Skip to content

Commit

Permalink
Merge pull request #58 from sean-freeman/placement_groups
Browse files Browse the repository at this point in the history
sap_vm_provision: exec flow amendments from testing
  • Loading branch information
berndfinger authored Sep 13, 2024
2 parents 3ba7939 + da4b895 commit 74862b2
Show file tree
Hide file tree
Showing 9 changed files with 356 additions and 303 deletions.
2 changes: 0 additions & 2 deletions roles/sap_vm_provision/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,6 @@ For a list of requirements and recommended authorizations on each Infrastructure
**Dependencies:**
- OS Packages
- Python 3.9.7+ (i.e. CPython distribution)
- AWS CLI _(when High Availability on AWS)_
- GCloud CLI _(when High Availability on GCP)_
- IBM Cloud CLI _(when High Availability on IBM Cloud)_
- Terraform 1.0.0-1.5.5 _(when Ansible to Terraform, or legacy Ansible Collection for IBM Cloud)_
- Python Packages
Expand Down
22 changes: 18 additions & 4 deletions roles/sap_vm_provision/tasks/common/register_proxy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,14 @@
mode: '0644'
force: false

# Ignore domains within the Cloud Platform's internal backbone, to access Cloud Services when a Proxy is enabled
- name: Web Forward Proxy - Cloud Platform specific exclusions - IBM Cloud, IBM Power Virtual Server
ansible.builtin.set_fact:
__sap_vm_provision_task_proxy_platform_exclude: ',cloud.ibm.com,networklayer.com'
when:
- sap_vm_provision_iac_platform == "ibmcloud_powervs"
- __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities.resource.pi_workspace_capabilities['power-edge-router']

# For non-interactive login shell, append proxy env var to /root/.bashrc (proxy will not work if using /etc/bashrc or script stored in /etc/profile.d/)
- name: Web Forward Proxy - Append Proxy env var to non-interactive login shell config file
ansible.builtin.blockinfile:
Expand All @@ -53,12 +61,18 @@
export HTTPS_PROXY="{{ sap_vm_provision_proxy_web_forward_proxy_ip }}"
#export ftp_proxy
#export FTP_PROXY
export no_proxy="{{ sap_vm_provision_proxy_web_forward_exclusions }},{{ sap_vm_provision_proxy_web_forward_exclusions_dynamic }}"
export NO_PROXY="{{ sap_vm_provision_proxy_web_forward_exclusions }},{{ sap_vm_provision_proxy_web_forward_exclusions_dynamic }}"
export no_proxy="{{ sap_vm_provision_proxy_web_forward_exclusions }},{{ sap_vm_provision_proxy_web_forward_exclusions_dynamic }}{{ __sap_vm_provision_task_proxy_platform_exclude if __sap_vm_provision_task_proxy_platform_exclude is defined }}"
export NO_PROXY="{{ sap_vm_provision_proxy_web_forward_exclusions }},{{ sap_vm_provision_proxy_web_forward_exclusions_dynamic }}{{ __sap_vm_provision_task_proxy_platform_exclude if __sap_vm_provision_task_proxy_platform_exclude is defined }}"
- name: Edit /etc/dnf/dnf.conf to add proxy
# dnf/yum will first use proxy var from config file, followed by environment variables of the login shell
# When dnf/yum is set to empty string in config file, it will ignore proxy. However, "The curl environment variables (such as http_proxy) are effective if this option is unset" and
# therefore dnf/yum has no method to enable Proxy for Public Internet connectivity in combination with no Proxy for OS Package Repositories.
# Using no_proxy/NO_PROXY env var with domain suffix for mirror OS Package Repositories inside the Cloud Service Provider will force no Proxy usage.
- name: Web Forward Proxy - Edit /etc/dnf/dnf.conf to add proxy
ansible.builtin.blockinfile:
path: /etc/dnf/dnf.conf
block: |
proxy=http://{{ sap_vm_provision_proxy_web_forward_proxy_ip }}
when: ansible_os_family == "RedHat"
when:
- ansible_os_family == "RedHat"
- __sap_vm_provision_task_proxy_platform_exclude is undefined
1 change: 1 addition & 0 deletions roles/sap_vm_provision/tasks/common/set_ansible_vars.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@
- name: Set facts for all hosts - use facts from localhost - HA/DR - Virtual IP for SAP AnyDB Primary node
ansible.builtin.set_fact:
sap_vm_temp_vip_anydb_primary: "{{ sap_vm_provision_ha_vip_anydb_primary }}"
sap_ha_install_anydb_ibmdb2_vip_primary_ip_address: "{{ sap_vm_provision_ha_vip_anydb_primary }}"
when:
- (sap_vm_provision_ha_vip_anydb_primary | length) > 0
no_log: "{{ __sap_vm_provision_no_log }}"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,16 @@
name: "{{ sap_vm_provision_ibmcloud_powervs_workspace_name }}"
ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}"

