Merge pull request #492 from sap-linuxlab/dev

collection: merge dev to main for release 1.3.2

CHANGELOG.rst

@@ -5,6 +5,34 @@ community.sap_install Release Notes
 .. contents:: Topics
 
 
+v1.3.2
+======
+
+Release Summary
+---------------
+
+| Release Date: 2023-09-29
+sap_general_preconfigure: Update to latest SAP documentation for RHEL 9 package libxcrypt-compat
+sap_general_preconfigure: Bug fix for directory creation and SELinux Labels
+sap_ha_pacemaker_cluster: Bug fix for AWS EC2 Virtual Servers
+sap_ha_pacemaker_cluster: Bug fix for Google Cloud Compute Engine VM netmask lock on Virtual IP
+sap_ha_pacemaker_cluster: Feature add for improved SAP NetWeaver HA compatibility
+sap_ha_pacemaker_cluster: Feature add for ENSA1 compatibility
+sap_ha_pacemaker_cluster: Feature add for SAP HA Interface Cluster Connector after cluster init
+sap_ha_pacemaker_cluster: Feature add for IBM PowerVM hypervisor
+sap_ha_pacemaker_cluster: Feature add for multiple network interfaces with Virtual IP
+sap_hana_install: Bug fix for SELinux disable when SLES4SAP
+sap_install_media_detect: Feature add for NFS compatibility
+sap_install_media_detect: Feature add for idempotency
+sap_install_media_detect: Feature add for new file detection after code restructure
+sap_install_media_detect: Bug fix for setting SAP Maintenance Planner Stack XML path
+sap_storage_setup: Feature add for Multipathing detection
+sap_storage_setup: Bug fix for NFS throttle from customer test on MS Azure
+sap_storage_setup: Bug fix for packages on SLES and Google Cloud
+sap_swpm: Bug fix for RDBMS var name
+sap_swpm: Bug fix for SAP HANA Client hdbuserstore connection
+sap_swpm: Bug fix for SAP Maintenance Planner Stack XML path
+
 v1.3.1
 ======
 
@@ -47,7 +75,7 @@ Release Summary
 
 | Release Date: 2023-04-25
 | sap_hana_preconfigure: Some modifications for HANA on RHEL 9
-| sap_ha_pacemaker_cluster: Support for custom stonith resource definitions containing more than one element
+| sap_ha_pacemaker_cluster: Compatibility for custom stonith resource definitions containing more than one element
 | sap_hana_preconfigure: Be more flexible with IBM service and productivity tools
 
 

galaxy.yml

@@ -10,7 +10,7 @@ namespace: community
 name: sap_install
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.3.1
+version: 1.3.2
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

playbooks/sample-sap-ha-deployment-hana-2-node-cluster.yml

@@ -48,10 +48,9 @@
         node_role: secondary
         hana_site: DC02
 
-    sap_hana_vip:
-      primary: 192.168.1.100
+    sap_ha_pacemaker_cluster_vip_hana_primary_ip_address: 192.168.1.100
 
-    ha_cluster_fence_agent_packages:
+    sap_ha_pacemaker_cluster_fence_agent_packages:
       - fence-agents-rhevm
 
     sap_ha_pacemaker_cluster_stonith_custom:

