From 3d4ae5bedbc40fb8084745ccf895b7e27bfdcb86 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Wed, 21 Jun 2023 16:34:30 +0200 Subject: [PATCH 001/196] added redhat_ocp_virt platform to sap_hypervisor_node_preconfigure --- ...ypervisor-redhat_ocp_virt-preconfigure.yml | 11 + ...pervisor-node-preconfigure-rh_ocp_virt.yml | 89 ++++++++ .../README.md | 209 +++++++++++++++++- .../cnv-namespace-operator-subscription.yml | 33 +++ .../sriov-enabled-unsupported-nics.sh | 5 + .../sriov-namespace-operator-subscription.yml | 26 +++ .../platform/redhat_rhel_kvm/main.yml | 7 +- .../meta/main.yml | 9 +- .../redhat_ocp_virt/99-kargs-worker.yml.j2 | 18 ++ .../configure-kargs-per-node.yml | 34 +++ .../redhat_ocp_virt/configure-worker-node.yml | 24 ++ .../redhat_ocp_virt/create-sap-bridge.yml | 49 ++++ .../redhat_ocp_virt/download-rhel-images.yml | 21 ++ .../redhat_ocp_virt/enable-cpumanager.yml | 61 +++++ .../redhat_ocp_virt/install-cnv-operator.yml | 74 +++++++ .../install-nmstate-operator.yml | 89 ++++++++ .../install-sriov-operator.yml | 55 +++++ .../redhat_ocp_virt/install-trident.yml | 48 ++++ .../redhat_ocp_virt/install-virtctl.yml | 15 ++ .../tasks/platform/redhat_ocp_virt/kargs.yml | 11 + .../redhat_ocp_virt/label-worker-invtsc.yml | 11 + .../tasks/platform/redhat_ocp_virt/main.yml | 61 +++++ .../tasks/platform/redhat_ocp_virt/mcp.yml.j2 | 47 ++++ .../platform/redhat_ocp_virt/node-network.yml | 99 +++++++++ .../platform/redhat_ocp_virt/prepare.yml | 9 + .../redhat_ocp_virt/setup-worker-node.yml | 80 +++++++ .../sriov-enabled-unsupported-nics.sh | 5 + .../templates/99-kargs-worker.yml.j2 | 18 ++ .../templates/templates/mcp.yml.j2 | 47 ++++ .../redhat_ocp_virt/trident-backend.json.j2 | 18 ++ .../redhat_ocp_virt/tuned-virtual-host.yml | 21 ++ .../redhat_rhel_kvm/assert-configuration.yml | 46 ++-- .../redhat_rhel_kvm/assert-rhv-hooks.yml | 4 + .../assert-set-tuned-profile.yml | 1 + .../redhat_rhel_kvm/configuration.yml | 65 ++---- .../tasks/platform/redhat_rhel_kvm/main.yml | 12 +- .../platform/redhat_rhel_kvm/rhv-hooks.yml | 3 +- .../redhat_rhel_kvm/set-tuned-profile.yml | 4 + .../platform_defaults_redhat_ocp_virt.yml | 19 ++ 39 files changed, 1374 insertions(+), 84 deletions(-) create mode 100644 playbooks/sample-sap-hypervisor-redhat_ocp_virt-preconfigure.yml create mode 100644 playbooks/vars/sample-variables-sap-hypervisor-node-preconfigure-rh_ocp_virt.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/files/platform/redhat_ocp_virt/cnv-namespace-operator-subscription.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/files/platform/redhat_ocp_virt/sriov-enabled-unsupported-nics.sh create mode 100644 roles/sap_hypervisor_node_preconfigure/files/platform/redhat_ocp_virt/sriov-namespace-operator-subscription.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/99-kargs-worker.yml.j2 create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-kargs-per-node.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-worker-node.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/create-sap-bridge.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/download-rhel-images.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/enable-cpumanager.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-cnv-operator.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-nmstate-operator.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-sriov-operator.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-trident.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-virtctl.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/kargs.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/label-worker-invtsc.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/mcp.yml.j2 create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/node-network.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/prepare.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/setup-worker-node.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/sriov-enabled-unsupported-nics.sh create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/templates/templates/99-kargs-worker.yml.j2 create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/templates/templates/mcp.yml.j2 create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/trident-backend.json.j2 create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/tuned-virtual-host.yml create mode 100644 roles/sap_hypervisor_node_preconfigure/vars/platform_defaults_redhat_ocp_virt.yml diff --git a/playbooks/sample-sap-hypervisor-redhat_ocp_virt-preconfigure.yml b/playbooks/sample-sap-hypervisor-redhat_ocp_virt-preconfigure.yml new file mode 100644 index 000000000..285e60488 --- /dev/null +++ b/playbooks/sample-sap-hypervisor-redhat_ocp_virt-preconfigure.yml @@ -0,0 +1,11 @@ +--- +- hosts: all + gather_facts: true + serial: 1 + vars: + sap_hypervisor_node_platform: redhat_ocp_virt + + tasks: + - name: Include Role + ansible.builtin.include_role: + name: sap_hypervisor_node_preconfigure diff --git a/playbooks/vars/sample-variables-sap-hypervisor-node-preconfigure-rh_ocp_virt.yml b/playbooks/vars/sample-variables-sap-hypervisor-node-preconfigure-rh_ocp_virt.yml new file mode 100644 index 000000000..a2747ac4f --- /dev/null +++ b/playbooks/vars/sample-variables-sap-hypervisor-node-preconfigure-rh_ocp_virt.yml @@ -0,0 +1,89 @@ +sap_hypervisor_node_preconfigure_cluster_config: + + # URL under which the OCP cluster is reachable + cluster_url: ocpcluster.domain.org + + # namespace under which the VMs are created, note this has to be + # openshift-sriov-network-operator in case of using SRIOV network + # devices + vm_namespace: sap + + # Optional, configuration for trident driver for Netapp NFS filer + trident: + management: management.domain.org + data: datalif.netapp.domain.org + svm: sap_svm + backend: nas_backend + aggregate: aggregate_Name + username: admin + password: xxxxx + storage_driver: ontap-nas + storage_prefix: ocpv_sap_ + + # detailed configuration for every worker that should be configured + # + workers: + - kubernetes_reserved_cpus: "0,1" # CPU cores reserved for + # kubernetes + + - name: worker-0 # name must match the node name + networks: # Example network config + - name: sapbridge # using a bridge + description: SAP bridge + state: up + type: linux-bridge + ipv4: + enabled: false + auto-gateway: false + auto-dns: false + bridge: + options: + stp: + enabled: false + port: + - name: ens1f0 # network IF name + - name: storage # an SRIOV device + interface: ens2f0 # network IF name + type: sriov + + - bridge: # another bridge + options: + stp: + enabled: false + port: + - name: ens2f0 # network IF name + description: storage + mtu: 9000 + ipv4: + address: + - ip: 192.168.1.51 # IP config + prefix-length: 24 + auto-dns: false + auto-gateway: false + enabled: true + name: storagebridge + state: up + type: linux-bridge + - name: multi # another SRIOV device + interface: ens2f1 # network IF name + type: sriov + + - name: worker-1 # second worker configuration + networks: # Example network config + - name: sapbridge # using a bridge + description: SAP bridge + state: up + type: linux-bridge + ipv4: + enabled: false + auto-gateway: false + auto-dns: false + bridge: + options: + stp: + enabled: false + port: + - name: ens1f0 # network IF name + - name: storage # an SRIOV device + interface: ens2f0 # network IF name + type: sriov diff --git a/roles/sap_hypervisor_node_preconfigure/README.md b/roles/sap_hypervisor_node_preconfigure/README.md index cc26e0917..628a6a86d 100644 --- a/roles/sap_hypervisor_node_preconfigure/README.md +++ b/roles/sap_hypervisor_node_preconfigure/README.md @@ -3,7 +3,191 @@ sap_hypervisor_node_preconfigure ======================= -This role will set and check the required settings and parameters for a hypervisor running VMs for SAP HANA. +This role will configure the following hypervisors in order to run SAP workloads: +* Redhat Openshift Virtualization (OCPV) +* Redhat Enterprise Virtualization (RHV) + +Platform: Redhat Openshift Virtualization +========================================= + +This role will configure a plain vanilla Openshift cluster so it can be used for SAP workloads. + +Requirements +------------ +A freshly installed Openshift cluster. +The worker nodes should have > 96GB of memory. +Storage is required, e.g. via NFS, Openshift Data Foundation or local storage. +This role can setup access to a Netapp Filer via Trident storage connector. +Point the `KUBECONFIG` environment variable to you `kubeconfig`. + + +Install the packages stated in `requirements.txt` on the host where the role runs. +The required packages are: +``` +httpd-tools +ansible-collection-kubernetes-core +``` + + +Make the role available in case you didn't install it already in an ansible roles directory, e.g. + +``` +mkdir -p ~/.ansible/roles/ +ln -sf ~/community.sap_install/roles/sap_hypervisor_node_preconfigure ~/.ansible/roles/ +``` + +Role Variables +-------------- +General variables are defined in sap_hypervisor_node_preconfigure/vars/platform_defaults_redhat_ocp_virt.yml +``` +# Install the trident NFS storage provider +sap_hypervisor_node_preconfigure_install_trident: False +# URL of the trident installer package to use +sap_hypervisor_node_preconfigure_install_trident_url: https://github.com/NetApp/trident/releases/download/v23.01.0/trident-installer-23.01.0.tar.gz + +# should SRIOV be enabled for unsupported NICs +sap_hypervisor_node_preconfigure_sriov_enable_unsupported_nics: True + +# Amount of memory [GB] to be reserved for the hypervisor on hosts >= 512GB +sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_ge_512: 64 #GB +# Amount of memory [GB] to be reserved for the hypervisor on hosts < 512GB +sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_lt_512: 32 #GB + +# Should the check for the minimal amount of be ignored? Minimal amount is 96 GB +# If ignored, the amount of $hostmemory - $reserved is allocated with a lower bound of 0 in case $reserved > $hostmemory +sap_hypervisor_node_preconfigure_ignore_minimal_memory_check: False +``` + +The following variables are describing the nodes and networks to be used. It can make sense to have them in a seperate file, e.g. see `playbooks/vars/sample-variables-sap-hypervisor-node-preconfigure-rh_ocp_virt.yml` for an example. +``` +sap_hypervisor_node_preconfigure_cluster_config: + # URL under which the OCP cluster is reachable + cluster_url: ocpcluster.domain.org + + # namespace under which the VMs are created, note this has to be + # openshift-sriov-network-operator in case of using SRIOV network + # devices + vm_namespace: sap + + # Optional, configuration for trident driver for Netapp NFS filer + trident: + management: management.domain.org + data: datalif.netapp.domain.org + svm: sap_svm + backend: nas_backend + aggregate: aggregate_Name + username: admin + password: xxxxx + storage_driver: ontap-nas + storage_prefix: ocpv_sap_ + + # detailed configuration for every worker that should be configured + workers: + kubernetes_reserved_cpus: "0,1" # CPU cores reserved for + # kubernetes + + - name: worker-0 # name must match the node name + networks: # Example network config + - name: sapbridge # using a bridge + description: SAP bridge + state: up + type: linux-bridge + ipv4: + enabled: false + auto-gateway: false + auto-dns: false + bridge: + options: + stp: + enabled: false + port: + - name: ens1f0 # network IF name + - name: storage # an SRIOV device + interface: ens2f0 # network IF name + type: sriov + + - bridge: # another bridge + options: + stp: + enabled: false + port: + - name: ens2f0 # network IF name + description: storage + mtu: 9000 + ipv4: + address: + - ip: 192.168.1.51 # IP config + prefix-length: 24 + auto-dns: false + auto-gateway: false + enabled: true + name: storagebridge + state: up + type: linux-bridge + - name: multi # another SRIOV device + interface: ens2f1 # network IF name + type: sriov + + - name: worker-1 # second worker configuration + networks: # Example network config + - name: sapbridge # using a bridge + description: SAP bridge + state: up + type: linux-bridge + ipv4: + enabled: false + auto-gateway: false + auto-dns: false + bridge: + options: + stp: + enabled: false + port: + - name: ens1f0 # network IF name + - name: storage # an SRIOV device + interface: ens2f0 # network IF name + type: sriov +``` + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +See `playbooks/sample-sap-hypervisor-redhat_ocp_virt-preconfigure.yml` for this example: + +``` +--- +- hosts: all + gather_facts: true + serial: 1 + vars: + sap_hypervisor_node_platform: redhat_ocp_virt + + tasks: + - name: Include Role + ansible.builtin.include_role: + name: sap_hypervisor_node_preconfigure +``` + +Example Usage +------------- +Make sure to set the `KUBECONFIG` environment variable, e.g. +``` +export KUBECONFIG=~/.kubeconfig +``` +To invoke the example playbook with the example configuration using your localhost as ansible host use the following command line: +``` +ansible-playbook --connection=local -i localhost, playbooks/sample-sap-hypervisor-redhat_ocp_virt-preconfigure.yml -e @s/sample-sap-hypervisor-redhat_ocp_virt-preconfigure.yml +``` + + +Platform: RHEL KVM +=================== +set and check the required settings and parameters for a hypervisor running VMs for SAP HANA. Requirements ------------ @@ -48,18 +232,31 @@ Example Playbook Simple example that just sets the parameters. ``` +--- - hosts: all - roles: - - sap_hypervisor_node_preconfigure + gather_facts: true + serial: 1 + vars: + sap_hypervisor_node_platform: redhat_rhel_kvm + tasks: + - name: Include Role + ansible.builtin.include_role: + name: sap_hypervisor_node_preconfigure ``` Run in assert mode to verify that parameters have been set. ``` +--- - hosts: all - roles: - - sap_hypervisor_node_preconfigure + gather_facts: true + serial: 1 vars: - - sap_hypervisor_node_preconfigure_assert: yes + sap_hypervisor_node_platform: redhat_rhel_kvm + sap_hypervisor_node_preconfigure_assert: yes + tasks: + - name: Include Role + ansible.builtin.include_role: + name: sap_hypervisor_node_preconfigure ``` License ------- diff --git a/roles/sap_hypervisor_node_preconfigure/files/platform/redhat_ocp_virt/cnv-namespace-operator-subscription.yml b/roles/sap_hypervisor_node_preconfigure/files/platform/redhat_ocp_virt/cnv-namespace-operator-subscription.yml new file mode 100644 index 000000000..2d8b3feab --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/files/platform/redhat_ocp_virt/cnv-namespace-operator-subscription.yml @@ -0,0 +1,33 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: openshift-cnv +--- +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: kubevirt-hyperconverged-group + namespace: openshift-cnv +spec: + targetNamespaces: + - openshift-cnv +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: hco-operatorhub + namespace: openshift-cnv +spec: + source: redhat-operators + sourceNamespace: openshift-marketplace + name: kubevirt-hyperconverged +# startingCSV: kubevirt-hyperconverged-operator.v4.10.0 +# channel: "stable" +--- +apiVersion: hco.kubevirt.io/v1beta1 +kind: HyperConverged +metadata: + name: kubevirt-hyperconverged + namespace: openshift-cnv +spec: diff --git a/roles/sap_hypervisor_node_preconfigure/files/platform/redhat_ocp_virt/sriov-enabled-unsupported-nics.sh b/roles/sap_hypervisor_node_preconfigure/files/platform/redhat_ocp_virt/sriov-enabled-unsupported-nics.sh new file mode 100644 index 000000000..7732ba78e --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/files/platform/redhat_ocp_virt/sriov-enabled-unsupported-nics.sh @@ -0,0 +1,5 @@ +#!