From 360768f536bc285cbbca44453bad5ff8689978d2 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Fri, 30 Aug 2024 10:56:06 +0100 Subject: [PATCH 1/9] sap_vm_temp_vip: enclose var --- roles/sap_vm_temp_vip/tasks/set_temp_vip.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/sap_vm_temp_vip/tasks/set_temp_vip.yml b/roles/sap_vm_temp_vip/tasks/set_temp_vip.yml index 7f4d73c..ee4cfd2 100644 --- a/roles/sap_vm_temp_vip/tasks/set_temp_vip.yml +++ b/roles/sap_vm_temp_vip/tasks/set_temp_vip.yml @@ -71,7 +71,7 @@ - name: Append temporary Virtual IP (VIP) to network interface for SAP HANA, will be replaced by Linux Pacemaker IPaddr2 Resource Agent ansible.builtin.shell: | platform_cidr_32_static="{{ 'true' if (('amazon' in (ansible_system_vendor | lower) or 'amazon' in (ansible_product_name | lower)) or (ansible_product_name == 'Google Compute Engine')) }}" - if [ $platform_cidr_32_static = "true" ] + if [ "$platform_cidr_32_static" = "true" ] then ip address add {{ sap_vm_temp_vip_hana_primary | regex_replace('/.*', '') }}/32 brd {{ primary_ip_broadcast_address }} dev eth0 noprefixroute elif [ "{{ primary_ip_broadcast_address }}" = "" ] && [ "{{ primary_ip_address_netmask_cidr_prefix }}" = "" ] @@ -108,7 +108,7 @@ - name: Append temporary Virtual IP (VIP) to network interface for SAP AnyDB, will be replaced by Linux Pacemaker IPaddr2 Resource Agent ansible.builtin.shell: | platform_cidr_32_static="{{ 'true' if (('amazon' in (ansible_system_vendor | lower) or 'amazon' in (ansible_product_name | lower)) or (ansible_product_name == 'Google Compute Engine')) }}" - if [ $platform_cidr_32_static = "true" ] + if [ "$platform_cidr_32_static" = "true" ] then ip address add {{ sap_vm_temp_vip_anydb_primary | regex_replace('/.*', '') }}/32 brd {{ primary_ip_broadcast_address }} dev eth0 noprefixroute elif [ "{{ primary_ip_broadcast_address }}" = "" ] && [ "{{ primary_ip_address_netmask_cidr_prefix }}" = "" ] @@ -150,7 +150,7 @@ - name: Append temporary Virtual IP (VIP) to network interface for SAP NetWeaver ASCS, will be replaced by Linux Pacemaker IPaddr2 Resource Agent ansible.builtin.shell: | platform_cidr_32_static="{{ 'true' if (('amazon' in (ansible_system_vendor | lower) or 'amazon' in (ansible_product_name | lower)) or (ansible_product_name == 'Google Compute Engine')) }}" - if [ $platform_cidr_32_static = "true" ] + if [ "$platform_cidr_32_static" = "true" ] then ip address add {{ sap_vm_temp_vip_nwas_abap_ascs | regex_replace('/.*', '') }}/32 brd {{ primary_ip_broadcast_address }} dev eth0 noprefixroute elif [ "{{ primary_ip_broadcast_address }}" = "" ] && [ "{{ primary_ip_address_netmask_cidr_prefix }}" = "" ] @@ -189,7 +189,7 @@ - name: Append temporary Virtual IP (VIP) to network interface for SAP NetWeaver ERS, will be replaced by Linux Pacemaker IPaddr2 Resource Agent ansible.builtin.shell: | platform_cidr_32_static="{{ 'true' if (('amazon' in (ansible_system_vendor | lower) or 'amazon' in (ansible_product_name | lower)) or (ansible_product_name == 'Google Compute Engine')) }}" - if [ $platform_cidr_32_static = "true" ] + if [ "$platform_cidr_32_static" = "true" ] then ip address add {{ sap_vm_temp_vip_nwas_abap_ers | regex_replace('/.*', '') }}/32 brd {{ primary_ip_broadcast_address }} dev eth0 noprefixroute elif [ "{{ primary_ip_broadcast_address }}" = "" ] && [ "{{ primary_ip_address_netmask_cidr_prefix }}" = "" ] From a451df488928685ca2618118f8cb71d9835a91a4 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Fri, 30 Aug 2024 10:57:27 +0100 Subject: [PATCH 2/9] sap_vm_provision: remove old dependencies --- roles/sap_vm_provision/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/roles/sap_vm_provision/README.md b/roles/sap_vm_provision/README.md index b691e9f..cafac63 100644 --- a/roles/sap_vm_provision/README.md +++ b/roles/sap_vm_provision/README.md @@ -57,8 +57,6 @@ For a list of requirements and recommended authorizations on each Infrastructure **Dependencies:** - OS Packages - Python 3.9.7+ (i.e. CPython distribution) - - AWS CLI _(when High Availability on AWS)_ - - GCloud CLI _(when High Availability on GCP)_ - IBM Cloud CLI _(when High Availability on IBM Cloud)_ - Terraform 1.0.0-1.5.5 _(when Ansible to Terraform, or legacy Ansible Collection for IBM Cloud)_ - Python Packages From fe9633db34748a423f6aa21813ae9ba31124e100 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Fri, 30 Aug 2024 11:06:13 +0100 Subject: [PATCH 3/9] sap_vm_provision: add missing passthrough var for ibm db2 hadr --- roles/sap_vm_provision/tasks/common/set_ansible_vars.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/sap_vm_provision/tasks/common/set_ansible_vars.yml b/roles/sap_vm_provision/tasks/common/set_ansible_vars.yml index 205b8c0..ecc32b5 100644 --- a/roles/sap_vm_provision/tasks/common/set_ansible_vars.yml +++ b/roles/sap_vm_provision/tasks/common/set_ansible_vars.yml @@ -68,6 +68,7 @@ - name: Set facts for all hosts - use facts from localhost - HA/DR - Virtual IP for SAP AnyDB Primary node ansible.builtin.set_fact: sap_vm_temp_vip_anydb_primary: "{{ sap_vm_provision_ha_vip_anydb_primary }}" + sap_ha_install_anydb_ibmdb2_vip_primary_ip_address: "{{ sap_vm_provision_ha_vip_anydb_primary }}" when: - (sap_vm_provision_ha_vip_anydb_primary | length) > 0 no_log: "{{ __sap_vm_provision_no_log }}" From 21562c604c93f17ae953c51b6b5c29388658edb7 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Fri, 30 Aug 2024 11:06:49 +0100 Subject: [PATCH 4/9] sap_vm_provision: improve proxy logic --- .../tasks/common/register_proxy.yml | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/roles/sap_vm_provision/tasks/common/register_proxy.yml b/roles/sap_vm_provision/tasks/common/register_proxy.yml index 40ebddd..fbcb4d7 100644 --- a/roles/sap_vm_provision/tasks/common/register_proxy.yml +++ b/roles/sap_vm_provision/tasks/common/register_proxy.yml @@ -41,6 +41,14 @@ mode: '0644' force: false + # Ignore domains within the Cloud Platform's internal backbone, to access Cloud Services when a Proxy is enabled + - name: Web Forward Proxy - Cloud Platform specific exclusions - IBM Cloud, IBM Power Virtual Server + ansible.builtin.set_fact: + __sap_vm_provision_task_proxy_platform_exclude: ',cloud.ibm.com,networklayer.com' + when: + - sap_vm_provision_iac_platform == "ibmcloud_powervs" + - __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities.resource.pi_workspace_capabilities['power-edge-router'] + # For non-interactive login shell, append proxy env var to /root/.bashrc (proxy will not work if using /etc/bashrc or script stored in /etc/profile.d/) - name: Web Forward Proxy - Append Proxy env var to non-interactive login shell config file