import tasks from '../../RedHat/generic/configure-hostname.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-hostname.yml
+  tags:
+    - sap_general_preconfigure_hostname
+
+- name: Import role sap_maintain_etc_hosts
+  ansible.builtin.import_role:
+    name: '{{ sap_general_preconfigure_sap_install_collection }}.sap_maintain_etc_hosts'
+  vars:
+    sap_maintain_etc_hosts_list:
+      - node_ip: "{{ sap_general_preconfigure_ip }}"
+        node_name: "{{ sap_general_preconfigure_hostname }}"
+        node_domain: "{{ sap_general_preconfigure_domain }}"
+        state: present
+  when: sap_general_preconfigure_modify_etc_hosts
+  tags:
+    - sap_general_preconfigure_etc_hosts
+
+- name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml
+  when: not sap_general_preconfigure_modify_etc_hosts
+  tags:
+    - sap_general_preconfigure_etc_hosts
+
+- name: Import tasks from '../../RedHat/generic/check-dns-name-resolution.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml
+  tags:
+    - sap_general_preconfigure_dns_name_resolution
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/04-assert-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/04-assert-network-time-and-date.yml
new file mode 100644
index 00000000..748bf8e1
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/04-assert-network-time-and-date.yml
@@ -0,0 +1,35 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562909-4
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 4: Configure Network Time and Date"
+  tags:
+    - sap_general_preconfigure_network_time_and_date
+
+# Reason for noqa: We need to get the current status only
+- name: Get status of chronyd # noqa command-instead-of-module
+  ansible.builtin.command: systemctl status chronyd
+  register: __sap_general_preconfigure_register_chronyd_status_assert
+  ignore_errors: true
+  changed_when: false
+  tags:
+    - sap_general_preconfigure_network_time_and_date
+
+- name: Assert that chronyd is enabled
+  ansible.builtin.assert:
+    that: "'/usr/lib/systemd/system/chronyd.service; enabled' in __sap_general_preconfigure_register_chronyd_status_assert.stdout"
+    fail_msg: "FAIL: Service 'chronyd' is not enabled!"
+    success_msg: "PASS: Service 'chronyd' is enabled."
+  ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
+  tags:
+    - sap_general_preconfigure_network_time_and_date
+
+- name: Assert that chronyd is active
+  ansible.builtin.assert:
+    that: "'active (running)' in __sap_general_preconfigure_register_chronyd_status_assert.stdout"
+    fail_msg: "FAIL: Service 'chronyd' is not active!"
+    success_msg: "PASS: Service 'chronyd' is active."
+  ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}"
+  tags:
+    - sap_general_preconfigure_network_time_and_date
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/04-configure-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/04-configure-network-time-and-date.yml
new file mode 100644
index 00000000..a3f3c7b5
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/04-configure-network-time-and-date.yml
@@ -0,0 +1,16 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562909-4
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 4: Configure Network Time and Date"
+  tags:
+    - sap_general_preconfigure_network_time_and_date
+
+- name: Start and enable service chronyd
+  ansible.builtin.systemd:
+    name: chronyd
+    state: started
+    enabled: true
+  tags:
+    - sap_general_preconfigure_network_time_and_date
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/05-assert-firewall.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/05-assert-firewall.yml
new file mode 100644
index 00000000..c3d40452
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/05-assert-firewall.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562909-5
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 5: Configure the Firewall"
+  tags:
+    - sap_general_preconfigure_firewall
+
+- name: Import tasks from '../../RedHat/generic/assert-firewall.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-firewall.yml
+  tags:
+    - sap_general_preconfigure_firewall
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/05-configure-firewall.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/05-configure-firewall.yml
new file mode 100644
index 00000000..18ee27f7
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/05-configure-firewall.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562909-5
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 5: Configure the Firewall"
+  tags:
+    - sap_general_preconfigure_firewall
+
+- name: Import tasks from '../../RedHat/generic/configure-firewall.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-firewall.yml
+  tags:
+    - sap_general_preconfigure_firewall
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/06-assert-uuidd.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/06-assert-uuidd.yml
new file mode 100644
index 00000000..33bd29d8
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/06-assert-uuidd.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562909-6
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 6: Configure uuidd"
+  tags:
+    - sap_general_preconfigure_configure_uuidd
+
+- name: Import tasks from '../../RedHat/generic/assert-uuidd.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-uuidd.yml
+  tags:
+    - sap_general_preconfigure_configure_uuidd
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/06-configure-uuidd.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/06-configure-uuidd.yml
new file mode 100644
index 00000000..a2cfffca
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/06-configure-uuidd.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562909-6
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 6: Configure uuidd"
+  tags:
+    - sap_general_preconfigure_configure_uuidd
+
+- name: Import tasks from '../../RedHat/generic/configure-uuidd.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-uuidd.yml
+  tags:
+    - sap_general_preconfigure_configure_uuidd
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/07-assert-tmpfs.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/07-assert-tmpfs.yml
new file mode 100644
index 00000000..48548d2e
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/07-assert-tmpfs.yml
@@ -0,0 +1,16 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562909-7
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 7: Configure tmpfs;
+    memtotal_mb = {{ ansible_memtotal_mb }};
+    swaptotal_mb = {{ ansible_swaptotal_mb }};
+    sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}"
+  tags:
+    - sap_general_preconfigure_configure_tmpfs
+
+- name: Import tasks from '../../RedHat/generic/assert-tmpfs.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-tmpfs.yml
+  tags:
+    - sap_general_preconfigure_configure_tmpfs
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/07-configure-tmpfs.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/07-configure-tmpfs.yml
new file mode 100644
index 00000000..99c61abf
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/07-configure-tmpfs.yml
@@ -0,0 +1,16 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562909-7
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 7: Configure tmpfs;
+    memtotal_mb = {{ ansible_memtotal_mb }};
+    swaptotal_mb = {{ ansible_swaptotal_mb }};
+    sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}"
+  tags:
+    - sap_general_preconfigure_configure_tmpfs
+
+- name: Import tasks from '../../RedHat/generic/configure-tmpfs.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-tmpfs.yml
+  tags:
+    - sap_general_preconfigure_configure_tmpfs
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/08-assert-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/08-assert-linux-kernel-parameters.yml
new file mode 100644
index 00000000..6ef6cadd
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/08-assert-linux-kernel-parameters.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562909-8
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 8: Configure Linux Kernel Parameters"
+  tags:
+    - sap_general_preconfigure_kernel_parameters
+
+- name: Import tasks from '../../RedHat/generic/assert-kernel-parameters.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-kernel-parameters.yml
+  tags:
+    - sap_general_preconfigure_kernel_parameters
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/08-configure-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/08-configure-linux-kernel-parameters.yml
new file mode 100644
index 00000000..29b99c59
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/08-configure-linux-kernel-parameters.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562909-8
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 8: Configure Linux Kernel Parameters"
+  tags:
+    - sap_general_preconfigure_kernel_parameters
+
+- name: Import tasks from '../../RedHat/generic/configure-kernel-parameters.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-kernel-parameters.yml
+  tags:
+    - sap_general_preconfigure_kernel_parameters
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/09-assert-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/09-assert-process-resource-limits.yml
new file mode 100644
index 00000000..afd0f02d
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/09-assert-process-resource-limits.yml
@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562909-9
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 9: Configure Process Resource Limits"
+  tags:
+    - sap_general_preconfigure_nproc_limits
+
+- name: Import tasks from '../../RedHat/generic/assert-limits-conf-file.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-limits-conf-file.yml
+  tags:
+    - sap_general_preconfigure_nproc_limits
+
+- name: Import tasks from '../../RedHat/generic/assert-nproc-limits.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-nproc-limits.yml
+  tags:
+    - sap_general_preconfigure_nproc_limits
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/09-configure-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/09-configure-process-resource-limits.yml
new file mode 100644
index 00000000..95d2c666
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/09-configure-process-resource-limits.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562909-9
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 9: Configure Process Resource Limits"
+  tags:
+    - sap_general_preconfigure_nproc_limits
+
+- name: Import tasks from '../../RedHat/generic/increase-nproc-limits.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/increase-nproc-limits.yml
+  tags:
+    - sap_general_preconfigure_nproc_limits
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/10-assert-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/10-assert-systemd-tmpfiles.yml
new file mode 100644
index 00000000..c0e42ed8
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/10-assert-systemd-tmpfiles.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562909-10
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 10: Configure systemd-tmpfiles"
+  tags:
+    - sap_general_preconfigure_systemd_tmpfiles
+
+- name: Import tasks from '../../RedHat/generic/assert-systemd-tmpfiles.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-systemd-tmpfiles.yml
+  tags:
+    - sap_general_preconfigure_systemd_tmpfiles
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/10-configure-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/10-configure-systemd-tmpfiles.yml
new file mode 100644
index 00000000..bde2ef65
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/10-configure-systemd-tmpfiles.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562909-10
+  ansible.builtin.debug:
+    msg: "SAP note 3562909 Step 10: Configure systemd-tmpfiles"
+  tags:
+    - sap_general_preconfigure_systemd_tmpfiles
+
+- name: Import tasks from '../../RedHat/generic/configure-systemd-tmpfiles.yml'
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-systemd-tmpfiles.yml
+  tags:
+    - sap_general_preconfigure_systemd_tmpfiles
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2369910.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2369910.yml
new file mode 100644
index 00000000..e14f88eb
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2369910.yml
@@ -0,0 +1,36 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+- name: Assert - Display SAP note number 2369910 and its version
+  ansible.builtin.debug:
+    msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2369910$') | first).number }}
+          (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2369910$') | first).version }}): SAP Software on Linux: General Information"
+  tags:
+    - always
+
+## STEP 3.1 -- System Language
+- name: Step 3.1 - Check if English Language is installed
+  tags:
+    - sap_general_preconfigure_2369910
+    - sap_general_preconfigure_2369910_03
+  block:
+    - name: Get list of installed locales
+      ansible.builtin.command: locale -a
+      changed_when: false
+      register: __sap_general_preconfigure_locales_installed
+
+    - name: Assert that an English locale is installed
+      ansible.builtin.assert:
+        that: __sap_general_preconfigure_locales_installed.stdout_lines | select('match', '^en_') | list | length > 0
+        fail_msg: "FAIL: No English locale is installed. Please install an English locale!"
+        success_msg: "PASS: An English locale is installed."
+
+    - name: Get the current default locale
+      ansible.builtin.command: awk '{gsub("\"","")}/^LANG=/&&(/=C\./||/=en_/)&&(/utf8$/||/UTF-8$/){print}' /etc/locale.conf
+      changed_when: false
+      register: __sap_general_preconfigure_current_default_locale
+
+    - name: Assert that an English locale is the default
+      ansible.builtin.assert:
+        that: __sap_general_preconfigure_current_default_locale.stdout_lines | length > 0
+        fail_msg: "FAIL: English is not set as the default locale. Please define a valid English default locale with the variable 'sap_general_preconfigure_default_locale' !"
+        success_msg: "PASS: An English default locale is set."
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2578899.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2578899.yml
new file mode 100644
index 00000000..38242e56
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2578899.yml
@@ -0,0 +1,28 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# 2578899 - SUSE Linux Enterprise Server 15: Installation Note
+
+- name: Assert - Display SAP note number 2578899 and its version
+  ansible.builtin.debug:
+    msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2578899$') | first).number }}
+          (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2578899$') | first).version }}):
+           SUSE Linux Enterprise Server 15: Installation Note"
+  tags:
+    - always
+
+- name: Set fact for SAP note number 2578899
+  ansible.builtin.set_fact:
+    __sap_general_preconfigure_services_2578899:
+      - uuidd.socket
+      - sysstat
+      - sysctl-logger.service
+
+    __sap_general_preconfigure_grub_cmdline_2578899: []
+      # I/O Scheduler parameter is already part of default saptune and sapconf configuration.
+      # - "elevator=noop"
+
+- name: Import tasks from '2578899/assert-installation.yml'
+  ansible.builtin.import_tasks: 2578899/assert-installation.yml
+
+- name: Import tasks from '2578899/assert-configuration.yml'
+  ansible.builtin.import_tasks: 2578899/assert-configuration.yml
diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-3562909.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-3562909.yml
new file mode 100644
index 00000000..5237ed50
--- /dev/null
+++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-3562909.yml
@@ -0,0 +1,72 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert - Display SAP note number 3562909 and its version
+  ansible.builtin.debug:
+    msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562909$') | first).number }}
+          (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562909$') | first).version }}): Configure RHEL 9"
+  tags:
+    - always
+
+- name: Import tasks from '3562909/02-assert-selinux.yml'
+  ansible.builtin.import_tasks: 3562909/02-assert-selinux.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_02 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_02
+
+- name: Import tasks from '3562909/03-assert-hostname.yml'
+  ansible.builtin.import_tasks: 3562909/03-assert-hostname.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_03 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_03
+
+- name: Import tasks from '3562909/04-assert-network-time-and-date.yml'
+  ansible.builtin.import_tasks: 3562909/04-assert-network-time-and-date.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_04 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_04
+
+- name: Import tasks from '3562909/05-assert-firewall.yml'
+  ansible.builtin.import_tasks: 3562909/05-assert-firewall.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_05 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_05
+
+- name: Import tasks from '3562909/06-assert-uuidd.yml'
+  ansible.builtin.import_tasks: 3562909/06-assert-uuidd.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_06 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_06
+
+- name: Import tasks from '3562909/07-assert-tmpfs.yml'
+  ansible.builtin.import_tasks: 3562909/07-assert-tmpfs.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_07 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_07
+
+- name: Import tasks from '3562909/08-assert-linux-kernel-parameters.yml'
+  ansible.builtin.import_tasks: 3562909/08-assert-linux-kernel-parameters.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_08 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_08
+
+- name: Import tasks from '3562909/09-assert-process-resource-limits.yml'
+  ansible.builtin.import_tasks: 3562909/09-assert-process-resource-limits.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_09 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_09
+
+- name: Import tasks from '3562909/10-assert-systemd-tmpfiles.yml'
+  ansible.builtin.import_tasks: 3562909/10-assert-systemd-tmpfiles.yml
+  when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_10 | d(false)
+  tags:
+    - sap_general_preconfigure_3562909
+    - sap_general_preconfigure_3562909_10
diff --git a/roles/sap_general_preconfigure/vars/RedHat_10.yml b/roles/sap_general_preconfigure/vars/RedHat_10.yml
new file mode 100644
index 00000000..ef1a5803
--- /dev/null
+++ b/roles/sap_general_preconfigure/vars/RedHat_10.yml
@@ -0,0 +1,104 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# vars file for sap_general_preconfigure
+
+__sap_general_preconfigure_sapnotes_versions:
+  - { number: '2369910', version: '18' }
+  - { number: '3562909', version: '1' }
+  - { number: '1771258', version: '6' }
+
+__sap_general_preconfigure_max_repo_type_x86_64: 'e4s'
+__sap_general_preconfigure_max_repo_type_ppc64le: 'e4s'
+__sap_general_preconfigure_max_repo_type_s390x: 'eus'
+
+__sap_general_preconfigure_max_repo_type: "{{ lookup('vars', '__sap_general_preconfigure_max_repo_type_' + ansible_architecture) }}"
+
+# RHEL 9 minor releases maximum repo support duration
+__sap_general_preconfigure_max_repo_type_string_10_0: '{{ __sap_general_preconfigure_max_repo_type }}-'
+__sap_general_preconfigure_max_repo_type_string_10_1: ''
+
+__sap_general_preconfigure_max_repo_type_string: "{{ lookup('vars', '__sap_general_preconfigure_max_repo_type_string_' + ansible_distribution_version | replace(\".\", \"_\")) }}"
+
+__sap_general_preconfigure_req_os_repos:
+  - rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-baseos-{{ __sap_general_preconfigure_max_repo_type_string }}rpms
+  - rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-appstream-{{ __sap_general_preconfigure_max_repo_type_string }}rpms
+__sap_general_preconfigure_req_netweaver_repos:
+  - rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-sap-netweaver-{{ __sap_general_preconfigure_max_repo_type_string }}rpms
+__sap_general_preconfigure_req_hana_repos:
+  - rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-sap-solutions-{{ __sap_general_preconfigure_max_repo_type_string }}rpms
+__sap_general_preconfigure_req_ha_repos:
+  - rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-{{ __sap_general_preconfigure_max_repo_type_string }}rpms
+
+__sap_general_preconfigure_envgroups:
+  - "server-product-environment"
+
+__sap_general_preconfigure_packagegroups_x86_64:
+  - "@server"
+
+__sap_general_preconfigure_packagegroups_ppc64le:
+  - "@server"
+
+__sap_general_preconfigure_packagegroups_s390x:
+  - "@server"
+
+__sap_general_preconfigure_packagegroups: "{{ lookup('vars', '__sap_general_preconfigure_packagegroups_' + ansible_architecture) }}"
+
+__sap_general_preconfigure_packages_x86_64:
+  - uuidd
+  - libnsl
+  - tcsh
+  - psmisc
+  - nfs-utils
+  - bind-utils
+# package hostname: needed by rhel-system-roles-sap
+  - hostname
+# package tuned: no longer part of package group "Core" in RHEL 10, so we have to install it
+  - tuned
+# package libxcrypt-compat: needed by sapstartsrv and SAP HANA on RHEL 10:
+  - libxcrypt-compat
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
+
+__sap_general_preconfigure_packages_ppc64le:
+  - uuidd
+  - libnsl
+  - tcsh
+  - psmisc
+  - nfs-utils
+  - bind-utils
+# package hostname: needed by rhel-system-roles-sap
+  - hostname
+# package tuned: no longer part of package group "Core" in RHEL 10, so we have to install it
+  - tuned
+# package libxcrypt-compat: needed by sapstartsrv and SAP HANA on RHEL 10:
+  - libxcrypt-compat
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
+
+__sap_general_preconfigure_packages_s390x:
+  - uuidd
+  - libnsl
+  - tcsh
+  - psmisc
+  - nfs-utils
+  - bind-utils
+# package hostname: needed by rhel-system-roles-sap
+  - hostname
+# package tuned: no longer part of package group "Core" in RHEL 10, so we have to install it
+  - tuned
+# package libxcrypt-compat: needed by sapstartsrv on RHEL 10:
+  - libxcrypt-compat
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
+
+__sap_general_preconfigure_packages: "{{ lookup('vars', '__sap_general_preconfigure_packages_' + ansible_architecture) }}"
+
+__sap_general_preconfigure_required_ppc64le:
+  - ibm-power-managed-rhel9
+
+__sap_general_preconfigure_kernel_parameters_default:
+  - { name: vm.max_map_count, value: '2147483647' }
diff --git a/roles/sap_general_preconfigure/vars/RedHat_7.yml b/roles/sap_general_preconfigure/vars/RedHat_7.yml
index 76f8dc46..5478a445 100644
--- a/roles/sap_general_preconfigure/vars/RedHat_7.yml
+++ b/roles/sap_general_preconfigure/vars/RedHat_7.yml
@@ -4,6 +4,7 @@
 # vars file for sap_general_preconfigure
 
 __sap_general_preconfigure_sapnotes_versions:
+  - { number: '2369910', version: '18' }
   - { number: '2002167', version: '36' }
   - { number: '1771258', version: '6' }
   - { number: '1391070', version: '41' }
diff --git a/roles/sap_general_preconfigure/vars/RedHat_8.0.yml b/roles/sap_general_preconfigure/vars/RedHat_8.0.yml
index 0f952dcd..d0f8fe03 100644
--- a/roles/sap_general_preconfigure/vars/RedHat_8.0.yml
+++ b/roles/sap_general_preconfigure/vars/RedHat_8.0.yml
@@ -4,6 +4,7 @@
 # vars file for sap_general_preconfigure
 
 __sap_general_preconfigure_sapnotes_versions:
+  - { number: '2369910', version: '18' }
   - { number: '2772999', version: '24' }
   - { number: '1771258', version: '6' }
 
@@ -47,6 +48,9 @@ __sap_general_preconfigure_packages:
   - psmisc
   - nfs-utils
   - bind-utils
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_required_ppc64le:
   - ibm-power-managed-rhel8
diff --git a/roles/sap_general_preconfigure/vars/RedHat_8.1.yml b/roles/sap_general_preconfigure/vars/RedHat_8.1.yml
index 3ffd289a..375b7e05 100644
--- a/roles/sap_general_preconfigure/vars/RedHat_8.1.yml
+++ b/roles/sap_general_preconfigure/vars/RedHat_8.1.yml
@@ -4,6 +4,7 @@
 # vars file for sap_general_preconfigure
 
 __sap_general_preconfigure_sapnotes_versions:
+  - { number: '2369910', version: '18' }
   - { number: '2772999', version: '24' }
   - { number: '1771258', version: '6' }
 
@@ -49,6 +50,9 @@ __sap_general_preconfigure_packages_x86_64:
   - bind-utils
   - compat-sap-c++-9
   - compat-sap-c++-10
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_packages_ppc64le:
   - uuidd
@@ -59,6 +63,9 @@ __sap_general_preconfigure_packages_ppc64le:
   - bind-utils
   - compat-sap-c++-9
   - compat-sap-c++-10
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_packages_s390x:
   - uuidd
@@ -67,6 +74,9 @@ __sap_general_preconfigure_packages_s390x:
   - psmisc
   - nfs-utils
   - bind-utils
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_packages: "{{ lookup('vars', '__sap_general_preconfigure_packages_' + ansible_architecture) }}"
 
diff --git a/roles/sap_general_preconfigure/vars/RedHat_8.2.yml b/roles/sap_general_preconfigure/vars/RedHat_8.2.yml
index e47d8806..bd26d320 100644
--- a/roles/sap_general_preconfigure/vars/RedHat_8.2.yml
+++ b/roles/sap_general_preconfigure/vars/RedHat_8.2.yml
@@ -4,6 +4,7 @@
 # vars file for sap_general_preconfigure
 
 __sap_general_preconfigure_sapnotes_versions:
+  - { number: '2369910', version: '18' }
   - { number: '2772999', version: '24' }
   - { number: '1771258', version: '6' }
 
@@ -49,6 +50,9 @@ __sap_general_preconfigure_packages_x86_64:
   - bind-utils
   - compat-sap-c++-9
   - compat-sap-c++-10
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_packages_ppc64le:
   - uuidd
@@ -59,6 +63,9 @@ __sap_general_preconfigure_packages_ppc64le:
   - bind-utils
   - compat-sap-c++-9
   - compat-sap-c++-10
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_packages_s390x:
   - uuidd
@@ -67,6 +74,9 @@ __sap_general_preconfigure_packages_s390x:
   - psmisc
   - nfs-utils
   - bind-utils
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_packages: "{{ lookup('vars', '__sap_general_preconfigure_packages_' + ansible_architecture) }}"
 
diff --git a/roles/sap_general_preconfigure/vars/RedHat_8.yml b/roles/sap_general_preconfigure/vars/RedHat_8.yml
index aa05e96d..12ee9598 100644
--- a/roles/sap_general_preconfigure/vars/RedHat_8.yml
+++ b/roles/sap_general_preconfigure/vars/RedHat_8.yml
@@ -4,6 +4,7 @@
 # vars file for sap_general_preconfigure
 
 __sap_general_preconfigure_sapnotes_versions:
+  - { number: '2369910', version: '18' }
   - { number: '2772999', version: '24' }
   - { number: '1771258', version: '6' }
 
@@ -59,6 +60,9 @@ __sap_general_preconfigure_packages_x86_64:
   - compat-sap-c++-9
   - compat-sap-c++-10
   - compat-sap-c++-11
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_packages_ppc64le:
   - uuidd
@@ -70,6 +74,9 @@ __sap_general_preconfigure_packages_ppc64le:
   - compat-sap-c++-9
   - compat-sap-c++-10
   - compat-sap-c++-11
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_packages_s390x:
   - uuidd
@@ -79,6 +86,9 @@ __sap_general_preconfigure_packages_s390x:
   - nfs-utils
   - bind-utils
   - compat-sap-c++-10
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_packages: "{{ lookup('vars', '__sap_general_preconfigure_packages_' + ansible_architecture) }}"
 
diff --git a/roles/sap_general_preconfigure/vars/RedHat_9.yml b/roles/sap_general_preconfigure/vars/RedHat_9.yml
index 9f22fefe..a2579378 100644
--- a/roles/sap_general_preconfigure/vars/RedHat_9.yml
+++ b/roles/sap_general_preconfigure/vars/RedHat_9.yml
@@ -4,6 +4,7 @@
 # vars file for sap_general_preconfigure
 
 __sap_general_preconfigure_sapnotes_versions:
+  - { number: '2369910', version: '18' }
   - { number: '3108316', version: '2' }
   - { number: '1771258', version: '6' }
 
@@ -65,6 +66,9 @@ __sap_general_preconfigure_packages_x86_64:
   - tuned
 # package libxcrypt-compat: needed by sapstartsrv and SAP HANA on RHEL 9:
   - libxcrypt-compat
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_packages_ppc64le:
   - uuidd
@@ -79,6 +83,9 @@ __sap_general_preconfigure_packages_ppc64le:
   - tuned
 # package libxcrypt-compat: needed by sapstartsrv and SAP HANA on RHEL 9:
   - libxcrypt-compat
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_packages_s390x:
   - uuidd
@@ -93,6 +100,9 @@ __sap_general_preconfigure_packages_s390x:
   - tuned
 # package libxcrypt-compat: needed by sapstartsrv on RHEL 9:
   - libxcrypt-compat
+# English locale packages are required as per SAP note 2369910:
+  - langpacks-en
+  - glibc-langpack-en
 
 __sap_general_preconfigure_packages: "{{ lookup('vars', '__sap_general_preconfigure_packages_' + ansible_architecture) }}"
 
diff --git a/roles/sap_general_preconfigure/vars/SLES_15.yml b/roles/sap_general_preconfigure/vars/SLES_15.yml
new file mode 100644
index 00000000..f6e47478
--- /dev/null
+++ b/roles/sap_general_preconfigure/vars/SLES_15.yml
@@ -0,0 +1,33 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# Variables specific to following versions:
+# - SUSE Linux Enterprise Server 15
+
+__sap_general_preconfigure_sapnotes_versions:
+  # 2578899 - SUSE Linux Enterprise Server 15: Installation Note
+  - { number: '2578899', version: '50' }
+  # 2369910 - SAP Software on Linux: General information
+  - { number: '2369910', version: '18' }
+
+__sap_general_preconfigure_packages:
+  - uuidd
+  - tcsh
+  - psmisc
+  - nfs-utils
+  - bind-utils
+  - hostname
+
+# Packages specific for SAP Note 2578899
+# Their services are enabled using __sap_general_preconfigure_services_2578899
+__sap_general_preconfigure_packages_2578899:
+  - uuidd
+  - sysstat
+  - sysctl-logger
+
+__sap_general_preconfigure_min_pkgs: []
+__sap_general_preconfigure_packagegroups:
+__sap_general_preconfigure_envgroups:
+__sap_general_preconfigure_kernel_parameters_default: []
+
+# SLES_SAP is using saptune, but SLES is using sapconf.
+__sap_general_preconfigure_use_saptune: false
diff --git a/roles/sap_general_preconfigure/vars/SLES_SAP_15.yml b/roles/sap_general_preconfigure/vars/SLES_SAP_15.yml
new file mode 100644
index 00000000..1f2dcb57
--- /dev/null
+++ b/roles/sap_general_preconfigure/vars/SLES_SAP_15.yml
@@ -0,0 +1,37 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# Variables specific to following versions:
+# - SUSE Linux Enterprise Server for SAP Applications 15
+
+__sap_general_preconfigure_sapnotes_versions:
+  # 2578899 - SUSE Linux Enterprise Server 15: Installation Note
+  - { number: '2578899', version: '50' }
+  # 2369910 - SAP Software on Linux: General information
+  - { number: '2369910', version: '18' }
+
+__sap_general_preconfigure_packages:
+  # Mandatory patterns
+  - patterns-server-enterprise-sap_server
+
+  # Recommended packages
+  - tcsh
+  - psmisc
+
+  # Additional packages
+  - nfs-utils
+  - bind-utils
+
+# Packages specific for SAP Note 2578899
+# Their services are enabled using __sap_general_preconfigure_services_2578899
+__sap_general_preconfigure_packages_2578899:
+  - uuidd
+  - sysstat
+  - sysctl-logger
+
+__sap_general_preconfigure_min_pkgs: []
+__sap_general_preconfigure_packagegroups:
+__sap_general_preconfigure_envgroups:
+__sap_general_preconfigure_kernel_parameters_default: []
+
+# SLES_SAP is using saptune, but SLES is using sapconf.
+__sap_general_preconfigure_use_saptune: true
diff --git a/roles/sap_general_preconfigure/vars/SLES_SAP_16.yml b/roles/sap_general_preconfigure/vars/SLES_SAP_16.yml
new file mode 100644
index 00000000..c36a953f
--- /dev/null
+++ b/roles/sap_general_preconfigure/vars/SLES_SAP_16.yml
@@ -0,0 +1,32 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# Variables specific to following versions:
+# - SUSE Linux Enterprise Server for SAP Applications 16
+
+__sap_general_preconfigure_sapnotes_versions: []
+
+__sap_general_preconfigure_packages:
+  # Mandatory patterns
+  - patterns-sap-base_sap_server
+
+  # Recommended packages
+  - tcsh
+  - psmisc
+
+  # 2578899 is not updated for SLES 16 yet.
+  - uuidd
+  - sysstat
+  - sysctl-logger
+
+  # Additional packages
+  - nfs-utils
+  - bind-utils
+
+
+__sap_general_preconfigure_min_pkgs: []
+__sap_general_preconfigure_packagegroups:
+__sap_general_preconfigure_envgroups:
+__sap_general_preconfigure_kernel_parameters_default: []
+
+# SLES_SAP is using saptune, but SLES is using sapconf.
+__sap_general_preconfigure_use_saptune: true
diff --git a/roles/sap_general_preconfigure/vars/Suse.yml b/roles/sap_general_preconfigure/vars/Suse.yml
deleted file mode 100644
index c1bba28a..00000000
--- a/roles/sap_general_preconfigure/vars/Suse.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
----
-# Variables specific to following versions:
-# - SUSE Linux Enterprise Server for SAP Applications 15
-# - SUSE Linux Enterprise Server 15
-# - SUSE Linux Enterprise Server for SAP Applications 16
-# - SUSE Linux Enterprise Server 16
-
-__sap_general_preconfigure_sapnotes_versions:
-  - ''
-
-__sap_general_preconfigure_packages:
-  - uuidd
-  - tcsh
-  - psmisc
-  - nfs-utils
-  - bind-utils
-  - hostname
-
-__sap_general_preconfigure_min_pkgs:
-__sap_general_preconfigure_packagegroups:
-__sap_general_preconfigure_envgroups:
-__sap_general_preconfigure_kernel_parameters_default:
diff --git a/roles/sap_ha_pacemaker_cluster/README.md b/roles/sap_ha_pacemaker_cluster/README.md
index a74280e4..c85964e2 100644
--- a/roles/sap_ha_pacemaker_cluster/README.md
+++ b/roles/sap_ha_pacemaker_cluster/README.md
@@ -883,7 +883,8 @@ sap_ha_pacemaker_cluster_resource_defaults:
 - _Type:_ `string`<br>
 - _Default:_ `True`<br>
 
-Disabling this variable enables to use Classic SAPHanaSR agents even on server, with SAPHanaSR-angi is available.<br>
+Disabling this variable enables to use Classic SAPHanaSR agents even on server, where SAPHanaSR-angi is available.<br>
+Value `false` (Classic) is ignored when only SAPHanaSR-angi packages are available.<br>
 