/bin/bash +# in order to allow unsupported SRIOV nics such as Mellanox +oc patch sriovoperatorconfig default --type=merge -n openshift-sriov-network-operator --patch '{ "spec": { "enableOperatorWebhook": false } }' + + diff --git a/roles/sap_hypervisor_node_preconfigure/files/platform/redhat_ocp_virt/sriov-namespace-operator-subscription.yml b/roles/sap_hypervisor_node_preconfigure/files/platform/redhat_ocp_virt/sriov-namespace-operator-subscription.yml new file mode 100644 index 000000000..9451b3401 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/files/platform/redhat_ocp_virt/sriov-namespace-operator-subscription.yml @@ -0,0 +1,26 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: openshift-sriov-network-operator +--- +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: sriov-network-operators + namespace: openshift-sriov-network-operator +spec: + targetNamespaces: + - openshift-sriov-network-operator +--- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: sriov-network-operator-subscription + namespace: openshift-sriov-network-operator +spec: + source: redhat-operators + sourceNamespace: openshift-marketplace + name: sriov-network-operator +# startingCSV: sriov-network-operator + channel: "stable" diff --git a/roles/sap_hypervisor_node_preconfigure/handlers/platform/redhat_rhel_kvm/main.yml b/roles/sap_hypervisor_node_preconfigure/handlers/platform/redhat_rhel_kvm/main.yml index 21c4a5b4e..911776897 100644 --- a/roles/sap_hypervisor_node_preconfigure/handlers/platform/redhat_rhel_kvm/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/handlers/platform/redhat_rhel_kvm/main.yml @@ -1,5 +1,4 @@ --- - - name: "Check if server is booted in BIOS or UEFI mode" ansible.builtin.stat: path: /sys/firmware/efi @@ -40,14 +39,14 @@ - name: "Set the grub.cfg location RHEL" ansible.builtin.set_fact: __sap_hypervisor_node_preconfigure_uefi_boot_dir: /boot/efi/EFI/redhat/grub.cfg - when: + when: - ansible_distribution == 'RedHat' - name: "Set the grub.cfg location SLES" ansible.builtin.set_fact: __sap_hypervisor_node_preconfigure_uefi_boot_dir: /boot/efi/EFI/BOOT/grub.cfg - when: - - ansible_distribution == 'SLES' or ansible_distribution == 'SLES_SAP' + when: + - ansible_distribution == 'SLES' or ansible_distribution == 'SLES_SAP' - name: "Run grub-mkconfig (UEFI mode)" ansible.builtin.command: "grub2-mkconfig -o {{ __sap_hypervisor_node_preconfigure_uefi_boot_dir }}" diff --git a/roles/sap_hypervisor_node_preconfigure/meta/main.yml b/roles/sap_hypervisor_node_preconfigure/meta/main.yml index 0b4c2c801..47965cdc0 100644 --- a/roles/sap_hypervisor_node_preconfigure/meta/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/meta/main.yml @@ -3,8 +3,15 @@ galaxy_info: namespace: community role_name: sap_hypervisor_node_preconfigure author: Nils Koenig - description: Provide the configuration of SAP-certified hypervisors + description: Provide the configuration of hypervisors for SAP workloads license: Apache-2.0 min_ansible_version: 2.9 galaxy_tags: [ 'sap', 'hana', 'rhel', 'redhat', 'sles', 'suse' ] + platforms: + - name: CentOS + versions: + 8 + - name: RHEL + versions: + 8 dependencies: [] diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/99-kargs-worker.yml.j2 b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/99-kargs-worker.yml.j2 new file mode 100644 index 000000000..183bfb353 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/99-kargs-worker.yml.j2 @@ -0,0 +1,18 @@ +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfig +metadata: + labels: + kubernetes.io/hostname: {{ __sap_hypervisor_node_preconfigure_register_worker_name }} + machineconfiguration.openshift.io/role: {{ __sap_hypervisor_node_preconfigure_register_worker_name }} + name: 99-kargs-{{ __sap_hypervisor_node_preconfigure_register_worker_name }} +spec: + config: + ignition: + version: 3.2.0 + kernelArguments: + - intel_iommu=on + - iommu=pt + - default_hugepagesz=1GB + - hugepagesz=1GB + - hugepages={{ __sap_hypervisor_node_preconfigure_register_worker_reserved_hugepages }} + - tsx=on diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-kargs-per-node.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-kargs-per-node.yml new file mode 100644 index 000000000..488c3eaa9 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-kargs-per-node.yml @@ -0,0 +1,34 @@ +--- +- name: Get worker name + ansible.builtin.set_fact: + __sap_hypervisor_node_preconfigure_register_worker_name: + "{{ __sap_hypervisor_node_preconfigure_register_worker['metadata']['labels']['kubernetes.io/hostname'] }}" + +- name: Get memory of worker node + ansible.builtin.set_fact: + __sap_hypervisor_node_preconfigure_register_worker_memory_gb: + "{{ (__sap_hypervisor_node_preconfigure_register_worker['status']['capacity']['memory'] | replace('Ki', '') | int / 1048576) | int }}" + +- name: Check if host has minimal amount of memory (96Gb) + ansible.builtin.assert: + that: __sap_hypervisor_node_preconfigure_register_worker_memory_gb|int >= 96 + fail_msg: "Not enough memory on node {{ __sap_hypervisor_node_preconfigure_register_worker_name }}" + success_msg: "Enough memory on node {{ __sap_hypervisor_node_preconfigure_register_worker_name }}" + ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_minimal_memory_check }}" + +# calculate memory to be allocated as hugepages +# if system < 512GB memory use 32GB as upper boundary, 64GB otherwise as upper boundary +- name: Calculate amount of hugepages to reserve (host memory < 512 Gb) + ansible.builtin.set_fact: + __sap_hypervisor_node_preconfigure_register_worker_reserved_hugepages: + "{{ __sap_hypervisor_node_preconfigure_register_worker_memory_gb | int - sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_lt_512 }}" + when: __sap_hypervisor_node_preconfigure_register_worker_memory_gb|int < 512 + +- name: Calculate amount of hugepages to reserve (host memory >= 512 Gb) + ansible.builtin.set_fact: + __sap_hypervisor_node_preconfigure_register_worker_reserved_hugepages: + "{{ __sap_hypervisor_node_preconfigure_register_worker_memory_gb | int - sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_ge_512 }}" + when: __sap_hypervisor_node_preconfigure_register_worker_memory_gb|int >= 512 + +- name: "Include kargs for {{ __sap_hypervisor_node_preconfigure_register_worker_name }}" + ansible.builtin.include_tasks: kargs.yml diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-worker-node.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-worker-node.yml new file mode 100644 index 000000000..82fec7ac3 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-worker-node.yml @@ -0,0 +1,24 @@ +--- +- name: Include node network + ansible.builtin.include_tasks: node-network.yml + with_items: "{{ __sap_hypervisor_node_preconfigure_register_worker.networks }}" + loop_control: + loop_var: __sap_hypervisor_node_preconfigure_register_worker_network + index_var: __sap_hypervisor_node_preconfigure_register_worker_network_nr + when: __sap_hypervisor_node_preconfigure_register_worker.networks is defined + +- name: "Create MCP for {{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + kubernetes.core.k8s: + template: + path: "mcp.yml.j2" + state: present + +- name: Pause so cluster can process config + ansible.builtin.pause: + minutes: 1 + +# How to wait for node to be scheduleable? (NodeSchedulable) +- name: Wait for all k8s nodes to be ready + ansible.builtin.command: oc wait --for=condition=Ready nodes --all --timeout=3600s + register: __sap_hypervisor_node_preconfigure_register_nodes_ready + changed_when: __sap_hypervisor_node_preconfigure_register_nodes_ready.rc != 0 diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/create-sap-bridge.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/create-sap-bridge.yml new file mode 100644 index 000000000..bbdbdfffd --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/create-sap-bridge.yml @@ -0,0 +1,49 @@ +--- +- name: Create SAP bridge NodeNetworkConfigurationPolicy + kubernetes.core.k8s: + state: present + definition: + apiVersion: nmstate.io/v1 + kind: NodeNetworkConfigurationPolicy + metadata: + name: "sap-bridge-policy-{{ worker.name }}" + spec: + nodeSelector: + kubernetes.io/hostname: "{{ worker.name }}" + desiredState: + interfaces: + - name: sapbridge + description: "Linux bridge with {{ worker.sap_bridge_interface }} as physical port to access SAP network" + type: linux-bridge + state: up + ipv4: + enabled: false + bridge: + options: + stp: + enabled: false + port: + - name: "{{ worker.sap_bridge_interface }}" + + +- name: Create SAP bridge NetworkAttachmentDefinition + kubernetes.core.k8s: + state: present + definition: + apiVersion: "k8s.cni.cncf.io/v1" + kind: NetworkAttachmentDefinition + metadata: + kubernetes.io/hostname: "{{ worker.name }}" + machineconfiguration.openshift.io/role: "{{ worker.name }}" + namespace: "{{ vm_namespace }}" + name: sap-bridge-network-definition + annotations: + k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/sapbridge + spec: + config: '{ + "cniVersion": "0.3.1", + "name": "sap-bridge-network-definition", + "type": "cnv-bridge", + "bridge": "sapbridge", + "macspoofchk": true + }' diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/download-rhel-images.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/download-rhel-images.yml new file mode 100644 index 000000000..6dd050ea9 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/download-rhel-images.yml @@ -0,0 +1,21 @@ +--- +- name: "Download rhel 8.6 image" + kubernetes.core.k8s: + state: present + definition: + apiVersion: cdi.kubevirt.io/v1beta1 + kind: DataVolume + metadata: + namespace: openshift-virtualization-os-images + name: rhel-86 + annotations: + cdi.kubevirt.io/storage.bind.immediate.requested: 'true' + spec: + source: + registry: + url: 'docker://registry.redhat.io/rhel8/rhel-guest-image:8.6.0' + pullMethod: node + storage: + resources: + requests: + storage: 10Gi diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/enable-cpumanager.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/enable-cpumanager.yml new file mode 100644 index 000000000..25e88c1b2 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/enable-cpumanager.yml @@ -0,0 +1,61 @@ +--- +- name: Label nodes + ansible.builtin.command: "oc label node {{ __sap_hypervisor_node_preconfigure_register_worker.name }} \ + feature.node.kubernetes.io/cpu-feature-invtsc=true --overwrite=true" + register: __sap_hypervisor_node_preconfigure_register_label_node + changed_when: __sap_hypervisor_node_preconfigure_register_label_node.rc != 0 + +- name: Enable CPU Manager by patching MCP of "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + kubernetes.core.k8s: + state: patched + definition: + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfigPool + metadata: + name: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + labels: + custom-kubelet: "cpumanager-enabled" + +- name: Create kubletconfig for cpumanager "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + when: sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus is defined + kubernetes.core.k8s: + state: present + definition: + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + metadata: + name: "cpumanager-enabled" + kubernetes.io/hostname: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + machineconfiguration.openshift.io/role: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + spec: + machineConfigPoolSelector: + matchLabels: + custom-kubelet: "cpumanager-enabled" + kubeletConfig: + cpuManagerPolicy: static + cpuManagerReconcilePeriod: 5s + reservedSystemCPUs: "{{ sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus }}" + +- name: Create kubletconfig for cpumanager "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + when: sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus is not defined + kubernetes.core.k8s: + state: present + definition: + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + metadata: + name: "cpumanager-enabled" + kubernetes.io/hostname: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + machineconfiguration.openshift.io/role: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + spec: + machineConfigPoolSelector: + matchLabels: + custom-kubelet: "cpumanager-enabled" + kubeletConfig: + cpuManagerPolicy: static + cpuManagerReconcilePeriod: 5s + +- name: Label nodes + ansible.builtin.command: "oc label node {{ __sap_hypervisor_node_preconfigure_register_worker.name }} cpumanager=true --overwrite=true" + register: __sap_hypervisor_node_preconfigure_register_label_node + changed_when: __sap_hypervisor_node_preconfigure_register_label_node.rc != 0 diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-cnv-operator.