ansible.builtin.blockinfile: @@ -53,12 +61,18 @@ export HTTPS_PROXY="{{ sap_vm_provision_proxy_web_forward_proxy_ip }}" #export ftp_proxy #export FTP_PROXY - export no_proxy="{{ sap_vm_provision_proxy_web_forward_exclusions }},{{ sap_vm_provision_proxy_web_forward_exclusions_dynamic }}" - export NO_PROXY="{{ sap_vm_provision_proxy_web_forward_exclusions }},{{ sap_vm_provision_proxy_web_forward_exclusions_dynamic }}" + export no_proxy="{{ sap_vm_provision_proxy_web_forward_exclusions }},{{ sap_vm_provision_proxy_web_forward_exclusions_dynamic }}{{ __sap_vm_provision_task_proxy_platform_exclude if __sap_vm_provision_task_proxy_platform_exclude is defined }}" + export NO_PROXY="{{ sap_vm_provision_proxy_web_forward_exclusions }},{{ sap_vm_provision_proxy_web_forward_exclusions_dynamic }}{{ __sap_vm_provision_task_proxy_platform_exclude if __sap_vm_provision_task_proxy_platform_exclude is defined }}" - - name: Edit /etc/dnf/dnf.conf to add proxy + # dnf/yum will first use proxy var from config file, followed by environment variables of the login shell + # When dnf/yum is set to empty string in config file, it will ignore proxy. However, "The curl environment variables (such as http_proxy) are effective if this option is unset" and + # therefore dnf/yum has no method to enable Proxy for Public Internet connectivity in combination with no Proxy for OS Package Repositories. + # Using no_proxy/NO_PROXY env var with domain suffix for mirror OS Package Repositories inside the Cloud Service Provider will force no Proxy usage. + - name: Web Forward Proxy - Edit /etc/dnf/dnf.conf to add proxy ansible.builtin.blockinfile: path: /etc/dnf/dnf.conf block: | proxy=http://{{ sap_vm_provision_proxy_web_forward_proxy_ip }} - when: ansible_os_family == "RedHat" + when: + - ansible_os_family == "RedHat" + - __sap_vm_provision_task_proxy_platform_exclude is undefined From c64bea559fef65a89b102e87ab76cd566c4018fc Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Fri, 30 Aug 2024 11:12:01 +0100 Subject: [PATCH 5/9] sap_vm_provision: improve ha exec flow and fix placement group missing logic --- .../ibmcloud_vs/execute_provision.yml | 6 +- .../ibmcloud_vs/execute_setup_ha.yml | 496 +++++++++--------- 2 files changed, 255 insertions(+), 247 deletions(-) diff --git a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_provision.yml index 8718f56..c23bb8b 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_provision.yml @@ -53,13 +53,13 @@ placement_group: "{{ ( (__sap_vm_provision_task_ibmcloud_placement_group.results | selectattr('item','==','hana'))[0].resource.id - if ('hana_primary' in target_provision_host_spec.sap_host_type or 'hana_secondary' in target_provision_host_spec.sap_host_type) + if ('hana_primary' in target_provision_host_spec.sap_host_type or 'hana_secondary' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_group is skipped else (__sap_vm_provision_task_ibmcloud_placement_group.results | selectattr('item','==','anydb'))[0].resource.id - if ('anydb_primary' in target_provision_host_spec.sap_host_type or 'anydb_secondary' in target_provision_host_spec.sap_host_type) + if ('anydb_primary' in target_provision_host_spec.sap_host_type or 'anydb_secondary' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_group is skipped else (__sap_vm_provision_task_ibmcloud_placement_group.results | selectattr('item','==','nwas'))[0].resource.id - if ('nwas_ascs' in target_provision_host_spec.sap_host_type or 'nwas_ers' in target_provision_host_spec.sap_host_type) + if ('nwas_ascs' in target_provision_host_spec.sap_host_type or 'nwas_ers' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_group is skipped ) | default(omit) }}" ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" diff --git a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_setup_ha.yml b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_setup_ha.yml index 4f53cf3..715b974 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_setup_ha.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_setup_ha.yml @@ -115,21 +115,21 @@ - name: SAP System port numbers to listen (as applicable) on IBM Cloud Load Balancer ansible.builtin.debug: msg: - - "{{ ('3' + sap_system_hana_db_instance_nr + '13') }} - SAP HANA - System DB SQL" - - "{{ ('3' + sap_system_hana_db_instance_nr + '15') }} - SAP HANA - MDC Tenant 1 SQL" - - "{{ ('5' + sap_system_hana_db_instance_nr + '13') }} - SAP HANA - startsrv HTTP" - - "{{ ('5' + sap_system_hana_db_instance_nr + '14') }} - SAP HANA - startsrv HTTPS" - - "5912 - SAP AnyDB - IBM Db2 Communication Port" - - "{{ ('32' + sap_system_nwas_abap_ascs_instance_nr) }} - SAP NetWeaver ASCS - Dispatcher sapdp process" - - "{{ ('36' + sap_system_nwas_abap_ascs_instance_nr) }} - SAP NetWeaver ASCS - Message Server sapms process" - - "{{ ('81' + sap_system_nwas_abap_ascs_instance_nr) }} - SAP NetWeaver ASCS - Message Server HTTP sapms process" - - "{{ ('39' + sap_system_nwas_abap_ascs_instance_nr) }} - SAP NetWeaver ASCS - Enqueue Server sapenq process" - - "{{ ('5' + sap_system_nwas_abap_ascs_instance_nr + '16') }} - SAP NetWeaver ASCS - Enqueue Replicator Server sapenqrepl process" - - "{{ ('5' + sap_system_nwas_abap_ascs_instance_nr + '13') }} - SAP NetWeaver ASCS - SAP Start Service (SAPControl SOAP) HTTP sapctrl process" - - "{{ ('5' + sap_system_nwas_abap_ascs_instance_nr + '14') }} - SAP NetWeaver ASCS - SAP Start Service (SAPControl SOAP) HTTPS (Secure) sapctrls" - - "{{ ('39' + sap_system_nwas_abap_ers_instance_nr) }} - SAP NetWeaver ERS - Enqueue Replication Server sapenqr process" - - "{{ ('5' + sap_system_nwas_abap_ers_instance_nr + '13') }} - SAP NetWeaver ERS - SAP Start Service (SAPControl SOAP) HTTP sapctrl process" - - "{{ ('5' + sap_system_nwas_abap_ers_instance_nr + '14') }} - SAP NetWeaver ERS - SAP Start Service (SAPControl SOAP) HTTPS (Secure) sapctrls" + - "{{ ('3' + sap_system_hana_db_instance_nr + '13') if sap_system_hana_db_instance_nr is defined else 'IGNORE' }} - SAP HANA - System DB SQL" + - "{{ ('3' + sap_system_hana_db_instance_nr + '15') if sap_system_hana_db_instance_nr is defined else 'IGNORE' }} - SAP HANA - MDC Tenant 1 SQL" + - "{{ ('5' + sap_system_hana_db_instance_nr + '13') if sap_system_hana_db_instance_nr is defined else 'IGNORE' }} - SAP HANA - startsrv HTTP" + - "{{ ('5' + sap_system_hana_db_instance_nr + '14') if sap_system_hana_db_instance_nr is defined else 'IGNORE' }} - SAP HANA - startsrv HTTPS" + - "{{ '5912' if groups['anydb_secondary'] is defined else 'IGNORE' }} - SAP AnyDB - IBM Db2 Communication Port" + - "{{ ('32' + sap_system_nwas_abap_ascs_instance_nr) if sap_system_nwas_abap_ascs_instance_nr is defined