 ### sap_ha_pacemaker_cluster_sbd_devices
 - _Type:_ `list`<br>
diff --git a/roles/sap_ha_pacemaker_cluster/defaults/main.yml b/roles/sap_ha_pacemaker_cluster/defaults/main.yml
index b50453b9..de02a3d5 100644
--- a/roles/sap_ha_pacemaker_cluster/defaults/main.yml
+++ b/roles/sap_ha_pacemaker_cluster/defaults/main.yml
@@ -1,353 +1,452 @@
-# SPDX-License-Identifier: Apache-2.0
----
-################################################################################
-# Role generic parameters
-################################################################################
-
-# Do NOT USE ANSIBLE FACTS for defaults to be compatible with
-# playbooks that disable generic fact gathering!
-
-# Set which Ansible Collection to use for the Linux System Roles.
-# For community/upstream, use 'fedora.linux_system_roles'
-# For the RHEL System Roles for SAP, or for Red Hat Automation Hub, use 'redhat.rhel_system_roles'
-sap_ha_pacemaker_cluster_system_roles_collection: 'fedora.linux_system_roles'
-
-# Variables for the cluster setup must be constructed by dedicated tasks!
-# The included 'ha_cluster' role will not work with the role variables set
-# in this role. This SAP HA role takes care of the parameter construction
-# based on the target cluster to be configured, before feeding it into 'ha_cluster'.
-
-
-# Optional: write all cluster configuration (including unencrypted credentials!) into a yaml
-# config file.
-# Useful for parameter review or reuse with the 'ha_cluster' LSR.
-sap_ha_pacemaker_cluster_create_config_varfile: false
-sap_ha_pacemaker_cluster_create_config_dest: "review_resource_config.yml"
-
-# Inherit SAP common (global synonyms) parameters when defined.
-
-# This variable is currently only required for HANA nodes to define
-# - hana_site: <DC-name>
-# Other options are needed in the separate HSR setup role.
-sap_ha_pacemaker_cluster_cluster_nodes: "{{ sap_hana_cluster_nodes | d([]) }}"
-
-# Resource defaults are defined differently by cluster type in different tasks, if not custom defined.
-sap_ha_pacemaker_cluster_resource_defaults: {}
-sap_ha_pacemaker_cluster_operation_defaults: {}
-
-# The type of SAP landscape and multi-node replication
-# TODO: Type definitions and feature support
-# TODO: Implement all types
-# hana_scaleup_costopt  (not yet)
-# hana_scaleup_perf     (available, default)
-# hana_scaleup_per_dr   (not yet)
-# hana_scaleout         (not yet)
-# nwas_abap_ascs_ers    (available)
-# nwas_abap_pas_aas     (not yet)
-# nwas_java_scs_ers     (available)
-
-# 'sap_ha_pacemaker_cluster_host_type' is converted from string to list type in
-# 'tasks/ascertain_sap_landscape.yml'.
-sap_ha_pacemaker_cluster_host_type: "{{ sap_host_type | d(['hana_scaleup_perf']) }}"
-
-### VIP resource default patterns
-sap_ha_pacemaker_cluster_vip_client_interface: ''
-
-## A custom stonith definition that takes precedence over platform defaults.
-# sap_ha_pacemaker_cluster_stonith_custom:
-#   - name: ""
-#     agent: "stonith:"
-#     options:
-#       pcmk_host_list: ""
-
-# sap_ha_pacemaker_cluster_stonith_custom: []
-
-# Simpler definition format here which gets transformed into the 'ha_cluster' LSR native
-# 'ha_cluster_cluster_properties' parameter.
-sap_ha_pacemaker_cluster_cluster_properties:
-  stonith-enabled: true
-  stonith-timeout: 900
-  concurrent-fencing: true
-
-### Constraints:
-# score is dynamic and automatically increased for groups
-sap_ha_pacemaker_cluster_constraint_colo_base_score: 2000
-
-################################################################################
-# Inherit from 'ha_cluster' Linux System Role parameters when defined
-################################################################################
-
-# Optional without a default. The 'ha_cluster' LSR defaults will apply when not defined.
-# sap_ha_pacemaker_cluster_ha_cluster:
-# sap_ha_pacemaker_cluster_cluster_name:
-
-# Optional. Set a default here and not in the code.
-sap_ha_pacemaker_cluster_extra_packages: []
-
-# Optional: additional fence agent packages. This is combined with the above "minimal" list.
-sap_ha_pacemaker_cluster_fence_agent_packages: []
-
-# Mandatory.
-# Either inherit from the 'ha_cluster' LSR variable when defined, but do not set a default.
-# This fails the argument validation when none of the 2 vars are defined.
-sap_ha_pacemaker_cluster_hacluster_user_password: "{{ ha_cluster_hacluster_password }}"
-
-
-################################################################################
-# HANA
-################################################################################
-
-sap_ha_pacemaker_cluster_hana_sid: ''  # Mandatory System ID in capital letters
-sap_ha_pacemaker_cluster_hana_instance_nr: ''  # Mandatory instance number in string format
-
-# Optional parameters to customize SAPHana resources
-# AUTOMATED_REGISTER
-sap_ha_pacemaker_cluster_hana_automated_register: true
-# DUPLICATE_PRIMARY_TIMEOUT
-sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout: 7200
-# PREFER_SITE_TAKEOVER
-sap_ha_pacemaker_cluster_hana_prefer_site_takeover: true
-
-# SAP HANA - Resource IDs (names) as convenience parameters.
-sap_ha_pacemaker_cluster_hana_resource_name: ''             # Default: rsc_SAPHana_<SID>_HDB<Instance Number>
-sap_ha_pacemaker_cluster_hana_resource_clone_name: ''       # Default: cln_SAPHana_<SID>_HDB<Instance Number>
-sap_ha_pacemaker_cluster_hana_resource_clone_msl_name: ''   # Default: msl_SAPHana_<SID>_HDB<Instance Number>
-sap_ha_pacemaker_cluster_hanacontroller_resource_name: ''   # Default: rsc_SAPHanaCon_<SID>_HDB<Instance Number>
-sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name: ''  # Default: <cln|mst>_SAPHanaCon_<SID>_HDB<Instance Number>
-sap_ha_pacemaker_cluster_hana_topology_resource_name: ''  # Default: rsc_SAPHanaTop_<SID>_HDB<Instance Number>
-sap_ha_pacemaker_cluster_hana_topology_resource_clone_name: ''  # Default: cln_SAPHanaTop_<SID>_HDB<Instance Number>
-sap_ha_pacemaker_cluster_hana_filesystem_resource_name: ''  # Default: rsc_SAPHanaFil_<SID>_HDB<Instance Number>
-sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name: ''  # Default: cln_SAPHanaFil_<SID>_HDB<Instance Number>
-
-# SAP HANA - Constraint names
-sap_ha_pacemaker_cluster_hana_order_topology_hana_name: ''  # Default: ord_saphana_saphanatop_<SID>_HDB<Instance Number>
-sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name: ''  # Default: col_saphana_vip_<SID>_HDB<Instance Number>_primary
-sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name: ''  # Default: col_saphana_vip_<SID>_HDB<Instance Number>_readonly
-sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name: ''  # Default: ord_saphana_vip_<SID>_HDB<Instance Number>_primary
-sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name: ''  # Default: ord_saphana_vip_<SID>_HDB<Instance Number>_readonly
-
-# Multiple VIP parameters can be defined and will be combined.
-# See tasks/include_construct_vip_resources.yml
-#
-# Mandatory: primary VIP address definition in HANA scale-up clusters
-sap_ha_pacemaker_cluster_vip_hana_primary_ip_address: ''
-sap_ha_pacemaker_cluster_vip_hana_primary_resource_name: ''  # Default: rsc_vip_<SID>_HDB<Instance Number>_primary
-sap_ha_pacemaker_cluster_healthcheck_hana_primary_resource_name: ''  # Default: rsc_vip_health_check_<SID>_HDB<Instance Number>_primary
-
-sap_ha_pacemaker_cluster_vip_hana_secondary_ip_address: ''
-sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name: ''  # Default: rsc_vip_<SID>_HDB<Instance Number>_readonly
-sap_ha_pacemaker_cluster_healthcheck_hana_secondary_resource_name: ''  # Default: rsc_vip_health_check_<SID>_HDB<Instance Number>_readonly
-
-sap_ha_pacemaker_cluster_healthcheck_hana_primary_id: ''  # Default: <SID>prim
-sap_ha_pacemaker_cluster_healthcheck_hana_secondary_id: ''  # Default: <SID>ro
-
-# Optional dictionary with custom list of HANA Hooks for replication
-sap_ha_pacemaker_cluster_hana_hooks: []
-# Parameters enable additional srHooks for TkOver and ChkSrv.
-# They are ignored if sap_ha_pacemaker_cluster_hana_hooks is used.
-sap_ha_pacemaker_cluster_hana_hook_tkover: false
-sap_ha_pacemaker_cluster_hana_hook_chksrv: false
-
-# SAP Hana global.ini path calculated from SID
-sap_ha_pacemaker_cluster_hana_global_ini_path: ''  # Default: /usr/sap/<SID>/SYS/global/hdb/custom/config/global.ini
-
-# Disable auto-detection of SAPHanaSR-angi package and use Classic
-sap_ha_pacemaker_cluster_saphanasr_angi_detection: true
-
-################################################################################
-# NetWeaver generic definitions
-################################################################################
-
-# Default will be ENSA2. To configure HA resources for ENSA1,
-# set this parameter to 'true'.
-sap_ha_pacemaker_cluster_nwas_cs_ensa1: false
-
-# Enable ENSA2 simple mount configuration
-sap_ha_pacemaker_cluster_nwas_cs_ers_simple_mount: true
-
-# Enable/Disable sap_cluster_connector.
-# Ref.: https://access.redhat.com/solutions/3606101
-sap_ha_pacemaker_cluster_enable_cluster_connector: true
-
-# SAP Netweaver instance details
-sap_ha_pacemaker_cluster_nwas_sid: ''  # Mandatory System ID in capital letters for Netweaver scenarios
-sap_ha_pacemaker_cluster_nwas_ascs_instance_nr: ''  # Mandatory instance number for ASCS/ERS
-sap_ha_pacemaker_cluster_nwas_scs_instance_nr: ''   # Mandatory instance number for SCS/ERS
-sap_ha_pacemaker_cluster_nwas_ers_instance_nr: ''   # Mandatory instance number for ASCS/ERS and SCS/ERS
-# TODO: Differentiate between ABAP and JAVA (Dxx vs Jxx) once supported
-sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr: ''  # Mandatory instance number for PAS/AAS
-sap_ha_pacemaker_cluster_nwas_abap_aas_instance_nr: ''  # Mandatory instance number for PAS/AAS
-
-
-# Definitions for filesystems resources. Currently limited to NFS filesystems.
-sap_ha_pacemaker_cluster_storage_definition: "{{ sap_storage_setup_definition | d([]) }}"
-sap_ha_pacemaker_cluster_storage_nfs_filesystem_type: nfs
-sap_ha_pacemaker_cluster_storage_nfs_mount_options: 'defaults'
-sap_ha_pacemaker_cluster_storage_nfs_server: "{{ sap_storage_nfs_server | d('') }}"
-
-# NFS filesystem resource requirement
-# Not adding to argument_specs because this should not be changed anyway.
-# TODO: review later and move to internal vars in vars/main.yml?
-sap_ha_pacemaker_cluster_resource_filesystem_force_unmount: safe
-
-
-# Multiple VIP parameters can be defined and will be combined.
-# See tasks/include_construct_vip_resources.yml
-sap_ha_pacemaker_cluster_vip_nwas_ascs_ip_address: ''
-sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_name: ''  # Default rsc_vip_<SID>_ASCS<ASCS-instance-number>
-sap_ha_pacemaker_cluster_healthcheck_nwas_ascs_resource_name: ''  # Default: rsc_vip_health_check_<SID>_ASCS<ASCS-instance-number>
-
-sap_ha_pacemaker_cluster_vip_nwas_scs_ip_address: ''
-sap_ha_pacemaker_cluster_vip_nwas_scs_resource_name: ''  # Default: rsc_vip_<SID>_SCS<SCS-instance-number>
-sap_ha_pacemaker_cluster_healthcheck_nwas_scs_resource_name: ''  # Default: rsc_vip_health_check_<SID>_SCS<SCS-instance-number>
-
-sap_ha_pacemaker_cluster_vip_nwas_ers_ip_address: ''
-sap_ha_pacemaker_cluster_vip_nwas_ers_resource_name: ''  # Default: rsc_vip_<SID>_ERS<ERS-instance-number>
-sap_ha_pacemaker_cluster_healthcheck_nwas_ers_resource_name: ''  # Default: rsc_vip_health_check_<SID>_ERS<ERS-instance-number>
-
-sap_ha_pacemaker_cluster_vip_nwas_abap_pas_ip_address: ''
-sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name: '' # Default: rsc_vip_<SID>_PAS<PAS-instance-number>
-sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_resource_name: ''  # Default: rsc_vip_health_check_<SID>_PAS<PAS-instance-number>
-
-sap_ha_pacemaker_cluster_vip_nwas_abap_aas_ip_address: ''
-sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name: '' # Default: rsc_vip_<SID>_AAS<AAS-instance-number>
-sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_resource_name: ''  # Default: rsc_vip_health_check_<SID>_AAS<AAS-instance-number>
-
-sap_ha_pacemaker_cluster_healthcheck_nwas_ascs_id: ''
-sap_ha_pacemaker_cluster_healthcheck_nwas_scs_id: ''
-sap_ha_pacemaker_cluster_healthcheck_nwas_ers_id: ''
-sap_ha_pacemaker_cluster_healthcheck_nwas_pas_id: ''
-sap_ha_pacemaker_cluster_healthcheck_nwas_aas_id: ''
-
-# SAP NetWeaver common - Resource IDs (names) as convenience parameters
-# for the following filesystems:
-# - /sapmnt
-# - /usr/sap/trans
-# - /usr/sap/<<SID>>/SYS
-sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name: ''  # Default: rsc_fs_<SID>_sapmnt
-sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name: ''  # Default: cln_fs_<SID>_sapmnt
-
-sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name: ''  # Default: rsc_fs_<SID>_trans
-sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_clone_name: '' # Default: cln_fs_<SID>_trans
-
-sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name: ''  # Default: rsc_fs_<SID>_sys
-sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name: ''  # Default: cln_fs_<SID>_sys
-
-# The shared filesystems are not required to be configured in the cluster.
-# By default it is assumed that they are mounted by the system and available on all cluster nodes.
-# Set this parameter to "true" to configure the 3 shared filesystems as part of the cluster.
-sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed: false
-
-
-################################################################################
-# ASCS and SCS shared resource defaults
-################################################################################
-
-# TODO: Remove backwards compatibility to nwas_abap_ascs
-sap_ha_pacemaker_cluster_nwas_cs_sapinstance_automatic_recover_bool:
-  "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_automatic_recover_bool | d(false) }}"
-sap_ha_pacemaker_cluster_nwas_cs_sapinstance_resource_stickiness:
-  "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_stickiness | d(5000) }}"
-sap_ha_pacemaker_cluster_nwas_cs_sapinstance_ensa1_migration_threshold:
-  "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_ensa1_migration_threshold | d(1) }}"
-sap_ha_pacemaker_cluster_nwas_cs_sapinstance_ensa1_failure_timeout:
-  "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_ensa1_failure_timeout | d(60) }}"
-sap_ha_pacemaker_cluster_nwas_cs_group_stickiness:
-  "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_group_stickiness | d(3000) }}"
-
-
-################################################################################
-# ASCS resource defaults
-################################################################################
-
-sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_instance_name: ''  # Mandatory name of instance profile
-sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_start_profile_string: ''  # Full path of instance profile
-
-sap_ha_pacemaker_cluster_nwas_ascs_filesystem_resource_name: ''  # Default: rsc_fs_<SID>_ASCS<ASCS-instance-number>
-sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_resource_name: ''  # Default: rsc_SAPInstance_<SID>_ASCS<ASCS-instance-number>
-sap_ha_pacemaker_cluster_nwas_ascs_sapstartsrv_resource_name: ''  # Default: rsc_SAPStartSrv_<SID>_ASCS<ASCS-instance-number>
-
-sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_group_name: ''  # Default: grp_<SID>_ASCS<ASCS-instance-number>
-
-sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name: ''  # Default: col_ascs_separate_<SID>
-sap_ha_pacemaker_cluster_nwas_order_ascs_first_name: ''  # Default: ord_ascs_first_<SID>
-
-
-################################################################################
-# SCS resource defaults
-################################################################################
-
-sap_ha_pacemaker_cluster_nwas_scs_sapinstance_instance_name: ''  # Mandatory name of instance profile
-sap_ha_pacemaker_cluster_nwas_scs_sapinstance_start_profile_string: ''  # Full path of instance profile
-
-sap_ha_pacemaker_cluster_nwas_scs_filesystem_resource_name: ''  # Default: rsc_fs_<SID>_SCS<SCS-instance-number>
-sap_ha_pacemaker_cluster_nwas_scs_sapinstance_resource_name: ''  # Default: rsc_SAPInstance_<SID>_SCS<SCS-instance-number>
-sap_ha_pacemaker_cluster_nwas_scs_sapstartsrv_resource_name: ''  # Default: rsc_SAPStartSrv_<SID>_SCS<SCS-instance-number>
-
-sap_ha_pacemaker_cluster_vip_nwas_scs_resource_group_name: ''  # Default: grp_<SID>_SCS<SCS-instance-number>
-
-sap_ha_pacemaker_cluster_nwas_colocation_scs_no_ers_name: ''  # Default: col_ascs_separate_<SID>
-sap_ha_pacemaker_cluster_nwas_order_scs_first_name: ''  # Default: ord_ascs_first_<SID>
-
-
-################################################################################
-# ERS resource defaults
-################################################################################
-
-sap_ha_pacemaker_cluster_nwas_ers_sapinstance_instance_name: ''  # Mandatory name of instance profile
-sap_ha_pacemaker_cluster_nwas_ers_sapinstance_start_profile_string: ''  # Full path of instance profile
-
-sap_ha_pacemaker_cluster_nwas_ers_filesystem_resource_name: ''  # Default: rsc_fs_<SID>_ERS<ERS-instance-number>
-sap_ha_pacemaker_cluster_nwas_ers_sapinstance_resource_name: ''  # Default: rsc_SAPInstance_<SID>_ERS<ERS-instance-number>
-sap_ha_pacemaker_cluster_nwas_ers_sapstartsrv_resource_name: ''  # Default: rsc_SAPStartSrv_<SID>_ERS<ERS-instance-number>
-sap_ha_pacemaker_cluster_vip_nwas_ers_resource_group_name: ''  # Default: grp_<SID>_ERS<ERS-instance-number>
-
-sap_ha_pacemaker_cluster_nwas_ers_sapinstance_automatic_recover_bool: false
-
-################################################################################
-# PAS/AAS resource defaults
-################################################################################
-# sap_ha_pacemaker_cluster_nwas_abap_pas_filesystem_resource_name: ''
-# sap_ha_pacemaker_cluster_nwas_abap_pas_sapinstance_resource_name: ''
-# sap_ha_pacemaker_cluster_nwas_abap_aas_filesystem_resource_name: ''
-# sap_ha_pacemaker_cluster_nwas_abap_aas_sapinstance_resource_name: ''
-
-
-################################################################################
-# Platform specific
-################################################################################
-
-## Infrastructure Platform variables, shown here for visibility only and should not be given default values
-
-## AWS platform, EC2 Virtual Servers
-# sap_ha_pacemaker_cluster_aws_vip_update_rt
-# sap_ha_pacemaker_cluster_aws_access_key_id
-# sap_ha_pacemaker_cluster_aws_secret_access_key
-# sap_ha_pacemaker_cluster_aws_region
-# sap_ha_pacemaker_cluster_aws_credentials_setup: false
-
-## Google Cloud platform, Compute Engine Virtual Machines
-# sap_ha_pacemaker_cluster_gcp_project
-# sap_ha_pacemaker_cluster_gcp_region_zone
-
-## IBM Cloud platform, Virtual Servers (x86_64)
-# sap_ha_pacemaker_cluster_ibmcloud_api_key
-# sap_ha_pacemaker_cluster_ibmcloud_region
-
-## IBM Cloud platform, IBM Power Virtual Servers (ppc64le)
-# sap_ha_pacemaker_cluster_ibmcloud_api_key
-# sap_ha_pacemaker_cluster_ibmcloud_region
-# sap_ha_pacemaker_cluster_ibmcloud_powervs_workspace_crn
-# sap_ha_pacemaker_cluster_ibmcloud_powervs_api_type
-# sap_ha_pacemaker_cluster_ibmcloud_powervs_forward_proxy_url
-
-## IBM PowerVM hypervisor, Virtual Machines (LPAR, ppc64le)
-# sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host
-# sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_port # default, SSH Port 22
-# sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_login
-# sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_login_password
-# sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_version
-
-## MS Azure platform, Virtual Machines
-# sap_ha_pacemaker_cluster_msazure_subscription_id
-# sap_ha_pacemaker_cluster_msazure_resource_group
+# SPDX-License-Identifier: Apache-2.0
+---
+# TEMP to fix CFLF
+################################################################################
+# Role generic parameters
+################################################################################
+
+# Do NOT USE ANSIBLE FACTS for defaults to be compatible with
+# playbooks that disable generic fact gathering!
+
+# Set which Ansible Collection to use for the Linux System Roles.
+# For community/upstream, use 'fedora.linux_system_roles'
+# For the RHEL System Roles for SAP, or for Red Hat Automation Hub, use 'redhat.rhel_system_roles'
+sap_ha_pacemaker_cluster_system_roles_collection: 'fedora.linux_system_roles'
+
+# Variables for the cluster setup must be constructed by dedicated tasks!
+# The included 'ha_cluster' role will not work with the role variables set
+# in this role. This SAP HA role takes care of the parameter construction
+# based on the target cluster to be configured, before feeding it into 'ha_cluster'.
+
+
+# Optional: write all cluster configuration (including unencrypted credentials!) into a yaml
+# config file.
+# Useful for parameter review or reuse with the 'ha_cluster' LSR.
+sap_ha_pacemaker_cluster_create_config_varfile: false
+sap_ha_pacemaker_cluster_create_config_dest: "review_resource_config.yml"
+
+# Inherit SAP common (global synonyms) parameters when defined.
+
+# This variable is currently only required for HANA nodes to define
+# - hana_site: <DC-name>
+# Other options are needed in the separate HSR setup role.
+sap_ha_pacemaker_cluster_cluster_nodes: "{{ sap_hana_cluster_nodes | d([]) }}"
+
+# Resource defaults are defined differently by cluster type in different tasks, if not custom defined.
+sap_ha_pacemaker_cluster_resource_defaults: {}
+sap_ha_pacemaker_cluster_operation_defaults: {}
+
+# The type of SAP landscape and multi-node replication
+# TODO: Type definitions and feature support
+# TODO: Implement all types
+# hana_scaleup_costopt  (not yet)
+# hana_scaleup_perf     (available, default)
+# hana_scaleup_per_dr   (not yet)
+# hana_scaleout         (not yet)
+# nwas_abap_ascs_ers    (available)
+# nwas_abap_pas_aas     (not yet)
+# nwas_java_scs_ers     (available)
+# sap_webdisp           (beta)
+# sap_webdisp           (beta)
+
+# 'sap_ha_pacemaker_cluster_host_type' is converted from string to list type in
+# 'tasks/ascertain_sap_landscape.yml'.
+sap_ha_pacemaker_cluster_host_type: "{{ sap_host_type | d(['hana_scaleup_perf']) }}"
+
+### VIP resource default patterns
+sap_ha_pacemaker_cluster_vip_client_interface: ''
+
+## A custom stonith definition that takes precedence over platform defaults.
+# sap_ha_pacemaker_cluster_stonith_custom:
+#   - name: ""
+#     agent: "stonith:"
+#     options:
+#       pcmk_host_list: ""
+
+# sap_ha_pacemaker_cluster_stonith_custom: []
+
+# Simpler definition format here which gets transformed into the 'ha_cluster' LSR native
+# 'ha_cluster_cluster_properties' parameter.
+sap_ha_pacemaker_cluster_cluster_properties:
+  stonith-enabled: true
+  stonith-timeout: 900
+  concurrent-fencing: true
+
+### Constraints:
+# score is dynamic and automatically increased for groups
+sap_ha_pacemaker_cluster_constraint_colo_base_score: 2000
+
+################################################################################
+# Inherit from 'ha_cluster' Linux System Role parameters when defined
+################################################################################
+
+# Optional without a default. The 'ha_cluster' LSR defaults will apply when not defined.
+# sap_ha_pacemaker_cluster_ha_cluster:
+# sap_ha_pacemaker_cluster_cluster_name:
+
+# Optional. Set a default here and not in the code.
+sap_ha_pacemaker_cluster_extra_packages: []
+
+# Optional: additional fence agent packages. This is combined with the above "minimal" list.
+sap_ha_pacemaker_cluster_fence_agent_packages: []
+
+# Mandatory.
+# Either inherit from the 'ha_cluster' LSR variable when defined, but do not set a default.
+# This fails the argument validation when none of the 2 vars are defined.
+sap_ha_pacemaker_cluster_hacluster_user_password: "{{ ha_cluster_hacluster_password }}"
+
+
+################################################################################
+# HANA
+################################################################################
+
+sap_ha_pacemaker_cluster_hana_sid: ''  # Mandatory System ID in capital letters
+sap_ha_pacemaker_cluster_hana_instance_nr: ''  # Mandatory instance number in string format
+
+# Optional parameters to customize SAPHana resources
+# AUTOMATED_REGISTER
+sap_ha_pacemaker_cluster_hana_automated_register: true
+# DUPLICATE_PRIMARY_TIMEOUT
+sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout: 7200
+# PREFER_SITE_TAKEOVER
+sap_ha_pacemaker_cluster_hana_prefer_site_takeover: true
+
+# SAP HANA - Resource IDs (names) as convenience parameters.
+sap_ha_pacemaker_cluster_hana_resource_name: ''             # Default: rsc_SAPHana_<SID>_HDB<Instance Number>
+sap_ha_pacemaker_cluster_hana_resource_clone_name: ''       # Default: cln_SAPHana_<SID>_HDB<Instance Number>
+sap_ha_pacemaker_cluster_hana_resource_clone_msl_name: ''   # Default: msl_SAPHana_<SID>_HDB<Instance Number>
+sap_ha_pacemaker_cluster_hanacontroller_resource_name: ''   # Default: rsc_SAPHanaCon_<SID>_HDB<Instance Number>
+sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name: ''  # Default: <cln|mst>_SAPHanaCon_<SID>_HDB<Instance Number>
+sap_ha_pacemaker_cluster_hana_topology_resource_name: ''  # Default: rsc_SAPHanaTop_<SID>_HDB<Instance Number>
+sap_ha_pacemaker_cluster_hana_topology_resource_clone_name: ''  # Default: cln_SAPHanaTop_<SID>_HDB<Instance Number>
+sap_ha_pacemaker_cluster_hana_filesystem_resource_name: ''  # Default: rsc_SAPHanaFil_<SID>_HDB<Instance Number>
+sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name: ''  # Default: cln_SAPHanaFil_<SID>_HDB<Instance Number>
+
+# SAP HANA - Constraint names
+sap_ha_pacemaker_cluster_hana_order_topology_hana_name: ''  # Default: ord_saphana_saphanatop_<SID>_HDB<Instance Number>
+sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name: ''  # Default: col_saphana_vip_<SID>_HDB<Instance Number>_primary
+sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name: ''  # Default: col_saphana_vip_<SID>_HDB<Instance Number>_readonly
+sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name: ''  # Default: ord_saphana_vip_<SID>_HDB<Instance Number>_primary
+sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name: ''  # Default: ord_saphana_vip_<SID>_HDB<Instance Number>_readonly
+
+# Multiple VIP parameters can be defined and will be combined.
+# See tasks/include_construct_vip_resources.yml
+#
+# Mandatory: primary VIP address definition in HANA scale-up clusters
+sap_ha_pacemaker_cluster_vip_hana_primary_ip_address: ''
+sap_ha_pacemaker_cluster_vip_hana_primary_resource_name: ''  # Default: rsc_vip_<SID>_HDB<Instance Number>_primary
+sap_ha_pacemaker_cluster_healthcheck_hana_primary_resource_name: ''  # Default: rsc_vip_health_check_<SID>_HDB<Instance Number>_primary
+
+sap_ha_pacemaker_cluster_vip_hana_secondary_ip_address: ''
+sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name: ''  # Default: rsc_vip_<SID>_HDB<Instance Number>_readonly
+sap_ha_pacemaker_cluster_healthcheck_hana_secondary_resource_name: ''  # Default: rsc_vip_health_check_<SID>_HDB<Instance Number>_readonly
+
+sap_ha_pacemaker_cluster_healthcheck_hana_primary_id: ''  # Default: <SID>prim
+sap_ha_pacemaker_cluster_healthcheck_hana_secondary_id: ''  # Default: <SID>ro
+
+# Optional dictionary with custom list of HANA Hooks for replication
+sap_ha_pacemaker_cluster_hana_hooks: []
+# Parameters enable additional srHooks for TkOver and ChkSrv.
+# They are ignored if sap_ha_pacemaker_cluster_hana_hooks is used.
+sap_ha_pacemaker_cluster_hana_hook_tkover: false
+sap_ha_pacemaker_cluster_hana_hook_chksrv: false
+
+# SAP Hana global.ini path calculated from SID
+sap_ha_pacemaker_cluster_hana_global_ini_path: ''  # Default: /usr/sap/<SID>/SYS/global/hdb/custom/config/global.ini
+
+# Disable auto-detection of SAPHanaSR-angi package and use Classic
+sap_ha_pacemaker_cluster_saphanasr_angi_detection: true
+
+################################################################################
+# NetWeaver generic definitions
+################################################################################
+
+# Default will be ENSA2. To configure HA resources for ENSA1,
+# set this parameter to 'true'.
+sap_ha_pacemaker_cluster_nwas_cs_ensa1: false
+
+# Enable ENSA2 simple mount configuration
+sap_ha_pacemaker_cluster_nwas_cs_ers_simple_mount: true
+
+# Enable/Disable sap_cluster_connector.
+# Ref.: https://access.redhat.com/solutions/3606101
+sap_ha_pacemaker_cluster_enable_cluster_connector: true
+
+# SAP Netweaver instance details
+sap_ha_pacemaker_cluster_nwas_sid: ''  # Mandatory System ID in capital letters for Netweaver scenarios
+sap_ha_pacemaker_cluster_nwas_ascs_instance_nr: ''  # Mandatory instance number for ASCS/ERS
+sap_ha_pacemaker_cluster_nwas_scs_instance_nr: ''   # Mandatory instance number for SCS/ERS
+sap_ha_pacemaker_cluster_nwas_ers_instance_nr: ''   # Mandatory instance number for ASCS/ERS and SCS/ERS
+# TODO: Differentiate between ABAP and JAVA (Dxx vs Jxx) once supported
+sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr: ''  # Mandatory instance number for PAS/AAS
+sap_ha_pacemaker_cluster_nwas_abap_aas_instance_nr: ''  # Mandatory instance number for PAS/AAS
+
+
+# Definitions for filesystems resources. Currently limited to NFS filesystems.
+sap_ha_pacemaker_cluster_storage_definition: "{{ sap_storage_setup_definition | d([]) }}"
+sap_ha_pacemaker_cluster_storage_nfs_filesystem_type: nfs
+sap_ha_pacemaker_cluster_storage_nfs_mount_options: 'defaults'
+sap_ha_pacemaker_cluster_storage_nfs_server: "{{ sap_storage_nfs_server | d('') }}"
+
+# NFS filesystem resource requirement
+# Not adding to argument_specs because this should not be changed anyway.
+# TODO: review later and move to internal vars in vars/main.yml?
+sap_ha_pacemaker_cluster_resource_filesystem_force_unmount: safe
+
+
+# Multiple VIP parameters can be defined and will be combined.
+# See tasks/include_construct_vip_resources.yml
+sap_ha_pacemaker_cluster_vip_nwas_ascs_ip_address: ''
+sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_name: ''  # Default rsc_vip_<SID>_ASCS<ASCS-instance-number>
+sap_ha_pacemaker_cluster_healthcheck_nwas_ascs_resource_name: ''  # Default: rsc_vip_health_check_<SID>_ASCS<ASCS-instance-number>
+
+sap_ha_pacemaker_cluster_vip_nwas_scs_ip_address: ''
+sap_ha_pacemaker_cluster_vip_nwas_scs_resource_name: ''  # Default: rsc_vip_<SID>_SCS<SCS-instance-number>
+sap_ha_pacemaker_cluster_healthcheck_nwas_scs_resource_name: ''  # Default: rsc_vip_health_check_<SID>_SCS<SCS-instance-number>
+
+sap_ha_pacemaker_cluster_vip_nwas_ers_ip_address: ''
+sap_ha_pacemaker_cluster_vip_nwas_ers_resource_name: ''  # Default: rsc_vip_<SID>_ERS<ERS-instance-number>
+sap_ha_pacemaker_cluster_healthcheck_nwas_ers_resource_name: ''  # Default: rsc_vip_health_check_<SID>_ERS<ERS-instance-number>
+
+sap_ha_pacemaker_cluster_vip_nwas_abap_pas_ip_address: ''
+sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name: '' # Default: rsc_vip_<SID>_PAS<PAS-instance-number>
+sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_resource_name: ''  # Default: rsc_vip_health_check_<SID>_PAS<PAS-instance-number>
+
+sap_ha_pacemaker_cluster_vip_nwas_abap_aas_ip_address: ''
+sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name: '' # Default: rsc_vip_<SID>_AAS<AAS-instance-number>
+sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_resource_name: ''  # Default: rsc_vip_health_check_<SID>_AAS<AAS-instance-number>
+
+sap_ha_pacemaker_cluster_healthcheck_nwas_ascs_id: ''
+sap_ha_pacemaker_cluster_healthcheck_nwas_scs_id: ''
+sap_ha_pacemaker_cluster_healthcheck_nwas_ers_id: ''
+sap_ha_pacemaker_cluster_healthcheck_nwas_pas_id: ''
+sap_ha_pacemaker_cluster_healthcheck_nwas_aas_id: ''
+
+# SAP NetWeaver common - Resource IDs (names) as convenience parameters
+# for the following filesystems:
+# - /sapmnt
+# - /usr/sap/trans
+# - /usr/sap/<<SID>>/SYS
+sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name: ''  # Default: rsc_fs_<SID>_sapmnt
+sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name: ''  # Default: cln_fs_<SID>_sapmnt
+
+sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name: ''  # Default: rsc_fs_<SID>_trans
+sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_clone_name: '' # Default: cln_fs_<SID>_trans
+
+sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name: ''  # Default: rsc_fs_<SID>_sys
+sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name: ''  # Default: cln_fs_<SID>_sys
+
+# The shared filesystems are not required to be configured in the cluster.
+# By default it is assumed that they are mounted by the system and available on all cluster nodes.
+# Set this parameter to "true" to configure the 3 shared filesystems as part of the cluster.
+sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed: false
+
+
+################################################################################
+# ASCS and SCS shared resource defaults
+################################################################################
+
+# TODO: Remove backwards compatibility to nwas_abap_ascs
+sap_ha_pacemaker_cluster_nwas_cs_sapinstance_automatic_recover_bool:
+  "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_automatic_recover_bool | d(false) }}"
+sap_ha_pacemaker_cluster_nwas_cs_sapinstance_resource_stickiness:
+  "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_stickiness | d(5000) }}"
+sap_ha_pacemaker_cluster_nwas_cs_sapinstance_ensa1_migration_threshold:
+  "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_ensa1_migration_threshold | d(1) }}"
+sap_ha_pacemaker_cluster_nwas_cs_sapinstance_ensa1_failure_timeout:
+  "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_ensa1_failure_timeout | d(60) }}"
+sap_ha_pacemaker_cluster_nwas_cs_group_stickiness:
+  "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_group_stickiness | d(3000) }}"
+
+
+################################################################################
+# ASCS resource defaults
+################################################################################
+
+sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_instance_name: ''  # Mandatory name of instance profile
+sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_start_profile_string: ''  # Full path of instance profile
+
+sap_ha_pacemaker_cluster_nwas_ascs_filesystem_resource_name: ''  # Default: rsc_fs_<SID>_ASCS<ASCS-instance-number>
+sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_resource_name: ''  # Default: rsc_SAPInstance_<SID>_ASCS<ASCS-instance-number>
+sap_ha_pacemaker_cluster_nwas_ascs_sapstartsrv_resource_name: ''  # Default: rsc_SAPStartSrv_<SID>_ASCS<ASCS-instance-number>
+
+sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_group_name: ''  # Default: grp_<SID>_ASCS<ASCS-instance-number>
+
+sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name: ''  # Default: col_ascs_separate_<SID>
+sap_ha_pacemaker_cluster_nwas_order_ascs_first_name: ''  # Default: ord_ascs_first_<SID>
+
+
+################################################################################
+# SCS resource defaults
+################################################################################
+
+sap_ha_pacemaker_cluster_nwas_scs_sapinstance_instance_name: ''  # Mandatory name of instance profile
+sap_ha_pacemaker_cluster_nwas_scs_sapinstance_start_profile_string: ''  # Full path of instance profile
+
+sap_ha_pacemaker_cluster_nwas_scs_filesystem_resource_name: ''  # Default: rsc_fs_<SID>_SCS<SCS-instance-number>
+sap_ha_pacemaker_cluster_nwas_scs_sapinstance_resource_name: ''  # Default: rsc_SAPInstance_<SID>_SCS<SCS-instance-number>
+sap_ha_pacemaker_cluster_nwas_scs_sapstartsrv_resource_name: ''  # Default: rsc_SAPStartSrv_<SID>_SCS<SCS-instance-number>
+
+sap_ha_pacemaker_cluster_vip_nwas_scs_resource_group_name: ''  # Default: grp_<SID>_SCS<SCS-instance-number>
+
+sap_ha_pacemaker_cluster_nwas_colocation_scs_no_ers_name: ''  # Default: col_ascs_separate_<SID>
+sap_ha_pacemaker_cluster_nwas_order_scs_first_name: ''  # Default: ord_ascs_first_<SID>
+
+
+################################################################################
+# ERS resource defaults
+################################################################################
+
+sap_ha_pacemaker_cluster_nwas_ers_sapinstance_instance_name: ''  # Mandatory name of instance profile
+sap_ha_pacemaker_cluster_nwas_ers_sapinstance_start_profile_string: ''  # Full path of instance profile
+
+sap_ha_pacemaker_cluster_nwas_ers_filesystem_resource_name: ''  # Default: rsc_fs_<SID>_ERS<ERS-instance-number>
+sap_ha_pacemaker_cluster_nwas_ers_sapinstance_resource_name: ''  # Default: rsc_SAPInstance_<SID>_ERS<ERS-instance-number>
+sap_ha_pacemaker_cluster_nwas_ers_sapstartsrv_resource_name: ''  # Default: rsc_SAPStartSrv_<SID>_ERS<ERS-instance-number>
+sap_ha_pacemaker_cluster_vip_nwas_ers_resource_group_name: ''  # Default: grp_<SID>_ERS<ERS-instance-number>
+
+sap_ha_pacemaker_cluster_nwas_ers_sapinstance_automatic_recover_bool: false
+
+################################################################################
+# PAS/AAS resource defaults
+################################################################################
+# sap_ha_pacemaker_cluster_nwas_abap_pas_filesystem_resource_name: ''
+# sap_ha_pacemaker_cluster_nwas_abap_pas_sapinstance_resource_name: ''
+# sap_ha_pacemaker_cluster_nwas_abap_aas_filesystem_resource_name: ''
+# sap_ha_pacemaker_cluster_nwas_abap_aas_sapinstance_resource_name: ''
+
+################################################################################
+# Web Dispatcher resource defaults
+################################################################################
+
+#TODO - check if these need to be moved to include_vars_webdisp.yml and converted to __*
+
+sap_ha_pacemaker_cluster_wdp_sid: "{{ sap_swpm_wdp_sid | d('') }}"
+sap_ha_pacemaker_cluster_wdp_instance_nr: "{{ sap_swpm_wdp_instance_nr | d('') }}"
+
+sap_ha_pacemaker_cluster_vip_wdp_ip_address: ''
+sap_ha_pacemaker_cluster_vip_wdp_resource_name: >-
+  rsc_vip_{{ sap_ha_pacemaker_cluster_wdp_sid }}_WDP{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}
+sap_ha_pacemaker_cluster_healthcheck_wdp_resource_name: >-
+  rsc_vip_health_check_{{ sap_ha_pacemaker_cluster_wdp_sid }}_WDP{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}
+
+# Name of the instance profile - mandatory to be user-defined
+sap_ha_pacemaker_cluster_wdp_sapinstance_instance_name: ''
+# Full path with instance profile name - mandatory to be user-defined
+sap_ha_pacemaker_cluster_wdp_sapinstance_start_profile_string: ''
+
+sap_ha_pacemaker_cluster_wdp_filesystem_resource_name: >-
+  rsc_fs_{{ sap_ha_pacemaker_cluster_wdp_sid }}_WDP{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}
+sap_ha_pacemaker_cluster_wdp_sapinstance_resource_name: >-
+  rsc_SAPInstance_{{ sap_ha_pacemaker_cluster_wdp_sid }}_WDP{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}
+sap_ha_pacemaker_cluster_wdp_sapstartsrv_resource_name: >-
+  rsc_SAPStartSrv_{{ sap_ha_pacemaker_cluster_wdp_sid }}_WDP{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}
+
+sap_ha_pacemaker_cluster_vip_wdp_resource_group_name: >-
+  grp_{{ sap_ha_pacemaker_cluster_wdp_sid }}_WDP{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}
+
+# Currently unused
+# sap_ha_pacemaker_cluster_wdp_order_wdp_last_name: >-
+#   ord_wdp_last_{{ sap_ha_pacemaker_cluster_wdp_sid }}
+
+sap_ha_pacemaker_cluster_wdp_sapinstance_automatic_recover_bool: false
+sap_ha_pacemaker_cluster_wdp_sapinstance_resource_stickiness: 5000
+
+# Stickiness of the WebDisp group
+sap_ha_pacemaker_cluster_wdp_group_stickiness: 3000
+
+# Clustered filesystem for Web Dispatcher
+sap_ha_pacemaker_cluster_wdp_filesystem_host_mount_path: ''
+sap_ha_pacemaker_cluster_wdp_filesystem_local_mount_path: "/usr/sap/{{ sap_ha_pacemaker_cluster_wdp_sid }}/W{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}"
+sap_ha_pacemaker_cluster_wdp_filesystem_fstype: "{{ sap_ha_pacemaker_cluster_storage_nfs_filesytem_type }}"
+sap_ha_pacemaker_cluster_wdp_filesystem_options_string: "{{ sap_ha_pacemaker_cluster_storage_nfs_mount_options }}"
+sap_ha_pacemaker_cluster_wdp_filesystem_force_unmount: "{{ sap_ha_pacemaker_cluster_resource_filesystem_force_unmount }}"
+
+sap_ha_pacemaker_cluster_healthcheck_wdp_id: "{{ sap_ha_pacemaker_cluster_wdp_sid + 'wdp' }}"
+################################################################################
+# Web Dispatcher resource defaults
+################################################################################
+
+#TODO - check if these need to be moved to include_vars_webdisp.yml and converted to __*
+
+sap_ha_pacemaker_cluster_wdp_sid: "{{ sap_swpm_wdp_sid | d('') }}"
+sap_ha_pacemaker_cluster_wdp_instance_nr: "{{ sap_swpm_wdp_instance_nr | d('') }}"
+
+sap_ha_pacemaker_cluster_vip_wdp_ip_address: ''
+sap_ha_pacemaker_cluster_vip_wdp_resource_name: >-
+  rsc_vip_{{ sap_ha_pacemaker_cluster_wdp_sid }}_WDP{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}
+sap_ha_pacemaker_cluster_healthcheck_wdp_resource_name: >-
+  rsc_vip_health_check_{{ sap_ha_pacemaker_cluster_wdp_sid }}_WDP{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}
+
+# Name of the instance profile - mandatory to be user-defined
+sap_ha_pacemaker_cluster_wdp_sapinstance_instance_name: ''
+# Full path with instance profile name - mandatory to be user-defined
+sap_ha_pacemaker_cluster_wdp_sapinstance_start_profile_string: ''
+
+sap_ha_pacemaker_cluster_wdp_filesystem_resource_name: >-
+  rsc_fs_{{ sap_ha_pacemaker_cluster_wdp_sid }}_WDP{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}
+sap_ha_pacemaker_cluster_wdp_sapinstance_resource_name: >-
+  rsc_SAPInstance_{{ sap_ha_pacemaker_cluster_wdp_sid }}_WDP{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}
+sap_ha_pacemaker_cluster_wdp_sapstartsrv_resource_name: >-
+  rsc_SAPStartSrv_{{ sap_ha_pacemaker_cluster_wdp_sid }}_WDP{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}
+
+sap_ha_pacemaker_cluster_vip_wdp_resource_group_name: >-
+  grp_{{ sap_ha_pacemaker_cluster_wdp_sid }}_WDP{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}
+
+# Currently unused
+# sap_ha_pacemaker_cluster_wdp_order_wdp_last_name: >-
+#   ord_wdp_last_{{ sap_ha_pacemaker_cluster_wdp_sid }}
+
+sap_ha_pacemaker_cluster_wdp_sapinstance_automatic_recover_bool: false
+sap_ha_pacemaker_cluster_wdp_sapinstance_resource_stickiness: 5000
+
+# Stickiness of the WebDisp group
+sap_ha_pacemaker_cluster_wdp_group_stickiness: 3000
+
+# Clustered filesystem for Web Dispatcher
+sap_ha_pacemaker_cluster_wdp_filesystem_host_mount_path: ''
+sap_ha_pacemaker_cluster_wdp_filesystem_local_mount_path: "/usr/sap/{{ sap_ha_pacemaker_cluster_wdp_sid }}/W{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}"
+sap_ha_pacemaker_cluster_wdp_filesystem_fstype: "{{ sap_ha_pacemaker_cluster_storage_nfs_filesytem_type }}"
+sap_ha_pacemaker_cluster_wdp_filesystem_options_string: "{{ sap_ha_pacemaker_cluster_storage_nfs_mount_options }}"
+sap_ha_pacemaker_cluster_wdp_filesystem_force_unmount: "{{ sap_ha_pacemaker_cluster_resource_filesystem_force_unmount }}"
+
+sap_ha_pacemaker_cluster_healthcheck_wdp_id: "{{ sap_ha_pacemaker_cluster_wdp_sid + 'wdp' }}"
+
+################################################################################
+# Platform specific
+################################################################################
+
+## Infrastructure Platform variables, shown here for visibility only and should not be given default values
+
+## AWS platform, EC2 Virtual Servers
+# sap_ha_pacemaker_cluster_aws_vip_update_rt
+# sap_ha_pacemaker_cluster_aws_access_key_id
+# sap_ha_pacemaker_cluster_aws_secret_access_key
+# sap_ha_pacemaker_cluster_aws_region
+# sap_ha_pacemaker_cluster_aws_credentials_setup: false
+
+## Google Cloud platform, Compute Engine Virtual Machines
+# sap_ha_pacemaker_cluster_gcp_project
+# sap_ha_pacemaker_cluster_gcp_region_zone
+
+## IBM Cloud platform, Virtual Servers (x86_64)
+# sap_ha_pacemaker_cluster_ibmcloud_api_key
+# sap_ha_pacemaker_cluster_ibmcloud_region
+
+## IBM Cloud platform, IBM Power Virtual Servers (ppc64le)
+# sap_ha_pacemaker_cluster_ibmcloud_api_key
+# sap_ha_pacemaker_cluster_ibmcloud_region
+# sap_ha_pacemaker_cluster_ibmcloud_powervs_workspace_crn
+# sap_ha_pacemaker_cluster_ibmcloud_powervs_api_type
+# sap_ha_pacemaker_cluster_ibmcloud_powervs_forward_proxy_url
+
+## IBM PowerVM hypervisor, Virtual Machines (LPAR, ppc64le)
+# sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host
+# sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_port # default, SSH Port 22
+# sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_login
+# sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_login_password
+# sap_ha_pacemaker_cluster_ibmpower_vm_hmc_host_version
+
+## MS Azure platform, Virtual Machines
+# sap_ha_pacemaker_cluster_msazure_subscription_id
+# sap_ha_pacemaker_cluster_msazure_resource_group
diff --git a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml
index 7a7e2846..1365314c 100644
--- a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml
+++ b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml
@@ -1,1077 +1,1159 @@
-# SPDX-License-Identifier: Apache-2.0
----
-# Requires: ansible 2.11
-# Argument specifications in this separate file maintain backwards compatibility.
-argument_specs:
-
-# TODO: make 'ha_cluster' role variables the primary names
-# For required variables using aliases do not work and fail the argument validation.
-
-  main:
-    short_description: SAP HA automated cluster setup requirements
-    options:
-
-# Take this template and copy it to the desired place.
-# Add content and remove placeholders that are not needed.
-# Ideally sort by key (variable name) alphabetically.
-#
-#      sap_ha_pacemaker_cluster_
-#        default:
-#        description:
-#           -
-#        example:
-#
-#        required: false
-#        type:
-#        options: # additional options for lists and dicts
-#          <param>:
-#            description:
-#            ...
-
-      #########################################################################
-      # SAP HA role generic parameters
-      #########################################################################
-      sap_ha_pacemaker_cluster_system_roles_collection:
-        default: fedora.linux_system_roles
-        description:
-          - Reference to the Ansible Collection used for the Linux System Roles.
-          - For community/upstream, use 'fedora.linux_system_roles'.
-          - For RHEL System Roles for SAP, or Red Hat Automation Hub, use 'redhat.rhel_system_roles'.
-
-      sap_ha_pacemaker_cluster_create_config_dest:
-        default: review_resource_config.yml
-        description:
-          - The pacemaker cluster resource configuration optionally created by this role will be
-            saved in a Yaml file in the current working directory.
-          - Requires `sap_ha_pacemaker_cluster_create_config_varfile` to be enabled for generating
-            the output file.
-          - Specify a path/filename to save the file in a custom location.
-          - The file can be used as input vars file for an Ansible playbook running the 'ha_cluster'
-            Linux System Role.
-
-      sap_ha_pacemaker_cluster_create_config_varfile:
-        type: bool
-        default: false
-        description:
-          - When enabled, all cluster configuration parameters this role constructs for executing
-            the 'ha_cluster' Linux System role will be written into a file in Yaml format.
-          - This allows using the output file later as input file for additional custom steps using
-            the 'ha_cluster' role and covering the resource configuration in a cluster that was set
-            up using this 'sap_ha_pacemaker_cluster' role.
-          - When enabled this parameters file is also created when the playbook is run in check_mode
-            (`--check`) and can be used to review the configuration parameters without executing
-            actual changes on the target nodes.
-          - WARNING! This report may include sensitive details like secrets required for certain
-            cluster resources!
-
-      sap_ha_pacemaker_cluster_cluster_nodes:
-        type: list
-        description:
-          - List of cluster nodes and associated attributes to describe the target SAP HA environment.
-          - This is required for the HANA System Replication configuration.
-          - Synonym for this parameter is `sap_hana_cluster_nodes`.
-          - Mandatory to be defined for HANA clusters.
-        elements: dict
-        options:
-          node_ip:
-            description:
-              - IP address of the node used for HANA System Replication.
-              - _Optional. Currently not needed/used in cluster configuration._
-          node_name:
-            description:
-              - Hostname of the cluster node.
-              - _Optional. Currently not needed/used in cluster configuration._
-          node_role:
-            choices:
-              - primary
-              - secondary
-            description:
-              - Role of the defined `node_name` in the SAP HANA cluster setup.
-              - There must be only **one** primary, but there can be multiple secondary nodes.
-              - _Optional. Currently not needed/used in cluster configuration._
-          hana_site:
-            description:
-              - Site of the cluster and/or SAP HANA System Replication node (for example 'DC01').
-              - Mandatory for HANA clusters (sudo config for system replication).
-
-        example:
-          sap_ha_pacemaker_cluster_cluster_nodes:
-            - hana_site: DC01
-              node_name: nodeA
-              node_role: primary
-              node_ip: 192.168.5.1
-            - hana_site: DC02
-
-      sap_ha_pacemaker_cluster_resource_defaults:
-        type: dict
-        default:
-          resource-stickiness: 3000
-          migration-threshold: 5000
-        description:
-          - Set default parameters that will be valid for all pacemaker resources.
-        example:
-          sap_ha_pacemaker_cluster_resource_defaults:
-            resource-stickiness: 1000
-            migration-threshold: 5000
-
-      sap_ha_pacemaker_cluster_operation_defaults:
-        type: dict
-        default:
-          timeout: 600
-          record-pending: true
-        description:
-          - Set default operation parameters that will be valid for all pacemaker resources.
-        example:
-          sap_ha_pacemaker_cluster_operation_defaults:
-            timeout: 600
-            record-pending: true
-
-      sap_ha_pacemaker_cluster_host_type:
-        type: list
-        choices:
-#          - hana_scaleup_costopt
-          - hana_scaleup_perf
-#          - hana_scaleup_perf_dr
-#          - hana_scaleout
-          - nwas_abap_ascs_ers
-#          - nwas_abap_pas_aas
-          - nwas_java_scs_ers
-        default: hana_scaleup_perf
-        description:
-          - The SAP landscape to for which the cluster is to be configured.
-          - The default is a 2-node SAP HANA scale-up cluster.
-
-#      sap_ha_pacemaker_cluster_replication_type:
-#        choices:
-#          - mtr
-#          - none
-#        default: none
-#        description:
-#          - The type of SAP HANA site replication across multiple hosts.
-#          - _Not yet supported_
-
-      sap_ha_pacemaker_cluster_vip_client_interface:
-        description:
-          - OS device name of the network interface to use for the Virtual IP configuration.
-          - When there is only one interface on the system, its name will be used by default.
-
-      sap_ha_pacemaker_cluster_stonith_custom:
-        type: list
-        description:
-          - Custom list of STONITH resource(s) to be configured in the cluster.
-          - This definition override any defaults the role would apply otherwise.
-          - Definition follows structure of ha_cluster_resource_primitives in linux-system-roles/ha_cluster
-        elements: dict
-        options:
-          id:
-            type: str
-            description:
-              - Parameter `id` is required.
-              - Name that will be used as the resource ID (name).
-            # TODO: Enable to remove Tech debt after name and options are removed!
-            # required: true
-          agent:
-            type: str
-            description:
-              - Resource agent name, must contain the prefix "stonith:" to avoid mismatches or failures.
-            required: true
-          instance_attrs:
-            type: list
-            description:
-              - Defines resource agent params as list of name/value pairs.
-              - Requires the mandatory options for the particular stonith resource agent to be
-                defined, otherwise the setup will fail.
-              - "Example: stonith:fence_sbd agent requires devices option with list of SBD disks."
-              - "Example: stonith:external/sbd agent does not require devices option, but `sap_ha_pacemaker_cluster_sbd_devices`."
-          operations:
-            type: list
-            description:
-              - Defines list of resource agent operations.
-            action:
-              description:
-                - Name of resource agent operation.
-            attrs:
-              description:
-                - Defines operation parameters as list of name/value pairs.
-          meta_attrs:
-            type: list
-            description:
-              - Defines meta attributes as list of name/value pairs.
-          # TODO: Tech Debt: Remove name and options in next release
-          name:
-            type: str
-            description:
-              - WARNING! This option will be removed in future release.
-          # TODO: Tech Debt: Remove name and options in next release
-          options:
-            type: dict
-            description:
-              - WARNING! This option will be removed in future release.
-
-        example:
-          sap_ha_pacemaker_cluster_stonith_custom:
-            - id: "my-fence-resource"
-              agent: "stonith:fence_rhevm"
-              instance_attrs:
-                - attrs:
-                    - name: ip
-                      value: rhevm-server
-                    - name: username
-                      value: login-user
-                    - name: password
-                      value: login-user-password
-                    - name: pcmk_host_list
-                      value: node1,node2
-                    - name: power_wait
-                      value: 3
-              meta_attrs:
-                - attrs:
-                    - name: target-role
-                      value: Started
-              operations:
-                - action: start
-                  attrs:
-                    - name: interval
-                      value: 0
-                    - name: timeout
-                      value: 180
-
-      sap_ha_pacemaker_cluster_sbd_enabled:
-        type: bool
-        description:
-          - Set this parameter to 'true' to enable workflow to add Stonith SBD resource.
-          - Stonith SBD resource has to be provided as part of `sap_ha_pacemaker_cluster_stonith_custom`.
-          - "Default SBD agents are: stonith:external/sbd for SLES and stonith:fence_sbd for RHEL"
-
-        example:
-          sap_ha_pacemaker_cluster_sbd_enabled: true
-          sap_ha_pacemaker_cluster_stonith_custom:
-            - id: stonith_sbd
-              agent: stonith:external/sbd
-              instance_attrs:
-                - attrs:
-                    - name: pcmk_delay_max
-                      value: 15
-          sap_ha_pacemaker_cluster_sbd_devices:
-            - /dev/disk/by-id/scsi-3600
-
-      sap_ha_pacemaker_cluster_sbd_devices:
-        type: list
-        description:
-          - Required if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled.
-          - Provide list of block devices for Stonith SBD agent
-
-        example:
-          sap_ha_pacemaker_cluster_sbd_devices:
-            - /dev/disk/by-id/scsi-3600
-
-      sap_ha_pacemaker_cluster_sbd_options:
-        type: list
-        description:
-          - Optional if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled.
-          - Provide list of SBD specific options that are added into SBD configuration file.
-
-        example:
-          sap_ha_pacemaker_cluster_sbd_options:
-            - name: startmode
-              value: clean
-
-      sap_ha_pacemaker_cluster_sbd_watchdog:
-        type: str
-        default: /dev/watchdog
-        description:
-          - Optional if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled.
-          - Provide watchdog name to override default /dev/watchdog
-
-      sap_ha_pacemaker_cluster_sbd_watchdog_modules:
-        type: list
-        description:
-          - Optional if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled.
-          - Provide list of watchdog kernel modules to be loaded (creates /dev/watchdog* devices).
-
-        example:
-          sap_ha_pacemaker_cluster_sbd_watchdog_modules:
-            - softdog
-
-      sap_ha_pacemaker_cluster_cluster_properties:
-        type: dict
-        default:
-          stonith-enabled: true
-          stonith-timeout: 900
-          concurrent-fencing: true
-        description:
-          - Standard pacemaker cluster properties are configured with recommended settings for
-            cluster node fencing.
-          - When no STONITH resource is defined, STONITH will be disabled and a warning displayed.
-
-        example:
-          sap_ha_pacemaker_cluster_cluster_properties:
-            stonith-enabled: true
-            stonith-timeout: 900
-            concurrent-fencing: true
-
-
-      ##########################################################################
-      # Parameters that are optionally imported from 'ha_cluster' LSR parameters
-      ##########################################################################
-
-      sap_ha_pacemaker_cluster_ha_cluster:
-        type: dict
-        description:
-          - The `ha_cluster` LSR native parameter `ha_cluster` can be used as a synonym.
-          - Optional _**host_vars**_ parameter - if defined it must be set for each node.
-          - Dictionary that can contain various node options for the pacemaker cluster configuration.
-          - Supported options can be reviewed in the `ha_cluster` Linux System Role
-            [https://github.com/linux-system-roles/ha_cluster/blob/master/README.md].
-          - If not defined, the `ha_cluster` Linux System Role default will be used.
-
-        example:
-          sap_ha_pacemaker_cluster_ha_cluster:
-            corosync_addresses:
-              - 192.168.1.10
-              - 192.168.2.10
-            node_name: nodeA
-
-
-      sap_ha_pacemaker_cluster_cluster_name:
-        description:
-          - The name of the pacemaker cluster.
-          - Inherits the `ha_cluster` LSR native parameter `ha_cluster_cluster_name` if not defined.
-          - If not defined, the `ha_cluster` Linux System Role default will be used.
-
-      sap_ha_pacemaker_cluster_extra_packages:
-        type: list
-        description:
-          - Additional extra packages to be installed, for instance specific resource packages.
-          - For SAP clusters configured by this role, the relevant standard packages for the target
-            scenario are automatically included.
-
-      sap_ha_pacemaker_cluster_fence_agent_packages:
-        type: list
-        description:
-          - Additional fence agent packages to be installed.
-          - "This is automatically combined with default packages in:"
-          - "`__sap_ha_pacemaker_cluster_fence_agent_packages_minimal`"
-          - "`__sap_ha_pacemaker_cluster_fence_agent_packages_platform`"
-
-      sap_ha_pacemaker_cluster_hacluster_user_password:
-        description:
-          - The password of the `hacluster` user which is created during pacemaker installation.
-          - Inherits the value of `ha_cluster_hacluster_password`, when defined.
-        no_log: true
-        required: true
-
-
-      ##########################################################################
-      # HANA specific parameters
-      ##########################################################################
-
-      sap_ha_pacemaker_cluster_hana_sid:
-        description:
-          - The SAP HANA System ID (SID) of the instance that will be configured in the cluster.
-          - The SID must follow SAP specifications - see SAP Note 1979280.
-          - Inherits the value of `sap_hana_sid`, when defined.
-          - Mandatory for SAP HANA cluster scenarios.
-
-      sap_ha_pacemaker_cluster_hana_instance_nr:
-        description:
-          - The instance number of the SAP HANA database which this role will configure in the cluster.
-          - Inherits the value of `sap_hana_instance_number`, when defined.
-          - Mandatory for SAP HANA cluster scenarios.
-
-      sap_ha_pacemaker_cluster_hana_automated_register:
-        type: bool
-        default: true
-        description:
-          - Parameter for the 'SAPHana' cluster resource.
-          - Define if a former primary should be re-registered automatically as secondary.
-
-      sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout:
-        type: int
-        default: 7200
-        description:
-          - Parameter for the 'SAPHana' cluster resource.
-          - Time difference needed between to primary time stamps, if a dual-primary situation occurs.
-          - If the time difference is less than the time gap, then the cluster holds one or both
-            instances in a "WAITING" status.
-          - This is to give an admin a chance to react on a failover. A failed former primary will
-            be registered after the time difference is passed.
-
-      sap_ha_pacemaker_cluster_hana_prefer_site_takeover:
-        type: bool
-        default: true
-        description:
-          - Parameter for the 'SAPHana' cluster resource.
-          - Set to "false" if the cluster should first attempt to restart the instance on the same node.
-          - When set to "true" (default) a failover to secondary will be initiated on resource failure.
-
-      sap_ha_pacemaker_cluster_hana_resource_name:
-        default: "rsc_SAPHana_<SID>_HDB<Instance Number>"
-        description:
-          - Customize the cluster resource name of the SAP HANA DB resource.
-
-      sap_ha_pacemaker_cluster_hana_resource_clone_name:
-        default: "cln_SAPHana_<SID>_HDB<Instance Number>"
-        description:
-          - Customize the cluster resource name of the SAP HANA DB resource clone.
-
-      sap_ha_pacemaker_cluster_hana_resource_clone_msl_name:
-        default: "msl_SAPHana_<SID>_HDB<Instance Number>"
-        description:
-          - Customize the cluster resource name of the SAP HANA DB resource master slave clone.
-          - Master Slave clone is specific to Classic SAPHana resource on SUSE (non-angi).
-
-      sap_ha_pacemaker_cluster_hanacontroller_resource_name:
-        default: "rsc_SAPHanaCon_<SID>_HDB<Instance Number>"
-        description:
-          - Customize the cluster resource name of the SAP HANA Controller.
-
-      sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name:
-        default: "<cln|mst>_SAPHanaCon_<SID>_HDB<Instance Number>"
-        description:
-          - Customize the cluster resource name of the SAP HANA Controller clone.
-
-      sap_ha_pacemaker_cluster_hana_topology_resource_name:
-        default: "rsc_SAPHanaTop_<SID>_HDB<Instance Number>"
-        description:
-          - Customize the cluster resource name of the SAP HANA Topology resource.
-
-      sap_ha_pacemaker_cluster_hana_topology_resource_clone_name:
-        default: "cln_SAPHanaTop_<SID>_HDB<Instance Number>"
-        description:
-          - Customize the cluster resource name of the SAP HANA Topology resource clone.
-
-      sap_ha_pacemaker_cluster_hana_filesystem_resource_name:
-        default: "rsc_SAPHanaFil_<SID>_HDB<Instance Number>"
-        description:
-          - Customize the cluster resource name of the SAP HANA Filesystem.
-
-      sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name:
-        default: "cln_SAPHanaFil_<SID>_HDB<Instance Number>"
-        description:
-          - Customize the cluster resource name of the SAP HANA Filesystem clone.
-
-      sap_ha_pacemaker_cluster_hana_order_topology_hana_name:
-        default: "ord_saphana_saphanatop_<SID>_HDB<Instance Number>"
-        description:
-          - Customize the cluster constraint name for SAPHana and Topology order.
-
-      sap_ha_pacemaker_cluster_vip_hana_primary_ip_address:
-        description:
-          - The virtual IP of the primary HANA instance.
-          - Mandatory parameter for HANA clusters.
-
-      sap_ha_pacemaker_cluster_vip_hana_primary_resource_name:
-        default: "rsc_vip_<SID>_HDB<Instance Number>_primary"
-        description:
-          - Name of the Virtual IP resource for primary HANA instance.
-
-      sap_ha_pacemaker_cluster_healthcheck_hana_primary_resource_name:
-        default: "rsc_vip_health_check_<SID>_HDB<Instance Number>_primary"
-        description:
-          - Name of the Virtual IP Health Check resource for primary HANA instance.
-
-      sap_ha_pacemaker_cluster_vip_hana_secondary_ip_address:
-        description:
-          - The virtual IP for read-only access to the secondary HANA instance.
-          - Optional parameter in HANA clusters.
-
-      sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name:
-        default: "rsc_vip_<SID>_HDB<Instance Number>_readonly"
-        description:
-          - Name of the Virtual IP resource for read-only HANA instance.
-
-      sap_ha_pacemaker_cluster_healthcheck_hana_secondary_resource_name:
-        default: "rsc_vip_health_check_<SID>_HDB<Instance Number>_readonly"
-        description:
-          - Name of the Virtual IP Health Check resource for read-only HANA instance.
-
-      sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name:
-        default: "ord_saphana_vip_<SID>_HDB<Instance Number>_primary"
-        description:
-          - Customize the cluster constraint name for VIP and SAPHana primary clone order.
-
-      sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name:
-        default: "ord_saphana_vip_<SID>_HDB<Instance Number>_readonly"
-        description:
-          - Customize the cluster constraint name for VIP and SAPHana secondary clone order.
-
-      sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name:
-        default: "col_saphana_vip_<SID>_HDB<Instance Number>_primary"
-        description:
-          - Customize the cluster constraint name for VIP and SAPHana primary clone colocation.
-
-      sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name:
-        default: "col_saphana_vip_<SID>_HDB<Instance Number>_readonly"
-        description:
-          - Customize the cluster constraint name for VIP and SAPHana secondary clone colocation.
-
-      sap_ha_pacemaker_cluster_hana_hooks:
-        type: list
-        default: []
-        description:
-          - Customize required list of SAP HANA Hooks
-          - Mandatory to include SAPHanaSR srHook in list.
-          - Mandatory attributes are provider and path.
-          - Example below shows mandatory SAPHanaSR, TkOver and ChkSrv hooks.
-
-        example:
-          sap_ha_pacemaker_cluster_hana_hooks:
-            - provider: SAPHanaSR
-              path: /usr/share/SAPHanaSR/
-              options:
-                - name: execution_order
-                  value: 1
-            - provider: susTkOver
-              path: /usr/share/SAPHanaSR/
-              options:
-                - name: execution_order
-                  value: 2
-            - provider: susChkSrv
-              path: /usr/share/SAPHanaSR/
-              options:
-                - name: execution_order
-                  value: 3
-                - name: action_on_lost
-                  value: stop
-
-      sap_ha_pacemaker_cluster_hana_hook_tkover:
-        type: bool
-        default: false
-        description:
-          - Controls if TkOver srHook is enabled during srHook creation.
-          - It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined.
-
-      sap_ha_pacemaker_cluster_hana_hook_chksrv:
-        type: bool
-        default: false
-        description:
-          - Controls if ChkSrv srHook is enabled during srHook creation.
-          - It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined.
-
-      sap_ha_pacemaker_cluster_hana_global_ini_path:
-        default: "/usr/sap/<SID>/SYS/global/hdb/custom/config/global.ini"
-        description:
-          - Path with location of global.ini for srHook update
-
-      sap_ha_pacemaker_cluster_saphanasr_angi_detection:
-        default: true
-        description:
-          - Disabling this variable enables to use Classic SAPHanaSR agents even on server,
-            with SAPHanaSR-angi is available.
-
-      ##########################################################################
-      # NetWeaver specific parameters
-      ##########################################################################
-
-      sap_ha_pacemaker_cluster_nwas_cs_ers_simple_mount:
-        type: bool
-        default: true
-        description:
-          - Enables preferred method for Central Services (ASCS or SCS) ENSA2 clusters - Simple Mount.
-          - Set this parameter to 'true' to configure ENSA2 Simple Mount.
-
-      sap_ha_pacemaker_cluster_nwas_cs_ensa1:
-        type: bool
-        default: false
-        description:
-          - The standard NetWeaver Central Services cluster will be set up as ENSA2.
-          - Set this parameter to 'true' to configure it as ENSA1.
-
-      sap_ha_pacemaker_cluster_enable_cluster_connector:
-        type: bool
-        default: true
-        description:
-          - Enables/Disables the SAP HA Interface for SAP ABAP application server instances, also
-            known as `sap_cluster_connector`.
-          - Set this parameter to 'false' if the SAP HA interface should not be installed and configured.
-
-      sap_ha_pacemaker_cluster_nwas_sid:
-        description:
-          - System ID (SID) of the NetWeaver instances in Capital letters.
-          - Defaults to `sap_swpm_sid` if defined.
-          - Mandatory for NetWeaver cluster scenarios.
-
-      sap_ha_pacemaker_cluster_nwas_ascs_instance_nr:
-        description:
-          - Instance number of the NetWeaver ABAP Central Services (ASCS) instance.
-          - Mandatory for NetWeaver ASCS/ERS cluster configuration.
-
-      sap_ha_pacemaker_cluster_nwas_scs_instance_nr:
-        description:
-          - Instance number of the NetWeaver Central Services (SCS) instance.
-          - Mandatory for NetWeaver SCS/ERS cluster configuration.
-
-      sap_ha_pacemaker_cluster_nwas_ers_instance_nr:
-        description:
-          - Instance number of the NetWeaver Enqueue Replication Service (ERS) instance.
-          - Mandatory for NetWeaver ASCS/ERS and SCS/ERS cluster configuration.
-
-      sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr:
-        description:
-          - Instance number of the NetWeaver ABAP PAS instance.
-          - Mandatory for NetWeaver PAS cluster configuration.
-
-      sap_ha_pacemaker_cluster_nwas_abap_aas_instance_nr:
-        description:
-          - Instance number of the NetWeaver ABAP AAS instance.
-          - Mandatory for NetWeaver AAS cluster configuration.
-
-      sap_ha_pacemaker_cluster_storage_definition:
-        type: list
-        description:
-          - List of filesystem definitions used for filesystem cluster resources.
-          - Options relevant, see example.
-          - Mandatory for SAP NetWeaver cluster without Simple Mount.
-          - Reuse `sap_storage_setup_definition` if defined.
-          - Reuse `sap_storage_setup_definition` will extract values 'mountpoint',
-            'nfs_filesystem_type', 'nfs_mount_options', 'nfs_path', 'nfs_server'.
-          - Reuse `sap_storage_setup_definition` all options are documented under Ansible Role
-            `sap_storage_setup`.
-          - Note! For this variable, the argument specification does not list options, to avoid
-            errors during reuse of `sap_storage_setup_definition` if defined.
-        elements: dict
-
-        example:
-          sap_ha_pacemaker_cluster_storage_definition:
-            - name: usr_sap
-              mountpoint: /usr/sap
-              nfs_path: /usr/sap
-              nfs_server: "nfs-server.example.com:/"
-            - name: usr_sap_trans
-              mountpoint: /usr/sap/trans
-              nfs_path: /usr/sap/trans
-              nfs_server: "nfs-server.example.com:/"
-            - name: sapmnt
-              mountpoint: /sapmnt
-              nfs_filesystem_type: nfs
-              nfs_mount_options: defaults
-              nfs_path: /sapmnt
-              nfs_server: "nfs-server.example.com:/"
-
-
-      sap_ha_pacemaker_cluster_storage_nfs_filesystem_type:
-        default: nfs
-        description:
-          - Filesystem type of the NFS filesystems that are part of the cluster configuration.
-
-      sap_ha_pacemaker_cluster_storage_nfs_mount_options:
-        default: defaults
-        description:
-          - Mount options of the NFS filesystems that are part of the cluster configuration.
-
-      sap_ha_pacemaker_cluster_storage_nfs_server:
-        description:
-          - Default address of the NFS server, if not defined individually by filesystem.
-
-      sap_ha_pacemaker_cluster_vip_nwas_ascs_ip_address:
-        description:
-          - Virtual IP of the NetWeaver ABAP Central Services (ASCS) instance.
-          - Mandatory for NetWeaver ASCS/ERS cluster setup.
-
-      sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_name:
-        default: rsc_vip_<SID>_ASCS<ASCS-instance-number>
-        description:
-          - Name of the Virtual IP resource for NetWeaver ABAP Central Services (ASCS).
-
-      sap_ha_pacemaker_cluster_healthcheck_nwas_ascs_resource_name:
-        default: rsc_vip_health_check_<SID>_ASCS<ASCS-instance-number>
-        description:
-          - Name of the Virtual IP Health Check resource for NetWeaver ABAP Central Services (ASCS).
-
-      sap_ha_pacemaker_cluster_vip_nwas_scs_ip_address:
-        description:
-          - Virtual IP of the NetWeaver Central Services (SCS) instance.
-          - Mandatory for NetWeaver SCS/ERS cluster setup.
-
-      sap_ha_pacemaker_cluster_vip_nwas_scs_resource_name:
-        default: rsc_vip_<SID>_SCS<SCS-instance-number>
-        description:
-          - Name of the Virtual IP resource for NetWeaver Central Services (SCS).
-
-      sap_ha_pacemaker_cluster_healthcheck_nwas_scs_resource_name:
-        default: rsc_vip_health_check_<SID>_SCS<SCS-instance-number>
-        description:
-          - Name of the Virtual IP Health Check resource for NetWeaver Central Services (SCS).
-
-      sap_ha_pacemaker_cluster_vip_nwas_ers_ip_address:
-        description:
-          - Virtual IP of the NetWeaver Enqueue Replication Service (ERS) instance.
-          - Mandatory for NetWeaver ASCS/ERS and SCS/ERS cluster setup.
-
-      sap_ha_pacemaker_cluster_vip_nwas_ers_resource_name:
-        default: rsc_vip_<SID>_ERS<ERS-instance-number>
-        description:
-          - Name of the Virtual IP resource for NetWeaver Enqueue Replication Service (ERS).
-
-      sap_ha_pacemaker_cluster_healthcheck_nwas_ers_resource_name:
-        default: rsc_vip_health_check_<SID>_ERS<ERS-instance-number>
-        description:
-          - Name of the Virtual IP Health Check resource for NetWeaver Enqueue Replication Service (ERS).
-
-      sap_ha_pacemaker_cluster_vip_nwas_abap_pas_ip_address:
-        description:
-          - Virtual IP of the NetWeaver PAS instance.
-          - Mandatory for NetWeaver PAS cluster setup.
-
-      sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name:
-        default: rsc_vip_<SID>_PAS<PAS-instance-number>
-        description:
-          - Name of the Virtual IP resource for NetWeaver PAS.
-
-      sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_resource_name:
-        default: rsc_vip_health_check_<SID>_PAS<PAS-instance-number>
-        description:
-          - Name of the Virtual IP Health Check resource for NetWeaver PAS.
-
-      sap_ha_pacemaker_cluster_vip_nwas_abap_aas_ip_address:
-        description:
-          - Virtual IP of the NetWeaver AAS instance.
-          - Mandatory for NetWeaver AAS cluster setup.
-
-      sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name:
-        default: rsc_vip_<SID>_AAS<AAS-instance-number>
-        description:
-          - Name of the Virtual IP resource for NetWeaver AAS.
-
-      sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_resource_name:
-        default: rsc_vip_health_check_<SID>_AAS<AAS-instance-number>
-        description:
-          - Name of the Virtual IP Health Check resource for NetWeaver AAS.
-
-      sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name:
-        default: rsc_fs_<SID>_sapmnt
-        description:
-          - Filesystem resource name for the shared filesystem /sapmnt.
-          - Optional, this is typically managed by the OS, but can as well be added to the cluster
-            configuration.
-          - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
-
-      sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name:
-        default: cln_fs_<SID>_sapmnt
-        description:
-          - Filesystem resource clone name for the shared filesystem /sapmnt.
-          - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
-
-      sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name:
-        default: rsc_fs_<SID>_trans
-        description:
-          - Filesystem resource name for the transports filesystem /usr/sap/trans.
-          - Optional, this is typically managed by the OS, but can as well be added to the cluster
-            configuration.
-          - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
-
-      sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_clone_name:
-        default: cln_fs_<SID>_trans
-        description:
-          - Filesystem resource clone name for the shared filesystem /usr/sap/trans.
-          - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
-
-      sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name:
-        default: rsc_fs_<SID>_sys
-        description:
-          - Filesystem resource name for the transports filesystem /usr/sap/<SID>/SYS.
-          - Optional, this is typically managed by the OS, but can as well be added to the cluster
-            configuration.
-          - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
-
-      sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name:
-        default: cln_fs_<SID>_sys
-        description:
-          - Filesystem resource clone name for the shared filesystem /usr/sap/<SID>/SYS.
-          - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
-
-      sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed:
-        type: bool
-        default: false
-        description:
-          - Change this parameter to 'true' if the 3 shared filesystems `/usr/sap/trans`,
-            `/usr/sap/<SID>/SYS` and '/sapmnt' shall be configured as cloned cluster resources.
-
-      ##########################################################################
-      # NetWeaver ABAP Central Services (ASCS) specific parameters
-      ##########################################################################
-
-      sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_instance_name:
-        description:
-          - The name of the ASCS instance, typically the profile name.
-          - Mandatory for the NetWeaver ASCS/ERS cluster setup
-          - Recommended format <SID>_ASCS<ASCS-instance-number>_<ASCS-hostname>
-
-      sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_start_profile_string:
-        description:
-          - The full path and name of the ASCS instance profile.
-          - Mandatory for the NetWeaver ASCS/ERS cluster setup.
-
-      sap_ha_pacemaker_cluster_nwas_ascs_filesystem_resource_name:
-        default: rsc_fs_<SID>_ASCS<ASCS-instance-number>
-        description:
-          - Name of the filesystem resource for the ASCS instance.
-
-      sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_resource_name:
-        default: rsc_SAPInstance_<SID>_ASCS<ASCS-instance-number>
-        description:
-          - Name of the ASCS instance resource.
-
-      sap_ha_pacemaker_cluster_nwas_ascs_sapstartsrv_resource_name:
-        default: rsc_SAPStartSrv_<SID>_ASCS<ASCS-instance-number>
-        description:
-          - Name of the ASCS SAPStartSrv resource for simple mount.
-
-      sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_group_name:
-        default: grp_<SID>_ASCS<ASCS-instance-number>
-        description:
-          - Name of the NetWeaver ASCS resource group.
-
-      sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name:
-        default: "col_ascs_separate_<SID>"
-        description:
-          - Customize the cluster constraint name for ASCS and ERS separation colocation.
-
-      sap_ha_pacemaker_cluster_nwas_order_ascs_first_name:
-        default: "ord_ascs_first_<SID>"
-        description:
-          - Customize the cluster constraint name for ASCS starting before ERS order.
-
-      ##########################################################################
-      # NetWeaver Central Services (SCS) specific parameters
-      ##########################################################################
-
-      sap_ha_pacemaker_cluster_nwas_scs_sapinstance_instance_name:
-        description:
-          - The name of the SCS instance, typically the profile name.
-          - Mandatory for the NetWeaver SCS/ERS cluster setup
-          - Recommended format <SID>_SCS<SCS-instance-number>_<SCS-hostname>
-
-      sap_ha_pacemaker_cluster_nwas_scs_sapinstance_start_profile_string:
-        description:
-          - The full path and name of the SCS instance profile.
-          - Mandatory for the NetWeaver SCS/ERS cluster setup.
-
-      sap_ha_pacemaker_cluster_nwas_scs_filesystem_resource_name:
-        default: rsc_fs_<SID>_SCS<SCS-instance-number>
-        description:
-          - Name of the filesystem resource for the SCS instance.
-
-      sap_ha_pacemaker_cluster_nwas_scs_sapinstance_resource_name:
-        default: rsc_SAPInstance_<SID>_SCS<SCS-instance-number>
-        description:
-          - Name of the SCS instance resource.
-
-      sap_ha_pacemaker_cluster_nwas_scs_sapstartsrv_resource_name:
-        default: rsc_SAPStartSrv_<SID>_SCS<SCS-instance-number>
-        description:
-          - Name of the SCS SAPStartSrv resource for simple mount.
-
-      sap_ha_pacemaker_cluster_vip_nwas_scs_resource_group_name:
-        default: grp_<SID>_SCS<SCS-instance-number>
-        description:
-          - Name of the NetWeaver SCS resource group.
-
-      sap_ha_pacemaker_cluster_nwas_colocation_scs_no_ers_name:
-        default: "col_ascs_separate_<SID>"
-        description:
-          - Customize the cluster constraint name for SCS and ERS separation colocation.
-
-      sap_ha_pacemaker_cluster_nwas_order_scs_first_name:
-        default: "ord_ascs_first_<SID>"
-        description:
-          - Customize the cluster constraint name for SCS starting before ERS order.
-
-      ##########################################################################
-      # NetWeaver Central Services (ASCS and SCS) shared parameters
-      ##########################################################################
-
-      sap_ha_pacemaker_cluster_nwas_cs_sapinstance_automatic_recover_bool:
-        type: bool
-        default: false
-        description:
-          - NetWeaver Central Services (ASCS and SCS) instance resource option "AUTOMATIC_RECOVER".
-
-      sap_ha_pacemaker_cluster_nwas_cs_sapinstance_resource_stickiness:
-        default: 5000
-        description:
-          - NetWeaver Central Services (ASCS and SCS) instance resource stickiness attribute.
-
-      sap_ha_pacemaker_cluster_nwas_cs_sapinstance_ensa1_migration_threshold:
-        default: 1
-        description:
-          - NetWeaver Central Services (ASCS and SCS) instance migration-threshold setting attribute.
-          - Only used for ENSA1 setups (see `sap_ha_pacemaker_cluster_nwas_cs_ensa1`).
-            Default setup is ENSA2.
-
-      sap_ha_pacemaker_cluster_nwas_cs_sapinstance_ensa1_failure_timeout:
-        default: 60
-        description:
-          - NetWeaver Central Services (ASCS and SCS) instance failure-timeout attribute.
-          - Only used for ENSA1 setups (see `sap_ha_pacemaker_cluster_nwas_cs_ensa1`).
-            Default setup is ENSA2.
-
-      sap_ha_pacemaker_cluster_nwas_cs_group_stickiness:
-        default: 3000
-        description:
-          - NetWeaver Central Services (ASCS and SCS) resource group stickiness.
-          - Defines how sticky is Central Services group to the node it was started on.
-
-
-      ##########################################################################
-      # NetWeaver ERS specific parameters
-      ##########################################################################
-
-      sap_ha_pacemaker_cluster_nwas_ers_sapinstance_instance_name:
-        description:
-          - The name of the ERS instance, typically the profile name.
-          - Mandatory for the NetWeaver ASCS/ERS and SCS/ERS clusters.
-          - Recommended format <SID>_ERS<ERS-instance-number>_<ERS-hostname>.
-
-      sap_ha_pacemaker_cluster_nwas_ers_sapinstance_start_profile_string:
-        description:
-          - The full path and name of the ERS instance profile.
-          - Mandatory for the NetWeaver ASCS/ERS and SCS/ERS clusters.
-
-      sap_ha_pacemaker_cluster_nwas_ers_sapinstance_automatic_recover_bool:
-        type: bool
-        default: false
-        description:
-          - NetWeaver ERS instance resource option "AUTOMATIC_RECOVER".
-
-      sap_ha_pacemaker_cluster_nwas_ers_filesystem_resource_name:
-        default: rsc_fs_<SID>_ERS<ERS-instance-number>
-        description:
-          - Name of the filesystem resource for the ERS instance.
-
-      sap_ha_pacemaker_cluster_nwas_ers_sapinstance_resource_name:
-        default: rsc_SAPInstance_<SID>_ERS<ERS-instance-number>
-        description:
-          - Name of the ERS instance resource.
-
-      sap_ha_pacemaker_cluster_nwas_ers_sapstartsrv_resource_name:
-        default: rsc_SAPStartSrv_<SID>_ERS<ERS-instance-number>
-        description:
-          - Name of the ERS SAPstartSrv resource for simple mount.
-
-      sap_ha_pacemaker_cluster_vip_nwas_ers_resource_group_name:
-        default: grp_<SID>_ERS<ERS-instance-number>
-        description:
-          - Name of the NetWeaver ERS resource group.
-
-      ##########################################################################
-      # PAS specific parameters
-      ##########################################################################
-
-      # TODO: implement PAS cluster setup
-
-      ##########################################################################
-      # PAS specific parameters
-      ##########################################################################
-
-      # TODO: implement AAS cluster setup
-
-
-      ##########################################################################
-      # Platforms: AWS specific parameters
-      ##########################################################################
-
-      sap_ha_pacemaker_cluster_aws_vip_update_rt:
-        description:
-          - List one more routing table IDs for managing Virtual IP failover through routing table changes.
-          - Multiple routing tables must be defined as a comma-separated string (no spaces).
-          - Mandatory for the VIP resource configuration in AWS EC2 environments.
-
-      sap_ha_pacemaker_cluster_aws_region:
-        description:
-          - The AWS region in which the instances to be used for the cluster setup are located.
-          - Mandatory for cluster nodes setup on AWS EC2 instances.
-
-      sap_ha_pacemaker_cluster_aws_access_key_id:
-        description:
-          - AWS access key to allow control of instances (for example for fencing operations).
-          - "Mandatory for the cluster nodes setup on AWS EC2 instances, when:"
-          - "1. IAM Role or Instance profile is not attached to EC2 instance."
-          - "2. `sap_ha_pacemaker_cluster_aws_credentials_setup` is `true`"
-
-      sap_ha_pacemaker_cluster_aws_secret_access_key:
-        description:
-          - AWS secret key, paired with the access key for instance control.
-          - "Mandatory for the cluster nodes setup on AWS EC2 instances, when:"
-          - "1. IAM Role or Instance profile is not attached to EC2 instance."
-          - "2. `sap_ha_pacemaker_cluster_aws_credentials_setup` is `true`"
-
-      sap_ha_pacemaker_cluster_aws_credentials_setup:
-        description:
-          - Set this parameter to 'true' to store AWS credentials into /root/.aws/credentials.
-          - "Requires: `sap_ha_pacemaker_cluster_aws_access_key_id` and `sap_ha_pacemaker_cluster_aws_secret_access_key`"
-          - "Mandatory for the cluster nodes setup on AWS EC2 instances, when:"
-          - "1. IAM Role or Instance profile is not attached to EC2 instance."
-
-      ##########################################################################
-      # Platforms: GCP specific parameters
-      ##########################################################################
-
-      sap_ha_pacemaker_cluster_gcp_project:
-        description:
-          - Google Cloud project name in which the target instances are installed.
-          - Mandatory for the cluster setup on GCP instances.
-
-      sap_ha_pacemaker_cluster_gcp_region_zone:
-        description:
-          - Google Cloud Platform region zone ID.
-          - Mandatory for the cluster setup on GCP instances.
-
-
-      ##########################################################################
-      # Platforms: IBM Cloud specific parameters - VS and Power VS common
-      ##########################################################################
-
-      sap_ha_pacemaker_cluster_ibmcloud_api_key:
-        description:
-          - The API key which is required to allow the control of instances (for example for fencing
-            operations).
-          - Mandatory for the cluster setup on IBM Cloud Virtual Server instances or IBM Power
-            Virtual Server on IBM Cloud.
-
-      sap_ha_pacemaker_cluster_ibmcloud_region:
-        description:
-          - The IBM Cloud VS region name in which the instances are running.
-          - Mandatory for the cluster setup on IBM Cloud Virtual Server instances or IBM Power
-            Virtual Server on IBM Cloud.
-
-
-      ##########################################################################
-      # Platforms: IBM Power VS on IBM Cloud specific parameters
-      ##########################################################################
-
-      sap_ha_pacemaker_cluster_ibmcloud_powervs_workspace_crn:
-        description:
-          - IBM Power Virtual Server Workspace service cloud resource name (CRN) identifier which
-            contains the target instances
-          - Mandatory for the cluster setup on IBM Power Virtual Server from IBM Cloud.
-
-      sap_ha_pacemaker_cluster_ibmcloud_powervs_api_type:
-        description:
-          - IBM Power Virtual Server API Endpoint type (public or private) dependent on network
-            interface attachments for the target instances.
-          - Mandatory for the cluster setup on IBM Power Virtual Server from IBM Cloud.
-
-      sap_ha_pacemaker_cluster_ibmcloud_powervs_forward_proxy_url:
-        description:
-          - IBM Power Virtual Server forward proxy url when IBM Power Virtual Server API Endpoint
-            type is set to private.
-          - When public network interface, can be ignored.
-          - When private network interface, mandatory for the cluster setup on IBM Power Virtual
-            Server from IBM Cloud.
-
-
-      ##########################################################################
-      # Platforms: MS Azure specific parameters
-      ##########################################################################
-
-      sap_ha_pacemaker_cluster_msazure_subscription_id:
-        description:
-          - Subscription ID of the MS Azure environment containing the target instances.
-          - Mandatory for the cluster setup on MS Azure instances.
-
-      sap_ha_pacemaker_cluster_msazure_resource_group:
-        description:
-          - Resource group name/ID in which the target instances are defined.
-          - Mandatory for the cluster setup on MS Azure instances.
+# SPDX-License-Identifier: Apache-2.0
+---
+# TEMP to fix CFLF
+# Requires: ansible 2.11
+# Argument specifications in this separate file maintain backwards compatibility.
+argument_specs:
+
+# TODO: make 'ha_cluster' role variables the primary names
+# For required variables using aliases do not work and fail the argument validation.
+
+  main:
+    short_description: SAP HA automated cluster setup requirements
+    options:
+
+# Take this template and copy it to the desired place.
+# Add content and remove placeholders that are not needed.
+# Ideally sort by key (variable name) alphabetically.
+#
+#      sap_ha_pacemaker_cluster_
+#        default:
+#        description:
+#           -
+#        example:
+#
+#        required: false
+#        type:
+#        options: # additional options for lists and dicts
+#          <param>:
+#            description:
+#            ...
+
+      #########################################################################
+      # SAP HA role generic parameters
+      #########################################################################
+      sap_ha_pacemaker_cluster_system_roles_collection:
+        default: fedora.linux_system_roles
+        description:
+          - Reference to the Ansible Collection used for the Linux System Roles.
+          - For community/upstream, use 'fedora.linux_system_roles'.
+          - For RHEL System Roles for SAP, or Red Hat Automation Hub, use 'redhat.rhel_system_roles'.
+
+      sap_ha_pacemaker_cluster_create_config_dest:
+        default: review_resource_config.yml
+        description:
+          - The pacemaker cluster resource configuration optionally created by this role will be
+            saved in a Yaml file in the current working directory.
+          - Requires `sap_ha_pacemaker_cluster_create_config_varfile` to be enabled for generating
+            the output file.
+          - Specify a path/filename to save the file in a custom location.
+          - The file can be used as input vars file for an Ansible playbook running the 'ha_cluster'
+            Linux System Role.
+
+      sap_ha_pacemaker_cluster_create_config_varfile:
+        type: bool
+        default: false
+        description:
+          - When enabled, all cluster configuration parameters this role constructs for executing
+            the 'ha_cluster' Linux System role will be written into a file in Yaml format.
+          - This allows using the output file later as input file for additional custom steps using
+            the 'ha_cluster' role and covering the resource configuration in a cluster that was set
+            up using this 'sap_ha_pacemaker_cluster' role.
+          - When enabled this parameters file is also created when the playbook is run in check_mode
+            (`--check`) and can be used to review the configuration parameters without executing
+            actual changes on the target nodes.
+          - WARNING! This report may include sensitive details like secrets required for certain
+            cluster resources!
+
+      sap_ha_pacemaker_cluster_cluster_nodes:
+        type: list
+        description:
+          - List of cluster nodes and associated attributes to describe the target SAP HA environment.
+          - This is required for the HANA System Replication configuration.
+          - Synonym for this parameter is `sap_hana_cluster_nodes`.
+          - Mandatory to be defined for HANA clusters.
+        elements: dict
+        options:
+          node_ip:
+            description:
+              - IP address of the node used for HANA System Replication.
+              - _Optional. Currently not needed/used in cluster configuration._
+          node_name:
+            description:
+              - Hostname of the cluster node.
+              - _Optional. Currently not needed/used in cluster configuration._
+          node_role:
+            choices:
+              - primary
+              - secondary
+            description:
+              - Role of the defined `node_name` in the SAP HANA cluster setup.
+              - There must be only **one** primary, but there can be multiple secondary nodes.
+              - _Optional. Currently not needed/used in cluster configuration._
+          hana_site:
+            description:
+              - Site of the cluster and/or SAP HANA System Replication node (for example 'DC01').
+              - Mandatory for HANA clusters (sudo config for system replication).
+
+        example:
+          sap_ha_pacemaker_cluster_cluster_nodes:
+            - hana_site: DC01
+              node_name: nodeA
+              node_role: primary
+              node_ip: 192.168.5.1
+            - hana_site: DC02
+
+      sap_ha_pacemaker_cluster_resource_defaults:
+        type: dict
+        default:
+          resource-stickiness: 3000
+          migration-threshold: 5000
+        description:
+          - Set default parameters that will be valid for all pacemaker resources.
+        example:
+          sap_ha_pacemaker_cluster_resource_defaults:
+            resource-stickiness: 1000
+            migration-threshold: 5000
+
+      sap_ha_pacemaker_cluster_operation_defaults:
+        type: dict
+        default:
+          timeout: 600
+          record-pending: true
+        description:
+          - Set default operation parameters that will be valid for all pacemaker resources.
+        example:
+          sap_ha_pacemaker_cluster_operation_defaults:
+            timeout: 600
+            record-pending: true
+
+      sap_ha_pacemaker_cluster_host_type:
+        type: list
+        choices:
+#          - hana_scaleup_costopt
+          - hana_scaleup_perf
+#          - hana_scaleup_perf_dr
+#          - hana_scaleout
+          - nwas_abap_ascs_ers
+#          - nwas_abap_pas_aas
+          - nwas_java_scs_ers
+          - sap_webdisp
+        default: hana_scaleup_perf
+        description:
+          - The SAP landscape to for which the cluster is to be configured.
+          - The default is a 2-node SAP HANA scale-up cluster.
+
+#      sap_ha_pacemaker_cluster_replication_type:
+#        choices:
+#          - mtr
+#          - none
+#        default: none
+#        description:
+#          - The type of SAP HANA site replication across multiple hosts.
+#          - _Not yet supported_
+
+      sap_ha_pacemaker_cluster_vip_client_interface:
+        description:
+          - OS device name of the network interface to use for the Virtual IP configuration.
+          - When there is only one interface on the system, its name will be used by default.
+
+      sap_ha_pacemaker_cluster_stonith_custom:
+        type: list
+        description:
+          - Custom list of STONITH resource(s) to be configured in the cluster.
+          - This definition override any defaults the role would apply otherwise.
+          - Definition follows structure of ha_cluster_resource_primitives in linux-system-roles/ha_cluster
+        elements: dict
+        options:
+          id:
+            type: str
+            description:
+              - Parameter `id` is required.
+              - Name that will be used as the resource ID (name).
+            # TODO: Enable to remove Tech debt after name and options are removed!
+            # required: true
+          agent:
+            type: str
+            description:
+              - Resource agent name, must contain the prefix "stonith:" to avoid mismatches or failures.
+            required: true
+          instance_attrs:
+            type: list
+            description:
+              - Defines resource agent params as list of name/value pairs.
+              - Requires the mandatory options for the particular stonith resource agent to be
+                defined, otherwise the setup will fail.
+              - "Example: stonith:fence_sbd agent requires devices option with list of SBD disks."
+              - "Example: stonith:external/sbd agent does not require devices option, but `sap_ha_pacemaker_cluster_sbd_devices`."
+          operations:
+            type: list
+            description:
+              - Defines list of resource agent operations.
+            action:
+              description:
+                - Name of resource agent operation.
+            attrs:
+              description:
+                - Defines operation parameters as list of name/value pairs.
+          meta_attrs:
+            type: list
+            description:
+              - Defines meta attributes as list of name/value pairs.
+          # TODO: Tech Debt: Remove name and options in next release
+          name:
+            type: str
+            description:
+              - WARNING! This option will be removed in future release.
+          # TODO: Tech Debt: Remove name and options in next release
+          options:
+            type: dict
+            description:
+              - WARNING! This option will be removed in future release.
+
+        example:
+          sap_ha_pacemaker_cluster_stonith_custom:
+            - id: "my-fence-resource"
+              agent: "stonith:fence_rhevm"
+              instance_attrs:
+                - attrs:
+                    - name: ip
+                      value: rhevm-server
+                    - name: username
+                      value: login-user
+                    - name: password
+                      value: login-user-password
+                    - name: pcmk_host_list
+                      value: node1,node2
+                    - name: power_wait
+                      value: 3
+              meta_attrs:
+                - attrs:
+                    - name: target-role
+                      value: Started
+              operations:
+                - action: start
+                  attrs:
+                    - name: interval
+                      value: 0
+                    - name: timeout
+                      value: 180
+
+      sap_ha_pacemaker_cluster_sbd_enabled:
+        type: bool
+        description:
+          - Set this parameter to 'true' to enable workflow to add Stonith SBD resource.
+          - Stonith SBD resource has to be provided as part of `sap_ha_pacemaker_cluster_stonith_custom`.
+          - "Default SBD agents are: stonith:external/sbd for SLES and stonith:fence_sbd for RHEL"
+
+        example:
+          sap_ha_pacemaker_cluster_sbd_enabled: true
+          sap_ha_pacemaker_cluster_stonith_custom:
+            - id: stonith_sbd
+              agent: stonith:external/sbd
+              instance_attrs:
+                - attrs:
+                    - name: pcmk_delay_max
+                      value: 15
+          sap_ha_pacemaker_cluster_sbd_devices:
+            - /dev/disk/by-id/scsi-3600
+
+      sap_ha_pacemaker_cluster_sbd_devices:
+        type: list
+        description:
+          - Required if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled.
+          - Provide list of block devices for Stonith SBD agent
+
+        example:
+          sap_ha_pacemaker_cluster_sbd_devices:
+            - /dev/disk/by-id/scsi-3600
+
+      sap_ha_pacemaker_cluster_sbd_options:
+        type: list
+        description:
+          - Optional if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled.
+          - Provide list of SBD specific options that are added into SBD configuration file.
+
+        example:
+          sap_ha_pacemaker_cluster_sbd_options:
+            - name: startmode
+              value: clean
+
+      sap_ha_pacemaker_cluster_sbd_watchdog:
+        type: str
+        default: /dev/watchdog
+        description:
+          - Optional if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled.
+          - Provide watchdog name to override default /dev/watchdog
+
+      sap_ha_pacemaker_cluster_sbd_watchdog_modules:
+        type: list
+        description:
+          - Optional if `sap_ha_pacemaker_cluster_sbd_enabled` is enabled.
+          - Provide list of watchdog kernel modules to be loaded (creates /dev/watchdog* devices).
+
+        example:
+          sap_ha_pacemaker_cluster_sbd_watchdog_modules:
+            - softdog
+
+      sap_ha_pacemaker_cluster_cluster_properties:
+        type: dict
+        default:
+          stonith-enabled: true
+          stonith-timeout: 900
+          concurrent-fencing: true
+        description:
+          - Standard pacemaker cluster properties are configured with recommended settings for
+            cluster node fencing.
+          - When no STONITH resource is defined, STONITH will be disabled and a warning displayed.
+
+        example:
+          sap_ha_pacemaker_cluster_cluster_properties:
+            stonith-enabled: true
+            stonith-timeout: 900
+            concurrent-fencing: true
+
+
+      ##########################################################################
+      # Parameters that are optionally imported from 'ha_cluster' LSR parameters
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_ha_cluster:
+        type: dict
+        description:
+          - The `ha_cluster` LSR native parameter `ha_cluster` can be used as a synonym.
+          - Optional _**host_vars**_ parameter - if defined it must be set for each node.
+          - Dictionary that can contain various node options for the pacemaker cluster configuration.
+          - Supported options can be reviewed in the `ha_cluster` Linux System Role
+            [https://github.com/linux-system-roles/ha_cluster/blob/master/README.md].
+          - If not defined, the `ha_cluster` Linux System Role default will be used.
+
+        example:
+          sap_ha_pacemaker_cluster_ha_cluster:
+            corosync_addresses:
+              - 192.168.1.10
+              - 192.168.2.10
+            node_name: nodeA
+
+
+      sap_ha_pacemaker_cluster_cluster_name:
+        description:
+          - The name of the pacemaker cluster.
+          - Inherits the `ha_cluster` LSR native parameter `ha_cluster_cluster_name` if not defined.
+          - If not defined, the `ha_cluster` Linux System Role default will be used.
+
+      sap_ha_pacemaker_cluster_extra_packages:
+        type: list
+        description:
+          - Additional extra packages to be installed, for instance specific resource packages.
+          - For SAP clusters configured by this role, the relevant standard packages for the target
+            scenario are automatically included.
+
+      sap_ha_pacemaker_cluster_fence_agent_packages:
+        type: list
+        description:
+          - Additional fence agent packages to be installed.
+          - "This is automatically combined with default packages in:"
+          - "`__sap_ha_pacemaker_cluster_fence_agent_packages_minimal`"
+          - "`__sap_ha_pacemaker_cluster_fence_agent_packages_platform`"
+
+      sap_ha_pacemaker_cluster_hacluster_user_password:
+        description:
+          - The password of the `hacluster` user which is created during pacemaker installation.
+          - Inherits the value of `ha_cluster_hacluster_password`, when defined.
+        no_log: true
+        required: true
+
+
+      ##########################################################################
+      # HANA specific parameters
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_hana_sid:
+        description:
+          - The SAP HANA System ID (SID) of the instance that will be configured in the cluster.
+          - The SID must follow SAP specifications - see SAP Note 1979280.
+          - Inherits the value of `sap_hana_sid`, when defined.
+          - Mandatory for SAP HANA cluster scenarios.
+
+      sap_ha_pacemaker_cluster_hana_instance_nr:
+        description:
+          - The instance number of the SAP HANA database which this role will configure in the cluster.
+          - Inherits the value of `sap_hana_instance_number`, when defined.
+          - Mandatory for SAP HANA cluster scenarios.
+
+      sap_ha_pacemaker_cluster_hana_automated_register:
+        type: bool
+        default: true
+        description:
+          - Parameter for the 'SAPHana' cluster resource.
+          - Define if a former primary should be re-registered automatically as secondary.
+
+      sap_ha_pacemaker_cluster_hana_duplicate_primary_timeout:
+        type: int
+        default: 7200
+        description:
+          - Parameter for the 'SAPHana' cluster resource.
+          - Time difference needed between to primary time stamps, if a dual-primary situation occurs.
+          - If the time difference is less than the time gap, then the cluster holds one or both
+            instances in a "WAITING" status.
+          - This is to give an admin a chance to react on a failover. A failed former primary will
+            be registered after the time difference is passed.
+
+      sap_ha_pacemaker_cluster_hana_prefer_site_takeover:
+        type: bool
+        default: true
+        description:
+          - Parameter for the 'SAPHana' cluster resource.
+          - Set to "false" if the cluster should first attempt to restart the instance on the same node.
+          - When set to "true" (default) a failover to secondary will be initiated on resource failure.
+
+      sap_ha_pacemaker_cluster_hana_resource_name:
+        default: "rsc_SAPHana_<SID>_HDB<Instance Number>"
+        description:
+          - Customize the cluster resource name of the SAP HANA DB resource.
+
+      sap_ha_pacemaker_cluster_hana_resource_clone_name:
+        default: "cln_SAPHana_<SID>_HDB<Instance Number>"
+        description:
+          - Customize the cluster resource name of the SAP HANA DB resource clone.
+
+      sap_ha_pacemaker_cluster_hana_resource_clone_msl_name:
+        default: "msl_SAPHana_<SID>_HDB<Instance Number>"
+        description:
+          - Customize the cluster resource name of the SAP HANA DB resource master slave clone.
+          - Master Slave clone is specific to Classic SAPHana resource on SUSE (non-angi).
+
+      sap_ha_pacemaker_cluster_hanacontroller_resource_name:
+        default: "rsc_SAPHanaCon_<SID>_HDB<Instance Number>"
+        description:
+          - Customize the cluster resource name of the SAP HANA Controller.
+
+      sap_ha_pacemaker_cluster_hanacontroller_resource_clone_name:
+        default: "<cln|mst>_SAPHanaCon_<SID>_HDB<Instance Number>"
+        description:
+          - Customize the cluster resource name of the SAP HANA Controller clone.
+
+      sap_ha_pacemaker_cluster_hana_topology_resource_name:
+        default: "rsc_SAPHanaTop_<SID>_HDB<Instance Number>"
+        description:
+          - Customize the cluster resource name of the SAP HANA Topology resource.
+
+      sap_ha_pacemaker_cluster_hana_topology_resource_clone_name:
+        default: "cln_SAPHanaTop_<SID>_HDB<Instance Number>"
+        description:
+          - Customize the cluster resource name of the SAP HANA Topology resource clone.
+
+      sap_ha_pacemaker_cluster_hana_filesystem_resource_name:
+        default: "rsc_SAPHanaFil_<SID>_HDB<Instance Number>"
+        description:
+          - Customize the cluster resource name of the SAP HANA Filesystem.
+
+      sap_ha_pacemaker_cluster_hana_filesystem_resource_clone_name:
+        default: "cln_SAPHanaFil_<SID>_HDB<Instance Number>"
+        description:
+          - Customize the cluster resource name of the SAP HANA Filesystem clone.
+
+      sap_ha_pacemaker_cluster_hana_order_topology_hana_name:
+        default: "ord_saphana_saphanatop_<SID>_HDB<Instance Number>"
+        description:
+          - Customize the cluster constraint name for SAPHana and Topology order.
+
+      sap_ha_pacemaker_cluster_vip_hana_primary_ip_address:
+        description:
+          - The virtual IP of the primary HANA instance.
+          - Mandatory parameter for HANA clusters.
+
+      sap_ha_pacemaker_cluster_vip_hana_primary_resource_name:
+        default: "rsc_vip_<SID>_HDB<Instance Number>_primary"
+        description:
+          - Name of the Virtual IP resource for primary HANA instance.
+
+      sap_ha_pacemaker_cluster_healthcheck_hana_primary_resource_name:
+        default: "rsc_vip_health_check_<SID>_HDB<Instance Number>_primary"
+        description:
+          - Name of the Virtual IP Health Check resource for primary HANA instance.
+
+      sap_ha_pacemaker_cluster_vip_hana_secondary_ip_address:
+        description:
+          - The virtual IP for read-only access to the secondary HANA instance.
+          - Optional parameter in HANA clusters.
+
+      sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name:
+        default: "rsc_vip_<SID>_HDB<Instance Number>_readonly"
+        description:
+          - Name of the Virtual IP resource for read-only HANA instance.
+
+      sap_ha_pacemaker_cluster_healthcheck_hana_secondary_resource_name:
+        default: "rsc_vip_health_check_<SID>_HDB<Instance Number>_readonly"
+        description:
+          - Name of the Virtual IP Health Check resource for read-only HANA instance.
+
+      sap_ha_pacemaker_cluster_hana_order_hana_vip_primary_name:
+        default: "ord_saphana_vip_<SID>_HDB<Instance Number>_primary"
+        description:
+          - Customize the cluster constraint name for VIP and SAPHana primary clone order.
+
+      sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name:
+        default: "ord_saphana_vip_<SID>_HDB<Instance Number>_readonly"
+        description:
+          - Customize the cluster constraint name for VIP and SAPHana secondary clone order.
+
+      sap_ha_pacemaker_cluster_hana_colocation_hana_vip_primary_name:
+        default: "col_saphana_vip_<SID>_HDB<Instance Number>_primary"
+        description:
+          - Customize the cluster constraint name for VIP and SAPHana primary clone colocation.
+
+      sap_ha_pacemaker_cluster_hana_colocation_hana_vip_secondary_name:
+        default: "col_saphana_vip_<SID>_HDB<Instance Number>_readonly"
+        description:
+          - Customize the cluster constraint name for VIP and SAPHana secondary clone colocation.
+
+      sap_ha_pacemaker_cluster_hana_hooks:
+        type: list
+        default: []
+        description:
+          - Customize required list of SAP HANA Hooks
+          - Mandatory to include SAPHanaSR srHook in list.
+          - Mandatory attributes are provider and path.
+          - Example below shows mandatory SAPHanaSR, TkOver and ChkSrv hooks.
+
+        example:
+          sap_ha_pacemaker_cluster_hana_hooks:
+            - provider: SAPHanaSR
+              path: /usr/share/SAPHanaSR/
+              options:
+                - name: execution_order
+                  value: 1
+            - provider: susTkOver
+              path: /usr/share/SAPHanaSR/
+              options:
+                - name: execution_order
+                  value: 2
+            - provider: susChkSrv
+              path: /usr/share/SAPHanaSR/
+              options:
+                - name: execution_order
+                  value: 3
+                - name: action_on_lost
+                  value: stop
+
+      sap_ha_pacemaker_cluster_hana_hook_tkover:
+        type: bool
+        default: false
+        description:
+          - Controls if TkOver srHook is enabled during srHook creation.
+          - It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined.
+
+      sap_ha_pacemaker_cluster_hana_hook_chksrv:
+        type: bool
+        default: false
+        description:
+          - Controls if ChkSrv srHook is enabled during srHook creation.
+          - It is ignored when sap_ha_pacemaker_cluster_hana_hooks is defined.
+
+      sap_ha_pacemaker_cluster_hana_global_ini_path:
+        default: "/usr/sap/<SID>/SYS/global/hdb/custom/config/global.ini"
+        description:
+          - Path with location of global.ini for srHook update
+
+      sap_ha_pacemaker_cluster_saphanasr_angi_detection:
+        default: true
+        description:
+          - Disabling this variable enables to use Classic SAPHanaSR agents even on server,
+            where SAPHanaSR-angi is available.
+          - Value `false` (Classic) is ignored when only SAPHanaSR-angi packages are available.
+
+      ##########################################################################
+      # NetWeaver specific parameters
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_nwas_cs_ers_simple_mount:
+        type: bool
+        default: true
+        description:
+          - Enables preferred method for Central Services (ASCS or SCS) ENSA2 clusters - Simple Mount.
+          - Set this parameter to 'true' to configure ENSA2 Simple Mount.
+
+      sap_ha_pacemaker_cluster_nwas_cs_ensa1:
+        type: bool
+        default: false
+        description:
+          - The standard NetWeaver Central Services cluster will be set up as ENSA2.
+          - Set this parameter to 'true' to configure it as ENSA1.
+
+      sap_ha_pacemaker_cluster_enable_cluster_connector:
+        type: bool
+        default: true
+        description:
+          - Enables/Disables the SAP HA Interface for SAP ABAP application server instances, also
+            known as `sap_cluster_connector`.
+          - Set this parameter to 'false' if the SAP HA interface should not be installed and configured.
+
+      sap_ha_pacemaker_cluster_nwas_sid:
+        description:
+          - System ID (SID) of the NetWeaver instances in Capital letters.
+          - Defaults to `sap_swpm_sid` if defined.
+          - Mandatory for NetWeaver cluster scenarios.
+
+      sap_ha_pacemaker_cluster_nwas_ascs_instance_nr:
+        description:
+          - Instance number of the NetWeaver ABAP Central Services (ASCS) instance.
+          - Mandatory for NetWeaver ASCS/ERS cluster configuration.
+
+      sap_ha_pacemaker_cluster_nwas_scs_instance_nr:
+        description:
+          - Instance number of the NetWeaver Central Services (SCS) instance.
+          - Mandatory for NetWeaver SCS/ERS cluster configuration.
+
+      sap_ha_pacemaker_cluster_nwas_ers_instance_nr:
+        description:
+          - Instance number of the NetWeaver Enqueue Replication Service (ERS) instance.
+          - Mandatory for NetWeaver ASCS/ERS and SCS/ERS cluster configuration.
+
+      sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr:
+        description:
+          - Instance number of the NetWeaver ABAP PAS instance.
+          - Mandatory for NetWeaver PAS cluster configuration.
+
+      sap_ha_pacemaker_cluster_nwas_abap_aas_instance_nr:
+        description:
+          - Instance number of the NetWeaver ABAP AAS instance.
+          - Mandatory for NetWeaver AAS cluster configuration.
+
+      sap_ha_pacemaker_cluster_storage_definition:
+        type: list
+        description:
+          - List of filesystem definitions used for filesystem cluster resources.
+          - Options relevant, see example.
+          - Mandatory for SAP NetWeaver cluster without Simple Mount.
+          - Reuse `sap_storage_setup_definition` if defined.
+          - Reuse `sap_storage_setup_definition` will extract values 'mountpoint',
+            'nfs_filesystem_type', 'nfs_mount_options', 'nfs_path', 'nfs_server'.
+          - Reuse `sap_storage_setup_definition` all options are documented under Ansible Role
+            `sap_storage_setup`.
+          - Note! For this variable, the argument specification does not list options, to avoid
+            errors during reuse of `sap_storage_setup_definition` if defined.
+        elements: dict
+
+        example:
+          sap_ha_pacemaker_cluster_storage_definition:
+            - name: usr_sap
+              mountpoint: /usr/sap
+              nfs_path: /usr/sap
+              nfs_server: "nfs-server.example.com:/"
+            - name: usr_sap_trans
+              mountpoint: /usr/sap/trans
+              nfs_path: /usr/sap/trans
+              nfs_server: "nfs-server.example.com:/"
+            - name: sapmnt
+              mountpoint: /sapmnt
+              nfs_filesystem_type: nfs
+              nfs_mount_options: defaults
+              nfs_path: /sapmnt
+              nfs_server: "nfs-server.example.com:/"
+
+
+      sap_ha_pacemaker_cluster_storage_nfs_filesystem_type:
+        default: nfs
+        description:
+          - Filesystem type of the NFS filesystems that are part of the cluster configuration.
+
+      sap_ha_pacemaker_cluster_storage_nfs_mount_options:
+        default: defaults
+        description:
+          - Mount options of the NFS filesystems that are part of the cluster configuration.
+
+      sap_ha_pacemaker_cluster_storage_nfs_server:
+        description:
+          - Default address of the NFS server, if not defined individually by filesystem.
+
+      sap_ha_pacemaker_cluster_vip_nwas_ascs_ip_address:
+        description:
+          - Virtual IP of the NetWeaver ABAP Central Services (ASCS) instance.
+          - Mandatory for NetWeaver ASCS/ERS cluster setup.
+
+      sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_name:
+        default: rsc_vip_<SID>_ASCS<ASCS-instance-number>
+        description:
+          - Name of the Virtual IP resource for NetWeaver ABAP Central Services (ASCS).
+
+      sap_ha_pacemaker_cluster_healthcheck_nwas_ascs_resource_name:
+        default: rsc_vip_health_check_<SID>_ASCS<ASCS-instance-number>
+        description:
+          - Name of the Virtual IP Health Check resource for NetWeaver ABAP Central Services (ASCS).
+
+      sap_ha_pacemaker_cluster_vip_nwas_scs_ip_address:
+        description:
+          - Virtual IP of the NetWeaver Central Services (SCS) instance.
+          - Mandatory for NetWeaver SCS/ERS cluster setup.
+
+      sap_ha_pacemaker_cluster_vip_nwas_scs_resource_name:
+        default: rsc_vip_<SID>_SCS<SCS-instance-number>
+        description:
+          - Name of the Virtual IP resource for NetWeaver Central Services (SCS).
+
+      sap_ha_pacemaker_cluster_healthcheck_nwas_scs_resource_name:
+        default: rsc_vip_health_check_<SID>_SCS<SCS-instance-number>
+        description:
+          - Name of the Virtual IP Health Check resource for NetWeaver Central Services (SCS).
+
+      sap_ha_pacemaker_cluster_vip_nwas_ers_ip_address:
+        description:
+          - Virtual IP of the NetWeaver Enqueue Replication Service (ERS) instance.
+          - Mandatory for NetWeaver ASCS/ERS and SCS/ERS cluster setup.
+
+      sap_ha_pacemaker_cluster_vip_nwas_ers_resource_name:
+        default: rsc_vip_<SID>_ERS<ERS-instance-number>
+        description:
+          - Name of the Virtual IP resource for NetWeaver Enqueue Replication Service (ERS).
+
+      sap_ha_pacemaker_cluster_healthcheck_nwas_ers_resource_name:
+        default: rsc_vip_health_check_<SID>_ERS<ERS-instance-number>
+        description:
+          - Name of the Virtual IP Health Check resource for NetWeaver Enqueue Replication Service (ERS).
+
+      sap_ha_pacemaker_cluster_vip_nwas_abap_pas_ip_address:
+        description:
+          - Virtual IP of the NetWeaver PAS instance.
+          - Mandatory for NetWeaver PAS cluster setup.
+
+      sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name:
+        default: rsc_vip_<SID>_PAS<PAS-instance-number>
+        description:
+          - Name of the Virtual IP resource for NetWeaver PAS.
+
+      sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_resource_name:
+        default: rsc_vip_health_check_<SID>_PAS<PAS-instance-number>
+        description:
+          - Name of the Virtual IP Health Check resource for NetWeaver PAS.
+
+      sap_ha_pacemaker_cluster_vip_nwas_abap_aas_ip_address:
+        description:
+          - Virtual IP of the NetWeaver AAS instance.
+          - Mandatory for NetWeaver AAS cluster setup.
+
+      sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name:
+        default: rsc_vip_<SID>_AAS<AAS-instance-number>
+        description:
+          - Name of the Virtual IP resource for NetWeaver AAS.
+
+      sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_resource_name:
+        default: rsc_vip_health_check_<SID>_AAS<AAS-instance-number>
+        description:
+          - Name of the Virtual IP Health Check resource for NetWeaver AAS.
+
+      sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_name:
+        default: rsc_fs_<SID>_sapmnt
+        description:
+          - Filesystem resource name for the shared filesystem /sapmnt.
+          - Optional, this is typically managed by the OS, but can as well be added to the cluster
+            configuration.
+          - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+
+      sap_ha_pacemaker_cluster_nwas_sapmnt_filesystem_resource_clone_name:
+        default: cln_fs_<SID>_sapmnt
+        description:
+          - Filesystem resource clone name for the shared filesystem /sapmnt.
+          - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+
+      sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_name:
+        default: rsc_fs_<SID>_trans
+        description:
+          - Filesystem resource name for the transports filesystem /usr/sap/trans.
+          - Optional, this is typically managed by the OS, but can as well be added to the cluster
+            configuration.
+          - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+
+      sap_ha_pacemaker_cluster_nwas_transports_filesystem_resource_clone_name:
+        default: cln_fs_<SID>_trans
+        description:
+          - Filesystem resource clone name for the shared filesystem /usr/sap/trans.
+          - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+
+      sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_name:
+        default: rsc_fs_<SID>_sys
+        description:
+          - Filesystem resource name for the transports filesystem /usr/sap/<SID>/SYS.
+          - Optional, this is typically managed by the OS, but can as well be added to the cluster
+            configuration.
+          - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+
+      sap_ha_pacemaker_cluster_nwas_sys_filesystem_resource_clone_name:
+        default: cln_fs_<SID>_sys
+        description:
+          - Filesystem resource clone name for the shared filesystem /usr/sap/<SID>/SYS.
+          - Enable this resource setup using `sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed`.
+
+      sap_ha_pacemaker_cluster_nwas_shared_filesystems_cluster_managed:
+        type: bool
+        default: false
+        description:
+          - Change this parameter to 'true' if the 3 shared filesystems `/usr/sap/trans`,
+            `/usr/sap/<SID>/SYS` and '/sapmnt' shall be configured as cloned cluster resources.
+
+      ##########################################################################
+      # NetWeaver ABAP Central Services (ASCS) specific parameters
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_instance_name:
+        description:
+          - The name of the ASCS instance, typically the profile name.
+          - Mandatory for the NetWeaver ASCS/ERS cluster setup
+          - Recommended format <SID>_ASCS<ASCS-instance-number>_<ASCS-hostname>
+
+      sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_start_profile_string:
+        description:
+          - The full path and name of the ASCS instance profile.
+          - Mandatory for the NetWeaver ASCS/ERS cluster setup.
+
+      sap_ha_pacemaker_cluster_nwas_ascs_filesystem_resource_name:
+        default: rsc_fs_<SID>_ASCS<ASCS-instance-number>
+        description:
+          - Name of the filesystem resource for the ASCS instance.
+
+      sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_resource_name:
+        default: rsc_SAPInstance_<SID>_ASCS<ASCS-instance-number>
+        description:
+          - Name of the ASCS instance resource.
+
+      sap_ha_pacemaker_cluster_nwas_ascs_sapstartsrv_resource_name:
+        default: rsc_SAPStartSrv_<SID>_ASCS<ASCS-instance-number>
+        description:
+          - Name of the ASCS SAPStartSrv resource for simple mount.
+
+      sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_group_name:
+        default: grp_<SID>_ASCS<ASCS-instance-number>
+        description:
+          - Name of the NetWeaver ASCS resource group.
+
+      sap_ha_pacemaker_cluster_nwas_colocation_ascs_no_ers_name:
+        default: "col_ascs_separate_<SID>"
+        description:
+          - Customize the cluster constraint name for ASCS and ERS separation colocation.
+
+      sap_ha_pacemaker_cluster_nwas_order_ascs_first_name:
+        default: "ord_ascs_first_<SID>"
+        description:
+          - Customize the cluster constraint name for ASCS starting before ERS order.
+
+      ##########################################################################
+      # NetWeaver Central Services (SCS) specific parameters
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_nwas_scs_sapinstance_instance_name:
+        description:
+          - The name of the SCS instance, typically the profile name.
+          - Mandatory for the NetWeaver SCS/ERS cluster setup
+          - Recommended format <SID>_SCS<SCS-instance-number>_<SCS-hostname>
+
+      sap_ha_pacemaker_cluster_nwas_scs_sapinstance_start_profile_string:
+        description:
+          - The full path and name of the SCS instance profile.
+          - Mandatory for the NetWeaver SCS/ERS cluster setup.
+
+      sap_ha_pacemaker_cluster_nwas_scs_filesystem_resource_name:
+        default: rsc_fs_<SID>_SCS<SCS-instance-number>
+        description:
+          - Name of the filesystem resource for the SCS instance.
+
+      sap_ha_pacemaker_cluster_nwas_scs_sapinstance_resource_name:
+        default: rsc_SAPInstance_<SID>_SCS<SCS-instance-number>
+        description:
+          - Name of the SCS instance resource.
+
+      sap_ha_pacemaker_cluster_nwas_scs_sapstartsrv_resource_name:
+        default: rsc_SAPStartSrv_<SID>_SCS<SCS-instance-number>
+        description:
+          - Name of the SCS SAPStartSrv resource for simple mount.
+
+      sap_ha_pacemaker_cluster_vip_nwas_scs_resource_group_name:
+        default: grp_<SID>_SCS<SCS-instance-number>
+        description:
+          - Name of the NetWeaver SCS resource group.
+
+      sap_ha_pacemaker_cluster_nwas_colocation_scs_no_ers_name:
+        default: "col_ascs_separate_<SID>"
+        description:
+          - Customize the cluster constraint name for SCS and ERS separation colocation.
+
+      sap_ha_pacemaker_cluster_nwas_order_scs_first_name:
+        default: "ord_ascs_first_<SID>"
+        description:
+          - Customize the cluster constraint name for SCS starting before ERS order.
+
+      ##########################################################################
+      # NetWeaver Central Services (ASCS and SCS) shared parameters
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_nwas_cs_sapinstance_automatic_recover_bool:
+        type: bool
+        default: false
+        description:
+          - NetWeaver Central Services (ASCS and SCS) instance resource option "AUTOMATIC_RECOVER".
+
+      sap_ha_pacemaker_cluster_nwas_cs_sapinstance_resource_stickiness:
+        default: 5000
+        description:
+          - NetWeaver Central Services (ASCS and SCS) instance resource stickiness attribute.
+
+      sap_ha_pacemaker_cluster_nwas_cs_sapinstance_ensa1_migration_threshold:
+        default: 1
+        description:
+          - NetWeaver Central Services (ASCS and SCS) instance migration-threshold setting attribute.
+          - Only used for ENSA1 setups (see `sap_ha_pacemaker_cluster_nwas_cs_ensa1`).
+            Default setup is ENSA2.
+
+      sap_ha_pacemaker_cluster_nwas_cs_sapinstance_ensa1_failure_timeout:
+        default: 60
+        description:
+          - NetWeaver Central Services (ASCS and SCS) instance failure-timeout attribute.
+          - Only used for ENSA1 setups (see `sap_ha_pacemaker_cluster_nwas_cs_ensa1`).
+            Default setup is ENSA2.
+
+      sap_ha_pacemaker_cluster_nwas_cs_group_stickiness:
+        default: 3000
+        description:
+          - NetWeaver Central Services (ASCS and SCS) resource group stickiness.
+          - Defines how sticky is Central Services group to the node it was started on.
+
+
+      ##########################################################################
+      # NetWeaver ERS specific parameters
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_nwas_ers_sapinstance_instance_name:
+        description:
+          - The name of the ERS instance, typically the profile name.
+          - Mandatory for the NetWeaver ASCS/ERS and SCS/ERS clusters.
+          - Recommended format <SID>_ERS<ERS-instance-number>_<ERS-hostname>.
+
+      sap_ha_pacemaker_cluster_nwas_ers_sapinstance_start_profile_string:
+        description:
+          - The full path and name of the ERS instance profile.
+          - Mandatory for the NetWeaver ASCS/ERS and SCS/ERS clusters.
+
+      sap_ha_pacemaker_cluster_nwas_ers_sapinstance_automatic_recover_bool:
+        type: bool
+        default: false
+        description:
+          - NetWeaver ERS instance resource option "AUTOMATIC_RECOVER".
+
+      sap_ha_pacemaker_cluster_nwas_ers_filesystem_resource_name:
+        default: rsc_fs_<SID>_ERS<ERS-instance-number>
+        description:
+          - Name of the filesystem resource for the ERS instance.
+
+      sap_ha_pacemaker_cluster_nwas_ers_sapinstance_resource_name:
+        default: rsc_SAPInstance_<SID>_ERS<ERS-instance-number>
+        description:
+          - Name of the ERS instance resource.
+
+      sap_ha_pacemaker_cluster_nwas_ers_sapstartsrv_resource_name:
+        default: rsc_SAPStartSrv_<SID>_ERS<ERS-instance-number>
+        description:
+          - Name of the ERS SAPstartSrv resource for simple mount.
+
+      sap_ha_pacemaker_cluster_vip_nwas_ers_resource_group_name:
+        default: grp_<SID>_ERS<ERS-instance-number>
+        description:
+          - Name of the NetWeaver ERS resource group.
+
+      ##########################################################################
+      # PAS specific parameters
+      ##########################################################################
+
+      # TODO: implement PAS cluster setup
+
+      ##########################################################################
+      # PAS specific parameters
+      ##########################################################################
+
+      # TODO: implement AAS cluster setup
+
+      #########################################################################
+      # WebDisp specific parameters
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_wdp_sid:
+        description:
+          - System ID (SID) of the Web Dispatcher in Capital letters.
+          - Defaults to `sap_swpm_wdp_sid` if defined.
+          - Mandatory for Web Dispatcher cluster scenarios.
+
+      sap_ha_pacemaker_cluster_wdp_instance_nr:
+        description:
+          - Instance number of the Web Dispatcher instance.
+          - Defaults to `sap_swpm_wdp_instance_nr` if defined.
+          - Mandatory for Web Dispatcher cluster configuration.
+
+      sap_ha_pacemaker_cluster_vip_wdp_ip_address:
+        description:
+          - Virtual IP of the Web Dispatcher instance.
+          - Mandatory for the Web Dispatcher cluster setup.
+
+      sap_ha_pacemaker_cluster_vip_wdp_resource_name:
+        default: rsc_vip_<WDSID>_WDP<WebDisp-instance-number>
+        description:
+          - Name of the Virtual IP resource for Web Dispatcher.
+
+      sap_ha_pacemaker_cluster_healthcheck_wdp_resource_name:
+        default: rsc_vip_health_check_<WDSID>_WDP<WebDisp-instance-number>
+        description:
+          - Name of the Virtual IP Health Check resource for Web Dispatcher.
+
+      sap_ha_pacemaker_cluster_wdp_sapinstance_instance_name:
+        description:
+          - The name of the WebDisp instance, typically the profile name.
+          - Mandatory for the Web Dispatcher cluster setup.
+          - Recommended format <WDSID>_W<WebDisp-instance-number>_<WebDisp-hostname>
+
+      sap_ha_pacemaker_cluster_wdp_sapinstance_start_profile_string:
+        description:
+          - The full path and name of the WebDisp instance profile.
+          - Mandatory for the Web Dispatcher cluster setup.
+
+      sap_ha_pacemaker_cluster_wdp_filesystem_resource_name:
+        default: rsc_fs_<WDSID>_WDP<WebDisp-instance-number>
+        description:
+          - Name of the filesystem resource for the WebDisp instance.
+
+      sap_ha_pacemaker_cluster_wdp_sapinstance_resource_name:
+        default: rsc_SAPInstance_<WDSID>_WDP<WebDisp-instance-number>
+        description:
+          - Name of the WebDisp instance resource.
+
+      sap_ha_pacemaker_cluster_wdp_sapstartsrv_resource_name:
+        default: rsc_SAPStartSrv_<WDSID>_WDP<WebDisp-instance-number>
+        description:
+          - Name of the WebDisp SAPStartSrv resource for simple mount.
+
+      sap_ha_pacemaker_cluster_vip_wdp_resource_group_name:
+        default: grp_<WDSID>_WDP<WebDisp-instance-number>
+        description:
+          - Name of the NetWeaver WebDisp resource group.
+
+      sap_ha_pacemaker_cluster_wdp_sapinstance_automatic_recover_bool:
+        type: bool
+        default: false
+        description:
+          - Web Dispatcher instance resource option "AUTOMATIC_RECOVER".
+
+      sap_ha_pacemaker_cluster_wdp_sapinstance_resource_stickiness:
+        default: 5000
+        description:
+          - Web Dispatcher instance resource stickiness attribute.
+
+      sap_ha_pacemaker_cluster_wdp_group_stickiness:
+        default: 3000
+        description:
+          - Web Dispatcher resource group stickiness.
+          - Defines how sticky is Web Dispatcher group to the node it was started on.
+
+
+      ##########################################################################
+      # Platforms: AWS specific parameters
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_aws_vip_update_rt:
+        description:
+          - List one more routing table IDs for managing Virtual IP failover through routing table changes.
+          - Multiple routing tables must be defined as a comma-separated string (no spaces).
+          - Mandatory for the VIP resource configuration in AWS EC2 environments.
+
+      sap_ha_pacemaker_cluster_aws_region:
+        description:
+          - The AWS region in which the instances to be used for the cluster setup are located.
+          - Mandatory for cluster nodes setup on AWS EC2 instances.
+
+      sap_ha_pacemaker_cluster_aws_access_key_id:
+        description:
+          - AWS access key to allow control of instances (for example for fencing operations).
+          - "Mandatory for the cluster nodes setup on AWS EC2 instances, when:"
+          - "1. IAM Role or Instance profile is not attached to EC2 instance."
+          - "2. `sap_ha_pacemaker_cluster_aws_credentials_setup` is `true`"
+
+      sap_ha_pacemaker_cluster_aws_secret_access_key:
+        description:
+          - AWS secret key, paired with the access key for instance control.
+          - "Mandatory for the cluster nodes setup on AWS EC2 instances, when:"
+          - "1. IAM Role or Instance profile is not attached to EC2 instance."
+          - "2. `sap_ha_pacemaker_cluster_aws_credentials_setup` is `true`"
+
+      sap_ha_pacemaker_cluster_aws_credentials_setup:
+        description:
+          - Set this parameter to 'true' to store AWS credentials into /root/.aws/credentials.
+          - "Requires: `sap_ha_pacemaker_cluster_aws_access_key_id` and `sap_ha_pacemaker_cluster_aws_secret_access_key`"
+          - "Mandatory for the cluster nodes setup on AWS EC2 instances, when:"
+          - "1. IAM Role or Instance profile is not attached to EC2 instance."
+
+      ##########################################################################
+      # Platforms: GCP specific parameters
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_gcp_project:
+        description:
+          - Google Cloud project name in which the target instances are installed.
+          - Mandatory for the cluster setup on GCP instances.
+
+      sap_ha_pacemaker_cluster_gcp_region_zone:
+        description:
+          - Google Cloud Platform region zone ID.
+          - Mandatory for the cluster setup on GCP instances.
+
+
+      ##########################################################################
+      # Platforms: IBM Cloud specific parameters - VS and Power VS common
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_ibmcloud_api_key:
+        description:
+          - The API key which is required to allow the control of instances (for example for fencing
+            operations).
+          - Mandatory for the cluster setup on IBM Cloud Virtual Server instances or IBM Power
+            Virtual Server on IBM Cloud.
+
+      sap_ha_pacemaker_cluster_ibmcloud_region:
+        description:
+          - The IBM Cloud VS region name in which the instances are running.
+          - Mandatory for the cluster setup on IBM Cloud Virtual Server instances or IBM Power
+            Virtual Server on IBM Cloud.
+
+
+      ##########################################################################
+      # Platforms: IBM Power VS on IBM Cloud specific parameters
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_ibmcloud_powervs_workspace_crn:
+        description:
+          - IBM Power Virtual Server Workspace service cloud resource name (CRN) identifier which
+            contains the target instances
+          - Mandatory for the cluster setup on IBM Power Virtual Server from IBM Cloud.
+
+      sap_ha_pacemaker_cluster_ibmcloud_powervs_api_type:
+        description:
+          - IBM Power Virtual Server API Endpoint type (public or private) dependent on network
+            interface attachments for the target instances.
+          - Mandatory for the cluster setup on IBM Power Virtual Server from IBM Cloud.
+
+      sap_ha_pacemaker_cluster_ibmcloud_powervs_forward_proxy_url:
+        description:
+          - IBM Power Virtual Server forward proxy url when IBM Power Virtual Server API Endpoint
+            type is set to private.
+          - When public network interface, can be ignored.
+          - When private network interface, mandatory for the cluster setup on IBM Power Virtual
+            Server from IBM Cloud.
+
+
+      ##########################################################################
+      # Platforms: MS Azure specific parameters
+      ##########################################################################
+
+      sap_ha_pacemaker_cluster_msazure_subscription_id:
+        description:
+          - Subscription ID of the MS Azure environment containing the target instances.
+          - Mandatory for the cluster setup on MS Azure instances.
+
+      sap_ha_pacemaker_cluster_msazure_resource_group:
+        description:
+          - Resource group name/ID in which the target instances are defined.
+          - Mandatory for the cluster setup on MS Azure instances.
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_hana.yml
index 52aeff02..d29a7ed2 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_hana.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_hana.yml
@@ -16,7 +16,9 @@
         cmd: dnf provides sap-hana-ha
       changed_when: false
       register: __sap_ha_pacemaker_cluster_saphanasr_angi_check
-      failed_when: false
+      failed_when:
+        - __sap_ha_pacemaker_cluster_saphanasr_angi_check.rc != 0
+        - __sap_ha_pacemaker_cluster_saphanasr_angi_check.rc != 1
 
