diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 749c4fee4..87c0ef79e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,25 @@ community.sap_install Release Notes .. contents:: Topics +1.5.2 +Release Summary +--------------- +- Release Date: 2025-01-24 + +This is a bugfix release of the `community.sap_install` collection. + +Changes +------------- +- sap_*_preconfigure: Add code for RHEL 10 support (https://github.com/sap-linuxlab/community.sap_install/pull/938) +- sap_*_preconfigure/Suse: Rework of preconfigure roles for Suse, add missing notes. (https://github.com/sap-linuxlab/community.sap_install/pull/930) + +Bugfixes +-------- +- sap_netweaver_preconfigure: fix argument_specs validation error (https://github.com/sap-linuxlab/community.sap_install/pull/940) +- sap_general_preconfigure: No longer install locale packages in RHEL 7 (https://github.com/sap-linuxlab/community.sap_install/pull/937) +- sap_general_preconfigure: Fix check mode (https://github.com/sap-linuxlab/community.sap_install/pull/935) + + 1.5.1 Release Summary --------------- diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 2b6cad3c1..4671a3027 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -290,3 +290,15 @@ releases: - sap_install_media_detect: Fix wrong sap_export_solman_java detection (https://github.com/sap-linuxlab/community.sap_install/pull/913) ' release_date: '2025-01-15' + 1.5.2: + changes: + release_summary: '| Release Date: 2025-01-24 + changes: + - sap_*_preconfigure: Add code for RHEL 10 support (https://github.com/sap-linuxlab/community.sap_install/pull/938) + - sap_*_preconfigure/Suse: Rework of preconfigure roles for Suse, add missing notes. (https://github.com/sap-linuxlab/community.sap_install/pull/930) + bugfixes: + - sap_netweaver_preconfigure: fix argument_specs validation error (https://github.com/sap-linuxlab/community.sap_install/pull/940) + - sap_general_preconfigure: No longer install locale packages in RHEL 7 (https://github.com/sap-linuxlab/community.sap_install/pull/937) + - sap_general_preconfigure: Fix check mode (https://github.com/sap-linuxlab/community.sap_install/pull/935) + ' + release_date: '2025-01-24' diff --git a/galaxy.yml b/galaxy.yml index c32a16517..1162dd11b 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -11,7 +11,7 @@ namespace: community name: sap_install # The version of the collection. Must be compatible with semantic versioning -version: 1.5.1 +version: 1.5.2 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md diff --git a/roles/sap_general_preconfigure/README.md b/roles/sap_general_preconfigure/README.md index 3511e61e9..46622bebf 100644 --- a/roles/sap_general_preconfigure/README.md +++ b/roles/sap_general_preconfigure/README.md @@ -432,7 +432,7 @@ The IPV4 address to be used for updating or checking `/etc/hosts` entries.
### sap_general_preconfigure_db_group_name - _Type:_ `str` -Use this variable to specify the name of the RHEL group which is used for the database processes.
+(RedHat specific) Use this variable to specify the name of the RHEL group which is used for the database processes.
If defined, it will be used to configure process limits as per step
Configuring Process Resource Limits
diff --git a/roles/sap_general_preconfigure/defaults/main.yml b/roles/sap_general_preconfigure/defaults/main.yml index a016e7c68..e8db802c6 100644 --- a/roles/sap_general_preconfigure/defaults/main.yml +++ b/roles/sap_general_preconfigure/defaults/main.yml @@ -79,7 +79,7 @@ sap_general_preconfigure_envgroups: "{{ __sap_general_preconfigure_envgroups }}" # Example: See README.md sap_general_preconfigure_packages: "{{ __sap_general_preconfigure_packages }}" -# The list of packages to install. +# The list of packages to be installed. # The default for this variable is set in the vars file which corresponds to the detected OS version. sap_general_preconfigure_min_package_check: true @@ -164,11 +164,20 @@ sap_general_preconfigure_domain: "{{ sap_domain | d(ansible_domain) }}" # The DNS domain name to be used for updating or checking `/etc/hosts` entries. # sap_general_preconfigure_db_group_name: (not defined by default) -# Use this variable to specify the name of the RHEL group which is used for the database processes. +# (RedHat specific) Use this variable to specify the name of the RHEL group which is used for the database processes. # If defined, it will be used to configure process limits as per step # Configuring Process Resource Limits # Example: See README.md +sap_general_preconfigure_run_grub2_mkconfig: true +# By default, the role will run `grub2-mkconfig` to update the Grub configuration if necessary. +# Set this parameter to `false` if this is not desired. + +# (SUSE specific) Version of saptune to install. +# It is recommended to install latest version by keeping this variable empty. +# This will replace the current installed version if present, even downgrade if necessary. +sap_general_preconfigure_saptune_version: '' + # in SAP Note 2369910 SAP requires English locale # If you want to define the locale set this to e.g. en_US.UTF-8 sap_general_preconfigure_default_locale: "" diff --git a/roles/sap_general_preconfigure/handlers/main.yml b/roles/sap_general_preconfigure/handlers/main.yml index e54f6dd56..e99721976 100644 --- a/roles/sap_general_preconfigure/handlers/main.yml +++ b/roles/sap_general_preconfigure/handlers/main.yml @@ -1,52 +1,136 @@ # SPDX-License-Identifier: Apache-2.0 --- -# handlers file for sap_general_preconfigure + +# BEGIN - GRUB section +- name: "Check if server is booted in BIOS or UEFI mode" + ansible.builtin.stat: + path: /sys/firmware/efi + get_checksum: false + register: __sap_general_preconfigure_register_stat_sys_firmware_efi + listen: __sap_general_preconfigure_regenerate_grub2_conf_handler + when: + - sap_general_preconfigure_run_grub2_mkconfig | d(true) + +- name: Debug BIOS or UEFI + ansible.builtin.debug: + var: __sap_general_preconfigure_register_stat_sys_firmware_efi.stat.exists + listen: __sap_general_preconfigure_regenerate_grub2_conf_handler + when: + - sap_general_preconfigure_run_grub2_mkconfig | d(true) + +- name: "Run grub-mkconfig (BIOS mode)" + ansible.builtin.command: + cmd: grub2-mkconfig -o /boot/grub2/grub.cfg + register: __sap_general_preconfigure_register_grub2_mkconfig_bios_mode + changed_when: true + listen: __sap_general_preconfigure_regenerate_grub2_conf_handler + notify: __sap_general_preconfigure_reboot_handler + when: + - not __sap_general_preconfigure_register_stat_sys_firmware_efi.stat.exists + - sap_general_preconfigure_run_grub2_mkconfig | d(true) + +- name: "Debug grub-mkconfig BIOS mode" + ansible.builtin.debug: + var: __sap_general_preconfigure_register_grub2_mkconfig_bios_mode.stdout_lines, + __sap_general_preconfigure_register_grub2_mkconfig_bios_mode.stderr_lines + listen: __sap_general_preconfigure_regenerate_grub2_conf_handler + when: + - not __sap_general_preconfigure_register_stat_sys_firmware_efi.stat.exists + - sap_general_preconfigure_run_grub2_mkconfig | d(true) + +- name: "Set the grub.cfg location RHEL" + ansible.builtin.set_fact: + __sap_general_preconfigure_uefi_boot_dir: /boot/efi/EFI/redhat/grub.cfg + listen: __sap_general_preconfigure_regenerate_grub2_conf_handler + when: + - ansible_distribution == 'RedHat' + +- name: "Set the grub.cfg location SLES" + ansible.builtin.set_fact: + __sap_general_preconfigure_uefi_boot_dir: /boot/efi/EFI/BOOT/grub.cfg + listen: __sap_general_preconfigure_regenerate_grub2_conf_handler + when: + - ansible_distribution == 'SLES' or ansible_distribution == 'SLES_SAP' + +- name: "Run grub-mkconfig (UEFI mode)" + ansible.builtin.command: + cmd: "grub2-mkconfig -o {{ __sap_general_preconfigure_uefi_boot_dir }}" + register: __sap_general_preconfigure_register_grub2_mkconfig_uefi_mode + changed_when: true + listen: __sap_general_preconfigure_regenerate_grub2_conf_handler + notify: __sap_general_preconfigure_reboot_handler + when: + - __sap_general_preconfigure_register_stat_sys_firmware_efi.stat.exists + - sap_general_preconfigure_run_grub2_mkconfig | d(true) + +- name: "Debug grub-mkconfig UEFI" + ansible.builtin.debug: + var: __sap_general_preconfigure_register_grub2_mkconfig_uefi_mode.stdout_lines, + __sap_general_preconfigure_register_grub2_mkconfig_uefi_mode.stderr_lines + listen: __sap_general_preconfigure_regenerate_grub2_conf_handler + when: + - __sap_general_preconfigure_register_stat_sys_firmware_efi.stat.exists + - sap_general_preconfigure_run_grub2_mkconfig | d(true) + +# END - GRUB section + - name: Reboot the managed node ansible.builtin.reboot: test_command: /bin/true listen: __sap_general_preconfigure_reboot_handler when: - - sap_general_preconfigure_reboot_ok|d(false) + - sap_general_preconfigure_reboot_ok | d(false) + # Kernel update triggers zypper purge-kernels and lock after reboot. - name: Wait for Zypper lock to be released ansible.builtin.command: cmd: zypper info zypper - retries: 60 - timeout: 5 + retries: 20 + timeout: 30 listen: __sap_general_preconfigure_reboot_handler when: - ansible_os_family == 'Suse' - sap_general_preconfigure_reboot_ok | d(false) changed_when: false + - name: Let the role fail if a reboot is required ansible.builtin.fail: msg: Reboot is required! listen: __sap_general_preconfigure_reboot_handler when: - - sap_general_preconfigure_fail_if_reboot_required|d(true) - - not sap_general_preconfigure_reboot_ok|d(false) + - sap_general_preconfigure_fail_if_reboot_required | d(true) + - not sap_general_preconfigure_reboot_ok | d(false) - name: Show a warning message if a reboot is required ansible.builtin.debug: msg: "WARN: Reboot is required!" listen: __sap_general_preconfigure_reboot_handler when: - - not sap_general_preconfigure_fail_if_reboot_required|d(true) - - not sap_general_preconfigure_reboot_ok|d(false) + - not sap_general_preconfigure_fail_if_reboot_required | d(true) + - not sap_general_preconfigure_reboot_ok | d(false) + +- name: Unmask packagekit.service + ansible.builtin.systemd_service: + name: packagekit.service + masked: false + listen: __sap_general_preconfigure_packagekit_handler + # Reasons for noqa: # - command-instead-of-module: We want to avoid non-ansible.builtin modules where possible # - no-changed-when: Remounting does not do any harm and does not affect idempotency. - name: Remount /dev/shm # noqa command-instead-of-module no-changed-when - ansible.builtin.command: mount -o remount /dev/shm + ansible.builtin.command: + cmd: mount -o remount /dev/shm listen: __sap_general_preconfigure_mount_tmpfs_handler tags: molecule-idempotence-notest - name: Check if /dev/shm is available - ansible.builtin.command: df -h /dev/shm + ansible.builtin.command: + cmd: df -h /dev/shm register: __sap_general_preconfigure_command_df_shm_result changed_when: false listen: __sap_general_preconfigure_mount_tmpfs_handler diff --git a/roles/sap_general_preconfigure/meta/argument_specs.yml b/roles/sap_general_preconfigure/meta/argument_specs.yml index 03a598c8c..11e2bc0b3 100644 --- a/roles/sap_general_preconfigure/meta/argument_specs.yml +++ b/roles/sap_general_preconfigure/meta/argument_specs.yml @@ -172,7 +172,7 @@ argument_specs: sap_general_preconfigure_packages: default: "{{ __sap_general_preconfigure_packages }}" description: - - The list of packages to install. + - The list of packages to be installed. - The default for this variable is set in the vars file which corresponds to the detected OS version. required: false type: list diff --git a/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml b/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml index ff021f3a7..af1587a56 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/assert-configuration.yml @@ -1,6 +1,11 @@ # SPDX-License-Identifier: Apache-2.0 --- +- name: Gather package facts again after the installation phase + ansible.builtin.package_facts: + tags: + - always + - name: Assert - List required SAP Notes ansible.builtin.debug: var: __sap_general_preconfigure_sapnotes_versions | difference(['']) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/assert-installation.yml b/roles/sap_general_preconfigure/tasks/RedHat/assert-installation.yml index bba57f19d..026e9b14a 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/assert-installation.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/assert-installation.yml @@ -1,6 +1,11 @@ # SPDX-License-Identifier: Apache-2.0 --- +- name: Gather package facts + ansible.builtin.package_facts: + tags: + - sap_general_preconfigure_installation + - name: Check enabled repos when: sap_general_preconfigure_enable_repos block: diff --git a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml index 3d5f80448..42f8dcb88 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/configuration.yml @@ -1,6 +1,11 @@ # SPDX-License-Identifier: Apache-2.0 --- +- name: Gather package facts again after the installation phase + ansible.builtin.package_facts: + tags: + - always + - name: Configure - List required SAP Notes ansible.builtin.debug: var: __sap_general_preconfigure_sapnotes_versions | difference(['']) diff --git a/roles/sap_general_preconfigure/tasks/RedHat/installation.yml b/roles/sap_general_preconfigure/tasks/RedHat/installation.yml index 2e39f2fea..c79e58d2c 100644 --- a/roles/sap_general_preconfigure/tasks/RedHat/installation.yml +++ b/roles/sap_general_preconfigure/tasks/RedHat/installation.yml @@ -1,6 +1,11 @@ # SPDX-License-Identifier: Apache-2.0 --- +- name: Gather package facts + ansible.builtin.package_facts: + tags: + - sap_general_preconfigure_installation + - name: Perform steps for enabling required repos when: sap_general_preconfigure_enable_repos block: diff --git a/roles/sap_general_preconfigure/tasks/SLES/assert-configuration.yml b/roles/sap_general_preconfigure/tasks/SLES/assert-configuration.yml index d4e8b9341..eb316d43a 100644 --- a/roles/sap_general_preconfigure/tasks/SLES/assert-configuration.yml +++ b/roles/sap_general_preconfigure/tasks/SLES/assert-configuration.yml @@ -10,6 +10,6 @@ - name: Assert - Include configuration actions for required sapnotes ansible.builtin.include_tasks: "sapnote/assert-{{ sap_note_line_item.number }}.yml" - with_items: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}" + loop: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}" loop_control: loop_var: sap_note_line_item diff --git a/roles/sap_general_preconfigure/tasks/SLES/assert-installation.yml b/roles/sap_general_preconfigure/tasks/SLES/assert-installation.yml index 6aa787615..bfa790577 100644 --- a/roles/sap_general_preconfigure/tasks/SLES/assert-installation.yml +++ b/roles/sap_general_preconfigure/tasks/SLES/assert-installation.yml @@ -1,96 +1,94 @@ # SPDX-License-Identifier: Apache-2.0 --- +# Both sap_general_preconfigure_packages and __sap_general_preconfigure_min_pkgs are checked at same time. +# Check rpm --whatprovides only if package cannot be found directly. +- name: Query RPM packages + ansible.builtin.shell: + cmd: | + if rpm -q {{ item }} &> /dev/null; + then rpm -q {{ item }} + else rpm -q --whatprovides {{ item }}; + fi + register: __sap_general_preconfigure_register_packages + changed_when: false + ignore_errors: true + loop: "{{ sap_general_preconfigure_packages if not sap_general_preconfigure_min_package_check | bool + else ((sap_general_preconfigure_packages | d([])) + (__sap_general_preconfigure_min_pkgs | d([])) | map(attribute='0') | unique) }}" + + - name: Assert that all required packages are installed ansible.builtin.assert: - that: line_item in ansible_facts.packages - fail_msg: "FAIL: Package '{{ line_item }}' is not installed!" - success_msg: "PASS: Package '{{ line_item }}' is installed." - with_items: - - "{{ sap_general_preconfigure_packages }}" - loop_control: - loop_var: line_item + that: __sap_general_preconfigure_register_packages.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0 + fail_msg: "FAIL: Package '{{ item }}' is not installed!" + success_msg: "PASS: Package '{{ item }}' is installed." + loop: "{{ sap_general_preconfigure_packages if not sap_general_preconfigure_min_package_check | bool + else ((sap_general_preconfigure_packages | d([])) + (__sap_general_preconfigure_min_pkgs | d([])) | map(attribute='0') | unique) }}" ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" -- name: Minimum required package version check + +- name: Block for minimum required packages assert when: - sap_general_preconfigure_min_package_check | bool - __sap_general_preconfigure_min_pkgs | d([]) block: - -# Reason for noqa: We can safely fail at the last command in the pipeline. - - name: Assert - Create a list of minimum required package versions to be installed # noqa risky-shell-pipe -# How does it work? -# 1 - Print the required package name and version with a prefix "1" followed by a space. -# 2 - In the same output sequence, list all installed versions of this package with a prefix "2" followed by a space. -# 3 - Replace all occurrences of ".el" by ".0.0" so that the sort -V correctly sorts packages with ".el" in its name -# 4 - Sort the list by the name and version. -# 5 - Replace ".0.0" by ".el" again to get back the original names. -# 6 - Store the last installed version of the package in variable latestpkg. -# 7 - Store the last content of column 1 in variable col1, the last content of column 2 in variable col2, -# and the last number of fields in variable _nf. -# 8 - case 1: If the last number of output fields is greater than 2, it indicates that the package is not installed -# because the output of "rpm -q" will be similar to "package XXX is not installed". -# 8 - case 2a: If the first column of the last line of the output is "1", it means that the required package is -# the latest of all required and installed versions of the package, so it means that the package needs -# to be updated. -# 8 - case 2b: If the first column of the last line of the output is "2", it means that at least of the installed -# versions the package is equal to or greater than the required package version. - ansible.builtin.shell: | - (echo "1 {{ pkg[0] }}-{{ pkg[1] }}";rpm -q --qf "%{NAME}-%{VERSION}-%{RELEASE}\n" {{ pkg[0] }} | - awk '{printf ("2 %s\n", $0)}') | - awk '{gsub ("\\.el", ".0.0"); print}' | - sort -k 2 -k 1 -V | - awk '{gsub ("\\.0\\.0", ".el"); col1=$1; col2=$2; _nf=NF} - $1==2{latestpkg=$2} - END { - if (_nf>2) { - printf ("Package '\''{{ pkg[0] }}'\'' needs to be installed as {{ pkg[0] }}-{{ pkg[1] }}!\n") - } else { - if (col1==1) { - printf ("Package '\''{{ pkg[0] }}'\'' needs to be updated to %s! Currently installed latest version: %s.\n", $2, latestpkg) - } - if (col1==2) { - printf ("Package '\''{{ pkg[0] }}'\'' is already installed as {{ pkg[0] }}-{{ pkg[1] }} or later. Currently installed latest version: %s.\n", latestpkg) - } - } - }' - with_list: "{{ __sap_general_preconfigure_min_pkgs }}" - loop_control: - loop_var: pkg - check_mode: false - register: __sap_general_preconfigure_register_minpkglist_assert + - name: Query RPM packages for minimum required packages + ansible.builtin.shell: + cmd: | + if rpm -q {{ item[0] }} &> /dev/null; + then rpm -q --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}\n' {{ item[0] }} + else rpm -q --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}\n' --whatprovides {{ item[0] }}; + fi + register: __sap_general_preconfigure_register_packages_minimum changed_when: false + ignore_errors: true + loop: "{{ __sap_general_preconfigure_min_pkgs }}" + - - name: Assert that minimum required package versions are installed -# If the output includes the string "is already installed" (case 2b), we have a PASS. Otherwise, it's a FAIL. + - name: Assert that all minimum required packages are installed with minimum version ansible.builtin.assert: - that: "'is already installed' in line_item.stdout" - fail_msg: "FAIL: {{ line_item.stdout }}" - success_msg: "PASS: {{ line_item.stdout }}" - with_items: "{{ __sap_general_preconfigure_register_minpkglist_assert.results }}" - loop_control: - loop_var: line_item - label: "" - ignore_errors: true + that: + - __version[0] is version(item[1], '>=') + fail_msg: "FAIL: Minimum package version '{{ item[0] }}-{{ item[1] }}' is not installed! Current version: '{{ __version[0] }}'" + success_msg: "PASS: Minimum package version '{{ item[0] }}-{{ item[1] }}' is installed." + vars: + __version: + "{{ __sap_general_preconfigure_register_packages_minimum.results | selectattr('item', 'equalto', item) | map(attribute='stdout') }}" + loop: "{{ __sap_general_preconfigure_min_pkgs }}" + ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + when: __sap_general_preconfigure_register_packages.results | selectattr('item', 'equalto', item[0]) | map(attribute='rc') | first == 0 -- name: Report if no minimum required package version is defined for this RHEL release - ansible.builtin.debug: - msg: "INFO: No minimum required package version defined (variable __sap_general_preconfigure_min_pkgs)." - ignore_errors: true - when: not __sap_general_preconfigure_min_pkgs | d([]) -# Reason for noqa: The yum module appears to not support the check-update option +- name: Gather service facts + ansible.builtin.service_facts: + +# Service packagekit is part of PackageKit-backend-zypp (SLE-Module-Desktop-Applications) +# This service creates zypper locks and causes package install failures. +- name: Wait for stop of packagekit.service + ansible.builtin.shell: | + set -o pipefail && bash -c ' + while (ps aux | grep "[z]ypper" | grep -v grep) || (ps aux | grep "/usr/lib/packagekitd" | grep -v grep) || + ([ -f /var/run/zypp.pid ] && [ -s /var/run/zypp.pid ]); do + sleep 10; + done' + register: __packagekit_service_check + changed_when: false + until: __packagekit_service_check.rc == 0 + retries: 60 + when: "'packagekit.service' in ansible_facts.services" + - name: Get info about possible package updates # noqa command-instead-of-module - ansible.builtin.command: yum check-update - register: __sap_general_preconfigure_register_yum_check_update_assert + ansible.builtin.command: + cmd: zypper -q patch-check + timeout: 60 + register: __sap_general_preconfigure_register_zypper_check_update_assert changed_when: false - ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + ignore_errors: true # true, because unpatched system is always error. when: sap_general_preconfigure_update - name: Assert that there are no more possible package updates ansible.builtin.assert: - that: __sap_general_preconfigure_register_yum_check_update_assert is success + that: __sap_general_preconfigure_register_zypper_check_update_assert.rc == 0 fail_msg: "FAIL: System needs to be updated!" success_msg: "PASS: There are no more outstanding package updates." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" @@ -99,45 +97,18 @@ - name: Report if checking for possible package updates is not requested ansible.builtin.debug: msg: "INFO: Not checking for possible package updates (variable sap_general_preconfigure_update)." - ignore_errors: true + ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" when: not sap_general_preconfigure_update -- name: "Assert - Set needs-restarting command in case of RHEL 7" - ansible.builtin.set_fact: - __sap_general_preconfigure_fact_needs_restarting_command_assert: "needs-restarting -r" - when: - - ansible_os_family == 'RedHat' - - ansible_distribution_major_version == '7' - -- name: "Assert - Set needs-restarting command in case of RHEL 8 or RHEL 9, except RHEL 8.0" - ansible.builtin.set_fact: - __sap_general_preconfigure_fact_needs_restarting_command_assert: "yum needs-restarting -r" - when: - - ansible_os_family == 'RedHat' - - (ansible_distribution_major_version == '8' or - ansible_distribution_major_version == '9' - ) - - ansible_distribution_version != '8.0' - -- name: "Assert - Set customized needs-restarting command in case of RHEL 8.0" - ansible.builtin.set_fact: - __sap_general_preconfigure_fact_needs_restarting_command_assert: "_IKRNL=$(rpm -q --last kernel | awk 'NR==1{sub(/kernel-/,\"\"); print $1}'); - _CKRNL=$(uname -r); if [ ${_IKRNL} != ${_CKRNL} ]; then exit 1; else exit 0; fi" - when: - - ansible_os_family == 'RedHat' - - ansible_distribution_version == '8.0' - -- name: Assert - Display the command for checking a reboot requirement - ansible.builtin.debug: - var: __sap_general_preconfigure_fact_needs_restarting_command_assert # Reason for noqa: The command to be executed might contain pipes -- name: Assert - Determine if the system needs to be restarted # noqa command-instead-of-shell - ansible.builtin.shell: "{{ __sap_general_preconfigure_fact_needs_restarting_command_assert }}" +- name: Determine if the system needs to be restarted # noqa command-instead-of-shell + ansible.builtin.shell: + cmd: "zypper ps" register: __sap_general_preconfigure_register_needs_restarting_assert changed_when: false check_mode: false - ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + ignore_errors: true # true, because output is too large. - name: Assert that system needs no restart ansible.builtin.assert: @@ -145,3 +116,26 @@ fail_msg: "FAIL: System needs to be restarted!" success_msg: "PASS: System needs no restart." ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + + +- name: Block to assert that correct saptune version is installed + when: + - __sap_general_preconfigure_use_saptune + - sap_general_preconfigure_saptune_version is defined + - sap_general_preconfigure_saptune_version | length > 0 + block: + # We are checking for %{VERSION} (e.g. 3.1.4), not full %{VERSION}-%{RELEASE}.%{ARCH} + - name: Check saptune version # noqa: command-instead-of-module + ansible.builtin.command: + cmd: rpm -q --queryformat '%{VERSION}\n' saptune + register: __sap_general_preconfigure_register_saptune_version + changed_when: false + ignore_errors: true + + - name: Assert saptune is at requested version + ansible.builtin.assert: + that: __sap_general_preconfigure_register_saptune_version.stdout == sap_general_preconfigure_saptune_version + fail_msg: "FAIL: saptune version installed is {{ __sap_general_preconfigure_register_saptune_version.stdout + }} but the version {{ sap_general_preconfigure_saptune_version }} was expected" + success_msg: "PASS: the installed version of saptune meets the expected version: {{ sap_general_preconfigure_saptune_version }}" + when: __sap_general_preconfigure_register_saptune_version.rc == 0 diff --git a/roles/sap_general_preconfigure/tasks/SLES/configuration.yml b/roles/sap_general_preconfigure/tasks/SLES/configuration.yml index cde628b48..dfcf3ef4f 100644 --- a/roles/sap_general_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_general_preconfigure/tasks/SLES/configuration.yml @@ -7,6 +7,6 @@ - name: Configure - Include configuration actions for required sapnotes ansible.builtin.include_tasks: "sapnote/{{ sap_note_line_item.number }}.yml" - with_items: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}" + loop: "{{ __sap_general_preconfigure_sapnotes_versions | difference(['']) }}" loop_control: loop_var: sap_note_line_item diff --git a/roles/sap_general_preconfigure/tasks/SLES/generic/grub_update.yml b/roles/sap_general_preconfigure/tasks/SLES/generic/grub_update.yml new file mode 100644 index 000000000..81469d3a1 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/SLES/generic/grub_update.yml @@ -0,0 +1,39 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# Generic task for updating GRUB configuration using provided list + +- name: Update existing GRUB entries + ansible.builtin.lineinfile: + path: /etc/default/grub + regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=".*?)(\b{{ item.split("=")[0] }}=[^ ]*\b)(.*")' + line: '\1{{ item }}\3' + backrefs: true + register: __sap_general_preconfigure_grub_update + loop: "{{ __sap_general_preconfigure_grub_cmdline }}" + + +- name: Get current contents of GRUB + ansible.builtin.slurp: + path: /etc/default/grub + register: __sap_general_preconfigure_grub_contents + + +- name: Add new GRUB entries + ansible.builtin.lineinfile: + path: /etc/default/grub + regexp: '^GRUB_CMDLINE_LINUX_DEFAULT="(.