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-cnv-operator.yml new file mode 100644 index 000000000..1a08c9306 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-cnv-operator.yml @@ -0,0 +1,74 @@ +--- +- name: Create the CNV Operator namespace + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: openshift-cnv + +- name: Create CNV OperatorGroup kubevirt-hyperconverged-group + kubernetes.core.k8s: + state: present + + definition: + apiVersion: operators.coreos.com/v1 + kind: OperatorGroup + metadata: + name: kubevirt-hyperconverged-group + namespace: openshift-cnv + spec: + targetNamespaces: + - openshift-cnv + +- name: Create CNV Subscription + kubernetes.core.k8s: + state: present + definition: + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + name: hco-operatorhub + namespace: openshift-cnv + spec: + source: redhat-operators + sourceNamespace: openshift-marketplace + name: kubevirt-hyperconverged + +- name: Wait + ansible.builtin.pause: + seconds: 60 + +- name: Get Install Plan Name + retries: 10 + delay: 10 + ansible.builtin.command: oc get subscriptions/hco-operatorhub --namespace openshift-cnv --output=jsonpath='{$.status.installplan.name}' + register: __sap_hypervisor_node_preconfigure_register_cnv_subscription_install_plan_name + until: __sap_hypervisor_node_preconfigure_register_cnv_subscription_install_plan_name.stdout != "" + changed_when: __sap_hypervisor_node_preconfigure_register_cnv_subscription_install_plan_name.stdout != "" + +- name: Wait for Install Plan to finish + ansible.builtin.command: "oc wait installplan \ + {{ __sap_hypervisor_node_preconfigure_register_cnv_subscription_install_plan_name.stdout }} --namespace openshift-cnv --for=condition='Installed' --timeout='5m'" + register: __sap_hypervisor_node_preconfigure_register_wait_for_installplan + changed_when: __sap_hypervisor_node_preconfigure_register_wait_for_installplan.rc != 0 + +- name: Wait + ansible.builtin.pause: + seconds: 300 + +- name: Create CNV HyperConverged + kubernetes.core.k8s: + state: present + definition: + apiVersion: hco.kubevirt.io/v1beta1 + kind: HyperConverged + metadata: + name: kubevirt-hyperconverged + namespace: openshift-cnv + spec: + +- name: Wait + ansible.builtin.pause: + seconds: 300 diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-nmstate-operator.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-nmstate-operator.yml new file mode 100644 index 000000000..a961de89f --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-nmstate-operator.yml @@ -0,0 +1,89 @@ +--- +- name: Delete the nmstate operator namespace + kubernetes.core.k8s: + state: absent + definition: + apiVersion: v1 + kind: Namespace + metadata: + labels: + kubernetes.io/metadata.name: openshift-nmstate + name: openshift-nmstate + name: openshift-nmstate + spec: + finalizers: + - kubernetes + +- name: Pause to give operator a chance to uninstall + ansible.builtin.pause: + minutes: 2 + +- name: Create the nmstate operator namespace + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + labels: + kubernetes.io/metadata.name: openshift-nmstate + name: openshift-nmstate + name: openshift-nmstate + spec: + finalizers: + - kubernetes + +- name: Create the OperatorGroup + kubernetes.core.k8s: + state: present + definition: + apiVersion: operators.coreos.com/v1 + kind: OperatorGroup + metadata: + annotations: + olm.providedAPIs: NMState.v1.nmstate.io + generateName: openshift-nmstate- + name: openshift-nmstate-tn6k8 + namespace: openshift-nmstate + spec: + targetNamespaces: + - openshift-nmstate + +- name: Pause to give operator a chance to install + ansible.builtin.pause: + minutes: 2 + +- name: Subscribe to the nmstate Operator + kubernetes.core.k8s: + state: present + definition: + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + labels: + operators.coreos.com/kubernetes-nmstate-operator.openshift-nmstate: "" + name: kubernetes-nmstate-operator + namespace: openshift-nmstate + spec: + channel: stable + installPlanApproval: Automatic + name: kubernetes-nmstate-operator + source: redhat-operators + sourceNamespace: openshift-marketplace + +- name: Pause to give operator a chance to install + ansible.builtin.pause: + minutes: 5 + +- name: Create instance of the nmstate operator + kubernetes.core.k8s: + state: present + definition: + apiVersion: nmstate.io/v1 + kind: NMState + metadata: + name: nmstate + +- name: Pause to give instance a chance to come up + ansible.builtin.pause: + minutes: 5 diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-sriov-operator.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-sriov-operator.yml new file mode 100644 index 000000000..1379b1152 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-sriov-operator.yml @@ -0,0 +1,55 @@ +--- +- name: Create the CNV Operator namespace + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: openshift-sriov-network-operator + +- name: Create the CNV Operator namespace + kubernetes.core.k8s: + state: present + definition: + apiVersion: operators.coreos.com/v1 + kind: OperatorGroup + metadata: + name: sriov-network-operators + namespace: openshift-sriov-network-operator + spec: + targetNamespaces: + - openshift-sriov-network-operator +- name: Create the CNV Operator namespace + kubernetes.core.k8s: + state: present + definition: + apiVersion: operators.coreos.com/v1alpha1 + kind: Subscription + metadata: + name: sriov-network-operator-subscription + namespace: openshift-sriov-network-operator + spec: + source: redhat-operators + sourceNamespace: openshift-marketplace + name: sriov-network-operator + # startingCSV: sriov-network-operator + channel: "stable" + + +- name: Pause to give operator a chance to install + ansible.builtin.pause: + minutes: 3 + +- name: Copy patch to enable unsupported NICs + ansible.builtin.copy: + src: sriov-enabled-unsupported-nics.sh + dest: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir.path }}/sriov-enabled-unsupported-nics.sh" + mode: "0755" + when: sap_hypervisor_node_preconfigure_sriov_enable_unsupported_nics + +- name: Enable unsupported NICs + ansible.builtin.command: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir.path }}/sriov-enabled-unsupported-nics.sh" + when: sap_hypervisor_node_preconfigure_sriov_enable_unsupported_nics + register: __sap_hypervisor_node_preconfigure_register_enable_unsupported_nics + changed_when: __sap_hypervisor_node_preconfigure_register_enable_unsupported_nics.rc != 0 diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-trident.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-trident.yml new file mode 100644 index 000000000..9747b55ad --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-trident.yml @@ -0,0 +1,48 @@ +--- +- name: Download trident + ansible.builtin.unarchive: + remote_src: true + src: "{{ sap_hypervisor_node_preconfigure_install_trident_url }}" + dest: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir.path }}/" + +- name: Uninstall trident + ansible.builtin.command: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir.path }}/trident-installer/tridentctl uninstall -n trident" + ignore_errors: true + register: __sap_hypervisor_node_preconfigure_register_uninstall_trident + changed_when: __sap_hypervisor_node_preconfigure_register_uninstall_trident.rc != 0 + +- name: Install trident + ansible.builtin.command: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir.path }}/trident-installer/tridentctl install -n trident" + register: __sap_hypervisor_node_preconfigure_register_install_trident + changed_when: __sap_hypervisor_node_preconfigure_register_install_trident.rc != 0 + +- name: Copy backend file + ansible.builtin.template: + src: "trident-backend.json.j2" + dest: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir.path }}/trident-backend.json" + mode: "0644" + +- name: Create trident backend + ansible.builtin.command: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir.path }}\ + /trident-installer/tridentctl -n trident create backend -f\ + {{ __sap_hypervisor_node_preconfigure_register_tmpdir.path }}\ + /trident-backend.json" + register: __sap_hypervisor_node_preconfigure_register_create_trident_backend + changed_when: __sap_hypervisor_node_preconfigure_register_create_trident_backend.rc != 0 + +- name: Create storage class + kubernetes.core.k8s: + state: present + definition: + apiVersion: storage.k8s.io/v1 + kind: StorageClass + metadata: + name: nas + annotations: + storageclass.kubernetes.io/is-default-class: 'true' + provisioner: csi.trident.netapp.io + parameters: + backendType: "{{ sap_hypervisor_node_preconfigure_cluster_config.trident.storage_driver }}" + snapshots: "True" + provisioningType: "thin" + encryption: "false" diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-virtctl.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-virtctl.yml new file mode 100644 index 000000000..e4555f803 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-virtctl.yml @@ -0,0 +1,15 @@ +--- +- name: Create ~/bin + ansible.builtin.file: + path: ~/bin + state: directory + mode: "0755" + +- name: Get and extract virtctl +# become: yes + ansible.builtin.unarchive: + validate_certs: false + remote_src: true + src: "https://hyperconverged-cluster-cli-download-openshift-cnv.apps.\ + {{ sap_hypervisor_node_preconfigure_cluster_config.cluster_url }}/amd64/linux/virtctl.tar.gz" + dest: ~/bin diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/kargs.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/kargs.yml new file mode 100644 index 000000000..bd28ea55b --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/kargs.yml @@ -0,0 +1,11 @@ +--- +- name: Personalize template + ansible.builtin.template: + src: 99-kargs-worker.yml.j2 + dest: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir.path }}/99-kargs-{{ __sap_hypervisor_node_preconfigure_register_worker_name }}.yml.j2" + mode: "0644" + +- name: Enable hugepages + kubernetes.core.k8s: + state: present + src: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir.path }}/99-kargs-{{ __sap_hypervisor_node_preconfigure_register_worker_name }}.yml.j2" diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/label-worker-invtsc.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/label-worker-invtsc.yml new file mode 100644 index 000000000..57a52da24 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/label-worker-invtsc.yml @@ -0,0 +1,11 @@ +--- +- name: Label worker with invtsc flag + kubernetes.core.k8s: + state: present + definition: + apiVersion: v1 + kind: Namespace + metadata: + name: default + labels: + 'feature.node.kubernetes.io/cpu-feature-invtsc': enabled diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml new file mode 100644 index 000000000..9cc470a04 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml @@ -0,0 +1,61 @@ +--- +- name: Get a list of all nodes from any namespace + kubernetes.core.k8s_info: + kind: Node + register: __sap_hypervisor_node_preconfigure_register_node_list + +- name: Generate list with worker node names + ansible.builtin.set_fact: + __sap_hypervisor_node_preconfigure_register_worker_node_name_list: + "{{ __sap_hypervisor_node_preconfigure_register_worker_node_name_list | \ + d([]) + [__sap_hypervisor_node_preconfigure_register_worker_node.name] }}" + with_items: "{{ sap_hypervisor_node_preconfigure_cluster_config.workers }}" + loop_control: + loop_var: __sap_hypervisor_node_preconfigure_register_worker_node + +- name: Filter hosts + ansible.builtin.set_fact: + __sap_hypervisor_node_preconfigure_register_nodes: + "{{ __sap_hypervisor_node_preconfigure_register_nodes | \ + d([]) + [__sap_hypervisor_node_preconfigure_register_host] }}" + with_items: "{{ __sap_hypervisor_node_preconfigure_register_node_list['resources'] }}" + loop_control: + loop_var: __sap_hypervisor_node_preconfigure_register_host + when: __sap_hypervisor_node_preconfigure_register_host.metadata.name in __sap_hypervisor_node_preconfigure_register_worker_node_name_list + +- name: Assert that configured nodes are found + ansible.builtin.assert: + that: __sap_hypervisor_node_preconfigure_register_nodes is defined + fail_msg: No nodes found that match configuration provided in sap_hypervisor_node_preconfigure_cluster + success_msg: Configured nodes found + +# - meta: end_play + +- name: Include prepare + ansible.builtin.include_tasks: prepare.yml +- name: Include tuned virtual host + ansible.builtin.include_tasks: tuned-virtual-host.yml +- name: Include install CNV operator + ansible.builtin.include_tasks: install-cnv-operator.yml +- name: Include install sriov operator + ansible.builtin.include_tasks: install-sriov-operator.yml +- name: Include install nmstate operator + ansible.builtin.include_tasks: install-nmstate-operator.yml +- name: Include install virtctl + ansible.builtin.include_tasks: install-virtctl.yml +- name: Include setup worker node + ansible.builtin.include_tasks: setup-worker-node.yml + +# How to wait for node to be scheduleable? (NodeSchedulable) +- name: Wait for all k8s nodes to be ready + ansible.builtin.command: oc wait --for=condition=Ready nodes --all --timeout=3600s + register: __sap_hypervisor_node_preconfigure_register_nodes_ready + changed_when: __sap_hypervisor_node_preconfigure_register_nodes_ready.rc != 0 + +- name: Print nodes + ansible.builtin.debug: + var: __sap_hypervisor_node_preconfigure_register_nodes_ready.stdout_lines + +- name: Include Trident installation + ansible.builtin.include_tasks: install-trident.yml + when: sap_hypervisor_node_preconfigure_install_trident diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/mcp.yml.j2 b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/mcp.yml.j2 new file mode 100644 index 000000000..1a39d0a06 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/mcp.yml.j2 @@ -0,0 +1,47 @@ +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfigPool +metadata: + labels: + machineconfiguration.openshift.io/mco-built-in: "" + name: {{ __sap_hypervisor_node_preconfigure_register_worker.name }} +spec: + configuration: + source: + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 00-worker + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 01-worker-container-runtime + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 01-worker-kubelet + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 99-worker-generated-crio-capabilities + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 99-worker-generated-crio-seccomp-use-default + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 99-worker-generated-kubelet + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 99-worker-generated-registries + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 99-worker-ssh + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 99-kargs-{{ __sap_hypervisor_node_preconfigure_register_worker.name }} + machineConfigSelector: + matchExpressions: + - key: machineconfiguration.openshift.io/role + operator: In + values: + - worker + - {{ __sap_hypervisor_node_preconfigure_register_worker.name }} + nodeSelector: + matchLabels: + kubernetes.io/hostname: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + paused: false diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/node-network.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/node-network.yml new file mode 100644 index 000000000..088f86fe8 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/node-network.yml @@ -0,0 +1,99 @@ +--- +- name: Print network + ansible.builtin.debug: + var: __sap_hypervisor_node_preconfigure_register_worker_network + +- name: "Create NodeNetworkConfigurationPolicy\ + {{ __sap_hypervisor_node_preconfigure_register_worker_network.name }} on\ + {{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + kubernetes.core.k8s: + state: present + definition: + apiVersion: nmstate.io/v1 + kind: NodeNetworkConfigurationPolicy + metadata: + name: "{{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}-{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + spec: + nodeSelector: + kubernetes.io/hostname: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + desiredState: + interfaces: + - "{{ __sap_hypervisor_node_preconfigure_register_worker_network }}" + when: __sap_hypervisor_node_preconfigure_register_worker_network.type == 'linux-bridge' + +# XXX didn't work - why? +- name: "Create NetworkAttachmentDefinition {{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}" + kubernetes.core.k8s: + state: present + definition: + apiVersion: "k8s.cni.cncf.io/v1" + kind: NetworkAttachmentDefinition + metadata: + namespace: "{{ sap_hypervisor_node_preconfigure_cluster_config.vm_namespace }}" + name: "{{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}-network-definition" + annotations: + k8s.v1.cni.cncf.io/resourceName: "bridge.network.kubevirt.io/{{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}" + spec: + config: '{ + "cniVersion": "0.3.1", + "name": "sapbridge-network-definition", + "type": "cnv-bridge", + "bridge": "sapbridge", + "macspoofchk": true + }' + when: __sap_hypervisor_node_preconfigure_register_worker_network.type == 'linux-bridge' + +- name: Label nodes + ansible.builtin.command: "oc label node {{ __sap_hypervisor_node_preconfigure_register_worker.name }}\ + feature.node.kubernetes.io/network-sriov.capable=true --overwrite=true" + when: __sap_hypervisor_node_preconfigure_register_worker_network.type == 'sriov' + register: __sap_hypervisor_node_preconfigure_register_label_node + changed_when: __sap_hypervisor_node_preconfigure_register_label_node.rc != 0 + +- name: "Create SRIOV NodeNetworkConfigurationPolicy\ + {{ __sap_hypervisor_node_preconfigure_register_worker_network.name.name }} on\ + {{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + kubernetes.core.k8s: + state: present + definition: + apiVersion: sriovnetwork.openshift.io/v1 + kind: SriovNetworkNodePolicy + metadata: + name: "iface-{{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}-sriov-{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + namespace: openshift-sriov-network-operator + spec: + resourceName: "iface{{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}sriov" + nodeSelector: + feature.node.kubernetes.io/network-sriov.capable: "true" + kubernetes.io/hostname: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + priority: 5 + mtu: 9000 + numVfs: 8 + nicSelector: + pfNames: ['{{ __sap_hypervisor_node_preconfigure_register_worker_network.interface }}#0-7'] + deviceType: vfio-pci + isRdma: false + when: __sap_hypervisor_node_preconfigure_register_worker_network.type == "sriov" + +- name: "Create SriovNetwork Attachment Definition {{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}" + kubernetes.core.k8s: + state: present + definition: + apiVersion: sriovnetwork.openshift.io/v1 + kind: SriovNetwork + metadata: + name: "iface-{{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}-sriov" + namespace: openshift-sriov-network-operator + spec: + ipam: | + { + "type": "host-local", + "subnet": "192.168.1.0/24", + "rangeStart": "192.168.1.200", + "rangeEnd": "192.168.1.210" + } + networkNamespace: openshift-sriov-network-operator + resourceName: "iface{{ __sap_hypervisor_node_preconfigure_register_worker_network.name }}sriov" + spoofChk: "off" + trust: "on" + when: __sap_hypervisor_node_preconfigure_register_worker_network.type == "sriov" diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/prepare.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/prepare.yml new file mode 100644 index 000000000..dd879b22c --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/prepare.yml @@ -0,0 +1,9 @@ +--- +- name: Gather Facts + ansible.builtin.gather_facts: + +- name: Create Tempdir + ansible.builtin.tempfile: + state: directory + suffix: "_sap_hypervisor_node_preconfigure" + register: __sap_hypervisor_node_preconfigure_register_tmpdir diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/setup-worker-node.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/setup-worker-node.yml new file mode 100644 index 000000000..2dc78034f --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/setup-worker-node.yml @@ -0,0 +1,80 @@ +--- +- name: Include configure kargs + ansible.builtin.include_tasks: configure-kargs-per-node.yml + with_items: "{{ __sap_hypervisor_node_preconfigure_register_nodes }}" + loop_control: + loop_var: __sap_hypervisor_node_preconfigure_register_worker + index_var: __sap_hypervisor_node_preconfigure_register_worker_nr + +- name: Include configure worker + ansible.builtin.include_tasks: configure-worker-node.yml + with_items: "{{ sap_hypervisor_node_preconfigure_cluster_config.workers }}" + loop_control: + loop_var: __sap_hypervisor_node_preconfigure_register_worker + index_var: __sap_hypervisor_node_preconfigure_register_worker_nr + +- name: Enable CPU Manager by patching MCP worker + kubernetes.core.k8s: + state: patched + definition: + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfigPool + metadata: + name: worker + labels: + custom-kubelet: cpumanager-enabled + + +- name: Create kubletconfig for cpumanager worker + when: sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus is defined + kubernetes.core.k8s: + state: absent + definition: + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + metadata: + name: cpumanager-enabled + spec: + machineConfigPoolSelector: + matchLabels: + custom-kubelet: cpumanager-enabled + kubeletConfig: + cpuManagerPolicy: static + cpuManagerReconcilePeriod: 5s + reservedSystemCPUs: "{{ sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus }}" + +- name: Create kubletconfig for cpumanager worker + when: sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus is defined + kubernetes.core.k8s: + state: present + definition: + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + metadata: + name: cpumanager-enabled + spec: + machineConfigPoolSelector: + matchLabels: + custom-kubelet: cpumanager-enabled + kubeletConfig: + cpuManagerPolicy: static + cpuManagerReconcilePeriod: 5s + reservedSystemCPUs: "{{ sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus }}" + +- name: Create kubletconfig for cpumanager worker + when: sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus is not defined + kubernetes.core.k8s: + state: present + definition: + apiVersion: machineconfiguration.openshift.io/v1 + kind: KubeletConfig + metadata: + name: cpumanager-enabled + machineconfiguration.openshift.io/role: worker + spec: + machineConfigPoolSelector: + matchLabels: + custom-kubelet: cpumanager-enabled + kubeletConfig: + cpuManagerPolicy: static + cpuManagerReconcilePeriod: 5s diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/sriov-enabled-unsupported-nics.sh b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/sriov-enabled-unsupported-nics.sh new file mode 100644 index 000000000..7732ba78e --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/sriov-enabled-unsupported-nics.sh @@ -0,0 +1,5 @@ +#!/bin/bash +# in order to allow unsupported SRIOV nics such as Mellanox +oc patch sriovoperatorconfig default --type=merge -n openshift-sriov-network-operator --patch '{ "spec": { "enableOperatorWebhook": false } }' + + diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/templates/templates/99-kargs-worker.yml.j2 b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/templates/templates/99-kargs-worker.yml.j2 new file mode 100644 index 000000000..183bfb353 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/templates/templates/99-kargs-worker.yml.j2 @@ -0,0 +1,18 @@ +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfig +metadata: + labels: + kubernetes.io/hostname: {{ __sap_hypervisor_node_preconfigure_register_worker_name }} + machineconfiguration.openshift.io/role: {{ __sap_hypervisor_node_preconfigure_register_worker_name }} + name: 99-kargs-{{ __sap_hypervisor_node_preconfigure_register_worker_name }} +spec: + config: + ignition: + version: 3.2.0 + kernelArguments: + - intel_iommu=on + - iommu=pt + - default_hugepagesz=1GB + - hugepagesz=1GB + - hugepages={{ __sap_hypervisor_node_preconfigure_register_worker_reserved_hugepages }} + - tsx=on diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/templates/templates/mcp.yml.j2 b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/templates/templates/mcp.yml.j2 new file mode 100644 index 000000000..1a39d0a06 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/templates/templates/mcp.yml.j2 @@ -0,0 +1,47 @@ +apiVersion: machineconfiguration.openshift.io/v1 +kind: MachineConfigPool +metadata: + labels: + machineconfiguration.openshift.io/mco-built-in: "" + name: {{ __sap_hypervisor_node_preconfigure_register_worker.name }} +spec: + configuration: + source: + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 00-worker + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 01-worker-container-runtime + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 01-worker-kubelet + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 99-worker-generated-crio-capabilities + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 99-worker-generated-crio-seccomp-use-default + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 99-worker-generated-kubelet + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 99-worker-generated-registries + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 99-worker-ssh + - apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + name: 99-kargs-{{ __sap_hypervisor_node_preconfigure_register_worker.name }} + machineConfigSelector: + matchExpressions: + - key: machineconfiguration.openshift.io/role + operator: In + values: + - worker + - {{ __sap_hypervisor_node_preconfigure_register_worker.name }} + nodeSelector: + matchLabels: + kubernetes.io/hostname: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" + paused: false diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/trident-backend.json.j2 b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/trident-backend.json.j2 new file mode 100644 index 000000000..e422aab11 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/trident-backend.json.j2 @@ -0,0 +1,18 @@ +{ + "nfsMountOptions": "nfsvers=3", + "defaults": { + "exportPolicy": "default" + }, + "debug":false, + "managementLIF":"{{ sap_hypervisor_node_preconfigure_cluster_config.trident.management }}", + "dataLIF":"{{ sap_hypervisor_node_preconfigure_cluster_config.trident.data }}", + "svm":"{{ sap_hypervisor_node_preconfigure_cluster_config.trident.svm }}", + "backendName": "{{ sap_hypervisor_node_preconfigure_cluster_config.trident.backend }}", + "aggregate":"{{ sap_hypervisor_node_preconfigure_cluster_config.trident.aggregate }}", + "username":"{{ sap_hypervisor_node_preconfigure_cluster_config.trident.username }}", + "password":"{{ sap_hypervisor_node_preconfigure_cluster_config.trident.password }}", + "storageDriverName":"{{ sap_hypervisor_node_preconfigure_cluster_config.trident.storage_driver }}", + "storagePrefix":"{{ sap_hypervisor_node_preconfigure_cluster_config.trident.storage_prefix }}", + "version":1 +} + diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/tuned-virtual-host.