       # The provision role should not fix packages if run against systems that
       # were previously installed with the conflicting packages. System state is
@@ -42,6 +44,9 @@
           Alternatively: Disable the package detection
           (sap_ha_pacemaker_cluster_saphanasr_angi_detection = false)
           to continue the setup using the installed resource agents.
+      when:
+        - __sap_ha_pacemaker_cluster_saphanasr_angi_check is defined
+        - __sap_ha_pacemaker_cluster_saphanasr_angi_check.rc == 0
 
     - name: "SAP HA Prepare Pacemaker - Set fact angi_available"
       ansible.builtin.set_fact:
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_nwas_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_nwas_ascs_ers.yml
new file mode 100644
index 00000000..00fc8df4
--- /dev/null
+++ b/roles/sap_ha_pacemaker_cluster/tasks/RedHat/pre_steps_nwas_ascs_ers.yml
@@ -0,0 +1,24 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# Identify the version of the resource agents and disable
+# the use of "SimpleMount" if a minimum version is not satisfied.
+
+- name: "SAP HA Prepare Pacemaker - Block for detection of 'SAPStartSrv' availability"
+  block:
+
+    - name: "SAP HA Prepare Pacemaker - Check the resource agents package"
+      ansible.builtin.shell:
+        set -o pipefail && \
+          dnf info resource-agents-sap | awk '/^Version/ {print $3}' | sort | tail -n1
+      register: __sap_ha_pacemaker_cluster_sapstartsrv_check
+      changed_when: false
+      failed_when: false
+
+    - name: "SAP HA Prepare Pacemaker - Disable Simple Mount when min. package version is not available"
+      ansible.builtin.set_fact:
+        __sap_ha_pacemaker_cluster_nwas_cs_ers_simple_mount: false
+      when:
+        - sap_ha_pacemaker_cluster_nwas_cs_ers_simple_mount | bool
+        - __sap_ha_pacemaker_cluster_sapstartsrv_check.stdout is defined
+        - __sap_ha_pacemaker_cluster_sapstartsrv_check.stdout | length > 0
+        - "(__sap_ha_pacemaker_cluster_sapstartsrv_check.stdout) is version(__sap_ha_pacemaker_cluster_nwas_simple_mount_version, '<')"
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml
index 6f6d031e..3e2d2f04 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/Suse/pre_steps_hana.yml
@@ -6,7 +6,8 @@
 # This is destructive step if executed on running cluster
 # without proper migration from SAPHanaSR to SAPHanaSR-angi!
 