- name: Identify IBM Power Infrastructure Workspace capabilities
no_log: "{{ __sap_vm_provision_no_log }}"
register: __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities
run_once: true
environment:
IC_REGION: "{{ sap_vm_provision_ibmcloud_powervs_region }}"
ibm.cloudcollection.ibm_pi_workspace_info:
pi_cloud_instance_id: "{{ __sap_vm_provision_task_ibmcloud_pi_workspace_service_instance.resource.guid }}" # must be GUID, not CRN
ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}"

- name: Identify pre-loaded IBM Power Infrastructure SSH Public Key info
no_log: "{{ __sap_vm_provision_no_log }}"
register: __sap_vm_provision_task_ibmcloud_pi_ssh_public_key
Expand Down Expand Up @@ -112,7 +122,7 @@
then Subnet DNS Default should use IBM Cloud IaaS Backbone DNS Resolver 161.26.0.10/11 (which will be populated into /etc/resolv.conf).
Otherwise cloud-init actions during provisioning may not be successful.
when:
- not sap_vm_provision_proxy_web_forward_proxy_ip is defined
- __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities.resource.pi_workspace_capabilities['power-edge-router']
- not (__sap_vm_provision_task_ibmcloud_pi_subnet.resource.dns | first) in ['161.26.0.10', '161.26.0.11']

# DNS may exist in separate Resource Group
Expand Down Expand Up @@ -358,8 +368,13 @@
path: /etc/resolv.conf
line: nameserver 161.26.0.10

# Not applicable to the IBM PowerVS Workspace enabled with Power Edge Router (from Q4-2023 onwards)
- name: Register Web Forward Proxy (for legacy Power Infrastructure Cloud Connections networking configuration)
# Required Web Forward Proxy
# For IBM PowerVS Workspace enabled with Power Edge Router (from Q4-2023 onwards),
# the SNAT (VPC Public Gateway) service is not routable from IBM Power Virtual Server hosts
# and cannot be used for outbound Public Internet connectivity
# For IBM PowerVS Workspace with legacy Cloud Connection,
# required for both outbound Public Internet connectivity and internal traffic to other IBM Cloud Services
- name: Register Web Forward Proxy
ansible.builtin.include_tasks:
file: common/register_proxy.yml
when: sap_vm_provision_proxy_web_forward_proxy_ip is defined
Expand All @@ -378,9 +393,9 @@
set -o pipefail && if [ "${workspace_legacy_cc}" = true ]; then sleep 120 ; fi
when:
- ansible_os_family == 'RedHat'
- (not sap_vm_provision_os_registration_script_command is defined) and (not sap_vm_provision_os_registration_script_command | length > 0)
- (not sap_vm_provision_os_online_registration_user is defined) and (sap_vm_provision_os_online_registration_user | length == 0)
- (not sap_vm_provision_os_online_registration_passcode is defined) and (sap_vm_provision_os_online_registration_passcode | length == 0)
- sap_vm_provision_os_registration_script_command is undefined
- (sap_vm_provision_os_online_registration_user is undefined) or (sap_vm_provision_os_online_registration_passcode is undefined)
- not __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities.resource.pi_workspace_capabilities['power-edge-router']