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/tuned-virtual-host.yml new file mode 100644 index 000000000..e2dd4f483 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/tuned-virtual-host.yml @@ -0,0 +1,21 @@ +--- +- name: Set virtual-host for worker nodes + kubernetes.core.k8s: + state: present + definition: + apiVersion: tuned.openshift.io/v1 + kind: Tuned + metadata: + name: virtual-host + namespace: openshift-cluster-node-tuning-operator + spec: + profile: + - data: | + [main] + include=virtual-host + name: virtual-host + recommend: + - match: + - label: "node-role.kubernetes.io/worker" + priority: 10 + profile: virtual-host diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml index 52cd899ce..379ea44e4 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-configuration.yml @@ -4,11 +4,13 @@ - name: Get kernel command line ansible.builtin.command: cat /proc/cmdline register: __sap_hypervisor_node_preconfigure_kernelcmdline_assert + changed_when: __sap_hypervisor_node_preconfigure_kernelcmdline_assert.rc != 0 - name: "Assert - Kernel same page merging (KSM): Get status" - ansible.builtin.shell: systemctl status ksm + ansible.builtin.command: systemctl status ksm register: __sap_hypervisor_node_preconfigure_ksmstatus_assert ignore_errors: yes + changed_when: __sap_hypervisor_node_preconfigure_ksmstatus_assert.rc != 0 - name: "Assert - Kernel same page merging (KSM): Check if stopped" ansible.builtin.assert: @@ -18,9 +20,10 @@ ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}" - name: "Assert - Kernel same page merging (KSM) Tuning Daemon: Get status" - ansible.builtin.shell: systemctl status ksmtuned + ansible.builtin.command: systemctl status ksmtuned register: __sap_hypervisor_node_preconfigure_ksmtunedstatus_assert ignore_errors: yes + changed_when: __sap_hypervisor_node_preconfigure_ksmtunedstatus_assert.rc != 0 - name: "Assert - Kernel same page merging (KSM) Tuning Daemon: Check if stopped" ansible.builtin.assert: @@ -30,10 +33,12 @@ ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}" - name: Check CPU Stepping - ansible.builtin.shell: lscpu | awk '/Stepping/{print $2}' + ansible.builtin.shell: set -o pipefail && lscpu | awk '/Stepping/{print $2}' register: __sap_hypervisor_node_preconfigure_cpu_stepping_output_assert + changed_when: __sap_hypervisor_node_preconfigure_cpu_stepping_output_assert.rc != 0 -- set_fact: +- name: Register stepping as fact + ansible.builtin.set_fact: __sap_hypervisor_node_preconfigure_cpu_stepping_assert: "{{ __sap_hypervisor_node_preconfigure_cpu_stepping_output_assert.stdout }}" - name: Print CPU Stepping @@ -42,11 +47,13 @@ # skylake: - name: Assert - Check Intel Skylake CPU Platform + when: __sap_hypervisor_node_preconfigure_cpu_stepping_assert == "4" block: - name: Get ple_gap ansible.builtin.command: grep -E '^options\s+kvm_intel.*?ple_gap\s*=\s*0.*$' /etc/modprobe.d/kvm.conf register: __sap_hypervisor_node_preconfigure_skylake_plegap_assert ignore_errors: yes + changed_when: __sap_hypervisor_node_preconfigure_skylake_plegap_assert.rc != 0 - name: Assert - Check if ple_gap=0 ansible.builtin.assert: @@ -61,9 +68,9 @@ fail_msg: "FAIL: spectre_v2=retpoline is not on Kernel command line" success_msg: "PASS: spectre_v2=retpoline is on Kernel command line" ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}" - when: __sap_hypervisor_node_preconfigure_cpu_stepping_assert == "4" - name: Assert - check sap_hypervisor_node_preconfigure_nx_huge_pages + when: sap_hypervisor_node_preconfigure_nx_huge_pages is defined block: - name: "Assert - Check kvm.nx_huge_pages is {{ sap_hypervisor_node_preconfigure_nx_huge_pages }}" ansible.builtin.assert: @@ -72,13 +79,13 @@ success_msg: "PASS: kvm.nx_huge_pages is {{ sap_hypervisor_node_preconfigure_nx_huge_pages }}" ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}" - when: sap_hypervisor_node_preconfigure_nx_huge_pages is defined - - name: Assert - check seccomp_sanbox=0 block: - - command: grep -E '^seccomp_sandbox\s+=\s+0.*$' /etc/libvirt/qemu.conf + - name: Get seccomp setting + ansible.builtin.command: grep -E '^seccomp_sandbox\s+=\s+0.*$' /etc/libvirt/qemu.conf register: __sap_hypervisor_node_preconfigure_seccomp_assert ignore_errors: yes + changed_when: __sap_hypervisor_node_preconfigure_seccomp_assert.rc != 0 - name: "Assert - Check seccomp_sanbox=0 is in /etc/libvirt/qemu.conf" ansible.builtin.assert: @@ -90,38 +97,37 @@ - name: Assert - check amount of 1G hugepages block: - name: Get amount of 1G hugepages - ansible.builtin.shell: hugeadm --pool-list | grep 1073741824 | awk '{print $3}' - register: __sap_hypervisor_node_preconfigure_1Ghugepages_assert + ansible.builtin.shell: set -o pipefail && hugeadm --pool-list | grep 1073741824 | awk '{print $3}' + register: __sap_hypervisor_node_preconfigure_1g_hugepages_assert + changed_when: __sap_hypervisor_node_preconfigure_1g_hugepages_assert.rc != 0 - name: "Check that at least {{ sap_hypervisor_node_preconfigure_reserved_ram }} GB are available for the hypervisor and the rest are 1G hugepages" ansible.builtin.assert: - that: "{{ ( ansible_memtotal_mb / 1024 )|int - sap_hypervisor_node_preconfigure_reserved_ram }} >= {{ __sap_hypervisor_node_preconfigure_1Ghugepages_assert.stdout }}" + that: "{{ (ansible_memtotal_mb / 1024) | int - sap_hypervisor_node_preconfigure_reserved_ram }} >= {{ __sap_hypervisor_node_preconfigure_1g_hugepages_assert.stdout }}" fail_msg: "FAIL: Not enough memory reserved for hypervisor" success_msg: "PASS: Enough memory reserved for hypervisor" ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}" - name: Assert - check Kernel command line block: - - assert: + - name: Ensure iommu is enabled + ansible.builtin.assert: that: "'intel_iommu=on' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout" fail_msg: "FAIL: intel_iommu=on not on Kernel command line" success_msg: "PASS: intel_iommu=on on Kernel command line" ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}" - - assert: + - name: Ensure iommu passthrough is enabled + ansible.builtin.assert: that: "'iommu=pt' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout" fail_msg: "FAIL: iommu=pt not on Kernel command line" success_msg: "PASS: iommu=pt on Kernel command line" ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}" - - assert: + # XXX shouldn't tsx be on? + - name: Ensure tsx is off + ansible.builtin.assert: that: "'tsx=off' in __sap_hypervisor_node_preconfigure_kernelcmdline_assert.stdout" fail_msg: "FAIL: tsx=off not on Kernel command line" success_msg: "PASS: tsx=off on Kernel command line" ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_failed_assertion }}" - - -#- name: Trigger tuned profile sap-hana-kvm activation -# include_tasks: set-tuned-profile.yml -# -##### install hooks: HP, cpufreq diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml index 2abf6750e..4838f18fd 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-rhv-hooks.yml @@ -2,6 +2,7 @@ - name: Check file permissions ansible.builtin.command: "stat -c%a /usr/libexec/vdsm/hooks/before_vm_start/{{ item }}" register: __sap_hypervisor_node_preconfigure_register_file_permissions_assert + changed_when: __sap_hypervisor_node_preconfigure_register_file_permissions_assert.rc != 0 - name: Assert hook file permissions ansible.builtin.assert: @@ -14,16 +15,19 @@ ansible.builtin.file: path: /tmp/sap_hypervisor_node_preconfigure state: directory + mode: "0755" - name: Copy hook for checking ansible.builtin.copy: dest: "/tmp/sap_hypervisor_node_preconfigure/{{ item }}" src: "{{ item }}" + mode: "0755" - name: Diff hook ansible.builtin.command: "diff -uw /tmp/sap_hypervisor_node_preconfigure/{{ item }} /usr/libexec/vdsm/hooks/before_vm_start/{{ item }}" register: __sap_hypervisor_node_preconfigure_register_hook_diff_assert ignore_errors: yes + changed_when: __sap_hypervisor_node_preconfigure_register_hook_diff_assert.rc != 0 - name: Assert hook content ansible.builtin.assert: diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-set-tuned-profile.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-set-tuned-profile.yml index cb6508c2f..ab0d0c9b3 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-set-tuned-profile.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-set-tuned-profile.yml @@ -4,6 +4,7 @@ - name: Get tuned profile ansible.builtin.command: tuned-adm active register: __sap_hypervisor_node_preconfigure_tuned_profile_assert + changed_when: __sap_hypervisor_node_preconfigure_tuned_profile_assert.rc != 0 - name: Verify tuned profile ansible.builtin.assert: diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/configuration.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/configuration.yml index e7ae07c18..b49399e4f 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/configuration.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/configuration.yml @@ -1,60 +1,29 @@ --- # tasks file for sap_hypervisor_node_preconfigure -- name: Test if kernel same page merging (KSM) exists - ansible.builtin.shell: systemctl cat ksm - register: ksm - ignore_errors: true - become: true - become_user: root - -- name: Test if kernel same page merging (KSM) tuning daemon exists - ansible.builtin.shell: systemctl cat ksmtuned - register: ksmtuned - ignore_errors: true - become: true - become_user: root - -- name: Stop kernel same page merging (KSM) - ansible.builtin.shell: systemctl stop ksm - when: ksm.rc == 0 - become: true - become_user: root - -- name: Disable kernel same page merging (KSM) - ansible.builtin.shell: systemctl disable ksm - when: ksm.rc == 0 - become: true - become_user: root - -- name: Stop Kernel Samepage Merging (KSM) Tuning Daemon - ansible.builtin.shell: systemctl stop ksmtuned - when: ksmtuned.rc == 0 - become: true - become_user: root - -- name: Disable Kernel Samepage Merging (KSM) Tuning Daemon - ansible.builtin.shell: systemctl disable ksmtuned - when: ksmtuned.rc == 0 - become: true - become_user: root +- name: Stop and disable kernel same page merging (KSM) + ansible.builtin.systemd: + name: ksm + state: stopped + enabled: false + +- name: Stop and disable kernel same page merging (KSM) tuning daemon + ansible.builtin.systemd: + name: ksmtuned + state: stopped + enabled: false - name: Check CPU Stepping - ansible.builtin.shell: lscpu | awk '/Stepping/{print $2}' + ansible.builtin.shell: set -o pipefail && lscpu | awk '/Stepping/{print $2}' register: cpu_stepping_output - become: true - become_user: root + changed_when: cpu_stepping_output.rc != 0 -- set_fact: +- name: Register CPU stepping as fact + ansible.builtin.set_fact: cpu_stepping: "{{ cpu_stepping_output.stdout }}" become: true become_user: root -- name: Print CPU Stepping - ansible.builtin.shell: echo "{{ cpu_stepping }}" - become: true - become_user: root - # skylake: - name: Set ple_gap=0 on Intel Skylake CPU Platform ansible.builtin.lineinfile: @@ -108,7 +77,7 @@ become: true become_user: root -- name: Trigger tuned profile sap-hana-kvm activation +- name: Include allocate hughepages at runtime ansible.builtin.include_tasks: allocate-hugepages-at-runtime.yml when: sap_hypervisor_node_preconfigure_reserve_hugepages == "runtime" @@ -123,7 +92,7 @@ with_items: - default_hugepagesz=1GB - hugepagesz=1GB - - hugepages={{ ( ansible_memtotal_mb / 1024 )|int - sap_hypervisor_node_preconfigure_reserved_ram }} + - hugepages={{ (ansible_memtotal_mb / 1024) | int - sap_hypervisor_node_preconfigure_reserved_ram }} notify: __sap_hypervisor_node_preconfigure_regenerate_grub2_conf_handler tags: grubconfig when: sap_hypervisor_node_preconfigure_reserve_hugepages == "static" diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/main.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/main.yml index 213a45bca..a8c606aa1 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/main.yml @@ -13,13 +13,17 @@ assert_prefix: "assert-" when: sap_hypervisor_node_preconfigure_assert|d(false) -- include_tasks: '{{ assert_prefix }}installation.yml' +- name: Include "{{ assert_prefix }}installation.yml" + ansible.builtin.include_tasks: '{{ assert_prefix }}installation.yml' -- include_tasks: '{{ assert_prefix }}configuration.yml' +- name: Include "{{ assert_prefix }}configuration.yml" + ansible.builtin.include_tasks: '{{ assert_prefix }}configuration.yml' -- include_tasks: '{{ assert_prefix }}set-tuned-profile.yml' +- name: Include "{{ assert_prefix }}set-tuned-profile.yml" + ansible.builtin.include_tasks: '{{ assert_prefix }}set-tuned-profile.yml' -- include_tasks: "{{ assert_prefix }}rhv-hooks.yml" +- name: Include "{{ assert_prefix }}rhv-hooks.yml" + ansible.builtin.include_tasks: "{{ assert_prefix }}rhv-hooks.yml" loop: - "{{ role_path }}/tasks/platform/{{ sap_hypervisor_node_platform }}/50_hana" - "{{ role_path }}/tasks/platform/{{ sap_hypervisor_node_platform }}/50_iothread_pinning" diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/rhv-hooks.