-- name: "SAP HA Prepare Pacemaker - Block for detection of SAPHanaSR-angi"
+
+- name: "SAP HA Prepare Pacemaker - Block for preparation of SAPHanaSR-angi HANA cluster"
   when: (sap_ha_pacemaker_cluster_saphanasr_angi_detection | bool)
   block:
     # Requirement for package_facts Ansible Module
@@ -27,6 +28,8 @@
       register: __sap_ha_pacemaker_cluster_zypper_angi_check
       failed_when: false
 
+
+    # Uninstall SAPHanaSR package on SLES 15
     # package can be replaced with "rpm -e --nodeps {{ item }}"
     - name: "SAP HA Prepare Pacemaker - Remove SAPHanaSR and SAPHanaSR-doc"
       ansible.builtin.package:
@@ -39,6 +42,8 @@
         - __sap_ha_pacemaker_cluster_zypper_angi_check is defined
         - __sap_ha_pacemaker_cluster_zypper_angi_check.rc == 0
         - "'SAPHanaSR' in ansible_facts.packages"
+        # SAPHanaSR (Classic) is not available on SLES 16
+        - ansible_distribution_major_version | int < 16
 
     - name: "SAP HA Prepare Pacemaker - Set fact angi_available"
       ansible.builtin.set_fact:
@@ -46,3 +51,43 @@
       when:
         - __sap_ha_pacemaker_cluster_zypper_angi_check is defined
         - __sap_ha_pacemaker_cluster_zypper_angi_check.rc == 0
+
+
+- name: "SAP HA Prepare Pacemaker - Block for preparation of Classic HANA cluster"
+  when:
+    - not (sap_ha_pacemaker_cluster_saphanasr_angi_detection | bool)
+    # SAPHanaSR (Classic) is not available on SLES 16
+    - ansible_distribution_major_version | int < 16
+  block:
+    # Requirement for package_facts Ansible Module
+    # SLES: Ensure OS Package for Python Lib of rpm bindings is enabled for System Python
+    - name: "SAP HA Prepare Pacemaker - Ensure python3-rpm package is present"
+      ansible.builtin.package:
+        name: python3-rpm
+        state: present
+
+    - name: "SAP HA Prepare Pacemaker - Gather installed packages facts"
+      ansible.builtin.package_facts:
+        manager: auto
+
+    # package can be replaced with "rpm -e --nodeps {{ item }}"
+    - name: "SAP HA Prepare Pacemaker - Remove SAPHanaSR-angi"
+      ansible.builtin.package:
+        name: "{{ item }}"
+        state: absent
+      loop:
+        - SAPHanaSR-angi
+      when:
+        - "'SAPHanaSR-angi' in ansible_facts.packages"
+
+    - name: "SAP HA Prepare Pacemaker - Set fact angi_available"
+      ansible.builtin.set_fact:
+        __sap_ha_pacemaker_cluster_saphanasr_angi_available: false
+
+
+# Ensure that angi flag is always set for SLES 16
+- name: "SAP HA Prepare Pacemaker - Ensure angi_available is set for SLES 16"
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_saphanasr_angi_available: true
+  when:
+    - ansible_distribution_major_version | int > 15
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/ascertain_sap_landscape.yml b/roles/sap_ha_pacemaker_cluster/tasks/ascertain_sap_landscape.yml
index 26cdb2be..4761aa60 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/ascertain_sap_landscape.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/ascertain_sap_landscape.yml
@@ -1,5 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
+# TEMP to fix CFLF
 # The following tasks will check which SAP landscape can be configured with
 # the provided parameters.
 # It will validate if requirements are met for the cluster configuration.
@@ -32,6 +33,20 @@
   when:
     - sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup') | length > 0
 
+# Host type rules:
+# - there can only be 0 or 1 HANA type in the list
+# - there can only be 0 or 1 NW (A)SCS/ERS type in the list
+- name: "SAP HA Prepare Pacemaker - Make sure that the host_type combination is valid"
+  ansible.builtin.assert:
+    that:
+      - sap_ha_pacemaker_cluster_host_type | select('search', 'hana') | length < 2
+      - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_.*_ers') | length < 2
+    fail_msg: |
+      Host type = {{ sap_ha_pacemaker_cluster_host_type }}
+
+      Conflicting host types found!
+      There can only be max. 1 HANA and/or 1 NWAS (A)SCS/ERS type in the same definition.
+
 - name: "SAP HA Prepare Pacemaker - Include HANA specific variables"
   ansible.builtin.include_tasks:
     file: include_vars_hana.yml
@@ -39,7 +54,16 @@
     - sap_ha_pacemaker_cluster_host_type | select('search', 'hana') | length > 0
 
 - name: "SAP HA Prepare Pacemaker - Include NETWEAVER specific variables"
+  tags: nwas_postinst
   ansible.builtin.include_tasks:
     file: include_vars_nwas.yml
+    apply:
+      tags: nwas_postinst
   when:
     - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas') | length > 0
+
+- name: "SAP HA Prepare Pacemaker - Include Web Dispatcher specific variables"
+  ansible.builtin.include_tasks:
+    file: include_vars_webdisp.yml
+  when:
+    - sap_ha_pacemaker_cluster_host_type | select('search', 'webdisp') | length > 0
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_abap_ascs_ers_post_install.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_abap_ascs_ers_post_install.yml
index e4c9158e..972c3c23 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_abap_ascs_ers_post_install.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_abap_ascs_ers_post_install.yml
@@ -26,21 +26,6 @@
   retries: 30
   delay: 10
 
-# Comment out lines in /usr/sap/sapservices, which
-# - contain the target instance profile names
-# - are not commented out yet
-- name: "SAP HA Pacemaker - Update /usr/sap/sapservices"
-  ansible.builtin.replace:
-    path: /usr/sap/sapservices
-    backup: true
-    regexp: '^([^#\n].+{{ sapserv_item }}.+)$'
-    replace: '# \1'
-  loop:
-    - "{{ __sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_instance_name }}"
-    - "{{ __sap_ha_pacemaker_cluster_nwas_ers_sapinstance_instance_name }}"
-  loop_control:
-    loop_var: sapserv_item
-
 - name: "SAP HA Pacemaker - (systemd) Check for ASCS/ERS services"
   ansible.builtin.stat:
     path: "/etc/systemd/system/SAP{{ __sap_ha_pacemaker_cluster_nwas_sid }}_{{ systemd_item }}.service"
@@ -54,27 +39,55 @@
 
 - name: "SAP HA Pacemaker - (systemd) Save found ASCS/ERS services"
   ansible.builtin.set_fact:
-    sap_ha_pacemaker_cluster_instance_services_fact: "{{
+    sap_ha_pacemaker_cluster_instance_service_node_fact: "{{
       __sap_ha_pacemaker_cluster_register_instance_service.results
       | selectattr('stat.exists')
       | map(attribute='stat.path')
       | regex_replace('/etc/systemd/system/', '')
       }}"
 
+- name: "SAP HA Pacemaker - (systemd) Combine instance services from all nodes"
+  ansible.builtin.set_fact:
+    sap_ha_pacemaker_cluster_instance_service_all_fact: "{{
+      (sap_ha_pacemaker_cluster_instance_service_all_fact | d([])
+      + hostvars[task_host_item].sap_ha_pacemaker_cluster_instance_service_node_fact)
+      | unique
+      }}"
+  loop: "{{ ansible_play_hosts }}"
+  loop_control:
+    loop_var: task_host_item
+
+
 # BLOCK:
-# When the systemd based SAP startup framework is used, make sure that the
+# 1. When the systemd based SAP startup framework is used, make sure that the
 # instance services do not auto-start.
-- name: "SAP HA Pacemaker - Block to disable systemd auto-start of instances"
+# 2. Make sure that the SAP instance service units are registered and present on all hosts.
+- name: "SAP HA Pacemaker - Block to handle SAP service systemd configuration"
   when:
-    - sap_ha_pacemaker_cluster_instance_services_fact is defined
-    - sap_ha_pacemaker_cluster_instance_services_fact | length > 0
+    # At least one systemd service should be found per node, to consider the setup
+    # "systemd enabled" and proceed with the related configuration.
+    - sap_ha_pacemaker_cluster_instance_service_node_fact is defined
+    - sap_ha_pacemaker_cluster_instance_service_node_fact | length > 0
   block:
 
+    # After the installation, the systemd units are only configured on the node
+    # they were first installed on.
+    # The registration ensures that
+    # - systemd units for both instances are configured
+    # - the 'sapstartsrv' file contains both start commands
+    - name: "SAP HA Pacemaker - (systemd) Register ASCS/ERS instances on all nodes"
+      ansible.builtin.shell: |
+        export LD_LIBRARY_PATH=/usr/sap/hostctrl/exe:$LD_LIBRARY_PATH
+        /usr/sap/hostctrl/exe/sapstartsrv pf={{ __sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_start_profile_string }} -reg
+        /usr/sap/hostctrl/exe/sapstartsrv pf={{ __sap_ha_pacemaker_cluster_nwas_ers_sapinstance_start_profile_string }} -reg
+      register: __sap_ha_pacemaker_cluster_register_instance_reg
+      changed_when: true
+
     - name: "SAP HA Pacemaker - (systemd) Disable ASCS/ERS instance service"
       ansible.builtin.service:
         name: "{{ instance_srv_item }}"
         enabled: false
-      loop: "{{ sap_ha_pacemaker_cluster_instance_services_fact }}"
+      loop: "{{ sap_ha_pacemaker_cluster_instance_service_all_fact }}"
       loop_control:
         loop_var: instance_srv_item
 
@@ -88,7 +101,7 @@
         owner: root
         group: root
         mode: '0644'
-      loop: "{{ sap_ha_pacemaker_cluster_instance_services_fact }}"
+      loop: "{{ sap_ha_pacemaker_cluster_instance_service_all_fact }}"
       loop_control:
         loop_var: dropfile_item
 
@@ -101,12 +114,42 @@
         owner: root
         group: root
         mode: '0644'
-      loop: "{{ sap_ha_pacemaker_cluster_instance_services_fact }}"
+      loop: "{{ sap_ha_pacemaker_cluster_instance_service_all_fact }}"
       loop_control:
         loop_var: dropfile_item
 
 ### END of BLOCK for systemd setup.
 
+# Comment out lines in /usr/sap/sapservices, which
+# - contain the target instance profile names
+# - are not commented out yet
+- name: "SAP HA Pacemaker - Update /usr/sap/sapservices"
+  ansible.builtin.replace:
+    path: /usr/sap/sapservices
+    backup: true
+    regexp: '^(?!#)(.*{{ sapserv_item }}.*)$'
+    replace: '# \1'
+  loop:
+    - "{{ __sap_ha_pacemaker_cluster_nwas_ascs_sapinstance_instance_name }}"
+    - "{{ __sap_ha_pacemaker_cluster_nwas_ers_sapinstance_instance_name }}"
+  loop_control:
+    loop_var: sapserv_item
+  when:
+    - ansible_os_family == 'RedHat'
+
+# SAPStartSrv resource agent / Simple Mount
+- name: "SAP HA Pacemaker - Make sure SAPStartSrv systemd units are enabled"
+  ansible.builtin.service:
+    name: "{{ sapstartsrv_srv_item }}"
+    enabled: true
+  loop:
+    - sapping
+    - sappong
+  loop_control:
+    loop_var: sapstartsrv_srv_item
+  when:
+    - __sap_ha_pacemaker_cluster_nwas_cs_ers_simple_mount
+
 
 # Block for configuring the SAP HA Interface (sap_cluster_connector).
 #
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_java_scs_ers_post_install.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_java_scs_ers_post_install.yml
index ea36f162..8f04df3f 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_java_scs_ers_post_install.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_java_scs_ers_post_install.yml
@@ -26,21 +26,6 @@
   retries: 30
   delay: 10
 
-# Comment out lines in /usr/sap/sapservices, which
-# - contain the target instance profile names
-# - are not commented out yet
-- name: "SAP HA Pacemaker - Update /usr/sap/sapservices"
-  ansible.builtin.replace:
-    path: /usr/sap/sapservices
-    backup: true
-    regexp: '^([^#\n].+{{ sapserv_item }}.+)$'
-    replace: '# \1'
-  loop:
-    - "{{ __sap_ha_pacemaker_cluster_nwas_scs_sapinstance_instance_name }}"
-    - "{{ __sap_ha_pacemaker_cluster_nwas_ers_sapinstance_instance_name }}"
-  loop_control:
-    loop_var: sapserv_item
-
 - name: "SAP HA Pacemaker - (systemd) Check for SCS/ERS services"
   ansible.builtin.stat:
     path: "/etc/systemd/system/SAP{{ __sap_ha_pacemaker_cluster_nwas_sid }}_{{ systemd_item }}.service"
@@ -54,27 +39,55 @@
 
 - name: "SAP HA Pacemaker - (systemd) Save found SCS/ERS services"
   ansible.builtin.set_fact:
-    sap_ha_pacemaker_cluster_instance_services_fact: "{{
+    sap_ha_pacemaker_cluster_instance_service_node_fact: "{{
       __sap_ha_pacemaker_cluster_register_instance_service.results
       | selectattr('stat.exists')
       | map(attribute='stat.path')
       | regex_replace('/etc/systemd/system/', '')
       }}"
 
+- name: "SAP HA Pacemaker - (systemd) Combine instance services from all nodes"
+  ansible.builtin.set_fact:
+    sap_ha_pacemaker_cluster_instance_service_all_fact: "{{
+      (sap_ha_pacemaker_cluster_instance_service_all_fact | d([])
+      + hostvars[task_host_item].sap_ha_pacemaker_cluster_instance_service_node_fact)
+      | unique
+      }}"
+  loop: "{{ ansible_play_hosts }}"
+  loop_control:
+    loop_var: task_host_item
+
+
 # BLOCK:
-# When the systemd based SAP startup framework is used, make sure that the
+# 1. When the systemd based SAP startup framework is used, make sure that the
 # instance services do not auto-start.
-- name: "SAP HA Pacemaker - Block to disable systemd auto-start of instances"
+# 2. Make sure that the SAP instance service units are registered and present on all hosts.
+- name: "SAP HA Pacemaker - Block to handle SAP service systemd configuration"
   when:
-    - sap_ha_pacemaker_cluster_instance_services_fact is defined
-    - sap_ha_pacemaker_cluster_instance_services_fact | length > 0
+    # At least one systemd service should be found per node, to consider the setup
+    # "systemd enabled" and proceed with the related configuration.
+    - sap_ha_pacemaker_cluster_instance_service_node_fact is defined
+    - sap_ha_pacemaker_cluster_instance_service_node_fact | length > 0
   block:
 
+    # After the installation, the systemd units are only configured on the node
+    # they were first installed on.
+    # The registration ensures that
+    # - systemd units for both instances are configured
+    # - the 'sapstartsrv' file contains both start commands
+    - name: "SAP HA Pacemaker - (systemd) Register SCS/ERS instances on all nodes"
+      ansible.builtin.shell: |
+        export LD_LIBRARY_PATH=/usr/sap/hostctrl/exe:$LD_LIBRARY_PATH
+        /usr/sap/hostctrl/exe/sapstartsrv pf={{ __sap_ha_pacemaker_cluster_nwas_scs_sapinstance_start_profile_string }} -reg
+        /usr/sap/hostctrl/exe/sapstartsrv pf={{ __sap_ha_pacemaker_cluster_nwas_ers_sapinstance_start_profile_string }} -reg
+      register: __sap_ha_pacemaker_cluster_register_instance_reg
+      changed_when: true
+
     - name: "SAP HA Pacemaker - (systemd) Disable SCS/ERS instance service"
       ansible.builtin.service:
         name: "{{ instance_srv_item }}"
         enabled: false
-      loop: "{{ sap_ha_pacemaker_cluster_instance_services_fact }}"
+      loop: "{{ sap_ha_pacemaker_cluster_instance_service_all_fact }}"
       loop_control:
         loop_var: instance_srv_item
 
@@ -88,7 +101,7 @@
         owner: root
         group: root
         mode: '0644'
-      loop: "{{ sap_ha_pacemaker_cluster_instance_services_fact }}"
+      loop: "{{ sap_ha_pacemaker_cluster_instance_service_all_fact }}"
       loop_control:
         loop_var: dropfile_item
 
@@ -101,12 +114,42 @@
         owner: root
         group: root
         mode: '0644'
-      loop: "{{ sap_ha_pacemaker_cluster_instance_services_fact }}"
+      loop: "{{ sap_ha_pacemaker_cluster_instance_service_all_fact }}"
       loop_control:
         loop_var: dropfile_item
 
 ### END of BLOCK for systemd setup.
 
+# Comment out lines in /usr/sap/sapservices, which
+# - contain the target instance profile names
+# - are not commented out yet
+- name: "SAP HA Pacemaker - Update /usr/sap/sapservices"
+  ansible.builtin.replace:
+    path: /usr/sap/sapservices
+    backup: true
+    regexp: '^(?!#)(.*{{ sapserv_item }}.*)$'
+    replace: '# \1'
+  loop:
+    - "{{ __sap_ha_pacemaker_cluster_nwas_scs_sapinstance_instance_name }}"
+    - "{{ __sap_ha_pacemaker_cluster_nwas_ers_sapinstance_instance_name }}"
+  loop_control:
+    loop_var: sapserv_item
+  when:
+    - ansible_os_family == 'RedHat'
+
+# SAPStartSrv resource agent / Simple Mount
+- name: "SAP HA Pacemaker - Make sure SAPStartSrv systemd units are enabled"
+  ansible.builtin.service:
+    name: "{{ sapstartsrv_srv_item }}"
+    enabled: true
+  loop:
+    - sapping
+    - sappong
+  loop_control:
+    loop_var: sapstartsrv_srv_item
+  when:
+    - __sap_ha_pacemaker_cluster_nwas_cs_ers_simple_mount
+
 
 # Block for configuring the SAP HA Interface (sap_cluster_connector).
 #
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_webdisp_postinstallation.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_webdisp_postinstallation.yml
new file mode 100644
index 00000000..dbf3ce23
--- /dev/null
+++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_webdisp_postinstallation.yml
@@ -0,0 +1,242 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# After SAP Webdispatcher instance was configured in the cluster,
+# they must be disabled from automatically (re)starting outside of
+# cluster control.
+
+- name: "SAP HA Pacemaker - (WebDisp profile) Prevent automatic restart of the instance"
+  ansible.builtin.replace:
+    path: "{{ sap_ha_pacemaker_cluster_wdp_sapinstance_start_profile_string }}"
+    backup: true
+    regexp: 'Restart_Program_01'
+    replace: 'Start_Program_01'
+  # Throttle and retry loop was added to combat NFS write lockups on Azure NFS
+  throttle: 1
+  retries: 30
+  delay: 10
+
+# Comment out lines in /usr/sap/sapservices, which
+# - contain the target instance profile names
+# - are not commented out yet
+- name: "SAP HA Pacemaker - Update /usr/sap/sapservices"
+  ansible.builtin.replace:
+    path: /usr/sap/sapservices
+    backup: true
+    regexp: '^([^#\n].+{{ sap_ha_pacemaker_cluster_wdp_sapinstance_instance_name }}.+)$'
+    replace: '# \1'
+
+- name: "SAP HA Pacemaker - (systemd) Check for WebDisp services"
+  ansible.builtin.stat:
+    path: "/etc/systemd/system/SAP{{ sap_ha_pacemaker_cluster_wdp_sid }}_{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}.service"
+  register: __sap_ha_pacemaker_cluster_register_instance_service
+
+- name: "SAP HA Pacemaker - (systemd) Save found WebDisp services"
+  ansible.builtin.set_fact:
+    sap_ha_pacemaker_cluster_instance_services_fact: "{{ __sap_ha_pacemaker_cluster_register_instance_service.stat.path | regex_replace('/etc/systemd/system/', '') }}"
+  when: __sap_ha_pacemaker_cluster_register_instance_service.stat.exists
+
+
+# BLOCK:
+# When the systemd based SAP startup framework is used, make sure that the
+# instance services do not auto-start.
+- name: "SAP HA Pacemaker - Block to disable systemd auto-start of instances"
+  when:
+    - sap_ha_pacemaker_cluster_instance_services_fact is defined
+    - sap_ha_pacemaker_cluster_instance_services_fact | length > 0
+  block:
+
+    - name: "SAP HA Pacemaker - (systemd) Disable WebDisp instance service"
+      ansible.builtin.service:
+        name: "{{ sap_ha_pacemaker_cluster_instance_services_fact }}"
+        enabled: false
+
+    # Creates a config file for the services.
+    # Parent directories will be created when missing.
+    - name: "SAP HA Pacemaker - (systemd) Create WebDisp instance unit config file"
+      ansible.builtin.lineinfile:
+        create: true
+        path: "/etc/systemd/system/{{ sap_ha_pacemaker_cluster_instance_services_fact }}.d/HA.conf"
+        line: "[Service]"
+        owner: root
+        group: root
+        mode: '0644'
+
+    - name: "SAP HA Pacemaker - (systemd) Disable WebDisp instance unit auto-restart"
+      ansible.builtin.lineinfile:
+        path: "/etc/systemd/system/{{ sap_ha_pacemaker_cluster_instance_services_fact }}.d/HA.conf"
+        regex: '^Restart\s*=\s*no'
+        insertafter: '^[Service]$'
+        line: "Restart=no"
+        owner: root
+        group: root
+        mode: '0644'
+### END of BLOCK for systemd setup.
+
+
+# Block for configuring the SAP HA Interface (sap_cluster_connector).
+#
+# The 'sap-cluster-connector' package is already optionally added to
+# '__sap_ha_pacemaker_cluster_sap_extra_packages'.
+- name: "SAP HA Pacemaker - (SAP HA Interface) Configure SAP HA Interface"
+  when:
+    - sap_ha_pacemaker_cluster_enable_cluster_connector
+  block:
+
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Add {{ sap_ha_pacemaker_cluster_wdp_sid | lower }}adm
+       user to 'haclient' group"  # noqa name[template]
+      ansible.builtin.user:
+        name: "{{ sap_ha_pacemaker_cluster_wdp_sid | lower }}adm"
+        groups: haclient
+        append: true
+        state: present
+
+    # Using 'lineinfile' with a nested loop to avoid duplicate entries for existing configuration.
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Add connector to start profiles"
+      ansible.builtin.lineinfile:
+        backup: true
+        path: "{{ nwas_profile_item.0 }}"
+        line: "{{ nwas_profile_item.1 }}"
+      loop: "{{ __sap_ha_pacemaker_cluster_wdp_profile_paths
+              | product(__sap_ha_pacemaker_cluster_connector_config_lines)
+             }}"
+      loop_control:
+        loop_var: nwas_profile_item
+        label: "{{ nwas_profile_item.0 }} -> {{ nwas_profile_item.1 }}"
+    # Throttle and retry loop was added to combat NFS write lockups on Azure NFS
+      throttle: 1
+      retries: 30
+      delay: 10
+
+    # Sleep added to resolve issue with WaitforStarted finishing before resources are available.
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for WebDisp to be up and running"
+      become: true
+      become_user: "{{ sap_ha_pacemaker_cluster_wdp_sid | lower }}adm"
+      register: __sap_ha_pacemaker_cluster_register_where_wdp
+      ansible.builtin.shell: |
+        /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_wdp_instance_nr }} -function WaitforStarted 600 30
+      changed_when: false
+      failed_when: false
+
+    # NOTE: RestartService can cause fencing lockup and hang forever,
+    # it might be good to remove them in future and leave reload to "Webdisp restart" block.
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Restart the service"
+      when:
+        - __sap_ha_pacemaker_cluster_register_where_wdp.rc == 0
+      become: true
+      become_user: "{{ sap_ha_pacemaker_cluster_wdp_sid | lower }}adm"
+      register: __sap_ha_pacemaker_cluster_register_restart_ascs
+      ansible.builtin.shell: |
+        /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_wdp_instance_nr }} -function RestartService
+      changed_when: __sap_ha_pacemaker_cluster_register_restart_ascs.rc == 0
+
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Get HAGetFailoverConfig for WebDisp"
+      when:
+        - __sap_ha_pacemaker_cluster_register_where_wdp.rc == 0
+      become: true
+      become_user: "{{ sap_ha_pacemaker_cluster_wdp_sid | lower }}adm"
+      register: __sap_ha_pacemaker_cluster_register_wdp_ha_failover_config
+      ansible.builtin.shell: |
+        sleep 10
+        /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_wdp_instance_nr }} -function HAGetFailoverConfig
+      changed_when: false
+
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results"
+      when:
+        - __sap_ha_pacemaker_cluster_register_where_wdp.rc == 0
+        - __sap_ha_pacemaker_cluster_register_wdp_ha_failover_config.stdout_lines is defined
+      ansible.builtin.debug:
+        msg: |
+          {{ __sap_ha_pacemaker_cluster_register_wdp_ha_failover_config.stdout_lines }}
+
+
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Get HACheckConfig for WebDisp"
+      when:
+        - __sap_ha_pacemaker_cluster_register_where_wdp.rc == 0
+      become: true
+      become_user: "{{ sap_ha_pacemaker_cluster_wdp_sid | lower }}adm"
+      register: __sap_ha_pacemaker_cluster_register_wdp_ha_check_config
+      ansible.builtin.shell: |
+        /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_wdp_instance_nr }} -function HACheckConfig
+      changed_when: false
+      failed_when: false
+
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Display HACheckConfig results"
+      when:
+        - __sap_ha_pacemaker_cluster_register_where_wdp.rc == 0
+        - __sap_ha_pacemaker_cluster_register_wdp_ha_check_config.stdout_lines is defined
+      ansible.builtin.debug:
+        msg: |
+          {{ __sap_ha_pacemaker_cluster_register_wdp_ha_check_config.stdout_lines }}
+
+
+    # Block to restart cluster resources if RestartService is not enough.
+    # This is required for SUSE, where SAP needs full restart to load HAlib.
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Block for WebDisp restart"
+      when:
+        - "(__sap_ha_pacemaker_cluster_register_wdp_ha_failover_config.stdout is defined
+           and 'FALSE' in __sap_ha_pacemaker_cluster_register_wdp_ha_failover_config.stdout)"
+      block:
+        - name: "SAP HA Pacemaker - (SAP HA Interface) Restart WebDisp resources"
+          ansible.builtin.shell: |
+            {{ __sap_ha_pacemaker_cluster_command.resource_restart }} {{ sap_ha_pacemaker_cluster_wdp_sapinstance_resource_name }}
+          when:
+            - __sap_ha_pacemaker_cluster_register_where_wdp.rc == 0
+          changed_when: true
+
+        - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for WebDisp to be up and running"
+          become: true
+          become_user: "{{ sap_ha_pacemaker_cluster_wdp_sid | lower }}adm"
+          register: __sap_ha_pacemaker_cluster_register_where_wdp_restart
+          ansible.builtin.shell: |
+            /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_wdp_instance_nr }} -function WaitforStarted 600 30
+          changed_when: false
+          failed_when: false
+
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Get HACheckConfig for WebDisp"
+      when:
+        - __sap_ha_pacemaker_cluster_register_where_wdp.rc == 0
+      become: true
+      become_user: "{{ sap_ha_pacemaker_cluster_wdp_sid | lower }}adm"
+      register: __sap_ha_pacemaker_cluster_register_wdp_ha_check_config
+      ansible.builtin.shell: |
+        sleep 30
+        /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_wdp_instance_nr }} -function HACheckConfig
+      changed_when: false
+      failed_when:
+        - "'ERROR' in __sap_ha_pacemaker_cluster_register_wdp_ha_check_config.stdout"
+
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Get HAGetFailoverConfig for WebDisp"
+      when:
+        - __sap_ha_pacemaker_cluster_register_where_wdp.rc == 0
+      become: true
+      become_user: "{{ sap_ha_pacemaker_cluster_wdp_sid | lower }}adm"
+      register: __sap_ha_pacemaker_cluster_register_wdp_ha_failover_config
+      ansible.builtin.shell: |
+        /usr/sap/hostctrl/exe/sapcontrol -nr {{ sap_ha_pacemaker_cluster_wdp_instance_nr }} -function HAGetFailoverConfig
+      changed_when: false
+      # failed_when:
+      #   - __sap_ha_pacemaker_cluster_register_wdp_ha_failover_config.stdout is defined
+      #      and 'FALSE' in __sap_ha_pacemaker_cluster_register_wdp_ha_failover_config.stdout
+
+
+    # HAGetFailoverConfig is not consistent and it can show FALSE on one of nodes
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Display HAGetFailoverConfig results on WebDisp"
+      when:
+        - __sap_ha_pacemaker_cluster_register_where_wdp.rc == 0
+        - __sap_ha_pacemaker_cluster_register_wdp_ha_failover_config.stdout_lines is defined
+      ansible.builtin.debug:
+        msg: |
+          {{ __sap_ha_pacemaker_cluster_register_wdp_ha_failover_config.stdout_lines }}
+
+    # HACheckConfig shows same statues on both nodes, therefore only one is shown
+    - name: "SAP HA Pacemaker - (SAP HA Interface) Display HACheckConfig results"
+      when:
+        - __sap_ha_pacemaker_cluster_register_where_wdp.rc == 0
+        - __sap_ha_pacemaker_cluster_register_wdp_ha_check_config.stdout_lines is defined
+      ansible.builtin.debug:
+        msg: |
+          {{ __sap_ha_pacemaker_cluster_register_wdp_ha_check_config.stdout_lines }}
+
+    # TODO: verification checks that the instances are running and HA Interface is enabled
+
+### END of BLOCK for sap_cluster_connector.
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml
index 9c9af77f..db29119a 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml
@@ -1,134 +1,135 @@
-# SPDX-License-Identifier: Apache-2.0
----
-# After all of the previous construction flows, the final parameters must
-# be translated to 'ha_cluster' Linux System Role syntax.
-#
-# This way the include_role parameters are set as play vars and do not
-# require a static list of vars when the role is included.
-
-# List of parameters that are constructed by this role, but not all of them
-# are mandatory to be defined. For any undefined parameter the default of the
-# 'ha_cluster' role will apply, if the role has a default defined.
-#
-# Make sure to always define those parameters which have no 'ha_cluster' LSR default!
-#
-# SAP HA Pacemaker Cluster role                 -> 'ha_cluster' Linux System Role
-# ------------------------------------------------------------------------------
-# __sap_ha_pacemaker_cluster_ha_cluster             ha_cluster
-# __sap_ha_pacemaker_cluster_cluster_name           ha_cluster_cluster_name
-# __sap_ha_pacemaker_cluster_cluster_properties     ha_cluster_cluster_properties
-# __sap_ha_pacemaker_cluster_constraints_colocation ha_cluster_constraints_colocation
-# __sap_ha_pacemaker_cluster_constraints_location   ha_cluster_constraints_location
-# __sap_ha_pacemaker_cluster_constraints_order      ha_cluster_constraints_order
-# __sap_ha_pacemaker_cluster_extra_packages         ha_cluster_extra_packages
-# __sap_ha_pacemaker_cluster_fence_agent_packages   ha_cluster_fence_agent_packages
-# __sap_ha_pacemaker_cluster_hacluster_user_password     ha_cluster_hacluster_password
-# __sap_ha_pacemaker_cluster_repos                  __ha_cluster_repos
-# __sap_ha_pacemaker_cluster_resource_clones        ha_cluster_resource_clones
-# __sap_ha_pacemaker_cluster_resource_groups        ha_cluster_resource_groups
-# __sap_ha_pacemaker_cluster_resource_primitives    ha_cluster_resource_primitives
-# __sap_ha_pacemaker_cluster_corosync_totem                  ha_cluster_totem
-
-# Combines SBD stonith options with ha_cluster if it was not imported as extra var.
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Include SBD config into 'ha_cluster'"  # noqa jinja[spacing]
-  when:
-    - __sap_ha_pacemaker_cluster_ha_cluster_stonith is defined and __sap_ha_pacemaker_cluster_ha_cluster_stonith | length > 0
-  ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_ha_cluster: >-
-      {%- if __sap_ha_pacemaker_cluster_ha_cluster is defined and __sap_ha_pacemaker_cluster_ha_cluster | length > 0 -%}
-      {{ __sap_ha_pacemaker_cluster_ha_cluster | combine(__sap_ha_pacemaker_cluster_ha_cluster_stonith) }}
-      {%- else -%}
-      {{ __sap_ha_pacemaker_cluster_ha_cluster_stonith }}
-      {%- endif -%}
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster'"
-  when: __sap_ha_pacemaker_cluster_ha_cluster is defined
-  ansible.builtin.set_fact:
-    ha_cluster: "{{ __sap_ha_pacemaker_cluster_ha_cluster }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_cluster_name'"
-  when: __sap_ha_pacemaker_cluster_cluster_name is defined
-  ansible.builtin.set_fact:
-    ha_cluster_cluster_name: "{{ __sap_ha_pacemaker_cluster_cluster_name }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_cluster_properties'"
-  when: __sap_ha_pacemaker_cluster_cluster_properties is defined
-  ansible.builtin.set_fact:
-    ha_cluster_cluster_properties: "{{ __sap_ha_pacemaker_cluster_cluster_properties }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_defaults'"
-  when: __sap_ha_pacemaker_cluster_resource_defaults is defined
-  ansible.builtin.set_fact:
-    ha_cluster_resource_defaults: "{{ __sap_ha_pacemaker_cluster_resource_defaults }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_operation_defaults'"
-  when: __sap_ha_pacemaker_cluster_resource_operation_defaults is defined
-  ansible.builtin.set_fact:
-    ha_cluster_resource_operation_defaults: "{{ __sap_ha_pacemaker_cluster_resource_operation_defaults }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_constraints_colocation'"
-  when: __sap_ha_pacemaker_cluster_constraints_colocation is defined
-  ansible.builtin.set_fact:
-    ha_cluster_constraints_colocation: "{{ __sap_ha_pacemaker_cluster_constraints_colocation }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_constraints_location'"
-  when: __sap_ha_pacemaker_cluster_constraints_location is defined
-  ansible.builtin.set_fact:
-    ha_cluster_constraints_location: "{{ __sap_ha_pacemaker_cluster_constraints_location }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_constraints_order'"
-  when: __sap_ha_pacemaker_cluster_constraints_order is defined
-  ansible.builtin.set_fact:
-    ha_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_extra_packages'"
-  when: __sap_ha_pacemaker_cluster_extra_packages is defined
-  ansible.builtin.set_fact:
-    ha_cluster_extra_packages: "{{ __sap_ha_pacemaker_cluster_extra_packages }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_fence_agent_packages'"
-  when: __sap_ha_pacemaker_cluster_fence_agent_packages is defined
-  ansible.builtin.set_fact:
-    ha_cluster_fence_agent_packages: "{{ __sap_ha_pacemaker_cluster_fence_agent_packages }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_hacluster_password'"
-  when: __sap_ha_pacemaker_cluster_hacluster_user_password is defined
-  ansible.builtin.set_fact:
-    ha_cluster_hacluster_password: "{{ __sap_ha_pacemaker_cluster_hacluster_user_password }}"
-  no_log: true  # secure the credential
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_repos'"
-  when: __sap_ha_pacemaker_cluster_repos is defined
-  ansible.builtin.set_fact:
-    __ha_cluster_repos: "{{ __sap_ha_pacemaker_cluster_repos }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_clones'"
-  when: __sap_ha_pacemaker_cluster_resource_clones is defined
-  ansible.builtin.set_fact:
-    ha_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_groups'"
-  when: __sap_ha_pacemaker_cluster_resource_groups is defined
-  ansible.builtin.set_fact:
-    ha_cluster_resource_groups: "{{ __sap_ha_pacemaker_cluster_resource_groups }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_primitives'"
-  when: __sap_ha_pacemaker_cluster_resource_primitives is defined
-  ansible.builtin.set_fact:
-    ha_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives }}"
-  no_log: true  # be paranoid, there could be credentials in it
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_totem'"
-  when: __sap_ha_pacemaker_cluster_corosync_totem is defined
-  ansible.builtin.set_fact:
-    ha_cluster_totem: "{{ __sap_ha_pacemaker_cluster_corosync_totem }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_sbd_options'"
-  when: __sap_ha_pacemaker_cluster_sbd_options is defined
-  ansible.builtin.set_fact:
-    ha_cluster_sbd_options: "{{ __sap_ha_pacemaker_cluster_sbd_options }}"
-
-- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_sbd_enabled'"
-  when: __sap_ha_pacemaker_cluster_sbd_enabled is defined
-  ansible.builtin.set_fact:
-    ha_cluster_sbd_enabled: "{{ __sap_ha_pacemaker_cluster_sbd_enabled }}"
+# SPDX-License-Identifier: Apache-2.0
+---
+# TEMP to fix CFLF
+# After all of the previous construction flows, the final parameters must
+# be translated to 'ha_cluster' Linux System Role syntax.
+#
+# This way the include_role parameters are set as play vars and do not
+# require a static list of vars when the role is included.
+
+# List of parameters that are constructed by this role, but not all of them
+# are mandatory to be defined. For any undefined parameter the default of the
+# 'ha_cluster' role will apply, if the role has a default defined.
+#
+# Make sure to always define those parameters which have no 'ha_cluster' LSR default!
+#
+# SAP HA Pacemaker Cluster role                 -> 'ha_cluster' Linux System Role
+# ------------------------------------------------------------------------------
+# __sap_ha_pacemaker_cluster_ha_cluster             ha_cluster
+# __sap_ha_pacemaker_cluster_cluster_name           ha_cluster_cluster_name
+# __sap_ha_pacemaker_cluster_cluster_properties     ha_cluster_cluster_properties
+# __sap_ha_pacemaker_cluster_constraints_colocation ha_cluster_constraints_colocation
+# __sap_ha_pacemaker_cluster_constraints_location   ha_cluster_constraints_location
+# __sap_ha_pacemaker_cluster_constraints_order      ha_cluster_constraints_order
+# __sap_ha_pacemaker_cluster_extra_packages         ha_cluster_extra_packages
+# __sap_ha_pacemaker_cluster_fence_agent_packages   ha_cluster_fence_agent_packages
+# __sap_ha_pacemaker_cluster_hacluster_user_password     ha_cluster_hacluster_password
+# __sap_ha_pacemaker_cluster_repos                  __ha_cluster_repos
+# __sap_ha_pacemaker_cluster_resource_clones        ha_cluster_resource_clones
+# __sap_ha_pacemaker_cluster_resource_groups        ha_cluster_resource_groups
+# __sap_ha_pacemaker_cluster_resource_primitives    ha_cluster_resource_primitives
+# __sap_ha_pacemaker_cluster_corosync_totem                  ha_cluster_totem
+
+# Combines SBD stonith options with ha_cluster if it was not imported as extra var.
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Include SBD config into 'ha_cluster'"  # noqa jinja[spacing]
+  when:
+    - __sap_ha_pacemaker_cluster_ha_cluster_stonith is defined and __sap_ha_pacemaker_cluster_ha_cluster_stonith | length > 0
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_ha_cluster: >-
+      {%- if __sap_ha_pacemaker_cluster_ha_cluster is defined and __sap_ha_pacemaker_cluster_ha_cluster | length > 0 -%}
+      {{ __sap_ha_pacemaker_cluster_ha_cluster | combine(__sap_ha_pacemaker_cluster_ha_cluster_stonith) }}
+      {%- else -%}
+      {{ __sap_ha_pacemaker_cluster_ha_cluster_stonith }}
+      {%- endif -%}
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster'"
+  when: __sap_ha_pacemaker_cluster_ha_cluster is defined
+  ansible.builtin.set_fact:
+    ha_cluster: "{{ __sap_ha_pacemaker_cluster_ha_cluster }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_cluster_name'"
+  when: __sap_ha_pacemaker_cluster_cluster_name is defined
+  ansible.builtin.set_fact:
+    ha_cluster_cluster_name: "{{ __sap_ha_pacemaker_cluster_cluster_name }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_cluster_properties'"
+  when: __sap_ha_pacemaker_cluster_cluster_properties is defined
+  ansible.builtin.set_fact:
+    ha_cluster_cluster_properties: "{{ __sap_ha_pacemaker_cluster_cluster_properties }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_defaults'"
+  when: __sap_ha_pacemaker_cluster_resource_defaults is defined
+  ansible.builtin.set_fact:
+    ha_cluster_resource_defaults: "{{ __sap_ha_pacemaker_cluster_resource_defaults }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_operation_defaults'"
+  when: __sap_ha_pacemaker_cluster_resource_operation_defaults is defined
+  ansible.builtin.set_fact:
+    ha_cluster_resource_operation_defaults: "{{ __sap_ha_pacemaker_cluster_resource_operation_defaults }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_constraints_colocation'"
+  when: __sap_ha_pacemaker_cluster_constraints_colocation is defined
+  ansible.builtin.set_fact:
+    ha_cluster_constraints_colocation: "{{ __sap_ha_pacemaker_cluster_constraints_colocation  + sap_ha_pacemaker_cluster_constraints_colocation_append | d([]) }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_constraints_location'"
+  when: __sap_ha_pacemaker_cluster_constraints_location is defined
+  ansible.builtin.set_fact:
+    ha_cluster_constraints_location: "{{ __sap_ha_pacemaker_cluster_constraints_location + sap_ha_cluster_constraints_location_append | d([]) }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_constraints_order'"
+  when: __sap_ha_pacemaker_cluster_constraints_order is defined
+  ansible.builtin.set_fact:
+    ha_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + sap_ha_pacemaker_cluster_constraints_order_append | d([]) }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_extra_packages'"
+  when: __sap_ha_pacemaker_cluster_extra_packages is defined
+  ansible.builtin.set_fact:
+    ha_cluster_extra_packages: "{{ __sap_ha_pacemaker_cluster_extra_packages }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_fence_agent_packages'"
+  when: __sap_ha_pacemaker_cluster_fence_agent_packages is defined
+  ansible.builtin.set_fact:
+    ha_cluster_fence_agent_packages: "{{ __sap_ha_pacemaker_cluster_fence_agent_packages }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_hacluster_password'"
+  when: __sap_ha_pacemaker_cluster_hacluster_user_password is defined
+  ansible.builtin.set_fact:
+    ha_cluster_hacluster_password: "{{ __sap_ha_pacemaker_cluster_hacluster_user_password }}"
+  no_log: true  # secure the credential
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_repos'"
+  when: __sap_ha_pacemaker_cluster_repos is defined
+  ansible.builtin.set_fact:
+    __ha_cluster_repos: "{{ __sap_ha_pacemaker_cluster_repos }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_clones'"
+  when: __sap_ha_pacemaker_cluster_resource_clones is defined
+  ansible.builtin.set_fact:
+    ha_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones + sap_ha_pacemaker_cluster_resource_clones_append | d([]) }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_groups'"
+  when: __sap_ha_pacemaker_cluster_resource_groups is defined
+  ansible.builtin.set_fact:
+    ha_cluster_resource_groups: "{{ __sap_ha_pacemaker_cluster_resource_groups }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_primitives'"
+  when: __sap_ha_pacemaker_cluster_resource_primitives is defined
+  ansible.builtin.set_fact:
+    ha_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + sap_ha_pacemaker_cluster_resource_primitives_append | d([]) }}"
+  no_log: true  # be paranoid, there could be credentials in it
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_totem'"
+  when: __sap_ha_pacemaker_cluster_corosync_totem is defined
+  ansible.builtin.set_fact:
+    ha_cluster_totem: "{{ __sap_ha_pacemaker_cluster_corosync_totem }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_sbd_options'"
+  when: __sap_ha_pacemaker_cluster_sbd_options is defined
+  ansible.builtin.set_fact:
+    ha_cluster_sbd_options: "{{ __sap_ha_pacemaker_cluster_sbd_options }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_sbd_enabled'"
+  when: __sap_ha_pacemaker_cluster_sbd_enabled is defined
+  ansible.builtin.set_fact:
+    ha_cluster_sbd_enabled: "{{ __sap_ha_pacemaker_cluster_sbd_enabled }}"
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml
index 33dbe95d..9edf3f7b 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml
@@ -1,124 +1,125 @@
-# SPDX-License-Identifier: Apache-2.0
----
-# Combine input parameters with inherited vars from the 'ha_cluster' role.
-# The inherited values take precedence. Some parameters are not required to be set.
-# The 'ha_cluster' LSR will apply its role defaults.
-# For mandatory parameters, sanity checks will be done separately.
-
-# sap_ha_pacemaker_cluster_cluster_name   -> user-defined or default inherited from {{ ha_cluster_cluster_name }}
-- name: "SAP HA Prepare Pacemaker - Set cluster name"
-  when:
-    - __sap_ha_pacemaker_cluster_cluster_name is not defined
-    - sap_ha_pacemaker_cluster_cluster_name is defined
-  ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_cluster_name: "{{ sap_ha_pacemaker_cluster_cluster_name }}"
-
-# sap_ha_pacemaker_cluster_hacluster_user_password -> user-defined or default inherited from {{ ha_cluster_hacluster_password }}
-- name: "SAP HA Prepare Pacemaker - Register the 'hacluster' user password"
-  when:
-    - __sap_ha_pacemaker_cluster_hacluster_user_password is not defined
-    - sap_ha_pacemaker_cluster_hacluster_user_password
-  ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_hacluster_user_password: "{{ sap_ha_pacemaker_cluster_hacluster_user_password }}"
-  no_log: true  # secure the credential
-
-# sap_ha_pacemaker_cluster_ha_cluster   -> user-defined or default inherited from {{ ha_cluster }}
-- name: "SAP HA Prepare Pacemaker - Register sap_ha_pacemaker_cluster_ha_cluster"
-  when:
-    - __sap_ha_pacemaker_cluster_ha_cluster is not defined
-    - sap_ha_pacemaker_cluster_ha_cluster is defined
-  ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_ha_cluster: "{{ sap_ha_pacemaker_cluster_ha_cluster }}"
-
-- name: "SAP HA Prepare Pacemaker - Generate default sap_ha_pacemaker_cluster_ha_cluster"
-  when:
-    - not __sap_ha_pacemaker_cluster_ha_cluster is defined
-    - not sap_ha_pacemaker_cluster_ha_cluster is defined
-  ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_ha_cluster:
-      node_name: "{{ ansible_hostname }}"
-      pcs_address: "{{ ansible_default_ipv4.address }}"
-
-
-# Combine following extra packages together:
-# sap_ha_pacemaker_cluster_extra_packages             -> user-defined, empty by global default
-# __sap_ha_pacemaker_cluster_sap_extra_packages       -> included from vars/*
-# __sap_ha_pacemaker_cluster_platform_extra_packages  -> included from vars/platform*
-
-- name: "SAP HA Prepare Pacemaker - Combine extra packages lists"
-  ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_extra_packages: "{{
-      (sap_ha_pacemaker_cluster_extra_packages
-      + __sap_ha_pacemaker_cluster_sap_extra_packages
-      + __sap_ha_pacemaker_cluster_platform_extra_packages)
-      | unique | select() }}"
-  # remove duplicates and empty elements
-
-
-# Combine following fence packages together:
-# __sap_ha_pacemaker_cluster_fence_agent_packages_minimal -> os default
-# __sap_ha_pacemaker_cluster_fence_agent_packages_platform -> platform defaults from dict
-# sap_ha_pacemaker_cluster_fence_agent_packages         -> user input or default []
-
-# __sap_ha_pacemaker_cluster_fence_agent_packages loaded from ha_cluster is not included,
-# because it would still not be used due to precedence.
-# TODO: Remove Tech debt conditionals in future for deprecated var 'sap_ha_pacemaker_cluster_fence_agent_minimal_packages'
-- name: "SAP HA Prepare Pacemaker - Combine fence agent packages lists"
-  ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_fence_agent_packages: "{{
-      (__sap_ha_pacemaker_cluster_fence_agent_packages_minimal_combined
-      + __sap_ha_pacemaker_cluster_fence_agent_packages_platform
-      + sap_ha_pacemaker_cluster_fence_agent_packages)
-      | unique }}"
-  vars:
-    # Tech debt for sap_ha_pacemaker_cluster_fence_agent_minimal_packages
-    __sap_ha_pacemaker_cluster_fence_agent_packages_minimal_combined:
-      "{{ __sap_ha_pacemaker_cluster_fence_agent_packages_minimal
-       + sap_ha_pacemaker_cluster_fence_agent_minimal_packages
-        if (sap_ha_pacemaker_cluster_fence_agent_minimal_packages is defined
-          and sap_ha_pacemaker_cluster_fence_agent_minimal_packages | length > 0
-          and sap_ha_pacemaker_cluster_fence_agent_minimal_packages is iterable)
-        else __sap_ha_pacemaker_cluster_fence_agent_packages_minimal }}"
-
-
-# Prepare corosync totem variable with either:
-# - User provided sap_ha_pacemaker_cluster_corosync_totem if present
-# - Combine corosync totem from OS variables and Platform variables if present
-# - Use default corosync totem from OS variables if Platform variable is not present
-- name: "SAP HA Prepare Pacemaker - Prepare corosync totem settings"
-  ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_corosync_totem:
-      options: "{{ __sap_ha_pacemaker_cluster_corosync_totem.options | d([]) + __totem_settings }}"
-  vars:
-    # Identify if provided sap_ha_pacemaker_cluster_corosync_totem is defined
-    __user_totem_is_present:
-      "{{ true if (sap_ha_pacemaker_cluster_corosync_totem is defined
-        and sap_ha_pacemaker_cluster_corosync_totem.options is defined
-        and sap_ha_pacemaker_cluster_corosync_totem | length > 0) else false }}"
-
-    # Identify if __sap_ha_pacemaker_cluster_corosync_totem_platform is defined
-    __platform_totem_is_present:
-      "{{ true if (__sap_ha_pacemaker_cluster_corosync_totem_platform is defined
-        and __sap_ha_pacemaker_cluster_corosync_totem_platform.options is defined
-        and __sap_ha_pacemaker_cluster_corosync_totem_platform | length > 0) else false }}"
-
-    __totem_settings: |-
-      {% if __user_totem_is_present %}
-      {% set corosync_totem = sap_ha_pacemaker_cluster_corosync_totem %}
-      {% elif __platform_totem_is_present %}
-      {% set corosync_totem = __sap_ha_pacemaker_cluster_corosync_totem_default
-       | combine(__sap_ha_pacemaker_cluster_corosync_totem_platform, recursive=True) %}
-      {% else %}
-      {% set corosync_totem = __sap_ha_pacemaker_cluster_corosync_totem_default %}
-      {% endif %}
-      {% set new_opts = [] %}
-      {% for option in corosync_totem.options | dict2items -%}
-        {%- set add_opts = new_opts.extend([
-          {
-            'name': option.key,
-            'value': option.value
-          }]) -%}
-      {%- endfor %}
-      {{ new_opts }}
-
-# TODO: Add support for ha_cluster_quorum
+# SPDX-License-Identifier: Apache-2.0
+---
+# TEMP to fix CFLF
+# Combine input parameters with inherited vars from the 'ha_cluster' role.
+# The inherited values take precedence. Some parameters are not required to be set.
+# The 'ha_cluster' LSR will apply its role defaults.
+# For mandatory parameters, sanity checks will be done separately.
+
+# sap_ha_pacemaker_cluster_cluster_name   -> user-defined or default inherited from {{ ha_cluster_cluster_name }}
+- name: "SAP HA Prepare Pacemaker - Set cluster name"
+  when:
+    - __sap_ha_pacemaker_cluster_cluster_name is not defined
+    - sap_ha_pacemaker_cluster_cluster_name is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_cluster_name: "{{ sap_ha_pacemaker_cluster_cluster_name }}"
+
+# sap_ha_pacemaker_cluster_hacluster_user_password -> user-defined or default inherited from {{ ha_cluster_hacluster_password }}
+- name: "SAP HA Prepare Pacemaker - Register the 'hacluster' user password"
+  when:
+    - __sap_ha_pacemaker_cluster_hacluster_user_password is not defined
+    - sap_ha_pacemaker_cluster_hacluster_user_password
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_hacluster_user_password: "{{ sap_ha_pacemaker_cluster_hacluster_user_password }}"
+  no_log: true  # secure the credential
+
+# sap_ha_pacemaker_cluster_ha_cluster   -> user-defined or default inherited from {{ ha_cluster }}
+- name: "SAP HA Prepare Pacemaker - Register sap_ha_pacemaker_cluster_ha_cluster"
+  when:
+    - __sap_ha_pacemaker_cluster_ha_cluster is not defined
+    - sap_ha_pacemaker_cluster_ha_cluster is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_ha_cluster: "{{ sap_ha_pacemaker_cluster_ha_cluster }}"
+
+- name: "SAP HA Prepare Pacemaker - Generate default sap_ha_pacemaker_cluster_ha_cluster"
+  when:
+    - not __sap_ha_pacemaker_cluster_ha_cluster is defined
+    - not sap_ha_pacemaker_cluster_ha_cluster is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_ha_cluster:
+      node_name: "{{ ansible_hostname }}"
+      pcs_address: "{{ ansible_default_ipv4.address }}"
+
+
+# Combine following extra packages together:
+# sap_ha_pacemaker_cluster_extra_packages             -> user-defined, empty by global default
+# __sap_ha_pacemaker_cluster_sap_extra_packages       -> included from vars/*
+# __sap_ha_pacemaker_cluster_platform_extra_packages  -> included from vars/platform*
+
+- name: "SAP HA Prepare Pacemaker - Combine extra packages lists"
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_extra_packages: "{{
+      (sap_ha_pacemaker_cluster_extra_packages
+      + __sap_ha_pacemaker_cluster_sap_extra_packages
+      + __sap_ha_pacemaker_cluster_platform_extra_packages)
+      | unique | select() }}"
+  # remove duplicates and empty elements
+
+
+# Combine following fence packages together:
+# __sap_ha_pacemaker_cluster_fence_agent_packages_minimal -> os default
+# __sap_ha_pacemaker_cluster_fence_agent_packages_platform -> platform defaults from dict
+# sap_ha_pacemaker_cluster_fence_agent_packages         -> user input or default []
+
+# __sap_ha_pacemaker_cluster_fence_agent_packages loaded from ha_cluster is not included,
+# because it would still not be used due to precedence.
+# TODO: Remove Tech debt conditionals in future for deprecated var 'sap_ha_pacemaker_cluster_fence_agent_minimal_packages'
+- name: "SAP HA Prepare Pacemaker - Combine fence agent packages lists"
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_fence_agent_packages: "{{
+      (__sap_ha_pacemaker_cluster_fence_agent_packages_minimal_combined
+      + __sap_ha_pacemaker_cluster_fence_agent_packages_platform
+      + sap_ha_pacemaker_cluster_fence_agent_packages)
+      | unique }}"
+  vars:
+    # Tech debt for sap_ha_pacemaker_cluster_fence_agent_minimal_packages
+    __sap_ha_pacemaker_cluster_fence_agent_packages_minimal_combined:
+      "{{ __sap_ha_pacemaker_cluster_fence_agent_packages_minimal
+       + sap_ha_pacemaker_cluster_fence_agent_minimal_packages
+        if (sap_ha_pacemaker_cluster_fence_agent_minimal_packages is defined
+          and sap_ha_pacemaker_cluster_fence_agent_minimal_packages | length > 0
+          and sap_ha_pacemaker_cluster_fence_agent_minimal_packages is iterable)
+        else __sap_ha_pacemaker_cluster_fence_agent_packages_minimal }}"
+
+
+# Prepare corosync totem variable with either:
+# - User provided sap_ha_pacemaker_cluster_corosync_totem if present
+# - Combine corosync totem from OS variables and Platform variables if present
+# - Use default corosync totem from OS variables if Platform variable is not present
+- name: "SAP HA Prepare Pacemaker - Prepare corosync totem settings"
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_corosync_totem:
+      options: "{{ __sap_ha_pacemaker_cluster_corosync_totem.options | d([]) + __totem_settings }}"
+  vars:
+    # Identify if provided sap_ha_pacemaker_cluster_corosync_totem is defined
+    __user_totem_is_present:
+      "{{ true if (sap_ha_pacemaker_cluster_corosync_totem is defined
+        and sap_ha_pacemaker_cluster_corosync_totem.options is defined
+        and sap_ha_pacemaker_cluster_corosync_totem | length > 0) else false }}"
+
+    # Identify if __sap_ha_pacemaker_cluster_corosync_totem_platform is defined
+    __platform_totem_is_present:
+      "{{ true if (__sap_ha_pacemaker_cluster_corosync_totem_platform is defined
+        and __sap_ha_pacemaker_cluster_corosync_totem_platform.options is defined
+        and __sap_ha_pacemaker_cluster_corosync_totem_platform | length > 0) else false }}"
+
+    __totem_settings: |-
+      {% if __user_totem_is_present %}
+      {% set corosync_totem = sap_ha_pacemaker_cluster_corosync_totem %}
+      {% elif __platform_totem_is_present %}
+      {% set corosync_totem = __sap_ha_pacemaker_cluster_corosync_totem_default
+       | combine(__sap_ha_pacemaker_cluster_corosync_totem_platform, recursive=True) %}
+      {% else %}
+      {% set corosync_totem = __sap_ha_pacemaker_cluster_corosync_totem_default %}
+      {% endif %}
+      {% set new_opts = [] %}
+      {% for option in corosync_totem.options | dict2items -%}
+        {%- set add_opts = new_opts.extend([
+          {
+            'name': option.key,
+            'value': option.value
+          }]) -%}
+      {%- endfor %}
+      {{ new_opts }}
+
+# TODO: Add support for ha_cluster_quorum
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml
index 8a77aa38..aa5d135e 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers.yml
@@ -304,8 +304,10 @@
   when:
     - __constraint_colo_ers.resource_follower not in (__sap_ha_pacemaker_cluster_constraints_colocation | map(attribute='resource_follower'))
 
-# Optional: ASCS should be started before ERS
-- name: "SAP HA Prepare Pacemaker - Add order constraint: first start ASCS group, then ERS group"
+# Order: ERS should be stopped after ASCS started.
+# After a failover, ASCS must start and read replication data from ERS, before ERS should be stopped
+# to fail over to the other node following the colocation constraint.
+- name: "SAP HA Prepare Pacemaker - Add order constraint: first start ASCS group, then stop ERS group"
   ansible.builtin.set_fact:
     __sap_ha_pacemaker_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_ascs_ers] }}"
   vars:
@@ -313,16 +315,15 @@
       id: "{{ __sap_ha_pacemaker_cluster_nwas_order_ascs_first_name }}"
       resource_first:
         id: "{{ __sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_group_name }}"
-        role: started
+        action: start
       resource_then:
         id: "{{ __sap_ha_pacemaker_cluster_vip_nwas_ers_resource_group_name }}"
+        action: stop
       options:
         - name: symmetrical
           value: "false"
         - name: kind
           value: Optional
-#  when:
-#    - __constraint_order_ascs_ers.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then'))
 
 # ENSA1 only: location rule for ASCS to follow ERS
 - name: "SAP HA Prepare Pacemaker - Add location constraint: ASCS follows ERS in ENSA1 setup"
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers_simple_mount.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers_simple_mount.yml
index 22b0878e..37ac30ff 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers_simple_mount.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_nwas_abap_ascs_ers_simple_mount.yml
@@ -189,8 +189,10 @@
   when:
     - __constraint_colo_ers.resource_follower not in (__sap_ha_pacemaker_cluster_constraints_colocation | map(attribute='resource_follower'))
 
-# Optional: ASCS should be started before ERS
-- name: "SAP HA Prepare Pacemaker - Add order constraint: first start ASCS group, then ERS group"
+# Order: ERS should be stopped after ASCS started.
+# After a failover, ASCS must start and read replication data from ERS, before ERS should be stopped
+# to fail over to the other node following the colocation constraint.
+- name: "SAP HA Prepare Pacemaker - Add order constraint: first start ASCS group, then stop ERS group"
   ansible.builtin.set_fact:
     __sap_ha_pacemaker_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order + [__constraint_order_ascs_ers] }}"
   vars:
@@ -198,13 +200,12 @@
       id: "{{ __sap_ha_pacemaker_cluster_nwas_order_ascs_first_name }}"
       resource_first:
         id: "{{ __sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_group_name }}"
-        role: started
+        action: start
       resource_then:
         id: "{{ __sap_ha_pacemaker_cluster_vip_nwas_ers_resource_group_name }}"
+        action: stop
       options:
         - name: symmetrical
           value: "false"
         - name: kind
           value: Optional
-  when:
-    - __constraint_order_ascs_ers.resource_then not in (__sap_ha_pacemaker_cluster_constraints_order | map(attribute='resource_then'))
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml
index ba47aae0..fae1d4ce 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml
@@ -92,22 +92,55 @@
 # Prepare default stonith method based on __sap_ha_pacemaker_cluster_stonith_default loaded
 # from platform __sap_ha_pacemaker_cluster_stonith_default_dict dictionary.
 
