feat: GCP VIP rework

SUSE socat resource added
IPaddr2 resource fixed
Additional resource cleanup for ASCS/ERS
Updated names for health check resources

roles/sap_ha_pacemaker_cluster/defaults/main.yml

@@ -157,9 +157,14 @@ sap_ha_pacemaker_cluster_hana_order_hana_vip_secondary_name: >-
 sap_ha_pacemaker_cluster_vip_hana_primary_ip_address: ''
 sap_ha_pacemaker_cluster_vip_hana_primary_resource_name: >-
   rsc_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary
+sap_ha_pacemaker_cluster_healthcheck_hana_primary_resource_name: >-
+  rsc_vip_health_check_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_primary
+
 sap_ha_pacemaker_cluster_vip_hana_secondary_ip_address: ''
 sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name: >-
   rsc_vip_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_readonly
+sap_ha_pacemaker_cluster_healthcheck_hana_secondary_resource_name: >-
+  rsc_vip_health_check_{{ sap_ha_pacemaker_cluster_hana_sid }}_HDB{{ sap_ha_pacemaker_cluster_hana_instance_nr }}_readonly
 
 sap_ha_pacemaker_cluster_healthcheck_hana_primary_id: "{{ sap_ha_pacemaker_cluster_hana_sid + 'prim' }}"
 sap_ha_pacemaker_cluster_healthcheck_hana_secondary_id: "{{ sap_ha_pacemaker_cluster_hana_sid + 'ro' }}"
@@ -224,15 +229,26 @@ sap_ha_pacemaker_cluster_resource_filesystem_force_unmount: safe
 sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_ip_address: ''
 sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_name: >-
   rsc_vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}
+sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ascs_resource_name: >-
+  rsc_vip_health_check_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ASCS{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr }}
+
 sap_ha_pacemaker_cluster_vip_nwas_abap_ers_ip_address: ''
 sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_name: >-
   rsc_vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}
+sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ers_resource_name: >-
+  rsc_vip_health_check_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_ERS{{ sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr }}
+
 sap_ha_pacemaker_cluster_vip_nwas_abap_pas_ip_address: ''
 sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name: >-
   rsc_vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_PAS{{ sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr }}
+sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_resource_name: >-
+  rsc_vip_health_check_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_PAS{{ sap_ha_pacemaker_cluster_nwas_abap_pas_instance_nr }}
+
 sap_ha_pacemaker_cluster_vip_nwas_abap_aas_ip_address: ''
 sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name: >-
   rsc_vip_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_AAS{{ sap_ha_pacemaker_cluster_nwas_abap_aas_instance_nr }}
+sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_resource_name: >-
+  rsc_vip_health_check_{{ sap_ha_pacemaker_cluster_nwas_abap_sid }}_AAS{{ sap_ha_pacemaker_cluster_nwas_abap_aas_instance_nr }}
 
 
 # SAP NetWeaver common - Resource IDs (names) as convenience parameters

roles/sap_ha_pacemaker_cluster/tasks/Suse/post_steps_nwas_abap_ascs_ers.yml

@@ -51,16 +51,6 @@
       changed_when: false
       run_once: true  # noqa: run_once[task]
 
-    # # Workaround situation when ASCS and ERS mounts are not present on both nodes.
-    # - name: "SAP HA Install Pacemaker - SAPStartSrv crm resource cleanup"
-    #   ansible.builtin.command:
-    #     cmd: crm resource cleanup {{ item }}
-    #   loop:
-    #     - "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name }}"
-    #     - "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name }}"
-    #   when: sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount
-    #   changed_when: true
-
     - name: "SAP HA Install Pacemaker - Fetch CIB configuration"
       ansible.builtin.command:
         cmd: cibadmin --query

roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml

@@ -244,17 +244,17 @@
            and 'FALSE' in __sap_ha_pacemaker_cluster_register_ers_ha_failover_config.stdout)
           or (__sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout is defined
            and 'ERROR' in __sap_ha_pacemaker_cluster_register_ascs_ha_check_config.stdout)"
+      vars:
+        __rsc_ascs: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name
+          if sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount
+          else sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name }}"
+        __rsc_ers: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name
+          if sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount
+          else sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name }}"
       block:
         - name: "SAP HA Pacemaker - (SAP HA Interface) Restart ASCS ERS resources"
           ansible.builtin.shell: |
             {{ __sap_ha_pacemaker_cluster_command.resource_restart }} {{ restart_item }}
-          vars:
-            __rsc_ascs: "{{ sap_ha_pacemaker_cluster_nwas_abap_ascs_sapstartsrv_resource_name
-              if sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount
-              else sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_resource_name }}"
-            __rsc_ers: "{{ sap_ha_pacemaker_cluster_nwas_abap_ers_sapstartsrv_resource_name
-              if sap_ha_pacemaker_cluster_nwas_abap_ascs_ers_simple_mount
-              else sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_resource_name }}"
           loop:
             - "{{ __rsc_ascs }}"
             - "{{ __rsc_ers }}"
@@ -282,6 +282,12 @@
           changed_when: false
           failed_when: false
 
+        # Ensure there are no errors after resources were restarted
+        - name: "SAP HA Install Pacemaker - Cluster resource cleanup after restart"
+          ansible.builtin.shell: |
+            {{ __sap_ha_pacemaker_cluster_command.resource_cleanup }}
+          changed_when: true
+
 
     - name: "SAP HA Pacemaker - (SAP HA Interface) Get HACheckConfig for ASCS"
       when:

roles/sap_ha_pacemaker_cluster/tasks/platform/construct_vars_vip_resources_cloud_gcp_ce_vm.yml

@@ -15,7 +15,7 @@
   vars:
     __resource_vip:
       id: "{{ vip_list_item.key }}"
-      agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents[sap_ha_pacemaker_cluster_vip_method].agent }}"
+      agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents['ipaddr'].agent | d('ocf:heartbeat:IPaddr2') }}"
       instance_attrs:
         - attrs:
             - name: ip
@@ -74,3 +74,30 @@
     - sap_ha_pacemaker_cluster_vip_method == 'gcp_nlb_reserved_ip_haproxy'
     - vip_list_item.key in __sap_ha_pacemaker_cluster_healthcheck_resource_list
     - __haproxy_id | length > 0
+
+
+- name: "SAP HA Prepare Pacemaker - GCP CE - Add resource: Socat resource for Health Checks (socat)"
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__health_check] }}"
+  vars:
+    __health_check:
+      id: "{{ vip_list_item.key }}"
+      agent: "{{ __sap_ha_pacemaker_cluster_available_vip_agents[sap_ha_pacemaker_cluster_vip_method].agent }}"
+      instance_attrs:
+        - attrs:
+            - name: binfile
+              value: "/usr/bin/socat"
+            - name: cmdline_options
+              value: "-U TCP-LISTEN:{{ vip_list_item.value }},backlog=10,fork,reuseaddr /dev/null"
+      operations:
+        - action: monitor
+          attrs:
+            - name: interval
+              value: 10
+            - name: timeout
+              value: 20
+
+  when:
+    - vip_list_item.key not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id'))
+    - sap_ha_pacemaker_cluster_vip_method == 'gcp_anything_socat'
+    - vip_list_item.key in __sap_ha_pacemaker_cluster_healthcheck_resource_list

roles/sap_ha_pacemaker_cluster/vars/main.yml

@@ -41,14 +41,6 @@ __sap_ha_pacemaker_cluster_available_vip_agents:
   ipaddr:
     agent: "ocf:heartbeat:IPaddr2"
 