else 'IGNORE' }} - SAP NetWeaver ASCS - Dispatcher sapdp process" + - "{{ ('36' + sap_system_nwas_abap_ascs_instance_nr) if sap_system_nwas_abap_ascs_instance_nr is defined else 'IGNORE' }} - SAP NetWeaver ASCS - Message Server sapms process" + - "{{ ('81' + sap_system_nwas_abap_ascs_instance_nr) if sap_system_nwas_abap_ascs_instance_nr is defined else 'IGNORE' }} - SAP NetWeaver ASCS - Message Server HTTP sapms process" + - "{{ ('39' + sap_system_nwas_abap_ascs_instance_nr) if sap_system_nwas_abap_ascs_instance_nr is defined else 'IGNORE' }} - SAP NetWeaver ASCS - Enqueue Server sapenq process" + - "{{ ('5' + sap_system_nwas_abap_ascs_instance_nr + '16') if sap_system_nwas_abap_ascs_instance_nr is defined else 'IGNORE' }} - SAP NetWeaver ASCS - Enqueue Replicator Server sapenqrepl process" + - "{{ ('5' + sap_system_nwas_abap_ascs_instance_nr + '13') if sap_system_nwas_abap_ascs_instance_nr is defined else 'IGNORE' }} - SAP NetWeaver ASCS - SAP Start Service (SAPControl SOAP) HTTP sapctrl process" + - "{{ ('5' + sap_system_nwas_abap_ascs_instance_nr + '14') if sap_system_nwas_abap_ascs_instance_nr is defined else 'IGNORE' }} - SAP NetWeaver ASCS - SAP Start Service (SAPControl SOAP) HTTPS (Secure) sapctrls" + - "{{ ('39' + sap_system_nwas_abap_ers_instance_nr) if sap_system_nwas_abap_ers_instance_nr is defined else 'IGNORE' }} - SAP NetWeaver ERS - Enqueue Replication Server sapenqr process" + - "{{ ('5' + sap_system_nwas_abap_ers_instance_nr + '13') if sap_system_nwas_abap_ers_instance_nr is defined else 'IGNORE' }} - SAP NetWeaver ERS - SAP Start Service (SAPControl SOAP) HTTP sapctrl process" + - "{{ ('5' + sap_system_nwas_abap_ers_instance_nr + '14') if sap_system_nwas_abap_ers_instance_nr is defined else 'IGNORE' }} - SAP NetWeaver ERS - SAP Start Service (SAPControl SOAP) HTTPS (Secure) sapctrls" # Create IBM Cloud Load Balancer Back-end Pools @@ -417,6 +417,238 @@ loop: "{{ ibmcloud_lbs_all_info | map(attribute='id') }}" +# Create IBM Cloud Load Balancer Front-end Listeners (open port for Virtual IPs) +# Configure prior to Back-end Pool Server Members, as this will increase execution speed +# by avoiding LB verification check/reload once the LB is active with Server Members + +# When IBM Cloud Load Balancer, Application Load Balancer Type: +# - Important to increase the Front-end Listener Idle Connection Timeout (sec), +# if the received-and-forwarded request becomes idle (no data received/sent sent/received) +# then the idle connection is closed by default/minimum after 50 seconds and maximum 7200 seconds (2 hours). +# - This can impact SAP SWPM waiting for SAP HANA Data Load to complete, and other long-running actions. + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP HANA - System DB SQL + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana1 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana + '-pool-sysdb-sql'))[0].id }}" + protocol: tcp + port: "{{ ('3' + sap_system_hana_db_instance_nr + '13') | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['hana_secondary'] is defined and (groups['hana_secondary'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana1.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana1.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP HANA - MDC Tenant 1 SQL + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana2 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana + '-pool-mdc1-sql'))[0].id }}" + protocol: tcp + port: "{{ ('3' + sap_system_hana_db_instance_nr + '15') | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['hana_secondary'] is defined and (groups['hana_secondary'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana2.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana2.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP HANA - startsrv HTTP + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana3 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana + '-pool-startsrv-http'))[0].id }}" + protocol: tcp + port: "{{ ('5' + sap_system_hana_db_instance_nr + '13') | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['hana_secondary'] is defined and (groups['hana_secondary'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana3.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana3.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP HANA - startsrv HTTPS + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana4 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana + '-pool-startsrv-https'))[0].id }}" + protocol: tcp + port: "{{ ('5' + sap_system_hana_db_instance_nr + '14') | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['hana_secondary'] is defined and (groups['hana_secondary'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana4.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana4.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP AnyDB - IBM Db2 Communication Port + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_anydb1 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_anydb))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_anydb + '-pool-ibmdb2'))[0].id }}" + protocol: tcp + port: 5912 + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['anydb_secondary'] is defined and (groups['anydb_secondary'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_anydb1.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_anydb1.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - Dispatcher sapdp process + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs1 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-dp'))[0].id }}" + protocol: tcp + port: "{{ ('32' + sap_system_nwas_abap_ascs_instance_nr) | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs1.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs1.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - Message Server sapms process + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs2 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-ms'))[0].id }}" + protocol: tcp + port: "{{ ('36' + sap_system_nwas_abap_ascs_instance_nr) | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs2.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs2.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - Message Server HTTP sapms process + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs3 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-ms-http'))[0].id }}" + protocol: tcp + port: "{{ ('81' + sap_system_nwas_abap_ascs_instance_nr) | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs3.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs3.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - Enqueue Server sapenq process + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs4 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-enq'))[0].id }}" + protocol: tcp + port: "{{ ('39' + sap_system_nwas_abap_ascs_instance_nr) | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs4.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs4.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - Enqueue Replicator Server sapenqrepl process + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs5 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-enqrepl'))[0].id }}" + protocol: tcp + port: "{{ ('5' + sap_system_nwas_abap_ascs_instance_nr + '16') | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs5.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs5.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - SAP Start Service (SAPControl SOAP) HTTP sapctrl process + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs6 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-sapctrl'))[0].id }}" + protocol: tcp + port: "{{ ('5' + sap_system_nwas_abap_ascs_instance_nr + '13') | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs6.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs6.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - SAP Start Service (SAPControl SOAP) HTTPS (Secure) sapctrls + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs7 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-sapctrls'))[0].id }}" + protocol: tcp + port: "{{ ('5' + sap_system_nwas_abap_ascs_instance_nr + '14') | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs7.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs7.stderr + +# - name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ERS - Dispatcher sapdp process +# no_log: "{{ __sap_vm_provision_no_log }}" +# register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers1 +# ibm.cloudcollection.ibm_is_lb_listener: +# lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].id }}" +# default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers-pool-dp'))[0].id }}" +# protocol: tcp +# port: "{{ ('32' + sap_system_nwas_abap_ers_instance_nr) | int }}" +# idle_connection_timeout: 600 # 10 minutes +# ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" +# when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) +# failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers1.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers1.stderr + +# - name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ERS - Message Server sapms process +# no_log: "{{ __sap_vm_provision_no_log }}" +# register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers2 +# ibm.cloudcollection.ibm_is_lb_listener: +# lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].id }}" +# default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers-pool-ms'))[0].id }}" +# protocol: tcp +# port: "{{ ('36' + sap_system_nwas_abap_ers_instance_nr) | int }}" +# idle_connection_timeout: 600 # 10 minutes +# ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" +# when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) +# failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers2.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers2.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ERS - Enqueue Replication Server sapenqr process + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers3 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers-pool-enqr'))[0].id }}" + protocol: tcp + port: "{{ ('39' + sap_system_nwas_abap_ers_instance_nr) | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers3.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers3.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ERS - SAP Start Service (SAPControl SOAP) HTTP sapctrl process + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers4 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers-pool-sapctrl'))[0].id }}" + protocol: tcp + port: "{{ ('5' + sap_system_nwas_abap_ers_instance_nr + '13') | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers4.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers4.stderr + +- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ERS - SAP Start Service (SAPControl SOAP) HTTPS (Secure) sapctrls + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers5 + ibm.cloudcollection.ibm_is_lb_listener: + lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].id }}" + default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers-pool-sapctrls'))[0].id }}" + protocol: tcp + port: "{{ ('5' + sap_system_nwas_abap_ers_instance_nr + '14') | int }}" + idle_connection_timeout: 600 # 10 minutes + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) + failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers5.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers5.stderr + + # Append Server Members to the IBM Cloud Load Balancer Back-end Pools # Primary @@ -1014,235 +1246,6 @@ failed_when: not __sap_vm_provision_task_ibmcloud_lb_pool_members_nwas_ers10.rc == 0 and not 'already exists in a pool' in __sap_vm_provision_task_ibmcloud_lb_pool_members_nwas_ers10.stderr -# Create IBM Cloud Load Balancer Front-end Listeners (open port for Virtual IPs) - -# When IBM Cloud Load Balancer, Application Load Balancer Type: -# - Important to increase the Front-end Listener Idle Connection Timeout (sec), -# if the received-and-forwarded request becomes idle (no data received/sent sent/received) -# then the idle connection is closed by default/minimum after 50 seconds and maximum 7200 seconds (2 hours). -# - This can impact SAP SWPM waiting for SAP HANA Data Load to complete, and other long-running actions. - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP HANA - System DB SQL - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana1 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana + '-pool-sysdb-sql'))[0].id }}" - protocol: tcp - port: "{{ ('3' + sap_system_hana_db_instance_nr + '13') | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['hana_secondary'] is defined and (groups['hana_secondary'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana1.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana1.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP HANA - MDC Tenant 1 SQL - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana2 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana + '-pool-mdc1-sql'))[0].id }}" - protocol: tcp - port: "{{ ('3' + sap_system_hana_db_instance_nr + '15') | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['hana_secondary'] is defined and (groups['hana_secondary'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana2.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana2.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP HANA - startsrv HTTP - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana3 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana + '-pool-startsrv-http'))[0].id }}" - protocol: tcp - port: "{{ ('5' + sap_system_hana_db_instance_nr + '13') | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['hana_secondary'] is defined and (groups['hana_secondary'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana3.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana3.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP HANA - startsrv HTTPS - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana4 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana + '-pool-startsrv-https'))[0].id }}" - protocol: tcp - port: "{{ ('5' + sap_system_hana_db_instance_nr + '14') | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['hana_secondary'] is defined and (groups['hana_secondary'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana4.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_hana4.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP AnyDB - IBM Db2 Communication Port - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_anydb1 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_anydb))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_anydb + '-pool-ibmdb2'))[0].id }}" - protocol: tcp - port: 5912 - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['anydb_secondary'] is defined and (groups['anydb_secondary'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_anydb1.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_anydb1.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - Dispatcher sapdp process - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs1 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-dp'))[0].id }}" - protocol: tcp - port: "{{ ('32' + sap_system_nwas_abap_ascs_instance_nr) | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs1.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs1.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - Message Server sapms process - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs2 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-ms'))[0].id }}" - protocol: tcp - port: "{{ ('36' + sap_system_nwas_abap_ascs_instance_nr) | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs2.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs2.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - Message Server HTTP sapms process - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs3 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-ms-http'))[0].id }}" - protocol: tcp - port: "{{ ('81' + sap_system_nwas_abap_ascs_instance_nr) | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs3.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs3.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - Enqueue Server sapenq process - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs4 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-enq'))[0].id }}" - protocol: tcp - port: "{{ ('39' + sap_system_nwas_abap_ascs_instance_nr) | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs4.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs4.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - Enqueue Replicator Server sapenqrepl process - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs5 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-enqrepl'))[0].id }}" - protocol: tcp - port: "{{ ('5' + sap_system_nwas_abap_ascs_instance_nr + '16') | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs5.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs5.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - SAP Start Service (SAPControl SOAP) HTTP sapctrl process - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs6 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-sapctrl'))[0].id }}" - protocol: tcp - port: "{{ ('5' + sap_system_nwas_abap_ascs_instance_nr + '13') | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs6.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs6.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ASCS - SAP Start Service (SAPControl SOAP) HTTPS (Secure) sapctrls - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs7 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs-pool-sapctrls'))[0].id }}" - protocol: tcp - port: "{{ ('5' + sap_system_nwas_abap_ascs_instance_nr + '14') | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs7.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ascs7.stderr - -# - name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ERS - Dispatcher sapdp process -# no_log: "{{ __sap_vm_provision_no_log }}" -# register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers1 -# ibm.cloudcollection.ibm_is_lb_listener: -# lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].id }}" -# default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers-pool-dp'))[0].id }}" -# protocol: tcp -# port: "{{ ('32' + sap_system_nwas_abap_ers_instance_nr) | int }}" -# idle_connection_timeout: 600 # 10 minutes -# ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" -# when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) -# failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers1.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers1.stderr - -# - name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ERS - Message Server sapms process -# no_log: "{{ __sap_vm_provision_no_log }}" -# register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers2 -# ibm.cloudcollection.ibm_is_lb_listener: -# lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].id }}" -# default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers-pool-ms'))[0].id }}" -# protocol: tcp -# port: "{{ ('36' + sap_system_nwas_abap_ers_instance_nr) | int }}" -# idle_connection_timeout: 600 # 10 minutes -# ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" -# when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) -# failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers2.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers2.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ERS - Enqueue Replication Server sapenqr process - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers3 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers-pool-enqr'))[0].id }}" - protocol: tcp - port: "{{ ('39' + sap_system_nwas_abap_ers_instance_nr) | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers3.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers3.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ERS - SAP Start Service (SAPControl SOAP) HTTP sapctrl process - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers4 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers-pool-sapctrl'))[0].id }}" - protocol: tcp - port: "{{ ('5' + sap_system_nwas_abap_ers_instance_nr + '13') | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers4.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers4.stderr - -- name: Create IBM Cloud Load Balancer Front-end Listener for SAP NetWeaver ERS - SAP Start Service (SAPControl SOAP) HTTPS (Secure) sapctrls - no_log: "{{ __sap_vm_provision_no_log }}" - register: __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers5 - ibm.cloudcollection.ibm_is_lb_listener: - lb: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].id }}" - default_pool: "{{ (__sap_vm_provision_task_ibmcloud_lb_pools.results | json_query('[*].resource.pools') | flatten | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers-pool-sapctrls'))[0].id }}" - protocol: tcp - port: "{{ ('5' + sap_system_nwas_abap_ers_instance_nr + '14') | int }}" - idle_connection_timeout: 600 # 10 minutes - ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" - when: (groups['nwas_ers'] is defined and (groups['nwas_ers'] | length>0)) - failed_when: not __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers5.rc == 0 and not 'listener_duplicate_port' in __sap_vm_provision_task_ibmcloud_lb_frontend_listener_ers5.stderr - # Set DNS A Record for Virtual IP (use the first of the IBM Cloud Load Balancer instance assigned Private IPs in the VPC Subnet Range) @@ -1321,6 +1324,7 @@ - name: Set facts for all hosts - use facts from localhost - HA/DR - IBM Cloud Load Balancer - SAP HANA Primary node ansible.builtin.set_fact: + sap_vm_provision_ha_vip_hana_primary: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana))[0].private_ips[0].address }}" sap_vm_temp_vip_hana_primary: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana))[0].private_ips[0].address }}" sap_ha_pacemaker_cluster_vip_hana_primary_ip_address: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana))[0].private_ips[0].address }}" when: @@ -1332,7 +1336,9 @@ - name: Set facts for all hosts - use facts from localhost - HA/DR - IBM Cloud Load Balancer - SAP AnyDB Primary node ansible.builtin.set_fact: + sap_vm_provision_ha_vip_anydb_primary: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_anydb))[0].private_ips[0].address }}" sap_vm_temp_vip_anydb_primary: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_anydb))[0].private_ips[0].address }}" + sap_ha_install_anydb_ibmdb2_vip_primary_ip_address: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_anydb))[0].private_ips[0].address }}" when: - sap_ha_pacemaker_cluster_ibmcloud_region is defined - groups["anydb_secondary"] is defined and (groups["anydb_secondary"]|length>0) @@ -1342,8 +1348,10 @@ - name: Set facts for all hosts - use facts from localhost - HA/DR - IBM Cloud Load Balancer - SAP NetWeaver ASCS and ERS ansible.builtin.set_fact: + sap_vm_provision_ha_vip_nwas_abap_ascs: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].private_ips[0].address }}" sap_vm_temp_vip_nwas_abap_ascs: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].private_ips[0].address }}" sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_ip_address: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ascs'))[0].private_ips[0].address }}" + sap_vm_provision_ha_vip_nwas_abap_ers: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].private_ips[0].address }}" sap_vm_temp_vip_nwas_abap_ers: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].private_ips[0].address }}" sap_ha_pacemaker_cluster_vip_nwas_abap_ers_ip_address: "{{ (ibmcloud_lbs_all_info | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_nwas + '-ers'))[0].private_ips[0].address }}" when: From ff60ad192df02011b5ab5ea2b55dcb6c287e01d7 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Fri, 30 Aug 2024 11:18:30 +0100 Subject: [PATCH 6/9] sap_vm_provision: improve exec flow and storage tier logic --- .../ibmcloud_powervs/execute_main.yml | 41 ++++++++--- .../ibmcloud_powervs/execute_provision.yml | 72 +++++++++++-------- 2 files changed, 73 insertions(+), 40 deletions(-) diff --git a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml index 619b451..67c8ee1 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml @@ -83,6 +83,16 @@ name: "{{ sap_vm_provision_ibmcloud_powervs_workspace_name }}" ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + - name: Identify IBM Power Infrastructure Workspace capabilities + no_log: "{{ __sap_vm_provision_no_log }}" + register: __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities + run_once: true + environment: + IC_REGION: "{{ sap_vm_provision_ibmcloud_powervs_region }}" + ibm.cloudcollection.ibm_pi_workspace_info: + pi_cloud_instance_id: "{{ __sap_vm_provision_task_ibmcloud_pi_workspace_service_instance.resource.guid }}" # must be GUID, not CRN + ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" + - name: Identify pre-loaded IBM Power Infrastructure SSH Public Key info no_log: "{{ __sap_vm_provision_no_log }}" register: __sap_vm_provision_task_ibmcloud_pi_ssh_public_key @@ -112,7 +122,7 @@ then Subnet DNS Default should use IBM Cloud IaaS Backbone DNS Resolver 161.26.0.10/11 (which will be populated into /etc/resolv.conf). Otherwise cloud-init actions during provisioning may not be successful. when: - - not sap_vm_provision_proxy_web_forward_proxy_ip is defined + - __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities.resource.pi_workspace_capabilities['power-edge-router'] - not (__sap_vm_provision_task_ibmcloud_pi_subnet.resource.dns | first) in ['161.26.0.10', '161.26.0.11'] # DNS may exist in separate Resource Group @@ -358,8 +368,13 @@ path: /etc/resolv.conf line: nameserver 161.26.0.10 - # Not applicable to the IBM PowerVS Workspace enabled with Power Edge Router (from Q4-2023 onwards) - - name: Register Web Forward Proxy (for legacy Power Infrastructure Cloud Connections networking configuration) + # Required Web Forward Proxy + # For IBM PowerVS Workspace enabled with Power Edge Router (from Q4-2023 onwards), + # the SNAT (VPC Public Gateway) service is not routable from IBM Power Virtual Server hosts + # and cannot be used for outbound Public Internet connectivity + # For IBM PowerVS Workspace with legacy Cloud Connection, + # required for both outbound Public Internet connectivty and internal traffic to other IBM Cloud Services + - name: Register Web Forward Proxy ansible.builtin.include_tasks: file: common/register_proxy.yml when: sap_vm_provision_proxy_web_forward_proxy_ip is defined @@ -378,9 +393,9 @@ set -o pipefail && if [ "${workspace_legacy_cc}" = true ]; then sleep 120 ; fi when: - ansible_os_family == 'RedHat' - - (not sap_vm_provision_os_registration_script_command is defined) and (not sap_vm_provision_os_registration_script_command | length > 0) - - (not sap_vm_provision_os_online_registration_user is defined) and (sap_vm_provision_os_online_registration_user | length == 0) - - (not sap_vm_provision_os_online_registration_passcode is defined) and (sap_vm_provision_os_online_registration_passcode | length == 0) + - sap_vm_provision_os_registration_script_command is undefined + - (sap_vm_provision_os_online_registration_user is undefined) or (sap_vm_provision_os_online_registration_passcode is undefined) + - not __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities.resource.pi_workspace_capabilities['power-edge-router'] # Not applicable to the IBM PowerVS Workspace enabled with Power Edge Router (from Q4-2023 onwards) # Extract the generated command string and activation key from /usr/share, then execute script from /usr/local/bin @@ -396,9 +411,9 @@ set -o pipefail && SUSEConnect --product PackageHub/{{ ansible_distribution_version }}/ppc64le when: - ansible_os_family == 'Suse' - - (not sap_vm_provision_os_registration_script_command is defined) and (not sap_vm_provision_os_registration_script_command | length > 0) - - (not sap_vm_provision_os_online_registration_user is defined) and (sap_vm_provision_os_online_registration_user | length == 0) - - (not sap_vm_provision_os_online_registration_passcode is defined) and (sap_vm_provision_os_online_registration_passcode | length == 0) + - sap_vm_provision_os_registration_script_command is undefined + - (sap_vm_provision_os_online_registration_user is undefined) or (sap_vm_provision_os_online_registration_passcode is undefined) + - not __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities.resource.pi_workspace_capabilities['power-edge-router'] - name: Register Package Repositories for OS Images with Bring-Your-Own-Subscription (BYOS) ansible.builtin.include_tasks: @@ -412,7 +427,9 @@ sleep: 10 connect_timeout: 15 timeout: 120 - when: sap_vm_provision_nfs_mount_point is defined + when: + - sap_vm_provision_nfs_mount_point is defined + - (sap_vm_provision_nfs_mount_point | default('')) | length > 0 - name: Verify connection to separate NFS for SAP Transport Directory ansible.builtin.wait_for: @@ -422,7 +439,9 @@ sleep: 10 connect_timeout: 15 timeout: 120 - when: sap_vm_provision_nfs_mount_point_separate_sap_transport_dir is defined + when: + - sap_vm_provision_nfs_mount_point_separate_sap_transport_dir is defined + - (sap_vm_provision_nfs_mount_point_separate_sap_transport_dir | default('')) | length > 0 # Ensure lock to RHEL major.minor version # Lock using subscription-manager release --set or /var/lib/rhsm/cache/releasever.json, alternatively using /etc/yum/vars/releasever or /etc/dnf/vars/releasever diff --git a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_provision.yml b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_provision.yml index 67100e2..803063a 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_provision.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_provision.yml @@ -18,6 +18,41 @@ ansible.builtin.set_fact: target_provision_host_spec: "{{ lookup('ansible.builtin.vars', 'sap_vm_provision_' + sap_vm_provision_iac_platform + '_host_specifications_dictionary')[sap_vm_provision_host_specification_plan][scaleout_origin_host_spec | default(inventory_hostname)] }}" +# Create flat list with names for each volume to be created. +# Create flat list with disk tiers. +- name: Set fact for target device map + ansible.builtin.set_fact: + storage_disks_map: | + {% set disks_map = [] -%} + {% for storage_item in target_provision_host_spec.storage_definition -%} + {% for idx in range(0, storage_item.disk_count | default(1)) -%} + {% if (storage_item.filesystem_type is defined) -%} + {% if ('swap' in storage_item.filesystem_type and storage_item.swap_path is not defined) + or ('swap' not in storage_item.filesystem_type and storage_item.nfs_path is not defined) -%} + {% set vol = disks_map.extend([ + { + 'definition_key': storage_item.name, + 'name': storage_item.name + idx|string, + 'size': storage_item.disk_size | default(0), + 'type': storage_item.disk_type | default('tier3') + } + ]) %} + {%- endif %} + {%- endif %} + {%- endfor %} + {%- endfor %} + {{ disks_map }} + __sap_vm_provision_task_storage_type_tier: "{{ target_provision_host_spec.storage_definition | selectattr('disk_type','defined') | map(attribute='disk_type') | select() | list | unique }}" + +- name: Confirm IBM Power Virtual Server Storage Type Tier + ansible.builtin.fail: + msg: + IBM Power Virtual Servers require a static configuration for the Storage Type Tier, + and all attached Block Storage Volumes must use this Storage Type Tier. + Edit the Storage Definition variable to use the same Storage Type Tier for each Block Storage Volume. + when: __sap_vm_provision_task_storage_type_tier | length > 1 + + # Status will change from Building > Warning (VM = Active, Health = Warning) > Active. The Ansible Task will continue once the Active status has been reached. - name: Provision IBM Power Virtual Server instance on IBM Cloud no_log: "{{ __sap_vm_provision_no_log }}" @@ -37,7 +72,11 @@ pi_network: - network_id: "{{ __sap_vm_provision_task_ibmcloud_pi_subnet.resource.id }}" - pi_storage_type: tier1 + # Storage Type Tier is a static configuration for the Virtual Server, it cannot be amended + # All Block Storage Volumes attached to the Virtual Server, must use the set Storage Type Tier: + # tier0 (25 IOPS/GB), tier1 (10 IOPS/GB), tier3 (3 IOPS/GB), tier5k (Fixed 5000 IOPS) + pi_storage_type: "{{ __sap_vm_provision_task_storage_type_tier | first }}" + pi_storage_pool_affinity: true #pi_volume_ids: [] pi_pin_policy: none @@ -45,13 +84,13 @@ pi_placement_group_id: "{{ ( (__sap_vm_provision_task_ibmcloud_placement_groups_list.resource.placement_groups | selectattr('name','search','hana'))[0].id - if ('hana_primary' in target_provision_host_spec.sap_host_type or 'hana_secondary' in target_provision_host_spec.sap_host_type) + if ('hana_primary' in target_provision_host_spec.sap_host_type or 'hana_secondary' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_groups_list is skipped else (__sap_vm_provision_task_ibmcloud_placement_groups_list.resource.placement_groups | selectattr('name','search','anydb'))[0].id - if ('anydb_primary' in target_provision_host_spec.sap_host_type or 'anydb_secondary' in target_provision_host_spec.sap_host_type) + if ('anydb_primary' in target_provision_host_spec.sap_host_type or 'anydb_secondary' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_groups_list is skipped else (__sap_vm_provision_task_ibmcloud_placement_groups_list.resource.placement_groups | selectattr('name','search','nwas'))[0].id - if ('nwas_ascs' in target_provision_host_spec.sap_host_type or 'nwas_ers' in target_provision_host_spec.sap_host_type) + if ('nwas_ascs' in target_provision_host_spec.sap_host_type or 'nwas_ers' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_groups_list is skipped ) | default(omit) }}" ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" @@ -66,31 +105,6 @@ ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}" -# Create flat list with names for each volume to be created. -- name: Set fact for target device map - ansible.builtin.set_fact: - storage_disks_map: | - {% set disks_map = [] -%} - {% for storage_item in target_provision_host_spec.storage_definition -%} - {% for idx in range(0, storage_item.disk_count | default(1)) -%} - {% if (storage_item.filesystem_type is defined) -%} - {% if ('swap' in storage_item.filesystem_type and storage_item.swap_path is not defined) - or ('swap' not in storage_item.filesystem_type and storage_item.nfs_path is not defined) -%} - {% set vol = disks_map.extend([ - { - 'definition_key': storage_item.name, - 'name': storage_item.name + idx|string, - 'size': storage_item.disk_size | default(0), - 'type': storage_item.disk_type | default('general-purpose') - } - ]) %} - {%- endif %} - {%- endif %} - {%- endfor %} - {%- endfor %} - {{ disks_map }} - - - name: Provision IBM Power Infrastructure Block Storage volumes for IBM Power VS instance filesystems no_log: "{{ __sap_vm_provision_no_log }}" register: __sap_vm_provision_task_provision_host_single_volumes From 18d263154726fa92605a9f7d29ed9d7e583a61c8 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Fri, 30 Aug 2024 11:52:59 +0100 Subject: [PATCH 7/9] sap_vm_provision: minor msazure exec flow change --- .../platform_ansible/msazure_vm/execute_setup_ha.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_setup_ha.yml b/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_setup_ha.yml index f5adee0..f99d686 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_setup_ha.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/msazure_vm/execute_setup_ha.yml @@ -641,11 +641,6 @@ secret: "{{ sap_vm_provision_msazure_app_client_secret }}" when: (groups["anydb_secondary"] is defined and (groups["anydb_secondary"]|length>0)) - - name: MS Azure Load Balancer (network L4) - Define Ansible Variable of Load Balancer for Database Server - ansible.builtin.set_fact: - __sap_vm_provision_task_msazure_lb1_info: "{{ __sap_vm_provision_task_msazure_lb1a_info if (groups['hana_secondary'] is defined and (groups['hana_secondary']|length>0)) else __sap_vm_provision_task_msazure_lb1b_info if (groups['anydb_secondary'] is defined and (groups['anydb_secondary']|length>0)) }}" - when: (groups["hana_secondary"] is defined and (groups["hana_secondary"]|length>0)) or (groups["anydb_secondary"] is defined and (groups["anydb_secondary"]|length>0)) - - name: MS Azure Load Balancer (network L4) - Create NLB for SAP NetWeaver with Virtual IP and Health Probe configuration no_log: "{{ __sap_vm_provision_no_log }}" register: __sap_vm_provision_task_msazure_lb2_info @@ -665,6 +660,11 @@ secret: "{{ sap_vm_provision_msazure_app_client_secret }}" when: (groups["nwas_ers"] is defined and (groups["nwas_ers"]|length>0)) + - name: MS Azure Load Balancer (network L4) - Define Ansible Variable of Load Balancer for Database Server + ansible.builtin.set_fact: + __sap_vm_provision_task_msazure_lb1_info: "{{ __sap_vm_provision_task_msazure_lb1a_info if (groups['hana_secondary'] is defined and (groups['hana_secondary']|length>0)) else __sap_vm_provision_task_msazure_lb1b_info if (groups['anydb_secondary'] is defined and (groups['anydb_secondary']|length>0)) }}" + when: (groups["hana_secondary"] is defined and (groups["hana_secondary"]|length>0)) or (groups["anydb_secondary"] is defined and (groups["anydb_secondary"]|length>0)) + - name: Set fact to hold loop variables from include_tasks when SAP HANA HA ansible.builtin.set_fact: lb_ha_sap_hana: "{{ __sap_vm_provision_task_msazure_lb1_info.state.backend_address_pools | selectattr('name', '==', sap_vm_provision_ha_load_balancer_name_hana + '-backend-pool') | map(attribute='id') | first }}" From fb1c353a6b4750b9bd5dddc63801aea0ae9c8991 Mon Sep 17 00:00:00 2001 From: Bernd Finger <49749572+berndfinger@users.noreply.github.com> Date: Fri, 13 Sep 2024 10:02:15 +0200 Subject: [PATCH 8/9] Update roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml Co-authored-by: GabrielePuliti <12409541+Wabri@users.noreply.github.com> --- .../tasks/platform_ansible/ibmcloud_powervs/execute_main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml index 67c8ee1..44fb341 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml @@ -373,7 +373,7 @@ # the SNAT (VPC Public Gateway) service is not routable from IBM Power Virtual Server hosts # and cannot be used for outbound Public Internet connectivity # For IBM PowerVS Workspace with legacy Cloud Connection, - # required for both outbound Public Internet connectivty and internal traffic to other IBM Cloud Services + # required for both outbound Public Internet connectivity and internal traffic to other IBM Cloud Services - name: Register Web Forward Proxy ansible.builtin.include_tasks: file: common/register_proxy.yml From da4b8954c934b8f4f59730b8cf5df08331e7c93b Mon Sep 17 00:00:00 2001 From: Bernd Finger <49749572+berndfinger@users.noreply.github.com> Date: Fri, 13 Sep 2024 10:02:25 +0200 Subject: [PATCH 9/9] Update roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_setup_ha.yml Co-authored-by: GabrielePuliti <12409541+Wabri@users.noreply.github.com> --- .../tasks/platform_ansible/ibmcloud_vs/execute_setup_ha.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_setup_ha.yml b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_setup_ha.yml index 715b974..be6dd55 100644 --- a/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_setup_ha.yml +++ b/roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_vs/execute_setup_ha.yml @@ -1246,7 +1246,6 @@ failed_when: not __sap_vm_provision_task_ibmcloud_lb_pool_members_nwas_ers10.rc == 0 and not 'already exists in a pool' in __sap_vm_provision_task_ibmcloud_lb_pool_members_nwas_ers10.stderr - # Set DNS A Record for Virtual IP (use the first of the IBM Cloud Load Balancer instance assigned Private IPs in the VPC Subnet Range) - name: IBM Cloud Private DNS Record for SAP HANA HA Virtual Hostname