-- name: "SAP HA Prepare Pacemaker - (STONITH) Assemble the resource definition from platform default"
+- name: "SAP HA Prepare Pacemaker - (STONITH) Default configuration"
   when:
     - __sap_ha_pacemaker_cluster_stonith_default is defined
     - __sap_ha_pacemaker_cluster_stonith_default | length > 0
     - sap_ha_pacemaker_cluster_stonith_custom is not defined
       or sap_ha_pacemaker_cluster_stonith_custom | length == 0
-    - (hostvars[stonith_host_item].__sap_ha_pacemaker_cluster_stonith_default).id
-     not in (__sap_ha_pacemaker_cluster_stonith_resource | d([])| map(attribute='id'))
-  ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_stonith_resource:
-      "{{ __sap_ha_pacemaker_cluster_stonith_resource | d([])
-       + [hostvars[stonith_host_item].__sap_ha_pacemaker_cluster_stonith_default] }}"
-  loop: "{{ ansible_play_hosts_all }}"
-  loop_control:
-    loop_var: stonith_host_item
-    label: "{{ stonith_host_item }}"
+  block:
+
+    - name: "SAP HA Prepare Pacemaker - (STONITH) Assemble the resource definition from platform default"
+      ansible.builtin.set_fact:
+        __sap_ha_pacemaker_cluster_stonith_resource:
+          "{{ __sap_ha_pacemaker_cluster_stonith_resource | d([])
+          + [hostvars[stonith_host_item].__sap_ha_pacemaker_cluster_stonith_default] }}"
+      loop: "{{ ansible_play_hosts_all }}"
+      loop_control:
+        loop_var: stonith_host_item
+        label: "{{ stonith_host_item }}"
+      when:
+        - (hostvars[stonith_host_item].__sap_ha_pacemaker_cluster_stonith_default).id
+          not in (__sap_ha_pacemaker_cluster_stonith_resource | d([])| map(attribute='id'))
+
+    # The location constraints are needed, when the fence resource is configured
+    # per host and must not run on the host it targets.
+    - name: "SAP HA Prepare Pacemaker - (STONITH) Add location constraints"
+      ansible.builtin.set_fact:
+        __sap_ha_pacemaker_cluster_constraints_location: "{{ __sap_ha_pacemaker_cluster_constraints_location + [__constraint_location_stonith] }}"
+      vars:
+        # get host name from port definition
+        __port_name: "{{ (stonith_item.instance_attrs[0].attrs | selectattr('name', 'equalto', 'port'))[0].value }}"
+        __constraint_location_stonith:
+          resource:
+            id: "{{ stonith_item.id }}"
+          node: "{{ __port_name }}"
+          options:
+            - name: score
+              value: "-INFINITY"
+      loop: "{{ __sap_ha_pacemaker_cluster_stonith_resource }}"
+      loop_control:
+        loop_var: stonith_item
+        label: "{{ stonith_item.id }}"
+      when:
+        # Only apply when a port attribute is defined and contains a name of ansible play hosts.
+        # This is true e.g. for fence_gce.
+        - __port_name is defined
+        - __port_name | length > 0
+        - __port_name in ansible_play_hosts_all
+
+### End of default stonith configuration block
+
 
 # Requirements to run SBD block:
 # sap_ha_pacemaker_cluster_sbd_enabled is true
@@ -203,6 +236,8 @@
       ansible.builtin.set_fact:
         __sap_ha_pacemaker_cluster_sbd_enabled: true
 
+### End of SBD configuration block.
+
 
 # sap_ha_pacemaker_cluster_stonith_custom input was redesigned to use ha_cluster structure.
 # Following task will remain until next release to ensure compatibility with previous structure.
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml
index a7fabc31..1220d750 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_constraints_hana.yml
@@ -128,17 +128,17 @@
       {%- endif -%}
 
     ## When in a group, increase the default base score by adding 1000 per resource in the group.
-    __colo_score: >-
+    __colo_score: |-
+      {% set score = namespace(value=sap_ha_pacemaker_cluster_constraint_colo_base_score) %}
       {% if __sap_ha_pacemaker_cluster_resource_groups | length > 0 -%}
         {% for group in __sap_ha_pacemaker_cluster_resource_groups -%}
           {% if group.id == (sap_ha_pacemaker_cluster_vip_group_prefix
             + __sap_ha_pacemaker_cluster_vip_hana_primary_resource_name) -%}
-            {{ (group.resource_ids | length * 1000) + sap_ha_pacemaker_cluster_constraint_colo_base_score }}
+            {% set score.value = (group.resource_ids | length * 1000) + sap_ha_pacemaker_cluster_constraint_colo_base_score %}
           {%- endif %}
         {%- endfor %}
-      {%- else -%}
-        {{ sap_ha_pacemaker_cluster_constraint_colo_base_score }}
       {%- endif %}
+      {{ score.value }}
 
   when:
     - __constraint_colo_vip.resource_follower not in (__sap_ha_pacemaker_cluster_constraints_colocation | map(attribute='resource_follower'))
@@ -188,17 +188,17 @@
       {%- endif -%}
 
     ## When in a group, increase the default base score by adding 1000 per resource in the group.
-    __colo_score: >-
+    __colo_score: |-
+      {% set score = namespace(value=sap_ha_pacemaker_cluster_constraint_colo_base_score) %}
       {% if __sap_ha_pacemaker_cluster_resource_groups | length > 0 -%}
         {% for group in __sap_ha_pacemaker_cluster_resource_groups -%}
           {% if group.id == (sap_ha_pacemaker_cluster_vip_group_prefix
             + __sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name) -%}
-            {{ (group.resource_ids | length * 1000) + sap_ha_pacemaker_cluster_constraint_colo_base_score }}
+            {% set score.value = (group.resource_ids | length * 1000) + sap_ha_pacemaker_cluster_constraint_colo_base_score %}
           {%- endif %}
         {%- endfor %}
-      {%- else -%}
-        {{ sap_ha_pacemaker_cluster_constraint_colo_base_score }}
       {%- endif %}
+      {{ score.value }}
 
   when:
     - __constraint_colo_vip.resource_follower not in (__sap_ha_pacemaker_cluster_constraints_colocation | map(attribute='resource_follower'))
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_webdisp.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_webdisp.yml
new file mode 100644
index 00000000..f35a73f5
--- /dev/null
+++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_webdisp.yml
@@ -0,0 +1,135 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# Variables containing variables must be constructed with values
+# to be fed into the included ha_cluster role
+
+# - put here all scale-up and scale-out common resources
+# - certain differences like ra agent names are provided through
+#   type specific variables
+
+# TODO: add conditionals to verify that the same resource agent is not already
+#       defined in user input variables. Conflicting user input should take precedence.
+
+
+- name: "SAP HA Prepare Pacemaker - Add resource: Filesystem /usr/sap/<<SID>>/W<<Instance_WDP>>"
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_filesystem] }}"
+  vars:
+    __resource_filesystem:
+      id: "{{ sap_ha_pacemaker_cluster_wdp_filesystem_resource_name }}"
+      agent: "ocf:heartbeat:Filesystem"
+      instance_attrs:
+        - attrs:
+            - name: device
+              value: "{{ sap_ha_pacemaker_cluster_wdp_filesystem_host_mount_path }}"
+            - name: directory
+              value: "{{ sap_ha_pacemaker_cluster_wdp_filesystem_local_mount_path }}"
+            - name: fstype
+              value: "{{ sap_ha_pacemaker_cluster_wdp_filesystem_fstype }}"
+            - name: options
+              value: "{{ sap_ha_pacemaker_cluster_wdp_filesystem_options_string }}"
+            - name: force_unmount
+              value: "{{ sap_ha_pacemaker_cluster_wdp_filesystem_force_unmount }}"
+      operations:
+        - action: start
+          attrs:
+            - name: interval
+              value: 0
+            - name: timeout
+              value: 60
+        - action: stop
+          attrs:
+            - name: interval
+              value: 0
+            - name: timeout
+              value: 120
+        - action: monitor
+          attrs:
+            - name: interval
+              value: 200
+            - name: timeout
+              value: 40
+  when:
+    - __resource_filesystem.id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id'))
+
+- name: "SAP HA Prepare Pacemaker - Add resource: SAPInstance for SAP Web Dispatcher"
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_sapinstance] }}"
+  vars:
+    __resource_sapinstance:
+      id: "{{ sap_ha_pacemaker_cluster_wdp_sapinstance_resource_name }}"
+      agent: "ocf:heartbeat:SAPInstance"
+      instance_attrs:
+        - attrs:
+            - name: InstanceName
+              value: "{{ sap_ha_pacemaker_cluster_wdp_sapinstance_instance_name }}"
+            - name: START_PROFILE
+              value: "{{ sap_ha_pacemaker_cluster_wdp_sapinstance_start_profile_string }}"
+            - name: AUTOMATIC_RECOVER
+              value: "{{ sap_ha_pacemaker_cluster_wdp_sapinstance_automatic_recover_bool | string }}"
+            - name: MONITOR_SERVICES
+              value: sapwebdisp
+      meta_attrs:
+        - attrs:
+            - name: resource-stickiness
+              value: "{{ sap_ha_pacemaker_cluster_wdp_sapinstance_resource_stickiness }}"
+            # - name: migration-threshold
+            #   value: "{{ sap_ha_pacemaker_cluster_wdp_sapinstance_migration_threshold }}"
+            # - name: failure-timeout
+            #   value: "{{ sap_ha_pacemaker_cluster_wdp_sapinstance_failure_timeout }}"
+      operations:
+        - action: start
+          attrs:
+            - name: interval
+              value: 0
+            - name: timeout
+              value: 600
+        - action: stop
+          attrs:
+            - name: interval
+              value: 0
+            - name: timeout
+              value: 600
+        - action: monitor
+          attrs:
+            - name: interval
+              value: 20
+            - name: on-fail
+              value: restart
+            - name: timeout
+              value: 60
+  when:
+    - __resource_sapinstance.id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id'))
+
+### Groups
+# WebDisp group consists of resources in this order:
+# - WebDisp filesystem
+# - WebDisp VIP
+# - WebDisp instance
+# NOTE: WebDisp VIP must start before WebDisp instance as the generally binds to the VIP and will fail if the VIP is not available
+
+- name: "SAP HA Prepare Pacemaker - Add resource group for WebDisp resources"
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_resource_groups: "{{ __sap_ha_pacemaker_cluster_resource_groups + [__webdisp_group] }}"
+  vars:
+    __webdisp_group:
+      id: "{{ sap_ha_pacemaker_cluster_vip_wdp_resource_group_name }}"
+      resource_ids: |
+        {% set resource_ids_list = [] %}
+        {%- for resource in
+          sap_ha_pacemaker_cluster_wdp_filesystem_resource_name,
+          sap_ha_pacemaker_cluster_vip_wdp_resource_name,
+          sap_ha_pacemaker_cluster_wdp_sapinstance_resource_name,
+          sap_ha_pacemaker_cluster_healthcheck_wdp_resource_name %}
+          {%- if resource | length > 0
+            and resource in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id')) %}
+            {%- set ids = resource_ids_list.append(resource) %}
+          {%- endif %}
+        {%- endfor %}
+        {{ resource_ids_list }}
+      meta_attrs:
+        - attrs:
+            - name: resource-stickiness
+              value: "{{ sap_ha_pacemaker_cluster_wdp_group_stickiness }}"
+  when:
+    - __webdisp_group.id is not in (__sap_ha_pacemaker_cluster_resource_groups | map(attribute='id'))
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml b/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml
index 6a5517cb..3b9f78bc 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml
@@ -1,158 +1,169 @@
-# SPDX-License-Identifier: Apache-2.0
----
-# For the sake of readability and maintainability, suppress cosmetical ansible-lint warnings.
-- name: "SAP HA Prepare Pacemaker - Make a list of potential VIP definitions"
-  ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_all_vip_fact: # noqa jinja[spacing]
-      hana_scaleup_perf: "{{
-        {
-          __sap_ha_pacemaker_cluster_vip_hana_primary_resource_name:
-            __sap_ha_pacemaker_cluster_vip_hana_primary_ip_address | regex_replace('/.*', ''),
-          __sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name:
-            __sap_ha_pacemaker_cluster_vip_hana_secondary_ip_address | regex_replace('/.*', ''),
-          __sap_ha_pacemaker_cluster_healthcheck_hana_primary_resource_name:
-            sap_ha_pacemaker_cluster_healthcheck_hana_primary_port,
-          __sap_ha_pacemaker_cluster_healthcheck_hana_secondary_resource_name:
-            sap_ha_pacemaker_cluster_healthcheck_hana_secondary_port
-        } if sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup_perf') | length > 0 else omit }}"
-
-      nwas_abap_ascs_ers: "{{
-        {
-          __sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_name:
-            __sap_ha_pacemaker_cluster_vip_nwas_ascs_ip_address | regex_replace('/.*', ''),
-          __sap_ha_pacemaker_cluster_vip_nwas_ers_resource_name:
-            __sap_ha_pacemaker_cluster_vip_nwas_ers_ip_address | regex_replace('/.*', ''),
-          __sap_ha_pacemaker_cluster_healthcheck_nwas_ascs_resource_name:
-            sap_ha_pacemaker_cluster_healthcheck_nwas_ascs_port,
-          __sap_ha_pacemaker_cluster_healthcheck_nwas_ers_resource_name:
-            sap_ha_pacemaker_cluster_healthcheck_nwas_ers_port
-        } if sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_abap_ascs_ers') | length > 0 else omit }}"
-
-      nwas_java_scs_ers: "{{
-        {
-          __sap_ha_pacemaker_cluster_vip_nwas_scs_resource_name:
-            __sap_ha_pacemaker_cluster_vip_nwas_scs_ip_address | regex_replace('/.*', ''),
-          __sap_ha_pacemaker_cluster_vip_nwas_ers_resource_name:
-            __sap_ha_pacemaker_cluster_vip_nwas_ers_ip_address | regex_replace('/.*', ''),
-          __sap_ha_pacemaker_cluster_healthcheck_nwas_scs_resource_name:
-            sap_ha_pacemaker_cluster_healthcheck_nwas_scs_port,
-          __sap_ha_pacemaker_cluster_healthcheck_nwas_ers_resource_name:
-            sap_ha_pacemaker_cluster_healthcheck_nwas_ers_port
-        } if sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_java_scs_ers') | length > 0 else omit }}"
-
-      nwas_abap_pas_aas: "{{
-        {
-          __sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name:
-            __sap_ha_pacemaker_cluster_vip_nwas_abap_pas_ip_address | regex_replace('/.*', ''),
-          __sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name:
-            __sap_ha_pacemaker_cluster_vip_nwas_abap_aas_ip_address | regex_replace('/.*', ''),
-          __sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_resource_name:
-            sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_port,
-          __sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_resource_name:
-            sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_port
-        } if sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_abap_pas_aas') | length > 0 else omit }}"
-
-### Maintenance note
-#
-# The above task returns the following structure with a definition for HANA and ASCS/ERS,
-# example for platform "MS Azure":
-#
-# __sap_ha_pacemaker_cluster_all_vip_fact:
-#   hana_scaleup_perf:
-#     vip_HAN_10_primary: 192.168.1.10
-#     vip_HAN_10_readonly:
-#     hc_vip_HAN_10_primary: 62610
-#     hc_vip_HAN_10_readonly: 0
-#   nwas_abap_ascs_ers:
-#     vip_NW1_20_ascs: 192.168.2.20
-#     vip_NW2_30_ers: 192.168.2.30
-#     hc_vip_NW1_20_ascs: 62620
-#     hc_vip_NW2_30_ers: 62630
-#   nwas_abap_pas_aas:
-#     vip___pas:
-#     vip___aaas:
-#     hc_vip___pas: 0
-#     hc_vip___aas: 0
-
-- name: "SAP HA Prepare Pacemaker - Combine VIP parameters"
-  ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_vip_resource_definition:
-      "{{ __sap_ha_pacemaker_cluster_vip_resource_definition | d({})
-        | combine(__sap_ha_pacemaker_cluster_all_vip_fact[vip_item])
-        | dict2items | rejectattr('value', 'equalto', '') | list | items2dict }}"
-  loop: "{{ sap_ha_pacemaker_cluster_host_type }}"
-  loop_control:
-    loop_var: vip_item
-
-### Maintenance note
-#
-# The above task reduces the previous dictionary to the contents matching the target
-# host type definition. It reduces the VIP/HC resources list to only those with values.
-# Example for NW ASCS/ERS:
-#
-# __sap_ha_pacemaker_cluster_vip_resource_definition:
-#   nwas_abap_ascs_ers:
-#     vip_NW1_20_ascs: 192.168.2.20
-#     vip_NW2_30_ers: 192.168.2.30
-#     hc_vip_NW1_20_ascs: 62620
-#     hc_vip_NW2_30_ers: 62630
-
-
-# The VIP resource construction files are included in a loop to allow
-# for multiple IPs to be configured in cluster resources
-
-# Create list of VIP resource names to distinguish between VIP and HC resources
-- name: "SAP HA Prepare Pacemaker - Prepare list of VIP resource names"
-  ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_vip_resource_list:
-      - "{{ __sap_ha_pacemaker_cluster_vip_hana_primary_resource_name | d('') }}"
-      - "{{ __sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name | d('') }}"
-      - "{{ __sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_name | d('') }}"
-      - "{{ __sap_ha_pacemaker_cluster_vip_nwas_scs_resource_name | d('') }}"
-      - "{{ __sap_ha_pacemaker_cluster_vip_nwas_ers_resource_name | d('') }}"
-      - "{{ __sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name | d('') }}"
-      - "{{ __sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name | d('') }}"
-
-    __sap_ha_pacemaker_cluster_healthcheck_resource_list:
-      - "{{ __sap_ha_pacemaker_cluster_healthcheck_hana_primary_resource_name | d('') }}"
-      - "{{ __sap_ha_pacemaker_cluster_healthcheck_hana_secondary_resource_name | d('') }}"
-      - "{{ __sap_ha_pacemaker_cluster_healthcheck_nwas_ascs_resource_name | d('') }}"
-      - "{{ __sap_ha_pacemaker_cluster_healthcheck_nwas_scs_resource_name | d('') }}"
-      - "{{ __sap_ha_pacemaker_cluster_healthcheck_nwas_ers_resource_name | d('') }}"
-      - "{{ __sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_resource_name | d('') }}"
-      - "{{ __sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_resource_name | d('') }}"
-
-# Repeat the VIP resource definition in a loop over the above combined possible parameters.
-# Applies to systems with no particular platform detected.
-# VIP resources creation only.
-- name: "SAP HA Prepare Pacemaker - Include variable construction for standard VIP resources"
-  ansible.builtin.include_tasks: construct_vars_vip_resources_default.yml
-  loop: "{{ query('dict', __sap_ha_pacemaker_cluster_vip_resource_definition) }}"
-  loop_control:
-    index_var: loop_index
-    loop_var: vip_list_item
-    label: "{{ vip_list_item.key }} - {{ vip_list_item.value }}"
-  when:
-    - __sap_ha_pacemaker_cluster_platform != 'cloud_gcp_ce_vm'        # custom IPaddr2 task per platform
-    - __sap_ha_pacemaker_cluster_platform != 'cloud_ibmcloud_powervs' # custom IPaddr2 task per platform
-    - __sap_ha_pacemaker_cluster_platform != 'cloud_ibmcloud_vs'      # no IPaddr2 resource creation, even when an IP is defined
-    - vip_list_item.key in __sap_ha_pacemaker_cluster_vip_resource_list
-
-# Platform custom VIP and/or health check resources creation.
-- name: "SAP HA Prepare Pacemaker - Include variable construction for platform VIP methods"
-  ansible.builtin.include_tasks: "platform/construct_vars_vip_resources_{{ __sap_ha_pacemaker_cluster_platform }}.yml"
-  loop: "{{ query('dict', __sap_ha_pacemaker_cluster_vip_resource_definition) }}"
-  loop_control:
-    index_var: loop_index
-    loop_var: vip_list_item
-    label: "{{ vip_list_item.key }} - {{ vip_list_item.value }}"
-  when:
-    - __sap_ha_pacemaker_cluster_platform | length > 0
-
-
-# Group VIP and healthcheck resources if applicable.
-- name: "SAP HA Prepare Pacemaker - Include VIP and healthcheck group creation"
-  ansible.builtin.include_tasks:
-    file: construct_vars_vip_groups.yml
-  when:
-    - sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup') | length > 0
+# SPDX-License-Identifier: Apache-2.0
+---
+# TEMP to fix CFLF
+# For the sake of readability and maintainability, suppress cosmetical ansible-lint warnings.
+- name: "SAP HA Prepare Pacemaker - Make a list of potential VIP definitions"
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_all_vip_fact: # noqa jinja[spacing]
+      hana_scaleup_perf: "{{
+        {
+          __sap_ha_pacemaker_cluster_vip_hana_primary_resource_name:
+            __sap_ha_pacemaker_cluster_vip_hana_primary_ip_address | regex_replace('/.*', ''),
+          __sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name:
+            __sap_ha_pacemaker_cluster_vip_hana_secondary_ip_address | regex_replace('/.*', ''),
+          __sap_ha_pacemaker_cluster_healthcheck_hana_primary_resource_name:
+            sap_ha_pacemaker_cluster_healthcheck_hana_primary_port,
+          __sap_ha_pacemaker_cluster_healthcheck_hana_secondary_resource_name:
+            sap_ha_pacemaker_cluster_healthcheck_hana_secondary_port
+        } if sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup_perf') | length > 0 else omit }}"
+
+      nwas_abap_ascs_ers: "{{
+        {
+          __sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_name:
+            __sap_ha_pacemaker_cluster_vip_nwas_ascs_ip_address | regex_replace('/.*', ''),
+          __sap_ha_pacemaker_cluster_vip_nwas_ers_resource_name:
+            __sap_ha_pacemaker_cluster_vip_nwas_ers_ip_address | regex_replace('/.*', ''),
+          __sap_ha_pacemaker_cluster_healthcheck_nwas_ascs_resource_name:
+            sap_ha_pacemaker_cluster_healthcheck_nwas_ascs_port,
+          __sap_ha_pacemaker_cluster_healthcheck_nwas_ers_resource_name:
+            sap_ha_pacemaker_cluster_healthcheck_nwas_ers_port
+        } if sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_abap_ascs_ers') | length > 0 else omit }}"
+
+      nwas_java_scs_ers: "{{
+        {
+          __sap_ha_pacemaker_cluster_vip_nwas_scs_resource_name:
+            __sap_ha_pacemaker_cluster_vip_nwas_scs_ip_address | regex_replace('/.*', ''),
+          __sap_ha_pacemaker_cluster_vip_nwas_ers_resource_name:
+            __sap_ha_pacemaker_cluster_vip_nwas_ers_ip_address | regex_replace('/.*', ''),
+          __sap_ha_pacemaker_cluster_healthcheck_nwas_scs_resource_name:
+            sap_ha_pacemaker_cluster_healthcheck_nwas_scs_port,
+          __sap_ha_pacemaker_cluster_healthcheck_nwas_ers_resource_name:
+            sap_ha_pacemaker_cluster_healthcheck_nwas_ers_port
+        } if sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_java_scs_ers') | length > 0 else omit }}"
+
+      nwas_abap_pas_aas: "{{
+        {
+          __sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name:
+            __sap_ha_pacemaker_cluster_vip_nwas_abap_pas_ip_address | regex_replace('/.*', ''),
+          __sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name:
+            __sap_ha_pacemaker_cluster_vip_nwas_abap_aas_ip_address | regex_replace('/.*', ''),
+          __sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_resource_name:
+            sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_port,
+          __sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_resource_name:
+            sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_port
+        } if sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_abap_pas_aas') | length > 0 else omit }}"
+
+      sap_webdisp: "{{
+        {
+          sap_ha_pacemaker_cluster_vip_wdp_resource_name:
+            sap_ha_pacemaker_cluster_vip_wdp_ip_address | regex_replace('/.*', ''),
+          sap_ha_pacemaker_cluster_healthcheck_wdp_resource_name:
+            sap_ha_pacemaker_cluster_healthcheck_wdp_port
+        } if sap_ha_pacemaker_cluster_host_type | select('search', 'sap_webdisp') | length > 0 else omit }}"
+
+### Maintenance note
+#
+# The above task returns the following structure with a definition for HANA and ASCS/ERS,
+# example for platform "MS Azure":
+#
+# __sap_ha_pacemaker_cluster_all_vip_fact:
+#   hana_scaleup_perf:
+#     vip_HAN_10_primary: 192.168.1.10
+#     vip_HAN_10_readonly:
+#     hc_vip_HAN_10_primary: 62610
+#     hc_vip_HAN_10_readonly: 0
+#   nwas_abap_ascs_ers:
+#     vip_NW1_20_ascs: 192.168.2.20
+#     vip_NW2_30_ers: 192.168.2.30
+#     hc_vip_NW1_20_ascs: 62620
+#     hc_vip_NW2_30_ers: 62630
+#   nwas_abap_pas_aas:
+#     vip___pas:
+#     vip___aaas:
+#     hc_vip___pas: 0
+#     hc_vip___aas: 0
+
+- name: "SAP HA Prepare Pacemaker - Combine VIP parameters"
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_vip_resource_definition:
+      "{{ __sap_ha_pacemaker_cluster_vip_resource_definition | d({})
+        | combine(__sap_ha_pacemaker_cluster_all_vip_fact[vip_item])
+        | dict2items | rejectattr('value', 'equalto', '') | list | items2dict }}"
+  loop: "{{ sap_ha_pacemaker_cluster_host_type }}"
+  loop_control:
+    loop_var: vip_item
+
+### Maintenance note
+#
+# The above task reduces the previous dictionary to the contents matching the target
+# host type definition. It reduces the VIP/HC resources list to only those with values.
+# Example for NW ASCS/ERS:
+#
+# __sap_ha_pacemaker_cluster_vip_resource_definition:
+#   nwas_abap_ascs_ers:
+#     vip_NW1_20_ascs: 192.168.2.20
+#     vip_NW2_30_ers: 192.168.2.30
+#     hc_vip_NW1_20_ascs: 62620
+#     hc_vip_NW2_30_ers: 62630
+
+
+# The VIP resource construction files are included in a loop to allow
+# for multiple IPs to be configured in cluster resources
+
+# Create list of VIP resource names to distinguish between VIP and HC resources
+- name: "SAP HA Prepare Pacemaker - Prepare list of VIP resource names"
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_vip_resource_list:
+      - "{{ __sap_ha_pacemaker_cluster_vip_hana_primary_resource_name | d('') }}"
+      - "{{ __sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name | d('') }}"
+      - "{{ __sap_ha_pacemaker_cluster_vip_nwas_ascs_resource_name | d('') }}"
+      - "{{ __sap_ha_pacemaker_cluster_vip_nwas_scs_resource_name | d('') }}"
+      - "{{ __sap_ha_pacemaker_cluster_vip_nwas_ers_resource_name | d('') }}"
+      - "{{ __sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name | d('') }}"
+      - "{{ __sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name | d('') }}"
+      - "{{ sap_ha_pacemaker_cluster_vip_wdp_resource_name | d('') }}"
+
+    __sap_ha_pacemaker_cluster_healthcheck_resource_list:
+      - "{{ __sap_ha_pacemaker_cluster_healthcheck_hana_primary_resource_name | d('') }}"
+      - "{{ __sap_ha_pacemaker_cluster_healthcheck_hana_secondary_resource_name | d('') }}"
+      - "{{ __sap_ha_pacemaker_cluster_healthcheck_nwas_ascs_resource_name | d('') }}"
+      - "{{ __sap_ha_pacemaker_cluster_healthcheck_nwas_scs_resource_name | d('') }}"
+      - "{{ __sap_ha_pacemaker_cluster_healthcheck_nwas_ers_resource_name | d('') }}"
+      - "{{ __sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_resource_name | d('') }}"
+      - "{{ __sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_resource_name | d('') }}"
+      - "{{ sap_ha_pacemaker_cluster_healthcheck_wdp_resource_name | d('') }}"
+
+# Repeat the VIP resource definition in a loop over the above combined possible parameters.
+# Applies to systems with no particular platform detected.
+# VIP resources creation only.
+- name: "SAP HA Prepare Pacemaker - Include variable construction for standard VIP resources"
+  ansible.builtin.include_tasks: construct_vars_vip_resources_default.yml
+  loop: "{{ query('dict', __sap_ha_pacemaker_cluster_vip_resource_definition) }}"
+  loop_control:
+    index_var: loop_index
+    loop_var: vip_list_item
+    label: "{{ vip_list_item.key }} - {{ vip_list_item.value }}"
+  when:
+    - __sap_ha_pacemaker_cluster_platform != 'cloud_gcp_ce_vm'        # custom IPaddr2 task per platform
+    - __sap_ha_pacemaker_cluster_platform != 'cloud_ibmcloud_powervs' # custom IPaddr2 task per platform
+    - __sap_ha_pacemaker_cluster_platform != 'cloud_ibmcloud_vs'      # no IPaddr2 resource creation, even when an IP is defined
+    - vip_list_item.key in __sap_ha_pacemaker_cluster_vip_resource_list
+
+# Platform custom VIP and/or health check resources creation.
+- name: "SAP HA Prepare Pacemaker - Include variable construction for platform VIP methods"
+  ansible.builtin.include_tasks: "platform/construct_vars_vip_resources_{{ __sap_ha_pacemaker_cluster_platform }}.yml"
+  loop: "{{ query('dict', __sap_ha_pacemaker_cluster_vip_resource_definition) }}"
+  loop_control:
+    index_var: loop_index
+    loop_var: vip_list_item
+    label: "{{ vip_list_item.key }} - {{ vip_list_item.value }}"
+  when:
+    - __sap_ha_pacemaker_cluster_platform | length > 0
+
+
+# Group VIP and healthcheck resources if applicable.
+- name: "SAP HA Prepare Pacemaker - Include VIP and healthcheck group creation"
+  ansible.builtin.include_tasks:
+    file: construct_vars_vip_groups.yml
+  when:
+    - sap_ha_pacemaker_cluster_host_type | select('search', 'hana_scaleup') | length > 0
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/include_vars_nwas.yml b/roles/sap_ha_pacemaker_cluster/tasks/include_vars_nwas.yml
index ffbef8df..0e43e5c5 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/include_vars_nwas.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/include_vars_nwas.yml
@@ -13,7 +13,6 @@
   when:
     - "(role_path + '/vars/' + include_item + '.yml') is file"
 
-
 # Private variables are assigned following logic:
 # 1. Use backwards compatible var if new var is empty
 # 2. Use user input if new var is not empty
@@ -391,3 +390,13 @@
     # TODO: Remove backwards compatibility to typo
     __sap_ha_pacemaker_cluster_storage_nfs_filesystem_type:
       "{{ sap_ha_pacemaker_cluster_storage_nfs_filesytem_type | d(sap_ha_pacemaker_cluster_storage_nfs_filesystem_type) }}"
+
+# This must be run after the  assignment of
+# __sap_ha_pacemaker_cluster_nwas_cs_ers_simple_mount
+# TODO: separate pre-steps from variable includes for NW and HANA
+- name: "SAP HA Prepare Pacemaker - Run NETWEAVER pre-steps"
+  ansible.builtin.include_tasks:
+    file: "{{ ansible_facts['os_family'] }}/pre_steps_nwas_ascs_ers.yml"
+  when:
+    - ansible_os_family == 'RedHat'
+    - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas') | length > 0
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/include_vars_webdisp.yml b/roles/sap_ha_pacemaker_cluster/tasks/include_vars_webdisp.yml
new file mode 100644
index 00000000..016bc610
--- /dev/null
+++ b/roles/sap_ha_pacemaker_cluster/tasks/include_vars_webdisp.yml
@@ -0,0 +1,24 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# TEMP to fix CFLF
+- name: SAP HA Prepare Pacemaker - Include Web Dispatcher landscape specific variables
+  ansible.builtin.include_vars: "{{ role_path }}/vars/{{ include_item }}.yml"
+  loop: "{{ __host_type_list | flatten }}"
+  loop_control:
+    loop_var: include_item
+    label: "{{ include_item }}.yml"
+  vars:
+    __host_type_list:
+      - nwas_common
+      - "{{ sap_ha_pacemaker_cluster_host_type }}"
+  when:
+    - "(role_path + '/vars/' + include_item + '.yml') is file"
+
+
+# Prep for moving some of the vars from the main vars file here
+# - name: "SAP HA Prepare Pacemaker - Set cluster resource variable: VIP Health Checks (WebDisp)"
+#   ansible.builtin.set_fact:
+#     __sap_ha_pacemaker_cluster_healthcheck_wdp_id:
+#       "{{ sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ascs_id | d(__sap_ha_pacemaker_cluster_nwas_sid ~ 'ascs')
+#       if sap_ha_pacemaker_cluster_healthcheck_wdp_id | string | length == 0
+#       else sap_ha_pacemaker_cluster_healthcheck_wdp_id }}"
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/main.yml b/roles/sap_ha_pacemaker_cluster/tasks/main.yml
index 95c43eac..4fed7d92 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/main.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/main.yml
@@ -1,5 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
+# TEMP to fix CFLF
 # 1. Role arguments are validated through meta/arguments_spec.yml (ansible >= 2.11)
 # 2. Detect SAP solution to be configured (scale-up, scale-out, etc.)
 #    * Play hosts must have SAP installed and landscape information discoverable ?!
@@ -21,13 +22,16 @@
 # supports.
 - name: "SAP HA Prepare Pacemaker - Include tasks from 'ha_cluster' role definitions"
   ansible.builtin.import_tasks: import_hacluster_vars_from_inventory.yml
+  tags: always
 
 - name: "SAP HA Prepare Pacemaker - Include facts and common variables"
   ansible.builtin.import_tasks: include_vars_common.yml
+  tags: always
 
 # Determine which SAP landscape we are going to configure in the cluster.
 - name: "SAP HA Prepare Pacemaker - Include tasks for SAP landscape calculation"
   ansible.builtin.import_tasks: ascertain_sap_landscape.yml
+  tags: always
 
 # Validate input variables after processing in include_vars_ tasks.
 - name: "SAP HA Prepare Pacemaker - Include parameter validation tasks"
@@ -208,9 +212,12 @@
     # Cluster installation and configuration through the dedicated
     # linux system role 'ha_cluster'
     - name: "SAP HA Install Pacemaker - Include System Role 'ha_cluster'"
-      ansible.builtin.import_role:
+      ansible.builtin.include_role:
         name: "{{ sap_ha_pacemaker_cluster_system_roles_collection }}.ha_cluster"
+        apply:
+          tags: run_ha_cluster
       no_log: "{{ __sap_ha_pacemaker_cluster_no_log }}"  # some parameters contain secrets
+      tags: run_ha_cluster
 
 
     # Corosync post-inst
@@ -292,12 +299,20 @@
       when:
         - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_java_scs_ers') | length > 0
 
+    - name: "SAP HA Install Pacemaker - Include SAP Web Dispatcher post steps"
+      ansible.builtin.include_tasks:
+        file: configure_webdisp_postinstallation.yml
+        apply:
+          tags: webdisp_postinst
+      tags: webdisp_postinst
+      when:
+        - sap_ha_pacemaker_cluster_host_type | select('search', 'sap_webdisp') | length > 0
 
 ### END OF BLOCK: prerequisite changes and cluster setup
 
 # Save all the constructed cluster parameters into a vars file.
 #
-# This will help re-using ha_cluster afterwards without losing the already
+# This will help reusing ha_cluster afterwards without losing the already
 # configured resources and constraints.
 # The ha_cluster role will otherwise remove configuration that is not part
 # of the parameters provided during any subsequent run outside of the current
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/validate_input_parameters.yml b/roles/sap_ha_pacemaker_cluster/tasks/validate_input_parameters.yml
index dc233b06..c7a38ff8 100644
--- a/roles/sap_ha_pacemaker_cluster/tasks/validate_input_parameters.yml
+++ b/roles/sap_ha_pacemaker_cluster/tasks/validate_input_parameters.yml
@@ -39,6 +39,38 @@
   when:
     - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas') | length > 0
 
+- name: "SAP HA Prepare Pacemaker - (SAP WebDisp) Validate WebDisp System ID"
+  ansible.builtin.assert:
+    that:
+      - sap_ha_pacemaker_cluster_wdp_sid | length == 3
+      - sap_ha_pacemaker_cluster_wdp_sid not in __sap_ha_pacemaker_cluster_sid_prohibited
+    fail_msg: |
+      Host type = {{ sap_ha_pacemaker_cluster_host_type }}
+      Requires 'sap_ha_pacemaker_cluster_wdp_sid' to be defined!
+  when:
+    - sap_ha_pacemaker_cluster_host_type | select('search', 'sap_webdisp') | length > 0
+
+- name: "SAP HA Prepare Pacemaker - (SAP WebDisp) Validate WebDisp Instance Number"
+  ansible.builtin.assert:
+    that:
+      - (
+          sap_ha_pacemaker_cluster_wdp_instance_nr | type_debug != 'int'
+          and sap_ha_pacemaker_cluster_wdp_instance_nr | length == 2
+        )
+        or
+        (
+          sap_ha_pacemaker_cluster_wdp_instance_nr | type_debug == 'int'
+          and ssap_ha_pacemaker_cluster_wdp_instance_nr is regex("^[0-9][0-9]$")
+        )
+    fail_msg: |
+
+      Host type = {{ sap_ha_pacemaker_cluster_host_type }}
+      Requires 'sap_ha_pacemaker_cluster_wdp_instance_nr' to be defined.
+
+      The instance number must be exactly 2 digits.
+      Add quotes if the number starts with a 0!
+  when:
+    - sap_ha_pacemaker_cluster_host_type | select('search', 'sap_webdisp') | length > 0
 
 # Validate SAP Instance Number
 - name: "SAP HA Prepare Pacemaker - (SAP NetWeaver) Validate SAP Instance Number"
@@ -220,3 +252,12 @@
     fail_msg: "Host type = '{{ sap_ha_pacemaker_cluster_host_type }}', but 'sap_ha_pacemaker_cluster_vip_nwas_abap_aas_ip_address' is not defined."
   when:
     - sap_ha_pacemaker_cluster_host_type | select('search', 'nwas_abap_pas_aas') | length > 0
+
+- name: "SAP HA Prepare Pacemaker - (SAP WebDisp) Verify that the VIP is defined"
+  ansible.builtin.assert:
+    that:
+      - sap_ha_pacemaker_cluster_vip_wdp_ip_address is defined
+      - sap_ha_pacemaker_cluster_vip_wdp_ip_address | length > 0
+    fail_msg: "Host type = '{{ sap_ha_pacemaker_cluster_host_type }}', but 'sap_ha_pacemaker_cluster_vip_wdp_ip_address' is not defined."
+  when:
+    - sap_ha_pacemaker_cluster_host_type | select('search', 'sap_webdisp') | length > 0
diff --git a/roles/sap_ha_pacemaker_cluster/vars/RedHat.yml b/roles/sap_ha_pacemaker_cluster/vars/RedHat.yml
index e9dd9762..22fac001 100644
--- a/roles/sap_ha_pacemaker_cluster/vars/RedHat.yml
+++ b/roles/sap_ha_pacemaker_cluster/vars/RedHat.yml
@@ -1,3 +1,4 @@
+<<<<<<< HEAD
 # SPDX-License-Identifier: Apache-2.0
 ---
 # Default repositories if platform does not override them.
@@ -57,7 +58,7 @@ __sap_ha_pacemaker_cluster_command:
 
 # Default corosync options - OS specific
 __sap_ha_pacemaker_cluster_corosync_totem_default:
-  options: []
+  options: {}
 
 # Make sure that there is always the minimal default fed into the included role.
 # This is combined with the custom list 'sap_ha_pacemaker_cluster_fence_agent_packages'.
@@ -158,4 +159,169 @@ sap_ha_pacemaker_cluster_hana_hook_chksrv: true
 
 # Central Services Cluster Simple Mount: Enabled as default
 # TODO: Enable when SAPStartSrv resource agents are available on Red Hat
-sap_ha_pacemaker_cluster_nwas_cs_ers_simple_mount: false
+sap_ha_pacemaker_cluster_nwas_cs_ers_simple_mount: true
+__sap_ha_pacemaker_cluster_nwas_simple_mount_version: 4.15.1
+=======
+# SPDX-License-Identifier: Apache-2.0
+---
+# TEMP to fix CFLF
+# Default repositories if platform does not override them.
+# This selection does not affect imported __ha_cluster_repos due to precedence.
+__sap_ha_pacemaker_cluster_repos:
+  - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms"
+    name: High Availability
+
+# Dictionary with repos for each platform
+__sap_ha_pacemaker_cluster_repos_dict:
+  cloud_aws_ec2_vs:
+    - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms"
+      name: High Availability
+  cloud_gcp_ce_vm:
+    - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms"
+      name: High Availability
+  cloud_ibmcloud_powervs:
+    - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms"
+      name: High Availability E4S (4-Year) for Power, little endian
+    # - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-eus-rpms"
+    #   name: High Availability EUS (2-Year) for Power, little endian
+    # - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-rpms"
+    #   name: High Availability for Power, little endian
+  cloud_ibmcloud_vs:
+    - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms"
+      name: High Availability E4S (4-Year)
+    # - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-eus-rpms"
+    #   name: High Availability EUS (2-Year)
+    # - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-rpms"
+    #   name: High Availability
+  cloud_msazure_vm:
+    - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rhui-rpms"
+      name: High Availability
+    - id: "rhui-microsoft-azure-rhel{{ ansible_distribution_major_version }}-sap-ha"
+      name: Microsoft Azure RPMs for Red Hat Enterprise Linux {{ ansible_distribution_major_version }} (rhel{{ ansible_distribution_major_version }}-sap-ha)
+  hyp_ibmpower_vm:
+    - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-e4s-rpms"
+      name: High Availability E4S (4-Year) for Power, little endian
+    # - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-eus-rpms"
+    #   name: High Availability EUS (2-Year) for Power, little endian
+    # - id: "rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-rpms"
+    #   name: High Availability for Power, little endian
+
+__sap_ha_pacemaker_cluster_halib_package: sap-cluster-connector
+
+# List of configuration lines that must be added to the instance profiles for SAP HA Interface setup.
+__sap_ha_pacemaker_cluster_connector_config_lines:
+  - "service/halib = $(DIR_EXECUTABLE)/saphascriptco.so"
+  - "service/halib_cluster_connector = /usr/bin/sap_cluster_connector"
+
+# Cluster command to manage resources - pcs commands in Redhat OS family.
+__sap_ha_pacemaker_cluster_command:
+  resource_stop: "pcs resource disable"
+  resource_start: "pcs resource enable"
+  resource_restart: "pcs resource restart"
+  resource_cleanup: "pcs resource cleanup"
+
+# Default corosync options - OS specific
+__sap_ha_pacemaker_cluster_corosync_totem_default:
+  options: {}
+
+# Make sure that there is always the minimal default fed into the included role.
+# This is combined with the custom list 'sap_ha_pacemaker_cluster_fence_agent_packages'.
+__sap_ha_pacemaker_cluster_fence_agent_packages_minimal:
+  - fence-agents-all
+
+# Dictionary with fence packages for each platform
+__sap_ha_pacemaker_cluster_fence_agent_packages_dict:
+  cloud_aws_ec2_vs:
+    - fence-agents-aws
+  cloud_gcp_ce_vm:
+    - fence-agents-gce
+  cloud_ibmcloud_powervs:
+    - fence-agents-ibm-powervs
+  cloud_ibmcloud_vs:
+    - fence-agents-ibm-vpc
+  cloud_msazure_vm:
+    - fence-agents-azure-arm
+  hyp_ibmpower_vm:
+    - fence-agents-lpar
+
+# Dictionary with extra platform specific packages
+__sap_ha_pacemaker_cluster_platform_extra_packages_dict:
+  cloud_aws_ec2_vs:
+    - "{{ 'resource-agents-cloud' if ansible_distribution_major_version is version('9', '>=') else 'awscli' }}"
+    - "{{ 'awscli2' if ansible_distribution_version is version('9.5', '>=') else '' }}"
+  cloud_gcp_ce_vm:
+    - resource-agents-gcp
+  cloud_msazure_vm:
+    - "{{ 'resource-agents-cloud' if ansible_distribution_major_version is version('9', '>=') else '' }}"
+    - socat
+
+# Dictionary with additional cluster packages for specific scenarios
+__sap_ha_pacemaker_cluster_sap_extra_packages_dict:
+  hana_angi:
+    - sap-hana-ha
+  hana_scaleout:
+    - resource-agents-sap-hana-scaleout
+  hana_scaleup:
+    - resource-agents-sap-hana
+  nwas:
+    - resource-agents-sap
+
+# Dictionary with preferred platform specific VIP method that differs from default
+# __sap_ha_pacemaker_cluster_vip_method_dict:
+
+# Resource agents - fully qualified names
+__sap_ha_pacemaker_cluster_resource_agents:
+  saphanatopology: "ocf:heartbeat:SAPHanaTopology"
+  saphana: "ocf:heartbeat:SAPHana"
+  saphanacontroller: "ocf:heartbeat:SAPHanaController"
+  saphanafilesystem: "ocf:heartbeat:SAPHanaFilesystem"
+  sapstartsrv: "ocf:heartbeat:SAPStartSrv"
+
+__sap_ha_pacemaker_cluster_saphanasr_angi_available: false
+
+# Default SAP HANA hook parameters combined based on user decision
+__sap_ha_pacemaker_cluster_hook_hana_scaleup_perf:
+  saphanasr:
+    - provider: SAPHanaSR
+      path: /usr/share/SAPHanaSR/srHook/
+      options:
+        - name: execution_order
+          value: 1
+  chksrv:
+    - provider: ChkSrv
+      path: /usr/share/SAPHanaSR/srHook/
+      options:
+        - name: execution_order
+          value: 2
+        - name: action_on_lost
+          value: stop
+
+__sap_ha_pacemaker_cluster_hook_hana_scaleup_perf_angi:
+  saphanasr:
+    - provider: HanaSR
+      path: /usr/share/sap-hana-ha/
+      options:
+        - name: execution_order
+          value: 1
+  chksrv:
+    - provider: ChkSrv
+      path: /usr/share/sap-hana-ha/
+      options:
+        - name: execution_order
+          value: 2
+        - name: action_on_lost
+          value: stop
+        - name: stop_timeout
+          value: 25
+
+__sap_ha_pacemaker_cluster_hook_hana_scaleout: []
+__sap_ha_pacemaker_cluster_hook_hana_scaleout_angi: []
+
+# Enable default OS recommended hooks
+sap_ha_pacemaker_cluster_hana_hook_tkover: false
+sap_ha_pacemaker_cluster_hana_hook_chksrv: true
+
+# Central Services Cluster Simple Mount: Enabled as default
+# TODO: Enable when SAPStartSrv resource agents are available on Red Hat
+sap_ha_pacemaker_cluster_nwas_cs_ers_simple_mount: false
+>>>>>>> ceee5e62 (sap_ha_pacemaker_cluster: Add support for clustered WebDisp systems)
diff --git a/roles/sap_ha_pacemaker_cluster/vars/SLES_16.yml b/roles/sap_ha_pacemaker_cluster/vars/SLES_16.yml
new file mode 100644
index 00000000..8a9f66af
--- /dev/null
+++ b/roles/sap_ha_pacemaker_cluster/vars/SLES_16.yml
@@ -0,0 +1,35 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# Variables specific to following versions:
+# - SUSE Linux Enterprise Server for SAP Applications 16
+# - SUSE Linux Enterprise Server 16
+
+# Dictionary with additional cluster packages for specific scenarios
+__sap_ha_pacemaker_cluster_sap_extra_packages_dict:
+  minimal: []  # All minimal packages are part of patterns
+  hana_scaleout:
+    - patterns-sap-HADB
+  hana_scaleup:
+    - patterns-sap-HADB
+  hana_angi: []  # SAPHanaSR-angi package is part of patterns-sap-HADB
+  nwas:
+    - patterns-sap-HAAPP
+
+# Package list was simplified because of new patterns below:
+
+# patterns-sap-HADB contains:
+# - patterns-sles_sap_DB
+# - patterns-ha-ha_sles
+# - SAPHanaSR-angi
+# - ClusterTools2
+# - supportutils-plugin-ha-sap
+# - socat
+
+# patterns-sap-HAAPP contains:
+# - patterns-sles_sap_APP
+# - patterns-ha-ha_sles
+# - sapstartsrv-resource-agents
+# - sap-suse-cluster-connector
+# - ClusterTools2
+# - supportutils-plugin-ha-sap
+# - socat
diff --git a/roles/sap_ha_pacemaker_cluster/vars/Suse.yml b/roles/sap_ha_pacemaker_cluster/vars/Suse.yml
index 2d7fda4c..18cd8dfc 100644
--- a/roles/sap_ha_pacemaker_cluster/vars/Suse.yml
+++ b/roles/sap_ha_pacemaker_cluster/vars/Suse.yml
@@ -50,20 +50,9 @@ __sap_ha_pacemaker_cluster_platform_extra_packages_dict:
     - socat
 
 # Dictionary with additional cluster packages for specific scenarios
+# All packages are defined in SLES_15 and SLES_16 var files.
 __sap_ha_pacemaker_cluster_sap_extra_packages_dict:
-  minimal:
-    # Pattern contains all required cluster packages
-    - patterns-ha-ha_sles
-    - ClusterTools2
-  hana_scaleout:
-    - SAPHanaSR-ScaleOut
-  hana_scaleup:
-    - SAPHanaSR
-  hana_angi:
-    - SAPHanaSR-angi
-  nwas:
-    - sap-suse-cluster-connector
-    - sapstartsrv-resource-agents
+  {}
 
 # Dictionary with preferred platform specific VIP method that differs from default
 __sap_ha_pacemaker_cluster_vip_method_dict:
diff --git a/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_perf.yml b/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_perf.yml
index 1801b2fb..413e344e 100644
--- a/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_perf.yml
+++ b/roles/sap_ha_pacemaker_cluster/vars/hana_scaleup_perf.yml
@@ -15,7 +15,8 @@ __sap_ha_pacemaker_cluster_sap_extra_packages: "{{
 
 # Set variable with dictionary name based on angi availability
 __sap_ha_pacemaker_cluster_hana_hook_dictionary:
-  "{{ '__sap_ha_pacemaker_cluster_hook_' + sap_ha_pacemaker_cluster_host_type[0]
+  "{{ '__sap_ha_pacemaker_cluster_hook_'
+  + (sap_ha_pacemaker_cluster_host_type | select('search', 'hana'))[0]
   + ('_angi' if __sap_ha_pacemaker_cluster_saphanasr_angi_available else '') }}"
 
 # Recommended srhooks are set to true only if default dictionary is populated
diff --git a/roles/sap_ha_pacemaker_cluster/vars/main.yml b/roles/sap_ha_pacemaker_cluster/vars/main.yml
index 3ea75301..3ce7fdb7 100644
--- a/roles/sap_ha_pacemaker_cluster/vars/main.yml
+++ b/roles/sap_ha_pacemaker_cluster/vars/main.yml
@@ -1,5 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
+# TEMP to fix CFLF
 # SAP System IDs that are reserved and must not be used
 # Reference: SAP Note 1979280
 __sap_ha_pacemaker_cluster_sid_prohibited: ['ADD', 'ADM', 'ALL', 'AMD', 'AND', 'ANY', 'ARE', 'ASC',
@@ -56,6 +57,7 @@ sap_ha_pacemaker_cluster_healthcheck_nwas_ers_port:
   "{{ sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ers_port | d('') }}"
 sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_port: ''
 sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_port: ''
+sap_ha_pacemaker_cluster_healthcheck_wdp_port: ''
 
 # (cloud) platform helper variable - leave empty for default = not cloud
 __sap_ha_pacemaker_cluster_platform: ''
@@ -93,6 +95,7 @@ __sap_ha_pacemaker_cluster_pcmk_host_map: ''
 # Pre-define internal optional parameters to avoid defaults in the code:
 __sap_ha_pacemaker_cluster_sap_extra_packages: []
 __sap_ha_pacemaker_cluster_platform_extra_packages: []
+__sap_ha_pacemaker_cluster_fence_agent_packages_platform: []
 
 __sap_ha_pacemaker_cluster_cluster_properties: []
 __sap_ha_pacemaker_cluster_resource_defaults:
diff --git a/roles/sap_ha_pacemaker_cluster/vars/sap_webdisp.yml b/roles/sap_ha_pacemaker_cluster/vars/sap_webdisp.yml
new file mode 100644
index 00000000..a47499cb
--- /dev/null
+++ b/roles/sap_ha_pacemaker_cluster/vars/sap_webdisp.yml
@@ -0,0 +1,13 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# The following directories are appended to the 'nfs_path' of the '/usr/sap' storage
+# definition.
+# Therefore, the /usr/sap prefix must be left out of the listed path items.
+__sap_ha_pacemaker_cluster_wdp_filesystems:
+  - "{{ sap_ha_pacemaker_cluster_wdp_sid }}/W{{ sap_ha_pacemaker_cluster_wdp_instance_nr }}"
+
+
+# List of WDP profile names.
+# Used in tasks/configure_nwas_postinstallation.yml for sap_cluster_connector setup.
+__sap_ha_pacemaker_cluster_wdp_profile_paths:
+  - "{{ sap_ha_pacemaker_cluster_wdp_sapinstance_start_profile_string }}"
diff --git a/roles/sap_hana_preconfigure/README.md b/roles/sap_hana_preconfigure/README.md
index 52014f2a..64b4bacd 100644
--- a/roles/sap_hana_preconfigure/README.md
+++ b/roles/sap_hana_preconfigure/README.md
@@ -203,7 +203,7 @@ Available values:
 - _Type:_ `bool`
 - _Default:_ `false`
 
-Check the RHEL release against parameter `sap_hana_preconfigure_supported_rhel_minor_releases`, which is a list of<br>
+(RedHat specific) Check the RHEL release against parameter `sap_hana_preconfigure_supported_rhel_minor_releases`, which is a list of<br>
 known SAP HANA supported RHEL minor releases. By default, the role will display a message and continue running if<br>
 the RHEL release is not part of that list. If set to `true`, the role will fail in such a case.<br>
 
@@ -211,13 +211,13 @@ the RHEL release is not part of that list. If set to `true`, the role will fail
 - _Type:_ `list` with elements of type `str`
 - _Default:_ (set by platform/environment specific variables)
 
-Use this parameter to set your own list of SAP HANA supported RHEL minor releases.<br>
+(RedHat specific) Use this parameter to set your own list of SAP HANA supported RHEL minor releases.<br>
 
 ### sap_hana_preconfigure_enable_sap_hana_repos
 - _Type:_ `bool`
 - _Default:_ `false`
 
-Set to 'true' to enable the SAP HANA required RHEL repos.<br>
+(RedHat specific) Set to 'true' to enable the SAP HANA required RHEL repos.<br>
 This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.<br>
 The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_use_hana_repos`.<br>
 
@@ -225,7 +225,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene
 - _Type:_ `list` with elements of type `str`
 - _Default:_ (set by platform/environment specific variables)
 
-Use this parameter to set your own list of SAP HANA required RHEL 7 repos on x86_64'<br>
+(RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 7 repos on x86_64'<br>
 This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.<br>
 The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.<br>
 
@@ -233,7 +233,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene
 - _Type:_ `list` with elements of type `str`
 - _Default:_ (set by platform/environment specific variables)
 
-Use this parameter to set your own list of SAP HANA required RHEL 7 repos on ppc64le'<br>
+(RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 7 repos on ppc64le'<br>
 This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.<br>
 The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.<br>
 
@@ -241,7 +241,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene
 - _Type:_ `list` with elements of type `str`
 - _Default:_ (set by platform/environment specific variables)
 
-Use this parameter to set your own list of SAP HANA required RHEL 8 repos on x86_64'<br>
+(RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 8 repos on x86_64'<br>
 This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.<br>
 The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.<br>
 
@@ -249,7 +249,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene
 - _Type:_ `list` with elements of type `str`
 - _Default:_ (set by platform/environment specific variables)
 
-Use this parameter to set your own list of SAP HANA required RHEL 8 repos on ppc64le'<br>
+(RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 8 repos on ppc64le'<br>
 This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.<br>
 The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.<br>
 
@@ -257,7 +257,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene
 - _Type:_ `list` with elements of type `str`
 - _Default:_ (set by platform/environment specific variables)
 
-Use this parameter to set your own list of SAP HANA required RHEL 9 repos on x86_64'<br>
+(RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 9 repos on x86_64'<br>
 This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.<br>
 The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.<br>
 
@@ -265,7 +265,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene
 - _Type:_ `list` with elements of type `str`
 - _Default:_ (set by platform/environment specific variables)
 
-Use this parameter to set your own list of SAP HANA required RHEL 9 repos on ppc64le'<br>
+(RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 9 repos on ppc64le'<br>
 This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.<br>
 The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.<br>
 
@@ -273,7 +273,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene
 - _Type:_ `bool`
 - _Default:_ `false`
 
-Use this parameter to set the RHEL minor release, which is required for SAP HANA.<br>
+Use this parameter to set the minor release, which is required for SAP HANA.<br>
 The related parameter is `sap_general_preconfigure_set_minor_release`.<br>
 
 ### sap_hana_preconfigure_create_directories
@@ -306,7 +306,8 @@ how the variable `sap_hana_preconfigure_create_directories` (see above) is set.<
 - _Type:_ `list` with elements of type `str`
 - _Default:_ (set by platform/environment specific variables)
 
-List of RHEL packages to be installed for SAP HANA. For RHEL 8 and later, you can choose to install either the default list<br>
+The list of packages to be installed.<br>
+For RHEL 8 and later, you can choose to install either the default list<br>
 or a list of the minimum required packages for SAP HANA server (parameter `__sap_hana_preconfigure_packages_min_install`).<br>
 
 ### sap_hana_preconfigure_min_package_check
@@ -323,7 +324,7 @@ Set this parameter to `false` if you want to ignore these requirements.<br>
 Set this parameter to `true` to update the system to the latest package levels.<br>
 By setting the parameter `sap_general_preconfigure_set_minor_release` of the<br>
 role `sap_general_preconfigure` to `true`, you can install the most recent package updates<br>
-without updating to a more recent RHEL minor release.<br>
+without updating to a more recent minor release.<br>
 
 ### sap_hana_preconfigure_reboot_ok
 - _Type:_ `bool`
@@ -401,7 +402,7 @@ Set this parameter to `false` to use static kernel settings<br>
 - _Type:_ `str`
 - _Default:_ `'sap-hana'`
 
-Name of the SAP HANA tuned tuned profile to enable (RHEL).<br>
+(RedHat specific) Name of the SAP HANA tuned tuned profile to enable.<br>
 
 ### sap_hana_preconfigure_modify_grub_cmdline_linux
 - _Type:_ `bool`
@@ -420,12 +421,12 @@ Set this parameter to `false` if this is not desired.<br>
 - _Type:_ `str`
 - _Default:_ ``
 
-Override the default setting for THP, which is determined automatically by the role, depending on the RHEL version.
+Override the default setting for THP, which is determined automatically by the role, depending on the OS version.
 