*?)"' + line: 'GRUB_CMDLINE_LINUX_DEFAULT="\1 {{ item }}"' + backrefs: true + register: __sap_general_preconfigure_grub_add + loop: "{{ __sap_general_preconfigure_grub_cmdline }}" + when: item not in (__sap_general_preconfigure_grub_contents.content | b64decode) + + +- name: Trigger grub update if necessary # noqa no-changed-when + ansible.builtin.command: + cmd: /bin/true + notify: __sap_general_preconfigure_regenerate_grub2_conf_handler + when: + - (__sap_general_preconfigure_grub_update.results | selectattr('changed', 'equalto', true) | list | length > 0) + or (__sap_general_preconfigure_grub_add.results | selectattr('changed', 'equalto', true) | list | length > 0) diff --git a/roles/sap_general_preconfigure/tasks/SLES/generic/saptune_install.yml b/roles/sap_general_preconfigure/tasks/SLES/generic/saptune_install.yml new file mode 100644 index 000000000..ac87da3fa --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/SLES/generic/saptune_install.yml @@ -0,0 +1,46 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# 1275776 - Linux: Preparing SLES for SAP environments + +- name: Get contents of /etc/products.d/baseproduct + ansible.builtin.stat: + path: /etc/products.d/baseproduct + register: __sap_general_preconfigure_register_baseproduct + + +- name: Set fact if baseproduct contains SLES without SLES_SAP + ansible.builtin.set_fact: + __sap_general_preconfigure_use_saptune: false + when: + - '"SLES_SAP" not in __sap_general_preconfigure_register_baseproduct.stat.lnk_target' + - '"SLES" in __sap_general_preconfigure_register_baseproduct.stat.lnk_target + and ansible_distribution_major_version | int < 16' + + +- name: Block to ensure saptune is installed + when: __sap_general_preconfigure_use_saptune | d(true) + block: + - name: Ensure latest saptune is installed + ansible.builtin.package: + name: saptune + state: present + when: + - sap_general_preconfigure_saptune_version is undefined + or sap_general_preconfigure_saptune_version | length == 0 + + - name: Ensure specific saptune version is installed + ansible.builtin.package: + name: "saptune={{ sap_general_preconfigure_saptune_version }}" + state: present + when: + - sap_general_preconfigure_saptune_version is defined + - sap_general_preconfigure_saptune_version | length > 0 + + +- name: Block to ensure sapconf is installed + when: not __sap_general_preconfigure_use_saptune | d(true) + block: + - name: Ensure sapconf is installed + ansible.builtin.package: + name: "sapconf" + state: present diff --git a/roles/sap_general_preconfigure/tasks/SLES/generic/saptune_takeover.yml b/roles/sap_general_preconfigure/tasks/SLES/generic/saptune_takeover.yml new file mode 100644 index 000000000..56089c7e0 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/SLES/generic/saptune_takeover.yml @@ -0,0 +1,100 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# 1275776 - Linux: Preparing SLES for SAP environments + +- name: Execute saptune_check - before takeover + ansible.builtin.command: + cmd: saptune_check + register: __sap_general_preconfigure_register_saptune_check_before + when: __sap_general_preconfigure_use_saptune + changed_when: false + failed_when: false + +- name: Takeover and enable saptune + when: + - __sap_general_preconfigure_use_saptune + - __sap_general_preconfigure_register_saptune_check_before.rc != 0 + block: + - name: Check saptune version # noqa: command-instead-of-module + ansible.builtin.command: + cmd: rpm -q sapconf + register: __sap_general_preconfigure_register_sapconf + changed_when: false + ignore_errors: true + + - name: Ensure sapconf is stopped and disabled + ansible.builtin.systemd: + name: sapconf + state: stopped + enabled: false + when: __sap_general_preconfigure_register_sapconf + + - name: Make sure that sapconf and tuned are stopped and disabled + ansible.builtin.command: + cmd: "saptune service takeover" + register: __sap_general_preconfigure_register_saptune_takeover + changed_when: __sap_general_preconfigure_register_saptune_takeover.rc == 0 + + # saptune_check can fail if sapconf is in failed state + - name: Check if sapconf.service is failed # noqa command-instead-of-module + ansible.builtin.command: + cmd: systemctl is-failed sapconf.service + register: __sap_general_preconfigure_register_sapconf_failed + changed_when: false + ignore_errors: true + + - name: Execute systemctl reset-failed sapconf.service # noqa command-instead-of-module + ansible.builtin.command: + cmd: systemctl reset-failed sapconf.service + when: __sap_general_preconfigure_register_sapconf_failed.rc == 0 + changed_when: true + + - name: Ensure saptune is running and enabled + ansible.builtin.systemd: + name: saptune + state: started + enabled: true + + - name: Ensure saptune_check executes correctly + ansible.builtin.command: + cmd: saptune_check + register: __sap_general_preconfigure_register_saptune_check_after + changed_when: false + + +- name: Check active saptune solution + when: + - __sap_general_preconfigure_use_saptune + - __sap_general_preconfigure_register_saptune_check_before.rc == 0 + or (__sap_general_preconfigure_register_saptune_check_after.rc == 0) + block: + - name: Discover active solution + ansible.builtin.command: + cmd: saptune solution enabled + register: __sap_general_preconfigure_register_saptune_status + changed_when: false + + - name: Set fact for active solution + ansible.builtin.set_fact: + # Capture the first block on none whitespace + __sap_general_preconfigure_register_solution_configured: + "{{ (__sap_general_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" + + - name: Show configured solution + ansible.builtin.debug: + var: __sap_general_preconfigure_register_solution_configured + + +- name: Enable sapconf + when: not __sap_general_preconfigure_use_saptune + block: + - name: Enable sapconf service + ansible.builtin.systemd: + name: sapconf + state: started + enabled: true + + - name: Restart sapconf service + ansible.builtin.systemd: + name: sapconf + state: restarted diff --git a/roles/sap_general_preconfigure/tasks/SLES/installation.yml b/roles/sap_general_preconfigure/tasks/SLES/installation.yml index 4f9daed97..a6d992494 100644 --- a/roles/sap_general_preconfigure/tasks/SLES/installation.yml +++ b/roles/sap_general_preconfigure/tasks/SLES/installation.yml @@ -1,80 +1,76 @@ # SPDX-License-Identifier: Apache-2.0 --- +- name: Gather service facts + ansible.builtin.service_facts: + +# Service packagekit is part of PackageKit-backend-zypp (SLE-Module-Desktop-Applications) +# This service creates zypper locks and causes package install failures. +# Service cannot be disabled and we have to mask its execution. +- name: Mask packagekit.service when present + ansible.builtin.systemd_service: + name: packagekit.service + masked: true + when: "'packagekit.service' in ansible_facts.services" + notify: __sap_general_preconfigure_packagekit_handler + + +- name: Wait for stop of packagekit.service + ansible.builtin.shell: | + set -o pipefail && bash -c ' + while (ps aux | grep "[z]ypper" | grep -v grep) || (ps aux | grep "/usr/lib/packagekitd" | grep -v grep) || + ([ -f /var/run/zypp.pid ] && [ -s /var/run/zypp.pid ]); do + sleep 10; + done' + register: __packagekit_service_check + changed_when: false + until: __packagekit_service_check.rc == 0 + retries: 60 + when: "'packagekit.service' in ansible_facts.services" + + - name: Ensure that the required packages are installed ansible.builtin.package: state: present - name: "{{ sap_general_preconfigure_packages }}" + name: "{{ sap_general_preconfigure_packages if not sap_general_preconfigure_min_package_check | bool + else ((sap_general_preconfigure_packages | d([])) + (__sap_general_preconfigure_min_pkgs | d([])) | map(attribute='0') | unique) }}" + -- name: Ensure that the minimum required package versions are installed +- name: Install minimum packages if required + ansible.builtin.package: + name: '{{ line_item[0] }}>={{ line_item[1] }}' + state: present + loop: "{{ __sap_general_preconfigure_min_pkgs }}" + loop_control: + loop_var: line_item when: - sap_general_preconfigure_min_package_check|bool - - __sap_general_preconfigure_min_pkgs|d([]) - block: - -# Reason for noqa: We can safely fail at the last command in the pipeline. - - name: Create a list of minimum required package versions to be installed # noqa risky-shell-pipe -# How does it work? -# 1 - Print the required package name and version with a prefix "1" followed by a space. -# 2 - In the same output sequence, list all installed versions of this package with a prefix "2" followed by a space. -# 3 - Replace all occurrences of ".el" by ".0.0" so that the sort -V correctly sorts packages with ".el" in its name -# 4 - Sort the list by the name and version. -# 5 - Replace ".0.0" by ".el" again to get back the original names. -# 6 - Store the last installed version of the package in variable latestpkg. -# 7 - Store the last content of column 1 in variable col1, the last content of column 2 in variable col2, -# and the last number of fields in variable _nf. -# 8 - case 1: If the last number of output fields is greater than 2, it indicates that the package is not installed -# because the output of "rpm -q" will be similar to "package XXX is not installed". -# 8 - case 2a: If the first column of the last line of the output is "1", it means that the required package is -# the latest of all required and installed versions of the package, so it means that the package needs -# to be updated. -# 8 - case 2b: If the first column of the last line of the output is "2", it means that at least of the installed -# versions the package is equal to or greater than the required package version. - ansible.builtin.shell: | - (echo "1 {{ pkg[0] }}-{{ pkg[1] }}";rpm -q --qf "%{NAME}-%{VERSION}-%{RELEASE}\n" {{ pkg[0] }} | - awk '{printf ("2 %s\n", $0)}') | - awk '{gsub ("\\.el", ".0.0"); print}' | - sort -k 2 -k 1 -V | - awk '{gsub ("\\.0\\.0", ".el"); col1=$1; col2=$2; _nf=NF} - $1==2{latestpkg=$2} - END { - if (_nf>2) { - printf ("{{ pkg[0] }}-{{ pkg[1] }}\n") - } else { - if (col1==1) { - printf ("{{ pkg[0] }}-{{ pkg[1] }}\n") - } - } - }' - with_list: "{{ __sap_general_preconfigure_min_pkgs }}" - loop_control: - loop_var: pkg - check_mode: false - register: __sap_general_preconfigure_register_minpkglist - changed_when: false - - - name: Display the content of the minimum package list variable - ansible.builtin.debug: - var: __sap_general_preconfigure_register_minpkglist - - - name: Install minimum packages if required - ansible.builtin.package: - name: "{{ line_item.stdout }}" - state: present - with_items: "{{ __sap_general_preconfigure_register_minpkglist.results }}" - loop_control: - loop_var: line_item - -# Reason for noqa: Both yum and dnf support "state: latest" + - __sap_general_preconfigure_min_pkgs | d([]) + + +# Reason for noqa: Zypper supports "state: latest" - name: Ensure that the system is updated to the latest patchlevel # noqa package-latest ansible.builtin.package: state: latest name: "*" - when: sap_general_preconfigure_update + register: __sap_general_preconfigure_register_update_latest + when: sap_general_preconfigure_update | bool + + +# 1275776 - Linux: Preparing SLES for SAP environments +- name: Install saptune if available + ansible.builtin.include_tasks: + file: generic/saptune_install.yml + +- name: Takeover and enable saptune if available + ansible.builtin.include_tasks: + file: generic/saptune_takeover.yml + # Reason for noqa: The command to be executed might contain pipes - name: Determine if the system needs to be restarted # noqa command-instead-of-shell - ansible.builtin.shell: "zypper ps" + ansible.builtin.shell: + cmd: "zypper ps" register: __sap_general_preconfigure_register_needs_restarting ignore_errors: true changed_when: false @@ -84,6 +80,8 @@ ansible.builtin.debug: var: __sap_general_preconfigure_register_needs_restarting + +# sap_general_preconfigure_fact_reboot_required is used by follow up role: sap_hana_preconfigure - name: Set the reboot requirement flag to false ansible.builtin.set_fact: sap_general_preconfigure_fact_reboot_required: false @@ -91,14 +89,21 @@ - name: For needs-restarting - Set the flag that reboot is needed to apply changes ansible.builtin.set_fact: sap_general_preconfigure_fact_reboot_required: true - when: __sap_general_preconfigure_register_needs_restarting is failed + when: + - __sap_general_preconfigure_register_needs_restarting is failed + or __sap_general_preconfigure_register_update_latest.changed - name: For needs-restarting - Display the content of sap_general_preconfigure_fact_reboot_required ansible.builtin.debug: var: sap_general_preconfigure_fact_reboot_required + - name: Call Reboot handler if necessary - ansible.builtin.command: /bin/true + ansible.builtin.command: + cmd: /bin/true notify: __sap_general_preconfigure_reboot_handler changed_when: true - when: __sap_general_preconfigure_register_needs_restarting is failed + when: + - __sap_general_preconfigure_register_needs_restarting is failed + or __sap_general_preconfigure_register_needs_restarting.rc == 102 + or __sap_general_preconfigure_register_update_latest.changed diff --git a/roles/sap_general_preconfigure/tasks/main.yml b/roles/sap_general_preconfigure/tasks/main.yml index 0cdd514c2..829cc3132 100644 --- a/roles/sap_general_preconfigure/tasks/main.yml +++ b/roles/sap_general_preconfigure/tasks/main.yml @@ -106,19 +106,6 @@ tags: - always -# Requirement for package_facts Ansible Module -- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python - ansible.builtin.package: - name: python3-rpm - state: present - when: ansible_os_family == "Suse" - -# required for installation and configuration tasks: -- name: Gather package facts - ansible.builtin.package_facts: - tags: - - sap_general_preconfigure_installation - - name: Include tasks from 'installation.yml' ansible.builtin.include_tasks: file: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}installation.yml' @@ -132,11 +119,6 @@ tags: - sap_general_preconfigure_installation -- name: Gather package facts again after the installation phase - ansible.builtin.package_facts: - tags: - - always - - name: Include tasks from 'configuration.yml' ansible.builtin.include_tasks: file: '{{ item }}/{{ __sap_general_preconfigure_fact_assert_filename_prefix }}configuration.yml' diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2369910.yml b/roles/sap_general_preconfigure/tasks/sapnote/2369910.yml index 20de2aa0d..85a256c48 100644 --- a/roles/sap_general_preconfigure/tasks/sapnote/2369910.yml +++ b/roles/sap_general_preconfigure/tasks/sapnote/2369910.yml @@ -14,6 +14,8 @@ - sap_general_preconfigure_configure_locale block: - name: Configure an English locale + ansible.builtin.command: "localectl set-locale LANG={{ sap_general_preconfigure_default_locale }}" + changed_when: true when: - sap_general_preconfigure_default_locale is defined and sap_general_preconfigure_default_locale - sap_general_preconfigure_default_locale == 'C.UTF-8' or @@ -21,13 +23,12 @@ sap_general_preconfigure_default_locale.startswith('en_') and (sap_general_preconfigure_default_locale.endswith('UTF-8') or sap_general_preconfigure_default_locale.endswith('utf8')) - ansible.builtin.command: "localectl set-locale LANG={{ sap_general_preconfigure_default_locale }}" - changed_when: true - name: Get the current default locale ansible.builtin.command: awk '{gsub("\"","")}/^LANG=/&&(/=C\./||/=en_/)&&(/utf8$/||/UTF-8$/){print}' /etc/locale.conf - changed_when: false + check_mode: false register: __sap_general_preconfigure_current_default_locale + changed_when: false - name: Assert that an English locale is the default ansible.builtin.assert: diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2578899.yml b/roles/sap_general_preconfigure/tasks/sapnote/2578899.yml new file mode 100644 index 000000000..af6699a16 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/2578899.yml @@ -0,0 +1,28 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# 2578899 - SUSE Linux Enterprise Server 15: Installation Note + +- name: Configure - Display SAP note number 2578899 and its version + ansible.builtin.debug: + msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2578899$') | first).number }} + (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2578899$') | first).version }}): + SUSE Linux Enterprise Server 15: Installation Note" + tags: + - always + +- name: Set fact for SAP note number 2578899 + ansible.builtin.set_fact: + __sap_general_preconfigure_services_2578899: + - uuidd.socket + - sysstat + - sysctl-logger.service + + __sap_general_preconfigure_grub_cmdline_2578899: [] + # I/O Scheduler parameter is already part of default saptune and sapconf configuration. + # - "elevator=noop" + +- name: Import tasks from '2578899/installation.yml' + ansible.builtin.import_tasks: 2578899/installation.yml + +- name: Import tasks from '2578899/configuration.yml' + ansible.builtin.import_tasks: 2578899/configuration.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2578899/assert-configuration.yml b/roles/sap_general_preconfigure/tasks/sapnote/2578899/assert-configuration.yml new file mode 100644 index 000000000..672ffd83f --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/2578899/assert-configuration.yml @@ -0,0 +1,85 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# ansible_facts.services do not work for socket services! +# uuidd.socket is not found, while uuidd.service service is. +- name: Check status of services - Active # noqa command-instead-of-module + ansible.builtin.command: + cmd: "systemctl is-active {{ item }}" + loop: "{{ __sap_general_preconfigure_services_2578899 }}" + register: __sap_general_preconfigure_register_services_active + changed_when: false + ignore_errors: true # Disabled is RC 1 + +- name: Check status of services - Enabled # noqa command-instead-of-module + ansible.builtin.command: + cmd: "systemctl is-enabled {{ item }}" + loop: "{{ __sap_general_preconfigure_services_2578899 }}" + register: __sap_general_preconfigure_register_services_enabled + changed_when: false + ignore_errors: true # Disabled is RC 1 + +- name: Assert that services are running and enabled + ansible.builtin.assert: + that: + - __sap_general_preconfigure_register_services_active.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0 + - __sap_general_preconfigure_register_services_enabled.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0 + fail_msg: "FAIL: Service '{{ item }}' is not running or not enabled!" + success_msg: "PASS: Package '{{ item }}' is running and enabled." + loop: "{{ __sap_general_preconfigure_services_2578899 }}" + ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + + +- name: Verify SAP Note using saptune + when: __sap_general_preconfigure_use_saptune | d(true) + block: + + - name: Verify SAP note 2578899 using saptune + ansible.builtin.command: + cmd: saptune note verify --show-non-compliant 2578899 + register: __sap_general_preconfigure_saptune_verify_2578899 + changed_when: false + ignore_errors: true + + - name: Assert that SAP note 2578899 is verified by saptune + ansible.builtin.assert: + that: "{{ __sap_general_preconfigure_saptune_verify_2578899.rc == 0 }}" + success_msg: "PASS: SAP note 2578899 is verified by saptune." + fail_msg: | + "FAIL: SAP note 2578899 is not verified by saptune! See details below:" + {{ __sap_general_preconfigure_saptune_verify_2578899.stdout_lines }} + {{ __sap_general_preconfigure_saptune_verify_2578899.stderr_lines }} + ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + + +- name: Verify SAP Note without using saptune + when: not __sap_general_preconfigure_use_saptune | d(true) + block: + + - name: Gather kernel parameters + ansible.builtin.command: sysctl kernel.pid_max + register: __sap_general_preconfigure_register_pid_max + changed_when: false + + - name: Assert that kernel parameter pid_max is set to 4194304 + ansible.builtin.assert: + that: + - "__sap_general_preconfigure_register_pid_max.stdout.split('=')[1] | trim == '4194304'" + fail_msg: "FAIL: Kernel parameter kernel.pid_max is not set to 4194304!" + success_msg: "PASS: Kernel parameter kernel.pid_max is set to 4194304." + ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + + - name: Get current contents of GRUB + ansible.builtin.slurp: + path: /etc/default/grub + register: __sap_general_preconfigure_grub_contents + + - name: Assert that GRUB cmdline parameters are set + ansible.builtin.assert: + that: + - "'{{ item }}' in __sap_general_preconfigure_grub_contents.content | b64decode | string" + fail_msg: "FAIL: GRUB cmdline parameter {{ item }} is not set!" + success_msg: "PASS: GRUB cmdline parameter {{ item }} is set." + loop: "{{ __sap_general_preconfigure_grub_cmdline_2578899 }}" + when: __sap_general_preconfigure_grub_cmdline_2578899 | length > 0 + ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2578899/assert-installation.yml b/roles/sap_general_preconfigure/tasks/sapnote/2578899/assert-installation.yml new file mode 100644 index 000000000..ba5d35014 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/2578899/assert-installation.yml @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# Check rpm --whatprovides only if package cannot be found directly. +- name: Query RPM packages + ansible.builtin.shell: + cmd: | + if rpm -q {{ item }} &> /dev/null; + then rpm -q {{ item }} + else rpm -q --whatprovides {{ item }}; + fi + register: __sap_general_preconfigure_register_packages + changed_when: false + ignore_errors: true + loop: "{{ __sap_general_preconfigure_packages_2578899 }}" + +- name: Assert that all required packages are installed + ansible.builtin.assert: + that: __sap_general_preconfigure_register_packages.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0 + fail_msg: "FAIL: Package '{{ item }}' is not installed!" + success_msg: "PASS: Package '{{ item }}' is installed." + loop: "{{ __sap_general_preconfigure_packages_2578899 }}" + ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2578899/configuration.yml b/roles/sap_general_preconfigure/tasks/sapnote/2578899/configuration.yml new file mode 100644 index 000000000..c8fea7a86 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/2578899/configuration.yml @@ -0,0 +1,52 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Ensure that the services are enabled and started + ansible.builtin.systemd: + name: "{{ item }}" + state: started + enabled: true + loop: "{{ __sap_general_preconfigure_services_2578899 }}" + + +- name: Execute task to update GRUB entries + ansible.builtin.include_tasks: + file: ../../SLES/generic/grub_update.yml + vars: + __sap_general_preconfigure_grub_cmdline: "{{ __sap_general_preconfigure_grub_cmdline_2578899 }}" + when: __sap_general_preconfigure_grub_cmdline | length > 0 + + +- name: Apply SAP note 2578899 using saptune + when: __sap_general_preconfigure_use_saptune | d(true) + block: + + - name: Apply SAP note 2578899 using saptune + ansible.builtin.command: + cmd: saptune note apply 2578899 + changed_when: true + + - name: Verify SAP note 2578899 using saptune + ansible.builtin.command: + cmd: saptune note verify 2578899 + register: __sap_general_preconfigure_saptune_verify_2578899 + changed_when: false + ignore_errors: true + + - name: Display error if saptune verify failed + ansible.builtin.debug: + msg: | + {{ __sap_general_preconfigure_saptune_verify_2578899.stdout_lines }} + {{ __sap_general_preconfigure_saptune_verify_2578899.stderr_lines }} + when: + __sap_general_preconfigure_saptune_verify_2578899.rc != 0 + + +- name: Configuration changes without saptune + when: not __sap_general_preconfigure_use_saptune | d(true) + block: + + - name: Increase kernel.pid_max to 4194304 + ansible.builtin.command: + cmd: sysctl -w kernel.pid_max=4194304 + changed_when: true diff --git a/roles/sap_general_preconfigure/tasks/sapnote/2578899/installation.yml b/roles/sap_general_preconfigure/tasks/sapnote/2578899/installation.yml new file mode 100644 index 000000000..164296bec --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/2578899/installation.yml @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Ensure that the required packages are installed + ansible.builtin.package: + name: "{{ __sap_general_preconfigure_packages_2578899 }}" + state: present diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909.yml new file mode 100644 index 000000000..b671d6399 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909.yml @@ -0,0 +1,72 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure - Display SAP note number 3562909 and its version + ansible.builtin.debug: + msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562909$') | first).number }} + (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562909$') | first).version }}): Configure RHEL 9" + tags: + - always + +- name: Import tasks from '3562909/02-configure-selinux.yml' + ansible.builtin.import_tasks: 3562909/02-configure-selinux.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_02 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_02 + +- name: Import tasks from '3562909/03-configure-hostname.yml' + ansible.builtin.import_tasks: 3562909/03-configure-hostname.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_03 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_03 + +- name: Import tasks from '3562909/04-configure-network-time-and-date.yml' + ansible.builtin.import_tasks: 3562909/04-configure-network-time-and-date.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_04 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_04 + +- name: Import tasks from '3562909/05-configure-firewall.yml' + ansible.builtin.import_tasks: 3562909/05-configure-firewall.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_05 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_05 + +- name: Import tasks from '3562909/06-configure-uuidd.yml' + ansible.builtin.import_tasks: 3562909/06-configure-uuidd.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_06 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_06 + +- name: Import tasks from '3562909/07-configure-tmpfs.yml' + ansible.builtin.import_tasks: 3562909/07-configure-tmpfs.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_07 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_07 + +- name: Import tasks from '3562909/08-configure-linux-kernel-parameters.yml' + ansible.builtin.import_tasks: 3562909/08-configure-linux-kernel-parameters.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_08 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_08 + +- name: Import tasks from '3562909/09-configure-process-resource-limits.yml' + ansible.builtin.import_tasks: 3562909/09-configure-process-resource-limits.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_09 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_09 + +- name: Import tasks from '3562909/10-configure-systemd-tmpfiles.yml' + ansible.builtin.import_tasks: 3562909/10-configure-systemd-tmpfiles.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_10 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_10 diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/02-assert-selinux.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/02-assert-selinux.yml new file mode 100644 index 000000000..0513f28ac --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/02-assert-selinux.yml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562909-2 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 2: Configure SELinux" + tags: + - sap_general_preconfigure_selinux + +- name: Import tasks from '../../RedHat/generic/assert-selinux.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/02-configure-selinux.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/02-configure-selinux.yml new file mode 100644 index 000000000..a4172ad75 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/02-configure-selinux.yml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562909-2 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 2: Configure SELinux" + tags: + - sap_general_preconfigure_selinux + +- name: Import tasks from '../../RedHat/generic/configure-selinux.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/configure-selinux.yml + tags: + - sap_general_preconfigure_selinux diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/03-assert-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/03-assert-hostname.yml new file mode 100644 index 000000000..8ca01d112 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/03-assert-hostname.yml @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562909-3 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 3: Configure Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution + +- name: Import tasks from '../../RedHat/generic/assert-hostname.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-hostname.yml + tags: + - sap_general_preconfigure_hostname + +- name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + tags: + - sap_general_preconfigure_etc_hosts + +- name: Import tasks from '../../RedHat/generic/assert-dns-name-resolution.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/03-configure-hostname.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/03-configure-hostname.yml new file mode 100644 index 000000000..d586c0119 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/03-configure-hostname.yml @@ -0,0 +1,39 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562909-3 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 3: Configure Hostname" + tags: + - sap_general_preconfigure_hostname + - sap_general_preconfigure_etc_hosts + - sap_general_preconfigure_dns_name_resolution + +- name: Import tasks from '../../RedHat/generic/configure-hostname.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/configure-hostname.yml + tags: + - sap_general_preconfigure_hostname + +- name: Import role sap_maintain_etc_hosts + ansible.builtin.import_role: + name: '{{ sap_general_preconfigure_sap_install_collection }}.sap_maintain_etc_hosts' + vars: + sap_maintain_etc_hosts_list: + - node_ip: "{{ sap_general_preconfigure_ip }}" + node_name: "{{ sap_general_preconfigure_hostname }}" + node_domain: "{{ sap_general_preconfigure_domain }}" + state: present + when: sap_general_preconfigure_modify_etc_hosts + tags: + - sap_general_preconfigure_etc_hosts + +- name: Import tasks from '../../RedHat/generic/assert-etc-hosts.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-etc-hosts.yml + when: not sap_general_preconfigure_modify_etc_hosts + tags: + - sap_general_preconfigure_etc_hosts + +- name: Import tasks from '../../RedHat/generic/check-dns-name-resolution.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml + tags: + - sap_general_preconfigure_dns_name_resolution diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/04-assert-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/04-assert-network-time-and-date.yml new file mode 100644 index 000000000..748bf8e11 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/04-assert-network-time-and-date.yml @@ -0,0 +1,35 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562909-4 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 4: Configure Network Time and Date" + tags: + - sap_general_preconfigure_network_time_and_date + +# Reason for noqa: We need to get the current status only +- name: Get status of chronyd # noqa command-instead-of-module + ansible.builtin.command: systemctl status chronyd + register: __sap_general_preconfigure_register_chronyd_status_assert + ignore_errors: true + changed_when: false + tags: + - sap_general_preconfigure_network_time_and_date + +- name: Assert that chronyd is enabled + ansible.builtin.assert: + that: "'/usr/lib/systemd/system/chronyd.service; enabled' in __sap_general_preconfigure_register_chronyd_status_assert.stdout" + fail_msg: "FAIL: Service 'chronyd' is not enabled!" + success_msg: "PASS: Service 'chronyd' is enabled." + ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_network_time_and_date + +- name: Assert that chronyd is active + ansible.builtin.assert: + that: "'active (running)' in __sap_general_preconfigure_register_chronyd_status_assert.stdout" + fail_msg: "FAIL: Service 'chronyd' is not active!" + success_msg: "PASS: Service 'chronyd' is active." + ignore_errors: "{{ sap_general_preconfigure_assert_ignore_errors | d(false) }}" + tags: + - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/04-configure-network-time-and-date.