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/rhv-hooks.yml index 045b55069..ee0d63a8d 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/rhv-hooks.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/rhv-hooks.yml @@ -3,6 +3,7 @@ ansible.builtin.file: path: /usr/libexec/vdsm/hooks/before_vm_start state: directory + mode: "0755" become: true become_user: root @@ -10,6 +11,6 @@ ansible.builtin.copy: dest: "/usr/libexec/vdsm/hooks/before_vm_start/{{ item }}" src: "{{ item }}" - mode: '0755' + mode: "0755" become: true become_user: root diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/set-tuned-profile.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/set-tuned-profile.yml index 415c4a194..91c3d7757 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/set-tuned-profile.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/set-tuned-profile.yml @@ -3,12 +3,14 @@ ansible.builtin.file: path: /usr/lib/tuned/sap-hana-kvm-host state: directory + mode: "0755" become: true become_user: root - name: Create sap-hana-kvm-host tuned profile ansible.builtin.copy: dest: "/usr/lib/tuned/sap-hana-kvm-host/tuned.conf" + mode: "0644" content: | # # tuned configuration @@ -36,5 +38,7 @@ - name: Activate tuned profile ansible.builtin.command: tuned-adm profile sap-hana-kvm-host + register: __sap_hypervisor_node_preconfigre_register_tuned_activation_output become: true become_user: root + changed_when: __sap_hypervisor_node_preconfigre_register_tuned_activation_output.rc != 0 diff --git a/roles/sap_hypervisor_node_preconfigure/vars/platform_defaults_redhat_ocp_virt.yml b/roles/sap_hypervisor_node_preconfigure/vars/platform_defaults_redhat_ocp_virt.yml new file mode 100644 index 000000000..18a34fec4 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/vars/platform_defaults_redhat_ocp_virt.yml @@ -0,0 +1,19 @@ +--- +# vars file for sap_hypervisor_node_preconfigure +# + +# Install the trident NFS storage provider +sap_hypervisor_node_preconfigure_install_trident: False +# URL of the trident installer package to use +sap_hypervisor_node_preconfigure_install_trident_url: https://github.com/NetApp/trident/releases/download/v23.01.0/trident-installer-23.01.0.tar.gz + +# should SRIOV be enabled for unsupported NICs +sap_hypervisor_node_preconfigure_sriov_enable_unsupported_nics: True + +# Amount of memory [GB] to be reserved for the hypervisor on hosts >= 512GB +sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_ge_512: 64 #GB +# Amount of memory [GB] to be reserved for the hypervisor on hosts < 512GB +sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_lt_512: 32 #GB + +# Should the check for the minimal amount of be ignored? Minimal amount is 96 GB +sap_hypervisor_node_preconfigure_ignore_minimal_memory_check: False From 6ee18d1a84b562a800e078f62f2a885f0fe10e63 Mon Sep 17 00:00:00 2001 From: Markus Koch Date: Thu, 12 Oct 2023 22:18:28 +0200 Subject: [PATCH 002/196] Adding hosts update/configuration role (issue #171) --- .pre-commit-config.yaml | 2 +- roles/update_etc_hosts/README.md | 63 ++++++++ roles/update_etc_hosts/defaults/main.yml | 7 + roles/update_etc_hosts/handlers/main.yml | 2 + .../update_etc_hosts/meta/argument_specs.yml | 63 ++++++++ roles/update_etc_hosts/meta/main.yml | 27 ++++ roles/update_etc_hosts/tasks/main.yml | 9 ++ .../tasks/update_host_absent.yml | 38 +++++ .../tasks/update_host_present.yml | 149 ++++++++++++++++++ roles/update_etc_hosts/tests/inventory | 1 + roles/update_etc_hosts/tests/test.yml | 6 + roles/update_etc_hosts/vars/main.yml | 3 + 12 files changed, 369 insertions(+), 1 deletion(-) create mode 100644 roles/update_etc_hosts/README.md create mode 100644 roles/update_etc_hosts/defaults/main.yml create mode 100644 roles/update_etc_hosts/handlers/main.yml create mode 100644 roles/update_etc_hosts/meta/argument_specs.yml create mode 100644 roles/update_etc_hosts/meta/main.yml create mode 100644 roles/update_etc_hosts/tasks/main.yml create mode 100644 roles/update_etc_hosts/tasks/update_host_absent.yml create mode 100644 roles/update_etc_hosts/tasks/update_host_present.yml create mode 100644 roles/update_etc_hosts/tests/inventory create mode 100644 roles/update_etc_hosts/tests/test.yml create mode 100644 roles/update_etc_hosts/vars/main.yml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 13541e313..144fc62e1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -33,7 +33,7 @@ repos: # types: [file, yaml] # entry: yamllint --strict - repo: https://github.com/ansible-community/ansible-lint.git - rev: v6.8.6 # put latest release tag from https://github.com/ansible-community/ansible-lint/releases/ + rev: v6.20.3 # put latest release tag from https://github.com/ansible-community/ansible-lint/releases/ hooks: - id: ansible-lint files: \.(yaml|yml)$ diff --git a/roles/update_etc_hosts/README.md b/roles/update_etc_hosts/README.md new file mode 100644 index 000000000..d0ccc4e39 --- /dev/null +++ b/roles/update_etc_hosts/README.md @@ -0,0 +1,63 @@ +Role Name +========= + +This role can be used to reliably update teh /etc/hosts file + + + +Role Variables +-------------- + +This role needs a a dictonary `update_etc_hosts_list` which contains the parameters for the hostfile + + + +Example Playbook +---------------- + +If you want to setup/add entries your etc hosts you can use this snippet + +```[yaml] +- name: Ensure /etc/hosts is updated + include_role: sap_update_etc_hosts + var: + update_etc_hosts_list: + - node_ip: 1.2.3.4 + node_name: host1 + aliases: + - alias1 + - anotheralias2 + comment: "Here comes text after hashsign" (defaults to hana_site) + state: present + - node_ip: 1.2.3.5 + node_name: host2 + state: absent +``` +If you have defined a cluster and the variable `sap_ha_pacemaker_cluster_cluster_nodes` or `sap_hana_cluster_nodes` is set, you can use the follwoing play: + +```[yaml] +- name: ensure all cluster nodes are in /etc/hosts + include_role: update_etc_hosts + var: + update_etc_hosts_list: "{{ sap_hana_cluster_nodes }} +``` + +License +------- + +Apache-2.0 + +Author Information +------------------ + +@rhmk 10/10/23 diff --git a/roles/update_etc_hosts/defaults/main.yml b/roles/update_etc_hosts/defaults/main.yml new file mode 100644 index 000000000..add317a76 --- /dev/null +++ b/roles/update_etc_hosts/defaults/main.yml @@ -0,0 +1,7 @@ +--- +# defaults file for update_etc_hosts + +update_etc_hosts_list: + - node_ip: "{{ ansible_default_ipv4.address }}" + node_name: "{{ ansible_hostname }}" + state: present diff --git a/roles/update_etc_hosts/handlers/main.yml b/roles/update_etc_hosts/handlers/main.yml new file mode 100644 index 000000000..595bfdf36 --- /dev/null +++ b/roles/update_etc_hosts/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for update_etc_hosts diff --git a/roles/update_etc_hosts/meta/argument_specs.yml b/roles/update_etc_hosts/meta/argument_specs.yml new file mode 100644 index 000000000..416eee686 --- /dev/null +++ b/roles/update_etc_hosts/meta/argument_specs.yml @@ -0,0 +1,63 @@ +--- +# Requires: ansible 2.11 +# Argument specifications in this separate file maintain backwards compatibility. +argument_specs: + +# For required variables using aliases do not work and fail the argument validation. + + main: + short_description: Configure /etc/hosts + options: + update_etc_hosts_list: + type: list + description: + - List of nodes, ip adresses aliases and comments to define in /etc/hosts + - This is required for proper local host configuration. + elements: dict + options: + node_ip: + description: + - IP address of the node + node_name: + description: + - Hostame of the node + node_domain: + description: + - Domainname of the node + - _Optional. Defaults to sap_domain_ + aliases: + type: list + description: + - List of hostname aliases + elements: str + alias_mode: + type: str + default: merge + choices: + - merge + - overwrite + description: + - merges or overwrites the aliases + node_comment: + description: String which is appended to line in hosts after comment string + state: + type: str + default: present + choices: + - present + - absent + description: + - Defines if an entry is added or removed from /etc/hosts + example: + update_etc_hosts_list: + - node_ip: 1.2.3.4 + node_name: host1 + node_domain: abc.de + aliases: + - alias1 + - anotheralias2 + node_comment: "Here comes text after hashsign" + state: present + - node_ip: 1.2.3.5 + node_name: host2 + state: absent diff --git a/roles/update_etc_hosts/meta/main.yml b/roles/update_etc_hosts/meta/main.yml new file mode 100644 index 000000000..6ca5424da --- /dev/null +++ b/roles/update_etc_hosts/meta/main.yml @@ -0,0 +1,27 @@ +--- +galaxy_info: + namespace: community + author: Red Hat for SAP Community of Practice, Markus Koch + description: Configuration of /etc/hosts + company: Red Hat, Inc. + + license: Apache-2.0 + + min_ansible_version: "2.12" + + platforms: + - name: "EL" + versions: + - "8" + - "9" + - name: "SLES" + versions: + - "15" + + galaxy_tags: + - rhel + - redhat + - sles + - suse + +dependencies: [] diff --git a/roles/update_etc_hosts/tasks/main.yml b/roles/update_etc_hosts/tasks/main.yml new file mode 100644 index 000000000..4e471351a --- /dev/null +++ b/roles/update_etc_hosts/tasks/main.yml @@ -0,0 +1,9 @@ +--- +# tasks file for update_etc_hosts +- name: Add entry to "{{ __update_etc_hosts_file }}" + loop: "{{ update_etc_hosts_list }}" + loop_control: + label: "{{ thishost.node_name }}" + loop_var: thishost + ansible.builtin.include_tasks: + file: update_host_{{ thishost.state | default('present') }}.yml diff --git a/roles/update_etc_hosts/tasks/update_host_absent.yml b/roles/update_etc_hosts/tasks/update_host_absent.yml new file mode 100644 index 000000000..236eedd05 --- /dev/null +++ b/roles/update_etc_hosts/tasks/update_host_absent.yml @@ -0,0 +1,38 @@ +--- +- name: Verify that variable node_ip is in the correct format + ansible.builtin.assert: + that: thishost.node_ip is ansible.utils.ip + msg: "Variable 'node_ip' is not an IP adress. Please use the correct format" + when: thisnode.node_ip is defined + +- name: Ensure that the entry all enries in hosts file are removed with IP {{ thishost.node_ip | d('undefined') }} + ansible.builtin.lineinfile: + path: "{{ __update_etc_hosts_file }}" + regexp: '^{{ thishost.node_ip }}\s' + state: absent + backup: true + when: + - thishost.node_ip is defined + - not ansible_check_mode + +- name: Ensure that the entry all enries in hosts file are removed with name {{ thishost.node_name | d('undefined') }} + ansible.builtin.lineinfile: + path: "{{ __update_etc_hosts_file }}" + regexp: '^.*\s{{ thishost.node_name }}\s' + state: absent + backup: true + when: + - thishost.node_name is defined + - thishost.node_domain is undefined + - not ansible_check_mode + +- name: Ensure that the entry all enries in hosts file are removed with FQDN + ansible.builtin.lineinfile: + path: "{{ __update_etc_hosts_file }}" + regexp: '^.*\s{{ thishost.node_name + "." + thishost.node_domain }}\s' + state: absent + backup: true + when: + - thishost.node_name is defined + - thishost.node_domain is defined + - not ansible_check_mode diff --git a/roles/update_etc_hosts/tasks/update_host_present.yml b/roles/update_etc_hosts/tasks/update_host_present.yml new file mode 100644 index 000000000..a7a4c7ce4 --- /dev/null +++ b/roles/update_etc_hosts/tasks/update_host_present.yml @@ -0,0 +1,149 @@ +--- +# TODO CHECK/SET Variables +- name: Verify that variable node_ip is set + ansible.builtin.assert: + that: not( ( thishost.node_ip is undefined) or ( thishost.node_ip is none) or ( thishost.node_ip | trim == '') ) + msg: "Variable 'node_ip' is undefined or empty. Please define it your host list" + +- name: Verify that variable node_ip is in the correct format + ansible.builtin.assert: + that: thishost.node_ip is ansible.utils.ip + msg: "Variable 'node_ip' is not an IP adress. Please use the correct format" + +- name: Verify that variable node_name is set + ansible.builtin.assert: + that: not( ( thishost.node_name is undefined) or ( thishost.node_name is none) or ( thishost.node_name | trim == '') ) + msg: "Variable 'node_name' is undefined or empty. Please define it your host list" + +- name: Ensure node_domain is set + ansible.builtin.set_fact: + __update_etc_hosts_domain: "{{ thishost.node_domain | default(sap_domain | default(ansible_domain)) }}" + +- name: Verify that variable domain_name is set + ansible.builtin.assert: + that: > + not( ( __update_etc_hosts_domain is undefined) or + ( __update_etc_hosts_domain is none) or + ( __update_etc_hosts_domain | trim == '') ) + msg: "Variable 'node_name' is undefined or empty. Please define it your host list" + +- name: Set default values + ansible.builtin.set_fact: + __update_etc_hosts_comment: "{{ ( thishost.node_comment|d('') + ' ' + thishost.hana_site|d('') ) | trim }}" + __update_etc_hosts_alias_mode: "{{ thishost.alias_mode | default('merge') }}" + +- name: Prepend Hashtag to comment + when: __update_etc_hosts_comment|length > 0 + ansible.builtin.set_fact: + __update_etc_hosts_comment: "# {{ __update_etc_hosts_comment }}" + +- name: merge existing aliases with new alis list + when: __update_etc_hosts_alias_mode != "overwrite" + block: + - name: Get all existing hostname aliases of {{ thishost.node_ip }} + ansible.builtin.shell: | + awk '( $1 == "{{ thishost.node_ip }}" ) { + for (i=2; i<=NF; ++i) { + if ( $i == "#" ) { break } + if (( $i != "{{ thishost.node_name }}" ) && ( $i != "{{ thishost.node_name }}.