 ### sap_hana_preconfigure_db_group_name
 - _Type:_ `str`
 
-Use this parameter to specify the name of the RHEL group which is used for the database processes.<br>
+(RedHat specific) Use this parameter to specify the name of the RHEL group which is used for the database processes.<br>
 It will be used to configure process limits as per step "Configuring Process Resource Limits" of SAP note 2772999.<br>
 
 Example:
diff --git a/roles/sap_hana_preconfigure/defaults/main.yml b/roles/sap_hana_preconfigure/defaults/main.yml
index 393a1b01..61f97cc0 100644
--- a/roles/sap_hana_preconfigure/defaults/main.yml
+++ b/roles/sap_hana_preconfigure/defaults/main.yml
@@ -100,8 +100,10 @@ sap_hana_preconfigure_modify_selinux_labels: true
 # how the variable `sap_hana_preconfigure_create_directories` (see above) is set.
 
 sap_hana_preconfigure_packages: "{{ __sap_hana_preconfigure_packages }}"
-# List of RHEL packages to be installed for SAP HANA. For RHEL 8 and later, you can choose to install either the default list
+# The list of packages to be installed for SAP HANA.
+# For RHEL 8 and later, you can choose to install either the default list
 # or a list of the minimum required packages for SAP HANA server (parameter `__sap_hana_preconfigure_packages_min_install`).
+# The default for this variable is set in the vars file which corresponds to the detected OS version.
 
 sap_hana_preconfigure_min_package_check: true
 # SAP HANA requires certain minimum package versions to be supported. These minimum levels are listed in SAP Note 2235581.
diff --git a/roles/sap_hana_preconfigure/handlers/main.yml b/roles/sap_hana_preconfigure/handlers/main.yml
index 4f3887f6..df7ed65a 100644
--- a/roles/sap_hana_preconfigure/handlers/main.yml
+++ b/roles/sap_hana_preconfigure/handlers/main.yml
@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+# BEGIN - GRUB section
 - name: "Check if server is booted in BIOS or UEFI mode"
   ansible.builtin.stat:
     path: /sys/firmware/efi
@@ -18,7 +19,8 @@
     - sap_hana_preconfigure_run_grub2_mkconfig | d(true)
 
 - name: "Run grub-mkconfig (BIOS mode)"
-  ansible.builtin.command: grub2-mkconfig -o /boot/grub2/grub.cfg
+  ansible.builtin.command:
+    cmd: grub2-mkconfig -o /boot/grub2/grub.cfg
   register: __sap_hana_preconfigure_register_grub2_mkconfig_bios_mode
   changed_when: true
   listen: __sap_hana_preconfigure_regenerate_grub2_conf_handler
@@ -51,7 +53,8 @@
     - ansible_distribution == 'SLES' or ansible_distribution == 'SLES_SAP'
 
 - name: "Run grub-mkconfig (UEFI mode)"
-  ansible.builtin.command: "grub2-mkconfig -o {{ __sap_hana_preconfigure_uefi_boot_dir }}"
+  ansible.builtin.command:
+    cmd: "grub2-mkconfig -o {{ __sap_hana_preconfigure_uefi_boot_dir }}"
   register: __sap_hana_preconfigure_register_grub2_mkconfig_uefi_mode
   changed_when: true
   listen: __sap_hana_preconfigure_regenerate_grub2_conf_handler
@@ -70,17 +73,22 @@
     - sap_hana_preconfigure_run_grub2_mkconfig | d(true)
 
 - name: "Run grubby for enabling TSX"
-  ansible.builtin.command: grubby --args="tsx=on" --update-kernel=ALL
+  ansible.builtin.command:
+    cmd: grubby --args="tsx=on" --update-kernel=ALL
   changed_when: true
   listen: __sap_hana_preconfigure_grubby_update_handler
   notify: __sap_hana_preconfigure_reboot_handler
 
 - name: "Run grubby for setting THP to '{{ __sap_hana_preconfigure_fact_thp }}'"
-  ansible.builtin.command: grubby --args="transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}" --update-kernel=ALL
+  ansible.builtin.command:
+    cmd: grubby --args="transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}" --update-kernel=ALL
   changed_when: true
   listen: __sap_hana_preconfigure_grubby_thp_handler
   notify: __sap_hana_preconfigure_reboot_handler
 
+# END - GRUB section
+
+
 - name: Reboot the managed node
   ansible.builtin.reboot:
     test_command: /bin/true
@@ -88,18 +96,20 @@
   when:
     - sap_hana_preconfigure_reboot_ok | d(false)
 
+
 # Kernel update triggers zypper purge-kernels and lock after reboot.
 - name: Wait for Zypper lock to be released
   ansible.builtin.command:
     cmd: zypper info zypper
-  retries: 60
-  timeout: 5
+  retries: 20
+  timeout: 30
   listen: __sap_hana_preconfigure_reboot_handler
   when:
     - ansible_os_family == 'Suse'
     - sap_hana_preconfigure_reboot_ok | d(false)
   changed_when: false
 
+
 - name: Let the role fail if a reboot is required
   ansible.builtin.fail:
     msg: Reboot is required!
@@ -115,3 +125,9 @@
   when:
     - not sap_hana_preconfigure_fail_if_reboot_required | d(true)
     - not sap_hana_preconfigure_reboot_ok | d(false)
+
+- name: Unmask packagekit.service
+  ansible.builtin.systemd_service:
+    name: packagekit.service
+    masked: false
+  listen: __sap_hana_preconfigure_packagekit_handler
diff --git a/roles/sap_hana_preconfigure/meta/argument_specs.yml b/roles/sap_hana_preconfigure/meta/argument_specs.yml
index 098aa7db..32902df6 100644
--- a/roles/sap_hana_preconfigure/meta/argument_specs.yml
+++ b/roles/sap_hana_preconfigure/meta/argument_specs.yml
@@ -86,7 +86,7 @@ argument_specs:
       sap_hana_preconfigure_min_rhel_release_check:
         default: false
         description:
-          - Check the RHEL release against parameter `sap_hana_preconfigure_supported_rhel_minor_releases`, which is a list of
+          - (RedHat specific) Check the RHEL release against parameter `sap_hana_preconfigure_supported_rhel_minor_releases`, which is a list of
           - known SAP HANA supported RHEL minor releases. By default, the role will display a message and continue running if
           - the RHEL release is not part of that list. If set to `true`, the role will fail in such a case.
         required: false
@@ -95,7 +95,7 @@ argument_specs:
       sap_hana_preconfigure_supported_rhel_minor_releases:
         default: "{{ __sap_hana_preconfigure_supported_rhel_minor_releases }}"
         description:
-          - Use this parameter to set your own list of SAP HANA supported RHEL minor releases.
+          - (RedHat specific) Use this parameter to set your own list of SAP HANA supported RHEL minor releases.
         required: false
         type: list
         elements: str
@@ -103,7 +103,7 @@ argument_specs:
       sap_hana_preconfigure_enable_sap_hana_repos:
         default: false
         description:
-          - Set to 'true' to enable the SAP HANA required RHEL repos.
+          - (RedHat specific) Set to 'true' to enable the SAP HANA required RHEL repos.
           - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
           - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_use_hana_repos`.
         required: false
@@ -112,7 +112,7 @@ argument_specs:
       sap_hana_preconfigure_req_repos_redhat_7_x86_64:
         default: "{{ __sap_hana_preconfigure_req_repos_redhat_7_x86_64 }}"
         description:
-          - Use this parameter to set your own list of SAP HANA required RHEL 7 repos on x86_64'
+          - (RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 7 repos on x86_64'
           - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
           - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.
         required: false
@@ -122,7 +122,7 @@ argument_specs:
       sap_hana_preconfigure_req_repos_redhat_7_ppc64le:
         default: "{{ __sap_hana_preconfigure_req_repos_redhat_7_ppc64le }}"
         description:
-          - Use this parameter to set your own list of SAP HANA required RHEL 7 repos on ppc64le'
+          - (RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 7 repos on ppc64le'
           - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
           - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.
         required: false
@@ -132,7 +132,7 @@ argument_specs:
       sap_hana_preconfigure_req_repos_redhat_8_x86_64:
         default: "{{ __sap_hana_preconfigure_req_repos_redhat_8_x86_64 }}"
         description:
-          - Use this parameter to set your own list of SAP HANA required RHEL 8 repos on x86_64'
+          - (RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 8 repos on x86_64'
           - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
           - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.
         required: false
@@ -142,7 +142,7 @@ argument_specs:
       sap_hana_preconfigure_req_repos_redhat_8_ppc64le:
         default: "{{ __sap_hana_preconfigure_req_repos_redhat_8_ppc64le }}"
         description:
-          - Use this parameter to set your own list of SAP HANA required RHEL 8 repos on ppc64le'
+          - (RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 8 repos on ppc64le'
           - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
           - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.
         required: false
@@ -152,7 +152,7 @@ argument_specs:
       sap_hana_preconfigure_req_repos_redhat_9_x86_64:
         default: "{{ __sap_hana_preconfigure_req_repos_redhat_9_x86_64 }}"
         description:
-          - Use this parameter to set your own list of SAP HANA required RHEL 9 repos on x86_64'
+          - (RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 9 repos on x86_64'
           - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
           - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.
         required: false
@@ -162,7 +162,7 @@ argument_specs:
       sap_hana_preconfigure_req_repos_redhat_9_ppc64le:
         default: "{{ __sap_hana_preconfigure_req_repos_redhat_9_ppc64le }}"
         description:
-          - Use this parameter to set your own list of SAP HANA required RHEL 9 repos on ppc64le'
+          - (RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 9 repos on ppc64le'
           - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
           - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.
         required: false
@@ -172,7 +172,7 @@ argument_specs:
       sap_hana_preconfigure_set_minor_release:
         default: false
         description:
-          - Use this parameter to set the RHEL minor release, which is required for SAP HANA.
+          - Use this parameter to set the minor release, which is required for SAP HANA.
           - The related parameter is `sap_general_preconfigure_set_minor_release`.
         required: false
         type: bool
@@ -210,8 +210,9 @@ argument_specs:
       sap_hana_preconfigure_packages:
         default: "{{ __sap_hana_preconfigure_packages }}"
         description:
-          - List of RHEL packages to be installed for SAP HANA. For RHEL 8 and later, you can choose to install either the default list
+          - The list of packages to be installed for SAP HANA. For RHEL 8 and later, you can choose to install either the default list
           - or a list of the minimum required packages for SAP HANA server (parameter `__sap_hana_preconfigure_packages_min_install`).
+          - The default for this variable is set in the vars file which corresponds to the detected OS version.
         required: false
         type: list
         elements: str
@@ -230,7 +231,7 @@ argument_specs:
           - Set this parameter to `true` to update the system to the latest package levels.
           - By setting the parameter `sap_general_preconfigure_set_minor_release` of the
           - role `sap_general_preconfigure` to `true`, you can install the most recent package updates
-          - without updating to a more recent RHEL minor release.
+          - without updating to a more recent minor release.
         required: false
         type: bool
 
@@ -322,7 +323,7 @@ argument_specs:
       sap_hana_preconfigure_tuned_profile:
         default: 'sap-hana'
         description:
-          - Name of the SAP HANA tuned tuned profile to enable (RHEL).
+          - (RedHat specific) Name of the SAP HANA tuned tuned profile to enable.
         required: false
         type: str
 
@@ -344,7 +345,7 @@ argument_specs:
       sap_hana_preconfigure_thp:
         default: ''
         description:
-          - Override the default setting for THP, which is determined automatically by the role, depending on the RHEL version.
+          - Override the default setting for THP, which is determined automatically by the role, depending on the OS version.
         choices:
           - ''
           - 'always'
@@ -355,7 +356,7 @@ argument_specs:
 
       sap_hana_preconfigure_db_group_name:
         description:
-          - Use this parameter to specify the name of the RHEL group which is used for the database processes.
+          - (RedHat specific) Use this parameter to specify the name of the group which is used for the database processes.
           - It will be used to configure process limits as per step "Configuring Process Resource Limits" of SAP note 2772999.
         example:
           sap_hana_preconfigure_db_group_name: 'dba'
@@ -385,7 +386,7 @@ argument_specs:
       sap_hana_preconfigure_saptune_azure:
         default: false
         description:
-          - On Azure, TCP timestamps, reuse and recycle should be disabled (SLES for SAP Applications).
+          - (SUSE specific) On Azure, TCP timestamps, reuse and recycle should be disabled (SLES for SAP Applications).
           - Set this parameter to `true` on Azure.
         required: false
         type: bool
diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/assert-configuration.yml b/roles/sap_hana_preconfigure/tasks/RedHat/assert-configuration.yml
index d0cba475..80275e3e 100644
--- a/roles/sap_hana_preconfigure/tasks/RedHat/assert-configuration.yml
+++ b/roles/sap_hana_preconfigure/tasks/RedHat/assert-configuration.yml
@@ -1,6 +1,9 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+- name: Gather package facts again after the installation phase
+  ansible.builtin.package_facts:
+
 - name: Assert - List required SAP Notes
   ansible.builtin.debug:
     var: __sap_hana_preconfigure_sapnotes_versions | difference([''])
diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/assert-installation.yml b/roles/sap_hana_preconfigure/tasks/RedHat/assert-installation.yml
index 2b05f9c4..5f40fb1d 100644
--- a/roles/sap_hana_preconfigure/tasks/RedHat/assert-installation.yml
+++ b/roles/sap_hana_preconfigure/tasks/RedHat/assert-installation.yml
@@ -1,6 +1,9 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+- name: Gather package facts
+  ansible.builtin.package_facts:
+
 - name: Assert that the system is running a RHEL release which is supported for SAP HANA
   ansible.builtin.assert:
     that: ansible_distribution_version in sap_hana_preconfigure_supported_rhel_minor_releases
diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/configuration.yml b/roles/sap_hana_preconfigure/tasks/RedHat/configuration.yml
index 5d334ef0..93083bf0 100644
--- a/roles/sap_hana_preconfigure/tasks/RedHat/configuration.yml
+++ b/roles/sap_hana_preconfigure/tasks/RedHat/configuration.yml
@@ -1,6 +1,9 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+- name: Gather package facts again after the installation phase
+  ansible.builtin.package_facts:
+
 - name: Configure - List required SAP Notes
   ansible.builtin.debug:
     var: __sap_hana_preconfigure_sapnotes_versions | difference([''])
diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/generic/assert-thp.yml b/roles/sap_hana_preconfigure/tasks/RedHat/generic/assert-thp.yml
index b13bf996..feab4ab4 100644
--- a/roles/sap_hana_preconfigure/tasks/RedHat/generic/assert-thp.yml
+++ b/roles/sap_hana_preconfigure/tasks/RedHat/generic/assert-thp.yml
@@ -40,8 +40,9 @@
       when:
         - sap_hana_preconfigure_thp is undefined or sap_hana_preconfigure_thp | length == 0
         - ansible_distribution == 'RedHat'
-        - ansible_distribution_major_version == '9' and
-            __sap_hana_preconfigure_fact_ansible_distribution_minor_version | int >= 2
+        - (ansible_distribution_major_version == '9' and
+            __sap_hana_preconfigure_fact_ansible_distribution_minor_version | int >= 2) or
+          ansible_distribution_major_version == '10'
 
     - name: Set fact for THP if 'sap_hana_preconfigure_thp' is defined
       ansible.builtin.set_fact:
diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-thp.yml b/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-thp.yml
index 1c60776b..6f6d24d1 100644
--- a/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-thp.yml
+++ b/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-thp.yml
@@ -23,8 +23,9 @@
   when:
     - sap_hana_preconfigure_thp is undefined or sap_hana_preconfigure_thp | length == 0
     - ansible_distribution == 'RedHat'
-    - ansible_distribution_major_version == '9' and
-        __sap_hana_preconfigure_fact_ansible_distribution_minor_version | int >= 2
+    - (ansible_distribution_major_version == '9' and
+        __sap_hana_preconfigure_fact_ansible_distribution_minor_version | int >= 2) or
+      ansible_distribution_major_version == '10'
 
 - name: Set fact for THP if 'sap_hana_preconfigure_thp' is defined
   ansible.builtin.set_fact:
@@ -47,7 +48,9 @@
 - name: Set THP to '{{ __sap_hana_preconfigure_fact_thp }}' on the running system
   ansible.builtin.shell: echo '{{ __sap_hana_preconfigure_fact_thp }}' > /sys/kernel/mm/transparent_hugepage/enabled
   changed_when: true
-  when: __sap_hana_preconfigure_register_thp_status_before.stdout.split('[')[1].split(']')[0] != __sap_hana_preconfigure_fact_thp
+  when:
+    - not ansible_check_mode
+    - __sap_hana_preconfigure_register_thp_status_before.stdout.split('[')[1].split(']')[0] != __sap_hana_preconfigure_fact_thp
 
 - name: Configure - Get the status of THP
   ansible.builtin.command: cat /sys/kernel/mm/transparent_hugepage/enabled
diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml b/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml
index 1ffcd4be..cf37af46 100644
--- a/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml
+++ b/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml
@@ -1,6 +1,9 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+- name: Gather package facts
+  ansible.builtin.package_facts:
+
 - name: Get the current RHEL release
   ansible.builtin.setup:
     gather_subset: distribution_version
diff --git a/roles/sap_hana_preconfigure/tasks/SLES/assert-configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/assert-configuration.yml
index b2e96401..f8f72c34 100644
--- a/roles/sap_hana_preconfigure/tasks/SLES/assert-configuration.yml
+++ b/roles/sap_hana_preconfigure/tasks/SLES/assert-configuration.yml
@@ -1,41 +1,47 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
-- name: Populate service facts
-  ansible.builtin.service_facts:
 
-- name: Assert that saptune is running and enabled
-  ansible.builtin.assert:
-    that:
-      - "ansible_facts.services['saptune.service'].state == 'running'"
-      - "ansible_facts.services['saptune.service'].status == 'enabled'"
-    fail_msg: "FAIL: the service 'saptune' is not configured as expected"
-    success_msg: "PASS: the service 'saptune' is configured as expected"
+- name: Assert that saptune solution is correct
+  when: __sap_hana_preconfigure_use_saptune
+  block:
+    - name: Discover active solution
+      ansible.builtin.command:
+        cmd: saptune solution enabled
+      register: __sap_hana_preconfigure_register_saptune_status
+      changed_when: false
+      ignore_errors: true
 
-- name: Run saptune_check
-  ansible.builtin.command: saptune_check
-  register: __sap_hana_preconfigure_register_saptune_check
-  changed_when: false
-  failed_when: false
+    - name: Set fact for active solution
+      ansible.builtin.set_fact:
+        # Capture the first block on none whitespace
+        __sap_hana_preconfigure_register_solution_configured:
+          "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}"
 
-- name: Assert that saptune_check executed correctly
-  ansible.builtin.assert:
-    that: __sap_hana_preconfigure_register_saptune_check.rc == 0
-    fail_msg: "FAIL: the command saptune_check fails"
-    success_msg: "PASS: the command saptune_check executes as expected"
+    - name: Assert that active solution is the expected solution
+      ansible.builtin.assert:
+        that: __sap_hana_preconfigure_register_solution_configured == sap_hana_preconfigure_saptune_solution
+        fail_msg: "FAIL: the configured saptune solution is '{{ __sap_hana_preconfigure_register_solution_configured
+          }}'' and does not match the expected solution '{{ sap_hana_preconfigure_saptune_solution }}'"
+        success_msg: "PASS: the configured saptune solution matches the expected solution '{{ sap_hana_preconfigure_saptune_solution }}'"
+      ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}"
 
-- name: Discover active solution
-  ansible.builtin.command: saptune solution enabled
-  register: __sap_hana_preconfigure_register_saptune_status
-  changed_when: false
+    - name: Verify saptune solution
+      ansible.builtin.command:
+        cmd: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}"
+      register: __sap_hana_preconfigure_register_saptune_verify
+      changed_when: false
+      failed_when: false
+      when:
+        - __sap_hana_preconfigure_register_solution_configured == sap_hana_preconfigure_saptune_solution
 
-- name: Set solution fact
-  ansible.builtin.set_fact:
-    __sap_hana_preconfigure_saptune_configured_solution:
-      "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}"
 
-- name: Assert that active solution is the expected solution
-  ansible.builtin.assert:
-    that: __sap_hana_preconfigure_saptune_configured_solution == sap_hana_preconfigure_saptune_solution
-    fail_msg: "FAIL: the configured saptune solution is '{{ __sap_hana_preconfigure_saptune_configured_solution
-      }}'' and does not match the expected solution '{{ sap_hana_preconfigure_saptune_solution }}'"
-    success_msg: "PASS: the configured saptune solution matches the expected solution '{{ sap_hana_preconfigure_saptune_solution }}'"
+    - name: Assert that saptune solution is verified by saptune
+      ansible.builtin.assert:
+        that: "{{ __sap_hana_preconfigure_register_saptune_verify.rc == 0 }}"
+        success_msg: "PASS: saptune solution {{ sap_hana_preconfigure_saptune_solution }} is verified by saptune."
+        fail_msg: |
+          "FAIL: active saptune solution is not verified by saptune! See details below:"
+          {{ __sap_hana_preconfigure_register_saptune_verify.stdout_lines }}
+          {{ __sap_hana_preconfigure_register_saptune_verify.stderr_lines }}
+      when:
+        - __sap_hana_preconfigure_register_solution_configured == sap_hana_preconfigure_saptune_solution
diff --git a/roles/sap_hana_preconfigure/tasks/SLES/assert-installation.yml b/roles/sap_hana_preconfigure/tasks/SLES/assert-installation.yml
index c04f406a..b1a643d7 100644
--- a/roles/sap_hana_preconfigure/tasks/SLES/assert-installation.yml
+++ b/roles/sap_hana_preconfigure/tasks/SLES/assert-installation.yml
@@ -1,25 +1,108 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
-# Capture all patterns along with their install status
-- name: Get zypper pattern information
-  ansible.builtin.command: zypper patterns
-  register: __sap_hana_preconfigure_zypper_patterns
+
+# Check rpm --whatprovides only if package cannot be found directly.
+- name: Query RPM packages
+  ansible.builtin.shell:
+    cmd: |
+      if rpm -q {{ item }} &> /dev/null;
+      then rpm -q {{ item }}
+      else rpm -q --whatprovides {{ item }};
+      fi
+  register: __sap_hana_preconfigure_register_packages
   changed_when: false
+  ignore_errors: true
+  loop: "{{ sap_hana_preconfigure_packages }}"
+
 
-# Count the number of times the sap-hana pattern appears to be installed in the output.
-# It is OK for it to appear more than once
-- name: Assert the sap-hana pattern is installed
+- name: Assert that all required packages are installed
   ansible.builtin.assert:
-    that: __sap_hana_preconfigure_zypper_patterns.stdout_lines | select('match', 'i.*sap-hana.*') | length != 0
-    fail_msg: "FAIL: the sap-hana pattern is not installed"
-    success_msg: "PASS: the sap-hana pattern is installed"
+    that: __sap_hana_preconfigure_register_packages.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0
+    fail_msg: "FAIL: Package '{{ item }}' is not installed!"
+    success_msg: "PASS: Package '{{ item }}' is installed."
+  loop: "{{ sap_hana_preconfigure_packages }}"
+  ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}"
+
 
-- name: Assert saptune is at requested version
+- name: Gather service facts
+  ansible.builtin.service_facts:
+
+# Service packagekit is part of PackageKit-backend-zypp (SLE-Module-Desktop-Applications)
+# This service creates zypper locks and causes package install failures.
+- name: Wait for stop of packagekit.service
+  ansible.builtin.shell: |
+    set -o pipefail && bash -c '
+    while (ps aux | grep "[z]ypper" | grep -v grep) || (ps aux | grep "/usr/lib/packagekitd" | grep -v grep) ||
+     ([ -f /var/run/zypp.pid ] && [ -s /var/run/zypp.pid ]); do
+      sleep 10;
+    done'
+  register: __packagekit_service_check
+  changed_when: false
+  until: __packagekit_service_check.rc == 0
+  retries: 60
+  when: "'packagekit.service' in ansible_facts.services"
+
+- name: Get info about possible package updates # noqa command-instead-of-module
+  ansible.builtin.command:
+    cmd: zypper -q patch-check
+  timeout: 60
+  register: __sap_hana_preconfigure_register_zypper_check_update_assert
+  changed_when: false
+  ignore_errors: true  # true, because unpatched system is always error.
+  when: sap_hana_preconfigure_update
+
+- name: Assert that there are no more possible package updates
   ansible.builtin.assert:
-    that: ansible_facts.packages['saptune'][0]['version'] == sap_hana_preconfigure_saptune_version
-    fail_msg: "FAIL: saptune version installed is {{ ansible_facts.packages['saptune'][0]['version']
-      }} but the version {{ sap_hana_preconfigure_saptune_version }} was expected"
-    success_msg: "PASS: the installed version of saptune meets the expected version: {{ sap_hana_preconfigure_saptune_version }}"
+    that: __sap_hana_preconfigure_register_zypper_check_update_assert.rc == 0
+    fail_msg: "FAIL: System needs to be updated!"
+    success_msg: "PASS: There are no more outstanding package updates."
+  ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}"
+  when: sap_hana_preconfigure_update
+
+- name: Report if checking for possible package updates is not requested
+  ansible.builtin.debug:
+    msg: "INFO: Not checking for possible package updates (variable sap_hana_preconfigure_update)."
+  ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}"
+  when: not sap_hana_preconfigure_update
+
+
+# Reason for noqa: The command to be executed might contain pipes
+- name: Determine if the system needs to be restarted # noqa command-instead-of-shell
+  ansible.builtin.shell:
+    cmd: "zypper ps"
+  retries: 60
+  timeout: 5
+  register: __sap_hana_preconfigure_register_needs_restarting_assert
+  changed_when: false
+  check_mode: false
+  ignore_errors: true  # true, because output is too large.
+
+- name: Assert that system needs no restart
+  ansible.builtin.assert:
+    that: __sap_hana_preconfigure_register_needs_restarting_assert is success
+    fail_msg: "FAIL: System needs to be restarted!"
+    success_msg: "PASS: System needs no restart."
+  ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}"
+
+
+- name: Block to assert that correct saptune version is installed
   when:
+    - __sap_hana_preconfigure_use_saptune
     - sap_hana_preconfigure_saptune_version is defined
     - sap_hana_preconfigure_saptune_version | length > 0
+  block:
+    # We are checking for %{VERSION} (e.g. 3.1.4), not full %{VERSION}-%{RELEASE}.%{ARCH}
+    - name: Check saptune version  # noqa: command-instead-of-module
+      ansible.builtin.command:
+        cmd: rpm -q --queryformat '%{VERSION}\n' saptune
+      register: __sap_hana_preconfigure_register_saptune_version
+      changed_when: false
+      ignore_errors: true
+
+    - name: Assert saptune is at requested version
+      ansible.builtin.assert:
+        that: __sap_hana_preconfigure_register_saptune_version.stdout == sap_hana_preconfigure_saptune_version
+        fail_msg: "FAIL: saptune version installed is {{ __sap_hana_preconfigure_register_saptune_version.stdout
+          }} but the version {{ sap_hana_preconfigure_saptune_version }} was expected"
+        success_msg: "PASS: the installed version of saptune meets the expected version: {{ sap_hana_preconfigure_saptune_version }}"
+      when: __sap_hana_preconfigure_register_saptune_version.rc = 0
diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml
index c58c7159..d2f6da83 100644
--- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml
+++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml
@@ -1,93 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
-- name: Takeover saptune and enable
-  when: __sap_hana_preconfigure_run_saptune
-  block:
-    - name: Ensure sapconf is stopped and disabled
-      ansible.builtin.systemd:
-        name: sapconf
-        state: stopped
-        enabled: false
-      when: "'sapconf' in ansible_facts.packages"
-
-    - name: Make sure that sapconf and tuned are stopped and disabled
-      ansible.builtin.command: "saptune service takeover"
-      register: __sap_saptune_takeover
-      changed_when: __sap_saptune_takeover.rc == 0
-
-    - name: Ensure saptune is running and enabled
-      ansible.builtin.systemd:
-        name: saptune
-        state: started
-        enabled: true
-
-    - name: Ensure saptune_check executes correctly
-      ansible.builtin.command: saptune_check
-      changed_when: false
-
-    - name: Discover active solution
-      ansible.builtin.command: saptune solution enabled
-      register: __sap_hana_preconfigure_register_saptune_status
-      changed_when: false
-
-    - name: Set fact for active solution
-      ansible.builtin.set_fact:
-        # Capture the first block on none whitespace
-        __sap_hana_preconfigure_fact_solution_configured:
-          "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}"
-
-    - name: Show configured solution
-      ansible.builtin.debug:
-        var: __sap_hana_preconfigure_fact_solution_configured
-
-- name: Set GRUB entries
-  when: __sap_hana_preconfigure_run_saptune
-  block:
-    # Reason for noqa:
-    # no-changed-when: the regex do a check on the element before apply the
-    #   changed item, this prevent a replace to an element that is already in
-    #   the configuration
-    - name: Set GRUB entries # noqa no-changed-when
-      ansible.builtin.lineinfile:
-        path: /etc/default/grub
-        regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ item }}).*). *$'
-        line: "\\1 {{ item }}\""
-        backrefs: true
-      register: set_grub_entries
-      with_items:
-        - "splash=silent"
-        - "mitigations=auto"
-        - "quiet"
-        - "numa_balancing=disable"
-        - "transparent_hugepage=never"
-        - "intel_idle.max_cstate=1"
-        - "processor.max_cstate=1"
-        - "audit=1"
-
-    # Reason for noqa:
-    # no-changed-when: there is already a check on the `when` argument that
-    # loop over all the results of the previous task and if some of the results
-    # changed the grub configuration file the `GRUB_post-update_configuration`
-    # handler will be notify, in the other hands if none of the item changed
-    # the configuration file no handler will be notify
-    - name: Trigger grub update if necessary # noqa no-changed-when
-      ansible.builtin.command: /bin/true
-      notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler
-      when: set_grub_entries.results | selectattr('changed', 'equalto', true) | list | length > 0
-
-- name: Enable sapconf
-  when: not __sap_hana_preconfigure_run_saptune
-  block:
-    - name: Enable sapconf service
-      ansible.builtin.systemd:
-        name: sapconf
-        state: started
-        enabled: true
-
-    - name: Restart sapconf service
-      ansible.builtin.systemd:
-        name: sapconf
-        state: restarted
 
 # If this is a cluster node on Azure, we need to override to disable tcp timestamps, reuse and recycle.
 # This can be done by copying the sapnote file 2382421 from /usr/share/saptune/notes to /etc/saptune/override
@@ -109,29 +21,61 @@
       net.ipv4.tcp_tw_reuse = 0
   when:
     - sap_hana_preconfigure_saptune_azure
+    - __sap_hana_preconfigure_use_saptune
+
 
 - name: Apply saptune solution
-  when: __sap_hana_preconfigure_run_saptune
+  when: __sap_hana_preconfigure_use_saptune
   block:
-    - name: Check if saptune solution needs to be applied
-      ansible.builtin.command: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}"
-      register: __sap_hana_preconfigure_register_saptune_verify
-      changed_when: false # We're only checking, not changing!
-      failed_when: false # We expect this to fail if it has not previously been applied
+    - name: Discover active solution
+      ansible.builtin.command:
+        cmd: saptune solution enabled
+      register: __sap_hana_preconfigure_register_saptune_status
+      changed_when: false
+
+    - name: Set fact for active solution
+      ansible.builtin.set_fact:
+        # Capture the first block on none whitespace
+        __sap_hana_preconfigure_register_solution_configured:
+          "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}"
+
 
-    - name: Ensure no solution is currently applied
-      ansible.builtin.command: "saptune solution revert {{ __sap_hana_preconfigure_fact_solution_configured }}"
+    - name: Revert solution when different to sap_hana_preconfigure_saptune_solution
+      ansible.builtin.command:
+        cmd: "saptune solution revert {{ __sap_hana_preconfigure_register_solution_configured }}"
       changed_when: true
       when:
-        - __sap_hana_preconfigure_fact_solution_configured != 'NONE'
-        - __sap_hana_preconfigure_register_saptune_verify.rc != 0
+        - __sap_hana_preconfigure_register_solution_configured != 'NONE'
+        - __sap_hana_preconfigure_register_solution_configured != sap_hana_preconfigure_saptune_solution
+
+
+    - name: Verify saptune solution
+      ansible.builtin.command:
+        cmd: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}"
+      register: __sap_hana_preconfigure_register_saptune_verify
+      changed_when: false
+      failed_when: false
+      when:
+        - __sap_hana_preconfigure_register_solution_configured == sap_hana_preconfigure_saptune_solution
+
 
     - name: Ensure saptune solution is applied
-      ansible.builtin.command: "saptune solution apply {{ sap_hana_preconfigure_saptune_solution }}"
+      ansible.builtin.command:
+        cmd: "saptune solution apply {{ sap_hana_preconfigure_saptune_solution }}"
       changed_when: true
       when:
-        - __sap_hana_preconfigure_register_saptune_verify.rc != 0
+        - __sap_hana_preconfigure_register_solution_configured != sap_hana_preconfigure_saptune_solution
+          or __sap_hana_preconfigure_register_saptune_verify.rc != 0
+
 
     - name: Ensure solution was successful
-      ansible.builtin.command: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}"
-      changed_when: false # We're only checking, not changing!
+      ansible.builtin.command:
+        cmd: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}"
+      changed_when: false
+
+
+- name: Configure - Include configuration actions for required sapnotes
+  ansible.builtin.include_tasks: "sapnote/{{ sap_note_line_item.number }}.yml"
+  loop: "{{ __sap_hana_preconfigure_sapnotes_versions | difference(['']) }}"
+  loop_control:
+    loop_var: sap_note_line_item
diff --git a/roles/sap_hana_preconfigure/tasks/SLES/generic/grub_update.yml b/roles/sap_hana_preconfigure/tasks/SLES/generic/grub_update.yml
new file mode 100644
index 00000000..db9f67fa
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/SLES/generic/grub_update.yml
@@ -0,0 +1,39 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# Generic task for updating GRUB configuration using provided list
+
+- name: Update existing GRUB entries
+  ansible.builtin.lineinfile:
+    path: /etc/default/grub
+    regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=".*?)(\b{{ item.split("=")[0] }}=[^ ]*\b)(.*")'
+    line: '\1{{ item }}\3'
+    backrefs: true
+  register: __sap_hana_preconfigure_grub_update
+  loop: "{{ __sap_hana_preconfigure_grub_cmdline }}"
+
+
+- name: Get current of GRUB
+  ansible.builtin.slurp:
+    path: /etc/default/grub
+  register: __sap_hana_preconfigure_grub_contents
+
+
+- name: Add missing GRUB entries
+  ansible.builtin.lineinfile:
+    path: /etc/default/grub
+    regexp: '^GRUB_CMDLINE_LINUX_DEFAULT="(.*?)"'
+    line: 'GRUB_CMDLINE_LINUX_DEFAULT="\1 {{ item }}"'
+    backrefs: true
+  register: __sap_hana_preconfigure_grub_add
+  loop: "{{ __sap_hana_preconfigure_grub_cmdline }}"
+  when: item not in (__sap_hana_preconfigure_grub_contents.content | b64decode)
+
+
+- name: Trigger grub update if necessary # noqa no-changed-when
+  ansible.builtin.command:
+    cmd: /bin/true
+  notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - (__sap_hana_preconfigure_grub_update.results | selectattr('changed', 'equalto', true) | list | length > 0)
+      or (__sap_hana_preconfigure_grub_add.results | selectattr('changed', 'equalto', true) | list | length > 0)
diff --git a/roles/sap_hana_preconfigure/tasks/SLES/generic/saptune_install.yml b/roles/sap_hana_preconfigure/tasks/SLES/generic/saptune_install.yml
new file mode 100644
index 00000000..de0fcbca
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/SLES/generic/saptune_install.yml
@@ -0,0 +1,47 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# 1275776 - Linux: Preparing SLES for SAP environments
+
+- name: Get contents of /etc/products.d/baseproduct
+  ansible.builtin.stat:
+    path: /etc/products.d/baseproduct
+  register: __sap_hana_preconfigure_register_baseproduct
+
+
+- name: Set fact if baseproduct contains SLES without SLES_SAP
+  ansible.builtin.set_fact:
+    __sap_hana_preconfigure_use_saptune: false
+  when:
+    - '"SLES_SAP" not in __sap_hana_preconfigure_register_baseproduct.stat.lnk_target'
+    - '"SLES" in __sap_hana_preconfigure_register_baseproduct.stat.lnk_target
+      and ansible_distribution_major_version | int < 16'
+
+
+- name: Block to ensure saptune is installed
+  when: __sap_hana_preconfigure_use_saptune | d(true)
+  block:
+    # Reason for noqa: Zypper supports "state: latest"
+    - name: Ensure latest saptune is installed  # noqa package-latest
+      ansible.builtin.package:
+        name: saptune
+        state: present
+      when:
+        - sap_hana_preconfigure_saptune_version is undefined
+         or sap_hana_preconfigure_saptune_version | length == 0
+
+    - name: Ensure specific saptune version is installed
+      ansible.builtin.package:
+        name: "saptune={{ sap_hana_preconfigure_saptune_version }}"
+        state: present
+      when:
+        - sap_hana_preconfigure_saptune_version is defined
+        - sap_hana_preconfigure_saptune_version | length > 0
+
+
+- name: Block to ensure sapconf is installed
+  when: not __sap_hana_preconfigure_use_saptune | d(true)
+  block:
+    - name: Ensure sapconf is installed
+      ansible.builtin.package:
+        name: "sapconf"
+        state: present
diff --git a/roles/sap_hana_preconfigure/tasks/SLES/generic/saptune_takeover.yml b/roles/sap_hana_preconfigure/tasks/SLES/generic/saptune_takeover.yml
new file mode 100644
index 00000000..53a38b69
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/SLES/generic/saptune_takeover.yml
@@ -0,0 +1,100 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# 1275776 - Linux: Preparing SLES for SAP environments
+
+- name: Execute saptune_check - before takeover
+  ansible.builtin.command:
+    cmd: saptune_check
+  register: __sap_hana_preconfigure_register_saptune_check_before
+  when: __sap_hana_preconfigure_use_saptune
+  changed_when: false
+  failed_when: false
+
+- name: Takeover and enable saptune
+  when:
+    - __sap_hana_preconfigure_use_saptune
+    - __sap_hana_preconfigure_register_saptune_check_before.rc != 0
+  block:
+    - name: Check saptune version  # noqa: command-instead-of-module
+      ansible.builtin.command:
+        cmd: rpm -q sapconf
+      register: __sap_hana_preconfigure_register_sapconf
+      changed_when: false
+      ignore_errors: true
+
+    - name: Ensure sapconf is stopped and disabled
+      ansible.builtin.systemd:
+        name: sapconf
+        state: stopped
+        enabled: false
+      when: __sap_hana_preconfigure_register_sapconf
+
+    - name: Make sure that sapconf and tuned are stopped and disabled
+      ansible.builtin.command:
+        cmd: "saptune service takeover"
+      register: __sap_hana_preconfigure_register_saptune_takeover
+      changed_when: __sap_hana_preconfigure_register_saptune_takeover.rc == 0
+
+    # saptune_check can fail if sapconf is in failed state
+    - name: Check if sapconf.service is failed  # noqa command-instead-of-module
+      ansible.builtin.command:
+        cmd: systemctl is-failed sapconf.service
+      register: __sap_hana_preconfigure_register_sapconf_failed
+      changed_when: false
+      ignore_errors: true
+
+    - name: Execute systemctl reset-failed sapconf.service  # noqa command-instead-of-module
+      ansible.builtin.command:
+        cmd: systemctl reset-failed sapconf.service
+      when: __sap_hana_preconfigure_register_sapconf_failed.rc == 0
+      changed_when: true
+
+    - name: Ensure saptune is running and enabled
+      ansible.builtin.systemd:
+        name: saptune
+        state: started
+        enabled: true
+
+    - name: Ensure saptune_check executes correctly
+      ansible.builtin.command:
+        cmd: saptune_check
+      register: __sap_hana_preconfigure_register_saptune_check_after
+      changed_when: false
+
+
+- name: Check active saptune solution
+  when:
+    - __sap_hana_preconfigure_use_saptune
+    - __sap_hana_preconfigure_register_saptune_check_before.rc == 0
+      or (__sap_hana_preconfigure_register_saptune_check_after.rc == 0)
+  block:
+    - name: Discover active solution
+      ansible.builtin.command:
+        cmd: saptune solution enabled
+      register: __sap_hana_preconfigure_register_saptune_status
+      changed_when: false
+
+    - name: Set fact for active solution
+      ansible.builtin.set_fact:
+        # Capture the first block on none whitespace
+        __sap_hana_preconfigure_register_solution_configured:
+          "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}"
+
+    - name: Show configured solution
+      ansible.builtin.debug:
+        var: __sap_hana_preconfigure_register_solution_configured
+
+
+- name: Enable sapconf
+  when: not __sap_hana_preconfigure_use_saptune
+  block:
+    - name: Enable sapconf service
+      ansible.builtin.systemd:
+        name: sapconf
+        state: started
+        enabled: true
+
+    - name: Restart sapconf service
+      ansible.builtin.systemd:
+        name: sapconf
+        state: restarted
diff --git a/roles/sap_hana_preconfigure/tasks/SLES/installation.yml b/roles/sap_hana_preconfigure/tasks/SLES/installation.yml
index 270fe3ee..d358844d 100644
--- a/roles/sap_hana_preconfigure/tasks/SLES/installation.yml
+++ b/roles/sap_hana_preconfigure/tasks/SLES/installation.yml
@@ -1,76 +1,76 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
-# Reason for noqa: Both yum and dnf support "state: latest"
+
+- name: Gather service facts
+  ansible.builtin.service_facts:
+
+# Service packagekit is part of PackageKit-backend-zypp (SLE-Module-Desktop-Applications)
+# This service creates zypper locks and causes package install failures.
+# Service cannot be disabled and we have to mask its execution.
+- name: Mask packagekit.service when present
+  ansible.builtin.systemd_service:
+    name: packagekit.service
+    masked: true
+  when: "'packagekit.service' in ansible_facts.services"
+  notify: __sap_hana_preconfigure_packagekit_handler
+
+
+- name: Wait for stop of packagekit.service
+  ansible.builtin.shell: |
+    set -o pipefail && bash -c '
+    while (ps aux | grep "[z]ypper" | grep -v grep) || (ps aux | grep "/usr/lib/packagekitd" | grep -v grep) ||
+     ([ -f /var/run/zypp.pid ] && [ -s /var/run/zypp.pid ]); do
+      sleep 10;
+    done'
+  register: __packagekit_service_check
+  changed_when: false
+  until: __packagekit_service_check.rc == 0
+  retries: 60
+  when: "'packagekit.service' in ansible_facts.services"
+
+
+- name: Ensure that the required packages are installed
+  ansible.builtin.package:
+    state: present
+    name: "{{ sap_hana_preconfigure_packages }}"
+
+
+# Reason for noqa: Zypper supports "state: latest"
 - name: Ensure that the system is updated to the latest patchlevel # noqa package-latest
   ansible.builtin.package:
     state: latest
     name: "*"
   when: sap_hana_preconfigure_update | bool
 
-# SAP Note 2892338
-- name: Ensure package insserv-compat exists
-  ansible.builtin.package:
-    state: present
-    name: insserv-compat
-
-# -----------
-- name: Get contents of /etc/products.d/baseproduct
-  ansible.builtin.stat:
-    path: /etc/products.d/baseproduct
-  register: sles_baseproduct
-  when: ansible_os_family == 'Suse'
 
-- name: Set fact if baseproduct contains SLES without SLES_SAP
-  ansible.builtin.set_fact:
-    __sap_hana_preconfigure_run_saptune: false
-  when:
-    - '"SLES_SAP" not in sles_baseproduct.stat.lnk_target'
-    - '"SLES" in sles_baseproduct.stat.lnk_target'
-    - ansible_os_family == 'Suse'
-
-# - name: Output
-#   ansible.builtin.debug:
-#     msg:
-#       - "OS Family: {{ ansible_os_family }}"
-#       - "saptune: {{ __sap_hana_preconfigure_run_saptune }}"
-#       - "link: {{ sles_baseproduct.stat.lnk_target }}"
+# 1275776 - Linux: Preparing SLES for SAP environments
+- name: Install saptune if available
+  ansible.builtin.include_tasks:
+    file: generic/saptune_install.yml
 
-- name: Prepare saptune
-  when:
-    - __sap_hana_preconfigure_run_saptune
-  block:
+- name: Takeover and enable saptune if available
+  ansible.builtin.include_tasks:
+    file: generic/saptune_takeover.yml
 
-    - name: Ensure saphana pattern is installed
-      community.general.zypper:
-        type: pattern
-        name: sap-hana
-        state: present
-        force: true
 
-    - name: Ensure latest saptune is installed
-      community.general.zypper:
-        type: package
-        name: saptune
-        state: present
-      when:
-        - sap_hana_preconfigure_saptune_version is undefined
-         or sap_hana_preconfigure_saptune_version | length == 0
+# Reason for noqa: The command to be executed might contain pipes
+- name: Determine if the system needs to be restarted # noqa command-instead-of-shell
+  ansible.builtin.shell:
+    cmd: "zypper ps"
+  register: __sap_hana_preconfigure_register_needs_restarting
+  ignore_errors: true
+  changed_when: false
+  check_mode: false
 
-    - name: Ensure specific saptune version is installed
-      community.general.zypper:
-        type: package
-        name: "saptune={{ sap_hana_preconfigure_saptune_version }}"
-        state: present
-        force: true
-      when:
-        - sap_hana_preconfigure_saptune_version is defined
-        - sap_hana_preconfigure_saptune_version | length > 0
+- name: Display the output of the reboot requirement check
+  ansible.builtin.debug:
+    var: __sap_hana_preconfigure_register_needs_restarting
 
-- name: Ensure sapconf is installed
-  community.general.zypper:
-    type: package
-    name: "sapconf"
-    state: present
-    force: true
+- name: Call Reboot handler if necessary
+  ansible.builtin.command:
+    cmd: /bin/true
+  notify: __sap_hana_preconfigure_reboot_handler
+  changed_when: true
   when:
-    - not __sap_hana_preconfigure_run_saptune
+    - __sap_hana_preconfigure_register_needs_restarting is failed
+      or __sap_hana_preconfigure_register_needs_restarting.rc == 102
diff --git a/roles/sap_hana_preconfigure/tasks/main.yml b/roles/sap_hana_preconfigure/tasks/main.yml
index ef63a0b8..3d0d0f9e 100644
--- a/roles/sap_hana_preconfigure/tasks/main.yml
+++ b/roles/sap_hana_preconfigure/tasks/main.yml
@@ -50,17 +50,6 @@
     __sap_hana_preconfigure_fact_ansible_distribution_minor_version: '{{ ansible_distribution_version.split(".")[1] }}'
   when: ansible_distribution == 'RedHat'
 
-# Requirement for package_facts Ansible Module
-- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python
-  ansible.builtin.package:
-    name: python3-rpm
-    state: present
-  when: ansible_os_family == "Suse"
-
-# required for installation and configuration tasks:
-- name: Gather package facts
-  ansible.builtin.package_facts:
-
 - name: Display the content of sap_general_preconfigure_fact_reboot_required
   ansible.builtin.debug:
     var: sap_general_preconfigure_fact_reboot_required
@@ -72,9 +61,6 @@
     - '{{ ansible_distribution.split("_")[0] }}'
     - '{{ ansible_distribution }}'
 
-- name: Gather package facts again after the installation phase
-  ansible.builtin.package_facts:
-
 - name: Include configuration.yml
   ansible.builtin.include_tasks: '{{ item }}/{{ assert_prefix }}configuration.yml'
   when: sap_hana_preconfigure_config_all | d(true) or sap_hana_preconfigure_configuration | d(false)
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/1275776/configuration.yml b/roles/sap_hana_preconfigure/tasks/sapnote/1275776/configuration.yml
deleted file mode 100644
index de00bca3..00000000
--- a/roles/sap_hana_preconfigure/tasks/sapnote/1275776/configuration.yml
+++ /dev/null
@@ -1,33 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
----
-
-# - name: "1275776 - Tips & Advice (start sapconf)"
-#   ansible.builtin.service:
-#     name: sapconf
-#     enabled: true
-#     state: started
-
-- name: "1275776 - Configuration saptune"
-  ansible.builtin.command: "saptune daemon start"
-  register: __sap_hana_preconfigure_register_saptune_daemon
-  changed_when: __sap_hana_preconfigure_register_saptune_daemon.rc == 0
-
-- name: "1275776 - Configuration saptune sap note 2382421"
-  ansible.builtin.command: "saptune note apply 2382421"
-  register: __sap_hana_preconfigure_register_saptune_2382421
-  changed_when: __sap_hana_preconfigure_register_saptune_2382421.rc == 0
-
-- name: "1275776 - Configuration saptune sap note 2578899"
-  ansible.builtin.command: "saptune note apply 2578899"
-  register: __sap_hana_preconfigure_register_saptune_2578899
-  changed_when: __sap_hana_preconfigure_register_saptune_2578899.rc == 0
-
-- name: "1275776 - Configuration saptune sap note 2684254"
-  ansible.builtin.command: "saptune note apply 2684254"
-  register: __sap_hana_preconfigure_register_saptune_2684254
-  changed_when: __sap_hana_preconfigure_register_saptune_2684254.rc == 0
-
-- name: "1275776 - Configuration saptune sap note 941735"
-  ansible.builtin.command: "saptune note apply 941735"
-  register: __sap_hana_preconfigure_register_saptune_941735
-  changed_when: __sap_hana_preconfigure_register_saptune_941735.rc == 0
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/1275776/installation.yml b/roles/sap_hana_preconfigure/tasks/sapnote/1275776/installation.yml
deleted file mode 100644
index e4b24f0c..00000000
--- a/roles/sap_hana_preconfigure/tasks/sapnote/1275776/installation.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
----
-- name: 1275776 - Installation saptune
-  ansible.builtin.package:
-    name: "saptune"
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/1944799.yml b/roles/sap_hana_preconfigure/tasks/sapnote/1944799.yml
new file mode 100644
index 00000000..acb8d079
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/1944799.yml
@@ -0,0 +1,15 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# 1944799 - SAP HANA Guidelines for SLES Operating System Installation
+
+- name: Configure - Display SAP note number 1944799 and its version
+  ansible.builtin.debug:
+    msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1944799$') | first).number }}
+          (version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1944799$') | first).version }}):
+           SAP HANA Guidelines for SLES Operating System Installation"
+
+- name: Import tasks from '1944799/installation.yml'
+  ansible.builtin.import_tasks: 1944799/installation.yml
+
+# - name: Import tasks from '1944799/configuration.yml'
+#   ansible.builtin.import_tasks: 1944799/configuration.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/1944799/assert-installation.yml b/roles/sap_hana_preconfigure/tasks/sapnote/1944799/assert-installation.yml
new file mode 100644
index 00000000..f8ea41e6
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/1944799/assert-installation.yml
@@ -0,0 +1,23 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# Check rpm --whatprovides only if package cannot be found directly.
+- name: Query RPM packages
+  ansible.builtin.shell:
+    cmd: |
+      if rpm -q {{ item }} &> /dev/null;
+      then rpm -q {{ item }}
+      else rpm -q --whatprovides {{ item }};
+      fi
+  register: __sap_hana_preconfigure_register_packages
+  changed_when: false
+  ignore_errors: true
+  loop: "{{ __sap_hana_preconfigure_packages_1944799 }}"
+
+- name: Assert that all required packages are installed
+  ansible.builtin.assert:
+    that: __sap_hana_preconfigure_register_packages.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0
+    fail_msg: "FAIL: Package '{{ item }}' is not installed!"
+    success_msg: "PASS: Package '{{ item }}' is installed."
+  loop: "{{ __sap_hana_preconfigure_packages_1944799 }}"
+  ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}"
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/1944799/configuration.yml b/roles/sap_hana_preconfigure/tasks/sapnote/1944799/configuration.yml
deleted file mode 100644
index 51a15ea7..00000000
--- a/roles/sap_hana_preconfigure/tasks/sapnote/1944799/configuration.yml
+++ /dev/null
@@ -1,2 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
----
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/1944799/installation.yml b/roles/sap_hana_preconfigure/tasks/sapnote/1944799/installation.yml
index c4d2ba26..56995165 100644
--- a/roles/sap_hana_preconfigure/tasks/sapnote/1944799/installation.yml
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/1944799/installation.yml
@@ -1,49 +1,8 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
-# base pattern defined in installation pdf
-# sap-hana and sap_server added by SVA (Thomas Bludau)
 
-# show zypper patterns
-- name: "1944799 - PDF 8.1 Package List Pattern Also 3.5 Software selection"
+- name: Ensure that the required packages are installed
   ansible.builtin.package:
-    name: "{{ packages }}"
-    type: pattern
-  vars:
-    packages:
-      - gnome_basic
-      - base
-      - enhanced_base
-      - apparmor
-      - 32bit
-      - yast2_basis
-      - sw_management
-      - fonts
-      - x11
-      - sap-hana
-      - sap_server
-
-# Requires SLE-Module-Legacy15 Module
-- name: "1944799 - PDF 8.1 Package List Packages (SLE-Module-Legacy15)"
-  ansible.builtin.package:
-    name: "{{ packages }}"
-    type: package
-  vars:
-    packages:
-      - libssh2-1
-      - libopenssl1_1
-      - libstdc++6
-      - libatomic1
-      - libgcc_s1
-      - libltdl7
-      - insserv
-      - numactl
-      - system-user-uuidd
-      - unzip
-
-- name: 1944799 - Install recommended packages
-  ansible.builtin.package:
-    name: "{{ packages }}"
-    type: package
-  vars:
-    packages:
-      - tcsh
+    state: present
+    name: "{{ item }}"
+  loop: "{{ __sap_hana_preconfigure_packages_1944799 }}"
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2055470.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2055470.yml
index b3ba7a81..04d9b726 100644
--- a/roles/sap_hana_preconfigure/tasks/sapnote/2055470.yml
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/2055470.yml
@@ -69,16 +69,19 @@
 # Note: The sole purpose of the following two tasks is to collect the current value(s) of the kernel parameters
 # in '/etc/sysctl.d/ibm_largesend.conf' so that the "Reload kernel parameters from file ..." task
 # can correctly report its 'changed' state. See also https://github.com/sap-linuxlab/community.sap_install/issues/752 .
+
     - name: Construct the command for getting all current parameters of file '/etc/sysctl.d/ibm_largesend.conf'
       ansible.builtin.command: awk 'BEGIN{FS="="; printf ("sysctl ")}{printf ("%s ", $1)}' /etc/sysctl.d/ibm_largesend.conf
       register: __sap_hana_preconfigure_register_ibm_largesend_sysctl_command
       changed_when: false
+      when: not ansible_check_mode
 
 # Reason for noqa: The command module tries to run the complete string as a single command
     - name: Get all currently active values of the parameters of file '/etc/sysctl.d/ibm_largesend.conf' # noqa command-instead-of-shell
       ansible.builtin.shell: "{{ __sap_hana_preconfigure_register_ibm_largesend_sysctl_command.stdout }}"
       register: __sap_hana_preconfigure_register_ibm_largesend_sysctl_p_output_old
       changed_when: false
+      when: not ansible_check_mode
 
     - name: Reload kernel parameters from file '/etc/sysctl.d/ibm_largesend.conf'
       ansible.builtin.command: sysctl -p /etc/sysctl.d/ibm_largesend.conf
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2382421.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2382421.yml
index 32ee24ad..a502c570 100644
--- a/roles/sap_hana_preconfigure/tasks/sapnote/2382421.yml
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/2382421.yml
@@ -73,6 +73,7 @@
     - name: Construct the command for getting all current parameters of file '{{ __sap_hana_preconfigure_etc_sysctl_saphana_conf }}'
       ansible.builtin.command: awk 'BEGIN{FS="="; printf ("sysctl ")}{printf ("%s ", $1)}' "{{ __sap_hana_preconfigure_etc_sysctl_saphana_conf }}"
       register: __sap_hana_preconfigure_register_saphana_conf_sysctl_command
+      check_mode: false
       changed_when: false
 