playbooks/sample-sap-nwas-ascs-ers-2-node-cluster.yml

@@ -0,0 +1,82 @@
+---
+# This playbook will
+# - install and configure a basic pacemaker cluster
+# - configure the SAP NetWeaver ASCS/ERS resource groups with each
+#   - an instance filesystem
+#   - the instance resource
+#   - an instance service VIP
+
+# To use this playbook in your test environment
+# please update the "vars" parameters with values
+# corresponding to your individual naming standards
+# and infrastructure (e.g. IP definitions matching your network).
+#
+# NOTE:
+# For simplicity the sample password values are plain text. Please make sure to
+# apply security measures to any credentials, for instance using ansible-vault
+# encryption.
+
+- name: "Install and Configure a Pacemaker Cluster on 2 NetWeaver ASCS/ERS nodes"
+  hosts: ascs-node, ers-node
+  become: true
+#  any_error_fatal: true
+
+  vars:
+    ############################################################################
+    ### MANDATORY parameter definitions for a NetWeaver ASCS/ERS cluster setup.
+    ############################################################################
+
+    ### General minimum pacemaker cluster definitions.
+
+    # Cluster name is optional, the default of the 'ha_cluster' Linux System Role
+    # would be applied when missing.
+    # However, for convenience it is defined along with the rest of the mandatory
+    # parameters in this example.
+    sap_ha_pacemaker_cluster_cluster_name: ascs-ers-cluster
+    sap_ha_pacemaker_cluster_hacluster_user_password: my-hacluster-vault-password
+
+    ### NetWeaver specific definitions
+    sap_ha_pacemaker_cluster_storage_nfs_server: "nfs-server1.example.com:/"
+
+    # Underlying filesystems are derived from the parent "/usr/sap" definition.
+    sap_ha_pacemaker_cluster_storage_definition:
+      - name: usr_sap
+        mountpoint: /usr/sap
+        nfs_path: /usr/sap
+        nfs_server: "{{ sap_ha_pacemaker_cluster_storage_nfs_server }}"
+
+      - name: usr_sap_trans
+        mountpoint: /usr/sap/trans
+        nfs_path: /usr/sap/trans
+        nfs_server: "{{ sap_ha_pacemaker_cluster_storage_nfs_server }}"
+
+      - name: sapmnt
+        mountpoint: /sapmnt
+        nfs_path: /sapmnt
+        nfs_server: "{{ sap_ha_pacemaker_cluster_storage_nfs_server }}"
+
+    # SID and Instance Numbers for ASCS and ERS.
+    sap_ha_pacemaker_cluster_nwas_abap_sid: ABC
+    sap_ha_pacemaker_cluster_nwas_abap_ascs_instance_nr: "02"
+    sap_ha_pacemaker_cluster_nwas_abap_ers_instance_nr: "12"
+
+    # Profile name created by the installer, for example: <SID>_ASCS<Instance-Number>_<ASCS-virtual-node-name>
+    sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_instance_name: ABC_ASCS02_ascs-node-ha
+    sap_ha_pacemaker_cluster_nwas_abap_ascs_sapinstance_start_profile_string: /sapmnt/ABC/profile/ABC_ASCS02_ascs-node-ha
+
+    sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_instance_name: ABC_ERS12_ers-node-ha
+    sap_ha_pacemaker_cluster_nwas_abap_ers_sapinstance_start_profile_string: /sapmnt/ABC/profile/ABC_ERS12_ers-node-ha
+
+    # Required to go through the configuration flow for a NetWeaver ASCS/ERS cluster.
+    sap_ha_pacemaker_cluster_host_type:
+      - nwas_abap_ascs_ers
+
+    # Virtual IP addresses, one per instance.
+    # These IPs will switch between the nodes together with the instance.
+    sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_ip_address: 192.168.10.102
+    sap_ha_pacemaker_cluster_vip_nwas_abap_ers_ip_address: 192.168.10.112
+
+
+  roles:
+
+    - name: sap_ha_pacemaker_cluster

playbooks/vars/sample-variables-sap-hana-install.yml

@@ -13,7 +13,7 @@ sap_hana_install_master_password: 'NewPass$321'
 
 # Instance details
 sap_hana_install_sid: 'HDB'
-sap_hana_install_instance_number: "00"
+sap_hana_install_instance_nr: "00"
 
 
 # ----------------------------- Optional parameters ------------------------------  #

playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-abap-onehost-install.yml