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/04-configure-network-time-and-date.yml new file mode 100644 index 000000000..a3f3c7b5d --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/04-configure-network-time-and-date.yml @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562909-4 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 4: Configure Network Time and Date" + tags: + - sap_general_preconfigure_network_time_and_date + +- name: Start and enable service chronyd + ansible.builtin.systemd: + name: chronyd + state: started + enabled: true + tags: + - sap_general_preconfigure_network_time_and_date diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/05-assert-firewall.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/05-assert-firewall.yml new file mode 100644 index 000000000..c3d40452d --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/05-assert-firewall.yml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562909-5 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 5: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall + +- name: Import tasks from '../../RedHat/generic/assert-firewall.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-firewall.yml + tags: + - sap_general_preconfigure_firewall diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/05-configure-firewall.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/05-configure-firewall.yml new file mode 100644 index 000000000..18ee27f7c --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/05-configure-firewall.yml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562909-5 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 5: Configure the Firewall" + tags: + - sap_general_preconfigure_firewall + +- name: Import tasks from '../../RedHat/generic/configure-firewall.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/configure-firewall.yml + tags: + - sap_general_preconfigure_firewall diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/06-assert-uuidd.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/06-assert-uuidd.yml new file mode 100644 index 000000000..33bd29d8b --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/06-assert-uuidd.yml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562909-6 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 6: Configure uuidd" + tags: + - sap_general_preconfigure_configure_uuidd + +- name: Import tasks from '../../RedHat/generic/assert-uuidd.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-uuidd.yml + tags: + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/06-configure-uuidd.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/06-configure-uuidd.yml new file mode 100644 index 000000000..a2cfffca3 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/06-configure-uuidd.yml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562909-6 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 6: Configure uuidd" + tags: + - sap_general_preconfigure_configure_uuidd + +- name: Import tasks from '../../RedHat/generic/configure-uuidd.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/configure-uuidd.yml + tags: + - sap_general_preconfigure_configure_uuidd diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/07-assert-tmpfs.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/07-assert-tmpfs.yml new file mode 100644 index 000000000..48548d2e6 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/07-assert-tmpfs.yml @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562909-7 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 7: Configure tmpfs; + memtotal_mb = {{ ansible_memtotal_mb }}; + swaptotal_mb = {{ ansible_swaptotal_mb }}; + sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - sap_general_preconfigure_configure_tmpfs + +- name: Import tasks from '../../RedHat/generic/assert-tmpfs.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-tmpfs.yml + tags: + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/07-configure-tmpfs.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/07-configure-tmpfs.yml new file mode 100644 index 000000000..99c61abfb --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/07-configure-tmpfs.yml @@ -0,0 +1,16 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562909-7 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 7: Configure tmpfs; + memtotal_mb = {{ ansible_memtotal_mb }}; + swaptotal_mb = {{ ansible_swaptotal_mb }}; + sap_general_preconfigure_size_of_tmpfs_gb = {{ sap_general_preconfigure_size_of_tmpfs_gb }}" + tags: + - sap_general_preconfigure_configure_tmpfs + +- name: Import tasks from '../../RedHat/generic/configure-tmpfs.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/configure-tmpfs.yml + tags: + - sap_general_preconfigure_configure_tmpfs diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/08-assert-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/08-assert-linux-kernel-parameters.yml new file mode 100644 index 000000000..6ef6cadda --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/08-assert-linux-kernel-parameters.yml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562909-8 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 8: Configure Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters + +- name: Import tasks from '../../RedHat/generic/assert-kernel-parameters.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/08-configure-linux-kernel-parameters.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/08-configure-linux-kernel-parameters.yml new file mode 100644 index 000000000..29b99c597 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/08-configure-linux-kernel-parameters.yml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562909-8 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 8: Configure Linux Kernel Parameters" + tags: + - sap_general_preconfigure_kernel_parameters + +- name: Import tasks from '../../RedHat/generic/configure-kernel-parameters.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/configure-kernel-parameters.yml + tags: + - sap_general_preconfigure_kernel_parameters diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/09-assert-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/09-assert-process-resource-limits.yml new file mode 100644 index 000000000..afd0f02d2 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/09-assert-process-resource-limits.yml @@ -0,0 +1,18 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562909-9 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 9: Configure Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits + +- name: Import tasks from '../../RedHat/generic/assert-limits-conf-file.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-limits-conf-file.yml + tags: + - sap_general_preconfigure_nproc_limits + +- name: Import tasks from '../../RedHat/generic/assert-nproc-limits.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/09-configure-process-resource-limits.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/09-configure-process-resource-limits.yml new file mode 100644 index 000000000..95d2c6661 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/09-configure-process-resource-limits.yml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562909-9 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 9: Configure Process Resource Limits" + tags: + - sap_general_preconfigure_nproc_limits + +- name: Import tasks from '../../RedHat/generic/increase-nproc-limits.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/increase-nproc-limits.yml + tags: + - sap_general_preconfigure_nproc_limits diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/10-assert-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/10-assert-systemd-tmpfiles.yml new file mode 100644 index 000000000..c0e42ed87 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/10-assert-systemd-tmpfiles.yml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562909-10 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 10: Configure systemd-tmpfiles" + tags: + - sap_general_preconfigure_systemd_tmpfiles + +- name: Import tasks from '../../RedHat/generic/assert-systemd-tmpfiles.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/assert-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/3562909/10-configure-systemd-tmpfiles.yml b/roles/sap_general_preconfigure/tasks/sapnote/3562909/10-configure-systemd-tmpfiles.yml new file mode 100644 index 000000000..bde2ef652 --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/3562909/10-configure-systemd-tmpfiles.yml @@ -0,0 +1,13 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562909-10 + ansible.builtin.debug: + msg: "SAP note 3562909 Step 10: Configure systemd-tmpfiles" + tags: + - sap_general_preconfigure_systemd_tmpfiles + +- name: Import tasks from '../../RedHat/generic/configure-systemd-tmpfiles.yml' + ansible.builtin.import_tasks: ../../RedHat/generic/configure-systemd-tmpfiles.yml + tags: + - sap_general_preconfigure_systemd_tmpfiles diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-2578899.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-2578899.yml new file mode 100644 index 000000000..38242e56c --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-2578899.yml @@ -0,0 +1,28 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# 2578899 - SUSE Linux Enterprise Server 15: Installation Note + +- name: Assert - Display SAP note number 2578899 and its version + ansible.builtin.debug: + msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2578899$') | first).number }} + (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2578899$') | first).version }}): + SUSE Linux Enterprise Server 15: Installation Note" + tags: + - always + +- name: Set fact for SAP note number 2578899 + ansible.builtin.set_fact: + __sap_general_preconfigure_services_2578899: + - uuidd.socket + - sysstat + - sysctl-logger.service + + __sap_general_preconfigure_grub_cmdline_2578899: [] + # I/O Scheduler parameter is already part of default saptune and sapconf configuration. + # - "elevator=noop" + +- name: Import tasks from '2578899/assert-installation.yml' + ansible.builtin.import_tasks: 2578899/assert-installation.yml + +- name: Import tasks from '2578899/assert-configuration.yml' + ansible.builtin.import_tasks: 2578899/assert-configuration.yml diff --git a/roles/sap_general_preconfigure/tasks/sapnote/assert-3562909.yml b/roles/sap_general_preconfigure/tasks/sapnote/assert-3562909.yml new file mode 100644 index 000000000..5237ed50a --- /dev/null +++ b/roles/sap_general_preconfigure/tasks/sapnote/assert-3562909.yml @@ -0,0 +1,72 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert - Display SAP note number 3562909 and its version + ansible.builtin.debug: + msg: "SAP note {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562909$') | first).number }} + (version {{ (__sap_general_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562909$') | first).version }}): Configure RHEL 9" + tags: + - always + +- name: Import tasks from '3562909/02-assert-selinux.yml' + ansible.builtin.import_tasks: 3562909/02-assert-selinux.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_02 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_02 + +- name: Import tasks from '3562909/03-assert-hostname.yml' + ansible.builtin.import_tasks: 3562909/03-assert-hostname.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_03 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_03 + +- name: Import tasks from '3562909/04-assert-network-time-and-date.yml' + ansible.builtin.import_tasks: 3562909/04-assert-network-time-and-date.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_04 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_04 + +- name: Import tasks from '3562909/05-assert-firewall.yml' + ansible.builtin.import_tasks: 3562909/05-assert-firewall.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_05 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_05 + +- name: Import tasks from '3562909/06-assert-uuidd.yml' + ansible.builtin.import_tasks: 3562909/06-assert-uuidd.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_06 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_06 + +- name: Import tasks from '3562909/07-assert-tmpfs.yml' + ansible.builtin.import_tasks: 3562909/07-assert-tmpfs.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_07 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_07 + +- name: Import tasks from '3562909/08-assert-linux-kernel-parameters.yml' + ansible.builtin.import_tasks: 3562909/08-assert-linux-kernel-parameters.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_08 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_08 + +- name: Import tasks from '3562909/09-assert-process-resource-limits.yml' + ansible.builtin.import_tasks: 3562909/09-assert-process-resource-limits.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_09 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_09 + +- name: Import tasks from '3562909/10-assert-systemd-tmpfiles.yml' + ansible.builtin.import_tasks: 3562909/10-assert-systemd-tmpfiles.yml + when: sap_general_preconfigure_config_all | d(true) or sap_general_preconfigure_3562909_10 | d(false) + tags: + - sap_general_preconfigure_3562909 + - sap_general_preconfigure_3562909_10 diff --git a/roles/sap_general_preconfigure/vars/RedHat_10.yml b/roles/sap_general_preconfigure/vars/RedHat_10.yml new file mode 100644 index 000000000..ef1a5803f --- /dev/null +++ b/roles/sap_general_preconfigure/vars/RedHat_10.yml @@ -0,0 +1,104 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# vars file for sap_general_preconfigure + +__sap_general_preconfigure_sapnotes_versions: + - { number: '2369910', version: '18' } + - { number: '3562909', version: '1' } + - { number: '1771258', version: '6' } + +__sap_general_preconfigure_max_repo_type_x86_64: 'e4s' +__sap_general_preconfigure_max_repo_type_ppc64le: 'e4s' +__sap_general_preconfigure_max_repo_type_s390x: 'eus' + +__sap_general_preconfigure_max_repo_type: "{{ lookup('vars', '__sap_general_preconfigure_max_repo_type_' + ansible_architecture) }}" + +# RHEL 9 minor releases maximum repo support duration +__sap_general_preconfigure_max_repo_type_string_10_0: '{{ __sap_general_preconfigure_max_repo_type }}-' +__sap_general_preconfigure_max_repo_type_string_10_1: '' + +__sap_general_preconfigure_max_repo_type_string: "{{ lookup('vars', '__sap_general_preconfigure_max_repo_type_string_' + ansible_distribution_version | replace(\".\", \"_\")) }}" + +__sap_general_preconfigure_req_os_repos: + - rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-baseos-{{ __sap_general_preconfigure_max_repo_type_string }}rpms + - rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-appstream-{{ __sap_general_preconfigure_max_repo_type_string }}rpms +__sap_general_preconfigure_req_netweaver_repos: + - rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-sap-netweaver-{{ __sap_general_preconfigure_max_repo_type_string }}rpms +__sap_general_preconfigure_req_hana_repos: + - rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-sap-solutions-{{ __sap_general_preconfigure_max_repo_type_string }}rpms +__sap_general_preconfigure_req_ha_repos: + - rhel-{{ ansible_distribution_major_version }}-for-{{ ansible_architecture }}-highavailability-{{ __sap_general_preconfigure_max_repo_type_string }}rpms + +__sap_general_preconfigure_envgroups: + - "server-product-environment" + +__sap_general_preconfigure_packagegroups_x86_64: + - "@server" + +__sap_general_preconfigure_packagegroups_ppc64le: + - "@server" + +__sap_general_preconfigure_packagegroups_s390x: + - "@server" + +__sap_general_preconfigure_packagegroups: "{{ lookup('vars', '__sap_general_preconfigure_packagegroups_' + ansible_architecture) }}" + +__sap_general_preconfigure_packages_x86_64: + - uuidd + - libnsl + - tcsh + - psmisc + - nfs-utils + - bind-utils +# package hostname: needed by rhel-system-roles-sap + - hostname +# package tuned: no longer part of package group "Core" in RHEL 10, so we have to install it + - tuned +# package libxcrypt-compat: needed by sapstartsrv and SAP HANA on RHEL 10: + - libxcrypt-compat +# English locale packages are required as per SAP note 2369910: + - langpacks-en + - glibc-langpack-en + +__sap_general_preconfigure_packages_ppc64le: + - uuidd + - libnsl + - tcsh + - psmisc + - nfs-utils + - bind-utils +# package hostname: needed by rhel-system-roles-sap + - hostname +# package tuned: no longer part of package group "Core" in RHEL 10, so we have to install it + - tuned +# package libxcrypt-compat: needed by sapstartsrv and SAP HANA on RHEL 10: + - libxcrypt-compat +# English locale packages are required as per SAP note 2369910: + - langpacks-en + - glibc-langpack-en + +__sap_general_preconfigure_packages_s390x: + - uuidd + - libnsl + - tcsh + - psmisc + - nfs-utils + - bind-utils +# package hostname: needed by rhel-system-roles-sap + - hostname +# package tuned: no longer part of package group "Core" in RHEL 10, so we have to install it + - tuned +# package libxcrypt-compat: needed by sapstartsrv on RHEL 10: + - libxcrypt-compat +# English locale packages are required as per SAP note 2369910: + - langpacks-en + - glibc-langpack-en + +__sap_general_preconfigure_packages: "{{ lookup('vars', '__sap_general_preconfigure_packages_' + ansible_architecture) }}" + +__sap_general_preconfigure_required_ppc64le: + - ibm-power-managed-rhel9 + +__sap_general_preconfigure_kernel_parameters_default: + - { name: vm.max_map_count, value: '2147483647' } diff --git a/roles/sap_general_preconfigure/vars/RedHat_7.yml b/roles/sap_general_preconfigure/vars/RedHat_7.yml index 8d59e235c..5478a445f 100644 --- a/roles/sap_general_preconfigure/vars/RedHat_7.yml +++ b/roles/sap_general_preconfigure/vars/RedHat_7.yml @@ -94,9 +94,6 @@ __sap_general_preconfigure_packages_x86_64: - compat-sap-c++-7 - compat-sap-c++-9 - compat-sap-c++-10 -# English locale packages are required as per SAP note 2369910: - - langpacks-en - - glibc-langpack-en __sap_general_preconfigure_packages_ppc64le: - uuidd @@ -107,26 +104,17 @@ __sap_general_preconfigure_packages_ppc64le: - compat-sap-c++-7 - compat-sap-c++-9 - compat-sap-c++-10 -# English locale packages are required as per SAP note 2369910: - - langpacks-en - - glibc-langpack-en __sap_general_preconfigure_packages_ppc64: - uuidd - tcsh - psmisc - compat-sap-c++-5 -# English locale packages are required as per SAP note 2369910: - - langpacks-en - - glibc-langpack-en __sap_general_preconfigure_packages_s390x: - uuidd - tcsh - psmisc -# English locale packages are required as per SAP note 2369910: - - langpacks-en - - glibc-langpack-en __sap_general_preconfigure_packages: "{{ lookup('vars', '__sap_general_preconfigure_packages_' + ansible_architecture) }}" diff --git a/roles/sap_general_preconfigure/vars/SLES_15.yml b/roles/sap_general_preconfigure/vars/SLES_15.yml new file mode 100644 index 000000000..f6e474787 --- /dev/null +++ b/roles/sap_general_preconfigure/vars/SLES_15.yml @@ -0,0 +1,33 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# Variables specific to following versions: +# - SUSE Linux Enterprise Server 15 + +__sap_general_preconfigure_sapnotes_versions: + # 2578899 - SUSE Linux Enterprise Server 15: Installation Note + - { number: '2578899', version: '50' } + # 2369910 - SAP Software on Linux: General information + - { number: '2369910', version: '18' } + +__sap_general_preconfigure_packages: + - uuidd + - tcsh + - psmisc + - nfs-utils + - bind-utils + - hostname + +# Packages specific for SAP Note 2578899 +# Their services are enabled using __sap_general_preconfigure_services_2578899 +__sap_general_preconfigure_packages_2578899: + - uuidd + - sysstat + - sysctl-logger + +__sap_general_preconfigure_min_pkgs: [] +__sap_general_preconfigure_packagegroups: +__sap_general_preconfigure_envgroups: +__sap_general_preconfigure_kernel_parameters_default: [] + +# SLES_SAP is using saptune, but SLES is using sapconf. +__sap_general_preconfigure_use_saptune: false diff --git a/roles/sap_general_preconfigure/vars/SLES_SAP_15.yml b/roles/sap_general_preconfigure/vars/SLES_SAP_15.yml new file mode 100644 index 000000000..1f2dcb57a --- /dev/null +++ b/roles/sap_general_preconfigure/vars/SLES_SAP_15.yml @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# Variables specific to following versions: +# - SUSE Linux Enterprise Server for SAP Applications 15 + +__sap_general_preconfigure_sapnotes_versions: + # 2578899 - SUSE Linux Enterprise Server 15: Installation Note + - { number: '2578899', version: '50' } + # 2369910 - SAP Software on Linux: General information + - { number: '2369910', version: '18' } + +__sap_general_preconfigure_packages: + # Mandatory patterns + - patterns-server-enterprise-sap_server + + # Recommended packages + - tcsh + - psmisc + + # Additional packages + - nfs-utils + - bind-utils + +# Packages specific for SAP Note 2578899 +# Their services are enabled using __sap_general_preconfigure_services_2578899 +__sap_general_preconfigure_packages_2578899: + - uuidd + - sysstat + - sysctl-logger + +__sap_general_preconfigure_min_pkgs: [] +__sap_general_preconfigure_packagegroups: +__sap_general_preconfigure_envgroups: +__sap_general_preconfigure_kernel_parameters_default: [] + +# SLES_SAP is using saptune, but SLES is using sapconf. +__sap_general_preconfigure_use_saptune: true diff --git a/roles/sap_general_preconfigure/vars/SLES_SAP_16.yml b/roles/sap_general_preconfigure/vars/SLES_SAP_16.yml new file mode 100644 index 000000000..9b97b66c7 --- /dev/null +++ b/roles/sap_general_preconfigure/vars/SLES_SAP_16.yml @@ -0,0 +1,32 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# Variables specific to following versions: +# - SUSE Linux Enterprise Server for SAP Applications 16 + +__sap_general_preconfigure_sapnotes_versions: [] + +__sap_general_preconfigure_packages: + # Mandatory patterns + - patterns-sap-base_sap_server + + # Recommended packages + - tcsh + - psmisc + + # 2578899 is not updated for SLES 16 yet. + - uuidd + - sysstat + - sysctl-logger + + # Additional packages + - nfs-utils + - bind-utils + + +__sap_general_preconfigure_min_pkgs: [] +__sap_general_preconfigure_packagegroups: +__sap_general_preconfigure_envgroups: +__sap_general_preconfigure_kernel_parameters_default: [] + +# SLES_SAP is using saptune, but SLES is using sapconf. +__sap_hana_preconfigure_use_saptune: true diff --git a/roles/sap_general_preconfigure/vars/Suse.yml b/roles/sap_general_preconfigure/vars/Suse.yml deleted file mode 100644 index f43013ded..000000000 --- a/roles/sap_general_preconfigure/vars/Suse.yml +++ /dev/null @@ -1,23 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- -# Variables specific to following versions: -# - SUSE Linux Enterprise Server for SAP Applications 15 -# - SUSE Linux Enterprise Server 15 -# - SUSE Linux Enterprise Server for SAP Applications 16 -# - SUSE Linux Enterprise Server 16 - -__sap_general_preconfigure_sapnotes_versions: - - { number: '2369910', version: '18' } - -__sap_general_preconfigure_packages: - - uuidd - - tcsh - - psmisc - - nfs-utils - - bind-utils - - hostname - -__sap_general_preconfigure_min_pkgs: -__sap_general_preconfigure_packagegroups: -__sap_general_preconfigure_envgroups: -__sap_general_preconfigure_kernel_parameters_default: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/main.yml b/roles/sap_ha_pacemaker_cluster/tasks/main.yml index 95c43eac3..bdc3b3b14 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/main.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/main.yml @@ -297,7 +297,7 @@ # Save all the constructed cluster parameters into a vars file. # -# This will help re-using ha_cluster afterwards without losing the already +# This will help reusing ha_cluster afterwards without losing the already # configured resources and constraints. # The ha_cluster role will otherwise remove configuration that is not part # of the parameters provided during any subsequent run outside of the current diff --git a/roles/sap_hana_preconfigure/README.md b/roles/sap_hana_preconfigure/README.md index 52014f2a4..64b4bacdc 100644 --- a/roles/sap_hana_preconfigure/README.md +++ b/roles/sap_hana_preconfigure/README.md @@ -203,7 +203,7 @@ Available values: - _Type:_ `bool` - _Default:_ `false` -Check the RHEL release against parameter `sap_hana_preconfigure_supported_rhel_minor_releases`, which is a list of
+(RedHat specific) Check the RHEL release against parameter `sap_hana_preconfigure_supported_rhel_minor_releases`, which is a list of
known SAP HANA supported RHEL minor releases. By default, the role will display a message and continue running if
the RHEL release is not part of that list. If set to `true`, the role will fail in such a case.
@@ -211,13 +211,13 @@ the RHEL release is not part of that list. If set to `true`, the role will fail - _Type:_ `list` with elements of type `str` - _Default:_ (set by platform/environment specific variables) -Use this parameter to set your own list of SAP HANA supported RHEL minor releases.
+(RedHat specific) Use this parameter to set your own list of SAP HANA supported RHEL minor releases.
### sap_hana_preconfigure_enable_sap_hana_repos - _Type:_ `bool` - _Default:_ `false` -Set to 'true' to enable the SAP HANA required RHEL repos.
+(RedHat specific) Set to 'true' to enable the SAP HANA required RHEL repos.
This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_use_hana_repos`.
@@ -225,7 +225,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene - _Type:_ `list` with elements of type `str` - _Default:_ (set by platform/environment specific variables) -Use this parameter to set your own list of SAP HANA required RHEL 7 repos on x86_64'
+(RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 7 repos on x86_64'
This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.
@@ -233,7 +233,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene - _Type:_ `list` with elements of type `str` - _Default:_ (set by platform/environment specific variables) -Use this parameter to set your own list of SAP HANA required RHEL 7 repos on ppc64le'
+(RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 7 repos on ppc64le'
This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.
@@ -241,7 +241,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene - _Type:_ `list` with elements of type `str` - _Default:_ (set by platform/environment specific variables) -Use this parameter to set your own list of SAP HANA required RHEL 8 repos on x86_64'
+(RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 8 repos on x86_64'
This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.
@@ -249,7 +249,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene - _Type:_ `list` with elements of type `str` - _Default:_ (set by platform/environment specific variables) -Use this parameter to set your own list of SAP HANA required RHEL 8 repos on ppc64le'
+(RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 8 repos on ppc64le'
This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.
@@ -257,7 +257,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene - _Type:_ `list` with elements of type `str` - _Default:_ (set by platform/environment specific variables) -Use this parameter to set your own list of SAP HANA required RHEL 9 repos on x86_64'
+(RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 9 repos on x86_64'
This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.
@@ -265,7 +265,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene - _Type:_ `list` with elements of type `str` - _Default:_ (set by platform/environment specific variables) -Use this parameter to set your own list of SAP HANA required RHEL 9 repos on ppc64le'
+(RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 9 repos on ppc64le'
This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose.
The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`.
@@ -273,7 +273,7 @@ The related parameters are `sap_general_preconfigure_enable_repos` and `sap_gene - _Type:_ `bool` - _Default:_ `false` -Use this parameter to set the RHEL minor release, which is required for SAP HANA.
+Use this parameter to set the minor release, which is required for SAP HANA.
The related parameter is `sap_general_preconfigure_set_minor_release`.
### sap_hana_preconfigure_create_directories @@ -306,7 +306,8 @@ how the variable `sap_hana_preconfigure_create_directories` (see above) is set.< - _Type:_ `list` with elements of type `str` - _Default:_ (set by platform/environment specific variables) -List of RHEL packages to be installed for SAP HANA. For RHEL 8 and later, you can choose to install either the default list
+The list of packages to be installed.
+For RHEL 8 and later, you can choose to install either the default list
or a list of the minimum required packages for SAP HANA server (parameter `__sap_hana_preconfigure_packages_min_install`).
### sap_hana_preconfigure_min_package_check @@ -323,7 +324,7 @@ Set this parameter to `false` if you want to ignore these requirements.
Set this parameter to `true` to update the system to the latest package levels.
By setting the parameter `sap_general_preconfigure_set_minor_release` of the
role `sap_general_preconfigure` to `true`, you can install the most recent package updates
-without updating to a more recent RHEL minor release.
+without updating to a more recent minor release.
### sap_hana_preconfigure_reboot_ok - _Type:_ `bool` @@ -401,7 +402,7 @@ Set this parameter to `false` to use static kernel settings
- _Type:_ `str` - _Default:_ `'sap-hana'` -Name of the SAP HANA tuned tuned profile to enable (RHEL).
+(RedHat specific) Name of the SAP HANA tuned tuned profile to enable.
### sap_hana_preconfigure_modify_grub_cmdline_linux - _Type:_ `bool` @@ -420,12 +421,12 @@ Set this parameter to `false` if this is not desired.
- _Type:_ `str` - _Default:_ `` -Override the default setting for THP, which is determined automatically by the role, depending on the RHEL version. +Override the default setting for THP, which is determined automatically by the role, depending on the OS version. ### sap_hana_preconfigure_db_group_name - _Type:_ `str` -Use this parameter to specify the name of the RHEL group which is used for the database processes.
+(RedHat specific) Use this parameter to specify the name of the RHEL group which is used for the database processes.
It will be used to configure process limits as per step "Configuring Process Resource Limits" of SAP note 2772999.