     - name: Get all currently active values of the parameters of file '{{ __sap_hana_preconfigure_etc_sysctl_saphana_conf }}'
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2578899/configuration.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2578899/configuration.yml
deleted file mode 100644
index 7ee50bfb..00000000
--- a/roles/sap_hana_preconfigure/tasks/sapnote/2578899/configuration.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
----
-
-- name: 2588899 - I/O scheduler
-  ansible.builtin.lineinfile:
-    path: /etc/default/grub
-    backup: yes
-    backrefs: yes
-    state: present
-    regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ line_item }}).*). *$'
-    line: "\\1 {{ line_item }}\""
-  with_items:
-    - "elevator=noop"
-  notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler
-  when: ansible_architecture == "x86_64" and
-        ansible_os_family == 'Suse' and
-        ansible_distribution_major_version == '15'
-  tags: grubconfig
-  loop_control:
-    loop_var: line_item
-
-- name: 2578899 - sysstat - monitoring data
-  ansible.builtin.service:
-    name: sysstat
-    enabled: true
-    state: started
-
-- name: 2578899 - UUID daemon
-  ansible.builtin.service:
-    name: uuidd
-    enabled: true
-    state: started
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2578899/installation.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2578899/installation.yml
deleted file mode 100644
index 76685b37..00000000
--- a/roles/sap_hana_preconfigure/tasks/sapnote/2578899/installation.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
----
-# Requires SLE-Module-Legacy15 Module
-- name: "2578899 - SAP HANA database"
-  ansible.builtin.package:
-    name: "{{ packages }}"
-    type: package
-  vars:
-    packages:
-      - libssh2-1
-      - libopenssl1_1
-
-
-- name: 2578899 - sysstat - monitoring data
-  ansible.builtin.package:
-    name: "sysstat"
-
-- name: 2578899 - UUID daemon
-  ansible.builtin.package:
-    name: "uuidd"
-
-- name: 2578899 - insserv-compat package
-  ansible.builtin.package:
-    name: "insserv-compat"
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2684254.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2684254.yml
new file mode 100644
index 00000000..09d9f8af
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/2684254.yml
@@ -0,0 +1,33 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# 2684254 - SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15
+
+- name: Configure - Display SAP note number 2684254 and its version
+  ansible.builtin.debug:
+    msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2684254$') | first).number }}
+          (version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2684254$') | first).version }}):
+           SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15"
+
+- name: Set fact for SAP note number 2684254 - THP
+  ansible.builtin.set_fact:
+    # THP has different settings for each SP
+    __sap_hana_preconfigure_grub_cmdline_2684254_thp:
+      "{{ 'never' if ansible_distribution_version is version('15.4', '<=') else 'madvise' }}"
+
+- name: Set fact for SAP note number 2684254 - GRUB
+  ansible.builtin.set_fact:
+    __sap_hana_preconfigure_grub_cmdline_2684254:
+      - "numa_balancing=disable"
+      - "transparent_hugepage={{ sap_hana_preconfigure_thp | d(__sap_hana_preconfigure_grub_cmdline_2684254_thp) }}"
+      - "intel_idle.max_cstate=1"
+      - "processor.max_cstate=1"
+      - "splash=silent"
+      - "mitigations=auto"
+      - "quiet"
+      - "audit=1"
+
+- name: Import tasks from '2684254/installation.yml'
+  ansible.builtin.import_tasks: 2684254/installation.yml
+
+- name: Import tasks from '2684254/configuration.yml'
+  ansible.builtin.import_tasks: 2684254/configuration.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2684254/assert-configuration.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/assert-configuration.yml
new file mode 100644
index 00000000..b9f8b1b2
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/assert-configuration.yml
@@ -0,0 +1,43 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Verify SAP Note using saptune
+  when: __sap_hana_preconfigure_use_saptune | d(true)
+  block:
+
+    - name: Verify SAP note 2684254 using saptune
+      ansible.builtin.command:
+        cmd: saptune note verify --show-non-compliant 2684254
+      register: __sap_hana_preconfigure_saptune_verify_2684254
+      changed_when: false
+      ignore_errors: true
+
+    - name: Assert that SAP note 2684254 is verified by saptune
+      ansible.builtin.assert:
+        that: "{{ __sap_hana_preconfigure_saptune_verify_2684254.rc == 0 }}"
+        success_msg: "PASS: SAP note 2684254 is verified by saptune."
+        fail_msg: |
+          "FAIL: SAP note 2684254 is not verified by saptune! See details below:"
+          {{ __sap_hana_preconfigure_saptune_verify_2684254.stdout_lines }}
+          {{ __sap_hana_preconfigure_saptune_verify_2684254.stderr_lines }}
+      ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}"
+
+
+- name: Verify SAP Note without using saptune
+  when: not __sap_hana_preconfigure_use_saptune | d(true)
+  block:
+
+    - name: Get current contents of GRUB
+      ansible.builtin.slurp:
+        path: /etc/default/grub
+      register: __sap_hana_preconfigure_grub_contents
+
+    - name: Assert that GRUB cmdline parameters are set
+      ansible.builtin.assert:
+        that:
+          - "'{{ item }}' in __sap_hana_preconfigure_grub_contents.content | b64decode | string"
+        fail_msg: "FAIL: GRUB cmdline parameter {{ item }} is not set!"
+        success_msg: "PASS: GRUB cmdline parameter {{ item }} is set."
+      loop: "{{ __sap_hana_preconfigure_grub_cmdline_2684254 }}"
+      when: __sap_hana_preconfigure_grub_cmdline_2684254 | length > 0
+      ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}"
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2684254/assert-installation.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/assert-installation.yml
new file mode 100644
index 00000000..d69744f8
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/assert-installation.yml
@@ -0,0 +1,23 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# Check rpm --whatprovides only if package cannot be found directly.
+- name: Query RPM packages
+  ansible.builtin.shell:
+    cmd: |
+      if rpm -q {{ item }} &> /dev/null;
+      then rpm -q {{ item }}
+      else rpm -q --whatprovides {{ item }};
+      fi
+  register: __sap_hana_preconfigure_register_packages
+  changed_when: false
+  ignore_errors: true
+  loop: "{{ __sap_hana_preconfigure_packages_2684254 }}"
+
+- name: Assert that all required packages are installed
+  ansible.builtin.assert:
+    that: __sap_hana_preconfigure_register_packages.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0
+    fail_msg: "FAIL: Package '{{ item }}' is not installed!"
+    success_msg: "PASS: Package '{{ item }}' is installed."
+  loop: "{{ __sap_hana_preconfigure_packages_2684254 }}"
+  ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}"
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2684254/configuration.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/configuration.yml
index ce8da000..38b44d6a 100644
--- a/roles/sap_hana_preconfigure/tasks/sapnote/2684254/configuration.yml
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/configuration.yml
@@ -1,80 +1,76 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
-- name: Disable numa_balancing at boot
-  ansible.builtin.lineinfile:
-    path: /etc/default/grub
-    backup: yes
-    backrefs: yes
-    state: present
-    regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ line_item }}).*). *$'
-    line: "\\1 {{ line_item }}\""
-  with_items:
-    - "numa_balancing=disable"
-  notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler
-  when: ansible_architecture == "x86_64" and
-        ansible_os_family == 'Suse' and
-        ansible_distribution_major_version == '15'
-  tags: grubconfig
-  loop_control:
-    loop_var: line_item
-
-- name: Disable transparent hugepages at boot
-  ansible.builtin.lineinfile:
-    path: /etc/default/grub
-    backup: yes
-    backrefs: yes
-    state: present
-    regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ line_item }}).*). *$'
-    line: "\\1 {{ line_item }}\""
-  with_items:
-    - "transparent_hugepage=never"
-  notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler
-  when: ansible_architecture == "x86_64" and
-        ansible_os_family == 'Suse' and
-        ansible_distribution_major_version == '15'
-  tags: grubconfig
-  loop_control:
-    loop_var: line_item
-
-- name: Disable intel c states in grub config
-  ansible.builtin.lineinfile:
-    path: /etc/default/grub
-    backup: yes
-    backrefs: yes
-    state: present
-    regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ line_item }}).*). *$'
-    line: "\\1 {{ line_item }}\""
-  with_items:
-    - "processor.max_cstate=1"
-    - "intel_idle.max_cstate=1"
-  notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler
-  when: ansible_architecture == "x86_64" and
-        ansible_os_family == 'Suse' and
-        ansible_distribution_major_version == '15'
-  tags: grubconfig
-  loop_control:
-    loop_var: line_item
-
-
-# Intel Systems only
-#  - name: "Configure CPU Governor for Performance now"
-#    command: cpupower frequency-set -g performance
-#    register: __sap_hana_preconfigure_register_sles15_cpupower_frequency_set
-#    ignore_errors: True
-
-- name: "Energy Performance Bias (EPB, applies to Intel-based systems only)"
-  ansible.builtin.lineinfile:
-    path: /etc/init.d/boot.local
-    mode: "0744"
-    line: 'cpupower set -b 0'
-    state: present
-    create: yes
-
-- name: Kernel samepage merging (KSM)
-  ansible.builtin.lineinfile:
-    dest: /etc/init.d/boot.local
-    mode: "0744"
-    line: echo 0 > /sys/kernel/mm/ksm/run
-    state: present
-    create: yes
+- name: Execute task to update GRUB entries
+  ansible.builtin.include_tasks:
+    file: ../../SLES/generic/grub_update.yml
+  vars:
+    __sap_hana_preconfigure_grub_cmdline: "{{ __sap_hana_preconfigure_grub_cmdline_2684254 }}"
+  when: __sap_hana_preconfigure_grub_cmdline | length > 0
+
+
+- name: Apply SAP note 2684254 using saptune
+  when: __sap_hana_preconfigure_use_saptune | d(true)
+  block:
+
+    - name: Apply SAP note 2684254 using saptune
+      ansible.builtin.command:
+        cmd: saptune note apply 2684254
+      changed_when: true
+
+    - name: Verify SAP note 2684254 using saptune
+      ansible.builtin.command:
+        cmd: saptune note verify 2684254
+      register: __sap_hana_preconfigure_saptune_verify_2684254
+      changed_when: false
+      ignore_errors: true
+
+    - name: Display error if saptune verify failed
+      ansible.builtin.debug:
+        msg: |
+          {{ __sap_hana_preconfigure_saptune_verify_2684254.stdout_lines }}
+          {{ __sap_hana_preconfigure_saptune_verify_2684254.stderr_lines }}
+      when:
+        __sap_hana_preconfigure_saptune_verify_2684254.rc != 0
+
+
+- name: Configuration changes without saptune
+  when: not __sap_hana_preconfigure_use_saptune | d(true)
+  block:
+
+    # The KSM feature helps reduce physical memory overhead by detecting memory pages with identical content.
+    # The feature is useful for VMs, but the space-time tradeoff does not pay off for HDB instances not running in VMs.
+    # Kernel samepage merging is usually deactivated by default.
+    - name: Disable Kernel samepage merging (KSM)
+      ansible.builtin.lineinfile:
+        dest: /etc/init.d/boot.local
+        mode: "0744"
+        line: echo 0 > /sys/kernel/mm/ksm/run
+        state: present
+        create: true
+
+
+- name: "(Optional) Set governor to performance - Intel"
+  ansible.builtin.debug:
+    msg: |
+      SAP Recommends setting governor to performance mode on physical Intel servers.
+      This setting is not mandatory for smaller systems, where energy savings are of consideration.
+
+      You can configure it using following methods:
+      - Execute: saptune note apply 2684254
+      - Append command to /etc/init.d/boot.local: cpupower frequency-set -g performance
+
+      Result can be validated by executing: cpupower frequency-info
+
+
+- name: "(Optional) Set Energy Performance Bias to performance - Intel"
+  ansible.builtin.debug:
+    msg: |
+      SAP Recommends setting Energy Performance Bias to performance mode on physical Intel servers.
+      This setting is not mandatory for smaller systems, where energy savings are of consideration.
+
+      You can configure it using following methods:
+      - Execute: saptune note apply 2684254
+      - Append command to /etc/init.d/boot.local: cpupower set -b 0
+
+      Result can be validated by executing: cpupower info
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2684254/installation.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/installation.yml
index d3de8971..a0f92caf 100644
--- a/roles/sap_hana_preconfigure/tasks/sapnote/2684254/installation.yml
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/installation.yml
@@ -1,10 +1,8 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
-# Additional notes for the installation of HANA 1.0 SPS12 and HANA 2.0 SPS03
-- name: 2777782 - Additional notes for the installation of HANA 1.0 SPS12 and HANA 2.0 SPS03
+
+- name: Ensure that the required packages are installed
   ansible.builtin.package:
-    name: "{{ packages }}"
-  vars:
-    packages:
-      - libopenssl1_1
-      - libssh2-1
+    state: present
+    name: "{{ item }}"
+  loop: "{{ __sap_hana_preconfigure_packages_2684254 }}"
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919.yml
new file mode 100644
index 00000000..78dec9ec
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919.yml
@@ -0,0 +1,52 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+- name: Configure - Display SAP note number 3562919 and its version
+  ansible.builtin.debug:
+    msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562919$') | first).number }}
+          (version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562919$') | first).version }}): SAP HANA settings for RHEL 8"
+
+- name: Import tasks from '3562919/01-configure-selinux.yml'
+  ansible.builtin.import_tasks: 3562919/01-configure-selinux.yml
+  when:
+    - sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_01|d(false)
+    - sap_hana_preconfigure_modify_selinux_labels
+
+- name: Import tasks from '3562919/02-configure-tuned.yml'
+  ansible.builtin.import_tasks: 3562919/02-configure-tuned.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_02|d(false)
+
+- name: Import tasks from '3562919/03-disable-abrt-coredumps-kdump.yml'
+  ansible.builtin.import_tasks: 3562919/03-disable-abrt-coredumps-kdump.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_03|d(false)
+
+- name: Import tasks from '3562919/04-turn-off-auto-numa-balancing.yml'
+  ansible.builtin.import_tasks: 3562919/04-turn-off-auto-numa-balancing.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_04|d(false)
+
+- name: Import tasks from '3562919/05-configure-thp.yml'
+  ansible.builtin.import_tasks: 3562919/05-configure-thp.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_05|d(false)
+
+- name: Import tasks from '3562919/06-configure-c-states-for-lower-latency.yml'
+  ansible.builtin.import_tasks: 3562919/06-configure-c-states-for-lower-latency.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_06|d(false)
+
+- name: Import tasks from '3562919/07-configure-cpu-governor.yml'
+  ansible.builtin.import_tasks: 3562919/07-configure-cpu-governor.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_07|d(false)
+
+- name: Import tasks from '3562919/08-configure-epb.yml'
+  ansible.builtin.import_tasks: 3562919/08-configure-epb.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_08|d(false)
+
+- name: Import tasks from '3562919/09-disable-ksm.yml'
+  ansible.builtin.import_tasks: 3562919/09-disable-ksm.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_09|d(false)
+
+- name: Import tasks from '3562919/10-increase-pidmax.yml'
+  ansible.builtin.import_tasks: 3562919/10-increase-pidmax.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_10|d(false)
+
+- name: Import tasks from '3562919/11-enable-tsx.yml'
+  ansible.builtin.import_tasks: 3562919/11-enable-tsx.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_11|d(false)
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/01-assert-selinux.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/01-assert-selinux.yml
new file mode 100644
index 00000000..f0bbd59b
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/01-assert-selinux.yml
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562919-1
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 1: Configure SELinux"
+
+- name: Import ../../RedHat/generic/assert-selinux.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-selinux.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/01-configure-selinux.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/01-configure-selinux.yml
new file mode 100644
index 00000000..3f08527c
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/01-configure-selinux.yml
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562919-1
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 1: Configure SELinux"
+
+- name: Import ../../RedHat/generic/configure-selinux.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-selinux.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/02-assert-tuned.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/02-assert-tuned.yml
new file mode 100644
index 00000000..15e2fd39
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/02-assert-tuned.yml
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562919-2
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 2: Configure tuned to use profile sap-hana"
+
+- name: Import ../../RedHat/generic/assert-tuned.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-tuned.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/02-configure-tuned.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/02-configure-tuned.yml
new file mode 100644
index 00000000..e129bc93
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/02-configure-tuned.yml
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562919-2
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 2: Configure tuned to use profile for SAP HANA"
+
+- name: Import ../../RedHat/generic/configure-tuned.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-tuned.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/03-assert-abrt-coredumps-kdump.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/03-assert-abrt-coredumps-kdump.yml
new file mode 100644
index 00000000..d8edc186
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/03-assert-abrt-coredumps-kdump.yml
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562919-3
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 3: Disable kdump"
+
+- name: Import ../../RedHat/generic/assert-kdump.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-kdump.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/03-disable-abrt-coredumps-kdump.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/03-disable-abrt-coredumps-kdump.yml
new file mode 100644
index 00000000..c195ae90
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/03-disable-abrt-coredumps-kdump.yml
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562919-3
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 3: Disable kdump"
+
+- name: Import ../../RedHat/generic/disable-kdump.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/disable-kdump.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/04-assert-auto-numa-balancing.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/04-assert-auto-numa-balancing.yml
new file mode 100644
index 00000000..ad122e8d
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/04-assert-auto-numa-balancing.yml
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# can be configured by tuned profile sap-hana, entry "kernel.numa_balancing = 0"
+- name: Assert 3562919-4
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 4: Turn off auto-numa balancing"
+
+- name: Import ../../RedHat/generic/assert-auto-numa-balancing.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-auto-numa-balancing.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/04-turn-off-auto-numa-balancing.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/04-turn-off-auto-numa-balancing.yml
new file mode 100644
index 00000000..d365617c
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/04-turn-off-auto-numa-balancing.yml
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# can be configured by tuned profile sap-hana, entry "kernel.numa_balancing = 0"
+- name: Configure 3562919-4
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 4: Turn off auto-numa balancing"
+
+- name: Import ../../RedHat/generic/turn-off-auto-numa-balancing.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/turn-off-auto-numa-balancing.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/05-assert-thp.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/05-assert-thp.yml
new file mode 100644
index 00000000..22281d84
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/05-assert-thp.yml
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# can be configured by tuned profile sap-hana, entry "transparent_hugepages=never"
+- name: Assert 3562919-5
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 5: Configure Transparent Hugepages (THP)"
+
+- name: Import ../../RedHat/generic/assert-thp.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-thp.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/05-configure-thp.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/05-configure-thp.yml
new file mode 100644
index 00000000..868335da
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/05-configure-thp.yml
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# can be configured by tuned profile sap-hana, entry "transparent_hugepages=never" or "transparent_hugepages=madvise"
+- name: Configure 3562919-5
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 5: Configure Transparent Hugepages (THP)"
+
+- name: Import ../../RedHat/generic/configure-thp.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-thp.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/06-assert-c-states-for-lower-latency.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/06-assert-c-states-for-lower-latency.yml
new file mode 100644
index 00000000..0b75df0e
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/06-assert-c-states-for-lower-latency.yml
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# can be configured by tuned profile sap-hana, entry "force_latency=70"
+- name: Assert 3562919-6
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 6: Configure C-States for lower latency (x86_64 platform only)"
+
+- name: Import ../../RedHat/generic/assert-c-states-for-lower-latency.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-c-states-for-lower-latency.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/06-configure-c-states-for-lower-latency.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/06-configure-c-states-for-lower-latency.yml
new file mode 100644
index 00000000..a4983c97
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/06-configure-c-states-for-lower-latency.yml
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# can be configured by tuned profile sap-hana, entry "force_latency=70"
+- name: Configure 3562919-6
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 6: Configure C-States for lower latency (x86_64 platform only)"
+
+- name: Import ../../RedHat/generic/configure-c-states-for-lower-latency.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-c-states-for-lower-latency.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/07-assert-cpu-governor.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/07-assert-cpu-governor.yml
new file mode 100644
index 00000000..d91f7712
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/07-assert-cpu-governor.yml
@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# can be configured by tuned profile sap-hana, entry "governor=performance"
+#   in included tuned profile throughput-performance
+- name: Assert 3562919-7
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 7: Configure CPU Governor for performance (x86_64 platform only)"
+
+- name: Import ../../RedHat/generic/assert-cpu-governor-for-performance.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-cpu-governor-for-performance.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/07-configure-cpu-governor.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/07-configure-cpu-governor.yml
new file mode 100644
index 00000000..444b2114
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/07-configure-cpu-governor.yml
@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# can be configured by tuned profile sap-hana, entry "governor=performance"
+#   in included tuned profile throughput-performance
+- name: Configure 3562919-7
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 7: Configure CPU Governor for performance (x86_64 platform only)"
+
+- name: Import ../../RedHat/generic/configure-cpu-governor-for-performance.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-cpu-governor-for-performance.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/08-assert-epb.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/08-assert-epb.yml
new file mode 100644
index 00000000..63d92375
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/08-assert-epb.yml
@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# can be configured by tuned profile sap-hana, entry "energy_perf_bias=performance"
+#   in included tuned profile throughput-performance
+- name: Assert 3562919-8
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 8: Configure Energy Performance Bias (EPB, x86_64 platform only)"
+
+- name: Import ../../RedHat/generic/assert-epb.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-epb.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/08-configure-epb.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/08-configure-epb.yml
new file mode 100644
index 00000000..8b7c3c0c
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/08-configure-epb.yml
@@ -0,0 +1,11 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# can be configured by tuned profile sap-hana, entry "energy_perf_bias=performance"
+#   in included tuned profile throughput-performance
+- name: Configure 3562919-8
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 8: Configure Energy Performance Bias (EPB, x86_64 platform only)"
+
+- name: Import ../../RedHat/generic/configure-epb.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/configure-epb.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/09-assert-ksm.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/09-assert-ksm.yml
new file mode 100644
index 00000000..a3bb08d2
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/09-assert-ksm.yml
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562919-9
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 9: Disable Kernel samepage merging (KSM)"
+
+- name: Import ../../RedHat/generic/assert-ksm.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-ksm.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/09-disable-ksm.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/09-disable-ksm.yml
new file mode 100644
index 00000000..9bc27d70
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/09-disable-ksm.yml
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562919-9
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 9: Disable Kernel samepage merging (KSM)"
+
+- name: Import ../../RedHat/generic/disable-ksm.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/disable-ksm.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/10-assert-pidmax.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/10-assert-pidmax.yml
new file mode 100644
index 00000000..b08e542e
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/10-assert-pidmax.yml
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562919-10
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 10: Increase kernel.pidmax"
+
+- name: Notify about where 'kernel.pidmax' is asserted
+  ansible.builtin.debug:
+    msg: "INFO: Kernel parameter 'kernel.pid_max' is already asserted by role 'sap_general_preconfigure' if necessary."
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/10-increase-pidmax.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/10-increase-pidmax.yml
new file mode 100644
index 00000000..2d7ac75a
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/10-increase-pidmax.yml
@@ -0,0 +1,10 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562919-10
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 10: Increase kernel.pidmax"
+
+- name: Notify about where 'kernel.pid_max' is set
+  ansible.builtin.debug:
+    msg: "Kernel parameter 'kernel.pid_max' is already set by role 'sap_general_preconfigure' if necessary."
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/11-assert-tsx.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/11-assert-tsx.yml
new file mode 100644
index 00000000..6009a272
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/11-assert-tsx.yml
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Assert 3562919-11
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 11: Enable TSX (Intel Transactional Synchronization Extensions)"
+
+- name: Import ../../RedHat/generic/assert-tsx.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/assert-tsx.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/11-enable-tsx.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/11-enable-tsx.yml
new file mode 100644
index 00000000..2558804e
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/11-enable-tsx.yml
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+- name: Configure 3562919-11
+  ansible.builtin.debug:
+    msg: "SAP note 3562919 Step 11: Enable TSX (Intel Transactional Synchronization Extensions)"
+
+- name: Import ../../RedHat/generic/enable-tsx.yml
+  ansible.builtin.import_tasks: ../../RedHat/generic/enable-tsx.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/assert-1944799.yml b/roles/sap_hana_preconfigure/tasks/sapnote/assert-1944799.yml
new file mode 100644
index 00000000..a4410ca9
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/assert-1944799.yml
@@ -0,0 +1,15 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# 1944799 - SAP HANA Guidelines for SLES Operating System Installation
+
+- name: Assert - Display SAP note number 1944799 and its version
+  ansible.builtin.debug:
+    msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1944799$') | first).number }}
+          (version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1944799$') | first).version }}):
+           SAP HANA Guidelines for SLES Operating System Installation"
+
+- name: Import tasks from '1944799/assert-installation.yml'
+  ansible.builtin.import_tasks: 1944799/assert-installation.yml
+
+# - name: Import tasks from '1944799/assert-configuration.yml'
+#   ansible.builtin.import_tasks: 1944799/assert-configuration.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/assert-2684254.yml b/roles/sap_hana_preconfigure/tasks/sapnote/assert-2684254.yml
new file mode 100644
index 00000000..09188349
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/assert-2684254.yml
@@ -0,0 +1,33 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# 2684254 - SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15
+
+- name: Assert - Display SAP note number 2684254 and its version
+  ansible.builtin.debug:
+    msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2684254$') | first).number }}
+          (version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2684254$') | first).version }}):
+           SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15"
+
+- name: Set fact for SAP note number 2684254 - THP
+  ansible.builtin.set_fact:
+    # THP has different settings for each SP
+    __sap_hana_preconfigure_grub_cmdline_2684254_thp:
+      "{{ 'never' if ansible_distribution_version is version('15.4', '<=') else 'madvise' }}"
+
+- name: Set fact for SAP note number 2684254 - GRUB
+  ansible.builtin.set_fact:
+    __sap_hana_preconfigure_grub_cmdline_2684254:
+      - "numa_balancing=disable"
+      - "transparent_hugepage={{ sap_hana_preconfigure_thp | d(__sap_hana_preconfigure_grub_cmdline_2684254_thp) }}"
+      - "intel_idle.max_cstate=1"
+      - "processor.max_cstate=1"
+      - "splash=silent"
+      - "mitigations=auto"
+      - "quiet"
+      - "audit=1"
+
+- name: Import tasks from '2684254/assert-installation.yml'
+  ansible.builtin.import_tasks: 2684254/assert-installation.yml
+
+- name: Import tasks from '2684254/assert-configuration.yml'
+  ansible.builtin.import_tasks: 2684254/assert-configuration.yml
diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/assert-3562919.yml b/roles/sap_hana_preconfigure/tasks/sapnote/assert-3562919.yml
new file mode 100644
index 00000000..f651bf78
--- /dev/null
+++ b/roles/sap_hana_preconfigure/tasks/sapnote/assert-3562919.yml
@@ -0,0 +1,52 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+- name: Assert - Display SAP note number 3562919 and its version
+  ansible.builtin.debug:
+    msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562919$') | first).number }}
+          (version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562919$') | first).version }}): SAP HANA settings for RHEL 8"
+
+- name: Import tasks from '3562919/01-assert-selinux.yml'
+  ansible.builtin.import_tasks: 3562919/01-assert-selinux.yml
+  when:
+    - sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_01|d(false)
+    - sap_hana_preconfigure_modify_selinux_labels
+
+- name: Import tasks from '3562919/02-assert-tuned.yml'
+  ansible.builtin.import_tasks: 3562919/02-assert-tuned.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_02|d(false)
+
+- name: Import tasks from '3562919/03-assert-abrt-coredumps-kdump.yml'
+  ansible.builtin.import_tasks: 3562919/03-assert-abrt-coredumps-kdump.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_03|d(false)
+
+- name: Import tasks from '3562919/04-assert-auto-numa-balancing.yml'
+  ansible.builtin.import_tasks: 3562919/04-assert-auto-numa-balancing.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_04|d(false)
+
+- name: Import tasks from '3562919/05-assert-thp.yml'
+  ansible.builtin.import_tasks: 3562919/05-assert-thp.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_05|d(false)
+
+- name: Import tasks from '3562919/06-assert-c-states-for-lower-latency.yml'
+  ansible.builtin.import_tasks: 3562919/06-assert-c-states-for-lower-latency.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_06|d(false)
+
+- name: Import tasks from '3562919/07-assert-cpu-governor.yml'
+  ansible.builtin.import_tasks: 3562919/07-assert-cpu-governor.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_07|d(false)
+
+- name: Import tasks from '3562919/08-assert-epb.yml'
+  ansible.builtin.import_tasks: 3562919/08-assert-epb.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_08|d(false)
+
+- name: Import tasks from '3562919/09-assert-ksm.yml'
+  ansible.builtin.import_tasks: 3562919/09-assert-ksm.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_09|d(false)
+
+- name: Import tasks from '3562919/10-assert-pidmax.yml'
+  ansible.builtin.import_tasks: 3562919/10-assert-pidmax.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_10|d(false)
+
+- name: Import tasks from '3562919/11-assert-tsx.yml'
+  ansible.builtin.import_tasks: 3562919/11-assert-tsx.yml
+  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_11|d(false)
diff --git a/roles/sap_hana_preconfigure/vars/RedHat_10.yml b/roles/sap_hana_preconfigure/vars/RedHat_10.yml
new file mode 100644
index 00000000..98775f20
--- /dev/null
+++ b/roles/sap_hana_preconfigure/vars/RedHat_10.yml
@@ -0,0 +1,160 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# supported RHEL 10 minor releases for SAP HANA:
+__sap_hana_preconfigure_supported_rhel_minor_releases: []
+
+# required repos for RHEL 10:
+__sap_hana_preconfigure_req_repos_redhat_10_0_x86_64:
+  - "rhel-10-for-x86_64-baseos-e4s-rpms"
+  - "rhel-10-for-x86_64-appstream-e4s-rpms"
+  - "rhel-10-for-x86_64-sap-solutions-e4s-rpms"
+
+__sap_hana_preconfigure_req_repos_redhat_10_0_ppc64le:
+  - "rhel-10-for-ppc64le-baseos-e4s-rpms"
+  - "rhel-10-for-ppc64le-appstream-e4s-rpms"
+  - "rhel-10-for-ppc64le-sap-solutions-e4s-rpms"
+
+# required SAP notes for RHEL 10:
+__sap_hana_preconfigure_sapnotes_versions_x86_64:
+  - { number: '3562919', version: '1' }
+  - { number: '2382421', version: '47' }
+  - { number: '3024346', version: '11' }
+
+__sap_hana_preconfigure_sapnotes_versions_ppc64le:
+  - { number: '2055470', version: '90' }
+  - { number: '3562919', version: '1' }
+  - { number: '2382421', version: '47' }
+  - { number: '3024346', version: '11' }
+
+__sap_hana_preconfigure_sapnotes_versions: "{{ lookup('vars', '__sap_hana_preconfigure_sapnotes_versions_' + ansible_architecture) }}"
+
+# In SAP Note XXX, certain minimal required packages for the different RHEL 10 minor releases are listed.
+# The following will assign them properly to __sap_hana_preconfigure_min_pkgs.
+# If variable __sap_hana_preconfigure_min_packages_VERSION_ARCH is not defined,
+# variable __sap_hana_preconfigure_min_pkgs will be undefined as well.
+
+# Minimum required package levels for RHEL 10.0:
+__sap_hana_preconfigure_min_packages_10_0_x86_64: []
+
+__sap_hana_preconfigure_min_packages_10_0_ppc64le: []
+
+__sap_hana_preconfigure_min_pkgs: "{{ lookup('vars', '__sap_hana_preconfigure_min_packages_' + ansible_distribution_version | string | replace(\".\", \"_\") + '_' + ansible_architecture) }}"
+
+__sap_hana_preconfigure_packages:
+# SAP NOTE 3108316:
+  - expect
+# package gtk3: only needed if the SAP HANA installation tools hdblcmgui and hdbsetup are used
+  - gtk3
+  - krb5-workstation
+  - libatomic
+  - libcanberra-gtk3
+  - libtool-ltdl
+  - numactl
+  - PackageKit-gtk3-module
+  - xorg-x11-xauth
+# package chkconfig: needed by hdblcm to be able to access /etc/init.d
+  - chkconfig
+# package libxcrypt-compat: needed SAP HANA and also by sapstartsrv on RHEL 10:
+#  - libxcrypt-compat       # now installed by role sap_general_preconfigure, see also SAP note 3108316, version 4.
+# For support purposes:
+# package graphwiz: graph visualization tools, for supportability)
+  - graphviz
+# package iptraf-ng: TCP/IP network monitor, for supportability)
+  - iptraf-ng
+# package lm-sensors: TCP/IP network monitor, for supportability)
+  - lm_sensors
+# package nfs-utils: support utilities for NFS, for supportability)
+  - nfs-utils
+# SAP NOTE 3562919:
+  - tuned-profiles-sap-hana
+
+__sap_hana_preconfigure_packages_min_install:
+# SAP NOTE 3108316:
+  - expect
+# package gtk3: only needed if the SAP HANA installation tools hdblcmgui and hdbsetup are used
+#  - gtk3
+  - krb5-workstation
+  - libatomic
+  - libcanberra-gtk3
+  - libtool-ltdl
+  - numactl
+  - PackageKit-gtk3-module
+  - xorg-x11-xauth
+# package libxcrypt-compat: needed SAP HANA and also by sapstartsrv on RHEL 10:
+#  - libxcrypt-compat       # now installed by role sap_general_preconfigure, see also SAP note 3108316, version 4.
+# For support purposes:
+# package graphwiz: graph visualization tools, for supportability)
+#  - graphviz
+# package iptraf-ng: TCP/IP network monitor, for supportability)
+#  - iptraf-ng
+# package lm-sensors: TCP/IP network monitor, for supportability)
+#  - lm_sensors
+# package nfs-utils: support utilities for NFS, for supportability)
+#  - nfs-utils
+# SAP NOTE 3562919:
+  - tuned-profiles-sap-hana
+
+# URL for the IBM Power Systems service and productivity tools, see https://www.ibm.com/support/pages/service-and-productivity-tools
+__sap_hana_preconfigure_ibm_power_repo_url: 'https://public.dhe.ibm.com/software/server/POWER/Linux/yum/download/ibm-power-repo-latest.noarch.rpm'
+
+__sap_hana_preconfigure_required_ppc64le:
+  - ibm-power-managed-rhel10
+
+# Network related kernel parameters as set in SAP Note 2382421:
+__sap_hana_preconfigure_kernel_parameters_default:
+# The following parameter should always be set:
+  - { name: net.ipv4.tcp_max_syn_backlog, value: 8192 }
+# The following two parameters are automatically set by SAP Host Agent
+#  - { name: net.ipv4.ip_local_port_range, value: "40000 61000" }
+#  - { name: net.ipv4.ip_local_reserved_ports, value: -> SAP NOTE 2477204 }
+# The following two parameters do not work when communicating with hosts behind NAT firewall:
+#  - { name: net.ipv4.tcp_tw_reuse, value: 1 }
+#  - { name: net.ipv4.tcp_tw_recycle, value: 1 }
+# The following parameter should always be set but might not work on Azure (see SAP Note 2382421):
+  - { name: net.ipv4.tcp_timestamps, value: 1 }
+# The following parameter should always be set:
+  - { name: net.ipv4.tcp_slow_start_after_idle, value: 0 }
+# Tune the next four parameters for low latency system replication:
+#  - { net.ipv4.tcp_wmem, value }
+#  - { net.ipv4.tcp_rmem, value }
+#  - { net.core.wmem_max, value }
+#  - { net.core.rmem_max, value }
+# Should be set correctly already on most systems, according to SAP Note 2382421:
+#  - { net.ipv4.tcp_window_scaling, 1 }
+# The following only applies to HANA 1 <= 122.14 and HANA 2 SPS00.
+# So we do not change the default.
+#  - { name: net.ipv4.tcp_syn_retries, value: 8 }
+
+# Network related kernel parameters for ppc64le:
+__sap_hana_preconfigure_kernel_parameters_default_ppc64le:
+  - { name: net.core.rmem_max, value: 56623104 }
+  - { name: net.core.wmem_max, value: 56623104 }
+  - { name: net.ipv4.tcp_rmem, value: "65536 262088 56623104" }
+  - { name: net.ipv4.tcp_wmem, value: "65536 262088 56623104" }
+  - { name: net.ipv4.tcp_mem, value: "56623104 56623104 56623104" }
+
+# Network related kernel parameters for NetApp NFS, as set in SAP Note 3024346:
+__sap_hana_preconfigure_kernel_parameters_netapp_nfs:
+  - { name: net.core.rmem_max, value: 16777216 }
+  - { name: net.core.wmem_max, value: 16777216 }
+  - { name: net.ipv4.tcp_rmem, value: "4096 131072 16777216" }
+  - { name: net.ipv4.tcp_wmem, value: "4096 16384 16777216" }
+  - { name: net.core.netdev_max_backlog, value: 300000 }
+# already set in SAP note 2382421:
+#  - { name: net.ipv4.tcp_slow_start_after_idle, value: 0 }
+  - { name: net.ipv4.tcp_no_metrics_save, value: 1 }
+  - { name: net.ipv4.tcp_moderate_rcvbuf, value: 1 }
+  - { name: net.ipv4.tcp_window_scaling, value: 1 }
+# already set in SAP note 2382421:
+#  - { name: net.ipv4.tcp_timestamps, value: 1 }
+  - { name: net.ipv4.tcp_sack, value: 1 }
+
+# yamllint disable rule:commas rule:colons
+__sap_hana_preconfigure_packages_and_services:
+  abrtd:     { pkg: 'abrt',            svc: 'abrtd',     systemd_enabled: 'no', systemd_state: 'stopped', svc_status: 'disabled', svc_state: 'inactive' }
+  abrt-ccpp: { pkg: 'abrt-addon-ccpp', svc: 'abrt-ccpp', systemd_enabled: 'no', systemd_state: 'stopped', svc_status: 'disabled', svc_state: 'inactive' }
+  numad:     { pkg: 'numad',           svc: 'numad',     systemd_enabled: 'no', systemd_state: 'stopped', svc_status: 'disabled', svc_state: 'inactive' }
+  kdump:     { pkg: 'kexec-tools',     svc: 'kdump',     systemd_enabled: 'no', systemd_state: 'stopped', svc_status: 'disabled', svc_state: 'inactive' }
+  firewalld: { pkg: 'firewalld',       svc: 'firewalld', systemd_enabled: 'no', systemd_state: 'stopped', svc_status: 'disabled', svc_state: 'inactive' }
+# yamllint enable rule:commas rule:colons
diff --git a/roles/sap_hana_preconfigure/vars/SLES_15.yml b/roles/sap_hana_preconfigure/vars/SLES_15.yml
index 1f98593b..0bf33eec 100644
--- a/roles/sap_hana_preconfigure/vars/SLES_15.yml
+++ b/roles/sap_hana_preconfigure/vars/SLES_15.yml
@@ -4,29 +4,93 @@
 # - SUSE Linux Enterprise Server for SAP Applications 15
 # - SUSE Linux Enterprise Server 15
 
-__sap_hana_preconfigure_sapnotes:
-#        - "{% if ansible_architecture == 'ppc64le' %}2055470{% endif %}"
-  - "1944799"
-  - "2578899"
-  - "1275776"
-  - "2684254"
+__sap_hana_preconfigure_sapnotes_versions:
+  # 2578899 - SUSE Linux Enterprise Server 15: Installation Note
+  # Already included in sap_general_preconfigure
+
+  # 1944799 - SAP HANA Guidelines for SLES Operating System Installation
+  - { number: '1944799', version: '19' }
+  # 2684254 - SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15
+  - { number: '2684254', version: '19' }
+
+  # SAP Notes applicable to HANA saptune solution:
+  # 941735 1771258 1868829 1980196 2578899 2684254 2382421 2534844 2993054 1656250
+
+  # 941735 - SAP memory management system for 64-bit Linux systems
+  # kernel.shmall, kernel.shmmax are already default.
+  # ShmFileSystemSizeMB, VSZ_TMPFS_PERCENT are optional parameters for /dev/shm
+
+  # 1771258 - Linux: User and system resource limits
+  # Limits are created by applying saptune solution or predefined in sapconf.
 
-__sap_hana_preconfigure_min_pkgs:
 
 __sap_hana_preconfigure_packages:
-    # SAP NOTE 2772999
-    # SAP NOTE 2292690
-    # SAP NOTE 22455582
-#
-#   libtool ltdl: https://answers.sap.com/questions/476177/hana-db-installation-ended-with-exit-code-127.html
-#   it is required since HANA 2 SPS 03, and as such installed in general
+  # Mandatory patterns
+  - patterns-server-enterprise-sap_server
+
+  # Recommended packages
+  - tcsh
+  - psmisc
+
+  # 3139184 - Linux: systemd integration for sapstartsrv and SAP Host Agent
+  - polkit
 
-#
-# Intel needs additional packages over x86_64
-#
+  # Recommended for System monitoring
+  - cpupower
+  # - "{{ 'libcpupower0' if ansible_distribution_version.split('.')[1] | int < 6 else 'libcpupower1' }}"
+  - "{{ 'libcpupower0' if ansible_distribution_version is version('15.6', '<') else 'libcpupower1' }}"
+  - libsensors4
 
-__sap_hana_preconfigure_grub_file: /tmp/grub
+  # Additional packages
+  - nfs-utils
+  - bind-utils
+
+# Packages specific for SAP Note 1944799
+__sap_hana_preconfigure_packages_1944799:
+  - libssh2-1
+  - libopenssl1_1
+  - insserv-compat
+  # Following packages are part of pattern patterns-sap-hana available on SLES_SAP_15
+  - autoyast2-installation
+  - bc
+  - cryptctl
+  - expect
+  - gtk2
+  - insserv-compat
+  - libatomic1
+  - libgcc_s1
+  - libicu
+  - libjpeg62
+  - libpng12-0
+  - libstdc++6
+  - chrony
+  - numactl
+  - sudo
+  - sysstat
+  - tcsh
+  - xfsprogs
+  - xrdp
+  - yast2-ncurses
+
+
+# Following packages are not relevant for SAP Note 1944799
+# patterns-gnome-gnome_basic - SLE-Module-Desktop-Applications15-SP6-Pool
+# patterns-base-enhanced_base - SLE-Module-Basesystem15-SP6-Pool
+# patterns-base-apparmor - SLE-Module-Basesystem15-SP6-Pool
+# patterns-base-32bit - SLE-Module-Basesystem15-SP6-Pool
+# patterns-yast-yast2_basis - SLE-Module-Basesystem15-SP6-Pool
+# patterns-base-sw_management - SLE-Module-Basesystem15-SP6-Pool
+# patterns-fonts-fonts - SLE-Module-Basesystem15-SP6-Pool
+# patterns-base-x11 - SLE-Module-Basesystem15-SP6-Pool
+
+
+# Packages specific for SAP Note 2684254
+__sap_hana_preconfigure_packages_2684254:
+  - libssh2-1
+  - libopenssl1_1
+  - insserv-compat
+
+__sap_hana_preconfigure_min_pkgs:
 
 # SLES_SAP is using saptune, but SLES is using sapconf.
-# Default value true runs saptune, but installation.yml auto-detects base product and adjusts.
-__sap_hana_preconfigure_run_saptune: true
+__sap_hana_preconfigure_use_saptune: false
diff --git a/roles/sap_hana_preconfigure/vars/SLES_SAP_15.yml b/roles/sap_hana_preconfigure/vars/SLES_SAP_15.yml
new file mode 100644
index 00000000..096a081f
--- /dev/null
+++ b/roles/sap_hana_preconfigure/vars/SLES_SAP_15.yml
@@ -0,0 +1,64 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# Variables specific to following versions:
+# - SUSE Linux Enterprise Server for SAP Applications 15
+
+__sap_hana_preconfigure_sapnotes_versions:
+  # 2578899 - SUSE Linux Enterprise Server 15: Installation Note
+  # Already included in sap_general_preconfigure
+
+  # 1944799 - SAP HANA Guidelines for SLES Operating System Installation
+  - { number: '1944799', version: '19' }
+  # 2684254 - SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15
+  - { number: '2684254', version: '19' }
+
+  # SAP Notes applicable to HANA saptune solution:
+  # 941735 1771258 1868829 1980196 2578899 2684254 2382421 2534844 2993054 1656250
+
+  # 941735 - SAP memory management system for 64-bit Linux systems
+  # kernel.shmall, kernel.shmmax are already default.
+  # ShmFileSystemSizeMB, VSZ_TMPFS_PERCENT are optional parameters for /dev/shm
+
+  # 1771258 - Linux: User and system resource limits
+  # Limits are created by applying saptune solution or predefined in sapconf.
+
+
+__sap_hana_preconfigure_packages:
+  # Mandatory patterns
+  - patterns-server-enterprise-sap_server
+  - patterns-sap-hana
+
+  # Recommended packages
+  - tcsh
+  - psmisc
+
+  # 3139184 - Linux: systemd integration for sapstartsrv and SAP Host Agent
+  - polkit
+
+  # Recommended for System monitoring
+  - cpupower
+  # - "{{ 'libcpupower0' if ansible_distribution_version.split('.')[1] | int < 6 else 'libcpupower1' }}"
+  - "{{ 'libcpupower0' if ansible_distribution_version is version('15.6', '<') else 'libcpupower1' }}"
+  - libsensors4
+
+  # Additional packages
+  - nfs-utils
+  - bind-utils
+
+# Packages specific for SAP Note 1944799
+__sap_hana_preconfigure_packages_1944799:
+  - libssh2-1
+  - libopenssl1_1
+  - insserv-compat
+
+# Packages specific for SAP Note 2684254
+__sap_hana_preconfigure_packages_2684254:
+  - libssh2-1
+  - libopenssl1_1
+  - insserv-compat
+
+
+__sap_hana_preconfigure_min_pkgs:
+
+# SLES_SAP is using saptune, but SLES is using sapconf.
+__sap_hana_preconfigure_use_saptune: true
diff --git a/roles/sap_hana_preconfigure/vars/SLES_SAP_16.yml b/roles/sap_hana_preconfigure/vars/SLES_SAP_16.yml
new file mode 100644
index 00000000..b0678a8e
--- /dev/null
+++ b/roles/sap_hana_preconfigure/vars/SLES_SAP_16.yml
@@ -0,0 +1,36 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# Variables specific to following versions:
+# - SUSE Linux Enterprise Server for SAP Applications 16
+
+__sap_hana_preconfigure_sapnotes_versions: []
+
+__sap_hana_preconfigure_min_pkgs:
+
+__sap_hana_preconfigure_packages:
+  # Mandatory patterns
+  - patterns-sap-DB
+
+  # Recommended packages
+  - tcsh
+  - psmisc
+
+  # 2578899 is not updated for SLES 16 yet.
+  - uuidd
+  - sysstat
+  - sysctl-logger
+
+  # 3139184 - Linux: systemd integration for sapstartsrv and SAP Host Agent
+  - polkit
+
+  # Recommended for System monitoring
+  - cpupower
+  - libcpupower1
+  - libsensors4
+
+  # Additional packages
+  - nfs-utils
+  - bind-utils
+
+# SLES_SAP is using saptune, but SLES is using sapconf.
+__sap_hana_preconfigure_use_saptune: true
diff --git a/roles/sap_hostagent/defaults/main.yml b/roles/sap_hostagent/defaults/main.yml
index ed1d754d..da249e80 100644
--- a/roles/sap_hostagent/defaults/main.yml
+++ b/roles/sap_hostagent/defaults/main.yml
@@ -12,8 +12,5 @@ sap_hostagent_agent_tmp_directory: "/tmp/hostagent"
 # Remove the temporary directory after the installation has been done
 sap_hostagent_clean_tmp_directory: false
 
-# This role must be run as ROOT user
-ansible_become: true
-
 # SSL Variables
 sap_hostagent_config_ssl: False
diff --git a/roles/sap_hostagent/tasks/config_ssl.yml b/roles/sap_hostagent/tasks/config_ssl.yml
index f20506a4..edeb9c53 100644
--- a/roles/sap_hostagent/tasks/config_ssl.yml
+++ b/roles/sap_hostagent/tasks/config_ssl.yml
@@ -32,7 +32,7 @@
     -x "{{ sap_hostagent_ssl_passwd }}"
     -r /tmp/myhost-csr.p10
     "CN={{ ansible_fqdn }}, O={{ sap_hostagent_ssl_org }}, C={{ sap_hostagent_ssl_country }}"
-  become: yes
+  become: true
   become_user: sapadm
   args:
     chdir: /usr/sap/hostctrl/exe/
@@ -48,7 +48,7 @@
     -p SAPSSLS.pse
     -x "{{ sap_hostagent_ssl_passwd }}"
     -O sapadm
-  become: yes
+  become: true
   become_user: sapadm
   args:
     chdir: /usr/sap/hostctrl/exe/
@@ -79,7 +79,7 @@
     /usr/sap/hostctrl/exe/sapgenpse get_my_name
     -x "{{ sap_hostagent_ssl_passwd }}"
     -v
-  become: yes
+  become: true
   become_user: sapadm
   args:
     chdir: /usr/sap/hostctrl/exe/
diff --git a/roles/sap_netweaver_preconfigure/README.md b/roles/sap_netweaver_preconfigure/README.md
index fc321756..668ff3a9 100644
--- a/roles/sap_netweaver_preconfigure/README.md
+++ b/roles/sap_netweaver_preconfigure/README.md
@@ -115,6 +115,13 @@ In assertion mode, the role will abort when encountering any assertion error.<br
 If this parameter is set to `false`, the role will *not* abort when encountering an assertion error.<br>
 This is useful if the role is used for reporting a system's SAP notes compliance.<br>
 
+### sap_netweaver_preconfigure_packages
+- _Type:_ `list` with elements of type `str`
+- _Default:_ (set by platform/environment specific variables)
+
+The list of packages to be installed for SAP NETWEAVER.<br>
+The default for this variable is set in the vars file which corresponds to the detected OS version.<br>
+
 ### sap_netweaver_preconfigure_min_swap_space_mb
 - _Type:_ `str`
 - _Default:_ `20480`
@@ -156,4 +163,4 @@ Set this parameter to `true` when using Adobe Document Services, to ensure all r
 
 (SUSE specific) Specifies the saptune solution to apply.<br>
 Available values: `NETWEAVER`, `NETWEAVER+HANA`, `S4HANA-APP+DB`, `S4HANA-APPSERVER`, `S4HANA-DBSERVER`
-<!-- END Role Variables -->
\ No newline at end of file
+<!-- END Role Variables -->
diff --git a/roles/sap_netweaver_preconfigure/defaults/main.yml b/roles/sap_netweaver_preconfigure/defaults/main.yml
index a1bea12c..9e0b5aff 100644
--- a/roles/sap_netweaver_preconfigure/defaults/main.yml
+++ b/roles/sap_netweaver_preconfigure/defaults/main.yml
@@ -16,6 +16,25 @@ sap_netweaver_preconfigure_rpath: '/usr/sap/lib'
 
 sap_netweaver_preconfigure_use_adobe_doc_services: false
 
+sap_netweaver_preconfigure_packages: "{{ __sap_netweaver_preconfigure_packages }}"
+# The list of packages to be installed for SAP NETWEAVER.
+# The default for this variable is set in the vars file which corresponds to the detected OS version.
+
+# Set this parameter to `true` to update the system to the latest package levels.
+sap_netweaver_preconfigure_update: false
+
+# Set to `true` if you want to perform a reboot at the end of the role, if necessary.
+sap_netweaver_preconfigure_reboot_ok: false
+
+# If `sap_netweaver_preconfigure_reboot_ok` is set to `false`, which is the default, a reboot requirement should not
+# remain unnoticed. For this reason, we let the role fail. Set this parameter to `false` to override this behavior.
+# Can be useful if you want to implement your own reboot handling.
+sap_netweaver_preconfigure_fail_if_reboot_required: true
+
+# By default, the role will run `grub2-mkconfig` to update the Grub configuration if necessary.
+# Set this parameter to `false` if this is not desired.
+sap_netweaver_preconfigure_run_grub2_mkconfig: true
+
 # (SUSE specific) Version of saptune to install.
 # It is recommended to install latest version by keeping this variable empty.
 # This will replace the current installed version if present, even downgrade if necessary.
diff --git a/roles/sap_netweaver_preconfigure/handlers/main.yml b/roles/sap_netweaver_preconfigure/handlers/main.yml
index 1c3157ad..cdc2b846 100644
--- a/roles/sap_netweaver_preconfigure/handlers/main.yml
+++ b/roles/sap_netweaver_preconfigure/handlers/main.yml
@@ -1,3 +1,119 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
-# handlers file for sap_netweaver_preconfigure
+
+# BEGIN - GRUB section
+- name: "Check if server is booted in BIOS or UEFI mode"
+  ansible.builtin.stat:
+    path: /sys/firmware/efi
+    get_checksum: false
+  register: __sap_netweaver_preconfigure_register_stat_sys_firmware_efi
+  listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - sap_netweaver_preconfigure_run_grub2_mkconfig | d(true)
+
+- name: Debug BIOS or UEFI
+  ansible.builtin.debug:
+    var: __sap_netweaver_preconfigure_register_stat_sys_firmware_efi.stat.exists
+  listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - sap_netweaver_preconfigure_run_grub2_mkconfig | d(true)
+
+- name: "Run grub-mkconfig (BIOS mode)"
+  ansible.builtin.command:
+    cmd: grub2-mkconfig -o /boot/grub2/grub.cfg
+  register: __sap_netweaver_preconfigure_register_grub2_mkconfig_bios_mode
+  changed_when: true
+  listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler
+  notify: __sap_netweaver_preconfigure_reboot_handler
+  when:
+    - not __sap_netweaver_preconfigure_register_stat_sys_firmware_efi.stat.exists
+    - sap_netweaver_preconfigure_run_grub2_mkconfig | d(true)
+
+- name: "Debug grub-mkconfig BIOS mode"
+  ansible.builtin.debug:
+    var: __sap_netweaver_preconfigure_register_grub2_mkconfig_bios_mode.stdout_lines,
+         __sap_netweaver_preconfigure_register_grub2_mkconfig_bios_mode.stderr_lines
+  listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - not __sap_netweaver_preconfigure_register_stat_sys_firmware_efi.stat.exists
+    - sap_netweaver_preconfigure_run_grub2_mkconfig | d(true)
+
+- name: "Set the grub.cfg location RHEL"
+  ansible.builtin.set_fact:
+    __sap_netweaver_preconfigure_uefi_boot_dir: /boot/efi/EFI/redhat/grub.cfg
+  listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - ansible_distribution == 'RedHat'
+
+- name: "Set the grub.cfg location SLES"
+  ansible.builtin.set_fact:
+    __sap_netweaver_preconfigure_uefi_boot_dir: /boot/efi/EFI/BOOT/grub.cfg
+  listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - ansible_distribution == 'SLES' or ansible_distribution == 'SLES_SAP'
+
+- name: "Run grub-mkconfig (UEFI mode)"
+  ansible.builtin.command:
+    cmd: "grub2-mkconfig -o {{ __sap_netweaver_preconfigure_uefi_boot_dir }}"
+  register: __sap_netweaver_preconfigure_register_grub2_mkconfig_uefi_mode
+  changed_when: true
+  listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler
+  notify: __sap_netweaver_preconfigure_reboot_handler
+  when:
+    - __sap_netweaver_preconfigure_register_stat_sys_firmware_efi.stat.exists
+    - sap_netweaver_preconfigure_run_grub2_mkconfig | d(true)
+
+- name: "Debug grub-mkconfig UEFI"
+  ansible.builtin.debug:
+    var: __sap_netweaver_preconfigure_register_grub2_mkconfig_uefi_mode.stdout_lines,
+         __sap_netweaver_preconfigure_register_grub2_mkconfig_uefi_mode.stderr_lines
+  listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - __sap_netweaver_preconfigure_register_stat_sys_firmware_efi.stat.exists
+    - sap_netweaver_preconfigure_run_grub2_mkconfig | d(true)
+
+# END - GRUB section
+
+
+- name: Reboot the managed node
+  ansible.builtin.reboot:
+    test_command: /bin/true
+  listen: __sap_netweaver_preconfigure_reboot_handler
+  when:
+    - sap_netweaver_preconfigure_reboot_ok | d(false)
+
+
+# Kernel update triggers zypper purge-kernels and lock after reboot.
+- name: Wait for Zypper lock to be released
+  ansible.builtin.command:
+    cmd: zypper info zypper
+  retries: 20
+  timeout: 30
+  listen: __sap_netweaver_preconfigure_reboot_handler
+  when:
+    - ansible_os_family == 'Suse'
+    - sap_netweaver_preconfigure_reboot_ok | d(false)
+  changed_when: false
+
+
+- name: Let the role fail if a reboot is required
+  ansible.builtin.fail:
+    msg: Reboot is required!
+  listen: __sap_netweaver_preconfigure_reboot_handler
+  when:
+    - sap_netweaver_preconfigure_fail_if_reboot_required | d(true)
+    - not sap_netweaver_preconfigure_reboot_ok | d(false)
+
+- name: Show a warning message if a reboot is required
+  ansible.builtin.debug:
+    msg: "WARN: Reboot is required!"
+  listen: __sap_netweaver_preconfigure_reboot_handler
+  when:
+    - not sap_netweaver_preconfigure_fail_if_reboot_required | d(true)
+    - not sap_netweaver_preconfigure_reboot_ok | d(false)
+
+- name: Unmask packagekit.service
+  ansible.builtin.systemd_service:
+    name: packagekit.service
+    masked: false
+  listen: __sap_netweaver_preconfigure_packagekit_handler
diff --git a/roles/sap_netweaver_preconfigure/meta/argument_specs.yml b/roles/sap_netweaver_preconfigure/meta/argument_specs.yml
index f9392052..9b1eddf4 100644
--- a/roles/sap_netweaver_preconfigure/meta/argument_specs.yml
+++ b/roles/sap_netweaver_preconfigure/meta/argument_specs.yml
@@ -8,19 +8,6 @@ argument_specs:
     short_description: Variables for SAP NetWeaver preconfiguration
     options:
 
-#      sap_netweaver_preconfigure_...
-#        default:
-#        description:
-#           -
-#        example:
-#
-#        required: false
-#        type:
-#        options: # additional options for lists and dicts
-#          <param>:
-#            description:
-#            ...
-
       sap_netweaver_preconfigure_config_all:
         default: true
         description:
@@ -61,6 +48,15 @@ argument_specs:
         required: false
         type: bool
 
+      sap_netweaver_preconfigure_packages:
+        default: "{{ __sap_netweaver_preconfigure_packages }}"
+        description:
+          - The list of packages to be installed for SAP NETWEAVER.
+          - The default for this variable is set in the vars file which corresponds to the detected OS version.
+        required: false
+        type: list
+        elements: str
+
       sap_netweaver_preconfigure_min_swap_space_mb:
         default: '20480'
         description:
diff --git a/roles/sap_netweaver_preconfigure/tasks/RedHat/assert-installation.yml b/roles/sap_netweaver_preconfigure/tasks/RedHat/assert-installation.yml
index 2c1f8eac..c0190f75 100644
--- a/roles/sap_netweaver_preconfigure/tasks/RedHat/assert-installation.yml
+++ b/roles/sap_netweaver_preconfigure/tasks/RedHat/assert-installation.yml
@@ -1,13 +1,16 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+- name: Gather package facts
+  ansible.builtin.package_facts:
+
 - name: Assert that all required packages are installed
   ansible.builtin.assert:
     that: line_item in ansible_facts.packages
     fail_msg: "FAIL: Package '{{ line_item }}' is not installed!"
     success_msg: "PASS: Package '{{ line_item }}' is installed."
   with_items:
-    - "{{ __sap_netweaver_preconfigure_packages }}"
+    - "{{ sap_netweaver_preconfigure_packages }}"
   loop_control:
     loop_var: line_item
   ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}"
diff --git a/roles/sap_netweaver_preconfigure/tasks/RedHat/installation.yml b/roles/sap_netweaver_preconfigure/tasks/RedHat/installation.yml
index bbd3763b..a0ba2181 100644
--- a/roles/sap_netweaver_preconfigure/tasks/RedHat/installation.yml
+++ b/roles/sap_netweaver_preconfigure/tasks/RedHat/installation.yml
@@ -1,10 +1,13 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
+- name: Gather package facts
+  ansible.builtin.package_facts:
+
 - name: Ensure required packages for SAP NetWeaver are installed
   ansible.builtin.package:
     state: present
-    name: "{{ __sap_netweaver_preconfigure_packages }}"
+    name: "{{ sap_netweaver_preconfigure_packages }}"
 