@@ -45,7 +45,7 @@ sap_swpm_cd_export_pt1_path: /software/download_basket/SOLMAN/51054655_1_DIR
 sap_swpm_cd_export_pt2_path: /software/download_basket/SOLMAN/51054655_2_DIR
 sap_swpm_cd_language_path: /software/download_basket/SOLMAN/51054655_3_DIR
 sap_swpm_cd_java_path: /software/download_basket/SOLMAN/51054655_4_DIR
-sap_swpm_cd_rdms_path: /software/download_basket/SAPINST/SAP_HANA/51054623
+sap_swpm_cd_rdbms_path: /software/download_basket/SAPINST/SAP_HANA/51054623
 
 # NW Passwords
 sap_swpm_master_password: "NewPass$321"

playbooks/vars/sample-variables-sap-swpm-default-mode-solman-hana-java-onehost-install.yml

@@ -47,7 +47,7 @@ sap_swpm_cd_export_pt1_path: /software/download_basket/SOLMAN/51054655_1_DIR
 sap_swpm_cd_export_pt2_path: /software/download_basket/SOLMAN/51054655_2_DIR
 sap_swpm_cd_language_path: /software/download_basket/SOLMAN/51054655_3_DIR
 sap_swpm_cd_java_path: /software/download_basket/SOLMAN/51054655_4_DIR
-sap_swpm_cd_rdms_path: /software/download_basket/SAPINST/SAP_HANA/51054623
+sap_swpm_cd_rdbms_path: /software/download_basket/SAPINST/SAP_HANA/51054623
 
 # NW Passwords
 sap_swpm_master_password: "NewPass$321"

roles/sap_general_preconfigure/README.md

@@ -237,11 +237,27 @@ Can be useful if you want to implement your own reboot handling.<br>
 
 One of the SELinux states to be set on the system.<br>
 
+### sap_general_preconfigure_create_directories
+- _Type:_ `bool`
+- _Default:_ `true`
+
+Set to `false` if you do not want the SAP directories to be created by the role.<br>
+The SAP directories will always be created if `sap_general_preconfigure_modify_selinux_labels`<br>
+(see below) is set to `true`, no matter how `sap_general_preconfigure_create_directories` is set.<br>
+
+### sap_general_preconfigure_sap_directories
+- _Type:_ `list` with elements of type `str`
+- _Default:_
+  - /usr/sap
+
+List of SAP directories to be created.<br>
+
 ### sap_general_preconfigure_modify_selinux_labels
 - _Type:_ `bool`
 - _Default:_ `true`
 
-Set to `false` if you do not want to modify the SELinux labels for the SAP directory `/usr/sap`.<br>
+Set to `false` if you do not want to modify the SELinux labels for the SAP directores set<br>
+in variable `sap_general_preconfigure_sap_directories`.<br>
 
 ### sap_general_preconfigure_size_of_tmpfs_gb
 - _Type:_ `str`

roles/sap_general_preconfigure/defaults/main.yml

@@ -115,8 +115,18 @@ sap_general_preconfigure_selinux_state: 'permissive'
 # - permissive
 # - disabled
 
+sap_general_preconfigure_create_directories: true
+# Set to `false` if you do not want the SAP directories to be created by the role.
+# The SAP directories will always be created if `sap_general_preconfigure_modify_selinux_labels`
+# (see below) is set to `true`, no matter how `sap_general_preconfigure_create_directories` is set.
+
+sap_general_preconfigure_sap_directories:
+  - /usr/sap
+# List of SAP directories to be created.
+
 sap_general_preconfigure_modify_selinux_labels: true
-# Set to `false` if you do not want to modify the SELinux labels for the SAP directory `/usr/sap`.
+# Set to `false` if you do not want to modify the SELinux labels for the SAP directores set
+# in variable `sap_general_preconfigure_sap_directories`.
 
 sap_general_preconfigure_size_of_tmpfs_gb: "{{ ((0.75 * (ansible_memtotal_mb + ansible_swaptotal_mb)) / 1024) | round | int }}"
 # The size of the tmpfs in GB. The formula used here is mentioned in SAP note 941735.