Example: diff --git a/roles/sap_hana_preconfigure/defaults/main.yml b/roles/sap_hana_preconfigure/defaults/main.yml index 393a1b016..61f97cc0e 100644 --- a/roles/sap_hana_preconfigure/defaults/main.yml +++ b/roles/sap_hana_preconfigure/defaults/main.yml @@ -100,8 +100,10 @@ sap_hana_preconfigure_modify_selinux_labels: true # how the variable `sap_hana_preconfigure_create_directories` (see above) is set. sap_hana_preconfigure_packages: "{{ __sap_hana_preconfigure_packages }}" -# List of RHEL packages to be installed for SAP HANA. For RHEL 8 and later, you can choose to install either the default list +# The list of packages to be installed for SAP HANA. +# For RHEL 8 and later, you can choose to install either the default list # or a list of the minimum required packages for SAP HANA server (parameter `__sap_hana_preconfigure_packages_min_install`). +# The default for this variable is set in the vars file which corresponds to the detected OS version. sap_hana_preconfigure_min_package_check: true # SAP HANA requires certain minimum package versions to be supported. These minimum levels are listed in SAP Note 2235581. diff --git a/roles/sap_hana_preconfigure/handlers/main.yml b/roles/sap_hana_preconfigure/handlers/main.yml index 4f3887f6f..df7ed65a0 100644 --- a/roles/sap_hana_preconfigure/handlers/main.yml +++ b/roles/sap_hana_preconfigure/handlers/main.yml @@ -1,6 +1,7 @@ # SPDX-License-Identifier: Apache-2.0 --- +# BEGIN - GRUB section - name: "Check if server is booted in BIOS or UEFI mode" ansible.builtin.stat: path: /sys/firmware/efi @@ -18,7 +19,8 @@ - sap_hana_preconfigure_run_grub2_mkconfig | d(true) - name: "Run grub-mkconfig (BIOS mode)" - ansible.builtin.command: grub2-mkconfig -o /boot/grub2/grub.cfg + ansible.builtin.command: + cmd: grub2-mkconfig -o /boot/grub2/grub.cfg register: __sap_hana_preconfigure_register_grub2_mkconfig_bios_mode changed_when: true listen: __sap_hana_preconfigure_regenerate_grub2_conf_handler @@ -51,7 +53,8 @@ - ansible_distribution == 'SLES' or ansible_distribution == 'SLES_SAP' - name: "Run grub-mkconfig (UEFI mode)" - ansible.builtin.command: "grub2-mkconfig -o {{ __sap_hana_preconfigure_uefi_boot_dir }}" + ansible.builtin.command: + cmd: "grub2-mkconfig -o {{ __sap_hana_preconfigure_uefi_boot_dir }}" register: __sap_hana_preconfigure_register_grub2_mkconfig_uefi_mode changed_when: true listen: __sap_hana_preconfigure_regenerate_grub2_conf_handler @@ -70,17 +73,22 @@ - sap_hana_preconfigure_run_grub2_mkconfig | d(true) - name: "Run grubby for enabling TSX" - ansible.builtin.command: grubby --args="tsx=on" --update-kernel=ALL + ansible.builtin.command: + cmd: grubby --args="tsx=on" --update-kernel=ALL changed_when: true listen: __sap_hana_preconfigure_grubby_update_handler notify: __sap_hana_preconfigure_reboot_handler - name: "Run grubby for setting THP to '{{ __sap_hana_preconfigure_fact_thp }}'" - ansible.builtin.command: grubby --args="transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}" --update-kernel=ALL + ansible.builtin.command: + cmd: grubby --args="transparent_hugepage={{ __sap_hana_preconfigure_fact_thp }}" --update-kernel=ALL changed_when: true listen: __sap_hana_preconfigure_grubby_thp_handler notify: __sap_hana_preconfigure_reboot_handler +# END - GRUB section + + - name: Reboot the managed node ansible.builtin.reboot: test_command: /bin/true @@ -88,18 +96,20 @@ when: - sap_hana_preconfigure_reboot_ok | d(false) + # Kernel update triggers zypper purge-kernels and lock after reboot. - name: Wait for Zypper lock to be released ansible.builtin.command: cmd: zypper info zypper - retries: 60 - timeout: 5 + retries: 20 + timeout: 30 listen: __sap_hana_preconfigure_reboot_handler when: - ansible_os_family == 'Suse' - sap_hana_preconfigure_reboot_ok | d(false) changed_when: false + - name: Let the role fail if a reboot is required ansible.builtin.fail: msg: Reboot is required! @@ -115,3 +125,9 @@ when: - not sap_hana_preconfigure_fail_if_reboot_required | d(true) - not sap_hana_preconfigure_reboot_ok | d(false) + +- name: Unmask packagekit.service + ansible.builtin.systemd_service: + name: packagekit.service + masked: false + listen: __sap_hana_preconfigure_packagekit_handler diff --git a/roles/sap_hana_preconfigure/meta/argument_specs.yml b/roles/sap_hana_preconfigure/meta/argument_specs.yml index 098aa7db4..32902df64 100644 --- a/roles/sap_hana_preconfigure/meta/argument_specs.yml +++ b/roles/sap_hana_preconfigure/meta/argument_specs.yml @@ -86,7 +86,7 @@ argument_specs: sap_hana_preconfigure_min_rhel_release_check: default: false description: - - Check the RHEL release against parameter `sap_hana_preconfigure_supported_rhel_minor_releases`, which is a list of + - (RedHat specific) Check the RHEL release against parameter `sap_hana_preconfigure_supported_rhel_minor_releases`, which is a list of - known SAP HANA supported RHEL minor releases. By default, the role will display a message and continue running if - the RHEL release is not part of that list. If set to `true`, the role will fail in such a case. required: false @@ -95,7 +95,7 @@ argument_specs: sap_hana_preconfigure_supported_rhel_minor_releases: default: "{{ __sap_hana_preconfigure_supported_rhel_minor_releases }}" description: - - Use this parameter to set your own list of SAP HANA supported RHEL minor releases. + - (RedHat specific) Use this parameter to set your own list of SAP HANA supported RHEL minor releases. required: false type: list elements: str @@ -103,7 +103,7 @@ argument_specs: sap_hana_preconfigure_enable_sap_hana_repos: default: false description: - - Set to 'true' to enable the SAP HANA required RHEL repos. + - (RedHat specific) Set to 'true' to enable the SAP HANA required RHEL repos. - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose. - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_use_hana_repos`. required: false @@ -112,7 +112,7 @@ argument_specs: sap_hana_preconfigure_req_repos_redhat_7_x86_64: default: "{{ __sap_hana_preconfigure_req_repos_redhat_7_x86_64 }}" description: - - Use this parameter to set your own list of SAP HANA required RHEL 7 repos on x86_64' + - (RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 7 repos on x86_64' - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose. - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`. required: false @@ -122,7 +122,7 @@ argument_specs: sap_hana_preconfigure_req_repos_redhat_7_ppc64le: default: "{{ __sap_hana_preconfigure_req_repos_redhat_7_ppc64le }}" description: - - Use this parameter to set your own list of SAP HANA required RHEL 7 repos on ppc64le' + - (RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 7 repos on ppc64le' - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose. - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`. required: false @@ -132,7 +132,7 @@ argument_specs: sap_hana_preconfigure_req_repos_redhat_8_x86_64: default: "{{ __sap_hana_preconfigure_req_repos_redhat_8_x86_64 }}" description: - - Use this parameter to set your own list of SAP HANA required RHEL 8 repos on x86_64' + - (RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 8 repos on x86_64' - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose. - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`. required: false @@ -142,7 +142,7 @@ argument_specs: sap_hana_preconfigure_req_repos_redhat_8_ppc64le: default: "{{ __sap_hana_preconfigure_req_repos_redhat_8_ppc64le }}" description: - - Use this parameter to set your own list of SAP HANA required RHEL 8 repos on ppc64le' + - (RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 8 repos on ppc64le' - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose. - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`. required: false @@ -152,7 +152,7 @@ argument_specs: sap_hana_preconfigure_req_repos_redhat_9_x86_64: default: "{{ __sap_hana_preconfigure_req_repos_redhat_9_x86_64 }}" description: - - Use this parameter to set your own list of SAP HANA required RHEL 9 repos on x86_64' + - (RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 9 repos on x86_64' - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose. - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`. required: false @@ -162,7 +162,7 @@ argument_specs: sap_hana_preconfigure_req_repos_redhat_9_ppc64le: default: "{{ __sap_hana_preconfigure_req_repos_redhat_9_ppc64le }}" description: - - Use this parameter to set your own list of SAP HANA required RHEL 9 repos on ppc64le' + - (RedHat specific) Use this parameter to set your own list of SAP HANA required RHEL 9 repos on ppc64le' - This parameter is deprecated because the role sap_general_preconfigure can be used for this purpose. - The related parameters are `sap_general_preconfigure_enable_repos` and `sap_general_preconfigure_req_repos`. required: false @@ -172,7 +172,7 @@ argument_specs: sap_hana_preconfigure_set_minor_release: default: false description: - - Use this parameter to set the RHEL minor release, which is required for SAP HANA. + - Use this parameter to set the minor release, which is required for SAP HANA. - The related parameter is `sap_general_preconfigure_set_minor_release`. required: false type: bool @@ -210,8 +210,9 @@ argument_specs: sap_hana_preconfigure_packages: default: "{{ __sap_hana_preconfigure_packages }}" description: - - List of RHEL packages to be installed for SAP HANA. For RHEL 8 and later, you can choose to install either the default list + - The list of packages to be installed for SAP HANA. For RHEL 8 and later, you can choose to install either the default list - or a list of the minimum required packages for SAP HANA server (parameter `__sap_hana_preconfigure_packages_min_install`). + - The default for this variable is set in the vars file which corresponds to the detected OS version. required: false type: list elements: str @@ -230,7 +231,7 @@ argument_specs: - Set this parameter to `true` to update the system to the latest package levels. - By setting the parameter `sap_general_preconfigure_set_minor_release` of the - role `sap_general_preconfigure` to `true`, you can install the most recent package updates - - without updating to a more recent RHEL minor release. + - without updating to a more recent minor release. required: false type: bool @@ -322,7 +323,7 @@ argument_specs: sap_hana_preconfigure_tuned_profile: default: 'sap-hana' description: - - Name of the SAP HANA tuned tuned profile to enable (RHEL). + - (RedHat specific) Name of the SAP HANA tuned tuned profile to enable. required: false type: str @@ -344,7 +345,7 @@ argument_specs: sap_hana_preconfigure_thp: default: '' description: - - Override the default setting for THP, which is determined automatically by the role, depending on the RHEL version. + - Override the default setting for THP, which is determined automatically by the role, depending on the OS version. choices: - '' - 'always' @@ -355,7 +356,7 @@ argument_specs: sap_hana_preconfigure_db_group_name: description: - - Use this parameter to specify the name of the RHEL group which is used for the database processes. + - (RedHat specific) Use this parameter to specify the name of the group which is used for the database processes. - It will be used to configure process limits as per step "Configuring Process Resource Limits" of SAP note 2772999. example: sap_hana_preconfigure_db_group_name: 'dba' @@ -385,7 +386,7 @@ argument_specs: sap_hana_preconfigure_saptune_azure: default: false description: - - On Azure, TCP timestamps, reuse and recycle should be disabled (SLES for SAP Applications). + - (SUSE specific) On Azure, TCP timestamps, reuse and recycle should be disabled (SLES for SAP Applications). - Set this parameter to `true` on Azure. required: false type: bool diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/assert-configuration.yml b/roles/sap_hana_preconfigure/tasks/RedHat/assert-configuration.yml index d0cba4756..80275e3e8 100644 --- a/roles/sap_hana_preconfigure/tasks/RedHat/assert-configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/RedHat/assert-configuration.yml @@ -1,6 +1,9 @@ # SPDX-License-Identifier: Apache-2.0 --- +- name: Gather package facts again after the installation phase + ansible.builtin.package_facts: + - name: Assert - List required SAP Notes ansible.builtin.debug: var: __sap_hana_preconfigure_sapnotes_versions | difference(['']) diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/assert-installation.yml b/roles/sap_hana_preconfigure/tasks/RedHat/assert-installation.yml index 2b05f9c47..5f40fb1dd 100644 --- a/roles/sap_hana_preconfigure/tasks/RedHat/assert-installation.yml +++ b/roles/sap_hana_preconfigure/tasks/RedHat/assert-installation.yml @@ -1,6 +1,9 @@ # SPDX-License-Identifier: Apache-2.0 --- +- name: Gather package facts + ansible.builtin.package_facts: + - name: Assert that the system is running a RHEL release which is supported for SAP HANA ansible.builtin.assert: that: ansible_distribution_version in sap_hana_preconfigure_supported_rhel_minor_releases diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/configuration.yml b/roles/sap_hana_preconfigure/tasks/RedHat/configuration.yml index 5d334ef0d..93083bf06 100644 --- a/roles/sap_hana_preconfigure/tasks/RedHat/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/RedHat/configuration.yml @@ -1,6 +1,9 @@ # SPDX-License-Identifier: Apache-2.0 --- +- name: Gather package facts again after the installation phase + ansible.builtin.package_facts: + - name: Configure - List required SAP Notes ansible.builtin.debug: var: __sap_hana_preconfigure_sapnotes_versions | difference(['']) diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/generic/assert-thp.yml b/roles/sap_hana_preconfigure/tasks/RedHat/generic/assert-thp.yml index b13bf9966..feab4ab4f 100644 --- a/roles/sap_hana_preconfigure/tasks/RedHat/generic/assert-thp.yml +++ b/roles/sap_hana_preconfigure/tasks/RedHat/generic/assert-thp.yml @@ -40,8 +40,9 @@ when: - sap_hana_preconfigure_thp is undefined or sap_hana_preconfigure_thp | length == 0 - ansible_distribution == 'RedHat' - - ansible_distribution_major_version == '9' and - __sap_hana_preconfigure_fact_ansible_distribution_minor_version | int >= 2 + - (ansible_distribution_major_version == '9' and + __sap_hana_preconfigure_fact_ansible_distribution_minor_version | int >= 2) or + ansible_distribution_major_version == '10' - name: Set fact for THP if 'sap_hana_preconfigure_thp' is defined ansible.builtin.set_fact: diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-thp.yml b/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-thp.yml index 1c60776b9..79542cea8 100644 --- a/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-thp.yml +++ b/roles/sap_hana_preconfigure/tasks/RedHat/generic/configure-thp.yml @@ -23,8 +23,9 @@ when: - sap_hana_preconfigure_thp is undefined or sap_hana_preconfigure_thp | length == 0 - ansible_distribution == 'RedHat' - - ansible_distribution_major_version == '9' and - __sap_hana_preconfigure_fact_ansible_distribution_minor_version | int >= 2 + - (ansible_distribution_major_version == '9' and + __sap_hana_preconfigure_fact_ansible_distribution_minor_version | int >= 2) or + ansible_distribution_major_version == '10' - name: Set fact for THP if 'sap_hana_preconfigure_thp' is defined ansible.builtin.set_fact: diff --git a/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml b/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml index 1ffcd4be5..cf37af46e 100644 --- a/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml +++ b/roles/sap_hana_preconfigure/tasks/RedHat/installation.yml @@ -1,6 +1,9 @@ # SPDX-License-Identifier: Apache-2.0 --- +- name: Gather package facts + ansible.builtin.package_facts: + - name: Get the current RHEL release ansible.builtin.setup: gather_subset: distribution_version diff --git a/roles/sap_hana_preconfigure/tasks/SLES/assert-configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/assert-configuration.yml index b2e96401f..f8f72c340 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/assert-configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/assert-configuration.yml @@ -1,41 +1,47 @@ # SPDX-License-Identifier: Apache-2.0 --- -- name: Populate service facts - ansible.builtin.service_facts: -- name: Assert that saptune is running and enabled - ansible.builtin.assert: - that: - - "ansible_facts.services['saptune.service'].state == 'running'" - - "ansible_facts.services['saptune.service'].status == 'enabled'" - fail_msg: "FAIL: the service 'saptune' is not configured as expected" - success_msg: "PASS: the service 'saptune' is configured as expected" +- name: Assert that saptune solution is correct + when: __sap_hana_preconfigure_use_saptune + block: + - name: Discover active solution + ansible.builtin.command: + cmd: saptune solution enabled + register: __sap_hana_preconfigure_register_saptune_status + changed_when: false + ignore_errors: true -- name: Run saptune_check - ansible.builtin.command: saptune_check - register: __sap_hana_preconfigure_register_saptune_check - changed_when: false - failed_when: false + - name: Set fact for active solution + ansible.builtin.set_fact: + # Capture the first block on none whitespace + __sap_hana_preconfigure_register_solution_configured: + "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" -- name: Assert that saptune_check executed correctly - ansible.builtin.assert: - that: __sap_hana_preconfigure_register_saptune_check.rc == 0 - fail_msg: "FAIL: the command saptune_check fails" - success_msg: "PASS: the command saptune_check executes as expected" + - name: Assert that active solution is the expected solution + ansible.builtin.assert: + that: __sap_hana_preconfigure_register_solution_configured == sap_hana_preconfigure_saptune_solution + fail_msg: "FAIL: the configured saptune solution is '{{ __sap_hana_preconfigure_register_solution_configured + }}'' and does not match the expected solution '{{ sap_hana_preconfigure_saptune_solution }}'" + success_msg: "PASS: the configured saptune solution matches the expected solution '{{ sap_hana_preconfigure_saptune_solution }}'" + ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" -- name: Discover active solution - ansible.builtin.command: saptune solution enabled - register: __sap_hana_preconfigure_register_saptune_status - changed_when: false + - name: Verify saptune solution + ansible.builtin.command: + cmd: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}" + register: __sap_hana_preconfigure_register_saptune_verify + changed_when: false + failed_when: false + when: + - __sap_hana_preconfigure_register_solution_configured == sap_hana_preconfigure_saptune_solution -- name: Set solution fact - ansible.builtin.set_fact: - __sap_hana_preconfigure_saptune_configured_solution: - "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" -- name: Assert that active solution is the expected solution - ansible.builtin.assert: - that: __sap_hana_preconfigure_saptune_configured_solution == sap_hana_preconfigure_saptune_solution - fail_msg: "FAIL: the configured saptune solution is '{{ __sap_hana_preconfigure_saptune_configured_solution - }}'' and does not match the expected solution '{{ sap_hana_preconfigure_saptune_solution }}'" - success_msg: "PASS: the configured saptune solution matches the expected solution '{{ sap_hana_preconfigure_saptune_solution }}'" + - name: Assert that saptune solution is verified by saptune + ansible.builtin.assert: + that: "{{ __sap_hana_preconfigure_register_saptune_verify.rc == 0 }}" + success_msg: "PASS: saptune solution {{ sap_hana_preconfigure_saptune_solution }} is verified by saptune." + fail_msg: | + "FAIL: active saptune solution is not verified by saptune! See details below:" + {{ __sap_hana_preconfigure_register_saptune_verify.stdout_lines }} + {{ __sap_hana_preconfigure_register_saptune_verify.stderr_lines }} + when: + - __sap_hana_preconfigure_register_solution_configured == sap_hana_preconfigure_saptune_solution diff --git a/roles/sap_hana_preconfigure/tasks/SLES/assert-installation.yml b/roles/sap_hana_preconfigure/tasks/SLES/assert-installation.yml index c04f406a5..b1a643d7d 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/assert-installation.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/assert-installation.yml @@ -1,25 +1,108 @@ # SPDX-License-Identifier: Apache-2.0 --- -# Capture all patterns along with their install status -- name: Get zypper pattern information - ansible.builtin.command: zypper patterns - register: __sap_hana_preconfigure_zypper_patterns + +# Check rpm --whatprovides only if package cannot be found directly. +- name: Query RPM packages + ansible.builtin.shell: + cmd: | + if rpm -q {{ item }} &> /dev/null; + then rpm -q {{ item }} + else rpm -q --whatprovides {{ item }}; + fi + register: __sap_hana_preconfigure_register_packages changed_when: false + ignore_errors: true + loop: "{{ sap_hana_preconfigure_packages }}" + -# Count the number of times the sap-hana pattern appears to be installed in the output. -# It is OK for it to appear more than once -- name: Assert the sap-hana pattern is installed +- name: Assert that all required packages are installed ansible.builtin.assert: - that: __sap_hana_preconfigure_zypper_patterns.stdout_lines | select('match', 'i.*sap-hana.*') | length != 0 - fail_msg: "FAIL: the sap-hana pattern is not installed" - success_msg: "PASS: the sap-hana pattern is installed" + that: __sap_hana_preconfigure_register_packages.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0 + fail_msg: "FAIL: Package '{{ item }}' is not installed!" + success_msg: "PASS: Package '{{ item }}' is installed." + loop: "{{ sap_hana_preconfigure_packages }}" + ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" + -- name: Assert saptune is at requested version +- name: Gather service facts + ansible.builtin.service_facts: + +# Service packagekit is part of PackageKit-backend-zypp (SLE-Module-Desktop-Applications) +# This service creates zypper locks and causes package install failures. +- name: Wait for stop of packagekit.service + ansible.builtin.shell: | + set -o pipefail && bash -c ' + while (ps aux | grep "[z]ypper" | grep -v grep) || (ps aux | grep "/usr/lib/packagekitd" | grep -v grep) || + ([ -f /var/run/zypp.pid ] && [ -s /var/run/zypp.pid ]); do + sleep 10; + done' + register: __packagekit_service_check + changed_when: false + until: __packagekit_service_check.rc == 0 + retries: 60 + when: "'packagekit.service' in ansible_facts.services" + +- name: Get info about possible package updates # noqa command-instead-of-module + ansible.builtin.command: + cmd: zypper -q patch-check + timeout: 60 + register: __sap_hana_preconfigure_register_zypper_check_update_assert + changed_when: false + ignore_errors: true # true, because unpatched system is always error. + when: sap_hana_preconfigure_update + +- name: Assert that there are no more possible package updates ansible.builtin.assert: - that: ansible_facts.packages['saptune'][0]['version'] == sap_hana_preconfigure_saptune_version - fail_msg: "FAIL: saptune version installed is {{ ansible_facts.packages['saptune'][0]['version'] - }} but the version {{ sap_hana_preconfigure_saptune_version }} was expected" - success_msg: "PASS: the installed version of saptune meets the expected version: {{ sap_hana_preconfigure_saptune_version }}" + that: __sap_hana_preconfigure_register_zypper_check_update_assert.rc == 0 + fail_msg: "FAIL: System needs to be updated!" + success_msg: "PASS: There are no more outstanding package updates." + ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" + when: sap_hana_preconfigure_update + +- name: Report if checking for possible package updates is not requested + ansible.builtin.debug: + msg: "INFO: Not checking for possible package updates (variable sap_hana_preconfigure_update)." + ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" + when: not sap_hana_preconfigure_update + + +# Reason for noqa: The command to be executed might contain pipes +- name: Determine if the system needs to be restarted # noqa command-instead-of-shell + ansible.builtin.shell: + cmd: "zypper ps" + retries: 60 + timeout: 5 + register: __sap_hana_preconfigure_register_needs_restarting_assert + changed_when: false + check_mode: false + ignore_errors: true # true, because output is too large. + +- name: Assert that system needs no restart + ansible.builtin.assert: + that: __sap_hana_preconfigure_register_needs_restarting_assert is success + fail_msg: "FAIL: System needs to be restarted!" + success_msg: "PASS: System needs no restart." + ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" + + +- name: Block to assert that correct saptune version is installed when: + - __sap_hana_preconfigure_use_saptune - sap_hana_preconfigure_saptune_version is defined - sap_hana_preconfigure_saptune_version | length > 0 + block: + # We are checking for %{VERSION} (e.g. 3.1.4), not full %{VERSION}-%{RELEASE}.%{ARCH} + - name: Check saptune version # noqa: command-instead-of-module + ansible.builtin.command: + cmd: rpm -q --queryformat '%{VERSION}\n' saptune + register: __sap_hana_preconfigure_register_saptune_version + changed_when: false + ignore_errors: true + + - name: Assert saptune is at requested version + ansible.builtin.assert: + that: __sap_hana_preconfigure_register_saptune_version.stdout == sap_hana_preconfigure_saptune_version + fail_msg: "FAIL: saptune version installed is {{ __sap_hana_preconfigure_register_saptune_version.stdout + }} but the version {{ sap_hana_preconfigure_saptune_version }} was expected" + success_msg: "PASS: the installed version of saptune meets the expected version: {{ sap_hana_preconfigure_saptune_version }}" + when: __sap_hana_preconfigure_register_saptune_version.rc = 0 diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index c58c71598..d2f6da83c 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -1,93 +1,5 @@ # SPDX-License-Identifier: Apache-2.0 --- -- name: Takeover saptune and enable - when: __sap_hana_preconfigure_run_saptune - block: - - name: Ensure sapconf is stopped and disabled - ansible.builtin.systemd: - name: sapconf - state: stopped - enabled: false - when: "'sapconf' in ansible_facts.packages" - - - name: Make sure that sapconf and tuned are stopped and disabled - ansible.builtin.command: "saptune service takeover" - register: __sap_saptune_takeover - changed_when: __sap_saptune_takeover.rc == 0 - - - name: Ensure saptune is running and enabled - ansible.builtin.systemd: - name: saptune - state: started - enabled: true - - - name: Ensure saptune_check executes correctly - ansible.builtin.command: saptune_check - changed_when: false - - - name: Discover active solution - ansible.builtin.command: saptune solution enabled - register: __sap_hana_preconfigure_register_saptune_status - changed_when: false - - - name: Set fact for active solution - ansible.builtin.set_fact: - # Capture the first block on none whitespace - __sap_hana_preconfigure_fact_solution_configured: - "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" - - - name: Show configured solution - ansible.builtin.debug: - var: __sap_hana_preconfigure_fact_solution_configured - -- name: Set GRUB entries - when: __sap_hana_preconfigure_run_saptune - block: - # Reason for noqa: - # no-changed-when: the regex do a check on the element before apply the - # changed item, this prevent a replace to an element that is already in - # the configuration - - name: Set GRUB entries # noqa no-changed-when - ansible.builtin.lineinfile: - path: /etc/default/grub - regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ item }}).*). *$' - line: "\\1 {{ item }}\"" - backrefs: true - register: set_grub_entries - with_items: - - "splash=silent" - - "mitigations=auto" - - "quiet" - - "numa_balancing=disable" - - "transparent_hugepage=never" - - "intel_idle.max_cstate=1" - - "processor.max_cstate=1" - - "audit=1" - - # Reason for noqa: - # no-changed-when: there is already a check on the `when` argument that - # loop over all the results of the previous task and if some of the results - # changed the grub configuration file the `GRUB_post-update_configuration` - # handler will be notify, in the other hands if none of the item changed - # the configuration file no handler will be notify - - name: Trigger grub update if necessary # noqa no-changed-when - ansible.builtin.command: /bin/true - notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler - when: set_grub_entries.results | selectattr('changed', 'equalto', true) | list | length > 0 - -- name: Enable sapconf - when: not __sap_hana_preconfigure_run_saptune - block: - - name: Enable sapconf service - ansible.builtin.systemd: - name: sapconf - state: started - enabled: true - - - name: Restart sapconf service - ansible.builtin.systemd: - name: sapconf - state: restarted # If this is a cluster node on Azure, we need to override to disable tcp timestamps, reuse and recycle. # This can be done by copying the sapnote file 2382421 from /usr/share/saptune/notes to /etc/saptune/override @@ -109,29 +21,61 @@ net.ipv4.tcp_tw_reuse = 0 when: - sap_hana_preconfigure_saptune_azure + - __sap_hana_preconfigure_use_saptune + - name: Apply saptune solution - when: __sap_hana_preconfigure_run_saptune + when: __sap_hana_preconfigure_use_saptune block: - - name: Check if saptune solution needs to be applied - ansible.builtin.command: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}" - register: __sap_hana_preconfigure_register_saptune_verify - changed_when: false # We're only checking, not changing! - failed_when: false # We expect this to fail if it has not previously been applied + - name: Discover active solution + ansible.builtin.command: + cmd: saptune solution enabled + register: __sap_hana_preconfigure_register_saptune_status + changed_when: false + + - name: Set fact for active solution + ansible.builtin.set_fact: + # Capture the first block on none whitespace + __sap_hana_preconfigure_register_solution_configured: + "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" + - - name: Ensure no solution is currently applied - ansible.builtin.command: "saptune solution revert {{ __sap_hana_preconfigure_fact_solution_configured }}" + - name: Revert solution when different to sap_hana_preconfigure_saptune_solution + ansible.builtin.command: + cmd: "saptune solution revert {{ __sap_hana_preconfigure_register_solution_configured }}" changed_when: true when: - - __sap_hana_preconfigure_fact_solution_configured != 'NONE' - - __sap_hana_preconfigure_register_saptune_verify.rc != 0 + - __sap_hana_preconfigure_register_solution_configured != 'NONE' + - __sap_hana_preconfigure_register_solution_configured != sap_hana_preconfigure_saptune_solution + + + - name: Verify saptune solution + ansible.builtin.command: + cmd: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}" + register: __sap_hana_preconfigure_register_saptune_verify + changed_when: false + failed_when: false + when: + - __sap_hana_preconfigure_register_solution_configured == sap_hana_preconfigure_saptune_solution + - name: Ensure saptune solution is applied - ansible.builtin.command: "saptune solution apply {{ sap_hana_preconfigure_saptune_solution }}" + ansible.builtin.command: + cmd: "saptune solution apply {{ sap_hana_preconfigure_saptune_solution }}" changed_when: true when: - - __sap_hana_preconfigure_register_saptune_verify.rc != 0 + - __sap_hana_preconfigure_register_solution_configured != sap_hana_preconfigure_saptune_solution + or __sap_hana_preconfigure_register_saptune_verify.rc != 0 + - name: Ensure solution was successful - ansible.builtin.command: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}" - changed_when: false # We're only checking, not changing! + ansible.builtin.command: + cmd: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}" + changed_when: false + + +- name: Configure - Include configuration actions for required sapnotes + ansible.builtin.include_tasks: "sapnote/{{ sap_note_line_item.number }}.yml" + loop: "{{ __sap_hana_preconfigure_sapnotes_versions | difference(['']) }}" + loop_control: + loop_var: sap_note_line_item diff --git a/roles/sap_hana_preconfigure/tasks/SLES/generic/grub_update.yml b/roles/sap_hana_preconfigure/tasks/SLES/generic/grub_update.yml new file mode 100644 index 000000000..db9f67fa6 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/SLES/generic/grub_update.yml @@ -0,0 +1,39 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# Generic task for updating GRUB configuration using provided list + +- name: Update existing GRUB entries + ansible.builtin.lineinfile: + path: /etc/default/grub + regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=".*?)(\b{{ item.split("=")[0] }}=[^ ]*\b)(.*")' + line: '\1{{ item }}\3' + backrefs: true + register: __sap_hana_preconfigure_grub_update + loop: "{{ __sap_hana_preconfigure_grub_cmdline }}" + + +- name: Get current of GRUB + ansible.builtin.slurp: + path: /etc/default/grub + register: __sap_hana_preconfigure_grub_contents + + +- name: Add missing GRUB entries + ansible.builtin.lineinfile: + path: /etc/default/grub + regexp: '^GRUB_CMDLINE_LINUX_DEFAULT="(.