 - name: Ensure required packages for Adobe Document Services are installed, x86_64 only
   ansible.builtin.package:
diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/assert-configuration.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/assert-configuration.yml
index 8c0ff3c3..44f5362e 100644
--- a/roles/sap_netweaver_preconfigure/tasks/SLES/assert-configuration.yml
+++ b/roles/sap_netweaver_preconfigure/tasks/SLES/assert-configuration.yml
@@ -1,54 +1,57 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
-- name: Populate service facts
-  ansible.builtin.service_facts:
 
-- name: Assert that saptune is running and enabled
-  ansible.builtin.assert:
-    that:
-      - "ansible_facts.services['saptune.service'].state == 'running'"
-      - "ansible_facts.services['saptune.service'].status == 'enabled'"
-    fail_msg: "FAIL: the service 'saptune' is not configured as expected"
-    success_msg: "PASS: the service 'saptune' is configured as expected"
-
-- name: Run saptune_check
-  ansible.builtin.command: saptune_check
-  register: __sap_netweaver_preconfigure_register_saptune_check
-  changed_when: false
-  failed_when: false
-
-- name: Assert that saptune_check executed correctly
-  ansible.builtin.assert:
-    that: "__sap_netweaver_preconfigure_register_saptune_check.rc == 0"
-    fail_msg: "FAIL: the command saptune_check fails"
-    success_msg: "PASS: the command saptune_check executes as expected"
-
-- name: Discover active solution
-  ansible.builtin.command: saptune solution enabled
-  register: __sap_netweaver_preconfigure_register_saptune_status
-  changed_when: false
-
-- name: Set solution fact
-  ansible.builtin.set_fact:
-    __sap_netweaver_preconfigure_saptune_configured_solution: "{{ (__sap_netweaver_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}"
+- name: Assert that saptune solution is correct
+  when: __sap_netweaver_preconfigure_use_saptune
+  block:
+    - name: Discover active solution
+      ansible.builtin.command:
+        cmd: saptune solution enabled
+      register: __sap_netweaver_preconfigure_register_saptune_status
+      changed_when: false
+      ignore_errors: true
+
+    - name: Set fact for active solution
+      ansible.builtin.set_fact:
+        # Capture the first block on none whitespace
+        __sap_netweaver_preconfigure_register_solution_configured:
+          "{{ (__sap_netweaver_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}"
+
+    - name: Assert that active solution is the expected solution
+      ansible.builtin.assert:
+        that: __sap_netweaver_preconfigure_register_solution_configured == sap_netweaver_preconfigure_saptune_solution
+        fail_msg: "FAIL: the configured saptune solution is '{{ __sap_netweaver_preconfigure_register_solution_configured
+          }}'' and does not match the expected solution '{{ sap_netweaver_preconfigure_saptune_solution }}'"
+        success_msg: "PASS: the configured saptune solution matches the expected solution '{{ sap_netweaver_preconfigure_saptune_solution }}'"
+      ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}"
+
+    - name: Verify saptune solution
+      ansible.builtin.command:
+        cmd: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}"
+      register: __sap_netweaver_preconfigure_register_saptune_verify
+      changed_when: false
+      failed_when: false
+      when:
+        - __sap_netweaver_preconfigure_register_solution_configured == sap_netweaver_preconfigure_saptune_solution
+
+
+    - name: Assert that saptune solution is verified by saptune
+      ansible.builtin.assert:
+        that: "{{ __sap_netweaver_preconfigure_register_saptune_verify.rc == 0 }}"
+        success_msg: "PASS: saptune solution {{ sap_netweaver_preconfigure_saptune_solution }} is verified by saptune."
+        fail_msg: |
+          "FAIL: active saptune solution is not verified by saptune! See details below:"
+          {{ __sap_netweaver_preconfigure_register_saptune_verify.stdout_lines }}
+          {{ __sap_netweaver_preconfigure_register_saptune_verify.stderr_lines }}
+      when:
+        - __sap_netweaver_preconfigure_register_solution_configured == sap_netweaver_preconfigure_saptune_solution
 
-- name: Discover active solution
-  ansible.builtin.command: saptune solution enabled
-  register: __sap_netweaver_preconfigure_register_saptune_status
-  changed_when: false
-
-- name: Set fact for active solution
-  ansible.builtin.set_fact:
-    __sap_netweaver_preconfigure_fact_solution_configured: "{{ (__sap_netweaver_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" # Capture the first block on none whitespace
-
-- name: Assert that active solution is the expected solution
-  ansible.builtin.assert:
-    that: __sap_netweaver_preconfigure_fact_solution_configured == sap_netweaver_preconfigure_saptune_solution
-    fail_msg: "FAIL: the configured saptune solution is '{{ __sap_netweaver_preconfigure_saptune_configured_solution }}'' and does not match the expected solution '{{ sap_netweaver_preconfigure_saptune_solution }}'"
-    success_msg: "PASS: the configured saptune solution matches the expected solution '{{ sap_netweaver_preconfigure_saptune_solution }}'"
 
 - name: Assert that adequate swap is configured
   ansible.builtin.assert:
-    that: ansible_swaptotal_mb > sap_netweaver_preconfigure_min_swap_space_mb|int
-    fail_msg: "FAIL: A minimum of {{ sap_netweaver_preconfigure_min_swap_space_mb }}MiB is required but only {{ ansible_swaptotal_mb }}MiB was discovered"
-    success_msg: "PASS: the system has at least {{ sap_netweaver_preconfigure_min_swap_space_mb }}MiB of swap configured"
+    that: ansible_swaptotal_mb > (sap_netweaver_preconfigure_min_swap_space_mb | int)
+    fail_msg: "FAIL: A minimum of {{ sap_netweaver_preconfigure_min_swap_space_mb
+     }}MiB is required but only {{ ansible_swaptotal_mb }}MiB was discovered"
+    success_msg: "PASS: the system has at least {{ sap_netweaver_preconfigure_min_swap_space_mb
+     }}MiB of swap configured"
+  when: sap_netweaver_preconfigure_fail_if_not_enough_swap_space_configured
diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/assert-installation.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/assert-installation.yml
index 077317a4..dfb93412 100644
--- a/roles/sap_netweaver_preconfigure/tasks/SLES/assert-installation.yml
+++ b/roles/sap_netweaver_preconfigure/tasks/SLES/assert-installation.yml
@@ -1,20 +1,108 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
-#- name: Enable Debugging
-#  debug:
-#    verbosity: "{{ debuglevel }}"
-#
-#Capture all patterns along with their install status
 
-- name: Ensure required packages for SAP NetWeaver are installed
+# Check rpm --whatprovides only if package cannot be found directly.
+- name: Query RPM packages
+  ansible.builtin.shell:
+    cmd: |
+      if rpm -q {{ item }} &> /dev/null;
+      then rpm -q {{ item }}
+      else rpm -q --whatprovides {{ item }};
+      fi
+  register: __sap_netweaver_preconfigure_register_packages
+  changed_when: false
+  ignore_errors: true
+  loop: "{{ sap_netweaver_preconfigure_packages }}"
+
+
+- name: Assert that all required packages are installed
+  ansible.builtin.assert:
+    that: __sap_netweaver_preconfigure_register_packages.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0
+    fail_msg: "FAIL: Package '{{ item }}' is not installed!"
+    success_msg: "PASS: Package '{{ item }}' is installed."
+  loop: "{{ sap_netweaver_preconfigure_packages }}"
+  ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}"
+
+
+- name: Gather service facts
+  ansible.builtin.service_facts:
+
+# Service packagekit is part of PackageKit-backend-zypp (SLE-Module-Desktop-Applications)
+# This service creates zypper locks and causes package install failures.
+- name: Wait for stop of packagekit.service
+  ansible.builtin.shell: |
+    set -o pipefail && bash -c '
+    while (ps aux | grep "[z]ypper" | grep -v grep) || (ps aux | grep "/usr/lib/packagekitd" | grep -v grep) ||
+     ([ -f /var/run/zypp.pid ] && [ -s /var/run/zypp.pid ]); do
+      sleep 10;
+    done'
+  register: __packagekit_service_check
+  changed_when: false
+  until: __packagekit_service_check.rc == 0
+  retries: 60
+  when: "'packagekit.service' in ansible_facts.services"
+
+- name: Get info about possible package updates # noqa command-instead-of-module
+  ansible.builtin.command:
+    cmd: zypper -q patch-check
+  timeout: 60
+  register: __sap_netweaver_preconfigure_register_zypper_check_update_assert
+  changed_when: false
+  ignore_errors: true  # true, because unpatched system is always error.
+  when: sap_netweaver_preconfigure_update
+
+- name: Assert that there are no more possible package updates
   ansible.builtin.assert:
-    that: package in ansible_facts.packages
-  loop: "{{ __sap_netweaver_preconfigure_packages }}"
-  loop_control:
-    loop_var: package
+    that: __sap_netweaver_preconfigure_register_zypper_check_update_assert.rc == 0
+    fail_msg: "FAIL: System needs to be updated!"
+    success_msg: "PASS: There are no more outstanding package updates."
+  ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}"
+  when: sap_netweaver_preconfigure_update
+
+- name: Report if checking for possible package updates is not requested
+  ansible.builtin.debug:
+    msg: "INFO: Not checking for possible package updates (variable sap_netweaver_preconfigure_update)."
+  ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}"
+  when: not sap_netweaver_preconfigure_update
+
+
+# Reason for noqa: The command to be executed might contain pipes
+- name: Determine if the system needs to be restarted # noqa command-instead-of-shell
+  ansible.builtin.shell:
+    cmd: "zypper ps"
+  retries: 60
+  timeout: 5
+  register: __sap_netweaver_preconfigure_register_needs_restarting_assert
+  changed_when: false
+  check_mode: false
+  ignore_errors: true  # true, because output is too large.
 
-- name: Assert saptune is at requested version
+- name: Assert that system needs no restart
   ansible.builtin.assert:
-    that: ansible_facts.packages['saptune'][0]['version'] == sap_netweaver_preconfigure_saptune_version
-    fail_msg: "FAIL: saptune version installed is {{ ansible_facts.packages['saptune'][0]['version'] }} but the version {{ sap_netweaver_preconfigure_saptune_version }} was expected"
-    success_msg: "PASS: the installed version of saptune meets the expected version: {{ sap_netweaver_preconfigure_saptune_version }}"
+    that: __sap_netweaver_preconfigure_register_needs_restarting_assert is success
+    fail_msg: "FAIL: System needs to be restarted!"
+    success_msg: "PASS: System needs no restart."
+  ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}"
+
+
+- name: Block to assert that correct saptune version is installed
+  when:
+    - __sap_netweaver_preconfigure_use_saptune
+    - sap_netweaver_preconfigure_saptune_version is defined
+    - sap_netweaver_preconfigure_saptune_version | length > 0
+  block:
+    # We are checking for %{VERSION} (e.g. 3.1.4), not full %{VERSION}-%{RELEASE}.%{ARCH}
+    - name: Check saptune version  # noqa: command-instead-of-module
+      ansible.builtin.command:
+        cmd: rpm -q --queryformat '%{VERSION}\n' saptune
+      register: __sap_netweaver_preconfigure_register_saptune_version
+      changed_when: false
+      ignore_errors: true
+
+    - name: Assert saptune is at requested version
+      ansible.builtin.assert:
+        that: __sap_netweaver_preconfigure_register_saptune_version.stdout == sap_netweaver_preconfigure_saptune_version
+        fail_msg: "FAIL: saptune version installed is {{ __sap_netweaver_preconfigure_register_saptune_version.stdout
+          }} but the version {{ sap_netweaver_preconfigure_saptune_version }} was expected"
+        success_msg: "PASS: the installed version of saptune meets the expected version: {{ sap_netweaver_preconfigure_saptune_version }}"
+      when: __sap_netweaver_preconfigure_register_saptune_version.rc = 0
diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml
index 5463a110..5c7bf7ce 100644
--- a/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml
+++ b/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml
@@ -1,82 +1,61 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
-- name: Takover saptune and enable
-  when: __sap_netweaver_preconfigure_run_saptune
-  block:
-    - name: Ensure sapconf is stopped and disabled
-      ansible.builtin.systemd:
-        name: sapconf
-        state: stopped
-        enabled: false
-      when: "'sapconf' in ansible_facts.packages"
-
-    - name: Make sure that sapconf and tuned are stopped and disabled
-      ansible.builtin.command: "saptune service takeover"
-      register: __sap_saptune_takeover
-      changed_when: __sap_saptune_takeover.rc == 0
-
-    - name: Ensure saptune is running and enabled
-      ansible.builtin.systemd:
-        name: saptune
-        state: started
-        enabled: true
-
-    - name: Ensure saptune_check executes correctly
-      ansible.builtin.command: saptune_check
-      changed_when: false
 
+- name: Apply saptune solution
+  when: __sap_netweaver_preconfigure_use_saptune
+  block:
     - name: Discover active solution
-      ansible.builtin.command: saptune solution enabled
+      ansible.builtin.command:
+        cmd: saptune solution enabled
       register: __sap_netweaver_preconfigure_register_saptune_status
       changed_when: false
 
     - name: Set fact for active solution
       ansible.builtin.set_fact:
         # Capture the first block on none whitespace
-        __sap_netweaver_preconfigure_fact_solution_configured:
+        __sap_netweaver_preconfigure_register_solution_configured:
           "{{ (__sap_netweaver_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}"
 
-    - name: Check if saptune solution needs to be applied
-      ansible.builtin.command: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}"
-      register: __sap_netweaver_preconfigure_register_saptune_verify
-      changed_when: false # We're only checking, not changing!
-      failed_when: false # We expect this to fail if it has not previously been applied
 
-    - name: Ensure no solution is currently applied
-      ansible.builtin.command: "saptune solution revert {{ __sap_netweaver_preconfigure_fact_solution_configured }}"
+    - name: Revert solution when different to sap_netweaver_preconfigure_saptune_solution
+      ansible.builtin.command:
+        cmd: "saptune solution revert {{ __sap_netweaver_preconfigure_register_solution_configured }}"
       changed_when: true
       when:
-        - __sap_netweaver_preconfigure_fact_solution_configured != 'NONE'
-        - __sap_netweaver_preconfigure_register_saptune_verify.rc != 0
+        - __sap_netweaver_preconfigure_register_solution_configured != 'NONE'
+        - __sap_netweaver_preconfigure_register_solution_configured != sap_netweaver_preconfigure_saptune_solution
+
+
+    - name: Verify saptune solution
+      ansible.builtin.command:
+        cmd: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}"
+      register: __sap_netweaver_preconfigure_register_saptune_verify
+      changed_when: false
+      failed_when: false
+      when:
+        - __sap_netweaver_preconfigure_register_solution_configured == sap_netweaver_preconfigure_saptune_solution
+
 
     - name: Ensure saptune solution is applied
-      ansible.builtin.command: "saptune solution apply {{ sap_netweaver_preconfigure_saptune_solution }}"
+      ansible.builtin.command:
+        cmd: "saptune solution apply {{ sap_netweaver_preconfigure_saptune_solution }}"
       changed_when: true
       when:
-        - __sap_netweaver_preconfigure_register_saptune_verify.rc != 0
+        - __sap_netweaver_preconfigure_register_solution_configured != sap_netweaver_preconfigure_saptune_solution
+          or __sap_netweaver_preconfigure_register_saptune_verify.rc != 0
 
-    - name: Ensure solution was successful
-      ansible.builtin.command: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}"
-      changed_when: false # We're only checking, not changing!
 
-- name: Enable sapconf
-  when: not __sap_netweaver_preconfigure_run_saptune
-  block:
-    - name: Enable sapconf service
-      ansible.builtin.systemd:
-        name: sapconf
-        state: started
-        enabled: true
+    - name: Ensure solution was successful
+      ansible.builtin.command:
+        cmd: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}"
+      changed_when: false
 
-    - name: Restart sapconf service
-      ansible.builtin.systemd:
-        name: sapconf
-        state: restarted
 
 - name: Warn if not enough swap space is configured
   ansible.builtin.fail:
     msg: "The system has only {{ ansible_swaptotal_mb }} MB of swap space configured,
-      which is less than the minimum required amount of {{ sap_netweaver_preconfigure_min_swap_space_mb }} MB for SAP NetWeaver!"
+      which is less than the minimum required amount of {{ sap_netweaver_preconfigure_min_swap_space_mb
+       }} MB for SAP NetWeaver!"
   ignore_errors: true
   when:
     - ansible_swaptotal_mb < sap_netweaver_preconfigure_min_swap_space_mb|int
@@ -85,7 +64,8 @@
 - name: Fail if not enough swap space is configured
   ansible.builtin.fail:
     msg: "The system has only {{ ansible_swaptotal_mb }} MB of swap space configured,
-      which is less than the minimum required amount of {{ sap_netweaver_preconfigure_min_swap_space_mb }} MB for SAP NetWeaver!"
+      which is less than the minimum required amount of {{ sap_netweaver_preconfigure_min_swap_space_mb
+       }} MB for SAP NetWeaver!"
   when:
     - ansible_swaptotal_mb < sap_netweaver_preconfigure_min_swap_space_mb|int
     - sap_netweaver_preconfigure_fail_if_not_enough_swap_space_configured|d(true)
diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/generic/grub_update.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/generic/grub_update.yml
new file mode 100644
index 00000000..6ef1aa8f
--- /dev/null
+++ b/roles/sap_netweaver_preconfigure/tasks/SLES/generic/grub_update.yml
@@ -0,0 +1,39 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# Generic task for updating GRUB configuration using provided list
+
+- name: Update existing GRUB entries
+  ansible.builtin.lineinfile:
+    path: /etc/default/grub
+    regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=".*?)(\b{{ item.split("=")[0] }}=[^ ]*\b)(.*")'
+    line: '\1{{ item }}\3'
+    backrefs: true
+  register: __sap_netweaver_preconfigure_grub_update
+  loop: "{{ __sap_netweaver_preconfigure_grub_cmdline }}"
+
+
+- name: Get current of GRUB
+  ansible.builtin.slurp:
+    path: /etc/default/grub
+  register: __sap_netweaver_preconfigure_grub_contents
+
+
+- name: Add missing GRUB entries
+  ansible.builtin.lineinfile:
+    path: /etc/default/grub
+    regexp: '^GRUB_CMDLINE_LINUX_DEFAULT="(.*?)"'
+    line: 'GRUB_CMDLINE_LINUX_DEFAULT="\1 {{ item }}"'
+    backrefs: true
+  register: __sap_netweaver_preconfigure_grub_add
+  loop: "{{ __sap_netweaver_preconfigure_grub_cmdline }}"
+  when: item not in (__sap_netweaver_preconfigure_grub_contents.content | b64decode)
+
+
+- name: Trigger grub update if necessary # noqa no-changed-when
+  ansible.builtin.command:
+    cmd: /bin/true
+  notify: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler
+  when:
+    - (__sap_netweaver_preconfigure_grub_update.results | selectattr('changed', 'equalto', true) | list | length > 0)
+      or (__sap_netweaver_preconfigure_grub_add.results | selectattr('changed', 'equalto', true) | list | length > 0)
diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/generic/saptune_install.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/generic/saptune_install.yml
new file mode 100644
index 00000000..1b2bb0ce
--- /dev/null
+++ b/roles/sap_netweaver_preconfigure/tasks/SLES/generic/saptune_install.yml
@@ -0,0 +1,47 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# 1275776 - Linux: Preparing SLES for SAP environments
+
+- name: Get contents of /etc/products.d/baseproduct
+  ansible.builtin.stat:
+    path: /etc/products.d/baseproduct
+  register: __sap_netweaver_preconfigure_register_baseproduct
+
+
+- name: Set fact if baseproduct contains SLES without SLES_SAP
+  ansible.builtin.set_fact:
+    __sap_netweaver_preconfigure_use_saptune: false
+  when:
+    - '"SLES_SAP" not in __sap_netweaver_preconfigure_register_baseproduct.stat.lnk_target'
+    - '"SLES" in __sap_netweaver_preconfigure_register_baseproduct.stat.lnk_target
+      and ansible_distribution_major_version | int < 16'
+
+
+- name: Block to ensure saptune is installed
+  when: __sap_netweaver_preconfigure_use_saptune | d(true)
+  block:
+    # Reason for noqa: Zypper supports "state: latest"
+    - name: Ensure latest saptune is installed  # noqa package-latest
+      ansible.builtin.package:
+        name: saptune
+        state: present
+      when:
+        - sap_netweaver_preconfigure_saptune_version is undefined
+         or sap_netweaver_preconfigure_saptune_version | length == 0
+
+    - name: Ensure specific saptune version is installed
+      ansible.builtin.package:
+        name: "saptune={{ sap_netweaver_preconfigure_saptune_version }}"
+        state: present
+      when:
+        - sap_netweaver_preconfigure_saptune_version is defined
+        - sap_netweaver_preconfigure_saptune_version | length > 0
+
+
+- name: Block to ensure sapconf is installed
+  when: not __sap_netweaver_preconfigure_use_saptune | d(true)
+  block:
+    - name: Ensure sapconf is installed
+      ansible.builtin.package:
+        name: "sapconf"
+        state: present
diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/generic/saptune_takeover.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/generic/saptune_takeover.yml
new file mode 100644
index 00000000..17f0047a
--- /dev/null
+++ b/roles/sap_netweaver_preconfigure/tasks/SLES/generic/saptune_takeover.yml
@@ -0,0 +1,100 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# 1275776 - Linux: Preparing SLES for SAP environments
+
+- name: Execute saptune_check - before takeover
+  ansible.builtin.command:
+    cmd: saptune_check
+  register: __sap_netweaver_preconfigure_register_saptune_check_before
+  when: __sap_netweaver_preconfigure_use_saptune
+  changed_when: false
+  failed_when: false
+
+- name: Takeover and enable saptune
+  when:
+    - __sap_netweaver_preconfigure_use_saptune
+    - __sap_netweaver_preconfigure_register_saptune_check_before.rc != 0
+  block:
+    - name: Check saptune version  # noqa: command-instead-of-module
+      ansible.builtin.command:
+        cmd: rpm -q sapconf
+      register: __sap_netweaver_preconfigure_register_sapconf
+      changed_when: false
+      ignore_errors: true
+
+    - name: Ensure sapconf is stopped and disabled
+      ansible.builtin.systemd:
+        name: sapconf
+        state: stopped
+        enabled: false
+      when: __sap_netweaver_preconfigure_register_sapconf
+
+    - name: Make sure that sapconf and tuned are stopped and disabled
+      ansible.builtin.command:
+        cmd: "saptune service takeover"
+      register: __sap_netweaver_preconfigure_register_saptune_takeover
+      changed_when: __sap_netweaver_preconfigure_register_saptune_takeover.rc == 0
+
+    # saptune_check can fail if sapconf is in failed state
+    - name: Check if sapconf.service is failed  # noqa command-instead-of-module
+      ansible.builtin.command:
+        cmd: systemctl is-failed sapconf.service
+      register: __sap_netweaver_preconfigure_register_sapconf_failed
+      changed_when: false
+      ignore_errors: true
+
+    - name: Execute systemctl reset-failed sapconf.service  # noqa command-instead-of-module
+      ansible.builtin.command:
+        cmd: systemctl reset-failed sapconf.service
+      when: __sap_netweaver_preconfigure_register_sapconf_failed.rc == 0
+      changed_when: true
+
+    - name: Ensure saptune is running and enabled
+      ansible.builtin.systemd:
+        name: saptune
+        state: started
+        enabled: true
+
+    - name: Ensure saptune_check executes correctly
+      ansible.builtin.command:
+        cmd: saptune_check
+      register: __sap_netweaver_preconfigure_register_saptune_check_after
+      changed_when: false
+
+
+- name: Check active saptune solution
+  when:
+    - __sap_netweaver_preconfigure_use_saptune
+    - __sap_netweaver_preconfigure_register_saptune_check_before.rc == 0
+      or (__sap_netweaver_preconfigure_register_saptune_check_after.rc == 0)
+  block:
+    - name: Discover active solution
+      ansible.builtin.command:
+        cmd: saptune solution enabled
+      register: __sap_netweaver_preconfigure_register_saptune_status
+      changed_when: false
+
+    - name: Set fact for active solution
+      ansible.builtin.set_fact:
+        # Capture the first block on none whitespace
+        __sap_netweaver_preconfigure_register_solution_configured:
+          "{{ (__sap_netweaver_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}"
+
+    - name: Show configured solution
+      ansible.builtin.debug:
+        var: __sap_netweaver_preconfigure_register_solution_configured
+
+
+- name: Enable sapconf
+  when: not __sap_netweaver_preconfigure_use_saptune
+  block:
+    - name: Enable sapconf service
+      ansible.builtin.systemd:
+        name: sapconf
+        state: started
+        enabled: true
+
+    - name: Restart sapconf service
+      ansible.builtin.systemd:
+        name: sapconf
+        state: restarted
diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml
index 72981ca4..49807a05 100644
--- a/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml
+++ b/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml
@@ -1,55 +1,76 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 
-- name: Ensure required packages for SAP NetWeaver are installed
+- name: Gather service facts
+  ansible.builtin.service_facts:
+
+# Service packagekit is part of PackageKit-backend-zypp (SLE-Module-Desktop-Applications)
+# This service creates zypper locks and causes package install failures.
+# Service cannot be disabled and we have to mask its execution.
+- name: Mask packagekit.service when present
+  ansible.builtin.systemd_service:
+    name: packagekit.service
+    masked: true
+  when: "'packagekit.service' in ansible_facts.services"
+  notify: __sap_netweaver_preconfigure_packagekit_handler
+
+
+- name: Wait for stop of packagekit.service
+  ansible.builtin.shell: |
+    set -o pipefail && bash -c '
+    while (ps aux | grep "[z]ypper" | grep -v grep) || (ps aux | grep "/usr/lib/packagekitd" | grep -v grep) ||
+     ([ -f /var/run/zypp.pid ] && [ -s /var/run/zypp.pid ]); do
+      sleep 10;
+    done'
+  register: __packagekit_service_check
+  changed_when: false
+  until: __packagekit_service_check.rc == 0
+  retries: 60
+  when: "'packagekit.service' in ansible_facts.services"
+
+
+- name: Ensure that the required packages are installed
   ansible.builtin.package:
     state: present
-    name: "{{ __sap_netweaver_preconfigure_packages }}"
+    name: "{{ sap_netweaver_preconfigure_packages }}"
 
-- name: Get contents of /etc/products.d/baseproduct
-  ansible.builtin.stat:
-    path: /etc/products.d/baseproduct
-  register: sles_baseproduct
-  when: ansible_os_family == 'Suse'
 
-- name: Setfact if baseproduct contains SLES without SLES_SAP
-  ansible.builtin.set_fact:
-    __sap_netweaver_preconfigure_run_saptune: false
-  when:
-    - '"SLES_SAP" not in sles_baseproduct.stat.lnk_target'
-    - '"SLES" in sles_baseproduct.stat.lnk_target'
-    - ansible_os_family == 'Suse'
+# Reason for noqa: Zypper supports "state: latest"
+- name: Ensure that the system is updated to the latest patchlevel # noqa package-latest
+  ansible.builtin.package:
+    state: latest
+    name: "*"
+  when: sap_netweaver_preconfigure_update | bool
 
 
-- name: Prepare saptune
-  when:
-    - __sap_netweaver_preconfigure_run_saptune
-  block:
-    - name: Ensure latest saptune is installed
-      community.general.zypper:
-        type: package
-        name: saptune
-        state: present
-      when:
-        - sap_netweaver_preconfigure_saptune_version is undefined
-         or sap_netweaver_preconfigure_saptune_version | length == 0
-
-    - name: Ensure specific saptune version is installed
-      community.general.zypper:
-        type: package
-        name: "saptune={{ sap_netweaver_preconfigure_saptune_version }}"
-        state: present
-        force: true
-      when:
-        - sap_netweaver_preconfigure_saptune_version is defined
-        - sap_netweaver_preconfigure_saptune_version | length > 0
-
-
-- name: Ensure sapconf is installed
-  community.general.zypper:
-    type: package
-    name: "sapconf"
-    state: present
-    force: true
+# 1275776 - Linux: Preparing SLES for SAP environments
+- name: Install saptune if available
+  ansible.builtin.include_tasks:
+    file: generic/saptune_install.yml
+
+- name: Takeover and enable saptune if available
+  ansible.builtin.include_tasks:
+    file: generic/saptune_takeover.yml
+
+
+# Reason for noqa: The command to be executed might contain pipes
+- name: Determine if the system needs to be restarted # noqa command-instead-of-shell
+  ansible.builtin.shell:
+    cmd: "zypper ps"
+  register: __sap_netweaver_preconfigure_register_needs_restarting
+  ignore_errors: true
+  changed_when: false
+  check_mode: false
+
+- name: Display the output of the reboot requirement check
+  ansible.builtin.debug:
+    var: __sap_netweaver_preconfigure_register_needs_restarting
+
+- name: Call Reboot handler if necessary
+  ansible.builtin.command:
+    cmd: /bin/true
+  notify: __sap_netweaver_preconfigure_reboot_handler
+  changed_when: true
   when:
-    - not __sap_netweaver_preconfigure_run_saptune
+    - __sap_netweaver_preconfigure_register_needs_restarting is failed
+      or __sap_netweaver_preconfigure_register_needs_restarting.rc == 102
diff --git a/roles/sap_netweaver_preconfigure/tasks/main.yml b/roles/sap_netweaver_preconfigure/tasks/main.yml
index 2f99c60a..8d9e08a5 100644
--- a/roles/sap_netweaver_preconfigure/tasks/main.yml
+++ b/roles/sap_netweaver_preconfigure/tasks/main.yml
@@ -47,16 +47,6 @@
     assert_prefix: "assert-"
   when: sap_netweaver_preconfigure_assert | d(false)
 
-# Requirement for package_facts Ansible Module
-- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python
-  ansible.builtin.package:
-    name: python3-rpm
-    state: present
-  when: ansible_os_family == "Suse"
-
-# required for installation and configuration tasks:
-- name: Gather package facts
-  ansible.builtin.package_facts:
 
 - name: Include tasks from 'installation.yml'
   ansible.builtin.include_tasks: '{{ item }}/{{ assert_prefix }}installation.yml'
diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/1275776/configuration.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/1275776/configuration.yml
deleted file mode 100644
index 14f2b130..00000000
--- a/roles/sap_netweaver_preconfigure/tasks/sapnote/1275776/configuration.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
----
-
-# - name: "1275776 - Tips & Advice (start sapconf)"
-#   ansible.builtin.service:
-#     name: sapconf
-#     enabled: true
-#     state: started
-
-- name: "1275776 - Configuration saptune"
-  ansible.builtin.command: "saptune daemon start"
-  register: __sap_hana_preconfigure_register_saptune_daemon
-  changed_when: __sap_hana_preconfigure_register_saptune_daemon.rc == 0
-
-# - name: "1275776 - Configuration saptune sap note 2382421"
-#   ansible.builtin.command: "saptune note apply 2382421"
-#   register: __sap_hana_preconfigure_register_saptune_2382421
-#   changed_when: __sap_hana_preconfigure_register_saptune_2382421.rc == 0
diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/1275776/installation.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/1275776/installation.yml
deleted file mode 100644
index 8e26bee9..00000000
--- a/roles/sap_netweaver_preconfigure/tasks/sapnote/1275776/installation.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
----
-
-- name: 1275776 - Installation saptune
-  ansible.builtin.package:
-    name: "saptune"
diff --git a/roles/sap_netweaver_preconfigure/vars/RedHat_10.yml b/roles/sap_netweaver_preconfigure/vars/RedHat_10.yml
new file mode 100644
index 00000000..74dfe774
--- /dev/null
+++ b/roles/sap_netweaver_preconfigure/vars/RedHat_10.yml
@@ -0,0 +1,43 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+
+# vars file for sap_netweaver_preconfigure
+
+__sap_netweaver_preconfigure_sapnotes:
+  - "2526952"
+
+__sap_netweaver_preconfigure_sapnotes_versions:
+  - { number: '2526952', version: '5' }
+
+__sap_netweaver_preconfigure_packages:
+  - tuned-profiles-sap
+
+# SAP note 3242422 v2:
+__sap_netweaver_preconfigure_adobe_doc_services_packages:
+  - autoconf
+  - automake
+  - cyrus-sasl
+  - expat
+  - fontconfig
+  - glibc-devel
+  - keyutils-libs
+  - krb5-libs
+  - libcom_err
+  - libidn2
+  - libselinux
+  - libxcb
+  - nspr
+  - nss
+  - nss-softokn
+  - nss-softokn-freebl
+  - nss-util
+  - openldap
+  - openssl
+  - zlib
+  - libstdc++
+  - libX11
+  - libXau
+  - glibc
+  - libstdc++
+  - libgcc
+  - libuuid
diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml b/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml
deleted file mode 100644
index 42032de7..00000000
--- a/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
----
-# Variables specific to following versions:
-# - SUSE Linux Enterprise Server for SAP Applications 15 SP6
-# - SUSE Linux Enterprise Server 15 SP6
-
-__sap_netweaver_preconfigure_sapnotes:
-  - "1275776"
-
-__sap_netweaver_preconfigure_packages:
-  # Mandatory packages
-  - tcsh
-  - acl
-  - insserv-compat
-  - system-user-uuidd
-  - uuidd
-  # gcc packages
-  - libstdc++6
-  - libatomic1
-  - libgcc_s1
-  - libltdl7
-  # System monitoring
-  - sysstat
-  - cpupower
-  - libcpupower1
-  - libsensors4
-  # Patterns
-  - patterns-base-basesystem
-  - patterns-server-enterprise-sap_server
-  - patterns-yast-yast2_basis
-  # Additional packages
-  - procmail
-  # Not needed but kept for compatibility
-  - hicolor-icon-theme
-  - yast2-auth-client
-  - yast2-auth-server
-  - yast2-theme
-  - yast2-vpn
-
-
-# SLES_SAP is using saptune, but SLES is using sapconf.
-# Default value true runs saptune, but installation.yml auto-detects base product and adjusts.
-__sap_netweaver_preconfigure_run_saptune: true
diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_15.yml b/roles/sap_netweaver_preconfigure/vars/SLES_15.yml
index cc632e33..d69afdd9 100644
--- a/roles/sap_netweaver_preconfigure/vars/SLES_15.yml
+++ b/roles/sap_netweaver_preconfigure/vars/SLES_15.yml
@@ -1,42 +1,49 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 # Variables specific to following versions:
-# - SUSE Linux Enterprise Server for SAP Applications 15
 # - SUSE Linux Enterprise Server 15
 
-__sap_netweaver_preconfigure_sapnotes:
-  - "1275776"
+__sap_netweaver_preconfigure_sapnotes_versions: []
+  # 2578899 - SUSE Linux Enterprise Server 15: Installation Note
+  # Already included in sap_general_preconfigure
+
+  # SAP Notes applicable to NETWEAVER saptune solution:
+  # 941735 1771258 2578899 2993054 1656250 900929
+
+  # 941735 - SAP memory management system for 64-bit Linux systems
+  # kernel.shmall, kernel.shmmax are already default.
+  # ShmFileSystemSizeMB, VSZ_TMPFS_PERCENT are optional parameters for /dev/shm
+
+  # 1771258 - Linux: User and system resource limits
+  # Limits are created by applying saptune solution or predefined in sapconf.
+
+  # 900929 - Linux: STORAGE_PARAMETERS_WRONG_SET and "mmap() failed"
+  # Parameter vm.max_map_count=2147483647 is already default value.
+
 
 __sap_netweaver_preconfigure_packages:
-  # Mandatory packages
+  # Mandatory patterns
+  - patterns-server-enterprise-sap_server
+
+  # Recommended packages
   - tcsh
   - acl
-  - insserv-compat
-  - system-user-uuidd
-  - uuidd
-  # gcc packages
+  - insserv-compat  # Support for System V init scripts
   - libstdc++6
   - libatomic1
   - libgcc_s1
-  - libltdl7
-  # System monitoring
-  - sysstat
+
+  # Recommended for System monitoring
   - cpupower
-  - libcpupower0
+  - "{{ 'libcpupower0' if ansible_distribution_version is version('15.6', '<') else 'libcpupower1' }}"
   - libsensors4
-  # Patterns
-  - patterns-base-basesystem
-  - patterns-server-enterprise-sap_server
-  - patterns-yast-yast2_basis
+
   # Additional packages
+  - nfs-utils
+  - bind-utils
   - procmail
-  # Not needed but kept for compatibility
-  - hicolor-icon-theme
-  - yast2-auth-client
-  - yast2-auth-server
-  - yast2-theme
-  - yast2-vpn
+  - libltdl7
+
 
 # SLES_SAP is using saptune, but SLES is using sapconf.
-# Default value true runs saptune, but installation.yml auto-detects base product and adjusts.
-__sap_netweaver_preconfigure_run_saptune: true
+__sap_netweaver_preconfigure_use_saptune: true
diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_SAP_15.yml b/roles/sap_netweaver_preconfigure/vars/SLES_SAP_15.yml
new file mode 100644
index 00000000..013b5854
--- /dev/null
+++ b/roles/sap_netweaver_preconfigure/vars/SLES_SAP_15.yml
@@ -0,0 +1,50 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# Variables specific to following versions:
+# - SUSE Linux Enterprise Server for SAP Applications 15
+
+__sap_netweaver_preconfigure_sapnotes_versions: []
+  # 2578899 - SUSE Linux Enterprise Server 15: Installation Note
+  # Already included in sap_general_preconfigure
+
+  # SAP Notes applicable to NETWEAVER saptune solution:
+  # 941735 1771258 2578899 2993054 1656250 900929
+
+  # 941735 - SAP memory management system for 64-bit Linux systems
+  # kernel.shmall, kernel.shmmax are already default.
+  # ShmFileSystemSizeMB, VSZ_TMPFS_PERCENT are optional parameters for /dev/shm
+
+  # 1771258 - Linux: User and system resource limits
+  # Limits are created by applying saptune solution or predefined in sapconf.
+
+  # 900929 - Linux: STORAGE_PARAMETERS_WRONG_SET and "mmap() failed"
+  # Parameter vm.max_map_count=2147483647 is already default value.
+
+
+__sap_netweaver_preconfigure_packages:
+  # Mandatory patterns
+  - patterns-server-enterprise-sap_server
+  - patterns-sap-nw
+
+  # Recommended packages
+  - tcsh
+  - acl
+  - insserv-compat  # Support for System V init scripts
+  - libstdc++6
+  - libatomic1
+  - libgcc_s1
+
+  # Recommended for System monitoring
+  - cpupower
+  - "{{ 'libcpupower0' if ansible_distribution_version is version('15.6', '<') else 'libcpupower1' }}"
+  - libsensors4
+
+  # Additional packages
+  - nfs-utils
+  - bind-utils
+  - procmail
+  - libltdl7
+
+
+# SLES_SAP is using saptune, but SLES is using sapconf.
+__sap_netweaver_preconfigure_use_saptune: true
diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_SAP_16.yml b/roles/sap_netweaver_preconfigure/vars/SLES_SAP_16.yml
new file mode 100644
index 00000000..54298851
--- /dev/null
+++ b/roles/sap_netweaver_preconfigure/vars/SLES_SAP_16.yml
@@ -0,0 +1,40 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# Variables specific to following versions:
+# - SUSE Linux Enterprise Server for SAP Applications 16
+
+__sap_netweaver_preconfigure_sapnotes_versions: []
+
+__sap_netweaver_preconfigure_packages:
+  # Mandatory patterns
+  - patterns-sap-APP
+
+  # Recommended packages
+  - tcsh
+  - psmisc
+  - acl
+  - uuidd
+
+  # 2578899 is not updated for SLES 16 yet.
+  - uuidd
+  - sysstat
+  - sysctl-logger
+
+  # 3139184 - Linux: systemd integration for sapstartsrv and SAP Host Agent
+  - polkit
+
+  # Recommended for System monitoring
+  - cpupower
+  - libcpupower1
+  - libsensors4
+
+  # Additional packages
+  - nfs-utils
+  - bind-utils
+  - procmail
+  - libltdl7
+
+
+# SLES_SAP is using saptune, but SLES is using sapconf.
+# Default value true runs saptune, but installation.yml auto-detects base product and adjusts.
+__sap_netweaver_preconfigure_use_saptune: true
diff --git a/roles/sap_netweaver_preconfigure/vars/main.yml b/roles/sap_netweaver_preconfigure/vars/main.yml
index 42ac2257..4a702628 100644
--- a/roles/sap_netweaver_preconfigure/vars/main.yml
+++ b/roles/sap_netweaver_preconfigure/vars/main.yml
@@ -4,3 +4,6 @@
 # define variables here that will not change
 # Those are valid for all OS
 #
+
+# dummy entry for passing the arg spec validation:
+__sap_netweaver_preconfigure_packages: []
diff --git a/roles/sap_swpm/README.md b/roles/sap_swpm/README.md
index aafa3f75..7fa683c3 100644
--- a/roles/sap_swpm/README.md
+++ b/roles/sap_swpm/README.md
@@ -51,7 +51,7 @@ Alternatively, you can place all the files mentioned above into a single directo
 ### Recommended
 It is recommended to execute this role together with other roles in this collection, in the following order:</br>
 1. [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure)
-2. [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure)
+2. [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure)
 3. [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect)
 4. *`sap_swpm`*
 
@@ -110,6 +110,8 @@ It is also possible to use method 1 for creating the inifile and then replace or
 - Set expiry of Linux created users to 'never'
 
 - (Optional) Apply firewall rules for SAP Netweaver if `sap_swpm_setup_firewall` is set to `true` (Default: `false`).
+
+- (Optional) Handle the execution of SUM if SWPM started it (See Up-To-Date Installation below).
 <!-- END Execution Flow -->
 
 ### Example
@@ -181,6 +183,16 @@ With the following tags, the role can be called to perform certain activities on
 - tag `sap_swpm_update_etchosts`: Only update file `/etc/hosts` (but only if variable `sap_swpm_update_etchosts` is set to `true`).
 <!-- END Role Tags -->
 
+## Additional information
+<!-- BEGIN UDI -->
+### Up-To-Date Installation (UDI)
+The Software Update Manager can run on any host with an Application Server instance (e.g. NWAS ABAP PAS/AAS, NWAS JAVA CI/AAS) with correct permissions to access /usr/sap/ and /sapmnt/ directories.
+
+When using the Software Provisioning Manager (SWPM) with a Maintenance Planner Stack XML file to perform an "up-to-date installation" (UDI) - it will start the Software Update Manager (SUM) automatically at the end of the installation process. This UDI feature applies only to SAP ABAP Platform / SAP NetWeaver, and must be performed from the Primary Application Server instance (i.e. NWAS ABAP PAS, or a OneHost installation).
+
+Furthermore, during SWPM variable selection the enabling of Transport Management System (TMS) is required, see SAP Note 2522253 - SWPM can not call SUM automatically when doing the up-to-date installation.
+<!-- END UDI -->
+
 ## License
 <!-- BEGIN License -->
 Apache 2.0
diff --git a/roles/sap_swpm/defaults/main.yml b/roles/sap_swpm/defaults/main.yml
index 28913cb7..89bf1902 100644
--- a/roles/sap_swpm/defaults/main.yml
+++ b/roles/sap_swpm/defaults/main.yml
@@ -449,3 +449,6 @@ sap_swpm_update_etchosts: false
 
 # Display SAP SWPM Unattended Mode output (sapinst stdout)
 sap_swpm_display_unattended_output: false
+
+# Set which Ansible Collection to use when calling sap_install roles.
+sap_swpm_sap_install_collection: 'community.sap_install'
diff --git a/roles/sap_swpm/tasks/post_install.yml b/roles/sap_swpm/tasks/post_install.yml
index 65fba3cf..33fdc96f 100644
--- a/roles/sap_swpm/tasks/post_install.yml
+++ b/roles/sap_swpm/tasks/post_install.yml
@@ -57,3 +57,13 @@
     - __sap_swpm_post_install_register_hdbuserstore_exists.stat.exists
   register: __sap_swpm_post_install_register_hdbuserstore_connection
   changed_when: __sap_swpm_post_install_register_hdbuserstore_connection is succeeded
+
+# Now that SWPM finished we may need to deal with SUM before continuing when sap_swpm_sum_start: 'true'
+# and if we are doing OneHost or CI/PAS installation
+# If observer mode is enabled, SWPM will wait for SUM to finish before continuing so we can't do anything here
+- name: SAP SWPM Post Install - Control SUM if required
+  ansible.builtin.include_tasks: post_install/sum_push_to_finish.yml
+  when:
+    - sap_swpm_sum_start
+    - not sap_swpm_swpm_observer_mode
+    - "'NW_ABAP_CI:' in sap_swpm_product_catalog_id or 'NW_ABAP_OneHost:' in sap_swpm_product_catalog_id"
diff --git a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml
new file mode 100644
index 00000000..24e416a2
--- /dev/null
+++ b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml
@@ -0,0 +1,188 @@
+# SPDX-License-Identifier: Apache-2.0
+---
+# Will keep pushing SUM through the two key manual steps until it finishes
+# This allows to fully automate the SWPM+SUM installation process
+# Based on research by @sean-freeman
+
+# Check if the SUMup process is running, give it 5 minutes to start
+- name: Check if SAPup_real process is running (wait for 5 minutes until it starts)
+  ansible.builtin.command: pgrep -c -u "{{ sap_swpm_sid | lower }}adm" -f SAPup_real
+  register: _sapup_process
+  retries: 5
+  delay: 60
+  until: _sapup_process.rc == 0 and _sapup_process.stdout|int > 0
+  failed_when: _sapup_process.rc != 0
+  changed_when: false
+
+- name: Print SUM monitoring and action URLs
+  ansible.builtin.debug:
+    msg:
+      - "Check the following URLs for SAP Software Update Manager (SUM) monitoring or actions:"
+      - "Note: If these URLs don't work, check the sapinst.log file for the correct URLs."
+      - "SUM Monitor - https://{{ ansible_fqdn }}:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/monitor/index.html"
+      - "SUM Admin - https://{{ ansible_fqdn }}:1129/lmsl/sumabap/{{ sap_swpm_sid | upper }}/slui/"
+      - "SUM Admin Utilities - https://{{ ansible_fqdn }}:1129/lmsl/sumabap/{{ sap_swpm_sid | upper }}/slui_ext/"
+
+# Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until we are in BIND_PATCH phase
+- name: Checking the status of SUM (BIND_PATCH)
+  ansible.builtin.uri:
+    url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML"
+    method: GET
+    validate_certs: false
+    return_content: true
+    status_code: 200
+    user: "{{ sap_swpm_sid | lower }}adm"
+    password: "{{ sap_swpm_sap_sidadm_password }}"
+  register: _sap_swpm_sum_push
+  until: _sap_swpm_sum_push.status == 200 and '<dialogId>SUM4ABAP|CONFIGURE|PREP_EXTENSION|BIND_PATCH|PatchSelection</dialogId>' in  _sap_swpm_sum_push.content
+  retries: 60
+  delay: 60
+  failed_when: _sap_swpm_sum_push.status != 200 or '<dialogId>SUM4ABAP|CONFIGURE|PREP_EXTENSION|BIND_PATCH|PatchSelection</dialogId>' not in _sap_swpm_sum_push.content
+
+# Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly
+- name: Get the config XML from SUM (BIND_PATCH)
+  ansible.builtin.uri:
+    url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config"
+    method: GET
+    validate_certs: false
+    return_content: true
+    status_code: 200
+    user: "{{ sap_swpm_sid | lower }}adm"
+    password: "{{ sap_swpm_sap_sidadm_password }}"
+    # headers:
+    #   Cookie: "{{ _sap_swpm_sum_push.cookies_string }}"
+  register: _sap_swpm_sum_push_config
+  until: _sap_swpm_sum_push_config.status == 200
+  retries: 3
+  delay: 60
+  failed_when: _sap_swpm_sum_push_config.status != 200
+
+# Get the CSRF token from SUM by calling config
+- name: Get the CSRF token from SUM (BIND_PATCH)
+  ansible.builtin.uri:
+    url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config"
+    method: GET
+    validate_certs: false
+    return_content: false
+    status_code: 200
+    user: "{{ sap_swpm_sid | lower }}adm"
+    password: "{{ sap_swpm_sap_sidadm_password }}"
+    headers:
+      Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}"
+      X-CSRF-Token: Fetch
+      # X-Requested-With: XMLHttpRequest
+  register: _sap_swpm_sum_push
+  failed_when: _sap_swpm_sum_push.status != 200
+
+# Post the config XML back to SUM unchanged as we want to keep the default patch levels as per the XML file. This will move SUM to the next step.
+- name: Move SUM to the next step (SPAUINFO)
+  ansible.builtin.uri:
+    url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config"
+    method: POST
+    validate_certs: false
+    return_content: true
+    status_code: 200
+    user: "{{ sap_swpm_sid | lower }}adm"
+    password: "{{ sap_swpm_sap_sidadm_password }}"
+    headers:
+      Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}"
+      X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}"
+    body_format: raw
+    body: "{{ _sap_swpm_sum_push_config.content }}"
+  register: _sap_swpm_sum_push
+  until: _sap_swpm_sum_push.status == 200
+  failed_when: _sap_swpm_sum_push.status != 200
+
+# At this point SUM should be running. This will take anything between 6-12 hours to complete.
+# Patiently check every 10 minutes to see if SUM has completed all the steps and is now in the SPAUINFO step.
+# Check the SUM status via SUMOBSEVER.XML
+- name: Checking the status of SUM (SPAUINFO) every 5 minutes
+  ansible.builtin.uri:
+    url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML"
+    method: GET
+    validate_certs: false
+    return_content: true
+    status_code: 200
+    user: "{{ sap_swpm_sid | lower }}adm"
+    password: "{{ sap_swpm_sap_sidadm_password }}"
+  register: _sap_swpm_sum_push
+  until: _sap_swpm_sum_push.status == 200 and ('<dialogId>SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU</dialogId>' in _sap_swpm_sum_push.content or '<dialogId>SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard</dialogId>' in _sap_swpm_sum_push.content)
+  retries: 144 # 12 hours
+  delay: 300  # 5 minutes
+  failed_when: _sap_swpm_sum_push.status != 200 or ('<dialogId>SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU</dialogId>' not in _sap_swpm_sum_push.content and '<dialogId>SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard</dialogId>' not in _sap_swpm_sum_push.content)
+
+# If SUM is already in MAIN_POSTCLEAN|EXIT phase it has skipped SPAUINFO and has finished
+# Process SPAUINFO if required
+- name: Check if SUM is still in SPAUINFO or has finished
+  when: "'<dialogId>SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU</dialogId>' in _sap_swpm_sum_push.content"
+  block:
+    # Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly
+    # Need to get config XML even through we are not going to use it. This is to get the diagtime cookie.
+    - name: Get the config XML from SUM (SPAUINFO)
+      ansible.builtin.uri:
+        url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config"
+        method: GET
+        validate_certs: false
+        return_content: true
+        status_code: 200
+        user: "{{ sap_swpm_sid | lower }}adm"
+        password: "{{ sap_swpm_sap_sidadm_password }}"
+        # headers:
+        #   Cookie: "{{ _sap_swpm_sum_push.cookies_string }}"
+      register: _sap_swpm_sum_push_config2
+      until: _sap_swpm_sum_push_config2.status == 200
+      retries: 3
+      delay: 60
+      failed_when: _sap_swpm_sum_push_config2.status != 200
+
+    # Get the CSRF token from SUM by calling config
+    - name: Get the CSRF token from SUM (SPAUINFO)
+      ansible.builtin.uri:
+        url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config"
+        method: GET
+        validate_certs: false
+        return_content: false
+        status_code: 200
+        user: "{{ sap_swpm_sid | lower }}adm"
+        password: "{{ sap_swpm_sap_sidadm_password }}"
+        headers:
+          Cookie: "{{ _sap_swpm_sum_push_config2.cookies_string }}"
+          X-CSRF-Token: Fetch
+          # X-Requested-With: XMLHttpRequest
+      register: _sap_swpm_sum_push2
+      failed_when: _sap_swpm_sum_push2.status != 200
+
+    # Post confirmation to SUM that no SPAU is required. This will move SUM to the next step.
+    - name: Move SUM to the next step (Past SPAUINFO)
+      ansible.builtin.uri:
+        url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config"
+        method: POST
+        validate_certs: false
+        return_content: true
+        status_code: 200
+        user: "{{ sap_swpm_sid | lower }}adm"
+        password: "{{ sap_swpm_sap_sidadm_password }}"
+        headers:
+          Cookie: "{{ _sap_swpm_sum_push_config2.cookies_string }}"
+          X-CSRF-Token: "{{ _sap_swpm_sum_push2.x_csrf_token }}"
+        body_format: raw
+        body: '<config xmlns="http://www.sap.com/lmsl/slp"><Parameter><id>DialogueValue</id><type>slp.parameter.type.SCALAR</type><required>1</required><secure>0</secure><value>yes</value><structure></structure><tuplevalue></tuplevalue><tablevalue></tablevalue><validationResult/></Parameter></config>'
+      register: _sap_swpm_sum_push2
+      failed_when: _sap_swpm_sum_push2.status != 200
+
+# Finally wait for SUM to finish the final steps. This shouldn't take more than 1 hour.
+# Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until the status is 'MAIN_POSTCLEAN|EXIT'
+- name: Checking the status of SUM and making sure it has finished (MAIN_POSTCLEAN|EXIT)
+  ansible.builtin.uri:
+    url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML"
+    method: GET
+    validate_certs: false
+    return_content: true
+    status_code: 200
+    user: "{{ sap_swpm_sid | lower }}adm"
+    password: "{{ sap_swpm_sap_sidadm_password }}"
+  register: _sap_swpm_sum_push
+  until: _sap_swpm_sum_push.status == 200 and '<dialogId>SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard</dialogId>' in  _sap_swpm_sum_push.content
+  retries: 60
+  delay: 60
+  failed_when: _sap_swpm_sum_push.status != 200 or '<dialogId>SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard</dialogId>' not in _sap_swpm_sum_push.content
diff --git a/roles/sap_swpm/tasks/pre_install/generate_inifile.yml b/roles/sap_swpm/tasks/pre_install/generate_inifile.yml
index 7a53ba7b..2f419967 100644
--- a/roles/sap_swpm/tasks/pre_install/generate_inifile.yml
+++ b/roles/sap_swpm/tasks/pre_install/generate_inifile.yml
@@ -105,11 +105,18 @@
         sap_swpm_db_schema_password: "{{ sap_swpm_db_schema_java_password }}"
       when: "'Java' in sap_swpm_product_catalog_id"
 
+# If the individual passwords are set to a non empty string, use those:
     - name: SAP SWPM Pre Install - Set other user passwords using master password
       ansible.builtin.set_fact:
-        sap_swpm_sapadm_password: "{{ sap_swpm_master_password }}"
-        sap_swpm_sap_sidadm_password: "{{ sap_swpm_master_password }}"
-        sap_swpm_diagnostics_agent_password: "{{ sap_swpm_master_password }}"
+        sap_swpm_sapadm_password: "{{ sap_swpm_master_password
+          if sap_swpm_master_password | d('') and not sap_swpm_sapadm_password | d('')
+          else sap_swpm_sapadm_password | d('') }}"
+        sap_swpm_sap_sidadm_password: "{{ sap_swpm_master_password
+          if sap_swpm_master_password | d('') and not sap_swpm_sap_sidadm_password | d('')
+          else sap_swpm_sap_sidadm_password | d('') }}"
+        sap_swpm_diagnostics_agent_password: "{{ sap_swpm_master_password
+          if sap_swpm_master_password | d('') and not sap_swpm_diagnostics_agent_password | d('')
+          else sap_swpm_diagnostics_agent_password | d('') }}"
 
 # Generate inifile.params, step 1: Process SWPM Configfile template locally for creating inifile.params
     - name: SAP SWPM Pre Install, create inifile - Process SWPM inifile template for creating 'inifile.params'
diff --git a/roles/sap_swpm/tasks/pre_install/update_etchosts.yml b/roles/sap_swpm/tasks/pre_install/update_etchosts.yml
index 815ae29e..b5c97ab6 100644
--- a/roles/sap_swpm/tasks/pre_install/update_etchosts.yml
+++ b/roles/sap_swpm/tasks/pre_install/update_etchosts.yml
@@ -12,7 +12,7 @@
 
 - name: SAP SWPM Pre Install - Update '/etc/hosts' for NW
   ansible.builtin.import_role:
-    name: 'community.sap_install.sap_maintain_etc_hosts'
+    name: '{{ sap_swpm_sap_install_collection }}.sap_maintain_etc_hosts'
   vars:
     sap_maintain_etc_hosts_list:
       - node_ip: "{{ ansible_default_ipv4.address | d(ansible_all_ipv4_addresses[0]) }}"
@@ -46,7 +46,7 @@
 
 - name: SAP SWPM Pre Install - Update '/etc/hosts' for HANA
   ansible.builtin.import_role:
-    name: 'community.sap_install.sap_maintain_etc_hosts'
+    name: '{{ sap_swpm_sap_install_collection }}.sap_maintain_etc_hosts'
   vars:
     sap_maintain_etc_hosts_list:
       - node_ip: "{{ sap_swpm_db_ip }}"