# Not applicable to the IBM PowerVS Workspace enabled with Power Edge Router (from Q4-2023 onwards)
# Extract the generated command string and activation key from /usr/share, then execute script from /usr/local/bin
Expand All @@ -396,9 +411,9 @@
set -o pipefail && SUSEConnect --product PackageHub/{{ ansible_distribution_version }}/ppc64le
when:
- ansible_os_family == 'Suse'
- (not sap_vm_provision_os_registration_script_command is defined) and (not sap_vm_provision_os_registration_script_command | length > 0)
- (not sap_vm_provision_os_online_registration_user is defined) and (sap_vm_provision_os_online_registration_user | length == 0)
- (not sap_vm_provision_os_online_registration_passcode is defined) and (sap_vm_provision_os_online_registration_passcode | length == 0)
- sap_vm_provision_os_registration_script_command is undefined
- (sap_vm_provision_os_online_registration_user is undefined) or (sap_vm_provision_os_online_registration_passcode is undefined)
- not __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities.resource.pi_workspace_capabilities['power-edge-router']

- name: Register Package Repositories for OS Images with Bring-Your-Own-Subscription (BYOS)
ansible.builtin.include_tasks:
Expand All @@ -412,7 +427,9 @@
sleep: 10
connect_timeout: 15
timeout: 120
when: sap_vm_provision_nfs_mount_point is defined
when:
- sap_vm_provision_nfs_mount_point is defined
- (sap_vm_provision_nfs_mount_point | default('')) | length > 0

- name: Verify connection to separate NFS for SAP Transport Directory
ansible.builtin.wait_for:
Expand All @@ -422,7 +439,9 @@
sleep: 10
connect_timeout: 15
timeout: 120
when: sap_vm_provision_nfs_mount_point_separate_sap_transport_dir is defined
when:
- sap_vm_provision_nfs_mount_point_separate_sap_transport_dir is defined
- (sap_vm_provision_nfs_mount_point_separate_sap_transport_dir | default('')) | length > 0

# Ensure lock to RHEL major.minor version
# Lock using subscription-manager release --set or /var/lib/rhsm/cache/releasever.json, alternatively using /etc/yum/vars/releasever or /etc/dnf/vars/releasever
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,41 @@
ansible.builtin.set_fact:
target_provision_host_spec: "{{ lookup('ansible.builtin.vars', 'sap_vm_provision_' + sap_vm_provision_iac_platform + '_host_specifications_dictionary')[sap_vm_provision_host_specification_plan][scaleout_origin_host_spec | default(inventory_hostname)] }}"

# Create flat list with names for each volume to be created.
# Create flat list with disk tiers.
- name: Set fact for target device map
ansible.builtin.set_fact:
storage_disks_map: |
{% set disks_map = [] -%}
{% for storage_item in target_provision_host_spec.storage_definition -%}
{% for idx in range(0, storage_item.disk_count | default(1)) -%}
{% if (storage_item.filesystem_type is defined) -%}
{% if ('swap' in storage_item.filesystem_type and storage_item.swap_path is not defined)
or ('swap' not in storage_item.filesystem_type and storage_item.nfs_path is not defined) -%}
{% set vol = disks_map.extend([
{
'definition_key': storage_item.name,
'name': storage_item.name + idx|string,
'size': storage_item.disk_size | default(0),
'type': storage_item.disk_type | default('tier3')
}
]) %}
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
{{ disks_map }}
__sap_vm_provision_task_storage_type_tier: "{{ target_provision_host_spec.storage_definition | selectattr('disk_type','defined') | map(attribute='disk_type') | select() | list | unique }}"

- name: Confirm IBM Power Virtual Server Storage Type Tier
ansible.builtin.fail:
msg:
IBM Power Virtual Servers require a static configuration for the Storage Type Tier,
and all attached Block Storage Volumes must use this Storage Type Tier.
Edit the Storage Definition variable to use the same Storage Type Tier for each Block Storage Volume.
when: __sap_vm_provision_task_storage_type_tier | length > 1