*?)"' + line: 'GRUB_CMDLINE_LINUX_DEFAULT="\1 {{ item }}"' + backrefs: true + register: __sap_hana_preconfigure_grub_add + loop: "{{ __sap_hana_preconfigure_grub_cmdline }}" + when: item not in (__sap_hana_preconfigure_grub_contents.content | b64decode) + + +- name: Trigger grub update if necessary # noqa no-changed-when + ansible.builtin.command: + cmd: /bin/true + notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler + when: + - (__sap_hana_preconfigure_grub_update.results | selectattr('changed', 'equalto', true) | list | length > 0) + or (__sap_hana_preconfigure_grub_add.results | selectattr('changed', 'equalto', true) | list | length > 0) diff --git a/roles/sap_hana_preconfigure/tasks/SLES/generic/saptune_install.yml b/roles/sap_hana_preconfigure/tasks/SLES/generic/saptune_install.yml new file mode 100644 index 000000000..09495de02 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/SLES/generic/saptune_install.yml @@ -0,0 +1,46 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# 1275776 - Linux: Preparing SLES for SAP environments + +- name: Get contents of /etc/products.d/baseproduct + ansible.builtin.stat: + path: /etc/products.d/baseproduct + register: __sap_hana_preconfigure_register_baseproduct + + +- name: Set fact if baseproduct contains SLES without SLES_SAP + ansible.builtin.set_fact: + __sap_hana_preconfigure_use_saptune: false + when: + - '"SLES_SAP" not in __sap_hana_preconfigure_register_baseproduct.stat.lnk_target' + - '"SLES" in __sap_hana_preconfigure_register_baseproduct.stat.lnk_target + and ansible_distribution_major_version | int < 16' + + +- name: Block to ensure saptune is installed + when: __sap_hana_preconfigure_use_saptune | d(true) + block: + - name: Ensure latest saptune is installed + ansible.builtin.package: + name: saptune + state: present + when: + - sap_hana_preconfigure_saptune_version is undefined + or sap_hana_preconfigure_saptune_version | length == 0 + + - name: Ensure specific saptune version is installed + ansible.builtin.package: + name: "saptune={{ sap_hana_preconfigure_saptune_version }}" + state: present + when: + - sap_hana_preconfigure_saptune_version is defined + - sap_hana_preconfigure_saptune_version | length > 0 + + +- name: Block to ensure sapconf is installed + when: not __sap_hana_preconfigure_use_saptune | d(true) + block: + - name: Ensure sapconf is installed + ansible.builtin.package: + name: "sapconf" + state: present diff --git a/roles/sap_hana_preconfigure/tasks/SLES/generic/saptune_takeover.yml b/roles/sap_hana_preconfigure/tasks/SLES/generic/saptune_takeover.yml new file mode 100644 index 000000000..53a38b69e --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/SLES/generic/saptune_takeover.yml @@ -0,0 +1,100 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# 1275776 - Linux: Preparing SLES for SAP environments + +- name: Execute saptune_check - before takeover + ansible.builtin.command: + cmd: saptune_check + register: __sap_hana_preconfigure_register_saptune_check_before + when: __sap_hana_preconfigure_use_saptune + changed_when: false + failed_when: false + +- name: Takeover and enable saptune + when: + - __sap_hana_preconfigure_use_saptune + - __sap_hana_preconfigure_register_saptune_check_before.rc != 0 + block: + - name: Check saptune version # noqa: command-instead-of-module + ansible.builtin.command: + cmd: rpm -q sapconf + register: __sap_hana_preconfigure_register_sapconf + changed_when: false + ignore_errors: true + + - name: Ensure sapconf is stopped and disabled + ansible.builtin.systemd: + name: sapconf + state: stopped + enabled: false + when: __sap_hana_preconfigure_register_sapconf + + - name: Make sure that sapconf and tuned are stopped and disabled + ansible.builtin.command: + cmd: "saptune service takeover" + register: __sap_hana_preconfigure_register_saptune_takeover + changed_when: __sap_hana_preconfigure_register_saptune_takeover.rc == 0 + + # saptune_check can fail if sapconf is in failed state + - name: Check if sapconf.service is failed # noqa command-instead-of-module + ansible.builtin.command: + cmd: systemctl is-failed sapconf.service + register: __sap_hana_preconfigure_register_sapconf_failed + changed_when: false + ignore_errors: true + + - name: Execute systemctl reset-failed sapconf.service # noqa command-instead-of-module + ansible.builtin.command: + cmd: systemctl reset-failed sapconf.service + when: __sap_hana_preconfigure_register_sapconf_failed.rc == 0 + changed_when: true + + - name: Ensure saptune is running and enabled + ansible.builtin.systemd: + name: saptune + state: started + enabled: true + + - name: Ensure saptune_check executes correctly + ansible.builtin.command: + cmd: saptune_check + register: __sap_hana_preconfigure_register_saptune_check_after + changed_when: false + + +- name: Check active saptune solution + when: + - __sap_hana_preconfigure_use_saptune + - __sap_hana_preconfigure_register_saptune_check_before.rc == 0 + or (__sap_hana_preconfigure_register_saptune_check_after.rc == 0) + block: + - name: Discover active solution + ansible.builtin.command: + cmd: saptune solution enabled + register: __sap_hana_preconfigure_register_saptune_status + changed_when: false + + - name: Set fact for active solution + ansible.builtin.set_fact: + # Capture the first block on none whitespace + __sap_hana_preconfigure_register_solution_configured: + "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" + + - name: Show configured solution + ansible.builtin.debug: + var: __sap_hana_preconfigure_register_solution_configured + + +- name: Enable sapconf + when: not __sap_hana_preconfigure_use_saptune + block: + - name: Enable sapconf service + ansible.builtin.systemd: + name: sapconf + state: started + enabled: true + + - name: Restart sapconf service + ansible.builtin.systemd: + name: sapconf + state: restarted diff --git a/roles/sap_hana_preconfigure/tasks/SLES/installation.yml b/roles/sap_hana_preconfigure/tasks/SLES/installation.yml index 270fe3eec..d358844d6 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/installation.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/installation.yml @@ -1,76 +1,76 @@ # SPDX-License-Identifier: Apache-2.0 --- -# Reason for noqa: Both yum and dnf support "state: latest" + +- name: Gather service facts + ansible.builtin.service_facts: + +# Service packagekit is part of PackageKit-backend-zypp (SLE-Module-Desktop-Applications) +# This service creates zypper locks and causes package install failures. +# Service cannot be disabled and we have to mask its execution. +- name: Mask packagekit.service when present + ansible.builtin.systemd_service: + name: packagekit.service + masked: true + when: "'packagekit.service' in ansible_facts.services" + notify: __sap_hana_preconfigure_packagekit_handler + + +- name: Wait for stop of packagekit.service + ansible.builtin.shell: | + set -o pipefail && bash -c ' + while (ps aux | grep "[z]ypper" | grep -v grep) || (ps aux | grep "/usr/lib/packagekitd" | grep -v grep) || + ([ -f /var/run/zypp.pid ] && [ -s /var/run/zypp.pid ]); do + sleep 10; + done' + register: __packagekit_service_check + changed_when: false + until: __packagekit_service_check.rc == 0 + retries: 60 + when: "'packagekit.service' in ansible_facts.services" + + +- name: Ensure that the required packages are installed + ansible.builtin.package: + state: present + name: "{{ sap_hana_preconfigure_packages }}" + + +# Reason for noqa: Zypper supports "state: latest" - name: Ensure that the system is updated to the latest patchlevel # noqa package-latest ansible.builtin.package: state: latest name: "*" when: sap_hana_preconfigure_update | bool -# SAP Note 2892338 -- name: Ensure package insserv-compat exists - ansible.builtin.package: - state: present - name: insserv-compat - -# ----------- -- name: Get contents of /etc/products.d/baseproduct - ansible.builtin.stat: - path: /etc/products.d/baseproduct - register: sles_baseproduct - when: ansible_os_family == 'Suse' -- name: Set fact if baseproduct contains SLES without SLES_SAP - ansible.builtin.set_fact: - __sap_hana_preconfigure_run_saptune: false - when: - - '"SLES_SAP" not in sles_baseproduct.stat.lnk_target' - - '"SLES" in sles_baseproduct.stat.lnk_target' - - ansible_os_family == 'Suse' - -# - name: Output -# ansible.builtin.debug: -# msg: -# - "OS Family: {{ ansible_os_family }}" -# - "saptune: {{ __sap_hana_preconfigure_run_saptune }}" -# - "link: {{ sles_baseproduct.stat.lnk_target }}" +# 1275776 - Linux: Preparing SLES for SAP environments +- name: Install saptune if available + ansible.builtin.include_tasks: + file: generic/saptune_install.yml -- name: Prepare saptune - when: - - __sap_hana_preconfigure_run_saptune - block: +- name: Takeover and enable saptune if available + ansible.builtin.include_tasks: + file: generic/saptune_takeover.yml - - name: Ensure saphana pattern is installed - community.general.zypper: - type: pattern - name: sap-hana - state: present - force: true - - name: Ensure latest saptune is installed - community.general.zypper: - type: package - name: saptune - state: present - when: - - sap_hana_preconfigure_saptune_version is undefined - or sap_hana_preconfigure_saptune_version | length == 0 +# Reason for noqa: The command to be executed might contain pipes +- name: Determine if the system needs to be restarted # noqa command-instead-of-shell + ansible.builtin.shell: + cmd: "zypper ps" + register: __sap_hana_preconfigure_register_needs_restarting + ignore_errors: true + changed_when: false + check_mode: false - - name: Ensure specific saptune version is installed - community.general.zypper: - type: package - name: "saptune={{ sap_hana_preconfigure_saptune_version }}" - state: present - force: true - when: - - sap_hana_preconfigure_saptune_version is defined - - sap_hana_preconfigure_saptune_version | length > 0 +- name: Display the output of the reboot requirement check + ansible.builtin.debug: + var: __sap_hana_preconfigure_register_needs_restarting -- name: Ensure sapconf is installed - community.general.zypper: - type: package - name: "sapconf" - state: present - force: true +- name: Call Reboot handler if necessary + ansible.builtin.command: + cmd: /bin/true + notify: __sap_hana_preconfigure_reboot_handler + changed_when: true when: - - not __sap_hana_preconfigure_run_saptune + - __sap_hana_preconfigure_register_needs_restarting is failed + or __sap_hana_preconfigure_register_needs_restarting.rc == 102 diff --git a/roles/sap_hana_preconfigure/tasks/main.yml b/roles/sap_hana_preconfigure/tasks/main.yml index ef63a0b8a..3d0d0f9eb 100644 --- a/roles/sap_hana_preconfigure/tasks/main.yml +++ b/roles/sap_hana_preconfigure/tasks/main.yml @@ -50,17 +50,6 @@ __sap_hana_preconfigure_fact_ansible_distribution_minor_version: '{{ ansible_distribution_version.split(".")[1] }}' when: ansible_distribution == 'RedHat' -# Requirement for package_facts Ansible Module -- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python - ansible.builtin.package: - name: python3-rpm - state: present - when: ansible_os_family == "Suse" - -# required for installation and configuration tasks: -- name: Gather package facts - ansible.builtin.package_facts: - - name: Display the content of sap_general_preconfigure_fact_reboot_required ansible.builtin.debug: var: sap_general_preconfigure_fact_reboot_required @@ -72,9 +61,6 @@ - '{{ ansible_distribution.split("_")[0] }}' - '{{ ansible_distribution }}' -- name: Gather package facts again after the installation phase - ansible.builtin.package_facts: - - name: Include configuration.yml ansible.builtin.include_tasks: '{{ item }}/{{ assert_prefix }}configuration.yml' when: sap_hana_preconfigure_config_all | d(true) or sap_hana_preconfigure_configuration | d(false) diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/1275776/configuration.yml b/roles/sap_hana_preconfigure/tasks/sapnote/1275776/configuration.yml deleted file mode 100644 index de00bca37..000000000 --- a/roles/sap_hana_preconfigure/tasks/sapnote/1275776/configuration.yml +++ /dev/null @@ -1,33 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -# - name: "1275776 - Tips & Advice (start sapconf)" -# ansible.builtin.service: -# name: sapconf -# enabled: true -# state: started - -- name: "1275776 - Configuration saptune" - ansible.builtin.command: "saptune daemon start" - register: __sap_hana_preconfigure_register_saptune_daemon - changed_when: __sap_hana_preconfigure_register_saptune_daemon.rc == 0 - -- name: "1275776 - Configuration saptune sap note 2382421" - ansible.builtin.command: "saptune note apply 2382421" - register: __sap_hana_preconfigure_register_saptune_2382421 - changed_when: __sap_hana_preconfigure_register_saptune_2382421.rc == 0 - -- name: "1275776 - Configuration saptune sap note 2578899" - ansible.builtin.command: "saptune note apply 2578899" - register: __sap_hana_preconfigure_register_saptune_2578899 - changed_when: __sap_hana_preconfigure_register_saptune_2578899.rc == 0 - -- name: "1275776 - Configuration saptune sap note 2684254" - ansible.builtin.command: "saptune note apply 2684254" - register: __sap_hana_preconfigure_register_saptune_2684254 - changed_when: __sap_hana_preconfigure_register_saptune_2684254.rc == 0 - -- name: "1275776 - Configuration saptune sap note 941735" - ansible.builtin.command: "saptune note apply 941735" - register: __sap_hana_preconfigure_register_saptune_941735 - changed_when: __sap_hana_preconfigure_register_saptune_941735.rc == 0 diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/1275776/installation.yml b/roles/sap_hana_preconfigure/tasks/sapnote/1275776/installation.yml deleted file mode 100644 index e4b24f0c9..000000000 --- a/roles/sap_hana_preconfigure/tasks/sapnote/1275776/installation.yml +++ /dev/null @@ -1,5 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- -- name: 1275776 - Installation saptune - ansible.builtin.package: - name: "saptune" diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/1944799.yml b/roles/sap_hana_preconfigure/tasks/sapnote/1944799.yml new file mode 100644 index 000000000..acb8d079f --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/1944799.yml @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# 1944799 - SAP HANA Guidelines for SLES Operating System Installation + +- name: Configure - Display SAP note number 1944799 and its version + ansible.builtin.debug: + msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1944799$') | first).number }} + (version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1944799$') | first).version }}): + SAP HANA Guidelines for SLES Operating System Installation" + +- name: Import tasks from '1944799/installation.yml' + ansible.builtin.import_tasks: 1944799/installation.yml + +# - name: Import tasks from '1944799/configuration.yml' +# ansible.builtin.import_tasks: 1944799/configuration.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/1944799/assert-installation.yml b/roles/sap_hana_preconfigure/tasks/sapnote/1944799/assert-installation.yml new file mode 100644 index 000000000..f8ea41e65 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/1944799/assert-installation.yml @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# Check rpm --whatprovides only if package cannot be found directly. +- name: Query RPM packages + ansible.builtin.shell: + cmd: | + if rpm -q {{ item }} &> /dev/null; + then rpm -q {{ item }} + else rpm -q --whatprovides {{ item }}; + fi + register: __sap_hana_preconfigure_register_packages + changed_when: false + ignore_errors: true + loop: "{{ __sap_hana_preconfigure_packages_1944799 }}" + +- name: Assert that all required packages are installed + ansible.builtin.assert: + that: __sap_hana_preconfigure_register_packages.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0 + fail_msg: "FAIL: Package '{{ item }}' is not installed!" + success_msg: "PASS: Package '{{ item }}' is installed." + loop: "{{ __sap_hana_preconfigure_packages_1944799 }}" + ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/1944799/configuration.yml b/roles/sap_hana_preconfigure/tasks/sapnote/1944799/configuration.yml deleted file mode 100644 index 51a15ea73..000000000 --- a/roles/sap_hana_preconfigure/tasks/sapnote/1944799/configuration.yml +++ /dev/null @@ -1,2 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/1944799/installation.yml b/roles/sap_hana_preconfigure/tasks/sapnote/1944799/installation.yml index c4d2ba26b..569951658 100644 --- a/roles/sap_hana_preconfigure/tasks/sapnote/1944799/installation.yml +++ b/roles/sap_hana_preconfigure/tasks/sapnote/1944799/installation.yml @@ -1,49 +1,8 @@ # SPDX-License-Identifier: Apache-2.0 --- -# base pattern defined in installation pdf -# sap-hana and sap_server added by SVA (Thomas Bludau) -# show zypper patterns -- name: "1944799 - PDF 8.1 Package List Pattern Also 3.5 Software selection" +- name: Ensure that the required packages are installed ansible.builtin.package: - name: "{{ packages }}" - type: pattern - vars: - packages: - - gnome_basic - - base - - enhanced_base - - apparmor - - 32bit - - yast2_basis - - sw_management - - fonts - - x11 - - sap-hana - - sap_server - -# Requires SLE-Module-Legacy15 Module -- name: "1944799 - PDF 8.1 Package List Packages (SLE-Module-Legacy15)" - ansible.builtin.package: - name: "{{ packages }}" - type: package - vars: - packages: - - libssh2-1 - - libopenssl1_1 - - libstdc++6 - - libatomic1 - - libgcc_s1 - - libltdl7 - - insserv - - numactl - - system-user-uuidd - - unzip - -- name: 1944799 - Install recommended packages - ansible.builtin.package: - name: "{{ packages }}" - type: package - vars: - packages: - - tcsh + state: present + name: "{{ item }}" + loop: "{{ __sap_hana_preconfigure_packages_1944799 }}" diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2578899/configuration.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2578899/configuration.yml deleted file mode 100644 index 7ee50bfb0..000000000 --- a/roles/sap_hana_preconfigure/tasks/sapnote/2578899/configuration.yml +++ /dev/null @@ -1,32 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -- name: 2588899 - I/O scheduler - ansible.builtin.lineinfile: - path: /etc/default/grub - backup: yes - backrefs: yes - state: present - regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ line_item }}).*). *$' - line: "\\1 {{ line_item }}\"" - with_items: - - "elevator=noop" - notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler - when: ansible_architecture == "x86_64" and - ansible_os_family == 'Suse' and - ansible_distribution_major_version == '15' - tags: grubconfig - loop_control: - loop_var: line_item - -- name: 2578899 - sysstat - monitoring data - ansible.builtin.service: - name: sysstat - enabled: true - state: started - -- name: 2578899 - UUID daemon - ansible.builtin.service: - name: uuidd - enabled: true - state: started diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2578899/installation.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2578899/installation.yml deleted file mode 100644 index 76685b377..000000000 --- a/roles/sap_hana_preconfigure/tasks/sapnote/2578899/installation.yml +++ /dev/null @@ -1,24 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- -# Requires SLE-Module-Legacy15 Module -- name: "2578899 - SAP HANA database" - ansible.builtin.package: - name: "{{ packages }}" - type: package - vars: - packages: - - libssh2-1 - - libopenssl1_1 - - -- name: 2578899 - sysstat - monitoring data - ansible.builtin.package: - name: "sysstat" - -- name: 2578899 - UUID daemon - ansible.builtin.package: - name: "uuidd" - -- name: 2578899 - insserv-compat package - ansible.builtin.package: - name: "insserv-compat" diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2684254.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2684254.yml new file mode 100644 index 000000000..09d9f8af2 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/2684254.yml @@ -0,0 +1,33 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# 2684254 - SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15 + +- name: Configure - Display SAP note number 2684254 and its version + ansible.builtin.debug: + msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2684254$') | first).number }} + (version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2684254$') | first).version }}): + SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15" + +- name: Set fact for SAP note number 2684254 - THP + ansible.builtin.set_fact: + # THP has different settings for each SP + __sap_hana_preconfigure_grub_cmdline_2684254_thp: + "{{ 'never' if ansible_distribution_version is version('15.4', '<=') else 'madvise' }}" + +- name: Set fact for SAP note number 2684254 - GRUB + ansible.builtin.set_fact: + __sap_hana_preconfigure_grub_cmdline_2684254: + - "numa_balancing=disable" + - "transparent_hugepage={{ sap_hana_preconfigure_thp | d(__sap_hana_preconfigure_grub_cmdline_2684254_thp) }}" + - "intel_idle.max_cstate=1" + - "processor.max_cstate=1" + - "splash=silent" + - "mitigations=auto" + - "quiet" + - "audit=1" + +- name: Import tasks from '2684254/installation.yml' + ansible.builtin.import_tasks: 2684254/installation.yml + +- name: Import tasks from '2684254/configuration.yml' + ansible.builtin.import_tasks: 2684254/configuration.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2684254/assert-configuration.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/assert-configuration.yml new file mode 100644 index 000000000..b9f8b1b29 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/assert-configuration.yml @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Verify SAP Note using saptune + when: __sap_hana_preconfigure_use_saptune | d(true) + block: + + - name: Verify SAP note 2684254 using saptune + ansible.builtin.command: + cmd: saptune note verify --show-non-compliant 2684254 + register: __sap_hana_preconfigure_saptune_verify_2684254 + changed_when: false + ignore_errors: true + + - name: Assert that SAP note 2684254 is verified by saptune + ansible.builtin.assert: + that: "{{ __sap_hana_preconfigure_saptune_verify_2684254.rc == 0 }}" + success_msg: "PASS: SAP note 2684254 is verified by saptune." + fail_msg: | + "FAIL: SAP note 2684254 is not verified by saptune! See details below:" + {{ __sap_hana_preconfigure_saptune_verify_2684254.stdout_lines }} + {{ __sap_hana_preconfigure_saptune_verify_2684254.stderr_lines }} + ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" + + +- name: Verify SAP Note without using saptune + when: not __sap_hana_preconfigure_use_saptune | d(true) + block: + + - name: Get current contents of GRUB + ansible.builtin.slurp: + path: /etc/default/grub + register: __sap_hana_preconfigure_grub_contents + + - name: Assert that GRUB cmdline parameters are set + ansible.builtin.assert: + that: + - "'{{ item }}' in __sap_hana_preconfigure_grub_contents.content | b64decode | string" + fail_msg: "FAIL: GRUB cmdline parameter {{ item }} is not set!" + success_msg: "PASS: GRUB cmdline parameter {{ item }} is set." + loop: "{{ __sap_hana_preconfigure_grub_cmdline_2684254 }}" + when: __sap_hana_preconfigure_grub_cmdline_2684254 | length > 0 + ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2684254/assert-installation.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/assert-installation.yml new file mode 100644 index 000000000..d69744f89 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/assert-installation.yml @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# Check rpm --whatprovides only if package cannot be found directly. +- name: Query RPM packages + ansible.builtin.shell: + cmd: | + if rpm -q {{ item }} &> /dev/null; + then rpm -q {{ item }} + else rpm -q --whatprovides {{ item }}; + fi + register: __sap_hana_preconfigure_register_packages + changed_when: false + ignore_errors: true + loop: "{{ __sap_hana_preconfigure_packages_2684254 }}" + +- name: Assert that all required packages are installed + ansible.builtin.assert: + that: __sap_hana_preconfigure_register_packages.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0 + fail_msg: "FAIL: Package '{{ item }}' is not installed!" + success_msg: "PASS: Package '{{ item }}' is installed." + loop: "{{ __sap_hana_preconfigure_packages_2684254 }}" + ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors | d(false) }}" diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2684254/configuration.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/configuration.yml index ce8da0002..38b44d6a5 100644 --- a/roles/sap_hana_preconfigure/tasks/sapnote/2684254/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/configuration.yml @@ -1,80 +1,76 @@ # SPDX-License-Identifier: Apache-2.0 --- -- name: Disable numa_balancing at boot - ansible.builtin.lineinfile: - path: /etc/default/grub - backup: yes - backrefs: yes - state: present - regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ line_item }}).*). *$' - line: "\\1 {{ line_item }}\"" - with_items: - - "numa_balancing=disable" - notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler - when: ansible_architecture == "x86_64" and - ansible_os_family == 'Suse' and - ansible_distribution_major_version == '15' - tags: grubconfig - loop_control: - loop_var: line_item - -- name: Disable transparent hugepages at boot - ansible.builtin.lineinfile: - path: /etc/default/grub - backup: yes - backrefs: yes - state: present - regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ line_item }}).*). *$' - line: "\\1 {{ line_item }}\"" - with_items: - - "transparent_hugepage=never" - notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler - when: ansible_architecture == "x86_64" and - ansible_os_family == 'Suse' and - ansible_distribution_major_version == '15' - tags: grubconfig - loop_control: - loop_var: line_item - -- name: Disable intel c states in grub config - ansible.builtin.lineinfile: - path: /etc/default/grub - backup: yes - backrefs: yes - state: present - regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=(?!.* {{ line_item }}).*). *$' - line: "\\1 {{ line_item }}\"" - with_items: - - "processor.max_cstate=1" - - "intel_idle.max_cstate=1" - notify: __sap_hana_preconfigure_regenerate_grub2_conf_handler - when: ansible_architecture == "x86_64" and - ansible_os_family == 'Suse' and - ansible_distribution_major_version == '15' - tags: grubconfig - loop_control: - loop_var: line_item - - -# Intel Systems only -# - name: "Configure CPU Governor for Performance now" -# command: cpupower frequency-set -g performance -# register: __sap_hana_preconfigure_register_sles15_cpupower_frequency_set -# ignore_errors: True - -- name: "Energy Performance Bias (EPB, applies to Intel-based systems only)" - ansible.builtin.lineinfile: - path: /etc/init.d/boot.local - mode: "0744" - line: 'cpupower set -b 0' - state: present - create: yes - -- name: Kernel samepage merging (KSM) - ansible.builtin.lineinfile: - dest: /etc/init.d/boot.local - mode: "0744" - line: echo 0 > /sys/kernel/mm/ksm/run - state: present - create: yes +- name: Execute task to update GRUB entries + ansible.builtin.include_tasks: + file: ../../SLES/generic/grub_update.yml + vars: + __sap_hana_preconfigure_grub_cmdline: "{{ __sap_hana_preconfigure_grub_cmdline_2684254 }}" + when: __sap_hana_preconfigure_grub_cmdline | length > 0 + + +- name: Apply SAP note 2684254 using saptune + when: __sap_hana_preconfigure_use_saptune | d(true) + block: + + - name: Apply SAP note 2684254 using saptune + ansible.builtin.command: + cmd: saptune note apply 2684254 + changed_when: true + + - name: Verify SAP note 2684254 using saptune + ansible.builtin.command: + cmd: saptune note verify 2684254 + register: __sap_hana_preconfigure_saptune_verify_2684254 + changed_when: false + ignore_errors: true + + - name: Display error if saptune verify failed + ansible.builtin.debug: + msg: | + {{ __sap_hana_preconfigure_saptune_verify_2684254.stdout_lines }} + {{ __sap_hana_preconfigure_saptune_verify_2684254.stderr_lines }} + when: + __sap_hana_preconfigure_saptune_verify_2684254.rc != 0 + + +- name: Configuration changes without saptune + when: not __sap_hana_preconfigure_use_saptune | d(true) + block: + + # The KSM feature helps reduce physical memory overhead by detecting memory pages with identical content. + # The feature is useful for VMs, but the space-time tradeoff does not pay off for HDB instances not running in VMs. + # Kernel samepage merging is usually deactivated by default. + - name: Disable Kernel samepage merging (KSM) + ansible.builtin.lineinfile: + dest: /etc/init.d/boot.local + mode: "0744" + line: echo 0 > /sys/kernel/mm/ksm/run + state: present + create: true + + +- name: "(Optional) Set governor to performance - Intel" + ansible.builtin.debug: + msg: | + SAP Recommends setting governor to performance mode on physical Intel servers. + This setting is not mandatory for smaller systems, where energy savings are of consideration. + + You can configure it using following methods: + - Execute: saptune note apply 2684254 + - Append command to /etc/init.d/boot.local: cpupower frequency-set -g performance + + Result can be validated by executing: cpupower frequency-info + + +- name: "(Optional) Set Energy Performance Bias to performance - Intel" + ansible.builtin.debug: + msg: | + SAP Recommends setting Energy Performance Bias to performance mode on physical Intel servers. + This setting is not mandatory for smaller systems, where energy savings are of consideration. + + You can configure it using following methods: + - Execute: saptune note apply 2684254 + - Append command to /etc/init.d/boot.local: cpupower set -b 0 + + Result can be validated by executing: cpupower info diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/2684254/installation.yml b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/installation.yml index d3de8971b..a0f92caf2 100644 --- a/roles/sap_hana_preconfigure/tasks/sapnote/2684254/installation.yml +++ b/roles/sap_hana_preconfigure/tasks/sapnote/2684254/installation.yml @@ -1,10 +1,8 @@ # SPDX-License-Identifier: Apache-2.0 --- -# Additional notes for the installation of HANA 1.0 SPS12 and HANA 2.0 SPS03 -- name: 2777782 - Additional notes for the installation of HANA 1.0 SPS12 and HANA 2.0 SPS03 + +- name: Ensure that the required packages are installed ansible.builtin.package: - name: "{{ packages }}" - vars: - packages: - - libopenssl1_1 - - libssh2-1 + state: present + name: "{{ item }}" + loop: "{{ __sap_hana_preconfigure_packages_2684254 }}" diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919.yml new file mode 100644 index 000000000..78dec9ec3 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919.yml @@ -0,0 +1,52 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +- name: Configure - Display SAP note number 3562919 and its version + ansible.builtin.debug: + msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562919$') | first).number }} + (version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562919$') | first).version }}): SAP HANA settings for RHEL 8" + +- name: Import tasks from '3562919/01-configure-selinux.yml' + ansible.builtin.import_tasks: 3562919/01-configure-selinux.yml + when: + - sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_01|d(false) + - sap_hana_preconfigure_modify_selinux_labels + +- name: Import tasks from '3562919/02-configure-tuned.yml' + ansible.builtin.import_tasks: 3562919/02-configure-tuned.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_02|d(false) + +- name: Import tasks from '3562919/03-disable-abrt-coredumps-kdump.yml' + ansible.builtin.import_tasks: 3562919/03-disable-abrt-coredumps-kdump.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_03|d(false) + +- name: Import tasks from '3562919/04-turn-off-auto-numa-balancing.yml' + ansible.builtin.import_tasks: 3562919/04-turn-off-auto-numa-balancing.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_04|d(false) + +- name: Import tasks from '3562919/05-configure-thp.yml' + ansible.builtin.import_tasks: 3562919/05-configure-thp.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_05|d(false) + +- name: Import tasks from '3562919/06-configure-c-states-for-lower-latency.yml' + ansible.builtin.import_tasks: 3562919/06-configure-c-states-for-lower-latency.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_06|d(false) + +- name: Import tasks from '3562919/07-configure-cpu-governor.yml' + ansible.builtin.import_tasks: 3562919/07-configure-cpu-governor.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_07|d(false) + +- name: Import tasks from '3562919/08-configure-epb.yml' + ansible.builtin.import_tasks: 3562919/08-configure-epb.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_08|d(false) + +- name: Import tasks from '3562919/09-disable-ksm.yml' + ansible.builtin.import_tasks: 3562919/09-disable-ksm.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_09|d(false) + +- name: Import tasks from '3562919/10-increase-pidmax.yml' + ansible.builtin.import_tasks: 3562919/10-increase-pidmax.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_10|d(false) + +- name: Import tasks from '3562919/11-enable-tsx.yml' + ansible.builtin.import_tasks: 3562919/11-enable-tsx.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_11|d(false) diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/01-assert-selinux.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/01-assert-selinux.yml new file mode 100644 index 000000000..f0bbd59b3 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/01-assert-selinux.yml @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562919-1 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 1: Configure SELinux" + +- name: Import ../../RedHat/generic/assert-selinux.yml + ansible.builtin.import_tasks: ../../RedHat/generic/assert-selinux.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/01-configure-selinux.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/01-configure-selinux.yml new file mode 100644 index 000000000..3f08527c0 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/01-configure-selinux.yml @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562919-1 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 1: Configure SELinux" + +- name: Import ../../RedHat/generic/configure-selinux.yml + ansible.builtin.import_tasks: ../../RedHat/generic/configure-selinux.