roles/sap_general_preconfigure/meta/argument_specs.yml

@@ -240,10 +240,29 @@ argument_specs:
         required: false
         type: str
 
+      sap_general_preconfigure_create_directories:
+        default: true
+        description:
+          - Set to `false` if you do not want the SAP directories to be created by the role.
+          - The SAP directories will always be created if `sap_general_preconfigure_modify_selinux_labels`
+          - (see below) is set to `true`, no matter how `sap_general_preconfigure_create_directories` is set.
+        required: false
+        type: bool
+
+      sap_general_preconfigure_sap_directories:
+        default:
+          - '/usr/sap'
+        description:
+          - List of SAP directories to be created.
+        required: false
+        type: list
+        elements: str
+
       sap_general_preconfigure_modify_selinux_labels:
         default: true
         description:
-          - Set to `false` if you do not want to modify the SELinux labels for the SAP directory `/usr/sap`.
+          - Set to `false` if you do not want to modify the SELinux labels for the SAP directores set
+          - in variable `sap_general_preconfigure_sap_directories`.
         required: false
         type: bool
 

roles/sap_general_preconfigure/tasks/RedHat/configuration.yml

@@ -4,13 +4,35 @@
   ansible.builtin.debug:
     var: __sap_general_preconfigure_sapnotes_versions | difference([''])
 
-- name: Configure - Create directory '/usr/sap'
+- name: Configure - Set directory variables for setting SELinux file contexts
+  ansible.builtin.set_fact:
+    sap_general_preconfigure_fact_targets_setypes: "{{ sap_general_preconfigure_fact_targets_setypes | d([]) +
+      [__sap_general_preconfigure_tmp_dict_target_setype] }}"
+  loop: "{{ sap_general_preconfigure_sap_directories }}"
+  loop_control:
+    loop_var: line_item
+  vars:
+    __sap_general_preconfigure_tmp_dict_target_setype:
+      target: "{{ line_item }}(/.*)?"
+      setype: 'usr_t'
+  when: sap_general_preconfigure_modify_selinux_labels
+
+- name: Configure - Display directory variable
+  ansible.builtin.debug:
+    var: sap_general_preconfigure_fact_targets_setypes
+  when: sap_general_preconfigure_modify_selinux_labels
+
+- name: Configure - Create directories
   ansible.builtin.file:
-    path: '/usr/sap'
+    path: "{{ line_item }}"
     state: directory
     mode: '0755'
     owner: root
     group: root
+  loop: "{{ sap_general_preconfigure_sap_directories }}"
+  loop_control:
+    loop_var: line_item
+  when: sap_general_preconfigure_create_directories or sap_general_preconfigure_modify_selinux_labels
 
 - name: Configure - Include configuration actions for required sapnotes
   ansible.builtin.include_tasks: "sapnote/{{ sap_note_line_item.number }}.yml"

roles/sap_general_preconfigure/tasks/RedHat/generic/configure-selinux.yml

@@ -18,26 +18,28 @@
   register: __sap_general_preconfigure_register_selinux_config_type_changed
   notify: __sap_general_preconfigure_reboot_handler
 
-- name: Determine the current SELinux state
-  ansible.builtin.command: getenforce
-  register: __sap_general_preconfigure_register_getenforce
-  check_mode: no
-  changed_when: false
+# Set a new SELinux mode variable to the SELinux status if 'disabled' or otherwise to
+# the value of the 'mode' member ('permissive' or 'enforcing')
+- name: SELinux - Set an SELinux mode variable
+  ansible.builtin.set_fact:
+    __sap_general_preconfigure_fact_selinux_mode: "{{ (ansible_selinux.status == 'disabled') | ternary(ansible_selinux.status, ansible_selinux.mode) }}"
+
+- name: SELinux - Display the current SELinux mode or status
+  ansible.builtin.debug:
+    var: __sap_general_preconfigure_fact_selinux_mode
 