# Status will change from Building > Warning (VM = Active, Health = Warning) > Active. The Ansible Task will continue once the Active status has been reached.
- name: Provision IBM Power Virtual Server instance on IBM Cloud
no_log: "{{ __sap_vm_provision_no_log }}"
Expand All @@ -37,21 +72,25 @@
pi_network:
- network_id: "{{ __sap_vm_provision_task_ibmcloud_pi_subnet.resource.id }}"

pi_storage_type: tier1
# Storage Type Tier is a static configuration for the Virtual Server, it cannot be amended
# All Block Storage Volumes attached to the Virtual Server, must use the set Storage Type Tier:
# tier0 (25 IOPS/GB), tier1 (10 IOPS/GB), tier3 (3 IOPS/GB), tier5k (Fixed 5000 IOPS)
pi_storage_type: "{{ __sap_vm_provision_task_storage_type_tier | first }}"
pi_storage_pool_affinity: true
#pi_volume_ids: []

pi_pin_policy: none
pi_health_status: OK

pi_placement_group_id: "{{ (
(__sap_vm_provision_task_ibmcloud_placement_groups_list.resource.placement_groups | selectattr('name','search','hana'))[0].id
if ('hana_primary' in target_provision_host_spec.sap_host_type or 'hana_secondary' in target_provision_host_spec.sap_host_type)
if ('hana_primary' in target_provision_host_spec.sap_host_type or 'hana_secondary' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_groups_list is skipped
else
(__sap_vm_provision_task_ibmcloud_placement_groups_list.resource.placement_groups | selectattr('name','search','anydb'))[0].id
if ('anydb_primary' in target_provision_host_spec.sap_host_type or 'anydb_secondary' in target_provision_host_spec.sap_host_type)
if ('anydb_primary' in target_provision_host_spec.sap_host_type or 'anydb_secondary' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_groups_list is skipped
else
(__sap_vm_provision_task_ibmcloud_placement_groups_list.resource.placement_groups | selectattr('name','search','nwas'))[0].id
if ('nwas_ascs' in target_provision_host_spec.sap_host_type or 'nwas_ers' in target_provision_host_spec.sap_host_type)
if ('nwas_ascs' in target_provision_host_spec.sap_host_type or 'nwas_ers' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_groups_list is skipped
) | default(omit) }}"

ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}"
Expand All @@ -66,31 +105,6 @@
ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}"


# Create flat list with names for each volume to be created.
- name: Set fact for target device map
ansible.builtin.set_fact:
storage_disks_map: |
{% set disks_map = [] -%}
{% for storage_item in target_provision_host_spec.storage_definition -%}
{% for idx in range(0, storage_item.disk_count | default(1)) -%}
{% if (storage_item.filesystem_type is defined) -%}
{% if ('swap' in storage_item.filesystem_type and storage_item.swap_path is not defined)
or ('swap' not in storage_item.filesystem_type and storage_item.nfs_path is not defined) -%}
{% set vol = disks_map.extend([
{
'definition_key': storage_item.name,
'name': storage_item.name + idx|string,
'size': storage_item.disk_size | default(0),
'type': storage_item.disk_type | default('general-purpose')
}
]) %}
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
{{ disks_map }}
- name: Provision IBM Power Infrastructure Block Storage volumes for IBM Power VS instance filesystems
no_log: "{{ __sap_vm_provision_no_log }}"
register: __sap_vm_provision_task_provision_host_single_volumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,13 +53,13 @@

placement_group: "{{ (
(__sap_vm_provision_task_ibmcloud_placement_group.results | selectattr('item','==','hana'))[0].resource.id
if ('hana_primary' in target_provision_host_spec.sap_host_type or 'hana_secondary' in target_provision_host_spec.sap_host_type)
if ('hana_primary' in target_provision_host_spec.sap_host_type or 'hana_secondary' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_group is skipped
else
(__sap_vm_provision_task_ibmcloud_placement_group.results | selectattr('item','==','anydb'))[0].resource.id
if ('anydb_primary' in target_provision_host_spec.sap_host_type or 'anydb_secondary' in target_provision_host_spec.sap_host_type)
if ('anydb_primary' in target_provision_host_spec.sap_host_type or 'anydb_secondary' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_group is skipped
else
(__sap_vm_provision_task_ibmcloud_placement_group.results | selectattr('item','==','nwas'))[0].resource.id
if ('nwas_ascs' in target_provision_host_spec.sap_host_type or 'nwas_ers' in target_provision_host_spec.sap_host_type)
if ('nwas_ascs' in target_provision_host_spec.sap_host_type or 'nwas_ers' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_group is skipped
) | default(omit) }}"

ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}"
Expand Down
Loading

0 comments on commit 74862b2

Please sign in to comment.