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/02-assert-tuned.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/02-assert-tuned.yml new file mode 100644 index 000000000..15e2fd397 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/02-assert-tuned.yml @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562919-2 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 2: Configure tuned to use profile sap-hana" + +- name: Import ../../RedHat/generic/assert-tuned.yml + ansible.builtin.import_tasks: ../../RedHat/generic/assert-tuned.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/02-configure-tuned.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/02-configure-tuned.yml new file mode 100644 index 000000000..e129bc93a --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/02-configure-tuned.yml @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562919-2 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 2: Configure tuned to use profile for SAP HANA" + +- name: Import ../../RedHat/generic/configure-tuned.yml + ansible.builtin.import_tasks: ../../RedHat/generic/configure-tuned.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/03-assert-abrt-coredumps-kdump.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/03-assert-abrt-coredumps-kdump.yml new file mode 100644 index 000000000..d8edc1867 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/03-assert-abrt-coredumps-kdump.yml @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562919-3 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 3: Disable kdump" + +- name: Import ../../RedHat/generic/assert-kdump.yml + ansible.builtin.import_tasks: ../../RedHat/generic/assert-kdump.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/03-disable-abrt-coredumps-kdump.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/03-disable-abrt-coredumps-kdump.yml new file mode 100644 index 000000000..c195ae900 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/03-disable-abrt-coredumps-kdump.yml @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562919-3 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 3: Disable kdump" + +- name: Import ../../RedHat/generic/disable-kdump.yml + ansible.builtin.import_tasks: ../../RedHat/generic/disable-kdump.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/04-assert-auto-numa-balancing.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/04-assert-auto-numa-balancing.yml new file mode 100644 index 000000000..ad122e8dd --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/04-assert-auto-numa-balancing.yml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# can be configured by tuned profile sap-hana, entry "kernel.numa_balancing = 0" +- name: Assert 3562919-4 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 4: Turn off auto-numa balancing" + +- name: Import ../../RedHat/generic/assert-auto-numa-balancing.yml + ansible.builtin.import_tasks: ../../RedHat/generic/assert-auto-numa-balancing.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/04-turn-off-auto-numa-balancing.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/04-turn-off-auto-numa-balancing.yml new file mode 100644 index 000000000..d365617ca --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/04-turn-off-auto-numa-balancing.yml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# can be configured by tuned profile sap-hana, entry "kernel.numa_balancing = 0" +- name: Configure 3562919-4 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 4: Turn off auto-numa balancing" + +- name: Import ../../RedHat/generic/turn-off-auto-numa-balancing.yml + ansible.builtin.import_tasks: ../../RedHat/generic/turn-off-auto-numa-balancing.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/05-assert-thp.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/05-assert-thp.yml new file mode 100644 index 000000000..22281d844 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/05-assert-thp.yml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# can be configured by tuned profile sap-hana, entry "transparent_hugepages=never" +- name: Assert 3562919-5 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 5: Configure Transparent Hugepages (THP)" + +- name: Import ../../RedHat/generic/assert-thp.yml + ansible.builtin.import_tasks: ../../RedHat/generic/assert-thp.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/05-configure-thp.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/05-configure-thp.yml new file mode 100644 index 000000000..868335daa --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/05-configure-thp.yml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# can be configured by tuned profile sap-hana, entry "transparent_hugepages=never" or "transparent_hugepages=madvise" +- name: Configure 3562919-5 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 5: Configure Transparent Hugepages (THP)" + +- name: Import ../../RedHat/generic/configure-thp.yml + ansible.builtin.import_tasks: ../../RedHat/generic/configure-thp.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/06-assert-c-states-for-lower-latency.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/06-assert-c-states-for-lower-latency.yml new file mode 100644 index 000000000..0b75df0e3 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/06-assert-c-states-for-lower-latency.yml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# can be configured by tuned profile sap-hana, entry "force_latency=70" +- name: Assert 3562919-6 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 6: Configure C-States for lower latency (x86_64 platform only)" + +- name: Import ../../RedHat/generic/assert-c-states-for-lower-latency.yml + ansible.builtin.import_tasks: ../../RedHat/generic/assert-c-states-for-lower-latency.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/06-configure-c-states-for-lower-latency.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/06-configure-c-states-for-lower-latency.yml new file mode 100644 index 000000000..a4983c973 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/06-configure-c-states-for-lower-latency.yml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# can be configured by tuned profile sap-hana, entry "force_latency=70" +- name: Configure 3562919-6 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 6: Configure C-States for lower latency (x86_64 platform only)" + +- name: Import ../../RedHat/generic/configure-c-states-for-lower-latency.yml + ansible.builtin.import_tasks: ../../RedHat/generic/configure-c-states-for-lower-latency.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/07-assert-cpu-governor.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/07-assert-cpu-governor.yml new file mode 100644 index 000000000..d91f7712a --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/07-assert-cpu-governor.yml @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# can be configured by tuned profile sap-hana, entry "governor=performance" +# in included tuned profile throughput-performance +- name: Assert 3562919-7 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 7: Configure CPU Governor for performance (x86_64 platform only)" + +- name: Import ../../RedHat/generic/assert-cpu-governor-for-performance.yml + ansible.builtin.import_tasks: ../../RedHat/generic/assert-cpu-governor-for-performance.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/07-configure-cpu-governor.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/07-configure-cpu-governor.yml new file mode 100644 index 000000000..444b2114a --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/07-configure-cpu-governor.yml @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# can be configured by tuned profile sap-hana, entry "governor=performance" +# in included tuned profile throughput-performance +- name: Configure 3562919-7 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 7: Configure CPU Governor for performance (x86_64 platform only)" + +- name: Import ../../RedHat/generic/configure-cpu-governor-for-performance.yml + ansible.builtin.import_tasks: ../../RedHat/generic/configure-cpu-governor-for-performance.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/08-assert-epb.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/08-assert-epb.yml new file mode 100644 index 000000000..63d923756 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/08-assert-epb.yml @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# can be configured by tuned profile sap-hana, entry "energy_perf_bias=performance" +# in included tuned profile throughput-performance +- name: Assert 3562919-8 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 8: Configure Energy Performance Bias (EPB, x86_64 platform only)" + +- name: Import ../../RedHat/generic/assert-epb.yml + ansible.builtin.import_tasks: ../../RedHat/generic/assert-epb.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/08-configure-epb.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/08-configure-epb.yml new file mode 100644 index 000000000..8b7c3c0c6 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/08-configure-epb.yml @@ -0,0 +1,11 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# can be configured by tuned profile sap-hana, entry "energy_perf_bias=performance" +# in included tuned profile throughput-performance +- name: Configure 3562919-8 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 8: Configure Energy Performance Bias (EPB, x86_64 platform only)" + +- name: Import ../../RedHat/generic/configure-epb.yml + ansible.builtin.import_tasks: ../../RedHat/generic/configure-epb.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/09-assert-ksm.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/09-assert-ksm.yml new file mode 100644 index 000000000..a3bb08d2b --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/09-assert-ksm.yml @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562919-9 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 9: Disable Kernel samepage merging (KSM)" + +- name: Import ../../RedHat/generic/assert-ksm.yml + ansible.builtin.import_tasks: ../../RedHat/generic/assert-ksm.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/09-disable-ksm.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/09-disable-ksm.yml new file mode 100644 index 000000000..9bc27d709 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/09-disable-ksm.yml @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562919-9 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 9: Disable Kernel samepage merging (KSM)" + +- name: Import ../../RedHat/generic/disable-ksm.yml + ansible.builtin.import_tasks: ../../RedHat/generic/disable-ksm.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/10-assert-pidmax.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/10-assert-pidmax.yml new file mode 100644 index 000000000..b08e542e2 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/10-assert-pidmax.yml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562919-10 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 10: Increase kernel.pidmax" + +- name: Notify about where 'kernel.pidmax' is asserted + ansible.builtin.debug: + msg: "INFO: Kernel parameter 'kernel.pid_max' is already asserted by role 'sap_general_preconfigure' if necessary." diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/10-increase-pidmax.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/10-increase-pidmax.yml new file mode 100644 index 000000000..2d7ac75a6 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/10-increase-pidmax.yml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562919-10 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 10: Increase kernel.pidmax" + +- name: Notify about where 'kernel.pid_max' is set + ansible.builtin.debug: + msg: "Kernel parameter 'kernel.pid_max' is already set by role 'sap_general_preconfigure' if necessary." diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/11-assert-tsx.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/11-assert-tsx.yml new file mode 100644 index 000000000..6009a2725 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/11-assert-tsx.yml @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Assert 3562919-11 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 11: Enable TSX (Intel Transactional Synchronization Extensions)" + +- name: Import ../../RedHat/generic/assert-tsx.yml + ansible.builtin.import_tasks: ../../RedHat/generic/assert-tsx.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/3562919/11-enable-tsx.yml b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/11-enable-tsx.yml new file mode 100644 index 000000000..2558804eb --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/3562919/11-enable-tsx.yml @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +- name: Configure 3562919-11 + ansible.builtin.debug: + msg: "SAP note 3562919 Step 11: Enable TSX (Intel Transactional Synchronization Extensions)" + +- name: Import ../../RedHat/generic/enable-tsx.yml + ansible.builtin.import_tasks: ../../RedHat/generic/enable-tsx.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/assert-1944799.yml b/roles/sap_hana_preconfigure/tasks/sapnote/assert-1944799.yml new file mode 100644 index 000000000..a4410ca93 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/assert-1944799.yml @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# 1944799 - SAP HANA Guidelines for SLES Operating System Installation + +- name: Assert - Display SAP note number 1944799 and its version + ansible.builtin.debug: + msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1944799$') | first).number }} + (version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1944799$') | first).version }}): + SAP HANA Guidelines for SLES Operating System Installation" + +- name: Import tasks from '1944799/assert-installation.yml' + ansible.builtin.import_tasks: 1944799/assert-installation.yml + +# - name: Import tasks from '1944799/assert-configuration.yml' +# ansible.builtin.import_tasks: 1944799/assert-configuration.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/assert-2684254.yml b/roles/sap_hana_preconfigure/tasks/sapnote/assert-2684254.yml new file mode 100644 index 000000000..09188349c --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/assert-2684254.yml @@ -0,0 +1,33 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# 2684254 - SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15 + +- name: Assert - Display SAP note number 2684254 and its version + ansible.builtin.debug: + msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2684254$') | first).number }} + (version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2684254$') | first).version }}): + SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15" + +- name: Set fact for SAP note number 2684254 - THP + ansible.builtin.set_fact: + # THP has different settings for each SP + __sap_hana_preconfigure_grub_cmdline_2684254_thp: + "{{ 'never' if ansible_distribution_version is version('15.4', '<=') else 'madvise' }}" + +- name: Set fact for SAP note number 2684254 - GRUB + ansible.builtin.set_fact: + __sap_hana_preconfigure_grub_cmdline_2684254: + - "numa_balancing=disable" + - "transparent_hugepage={{ sap_hana_preconfigure_thp | d(__sap_hana_preconfigure_grub_cmdline_2684254_thp) }}" + - "intel_idle.max_cstate=1" + - "processor.max_cstate=1" + - "splash=silent" + - "mitigations=auto" + - "quiet" + - "audit=1" + +- name: Import tasks from '2684254/assert-installation.yml' + ansible.builtin.import_tasks: 2684254/assert-installation.yml + +- name: Import tasks from '2684254/assert-configuration.yml' + ansible.builtin.import_tasks: 2684254/assert-configuration.yml diff --git a/roles/sap_hana_preconfigure/tasks/sapnote/assert-3562919.yml b/roles/sap_hana_preconfigure/tasks/sapnote/assert-3562919.yml new file mode 100644 index 000000000..f651bf786 --- /dev/null +++ b/roles/sap_hana_preconfigure/tasks/sapnote/assert-3562919.yml @@ -0,0 +1,52 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +- name: Assert - Display SAP note number 3562919 and its version + ansible.builtin.debug: + msg: "SAP note {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562919$') | first).number }} + (version {{ (__sap_hana_preconfigure_sapnotes_versions | selectattr('number', 'match', '^3562919$') | first).version }}): SAP HANA settings for RHEL 8" + +- name: Import tasks from '3562919/01-assert-selinux.yml' + ansible.builtin.import_tasks: 3562919/01-assert-selinux.yml + when: + - sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_01|d(false) + - sap_hana_preconfigure_modify_selinux_labels + +- name: Import tasks from '3562919/02-assert-tuned.yml' + ansible.builtin.import_tasks: 3562919/02-assert-tuned.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_02|d(false) + +- name: Import tasks from '3562919/03-assert-abrt-coredumps-kdump.yml' + ansible.builtin.import_tasks: 3562919/03-assert-abrt-coredumps-kdump.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_03|d(false) + +- name: Import tasks from '3562919/04-assert-auto-numa-balancing.yml' + ansible.builtin.import_tasks: 3562919/04-assert-auto-numa-balancing.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_04|d(false) + +- name: Import tasks from '3562919/05-assert-thp.yml' + ansible.builtin.import_tasks: 3562919/05-assert-thp.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_05|d(false) + +- name: Import tasks from '3562919/06-assert-c-states-for-lower-latency.yml' + ansible.builtin.import_tasks: 3562919/06-assert-c-states-for-lower-latency.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_06|d(false) + +- name: Import tasks from '3562919/07-assert-cpu-governor.yml' + ansible.builtin.import_tasks: 3562919/07-assert-cpu-governor.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_07|d(false) + +- name: Import tasks from '3562919/08-assert-epb.yml' + ansible.builtin.import_tasks: 3562919/08-assert-epb.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_08|d(false) + +- name: Import tasks from '3562919/09-assert-ksm.yml' + ansible.builtin.import_tasks: 3562919/09-assert-ksm.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_09|d(false) + +- name: Import tasks from '3562919/10-assert-pidmax.yml' + ansible.builtin.import_tasks: 3562919/10-assert-pidmax.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_10|d(false) + +- name: Import tasks from '3562919/11-assert-tsx.yml' + ansible.builtin.import_tasks: 3562919/11-assert-tsx.yml + when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_3562919_11|d(false) diff --git a/roles/sap_hana_preconfigure/vars/RedHat_10.yml b/roles/sap_hana_preconfigure/vars/RedHat_10.yml new file mode 100644 index 000000000..555896e8d --- /dev/null +++ b/roles/sap_hana_preconfigure/vars/RedHat_10.yml @@ -0,0 +1,160 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# supported RHEL 10 minor releases for SAP HANA: +__sap_hana_preconfigure_supported_rhel_minor_releases: [] + +# required repos for RHEL 10: +__sap_hana_preconfigure_req_repos_redhat_10_0_x86_64: + - "rhel-10-for-x86_64-baseos-e4s-rpms" + - "rhel-10-for-x86_64-appstream-e4s-rpms" + - "rhel-10-for-x86_64-sap-solutions-e4s-rpms" + +__sap_hana_preconfigure_req_repos_redhat_10_0_ppc64le: + - "rhel-10-for-ppc64le-baseos-e4s-rpms" + - "rhel-10-for-ppc64le-appstream-e4s-rpms" + - "rhel-10-for-ppc64le-sap-solutions-e4s-rpms" + +# required SAP notes for RHEL 10: +__sap_hana_preconfigure_sapnotes_versions_x86_64: + - { number: '3562919', version: '1' } + - { number: '2382421', version: '47' } + - { number: '3024346', version: '11' } + +__sap_hana_preconfigure_sapnotes_versions_ppc64le: + - { number: '2055470', version: '90' } + - { number: '3562919', version: '1' } + - { number: '2382421', version: '47' } + - { number: '3024346', version: '11' } + +__sap_hana_preconfigure_sapnotes_versions: "{{ lookup('vars', '__sap_hana_preconfigure_sapnotes_versions_' + ansible_architecture) }}" + +# In SAP Note XXX, certain minimal required packages for the different RHEL 10 minor releases are listed. +# The following will assign them properly to __sap_hana_preconfigure_min_pkgs. +# If variable __sap_hana_preconfigure_min_packages_VERSION_ARCH is not defined, +# variable __sap_hana_preconfigure_min_pkgs will be undefined as well. + +# Minimum required package levels for RHEL 10.0: +__sap_hana_preconfigure_min_packages_10_0_x86_64: [] + +__sap_hana_preconfigure_min_packages_10_0_ppc64le: [] + +__sap_hana_preconfigure_min_pkgs: "{{ lookup('vars', '__sap_hana_preconfigure_min_packages_' + ansible_distribution_version | string | replace(\".\", \"_\") + '_' + ansible_architecture) }}" + +__sap_hana_preconfigure_packages: +# SAP NOTE 3108316: + - expect +# package gtk3: only needed if the SAP HANA installation tools hdblcmgui and hdbsetup are used + - gtk3 + - krb5-workstation + - libatomic + - libcanberra-gtk3 + - libtool-ltdl + - numactl + - PackageKit-gtk3-module + - xorg-x11-xauth +# package chkconfig: needed by hdblcm to be able to access /etc/init.d + - chkconfig +# package libxcrypt-compat: needed SAP HANA and also by sapstartsrv on RHEL 10: +# - libxcrypt-compat # now installed by role sap_general_preconfigure, see also SAP note 3108316, version 4. +# For support purposes: +# package graphwiz: graph visualization tools, for supportability) + - graphviz +# package iptraf-ng: TCP/IP network monitor, for supportability) + - iptraf-ng +# package lm-sensors: TCP/IP network monitor, for supportability) + - lm_sensors +# package nfs-utils: support utilities for NFS, for supportability) + - nfs-utils +# SAP NOTE 3562919: + - tuned-profiles-sap-hana + +__sap_hana_preconfigure_packages_min_install: +# SAP NOTE 3108316: + - expect +# package gtk3: only needed if the SAP HANA installation tools hdblcmgui and hdbsetup are used +# - gtk3 + - krb5-workstation + - libatomic + - libcanberra-gtk3 + - libtool-ltdl + - numactl + - PackageKit-gtk3-module + - xorg-x11-xauth +# package libxcrypt-compat: needed SAP HANA and also by sapstartsrv on RHEL 10: +# - libxcrypt-compat # now installed by role sap_general_preconfigure, see also SAP note 3108316, version 4. +# For support purposes: +# package graphwiz: graph visualization tools, for supportability) +# - graphviz +# package iptraf-ng: TCP/IP network monitor, for supportability) +# - iptraf-ng +# package lm-sensors: TCP/IP network monitor, for supportability) +# - lm_sensors +# package nfs-utils: support utilities for NFS, for supportability) +# - nfs-utils +# SAP NOTE 3562919: + - tuned-profiles-sap-hana + +# URL for the IBM Power Systems service and productivity tools, see https://www.ibm.com/support/pages/service-and-productivity-tools +__sap_hana_preconfigure_ibm_power_repo_url: 'https://public.dhe.ibm.com/software/server/POWER/Linux/yum/download/ibm-power-repo-latest.noarch.rpm' + +__sap_hana_preconfigure_required_ppc64le: + - ibm-power-managed-rhel9 + +# Network related kernel parameters as set in SAP Note 2382421: +__sap_hana_preconfigure_kernel_parameters_default: +# The following parameter should always be set: + - { name: net.ipv4.tcp_max_syn_backlog, value: 8192 } +# The following two parameters are automatically set by SAP Host Agent +# - { name: net.ipv4.ip_local_port_range, value: "40000 61000" } +# - { name: net.ipv4.ip_local_reserved_ports, value: -> SAP NOTE 2477204 } +# The following two parameters do not work when communicating with hosts behind NAT firewall: +# - { name: net.ipv4.tcp_tw_reuse, value: 1 } +# - { name: net.ipv4.tcp_tw_recycle, value: 1 } +# The following parameter should always be set but might not work on Azure (see SAP Note 2382421): + - { name: net.ipv4.tcp_timestamps, value: 1 } +# The following parameter should always be set: + - { name: net.ipv4.tcp_slow_start_after_idle, value: 0 } +# Tune the next four parameters for low latency system replication: +# - { net.ipv4.tcp_wmem, value } +# - { net.ipv4.tcp_rmem, value } +# - { net.core.wmem_max, value } +# - { net.core.rmem_max, value } +# Should be set correctly already on most systems, according to SAP Note 2382421: +# - { net.ipv4.tcp_window_scaling, 1 } +# The following only applies to HANA 1 <= 122.14 and HANA 2 SPS00. +# So we do not change the default. +# - { name: net.ipv4.tcp_syn_retries, value: 8 } + +# Network related kernel parameters for ppc64le: +__sap_hana_preconfigure_kernel_parameters_default_ppc64le: + - { name: net.core.rmem_max, value: 56623104 } + - { name: net.core.wmem_max, value: 56623104 } + - { name: net.ipv4.tcp_rmem, value: "65536 262088 56623104" } + - { name: net.ipv4.tcp_wmem, value: "65536 262088 56623104" } + - { name: net.ipv4.tcp_mem, value: "56623104 56623104 56623104" } + +# Network related kernel parameters for NetApp NFS, as set in SAP Note 3024346: +__sap_hana_preconfigure_kernel_parameters_netapp_nfs: + - { name: net.core.rmem_max, value: 16777216 } + - { name: net.core.wmem_max, value: 16777216 } + - { name: net.ipv4.tcp_rmem, value: "4096 131072 16777216" } + - { name: net.ipv4.tcp_wmem, value: "4096 16384 16777216" } + - { name: net.core.netdev_max_backlog, value: 300000 } +# already set in SAP note 2382421: +# - { name: net.ipv4.tcp_slow_start_after_idle, value: 0 } + - { name: net.ipv4.tcp_no_metrics_save, value: 1 } + - { name: net.ipv4.tcp_moderate_rcvbuf, value: 1 } + - { name: net.ipv4.tcp_window_scaling, value: 1 } +# already set in SAP note 2382421: +# - { name: net.ipv4.tcp_timestamps, value: 1 } + - { name: net.ipv4.tcp_sack, value: 1 } + +# yamllint disable rule:commas rule:colons +__sap_hana_preconfigure_packages_and_services: + abrtd: { pkg: 'abrt', svc: 'abrtd', systemd_enabled: 'no', systemd_state: 'stopped', svc_status: 'disabled', svc_state: 'inactive' } + abrt-ccpp: { pkg: 'abrt-addon-ccpp', svc: 'abrt-ccpp', systemd_enabled: 'no', systemd_state: 'stopped', svc_status: 'disabled', svc_state: 'inactive' } + numad: { pkg: 'numad', svc: 'numad', systemd_enabled: 'no', systemd_state: 'stopped', svc_status: 'disabled', svc_state: 'inactive' } + kdump: { pkg: 'kexec-tools', svc: 'kdump', systemd_enabled: 'no', systemd_state: 'stopped', svc_status: 'disabled', svc_state: 'inactive' } + firewalld: { pkg: 'firewalld', svc: 'firewalld', systemd_enabled: 'no', systemd_state: 'stopped', svc_status: 'disabled', svc_state: 'inactive' } +# yamllint enable rule:commas rule:colons diff --git a/roles/sap_hana_preconfigure/vars/SLES_15.yml b/roles/sap_hana_preconfigure/vars/SLES_15.yml index 1f98593b5..0bf33eec7 100644 --- a/roles/sap_hana_preconfigure/vars/SLES_15.yml +++ b/roles/sap_hana_preconfigure/vars/SLES_15.yml @@ -4,29 +4,93 @@ # - SUSE Linux Enterprise Server for SAP Applications 15 # - SUSE Linux Enterprise Server 15 -__sap_hana_preconfigure_sapnotes: -# - "{% if ansible_architecture == 'ppc64le' %}2055470{% endif %}" - - "1944799" - - "2578899" - - "1275776" - - "2684254" +__sap_hana_preconfigure_sapnotes_versions: + # 2578899 - SUSE Linux Enterprise Server 15: Installation Note + # Already included in sap_general_preconfigure + + # 1944799 - SAP HANA Guidelines for SLES Operating System Installation + - { number: '1944799', version: '19' } + # 2684254 - SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15 + - { number: '2684254', version: '19' } + + # SAP Notes applicable to HANA saptune solution: + # 941735 1771258 1868829 1980196 2578899 2684254 2382421 2534844 2993054 1656250 + + # 941735 - SAP memory management system for 64-bit Linux systems + # kernel.shmall, kernel.shmmax are already default. + # ShmFileSystemSizeMB, VSZ_TMPFS_PERCENT are optional parameters for /dev/shm + + # 1771258 - Linux: User and system resource limits + # Limits are created by applying saptune solution or predefined in sapconf. -__sap_hana_preconfigure_min_pkgs: __sap_hana_preconfigure_packages: - # SAP NOTE 2772999 - # SAP NOTE 2292690 - # SAP NOTE 22455582 -# -# libtool ltdl: https://answers.sap.com/questions/476177/hana-db-installation-ended-with-exit-code-127.html -# it is required since HANA 2 SPS 03, and as such installed in general + # Mandatory patterns + - patterns-server-enterprise-sap_server + + # Recommended packages + - tcsh + - psmisc + + # 3139184 - Linux: systemd integration for sapstartsrv and SAP Host Agent + - polkit -# -# Intel needs additional packages over x86_64 -# + # Recommended for System monitoring + - cpupower + # - "{{ 'libcpupower0' if ansible_distribution_version.split('.')[1] | int < 6 else 'libcpupower1' }}" + - "{{ 'libcpupower0' if ansible_distribution_version is version('15.6', '<') else 'libcpupower1' }}" + - libsensors4 -__sap_hana_preconfigure_grub_file: /tmp/grub + # Additional packages + - nfs-utils + - bind-utils + +# Packages specific for SAP Note 1944799 +__sap_hana_preconfigure_packages_1944799: + - libssh2-1 + - libopenssl1_1 + - insserv-compat + # Following packages are part of pattern patterns-sap-hana available on SLES_SAP_15 + - autoyast2-installation + - bc + - cryptctl + - expect + - gtk2 + - insserv-compat + - libatomic1 + - libgcc_s1 + - libicu + - libjpeg62 + - libpng12-0 + - libstdc++6 + - chrony + - numactl + - sudo + - sysstat + - tcsh + - xfsprogs + - xrdp + - yast2-ncurses + + +# Following packages are not relevant for SAP Note 1944799 +# patterns-gnome-gnome_basic - SLE-Module-Desktop-Applications15-SP6-Pool +# patterns-base-enhanced_base - SLE-Module-Basesystem15-SP6-Pool +# patterns-base-apparmor - SLE-Module-Basesystem15-SP6-Pool +# patterns-base-32bit - SLE-Module-Basesystem15-SP6-Pool +# patterns-yast-yast2_basis - SLE-Module-Basesystem15-SP6-Pool +# patterns-base-sw_management - SLE-Module-Basesystem15-SP6-Pool +# patterns-fonts-fonts - SLE-Module-Basesystem15-SP6-Pool +# patterns-base-x11 - SLE-Module-Basesystem15-SP6-Pool + + +# Packages specific for SAP Note 2684254 +__sap_hana_preconfigure_packages_2684254: + - libssh2-1 + - libopenssl1_1 + - insserv-compat + +__sap_hana_preconfigure_min_pkgs: # SLES_SAP is using saptune, but SLES is using sapconf. -# Default value true runs saptune, but installation.yml auto-detects base product and adjusts. -__sap_hana_preconfigure_run_saptune: true +__sap_hana_preconfigure_use_saptune: false diff --git a/roles/sap_hana_preconfigure/vars/SLES_SAP_15.yml b/roles/sap_hana_preconfigure/vars/SLES_SAP_15.yml new file mode 100644 index 000000000..096a081f0 --- /dev/null +++ b/roles/sap_hana_preconfigure/vars/SLES_SAP_15.yml @@ -0,0 +1,64 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# Variables specific to following versions: +# - SUSE Linux Enterprise Server for SAP Applications 15 + +__sap_hana_preconfigure_sapnotes_versions: + # 2578899 - SUSE Linux Enterprise Server 15: Installation Note + # Already included in sap_general_preconfigure + + # 1944799 - SAP HANA Guidelines for SLES Operating System Installation + - { number: '1944799', version: '19' } + # 2684254 - SAP HANA DB: Recommended OS settings for SLES 15 / SLES for SAP Applications 15 + - { number: '2684254', version: '19' } + + # SAP Notes applicable to HANA saptune solution: + # 941735 1771258 1868829 1980196 2578899 2684254 2382421 2534844 2993054 1656250 + + # 941735 - SAP memory management system for 64-bit Linux systems + # kernel.shmall, kernel.shmmax are already default. + # ShmFileSystemSizeMB, VSZ_TMPFS_PERCENT are optional parameters for /dev/shm + + # 1771258 - Linux: User and system resource limits + # Limits are created by applying saptune solution or predefined in sapconf. + + +__sap_hana_preconfigure_packages: + # Mandatory patterns + - patterns-server-enterprise-sap_server + - patterns-sap-hana + + # Recommended packages + - tcsh + - psmisc + + # 3139184 - Linux: systemd integration for sapstartsrv and SAP Host Agent + - polkit + + # Recommended for System monitoring + - cpupower + # - "{{ 'libcpupower0' if ansible_distribution_version.split('.')[1] | int < 6 else 'libcpupower1' }}" + - "{{ 'libcpupower0' if ansible_distribution_version is version('15.6', '<') else 'libcpupower1' }}" + - libsensors4 + + # Additional packages + - nfs-utils + - bind-utils + +# Packages specific for SAP Note 1944799 +__sap_hana_preconfigure_packages_1944799: + - libssh2-1 + - libopenssl1_1 + - insserv-compat + +# Packages specific for SAP Note 2684254 +__sap_hana_preconfigure_packages_2684254: + - libssh2-1 + - libopenssl1_1 + - insserv-compat + + +__sap_hana_preconfigure_min_pkgs: + +# SLES_SAP is using saptune, but SLES is using sapconf. +__sap_hana_preconfigure_use_saptune: true diff --git a/roles/sap_hana_preconfigure/vars/SLES_SAP_16.yml b/roles/sap_hana_preconfigure/vars/SLES_SAP_16.yml new file mode 100644 index 000000000..b0678a8e6 --- /dev/null +++ b/roles/sap_hana_preconfigure/vars/SLES_SAP_16.yml @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# Variables specific to following versions: +# - SUSE Linux Enterprise Server for SAP Applications 16 + +__sap_hana_preconfigure_sapnotes_versions: [] + +__sap_hana_preconfigure_min_pkgs: + +__sap_hana_preconfigure_packages: + # Mandatory patterns + - patterns-sap-DB + + # Recommended packages + - tcsh + - psmisc + + # 2578899 is not updated for SLES 16 yet. + - uuidd + - sysstat + - sysctl-logger + + # 3139184 - Linux: systemd integration for sapstartsrv and SAP Host Agent + - polkit + + # Recommended for System monitoring + - cpupower + - libcpupower1 + - libsensors4 + + # Additional packages + - nfs-utils + - bind-utils + +# SLES_SAP is using saptune, but SLES is using sapconf. +__sap_hana_preconfigure_use_saptune: true diff --git a/roles/sap_netweaver_preconfigure/README.md b/roles/sap_netweaver_preconfigure/README.md index fc321756a..668ff3a9f 100644 --- a/roles/sap_netweaver_preconfigure/README.md +++ b/roles/sap_netweaver_preconfigure/README.md @@ -115,6 +115,13 @@ In assertion mode, the role will abort when encountering any assertion error.
This is useful if the role is used for reporting a system's SAP notes compliance.
+### sap_netweaver_preconfigure_packages +- _Type:_ `list` with elements of type `str` +- _Default:_ (set by platform/environment specific variables) + +The list of packages to be installed for SAP NETWEAVER.
+The default for this variable is set in the vars file which corresponds to the detected OS version.
+ ### sap_netweaver_preconfigure_min_swap_space_mb - _Type:_ `str` - _Default:_ `20480` @@ -156,4 +163,4 @@ Set this parameter to `true` when using Adobe Document Services, to ensure all r (SUSE specific) Specifies the saptune solution to apply.
Available values: `NETWEAVER`, `NETWEAVER+HANA`, `S4HANA-APP+DB`, `S4HANA-APPSERVER`, `S4HANA-DBSERVER` - \ No newline at end of file + diff --git a/roles/sap_netweaver_preconfigure/defaults/main.yml b/roles/sap_netweaver_preconfigure/defaults/main.yml index a1bea12c0..9e0b5affc 100644 --- a/roles/sap_netweaver_preconfigure/defaults/main.yml +++ b/roles/sap_netweaver_preconfigure/defaults/main.yml @@ -16,6 +16,25 @@ sap_netweaver_preconfigure_rpath: '/usr/sap/lib' sap_netweaver_preconfigure_use_adobe_doc_services: false +sap_netweaver_preconfigure_packages: "{{ __sap_netweaver_preconfigure_packages }}" +# The list of packages to be installed for SAP NETWEAVER. +# The default for this variable is set in the vars file which corresponds to the detected OS version. + +# Set this parameter to `true` to update the system to the latest package levels. +sap_netweaver_preconfigure_update: false + +# Set to `true` if you want to perform a reboot at the end of the role, if necessary. +sap_netweaver_preconfigure_reboot_ok: false + +# If `sap_netweaver_preconfigure_reboot_ok` is set to `false`, which is the default, a reboot requirement should not +# remain unnoticed. For this reason, we let the role fail. Set this parameter to `false` to override this behavior. +# Can be useful if you want to implement your own reboot handling. +sap_netweaver_preconfigure_fail_if_reboot_required: true + +# By default, the role will run `grub2-mkconfig` to update the Grub configuration if necessary. +# Set this parameter to `false` if this is not desired. +sap_netweaver_preconfigure_run_grub2_mkconfig: true + # (SUSE specific) Version of saptune to install. # It is recommended to install latest version by keeping this variable empty. # This will replace the current installed version if present, even downgrade if necessary. diff --git a/roles/sap_netweaver_preconfigure/handlers/main.yml b/roles/sap_netweaver_preconfigure/handlers/main.yml index 1c3157ad6..cdc2b8462 100644 --- a/roles/sap_netweaver_preconfigure/handlers/main.yml +++ b/roles/sap_netweaver_preconfigure/handlers/main.yml @@ -1,3 +1,119 @@ # SPDX-License-Identifier: Apache-2.0 --- -# handlers file for sap_netweaver_preconfigure + +# BEGIN - GRUB section +- name: "Check if server is booted in BIOS or UEFI mode" + ansible.builtin.stat: + path: /sys/firmware/efi + get_checksum: false + register: __sap_netweaver_preconfigure_register_stat_sys_firmware_efi + listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler + when: + - sap_netweaver_preconfigure_run_grub2_mkconfig | d(true) + +- name: Debug BIOS or UEFI + ansible.builtin.debug: + var: __sap_netweaver_preconfigure_register_stat_sys_firmware_efi.stat.exists + listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler + when: + - sap_netweaver_preconfigure_run_grub2_mkconfig | d(true) + +- name: "Run grub-mkconfig (BIOS mode)" + ansible.builtin.command: + cmd: grub2-mkconfig -o /boot/grub2/grub.cfg + register: __sap_netweaver_preconfigure_register_grub2_mkconfig_bios_mode + changed_when: true + listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler + notify: __sap_netweaver_preconfigure_reboot_handler + when: + - not __sap_netweaver_preconfigure_register_stat_sys_firmware_efi.stat.exists + - sap_netweaver_preconfigure_run_grub2_mkconfig | d(true) + +- name: "Debug grub-mkconfig BIOS mode" + ansible.builtin.debug: + var: __sap_netweaver_preconfigure_register_grub2_mkconfig_bios_mode.stdout_lines, + __sap_netweaver_preconfigure_register_grub2_mkconfig_bios_mode.stderr_lines + listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler + when: + - not __sap_netweaver_preconfigure_register_stat_sys_firmware_efi.stat.exists + - sap_netweaver_preconfigure_run_grub2_mkconfig | d(true) + +- name: "Set the grub.cfg location RHEL" + ansible.builtin.set_fact: + __sap_netweaver_preconfigure_uefi_boot_dir: /boot/efi/EFI/redhat/grub.cfg + listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler + when: + - ansible_distribution == 'RedHat' + +- name: "Set the grub.cfg location SLES" + ansible.builtin.set_fact: + __sap_netweaver_preconfigure_uefi_boot_dir: /boot/efi/EFI/BOOT/grub.cfg + listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler + when: + - ansible_distribution == 'SLES' or ansible_distribution == 'SLES_SAP' + +- name: "Run grub-mkconfig (UEFI mode)" + ansible.builtin.command: + cmd: "grub2-mkconfig -o {{ __sap_netweaver_preconfigure_uefi_boot_dir }}" + register: __sap_netweaver_preconfigure_register_grub2_mkconfig_uefi_mode + changed_when: true + listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler + notify: __sap_netweaver_preconfigure_reboot_handler + when: + - __sap_netweaver_preconfigure_register_stat_sys_firmware_efi.stat.exists + - sap_netweaver_preconfigure_run_grub2_mkconfig | d(true) + +- name: "Debug grub-mkconfig UEFI" + ansible.builtin.debug: + var: __sap_netweaver_preconfigure_register_grub2_mkconfig_uefi_mode.stdout_lines, + __sap_netweaver_preconfigure_register_grub2_mkconfig_uefi_mode.stderr_lines + listen: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler + when: + - __sap_netweaver_preconfigure_register_stat_sys_firmware_efi.stat.exists + - sap_netweaver_preconfigure_run_grub2_mkconfig | d(true) + +# END - GRUB section + + +- name: Reboot the managed node + ansible.builtin.reboot: + test_command: /bin/true + listen: __sap_netweaver_preconfigure_reboot_handler + when: + - sap_netweaver_preconfigure_reboot_ok | d(false) + + +# Kernel update triggers zypper purge-kernels and lock after reboot. +- name: Wait for Zypper lock to be released + ansible.builtin.command: + cmd: zypper info zypper + retries: 20 + timeout: 30 + listen: __sap_netweaver_preconfigure_reboot_handler + when: + - ansible_os_family == 'Suse' + - sap_netweaver_preconfigure_reboot_ok | d(false) + changed_when: false + + +- name: Let the role fail if a reboot is required + ansible.builtin.fail: + msg: Reboot is required! + listen: __sap_netweaver_preconfigure_reboot_handler + when: + - sap_netweaver_preconfigure_fail_if_reboot_required | d(true) + - not sap_netweaver_preconfigure_reboot_ok | d(false) + +- name: Show a warning message if a reboot is required + ansible.builtin.debug: + msg: "WARN: Reboot is required!" + listen: __sap_netweaver_preconfigure_reboot_handler + when: + - not sap_netweaver_preconfigure_fail_if_reboot_required | d(true) + - not sap_netweaver_preconfigure_reboot_ok | d(false) + +- name: Unmask packagekit.service + ansible.builtin.systemd_service: + name: packagekit.service + masked: false + listen: __sap_netweaver_preconfigure_packagekit_handler diff --git a/roles/sap_netweaver_preconfigure/meta/argument_specs.yml b/roles/sap_netweaver_preconfigure/meta/argument_specs.yml index f9392052a..9b1eddf45 100644 --- a/roles/sap_netweaver_preconfigure/meta/argument_specs.yml +++ b/roles/sap_netweaver_preconfigure/meta/argument_specs.yml @@ -8,19 +8,6 @@ argument_specs: short_description: Variables for SAP NetWeaver preconfiguration options: -# sap_netweaver_preconfigure_... -# default: -# description: -# - -# example: -# -# required: false -# type: -# options: # additional options for lists and dicts -# : -# description: -# ... - sap_netweaver_preconfigure_config_all: default: true description: @@ -61,6 +48,15 @@ argument_specs: required: false type: bool + sap_netweaver_preconfigure_packages: + default: "{{ __sap_netweaver_preconfigure_packages }}" + description: + - The list of packages to be installed for SAP NETWEAVER. + - The default for this variable is set in the vars file which corresponds to the detected OS version. + required: false + type: list + elements: str + sap_netweaver_preconfigure_min_swap_space_mb: default: '20480' description: diff --git a/roles/sap_netweaver_preconfigure/tasks/RedHat/assert-installation.yml b/roles/sap_netweaver_preconfigure/tasks/RedHat/assert-installation.yml index 2c1f8eac1..c0190f75f 100644 --- a/roles/sap_netweaver_preconfigure/tasks/RedHat/assert-installation.yml +++ b/roles/sap_netweaver_preconfigure/tasks/RedHat/assert-installation.yml @@ -1,13 +1,16 @@ # SPDX-License-Identifier: Apache-2.0 --- +- name: Gather package facts + ansible.builtin.package_facts: + - name: Assert that all required packages are installed ansible.builtin.assert: that: line_item in ansible_facts.packages fail_msg: "FAIL: Package '{{ line_item }}' is not installed!" success_msg: "PASS: Package '{{ line_item }}' is installed." with_items: - - "{{ __sap_netweaver_preconfigure_packages }}" + - "{{ sap_netweaver_preconfigure_packages }}" loop_control: loop_var: line_item ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" diff --git a/roles/sap_netweaver_preconfigure/tasks/RedHat/installation.yml b/roles/sap_netweaver_preconfigure/tasks/RedHat/installation.yml index bbd3763b0..a0ba21817 100644 --- a/roles/sap_netweaver_preconfigure/tasks/RedHat/installation.yml +++ b/roles/sap_netweaver_preconfigure/tasks/RedHat/installation.yml @@ -1,10 +1,13 @@ # SPDX-License-Identifier: Apache-2.0 --- +- name: Gather package facts + ansible.builtin.package_facts: + - name: Ensure required packages for SAP NetWeaver are installed ansible.builtin.package: state: present - name: "{{ __sap_netweaver_preconfigure_packages }}" + name: "{{ sap_netweaver_preconfigure_packages }}" - name: Ensure required packages for Adobe Document Services are installed, x86_64 only ansible.builtin.package: diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/assert-configuration.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/assert-configuration.yml index 8c0ff3c3c..44f5362ee 100644 --- a/roles/sap_netweaver_preconfigure/tasks/SLES/assert-configuration.yml +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/assert-configuration.yml @@ -1,54 +1,57 @@ # SPDX-License-Identifier: Apache-2.0 --- -- name: Populate service facts - ansible.builtin.service_facts: -- name: Assert that saptune is running and enabled - ansible.builtin.assert: - that: - - "ansible_facts.services['saptune.service'].state == 'running'" - - "ansible_facts.services['saptune.service'].status == 'enabled'" - fail_msg: "FAIL: the service 'saptune' is not configured as expected" - success_msg: "PASS: the service 'saptune' is configured as expected" - -- name: Run saptune_check - ansible.builtin.command: saptune_check - register: __sap_netweaver_preconfigure_register_saptune_check - changed_when: false - failed_when: false - -- name: Assert that saptune_check executed correctly - ansible.builtin.assert: - that: "__sap_netweaver_preconfigure_register_saptune_check.rc == 0" - fail_msg: "FAIL: the command saptune_check fails" - success_msg: "PASS: the command saptune_check executes as expected" - -- name: Discover active solution - ansible.builtin.command: saptune solution enabled - register: __sap_netweaver_preconfigure_register_saptune_status - changed_when: false - -- name: Set solution fact - ansible.builtin.set_fact: - __sap_netweaver_preconfigure_saptune_configured_solution: "{{ (__sap_netweaver_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" +- name: Assert that saptune solution is correct + when: __sap_netweaver_preconfigure_use_saptune + block: + - name: Discover active solution + ansible.builtin.command: + cmd: saptune solution enabled + register: __sap_netweaver_preconfigure_register_saptune_status + changed_when: false + ignore_errors: true + + - name: Set fact for active solution + ansible.builtin.set_fact: + # Capture the first block on none whitespace + __sap_netweaver_preconfigure_register_solution_configured: + "{{ (__sap_netweaver_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" + + - name: Assert that active solution is the expected solution + ansible.builtin.assert: + that: __sap_netweaver_preconfigure_register_solution_configured == sap_netweaver_preconfigure_saptune_solution + fail_msg: "FAIL: the configured saptune solution is '{{ __sap_netweaver_preconfigure_register_solution_configured + }}'' and does not match the expected solution '{{ sap_netweaver_preconfigure_saptune_solution }}'" + success_msg: "PASS: the configured saptune solution matches the expected solution '{{ sap_netweaver_preconfigure_saptune_solution }}'" + ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" + + - name: Verify saptune solution + ansible.builtin.command: + cmd: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}" + register: __sap_netweaver_preconfigure_register_saptune_verify + changed_when: false + failed_when: false + when: + - __sap_netweaver_preconfigure_register_solution_configured == sap_netweaver_preconfigure_saptune_solution + + + - name: Assert that saptune solution is verified by saptune + ansible.builtin.assert: + that: "{{ __sap_netweaver_preconfigure_register_saptune_verify.rc == 0 }}" + success_msg: "PASS: saptune solution {{ sap_netweaver_preconfigure_saptune_solution }} is verified by saptune." + fail_msg: | + "FAIL: active saptune solution is not verified by saptune! See details below:" + {{ __sap_netweaver_preconfigure_register_saptune_verify.stdout_lines }} + {{ __sap_netweaver_preconfigure_register_saptune_verify.stderr_lines }} + when: + - __sap_netweaver_preconfigure_register_solution_configured == sap_netweaver_preconfigure_saptune_solution -- name: Discover active solution - ansible.builtin.command: saptune solution enabled - register: __sap_netweaver_preconfigure_register_saptune_status - changed_when: false - -- name: Set fact for active solution - ansible.builtin.set_fact: - __sap_netweaver_preconfigure_fact_solution_configured: "{{ (__sap_netweaver_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" # Capture the first block on none whitespace - -- name: Assert that active solution is the expected solution - ansible.builtin.assert: - that: __sap_netweaver_preconfigure_fact_solution_configured == sap_netweaver_preconfigure_saptune_solution - fail_msg: "FAIL: the configured saptune solution is '{{ __sap_netweaver_preconfigure_saptune_configured_solution }}'' and does not match the expected solution '{{ sap_netweaver_preconfigure_saptune_solution }}'" - success_msg: "PASS: the configured saptune solution matches the expected solution '{{ sap_netweaver_preconfigure_saptune_solution }}'" - name: Assert that adequate swap is configured ansible.builtin.assert: - that: ansible_swaptotal_mb > sap_netweaver_preconfigure_min_swap_space_mb|int - fail_msg: "FAIL: A minimum of {{ sap_netweaver_preconfigure_min_swap_space_mb }}MiB is required but only {{ ansible_swaptotal_mb }}MiB was discovered" - success_msg: "PASS: the system has at least {{ sap_netweaver_preconfigure_min_swap_space_mb }}MiB of swap configured" + that: ansible_swaptotal_mb > (sap_netweaver_preconfigure_min_swap_space_mb | int) + fail_msg: "FAIL: A minimum of {{ sap_netweaver_preconfigure_min_swap_space_mb + }}MiB is required but only {{ ansible_swaptotal_mb }}MiB was discovered" + success_msg: "PASS: the system has at least {{ sap_netweaver_preconfigure_min_swap_space_mb + }}MiB of swap configured" + when: sap_netweaver_preconfigure_fail_if_not_enough_swap_space_configured diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/assert-installation.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/assert-installation.yml index 077317a4b..dfb934121 100644 --- a/roles/sap_netweaver_preconfigure/tasks/SLES/assert-installation.yml +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/assert-installation.yml @@ -1,20 +1,108 @@ # SPDX-License-Identifier: Apache-2.0 --- -#- name: Enable Debugging -# debug: -# verbosity: "{{ debuglevel }}" -# -#Capture all patterns along with their install status -- name: Ensure required packages for SAP NetWeaver are installed +# Check rpm --whatprovides only if package cannot be found directly. +- name: Query RPM packages + ansible.builtin.shell: + cmd: | + if rpm -q {{ item }} &> /dev/null; + then rpm -q {{ item }} + else rpm -q --whatprovides {{ item }}; + fi + register: __sap_netweaver_preconfigure_register_packages + changed_when: false + ignore_errors: true + loop: "{{ sap_netweaver_preconfigure_packages }}" + + +- name: Assert that all required packages are installed + ansible.builtin.assert: + that: __sap_netweaver_preconfigure_register_packages.results | selectattr('item', 'equalto', item) | map(attribute='rc') | first == 0 + fail_msg: "FAIL: Package '{{ item }}' is not installed!" + success_msg: "PASS: Package '{{ item }}' is installed." + loop: "{{ sap_netweaver_preconfigure_packages }}" + ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" + + +- name: Gather service facts + ansible.builtin.service_facts: + +# Service packagekit is part of PackageKit-backend-zypp (SLE-Module-Desktop-Applications) +# This service creates zypper locks and causes package install failures. +- name: Wait for stop of packagekit.service + ansible.builtin.shell: | + set -o pipefail && bash -c ' + while (ps aux | grep "[z]ypper" | grep -v grep) || (ps aux | grep "/usr/lib/packagekitd" | grep -v grep) || + ([ -f /var/run/zypp.pid ] && [ -s /var/run/zypp.pid ]); do + sleep 10; + done' + register: __packagekit_service_check + changed_when: false + until: __packagekit_service_check.rc == 0 + retries: 60 + when: "'packagekit.service' in ansible_facts.services" + +- name: Get info about possible package updates # noqa command-instead-of-module + ansible.builtin.command: + cmd: zypper -q patch-check + timeout: 60 + register: __sap_netweaver_preconfigure_register_zypper_check_update_assert + changed_when: false + ignore_errors: true # true, because unpatched system is always error. + when: sap_netweaver_preconfigure_update + +- name: Assert that there are no more possible package updates ansible.builtin.assert: - that: package in ansible_facts.packages - loop: "{{ __sap_netweaver_preconfigure_packages }}" - loop_control: - loop_var: package + that: __sap_netweaver_preconfigure_register_zypper_check_update_assert.rc == 0 + fail_msg: "FAIL: System needs to be updated!" + success_msg: "PASS: There are no more outstanding package updates." + ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" + when: sap_netweaver_preconfigure_update + +- name: Report if checking for possible package updates is not requested + ansible.builtin.debug: + msg: "INFO: Not checking for possible package updates (variable sap_netweaver_preconfigure_update)." + ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" + when: not sap_netweaver_preconfigure_update + + +# Reason for noqa: The command to be executed might contain pipes +- name: Determine if the system needs to be restarted # noqa command-instead-of-shell + ansible.builtin.shell: + cmd: "zypper ps" + retries: 60 + timeout: 5 + register: __sap_netweaver_preconfigure_register_needs_restarting_assert + changed_when: false + check_mode: false + ignore_errors: true # true, because output is too large. -- name: Assert saptune is at requested version +- name: Assert that system needs no restart ansible.builtin.assert: - that: ansible_facts.packages['saptune'][0]['version'] == sap_netweaver_preconfigure_saptune_version - fail_msg: "FAIL: saptune version installed is {{ ansible_facts.packages['saptune'][0]['version'] }} but the version {{ sap_netweaver_preconfigure_saptune_version }} was expected" - success_msg: "PASS: the installed version of saptune meets the expected version: {{ sap_netweaver_preconfigure_saptune_version }}" + that: __sap_netweaver_preconfigure_register_needs_restarting_assert is success + fail_msg: "FAIL: System needs to be restarted!" + success_msg: "PASS: System needs no restart." + ignore_errors: "{{ sap_netweaver_preconfigure_assert_ignore_errors | d(false) }}" + + +- name: Block to assert that correct saptune version is installed + when: + - __sap_netweaver_preconfigure_use_saptune + - sap_netweaver_preconfigure_saptune_version is defined + - sap_netweaver_preconfigure_saptune_version | length > 0 + block: + # We are checking for %{VERSION} (e.g. 3.1.4), not full %{VERSION}-%{RELEASE}.%{ARCH} + - name: Check saptune version # noqa: command-instead-of-module + ansible.builtin.command: + cmd: rpm -q --queryformat '%{VERSION}\n' saptune + register: __sap_netweaver_preconfigure_register_saptune_version + changed_when: false + ignore_errors: true + + - name: Assert saptune is at requested version + ansible.builtin.assert: + that: __sap_netweaver_preconfigure_register_saptune_version.stdout == sap_netweaver_preconfigure_saptune_version + fail_msg: "FAIL: saptune version installed is {{ __sap_netweaver_preconfigure_register_saptune_version.stdout + }} but the version {{ sap_netweaver_preconfigure_saptune_version }} was expected" + success_msg: "PASS: the installed version of saptune meets the expected version: {{ sap_netweaver_preconfigure_saptune_version }}" + when: __sap_netweaver_preconfigure_register_saptune_version.rc = 0 diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml index 5463a1100..5c7bf7ce6 100644 --- a/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml @@ -1,82 +1,61 @@ # SPDX-License-Identifier: Apache-2.0 --- -- name: Takover saptune and enable - when: __sap_netweaver_preconfigure_run_saptune - block: - - name: Ensure sapconf is stopped and disabled - ansible.builtin.systemd: - name: sapconf - state: stopped - enabled: false - when: "'sapconf' in ansible_facts.packages" - - - name: Make sure that sapconf and tuned are stopped and disabled - ansible.builtin.command: "saptune service takeover" - register: __sap_saptune_takeover - changed_when: __sap_saptune_takeover.rc == 0 - - - name: Ensure saptune is running and enabled - ansible.builtin.systemd: - name: saptune - state: started - enabled: true - - - name: Ensure saptune_check executes correctly - ansible.builtin.command: saptune_check - changed_when: false +- name: Apply saptune solution + when: __sap_netweaver_preconfigure_use_saptune + block: - name: Discover active solution - ansible.builtin.command: saptune solution enabled + ansible.builtin.command: + cmd: saptune solution enabled register: __sap_netweaver_preconfigure_register_saptune_status changed_when: false - name: Set fact for active solution ansible.builtin.set_fact: # Capture the first block on none whitespace - __sap_netweaver_preconfigure_fact_solution_configured: + __sap_netweaver_preconfigure_register_solution_configured: "{{ (__sap_netweaver_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" - - name: Check if saptune solution needs to be applied - ansible.builtin.command: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}" - register: __sap_netweaver_preconfigure_register_saptune_verify - changed_when: false # We're only checking, not changing! - failed_when: false # We expect this to fail if it has not previously been applied - - name: Ensure no solution is currently applied - ansible.builtin.command: "saptune solution revert {{ __sap_netweaver_preconfigure_fact_solution_configured }}" + - name: Revert solution when different to sap_netweaver_preconfigure_saptune_solution + ansible.builtin.command: + cmd: "saptune solution revert {{ __sap_netweaver_preconfigure_register_solution_configured }}" changed_when: true when: - - __sap_netweaver_preconfigure_fact_solution_configured != 'NONE' - - __sap_netweaver_preconfigure_register_saptune_verify.rc != 0 + - __sap_netweaver_preconfigure_register_solution_configured != 'NONE' + - __sap_netweaver_preconfigure_register_solution_configured != sap_netweaver_preconfigure_saptune_solution + + + - name: Verify saptune solution + ansible.builtin.command: + cmd: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}" + register: __sap_netweaver_preconfigure_register_saptune_verify + changed_when: false + failed_when: false + when: + - __sap_netweaver_preconfigure_register_solution_configured == sap_netweaver_preconfigure_saptune_solution + - name: Ensure saptune solution is applied - ansible.builtin.command: "saptune solution apply {{ sap_netweaver_preconfigure_saptune_solution }}" + ansible.builtin.command: + cmd: "saptune solution apply {{ sap_netweaver_preconfigure_saptune_solution }}" changed_when: true when: - - __sap_netweaver_preconfigure_register_saptune_verify.rc != 0 + - __sap_netweaver_preconfigure_register_solution_configured != sap_netweaver_preconfigure_saptune_solution + or __sap_netweaver_preconfigure_register_saptune_verify.rc != 0 - - name: Ensure solution was successful - ansible.builtin.command: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}" - changed_when: false # We're only checking, not changing! -- name: Enable sapconf - when: not __sap_netweaver_preconfigure_run_saptune - block: - - name: Enable sapconf service - ansible.builtin.systemd: - name: sapconf - state: started - enabled: true + - name: Ensure solution was successful + ansible.builtin.command: + cmd: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}" + changed_when: false - - name: Restart sapconf service - ansible.builtin.systemd: - name: sapconf - state: restarted - name: Warn if not enough swap space is configured ansible.builtin.fail: msg: "The system has only {{ ansible_swaptotal_mb }} MB of swap space configured, - which is less than the minimum required amount of {{ sap_netweaver_preconfigure_min_swap_space_mb }} MB for SAP NetWeaver!" + which is less than the minimum required amount of {{ sap_netweaver_preconfigure_min_swap_space_mb + }} MB for SAP NetWeaver!" ignore_errors: true when: - ansible_swaptotal_mb < sap_netweaver_preconfigure_min_swap_space_mb|int @@ -85,7 +64,8 @@ - name: Fail if not enough swap space is configured ansible.builtin.fail: msg: "The system has only {{ ansible_swaptotal_mb }} MB of swap space configured, - which is less than the minimum required amount of {{ sap_netweaver_preconfigure_min_swap_space_mb }} MB for SAP NetWeaver!" + which is less than the minimum required amount of {{ sap_netweaver_preconfigure_min_swap_space_mb + }} MB for SAP NetWeaver!" when: - ansible_swaptotal_mb < sap_netweaver_preconfigure_min_swap_space_mb|int - sap_netweaver_preconfigure_fail_if_not_enough_swap_space_configured|d(true) diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/generic/grub_update.