{{ __update_etc_hosts_domain }}" )) { printf " "$i } + } + }' "{{ __update_etc_hosts_file }}" + register: __update_etc_hosts_register_aliases + changed_when: false + - name: Add defined aliases + ansible.builtin.set_fact: + __update_etc_hosts_aliases: "{{ (__update_etc_hosts_register_aliases.stdout.split(' ') + thishost.aliases|d([]))|unique|join(' ') }}" + +- name: Overwrite existing aliases + when: __update_etc_hosts_alias_mode == "overwrite" + ansible.builtin.set_fact: + __update_etc_hosts_aliases: "{{ thishost.node_aliases|d([])|unique|join(' ') }}" + +- name: Display host and domain name, and IP address before the modification + ansible.builtin.debug: + msg: + - "hostname = {{ thishost.node_name }}" + - "domain = {{ __update_etc_hosts_domain }}" + - "ip = {{ thishost.node_ip }}" + - "comment = {{ __update_etc_hosts_comment }}" + - "aliases = {{ __update_etc_hosts_aliases }}" + - "alias mode = {{ __update_etc_hosts_alias_mode }}" + +# We allow more than one line containing sap_ip: +- name: Check for duplicate entries of {{ thishost.node_ip }} + ansible.builtin.shell: | + n=$(grep "^{{ thishost.node_ip }}\s" {{ __update_etc_hosts_file }} | wc -l) + if [ $n -gt 1 ]; then + echo "Duplicate IP entry in {{ __update_etc_hosts_file }}!" + exit 1 + else + exit 0 + fi + register: __update_etc_hosts_register_duplicate_ip_check + changed_when: false + ignore_errors: true + when: not ansible_check_mode + +- name: Report if there is more than one line with the IP address + ansible.builtin.debug: + msg: + - "More than one line containing {{ thishost.node_ip }}. File {{ __update_etc_hosts_file }} will not be modified." + when: + - not ansible_check_mode + - __update_etc_hosts_register_duplicate_ip_check.stdout == 'Duplicate IP entry in {{ __update_etc_hosts_file }}!' + +- name: Ensure that the entry in hosts file is correct + ansible.builtin.lineinfile: + path: "{{ __update_etc_hosts_file }}" + regexp: '^{{ thishost.node_ip }}\s' + line: "{{ thishost.node_ip }} {{ thishost.node_name }}.{{ __update_etc_hosts_domain }} {{ thishost.node_name }} {{ __update_etc_hosts_aliases }} {{ __update_etc_hosts_comment }}" + backup: true + when: + - not ansible_check_mode + - __update_etc_hosts_register_duplicate_ip_check.stdout != 'Duplicate IP entry in {{ __update_etc_hosts_file }}!' + +- name: Check for duplicate or missing entries of hostname and fqdn in {{ __update_etc_hosts_file }} + ansible.builtin.shell: | + n=$(awk 'BEGIN{a=0}/^{{ line_item }}\s/||/\s{{ line_item }}\s/||/\s{{ line_item }}$/{a++}END{print a}' {{ __update_etc_hosts_file }}) + if [ $n -eq 1 ]; then + exit 0 + else + exit 1 + fi + loop: + - '{{ thishost.node_name }}.{{ __update_etc_hosts_domain }}' + - '{{ thishost.node_name }}' + changed_when: false + loop_control: + loop_var: line_item + when: not ansible_check_mode + +- name: Check if ipv4 address, FQDN, and hostname are in {{ __update_etc_hosts_file }} + block: + - name: Perform the hosts file completeness check + ansible.builtin.command: awk 'BEGIN{a=0}/{{ thishost.node_ip }}/&&/{{ thishost.node_name }}.{{ __update_etc_hosts_domain }}/&&/{{ thishost.node_name }}/{a++}END{print a}' {{ __update_etc_hosts_file }} + register: __update_etc_hosts_register_ipv4_fqdn_sap_hostname_once_check + changed_when: false + + - name: Display the output of the hosts file completeness check + ansible.builtin.debug: + var: __update_etc_hosts_register_ipv4_fqdn_sap_hostname_once_check.stdout_lines, + __update_etc_hosts_register_ipv4_fqdn_sap_hostname_once_check.stderr_lines + + - name: Display the expected output of the hosts file completeness check + ansible.builtin.debug: + msg: + - "Expected:" + - "{{ thishost.node_ip }} {{ thishost.node_name }}.{{ __update_etc_hosts_domain }} {{ thishost.node_name }}" + when: + - __update_etc_hosts_register_ipv4_fqdn_sap_hostname_once_check.stdout != "1" + + - name: Fail if ip4 address, FQDN, or hostname are not in hosts file + ansible.builtin.fail: + msg: + - "Server's ip4 address, FQDN, or hostname are not in {{ __update_etc_hosts_file }}!" + - "Expected:" + - "{{ thishost.node_ip }} {{ thishost.node_name }}.{{ __update_etc_hosts_domain }} {{ thishost.node_name }}" + when: + - __update_etc_hosts_register_ipv4_fqdn_sap_hostname_once_check.stdout != "1" + ignore_errors: "{{ ansible_check_mode }}" diff --git a/roles/update_etc_hosts/tests/inventory b/roles/update_etc_hosts/tests/inventory new file mode 100644 index 000000000..2fbb50c4a --- /dev/null +++ b/roles/update_etc_hosts/tests/inventory @@ -0,0 +1 @@ +localhost diff --git a/roles/update_etc_hosts/tests/test.yml b/roles/update_etc_hosts/tests/test.yml new file mode 100644 index 000000000..6cfd33070 --- /dev/null +++ b/roles/update_etc_hosts/tests/test.yml @@ -0,0 +1,6 @@ +--- +- name: test play + hosts: localhost + remote_user: root + roles: + - update_etc_hosts diff --git a/roles/update_etc_hosts/vars/main.yml b/roles/update_etc_hosts/vars/main.yml new file mode 100644 index 000000000..24b9733e9 --- /dev/null +++ b/roles/update_etc_hosts/vars/main.yml @@ -0,0 +1,3 @@ +--- +# vars file for update_etc_hosts +__update_etc_hosts_file: /etc/hosts From d455bbc3ebad2f6e2f312e793f3c9444a5342986 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Mon, 16 Oct 2023 16:45:05 +0200 Subject: [PATCH 003/196] updated documentation --- .../README.md | 87 ++++++------------- 1 file changed, 26 insertions(+), 61 deletions(-) diff --git a/roles/sap_hypervisor_node_preconfigure/README.md b/roles/sap_hypervisor_node_preconfigure/README.md index 628a6a86d..83d92b8d4 100644 --- a/roles/sap_hypervisor_node_preconfigure/README.md +++ b/roles/sap_hypervisor_node_preconfigure/README.md @@ -1,27 +1,21 @@ `EXPERIMENTAL` -sap_hypervisor_node_preconfigure -======================= +# sap_hypervisor_node_preconfigure This role will configure the following hypervisors in order to run SAP workloads: -* Redhat Openshift Virtualization (OCPV) -* Redhat Enterprise Virtualization (RHV) +* Red Hat OpenShift Virtualization (OCPV) +* Red Hat Enterprise Virtualization (RHV) -Platform: Redhat Openshift Virtualization -========================================= +## Platform: Red Hat OpenShift Virtualization -This role will configure a plain vanilla Openshift cluster so it can be used for SAP workloads. +This role will configure a plain vanilla OpenShift cluster so it can be used for SAP workloads. -Requirements ------------- -A freshly installed Openshift cluster. -The worker nodes should have > 96GB of memory. -Storage is required, e.g. via NFS, Openshift Data Foundation or local storage. -This role can setup access to a Netapp Filer via Trident storage connector. -Point the `KUBECONFIG` environment variable to you `kubeconfig`. - - -Install the packages stated in `requirements.txt` on the host where the role runs. +### Requirements +* A freshly installed OpenShift cluster. +* The worker nodes should have > 96GB of memory. +* Storage is required, e.g. via NFS, OpenShift Data Foundation or local storage. This role can setup access to a Netapp Filer via Trident storage connector. +* `kubeconfig` Point the `KUBECONFIG` environment variable to you `kubeconfig`. +* Required packages: Install the packages stated in `requirements.txt` on the host where the role runs. The required packages are: ``` httpd-tools @@ -29,15 +23,14 @@ ansible-collection-kubernetes-core ``` -Make the role available in case you didn't install it already in an ansible roles directory, e.g. +* Make the role available in case you didn't install it already in an ansible roles directory, e.g. ``` mkdir -p ~/.ansible/roles/ ln -sf ~/community.sap_install/roles/sap_hypervisor_node_preconfigure ~/.ansible/roles/ ``` -Role Variables --------------- +### Role Variables General variables are defined in sap_hypervisor_node_preconfigure/vars/platform_defaults_redhat_ocp_virt.yml ``` # Install the trident NFS storage provider @@ -149,32 +142,13 @@ sap_hypervisor_node_preconfigure_cluster_config: type: sriov ``` -Dependencies ------------- - +### Dependencies A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. -Example Playbook ----------------- - -See `playbooks/sample-sap-hypervisor-redhat_ocp_virt-preconfigure.yml` for this example: - -``` ---- -- hosts: all - gather_facts: true - serial: 1 - vars: - sap_hypervisor_node_platform: redhat_ocp_virt +### Example Playbook +See `playbooks/sample-sap-hypervisor-redhat_ocp_virt-preconfigure.yml` for an example. - tasks: - - name: Include Role - ansible.builtin.include_role: - name: sap_hypervisor_node_preconfigure -``` - -Example Usage -------------- +### Example Usage Make sure to set the `KUBECONFIG` environment variable, e.g. ``` export KUBECONFIG=~/.kubeconfig @@ -185,17 +159,14 @@ ansible-playbook --connection=local -i localhost, playbooks/sample-sap-hypervis ``` -Platform: RHEL KVM -=================== -set and check the required settings and parameters for a hypervisor running VMs for SAP HANA. - -Requirements ------------- -A RHV hypervisor. +## Platform: RHEL KVM +This Ansible Role allows preconfigure of Red Hat Virtualization (RHV), formerly called Red Hat Enterprise Virtualization (RHEV) prior to version 4.4 release. Red Hat Virtualization (RHV) consists of 'Red Hat Virtualization Manager (RHV-M)' and the 'Red Hat Virtualization Host (RHV-H)' hypervisor nodes that this Ansible Role preconfigures. Please note, Red Hat Virtualization is discontinued and available until mid-2024 in Maintenance support or mid-2026 in Extended Life support. +This Ansible Role does not preconfigure RHEL KVM (RHEL-KVM) hypervisor nodes. Please note that RHEL KVM is standalone, and does not have Management tooling (previously provided by RHV-M). -Role Variables --------------- +### Requirements +* A RHV hypervisor. +### Role Variables `sap_hypervisor_node_preconfigure_reserved_ram (default: 100)` Reserve memory [GB] for hypervisor host. Depending in the use case should be at least 50-100GB. `sap_hypervisor_node_preconfigure_reserve_hugepages (default: static)` Hugepage allocation method: {static|runtime}. @@ -227,9 +198,7 @@ runtime: done with hugeadm which is faster, but can in some cases not ensure all `sap_hypervisor_node_preconfigure_run_grub2_mkconfig (default: yes)` Update the grub2 config. -Example Playbook ----------------- - +### Example Playbook Simple example that just sets the parameters. ``` --- @@ -258,12 +227,8 @@ Run in assert mode to verify that parameters have been set. ansible.builtin.include_role: name: sap_hypervisor_node_preconfigure ``` -License -------- - +### License Apache 2.0 -Author Information ------------------- - +### Author Information Nils Koenig (nkoenig@redhat.com) From c06ece88dc8d1276ec2aa611a12c1aaaf93c69ff Mon Sep 17 00:00:00 2001 From: Markus Koch Date: Wed, 18 Oct 2023 11:17:19 +0200 Subject: [PATCH 004/196] Update RedHat_8.yml fixes issue #497 --- roles/sap_hana_preconfigure/vars/RedHat_8.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/sap_hana_preconfigure/vars/RedHat_8.yml b/roles/sap_hana_preconfigure/vars/RedHat_8.yml index 6982ceae3..ddba6a0a6 100644 --- a/roles/sap_hana_preconfigure/vars/RedHat_8.yml +++ b/roles/sap_hana_preconfigure/vars/RedHat_8.yml @@ -7,6 +7,7 @@ __sap_hana_preconfigure_supported_rhel_minor_releases: - "8.2" - "8.4" - "8.6" + - "8.8" # required repos for RHEL 8: __sap_hana_preconfigure_req_repos_redhat_8_0_x86_64: From 2d10a87fa4ebf4b248e317e01820666ffae8edf7 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 23 Oct 2023 14:41:11 +0200 Subject: [PATCH 005/196] sap_hana_preconfigure: Add RHEL 8.8 kernel version Solves issue #497. --- roles/sap_hana_preconfigure/vars/RedHat_8.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/sap_hana_preconfigure/vars/RedHat_8.yml b/roles/sap_hana_preconfigure/vars/RedHat_8.yml index ddba6a0a6..82f048a3e 100644 --- a/roles/sap_hana_preconfigure/vars/RedHat_8.yml +++ b/roles/sap_hana_preconfigure/vars/RedHat_8.yml @@ -182,8 +182,10 @@ __sap_hana_preconfigure_min_packages_8_7_x86_64: __sap_hana_preconfigure_min_packages_8_7_ppc64le: __sap_hana_preconfigure_min_packages_8_8_x86_64: + - [ 'kernel', '4.18.0-477.13.1.el8_8' ] __sap_hana_preconfigure_min_packages_8_8_ppc64le: + - [ 'kernel', '4.18.0-477.13.1.el8_8' ] __sap_hana_preconfigure_min_pkgs: "{{ lookup('vars', '__sap_hana_preconfigure_min_packages_' + ansible_distribution_version | string | replace(\".