 # Reason for noqa: We need to notify a handler in another role, which is not possible from a handler in the current role
 - name: SELinux - Set the flag that reboot is needed to apply changes # noqa no-handler
   ansible.builtin.set_fact:
     sap_general_preconfigure_fact_reboot_required: true
   when: __sap_general_preconfigure_register_selinux_config_state_changed.changed or
         __sap_general_preconfigure_register_selinux_config_type_changed.changed or
-        __sap_general_preconfigure_register_getenforce.stdout | lower !=
-          sap_general_preconfigure_selinux_state
+        __sap_general_preconfigure_fact_selinux_mode != sap_general_preconfigure_selinux_state
 
-- name: Call Reboot handler if necessary
+- name: SELinux - Call Reboot handler if necessary
   ansible.builtin.command: /bin/true
   notify: __sap_general_preconfigure_reboot_handler
-  when: __sap_general_preconfigure_register_getenforce.stdout | lower !=
-          sap_general_preconfigure_selinux_state
+  when: __sap_general_preconfigure_fact_selinux_mode != sap_general_preconfigure_selinux_state
 
 - name: Set or unset SELinux kernel parameter, RHEL 8 and RHEL 9
   when:
@@ -96,14 +98,24 @@
   ansible.builtin.debug:
     var: sap_general_preconfigure_fact_reboot_required | d(false)
 
-- name: Configure '/usr/sap' SELinux file labels
+- name: SELinux - Warn if the SELinux file contexts cannot be set
+  ansible.builtin.debug:
+    msg: "WARN: The SELinux file context cannot be set on an SELinux disabled system!"
+  when:
+    - sap_general_preconfigure_modify_selinux_labels
+    - __sap_general_preconfigure_fact_selinux_mode == 'disabled'
+
+- name: SELinux - Configure SELinux file contexts
   ansible.builtin.include_role:
     name: '{{ sap_general_preconfigure_system_roles_collection }}.selinux'
   vars:
     selinux_booleans:
       - { name: 'selinuxuser_execmod', state: 'on' }
     selinux_fcontexts:
-      - { target: '/usr/sap(/.*)?', setype: 'usr_t' }
+      - "{{ sap_general_preconfigure_fact_targets_setypes }}"
     selinux_restore_dirs:
-      - '/usr/sap'
-  when: sap_general_preconfigure_modify_selinux_labels
+      - "{{ sap_general_preconfigure_sap_directories }}"
+  when:
+    - sap_general_preconfigure_modify_selinux_labels
+    - sap_general_preconfigure_selinux_state != 'disabled'
+    - __sap_general_preconfigure_fact_selinux_mode != 'disabled'

roles/sap_general_preconfigure/vars/RedHat_9.yml

@@ -62,6 +62,8 @@ __sap_general_preconfigure_packages_x86_64:
   - hostname
 # package tuned: no longer part of package group "Core" in RHEL 9, so we have to install it
   - tuned
+# package libxcrypt-compat: needed by sapstartsrv and SAP HANA on RHEL 9:
+  - libxcrypt-compat
 
 __sap_general_preconfigure_packages_ppc64le:
   - uuidd
@@ -74,6 +76,8 @@ __sap_general_preconfigure_packages_ppc64le:
   - hostname
 # package tuned: no longer part of package group "Core" in RHEL 9, so we have to install it
   - tuned
+# package libxcrypt-compat: needed by sapstartsrv and SAP HANA on RHEL 9:
+  - libxcrypt-compat
 
 __sap_general_preconfigure_packages_s390x:
   - uuidd
@@ -86,6 +90,8 @@ __sap_general_preconfigure_packages_s390x:
   - hostname
 # package tuned: no longer part of package group "Core" in RHEL 9, so we have to install it
   - tuned
+# package libxcrypt-compat: needed by sapstartsrv on RHEL 9:
+  - libxcrypt-compat
 
 __sap_general_preconfigure_packages: "{{ lookup('vars', '__sap_general_preconfigure_packages_' + ansible_architecture) }}"