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/generic/grub_update.yml new file mode 100644 index 000000000..6ef1aa8f5 --- /dev/null +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/generic/grub_update.yml @@ -0,0 +1,39 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# Generic task for updating GRUB configuration using provided list + +- name: Update existing GRUB entries + ansible.builtin.lineinfile: + path: /etc/default/grub + regexp: '^(GRUB_CMDLINE_LINUX_DEFAULT=".*?)(\b{{ item.split("=")[0] }}=[^ ]*\b)(.*")' + line: '\1{{ item }}\3' + backrefs: true + register: __sap_netweaver_preconfigure_grub_update + loop: "{{ __sap_netweaver_preconfigure_grub_cmdline }}" + + +- name: Get current of GRUB + ansible.builtin.slurp: + path: /etc/default/grub + register: __sap_netweaver_preconfigure_grub_contents + + +- name: Add missing GRUB entries + ansible.builtin.lineinfile: + path: /etc/default/grub + regexp: '^GRUB_CMDLINE_LINUX_DEFAULT="(.*?)"' + line: 'GRUB_CMDLINE_LINUX_DEFAULT="\1 {{ item }}"' + backrefs: true + register: __sap_netweaver_preconfigure_grub_add + loop: "{{ __sap_netweaver_preconfigure_grub_cmdline }}" + when: item not in (__sap_netweaver_preconfigure_grub_contents.content | b64decode) + + +- name: Trigger grub update if necessary # noqa no-changed-when + ansible.builtin.command: + cmd: /bin/true + notify: __sap_netweaver_preconfigure_regenerate_grub2_conf_handler + when: + - (__sap_netweaver_preconfigure_grub_update.results | selectattr('changed', 'equalto', true) | list | length > 0) + or (__sap_netweaver_preconfigure_grub_add.results | selectattr('changed', 'equalto', true) | list | length > 0) diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/generic/saptune_install.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/generic/saptune_install.yml new file mode 100644 index 000000000..7ba569cc2 --- /dev/null +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/generic/saptune_install.yml @@ -0,0 +1,46 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# 1275776 - Linux: Preparing SLES for SAP environments + +- name: Get contents of /etc/products.d/baseproduct + ansible.builtin.stat: + path: /etc/products.d/baseproduct + register: __sap_netweaver_preconfigure_register_baseproduct + + +- name: Set fact if baseproduct contains SLES without SLES_SAP + ansible.builtin.set_fact: + __sap_netweaver_preconfigure_use_saptune: false + when: + - '"SLES_SAP" not in __sap_netweaver_preconfigure_register_baseproduct.stat.lnk_target' + - '"SLES" in __sap_netweaver_preconfigure_register_baseproduct.stat.lnk_target + and ansible_distribution_major_version | int < 16' + + +- name: Block to ensure saptune is installed + when: __sap_netweaver_preconfigure_use_saptune | d(true) + block: + - name: Ensure latest saptune is installed + ansible.builtin.package: + name: saptune + state: present + when: + - sap_netweaver_preconfigure_saptune_version is undefined + or sap_netweaver_preconfigure_saptune_version | length == 0 + + - name: Ensure specific saptune version is installed + ansible.builtin.package: + name: "saptune={{ sap_netweaver_preconfigure_saptune_version }}" + state: present + when: + - sap_netweaver_preconfigure_saptune_version is defined + - sap_netweaver_preconfigure_saptune_version | length > 0 + + +- name: Block to ensure sapconf is installed + when: not __sap_netweaver_preconfigure_use_saptune | d(true) + block: + - name: Ensure sapconf is installed + ansible.builtin.package: + name: "sapconf" + state: present diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/generic/saptune_takeover.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/generic/saptune_takeover.yml new file mode 100644 index 000000000..17f0047a6 --- /dev/null +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/generic/saptune_takeover.yml @@ -0,0 +1,100 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# 1275776 - Linux: Preparing SLES for SAP environments + +- name: Execute saptune_check - before takeover + ansible.builtin.command: + cmd: saptune_check + register: __sap_netweaver_preconfigure_register_saptune_check_before + when: __sap_netweaver_preconfigure_use_saptune + changed_when: false + failed_when: false + +- name: Takeover and enable saptune + when: + - __sap_netweaver_preconfigure_use_saptune + - __sap_netweaver_preconfigure_register_saptune_check_before.rc != 0 + block: + - name: Check saptune version # noqa: command-instead-of-module + ansible.builtin.command: + cmd: rpm -q sapconf + register: __sap_netweaver_preconfigure_register_sapconf + changed_when: false + ignore_errors: true + + - name: Ensure sapconf is stopped and disabled + ansible.builtin.systemd: + name: sapconf + state: stopped + enabled: false + when: __sap_netweaver_preconfigure_register_sapconf + + - name: Make sure that sapconf and tuned are stopped and disabled + ansible.builtin.command: + cmd: "saptune service takeover" + register: __sap_netweaver_preconfigure_register_saptune_takeover + changed_when: __sap_netweaver_preconfigure_register_saptune_takeover.rc == 0 + + # saptune_check can fail if sapconf is in failed state + - name: Check if sapconf.service is failed # noqa command-instead-of-module + ansible.builtin.command: + cmd: systemctl is-failed sapconf.service + register: __sap_netweaver_preconfigure_register_sapconf_failed + changed_when: false + ignore_errors: true + + - name: Execute systemctl reset-failed sapconf.service # noqa command-instead-of-module + ansible.builtin.command: + cmd: systemctl reset-failed sapconf.service + when: __sap_netweaver_preconfigure_register_sapconf_failed.rc == 0 + changed_when: true + + - name: Ensure saptune is running and enabled + ansible.builtin.systemd: + name: saptune + state: started + enabled: true + + - name: Ensure saptune_check executes correctly + ansible.builtin.command: + cmd: saptune_check + register: __sap_netweaver_preconfigure_register_saptune_check_after + changed_when: false + + +- name: Check active saptune solution + when: + - __sap_netweaver_preconfigure_use_saptune + - __sap_netweaver_preconfigure_register_saptune_check_before.rc == 0 + or (__sap_netweaver_preconfigure_register_saptune_check_after.rc == 0) + block: + - name: Discover active solution + ansible.builtin.command: + cmd: saptune solution enabled + register: __sap_netweaver_preconfigure_register_saptune_status + changed_when: false + + - name: Set fact for active solution + ansible.builtin.set_fact: + # Capture the first block on none whitespace + __sap_netweaver_preconfigure_register_solution_configured: + "{{ (__sap_netweaver_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" + + - name: Show configured solution + ansible.builtin.debug: + var: __sap_netweaver_preconfigure_register_solution_configured + + +- name: Enable sapconf + when: not __sap_netweaver_preconfigure_use_saptune + block: + - name: Enable sapconf service + ansible.builtin.systemd: + name: sapconf + state: started + enabled: true + + - name: Restart sapconf service + ansible.builtin.systemd: + name: sapconf + state: restarted diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml index 72981ca44..49807a05e 100644 --- a/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml @@ -1,55 +1,76 @@ # SPDX-License-Identifier: Apache-2.0 --- -- name: Ensure required packages for SAP NetWeaver are installed +- name: Gather service facts + ansible.builtin.service_facts: + +# Service packagekit is part of PackageKit-backend-zypp (SLE-Module-Desktop-Applications) +# This service creates zypper locks and causes package install failures. +# Service cannot be disabled and we have to mask its execution. +- name: Mask packagekit.service when present + ansible.builtin.systemd_service: + name: packagekit.service + masked: true + when: "'packagekit.service' in ansible_facts.services" + notify: __sap_netweaver_preconfigure_packagekit_handler + + +- name: Wait for stop of packagekit.service + ansible.builtin.shell: | + set -o pipefail && bash -c ' + while (ps aux | grep "[z]ypper" | grep -v grep) || (ps aux | grep "/usr/lib/packagekitd" | grep -v grep) || + ([ -f /var/run/zypp.pid ] && [ -s /var/run/zypp.pid ]); do + sleep 10; + done' + register: __packagekit_service_check + changed_when: false + until: __packagekit_service_check.rc == 0 + retries: 60 + when: "'packagekit.service' in ansible_facts.services" + + +- name: Ensure that the required packages are installed ansible.builtin.package: state: present - name: "{{ __sap_netweaver_preconfigure_packages }}" + name: "{{ sap_netweaver_preconfigure_packages }}" -- name: Get contents of /etc/products.d/baseproduct - ansible.builtin.stat: - path: /etc/products.d/baseproduct - register: sles_baseproduct - when: ansible_os_family == 'Suse' -- name: Setfact if baseproduct contains SLES without SLES_SAP - ansible.builtin.set_fact: - __sap_netweaver_preconfigure_run_saptune: false - when: - - '"SLES_SAP" not in sles_baseproduct.stat.lnk_target' - - '"SLES" in sles_baseproduct.stat.lnk_target' - - ansible_os_family == 'Suse' +# Reason for noqa: Zypper supports "state: latest" +- name: Ensure that the system is updated to the latest patchlevel # noqa package-latest + ansible.builtin.package: + state: latest + name: "*" + when: sap_netweaver_preconfigure_update | bool -- name: Prepare saptune - when: - - __sap_netweaver_preconfigure_run_saptune - block: - - name: Ensure latest saptune is installed - community.general.zypper: - type: package - name: saptune - state: present - when: - - sap_netweaver_preconfigure_saptune_version is undefined - or sap_netweaver_preconfigure_saptune_version | length == 0 - - - name: Ensure specific saptune version is installed - community.general.zypper: - type: package - name: "saptune={{ sap_netweaver_preconfigure_saptune_version }}" - state: present - force: true - when: - - sap_netweaver_preconfigure_saptune_version is defined - - sap_netweaver_preconfigure_saptune_version | length > 0 - - -- name: Ensure sapconf is installed - community.general.zypper: - type: package - name: "sapconf" - state: present - force: true +# 1275776 - Linux: Preparing SLES for SAP environments +- name: Install saptune if available + ansible.builtin.include_tasks: + file: generic/saptune_install.yml + +- name: Takeover and enable saptune if available + ansible.builtin.include_tasks: + file: generic/saptune_takeover.yml + + +# Reason for noqa: The command to be executed might contain pipes +- name: Determine if the system needs to be restarted # noqa command-instead-of-shell + ansible.builtin.shell: + cmd: "zypper ps" + register: __sap_netweaver_preconfigure_register_needs_restarting + ignore_errors: true + changed_when: false + check_mode: false + +- name: Display the output of the reboot requirement check + ansible.builtin.debug: + var: __sap_netweaver_preconfigure_register_needs_restarting + +- name: Call Reboot handler if necessary + ansible.builtin.command: + cmd: /bin/true + notify: __sap_netweaver_preconfigure_reboot_handler + changed_when: true when: - - not __sap_netweaver_preconfigure_run_saptune + - __sap_netweaver_preconfigure_register_needs_restarting is failed + or __sap_netweaver_preconfigure_register_needs_restarting.rc == 102 diff --git a/roles/sap_netweaver_preconfigure/tasks/main.yml b/roles/sap_netweaver_preconfigure/tasks/main.yml index 2f99c60a1..8d9e08a56 100644 --- a/roles/sap_netweaver_preconfigure/tasks/main.yml +++ b/roles/sap_netweaver_preconfigure/tasks/main.yml @@ -47,16 +47,6 @@ assert_prefix: "assert-" when: sap_netweaver_preconfigure_assert | d(false) -# Requirement for package_facts Ansible Module -- name: For SLES ensure OS Package for Python Lib of rpm bindings is enabled for System Python - ansible.builtin.package: - name: python3-rpm - state: present - when: ansible_os_family == "Suse" - -# required for installation and configuration tasks: -- name: Gather package facts - ansible.builtin.package_facts: - name: Include tasks from 'installation.yml' ansible.builtin.include_tasks: '{{ item }}/{{ assert_prefix }}installation.yml' diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/1275776/configuration.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/1275776/configuration.yml deleted file mode 100644 index 14f2b1308..000000000 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/1275776/configuration.yml +++ /dev/null @@ -1,18 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -# - name: "1275776 - Tips & Advice (start sapconf)" -# ansible.builtin.service: -# name: sapconf -# enabled: true -# state: started - -- name: "1275776 - Configuration saptune" - ansible.builtin.command: "saptune daemon start" - register: __sap_hana_preconfigure_register_saptune_daemon - changed_when: __sap_hana_preconfigure_register_saptune_daemon.rc == 0 - -# - name: "1275776 - Configuration saptune sap note 2382421" -# ansible.builtin.command: "saptune note apply 2382421" -# register: __sap_hana_preconfigure_register_saptune_2382421 -# changed_when: __sap_hana_preconfigure_register_saptune_2382421.rc == 0 diff --git a/roles/sap_netweaver_preconfigure/tasks/sapnote/1275776/installation.yml b/roles/sap_netweaver_preconfigure/tasks/sapnote/1275776/installation.yml deleted file mode 100644 index 8e26bee9f..000000000 --- a/roles/sap_netweaver_preconfigure/tasks/sapnote/1275776/installation.yml +++ /dev/null @@ -1,6 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -- name: 1275776 - Installation saptune - ansible.builtin.package: - name: "saptune" diff --git a/roles/sap_netweaver_preconfigure/vars/RedHat_10.yml b/roles/sap_netweaver_preconfigure/vars/RedHat_10.yml new file mode 100644 index 000000000..74dfe7749 --- /dev/null +++ b/roles/sap_netweaver_preconfigure/vars/RedHat_10.yml @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: Apache-2.0 +--- + +# vars file for sap_netweaver_preconfigure + +__sap_netweaver_preconfigure_sapnotes: + - "2526952" + +__sap_netweaver_preconfigure_sapnotes_versions: + - { number: '2526952', version: '5' } + +__sap_netweaver_preconfigure_packages: + - tuned-profiles-sap + +# SAP note 3242422 v2: +__sap_netweaver_preconfigure_adobe_doc_services_packages: + - autoconf + - automake + - cyrus-sasl + - expat + - fontconfig + - glibc-devel + - keyutils-libs + - krb5-libs + - libcom_err + - libidn2 + - libselinux + - libxcb + - nspr + - nss + - nss-softokn + - nss-softokn-freebl + - nss-util + - openldap + - openssl + - zlib + - libstdc++ + - libX11 + - libXau + - glibc + - libstdc++ + - libgcc + - libuuid diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml b/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml deleted file mode 100644 index 42032de73..000000000 --- a/roles/sap_netweaver_preconfigure/vars/SLES_15.6.yml +++ /dev/null @@ -1,43 +0,0 @@ -# SPDX-License-Identifier: Apache-2.0 ---- -# Variables specific to following versions: -# - SUSE Linux Enterprise Server for SAP Applications 15 SP6 -# - SUSE Linux Enterprise Server 15 SP6 - -__sap_netweaver_preconfigure_sapnotes: - - "1275776" - -__sap_netweaver_preconfigure_packages: - # Mandatory packages - - tcsh - - acl - - insserv-compat - - system-user-uuidd - - uuidd - # gcc packages - - libstdc++6 - - libatomic1 - - libgcc_s1 - - libltdl7 - # System monitoring - - sysstat - - cpupower - - libcpupower1 - - libsensors4 - # Patterns - - patterns-base-basesystem - - patterns-server-enterprise-sap_server - - patterns-yast-yast2_basis - # Additional packages - - procmail - # Not needed but kept for compatibility - - hicolor-icon-theme - - yast2-auth-client - - yast2-auth-server - - yast2-theme - - yast2-vpn - - -# SLES_SAP is using saptune, but SLES is using sapconf. -# Default value true runs saptune, but installation.yml auto-detects base product and adjusts. -__sap_netweaver_preconfigure_run_saptune: true diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_15.yml b/roles/sap_netweaver_preconfigure/vars/SLES_15.yml index cc632e33f..d69afdd9a 100644 --- a/roles/sap_netweaver_preconfigure/vars/SLES_15.yml +++ b/roles/sap_netweaver_preconfigure/vars/SLES_15.yml @@ -1,42 +1,49 @@ # SPDX-License-Identifier: Apache-2.0 --- # Variables specific to following versions: -# - SUSE Linux Enterprise Server for SAP Applications 15 # - SUSE Linux Enterprise Server 15 -__sap_netweaver_preconfigure_sapnotes: - - "1275776" +__sap_netweaver_preconfigure_sapnotes_versions: [] + # 2578899 - SUSE Linux Enterprise Server 15: Installation Note + # Already included in sap_general_preconfigure + + # SAP Notes applicable to NETWEAVER saptune solution: + # 941735 1771258 2578899 2993054 1656250 900929 + + # 941735 - SAP memory management system for 64-bit Linux systems + # kernel.shmall, kernel.shmmax are already default. + # ShmFileSystemSizeMB, VSZ_TMPFS_PERCENT are optional parameters for /dev/shm + + # 1771258 - Linux: User and system resource limits + # Limits are created by applying saptune solution or predefined in sapconf. + + # 900929 - Linux: STORAGE_PARAMETERS_WRONG_SET and "mmap() failed" + # Parameter vm.max_map_count=2147483647 is already default value. + __sap_netweaver_preconfigure_packages: - # Mandatory packages + # Mandatory patterns + - patterns-server-enterprise-sap_server + + # Recommended packages - tcsh - acl - - insserv-compat - - system-user-uuidd - - uuidd - # gcc packages + - insserv-compat # Support for System V init scripts - libstdc++6 - libatomic1 - libgcc_s1 - - libltdl7 - # System monitoring - - sysstat + + # Recommended for System monitoring - cpupower - - libcpupower0 + - "{{ 'libcpupower0' if ansible_distribution_version is version('15.6', '<') else 'libcpupower1' }}" - libsensors4 - # Patterns - - patterns-base-basesystem - - patterns-server-enterprise-sap_server - - patterns-yast-yast2_basis + # Additional packages + - nfs-utils + - bind-utils - procmail - # Not needed but kept for compatibility - - hicolor-icon-theme - - yast2-auth-client - - yast2-auth-server - - yast2-theme - - yast2-vpn + - libltdl7 + # SLES_SAP is using saptune, but SLES is using sapconf. -# Default value true runs saptune, but installation.yml auto-detects base product and adjusts. -__sap_netweaver_preconfigure_run_saptune: true +__sap_netweaver_preconfigure_use_saptune: true diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_SAP_15.yml b/roles/sap_netweaver_preconfigure/vars/SLES_SAP_15.yml new file mode 100644 index 000000000..013b5854e --- /dev/null +++ b/roles/sap_netweaver_preconfigure/vars/SLES_SAP_15.yml @@ -0,0 +1,50 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# Variables specific to following versions: +# - SUSE Linux Enterprise Server for SAP Applications 15 + +__sap_netweaver_preconfigure_sapnotes_versions: [] + # 2578899 - SUSE Linux Enterprise Server 15: Installation Note + # Already included in sap_general_preconfigure + + # SAP Notes applicable to NETWEAVER saptune solution: + # 941735 1771258 2578899 2993054 1656250 900929 + + # 941735 - SAP memory management system for 64-bit Linux systems + # kernel.shmall, kernel.shmmax are already default. + # ShmFileSystemSizeMB, VSZ_TMPFS_PERCENT are optional parameters for /dev/shm + + # 1771258 - Linux: User and system resource limits + # Limits are created by applying saptune solution or predefined in sapconf. + + # 900929 - Linux: STORAGE_PARAMETERS_WRONG_SET and "mmap() failed" + # Parameter vm.max_map_count=2147483647 is already default value. + + +__sap_netweaver_preconfigure_packages: + # Mandatory patterns + - patterns-server-enterprise-sap_server + - patterns-sap-nw + + # Recommended packages + - tcsh + - acl + - insserv-compat # Support for System V init scripts + - libstdc++6 + - libatomic1 + - libgcc_s1 + + # Recommended for System monitoring + - cpupower + - "{{ 'libcpupower0' if ansible_distribution_version is version('15.6', '<') else 'libcpupower1' }}" + - libsensors4 + + # Additional packages + - nfs-utils + - bind-utils + - procmail + - libltdl7 + + +# SLES_SAP is using saptune, but SLES is using sapconf. +__sap_netweaver_preconfigure_use_saptune: true diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_SAP_16.yml b/roles/sap_netweaver_preconfigure/vars/SLES_SAP_16.yml new file mode 100644 index 000000000..542988519 --- /dev/null +++ b/roles/sap_netweaver_preconfigure/vars/SLES_SAP_16.yml @@ -0,0 +1,40 @@ +# SPDX-License-Identifier: Apache-2.0 +--- +# Variables specific to following versions: +# - SUSE Linux Enterprise Server for SAP Applications 16 + +__sap_netweaver_preconfigure_sapnotes_versions: [] + +__sap_netweaver_preconfigure_packages: + # Mandatory patterns + - patterns-sap-APP + + # Recommended packages + - tcsh + - psmisc + - acl + - uuidd + + # 2578899 is not updated for SLES 16 yet. + - uuidd + - sysstat + - sysctl-logger + + # 3139184 - Linux: systemd integration for sapstartsrv and SAP Host Agent + - polkit + + # Recommended for System monitoring + - cpupower + - libcpupower1 + - libsensors4 + + # Additional packages + - nfs-utils + - bind-utils + - procmail + - libltdl7 + + +# SLES_SAP is using saptune, but SLES is using sapconf. +# Default value true runs saptune, but installation.yml auto-detects base product and adjusts. +__sap_netweaver_preconfigure_use_saptune: true diff --git a/roles/sap_netweaver_preconfigure/vars/main.yml b/roles/sap_netweaver_preconfigure/vars/main.yml index 42ac22571..4a7026287 100644 --- a/roles/sap_netweaver_preconfigure/vars/main.yml +++ b/roles/sap_netweaver_preconfigure/vars/main.yml @@ -4,3 +4,6 @@ # define variables here that will not change # Those are valid for all OS # + +# dummy entry for passing the arg spec validation: +__sap_netweaver_preconfigure_packages: []