-# Health check helper variable for platforms that require it
-sap_ha_pacemaker_cluster_healthcheck_hana_primary_resource_name: "hc_{{ sap_ha_pacemaker_cluster_vip_hana_primary_resource_name }}"
-sap_ha_pacemaker_cluster_healthcheck_hana_secondary_resource_name: "hc_{{ sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name }}"
-sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ascs_resource_name: "hc_{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_name }}"
-sap_ha_pacemaker_cluster_healthcheck_nwas_abap_ers_resource_name: "hc_{{ sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_name }}"
-sap_ha_pacemaker_cluster_healthcheck_nwas_abap_pas_resource_name: "hc_{{ sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name }}"
-sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_resource_name: "hc_{{ sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name }}"
-
 # For convenience to distinguish between VIP and HC resources:
 __sap_ha_pacemaker_cluster_vip_resource_list:
   - "{{ sap_ha_pacemaker_cluster_vip_hana_primary_resource_name }}"

roles/sap_ha_pacemaker_cluster/vars/platform_cloud_gcp_ce_vm.yml

@@ -104,7 +104,7 @@ sap_ha_pacemaker_cluster_healthcheck_nwas_abap_aas_port: "620{{ sap_ha_pacemaker
 
 # Platform specific VIP handling
 # Google documentation differs for each OS:
-# SUSE - VIP: IPaddr2, Healthcheck: No pacemaker resources, but directly as part of NLB healthcheck
+# SUSE - VIP: IPaddr2, Healthcheck: anything using socat
 #   HANA: https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_a_local_cluster_ip_resource_for_the_vip_address
 #   NWAS: https://cloud.google.com/solutions/sap/docs/netweaver-ha-config-sles#create_the_vip_resources
 # RHEL - VIP: IPaddr2, Healthcheck: haproxy
@@ -159,3 +159,9 @@ __sap_ha_pacemaker_cluster_available_vip_agents:
   gcp_vpc_move_route:
     agent: "ocf:heartbeat:gcp-vpc-move-route"
     with: ipaddr
+
+  # This is dummy resource to run socat process for Health checks on SUSE
+  # https://cloud.google.com/solutions/sap/docs/netweaver-ha-config-sles#create_the_health_check_resources
+  gcp_anything_socat:
+    agent: "anything"
+    with: ipaddr

roles/sap_ha_pacemaker_cluster/vars/redhat.yml

@@ -56,6 +56,7 @@ __sap_ha_pacemaker_cluster_command:
   resource_defaults_show: "pcs resource defaults config"
   resource_defaults_update: "pcs resource defaults update"
   resource_restart: "pcs resource restart"
+  resource_cleanup: "pcs resource cleanup"
 
 # Default corosync options - OS specific
 __sap_ha_pacemaker_cluster_corosync_totem_default:

roles/sap_ha_pacemaker_cluster/vars/suse.yml

@@ -19,6 +19,7 @@ __sap_ha_pacemaker_cluster_command:
   resource_defaults_show: "crm configure show type:rsc_defaults"
   resource_defaults_update: "crm configure rsc_defaults"
   resource_restart: "crm resource restart"
+  resource_cleanup: "crm resource cleanup"
 
 # Default corosync options - OS specific
 __sap_ha_pacemaker_cluster_corosync_totem_default:
@@ -46,6 +47,8 @@ __sap_ha_pacemaker_cluster_fence_agent_packages_dict:
 __sap_ha_pacemaker_cluster_platform_extra_packages_dict:
   cloud_aws_ec2_vs:
     - awscli
+  cloud_gcp_ce_vm:
+    - socat
   cloud_msazure_vm:
     - socat
 
@@ -66,7 +69,7 @@ __sap_ha_pacemaker_cluster_sap_extra_packages_dict:
 
 # Dictionary with preferred platform specific VIP method that differs from default
 __sap_ha_pacemaker_cluster_vip_method_dict:
-  cloud_gcp_ce_vm: ipaddr
+  cloud_gcp_ce_vm: gcp_anything_socat
 
 # Resource agents - fully qualified names
 __sap_ha_pacemaker_cluster_resource_agents: