Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sap_vm_provision: exec flow amendments from testing #58

Merged
merged 9 commits into from
Sep 13, 2024
2 changes: 0 additions & 2 deletions roles/sap_vm_provision/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,6 @@ For a list of requirements and recommended authorizations on each Infrastructure
**Dependencies:**
- OS Packages
- Python 3.9.7+ (i.e. CPython distribution)
- AWS CLI _(when High Availability on AWS)_
- GCloud CLI _(when High Availability on GCP)_
- IBM Cloud CLI _(when High Availability on IBM Cloud)_
- Terraform 1.0.0-1.5.5 _(when Ansible to Terraform, or legacy Ansible Collection for IBM Cloud)_
- Python Packages
Expand Down
22 changes: 18 additions & 4 deletions roles/sap_vm_provision/tasks/common/register_proxy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,14 @@
mode: '0644'
force: false

# Ignore domains within the Cloud Platform's internal backbone, to access Cloud Services when a Proxy is enabled
- name: Web Forward Proxy - Cloud Platform specific exclusions - IBM Cloud, IBM Power Virtual Server
ansible.builtin.set_fact:
__sap_vm_provision_task_proxy_platform_exclude: ',cloud.ibm.com,networklayer.com'
when:
- sap_vm_provision_iac_platform == "ibmcloud_powervs"
- __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities.resource.pi_workspace_capabilities['power-edge-router']

# For non-interactive login shell, append proxy env var to /root/.bashrc (proxy will not work if using /etc/bashrc or script stored in /etc/profile.d/)
- name: Web Forward Proxy - Append Proxy env var to non-interactive login shell config file
ansible.builtin.blockinfile:
Expand All @@ -53,12 +61,18 @@
export HTTPS_PROXY="{{ sap_vm_provision_proxy_web_forward_proxy_ip }}"
#export ftp_proxy
#export FTP_PROXY
export no_proxy="{{ sap_vm_provision_proxy_web_forward_exclusions }},{{ sap_vm_provision_proxy_web_forward_exclusions_dynamic }}"
export NO_PROXY="{{ sap_vm_provision_proxy_web_forward_exclusions }},{{ sap_vm_provision_proxy_web_forward_exclusions_dynamic }}"
export no_proxy="{{ sap_vm_provision_proxy_web_forward_exclusions }},{{ sap_vm_provision_proxy_web_forward_exclusions_dynamic }}{{ __sap_vm_provision_task_proxy_platform_exclude if __sap_vm_provision_task_proxy_platform_exclude is defined }}"
export NO_PROXY="{{ sap_vm_provision_proxy_web_forward_exclusions }},{{ sap_vm_provision_proxy_web_forward_exclusions_dynamic }}{{ __sap_vm_provision_task_proxy_platform_exclude if __sap_vm_provision_task_proxy_platform_exclude is defined }}"

- name: Edit /etc/dnf/dnf.conf to add proxy
# dnf/yum will first use proxy var from config file, followed by environment variables of the login shell
# When dnf/yum is set to empty string in config file, it will ignore proxy. However, "The curl environment variables (such as http_proxy) are effective if this option is unset" and
# therefore dnf/yum has no method to enable Proxy for Public Internet connectivity in combination with no Proxy for OS Package Repositories.
# Using no_proxy/NO_PROXY env var with domain suffix for mirror OS Package Repositories inside the Cloud Service Provider will force no Proxy usage.
- name: Web Forward Proxy - Edit /etc/dnf/dnf.conf to add proxy
ansible.builtin.blockinfile:
path: /etc/dnf/dnf.conf
block: |
proxy=http://{{ sap_vm_provision_proxy_web_forward_proxy_ip }}
when: ansible_os_family == "RedHat"
when:
- ansible_os_family == "RedHat"
- __sap_vm_provision_task_proxy_platform_exclude is undefined
1 change: 1 addition & 0 deletions roles/sap_vm_provision/tasks/common/set_ansible_vars.yml
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@
- name: Set facts for all hosts - use facts from localhost - HA/DR - Virtual IP for SAP AnyDB Primary node
ansible.builtin.set_fact:
sap_vm_temp_vip_anydb_primary: "{{ sap_vm_provision_ha_vip_anydb_primary }}"
sap_ha_install_anydb_ibmdb2_vip_primary_ip_address: "{{ sap_vm_provision_ha_vip_anydb_primary }}"
when:
- (sap_vm_provision_ha_vip_anydb_primary | length) > 0
no_log: "{{ __sap_vm_provision_no_log }}"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,16 @@
name: "{{ sap_vm_provision_ibmcloud_powervs_workspace_name }}"
ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}"

- name: Identify IBM Power Infrastructure Workspace capabilities
no_log: "{{ __sap_vm_provision_no_log }}"
register: __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities
run_once: true
environment:
IC_REGION: "{{ sap_vm_provision_ibmcloud_powervs_region }}"
ibm.cloudcollection.ibm_pi_workspace_info:
pi_cloud_instance_id: "{{ __sap_vm_provision_task_ibmcloud_pi_workspace_service_instance.resource.guid }}" # must be GUID, not CRN
ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}"

- name: Identify pre-loaded IBM Power Infrastructure SSH Public Key info
no_log: "{{ __sap_vm_provision_no_log }}"
register: __sap_vm_provision_task_ibmcloud_pi_ssh_public_key
Expand Down Expand Up @@ -112,7 +122,7 @@
then Subnet DNS Default should use IBM Cloud IaaS Backbone DNS Resolver 161.26.0.10/11 (which will be populated into /etc/resolv.conf).
Otherwise cloud-init actions during provisioning may not be successful.
when:
- not sap_vm_provision_proxy_web_forward_proxy_ip is defined
- __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities.resource.pi_workspace_capabilities['power-edge-router']
- not (__sap_vm_provision_task_ibmcloud_pi_subnet.resource.dns | first) in ['161.26.0.10', '161.26.0.11']

# DNS may exist in separate Resource Group
Expand Down Expand Up @@ -358,8 +368,13 @@
path: /etc/resolv.conf
line: nameserver 161.26.0.10

# Not applicable to the IBM PowerVS Workspace enabled with Power Edge Router (from Q4-2023 onwards)
- name: Register Web Forward Proxy (for legacy Power Infrastructure Cloud Connections networking configuration)
# Required Web Forward Proxy
# For IBM PowerVS Workspace enabled with Power Edge Router (from Q4-2023 onwards),
# the SNAT (VPC Public Gateway) service is not routable from IBM Power Virtual Server hosts
# and cannot be used for outbound Public Internet connectivity
# For IBM PowerVS Workspace with legacy Cloud Connection,
# required for both outbound Public Internet connectivty and internal traffic to other IBM Cloud Services

Check failure on line 376 in roles/sap_vm_provision/tasks/platform_ansible/ibmcloud_powervs/execute_main.yml

View workflow job for this annotation

GitHub Actions / Check for spelling errors

connectivty ==> connectivity
berndfinger marked this conversation as resolved.
Show resolved Hide resolved
- name: Register Web Forward Proxy
ansible.builtin.include_tasks:
file: common/register_proxy.yml
when: sap_vm_provision_proxy_web_forward_proxy_ip is defined
Expand All @@ -378,9 +393,9 @@
set -o pipefail && if [ "${workspace_legacy_cc}" = true ]; then sleep 120 ; fi
when:
- ansible_os_family == 'RedHat'
- (not sap_vm_provision_os_registration_script_command is defined) and (not sap_vm_provision_os_registration_script_command | length > 0)
- (not sap_vm_provision_os_online_registration_user is defined) and (sap_vm_provision_os_online_registration_user | length == 0)
- (not sap_vm_provision_os_online_registration_passcode is defined) and (sap_vm_provision_os_online_registration_passcode | length == 0)
- sap_vm_provision_os_registration_script_command is undefined
- (sap_vm_provision_os_online_registration_user is undefined) or (sap_vm_provision_os_online_registration_passcode is undefined)
- not __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities.resource.pi_workspace_capabilities['power-edge-router']

# Not applicable to the IBM PowerVS Workspace enabled with Power Edge Router (from Q4-2023 onwards)
# Extract the generated command string and activation key from /usr/share, then execute script from /usr/local/bin
Expand All @@ -396,9 +411,9 @@
set -o pipefail && SUSEConnect --product PackageHub/{{ ansible_distribution_version }}/ppc64le
when:
- ansible_os_family == 'Suse'
- (not sap_vm_provision_os_registration_script_command is defined) and (not sap_vm_provision_os_registration_script_command | length > 0)
- (not sap_vm_provision_os_online_registration_user is defined) and (sap_vm_provision_os_online_registration_user | length == 0)
- (not sap_vm_provision_os_online_registration_passcode is defined) and (sap_vm_provision_os_online_registration_passcode | length == 0)
- sap_vm_provision_os_registration_script_command is undefined
- (sap_vm_provision_os_online_registration_user is undefined) or (sap_vm_provision_os_online_registration_passcode is undefined)
- not __sap_vm_provision_task_ibmcloud_pi_workspace_capabilities.resource.pi_workspace_capabilities['power-edge-router']

- name: Register Package Repositories for OS Images with Bring-Your-Own-Subscription (BYOS)
ansible.builtin.include_tasks:
Expand All @@ -412,7 +427,9 @@
sleep: 10
connect_timeout: 15
timeout: 120
when: sap_vm_provision_nfs_mount_point is defined
when:
- sap_vm_provision_nfs_mount_point is defined
- (sap_vm_provision_nfs_mount_point | default('')) | length > 0

- name: Verify connection to separate NFS for SAP Transport Directory
ansible.builtin.wait_for:
Expand All @@ -422,7 +439,9 @@
sleep: 10
connect_timeout: 15
timeout: 120
when: sap_vm_provision_nfs_mount_point_separate_sap_transport_dir is defined
when:
- sap_vm_provision_nfs_mount_point_separate_sap_transport_dir is defined
- (sap_vm_provision_nfs_mount_point_separate_sap_transport_dir | default('')) | length > 0

# Ensure lock to RHEL major.minor version
# Lock using subscription-manager release --set or /var/lib/rhsm/cache/releasever.json, alternatively using /etc/yum/vars/releasever or /etc/dnf/vars/releasever
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,41 @@
ansible.builtin.set_fact:
target_provision_host_spec: "{{ lookup('ansible.builtin.vars', 'sap_vm_provision_' + sap_vm_provision_iac_platform + '_host_specifications_dictionary')[sap_vm_provision_host_specification_plan][scaleout_origin_host_spec | default(inventory_hostname)] }}"

# Create flat list with names for each volume to be created.
# Create flat list with disk tiers.
- name: Set fact for target device map
ansible.builtin.set_fact:
storage_disks_map: |
{% set disks_map = [] -%}
{% for storage_item in target_provision_host_spec.storage_definition -%}
{% for idx in range(0, storage_item.disk_count | default(1)) -%}
{% if (storage_item.filesystem_type is defined) -%}
{% if ('swap' in storage_item.filesystem_type and storage_item.swap_path is not defined)
or ('swap' not in storage_item.filesystem_type and storage_item.nfs_path is not defined) -%}
{% set vol = disks_map.extend([
{
'definition_key': storage_item.name,
'name': storage_item.name + idx|string,
'size': storage_item.disk_size | default(0),
'type': storage_item.disk_type | default('tier3')
}
]) %}
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
{{ disks_map }}
__sap_vm_provision_task_storage_type_tier: "{{ target_provision_host_spec.storage_definition | selectattr('disk_type','defined') | map(attribute='disk_type') | select() | list | unique }}"

- name: Confirm IBM Power Virtual Server Storage Type Tier
ansible.builtin.fail:
msg:
IBM Power Virtual Servers require a static configuration for the Storage Type Tier,
and all attached Block Storage Volumes must use this Storage Type Tier.
Edit the Storage Definition variable to use the same Storage Type Tier for each Block Storage Volume.
when: __sap_vm_provision_task_storage_type_tier | length > 1


# Status will change from Building > Warning (VM = Active, Health = Warning) > Active. The Ansible Task will continue once the Active status has been reached.
- name: Provision IBM Power Virtual Server instance on IBM Cloud
no_log: "{{ __sap_vm_provision_no_log }}"
Expand All @@ -37,21 +72,25 @@
pi_network:
- network_id: "{{ __sap_vm_provision_task_ibmcloud_pi_subnet.resource.id }}"

pi_storage_type: tier1
# Storage Type Tier is a static configuration for the Virtual Server, it cannot be amended
# All Block Storage Volumes attached to the Virtual Server, must use the set Storage Type Tier:
# tier0 (25 IOPS/GB), tier1 (10 IOPS/GB), tier3 (3 IOPS/GB), tier5k (Fixed 5000 IOPS)
pi_storage_type: "{{ __sap_vm_provision_task_storage_type_tier | first }}"
pi_storage_pool_affinity: true
#pi_volume_ids: []

pi_pin_policy: none
pi_health_status: OK

pi_placement_group_id: "{{ (
(__sap_vm_provision_task_ibmcloud_placement_groups_list.resource.placement_groups | selectattr('name','search','hana'))[0].id
if ('hana_primary' in target_provision_host_spec.sap_host_type or 'hana_secondary' in target_provision_host_spec.sap_host_type)
if ('hana_primary' in target_provision_host_spec.sap_host_type or 'hana_secondary' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_groups_list is skipped
else
(__sap_vm_provision_task_ibmcloud_placement_groups_list.resource.placement_groups | selectattr('name','search','anydb'))[0].id
if ('anydb_primary' in target_provision_host_spec.sap_host_type or 'anydb_secondary' in target_provision_host_spec.sap_host_type)
if ('anydb_primary' in target_provision_host_spec.sap_host_type or 'anydb_secondary' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_groups_list is skipped
else
(__sap_vm_provision_task_ibmcloud_placement_groups_list.resource.placement_groups | selectattr('name','search','nwas'))[0].id
if ('nwas_ascs' in target_provision_host_spec.sap_host_type or 'nwas_ers' in target_provision_host_spec.sap_host_type)
if ('nwas_ascs' in target_provision_host_spec.sap_host_type or 'nwas_ers' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_groups_list is skipped
) | default(omit) }}"

ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}"
Expand All @@ -66,31 +105,6 @@
ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}"


# Create flat list with names for each volume to be created.
- name: Set fact for target device map
ansible.builtin.set_fact:
storage_disks_map: |
{% set disks_map = [] -%}
{% for storage_item in target_provision_host_spec.storage_definition -%}
{% for idx in range(0, storage_item.disk_count | default(1)) -%}
{% if (storage_item.filesystem_type is defined) -%}
{% if ('swap' in storage_item.filesystem_type and storage_item.swap_path is not defined)
or ('swap' not in storage_item.filesystem_type and storage_item.nfs_path is not defined) -%}
{% set vol = disks_map.extend([
{
'definition_key': storage_item.name,
'name': storage_item.name + idx|string,
'size': storage_item.disk_size | default(0),
'type': storage_item.disk_type | default('general-purpose')
}
]) %}
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
{{ disks_map }}


- name: Provision IBM Power Infrastructure Block Storage volumes for IBM Power VS instance filesystems
no_log: "{{ __sap_vm_provision_no_log }}"
register: __sap_vm_provision_task_provision_host_single_volumes
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,13 +53,13 @@

placement_group: "{{ (
(__sap_vm_provision_task_ibmcloud_placement_group.results | selectattr('item','==','hana'))[0].resource.id
if ('hana_primary' in target_provision_host_spec.sap_host_type or 'hana_secondary' in target_provision_host_spec.sap_host_type)
if ('hana_primary' in target_provision_host_spec.sap_host_type or 'hana_secondary' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_group is skipped
else
(__sap_vm_provision_task_ibmcloud_placement_group.results | selectattr('item','==','anydb'))[0].resource.id
if ('anydb_primary' in target_provision_host_spec.sap_host_type or 'anydb_secondary' in target_provision_host_spec.sap_host_type)
if ('anydb_primary' in target_provision_host_spec.sap_host_type or 'anydb_secondary' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_group is skipped
else
(__sap_vm_provision_task_ibmcloud_placement_group.results | selectattr('item','==','nwas'))[0].resource.id
if ('nwas_ascs' in target_provision_host_spec.sap_host_type or 'nwas_ers' in target_provision_host_spec.sap_host_type)
if ('nwas_ascs' in target_provision_host_spec.sap_host_type or 'nwas_ers' in target_provision_host_spec.sap_host_type) and not __sap_vm_provision_task_ibmcloud_placement_group is skipped
) | default(omit) }}"

ibmcloud_api_key: "{{ sap_vm_provision_ibmcloud_api_key }}"
Expand Down
Loading
Loading