\", \"_\") + '_' + ansible_architecture) }}" From 5600c6ec7a593c538fec639fd242cc27560f490d Mon Sep 17 00:00:00 2001 From: newkit Date: Tue, 24 Oct 2023 15:50:19 +0200 Subject: [PATCH 006/196] Update roles/sap_hypervisor_node_preconfigure/README.md Co-authored-by: Felix Matouschek --- roles/sap_hypervisor_node_preconfigure/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_hypervisor_node_preconfigure/README.md b/roles/sap_hypervisor_node_preconfigure/README.md index 83d92b8d4..013527e9e 100644 --- a/roles/sap_hypervisor_node_preconfigure/README.md +++ b/roles/sap_hypervisor_node_preconfigure/README.md @@ -46,7 +46,7 @@ sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_ge_512: 64 #GB # Amount of memory [GB] to be reserved for the hypervisor on hosts < 512GB sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_lt_512: 32 #GB -# Should the check for the minimal amount of be ignored? Minimal amount is 96 GB +# Should the check for the minimal amount of memory be ignored? Minimal amount is 96 GB # If ignored, the amount of $hostmemory - $reserved is allocated with a lower bound of 0 in case $reserved > $hostmemory sap_hypervisor_node_preconfigure_ignore_minimal_memory_check: False ``` From 0e1ce92379dfbeca56f86d0fcdf143d319c65ae6 Mon Sep 17 00:00:00 2001 From: newkit Date: Tue, 24 Oct 2023 15:50:59 +0200 Subject: [PATCH 007/196] Update roles/sap_hypervisor_node_preconfigure/README.md Co-authored-by: Felix Matouschek --- roles/sap_hypervisor_node_preconfigure/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_hypervisor_node_preconfigure/README.md b/roles/sap_hypervisor_node_preconfigure/README.md index 013527e9e..1b333788c 100644 --- a/roles/sap_hypervisor_node_preconfigure/README.md +++ b/roles/sap_hypervisor_node_preconfigure/README.md @@ -14,7 +14,7 @@ This role will configure a plain vanilla OpenShift cluster so it can be used for * A freshly installed OpenShift cluster. * The worker nodes should have > 96GB of memory. * Storage is required, e.g. via NFS, OpenShift Data Foundation or local storage. This role can setup access to a Netapp Filer via Trident storage connector. -* `kubeconfig` Point the `KUBECONFIG` environment variable to you `kubeconfig`. +* Point the `KUBECONFIG` environment variable to your `kubeconfig`. * Required packages: Install the packages stated in `requirements.txt` on the host where the role runs. The required packages are: ``` From 8c80b9e8e9000e39d5ed059d0934b9b87a2b6890 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Tue, 24 Oct 2023 16:01:01 +0200 Subject: [PATCH 008/196] include hpp --- roles/sap_hypervisor_node_preconfigure/README.md | 3 --- .../tasks/platform/redhat_ocp_virt/main.yml | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/sap_hypervisor_node_preconfigure/README.md b/roles/sap_hypervisor_node_preconfigure/README.md index 83d92b8d4..22d09819b 100644 --- a/roles/sap_hypervisor_node_preconfigure/README.md +++ b/roles/sap_hypervisor_node_preconfigure/README.md @@ -142,9 +142,6 @@ sap_hypervisor_node_preconfigure_cluster_config: type: sriov ``` -### Dependencies -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - ### Example Playbook See `playbooks/sample-sap-hypervisor-redhat_ocp_virt-preconfigure.yml` for an example. diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml index c3b61a5ab..fc1c7ab7a 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml @@ -62,3 +62,7 @@ - name: Include Trident installation ansible.builtin.include_tasks: install-trident.yml when: sap_hypervisor_node_preconfigure_install_trident + +- name: Include local storage creation (HPP) + ansible.builtin.include_tasks: install-hpp.yml + when: sap_hypervisor_node_preconfigure_install_hpp From 68f775d0f3f175fc4ad10b130e928bb0d1ec3b61 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Tue, 24 Oct 2023 16:05:50 +0200 Subject: [PATCH 009/196] added install-hpp.yml --- .../platform/redhat_ocp_virt/install-hpp.yml | 93 +++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-hpp.yml diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-hpp.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-hpp.yml new file mode 100644 index 000000000..544616d63 --- /dev/null +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/install-hpp.yml @@ -0,0 +1,93 @@ +- name: Create systemd files for local storage handling + kubernetes.core.k8s: + state: present + definition: + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + metadata: + annotations: + labels: + machineconfiguration.openshift.io/role: worker + name: 50-hpp-local + spec: + config: + ignition: + version: 2.2.0 + systemd: + units: + - contents: | + [Unit] + Description=Create mountpoint /var/localstorage and initialize filesystem + Before=var-localstorage.mount + [Service] + Type=oneshot + ExecStart=/bin/bash -c "if [[ $(lsblk -o FSTYPE {{ sap_hypervisor_node_preconfigure_cluster_config.worker_localstorage_device }} --noheadings) != 'xfs' ]]; then mkfs.xfs -f {{ sap_hypervisor_node_preconfigure_cluster_config.worker_localstorage_device }}; fi" + ExecStart=/bin/mkdir -p /var/localstorage + enabled: true + name: create-mountpoint-var-localstorage.service + - contents: | + [Unit] + After=create-mountpoint-var-localstorage.service + Requires=create-mountpoint-var-localstorage.service + Before=local-fs.target + [Mount] + What={{ sap_hypervisor_node_preconfigure_cluster_config.worker_localstorage_device }} + Where=/var/localstorage + Type=xfs + [Install] + WantedBy=local-fs.target + enabled: true + name: var-localstorage.mount + - contents: | + [Unit] + Description=Set SELinux chcon for hostpath provisioner + Before=kubelet.service + After=var-localstorage.mount + [Service] + ExecStart=/usr/bin/chcon -Rt container_file_t /var/localstorage + + [Install] + WantedBy=multi-user.target + enabled: true + name: hostpath-provisioner.service + +- name: Wait for mountpoint to be ready + ansible.builtin.pause: + minutes: 3 + +- name: Create hostpath provisioner (HPP) + kubernetes.core.k8s: + state: present + definition: + apiVersion: hostpathprovisioner.kubevirt.io/v1beta1 + kind: HostPathProvisioner + metadata: + name: hostpath-provisioner + spec: + imagePullPolicy: IfNotPresent + storagePools: + - name: localstorage + path: /var/localstorage + workload: + nodeSelector: + kubernetes.io/os: linux + machineconfiguration.openshift.io/role: worker + +- name: Create storage class for HPP + kubernetes.core.k8s: + state: present + definition: + apiVersion: storage.k8s.io/v1 + kind: StorageClass + metadata: + name: local + annotations: + storageclass.kubernetes.io/is-default-class: "true" + provisioner: kubevirt.io.hostpath-provisioner + reclaimPolicy: Delete + volumeBindingMode: WaitForFirstConsumer + parameters: + storagePool: localstorage + + + From b743620702d43f81a26954cec05acc0448a30cc3 Mon Sep 17 00:00:00 2001 From: newkit Date: Tue, 24 Oct 2023 16:06:26 +0200 Subject: [PATCH 010/196] Update roles/sap_hypervisor_node_preconfigure/README.md Co-authored-by: Felix Matouschek --- roles/sap_hypervisor_node_preconfigure/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_hypervisor_node_preconfigure/README.md b/roles/sap_hypervisor_node_preconfigure/README.md index 1b333788c..b86018e99 100644 --- a/roles/sap_hypervisor_node_preconfigure/README.md +++ b/roles/sap_hypervisor_node_preconfigure/README.md @@ -13,7 +13,7 @@ This role will configure a plain vanilla OpenShift cluster so it can be used for ### Requirements * A freshly installed OpenShift cluster. * The worker nodes should have > 96GB of memory. -* Storage is required, e.g. via NFS, OpenShift Data Foundation or local storage. This role can setup access to a Netapp Filer via Trident storage connector. +* Storage is required, e.g. via NFS, OpenShift Data Foundation or local storage. This role can setup access to a Netapp Filer via Trident storage connector. * Point the `KUBECONFIG` environment variable to your `kubeconfig`. * Required packages: Install the packages stated in `requirements.txt` on the host where the role runs. The required packages are: From 8ac014c1283c0601559d57afc9d0b0591488c62d Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Thu, 26 Oct 2023 15:00:22 +0200 Subject: [PATCH 011/196] updated doc --- .../README.md | 32 ++++++++++--------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/roles/sap_hypervisor_node_preconfigure/README.md b/roles/sap_hypervisor_node_preconfigure/README.md index 08f2b6edd..699993bb1 100644 --- a/roles/sap_hypervisor_node_preconfigure/README.md +++ b/roles/sap_hypervisor_node_preconfigure/README.md @@ -15,14 +15,7 @@ This role will configure a plain vanilla OpenShift cluster so it can be used for * The worker nodes should have > 96GB of memory. * Storage is required, e.g. via NFS, OpenShift Data Foundation or local storage. This role can setup access to a Netapp Filer via Trident storage connector. * Point the `KUBECONFIG` environment variable to your `kubeconfig`. -* Required packages: Install the packages stated in `requirements.txt` on the host where the role runs. -The required packages are: -``` -httpd-tools -ansible-collection-kubernetes-core -``` - - +* Required packages: This roles uses the kubernetes ansible module, this can be installed via the package`ansible-collection-kubernetes-core`. * Make the role available in case you didn't install it already in an ansible roles directory, e.g. ``` @@ -33,13 +26,14 @@ ln -sf ~/community.sap_install/roles/sap_hypervisor_node_preconfigure ~/.ansible ### Role Variables General variables are defined in sap_hypervisor_node_preconfigure/vars/platform_defaults_redhat_ocp_virt.yml ``` -# Install the trident NFS storage provider -sap_hypervisor_node_preconfigure_install_trident: False +# Install the trident NFS storage provider. If yes, expects configuration details under +# sap_hypervisor_node_preconfigure_cluster_config.trident, see example config. +sap_hypervisor_node_preconfigure_install_trident: True|False # URL of the trident installer package to use sap_hypervisor_node_preconfigure_install_trident_url: https://github.com/NetApp/trident/releases/download/v23.01.0/trident-installer-23.01.0.tar.gz # should SRIOV be enabled for unsupported NICs -sap_hypervisor_node_preconfigure_sriov_enable_unsupported_nics: True +sap_hypervisor_node_preconfigure_sriov_enable_unsupported_nics: True|False # Amount of memory [GB] to be reserved for the hypervisor on hosts >= 512GB sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_ge_512: 64 #GB @@ -48,7 +42,12 @@ sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_lt_512: 32 #GB # Should the check for the minimal amount of memory be ignored? Minimal amount is 96 GB # If ignored, the amount of $hostmemory - $reserved is allocated with a lower bound of 0 in case $reserved > $hostmemory -sap_hypervisor_node_preconfigure_ignore_minimal_memory_check: False +sap_hypervisor_node_preconfigure_ignore_minimal_memory_check: True|False + +# Define if the host path provisioner should be installed in order to use a local disk as storage device. +# Uses the following variable to be set to the storage device to be used, e.g.: +# sap_hypervisor_node_preconfigure_cluster_config.worker_localstorage_device: /dev/sdb +sap_hypervisor_node_preconfigure_install_hpp: True|False ``` The following variables are describing the nodes and networks to be used. It can make sense to have them in a seperate file, e.g. see `playbooks/vars/sample-variables-sap-hypervisor-node-preconfigure-rh_ocp_virt.yml` for an example. @@ -74,11 +73,14 @@ sap_hypervisor_node_preconfigure_cluster_config: storage_driver: ontap-nas storage_prefix: ocpv_sap_ + # CPU cores which will be reserved for kubernetes + worker_kubernetes_reserved_cpus: "0,1" + + # Storage device used for host path provisioner as local storage. + worker_localstorage_device: /dev/vdb + # detailed configuration for every worker that should be configured workers: - kubernetes_reserved_cpus: "0,1" # CPU cores reserved for - # kubernetes - - name: worker-0 # name must match the node name networks: # Example network config - name: sapbridge # using a bridge From 1000071cfe397fd415034f616751ab80d54844c4 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Thu, 26 Oct 2023 16:37:41 +0200 Subject: [PATCH 012/196] WIP: restructure sap_hypervisor_node_preconfigure --- .../handlers/main.yml | 2 +- .../redhat_ocp_virt/99-kargs-worker.yml.j2 | 5 +- .../redhat_ocp_virt/configure-worker-node.yml | 6 -- .../redhat_ocp_virt/download-rhel-images.yml | 21 ------- .../redhat_ocp_virt/enable-cpumanager.yml | 61 ------------------- .../tasks/platform/redhat_ocp_virt/main.yml | 32 ++++++++++ .../tasks/platform/redhat_ocp_virt/mcp.yml.j2 | 47 -------------- .../redhat_ocp_virt/setup-worker-node.yml | 38 ++++-------- 8 files changed, 47 insertions(+), 165 deletions(-) delete mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/download-rhel-images.yml delete mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/enable-cpumanager.yml delete mode 100644 roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/mcp.yml.j2 diff --git a/roles/sap_hypervisor_node_preconfigure/handlers/main.yml b/roles/sap_hypervisor_node_preconfigure/handlers/main.yml index f920c7196..5150d6bdd 100644 --- a/roles/sap_hypervisor_node_preconfigure/handlers/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/handlers/main.yml @@ -1,4 +1,4 @@ --- -- name: SAP certified hypervisor node preconfigure - Include Handler Tasks for {{ sap_hypervisor_node_platform }} +- name: hypervisor node preconfigure - Include Handler Tasks for {{ sap_hypervisor_node_platform }} ansible.builtin.include_tasks: "{{ role_path }}/handlers/platform/{{ sap_hypervisor_node_platform }}/main.yml" diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/99-kargs-worker.yml.j2 b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/99-kargs-worker.yml.j2 index 183bfb353..32064a8d7 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/99-kargs-worker.yml.j2 +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/99-kargs-worker.yml.j2 @@ -2,9 +2,8 @@ apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: labels: - kubernetes.io/hostname: {{ __sap_hypervisor_node_preconfigure_register_worker_name }} - machineconfiguration.openshift.io/role: {{ __sap_hypervisor_node_preconfigure_register_worker_name }} - name: 99-kargs-{{ __sap_hypervisor_node_preconfigure_register_worker_name }} + machineconfiguration.openshift.io/role: worker + name: 99-kargs-worker spec: config: ignition: diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-worker-node.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-worker-node.yml index 82fec7ac3..068bbf1d8 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-worker-node.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/configure-worker-node.yml @@ -7,12 +7,6 @@ index_var: __sap_hypervisor_node_preconfigure_register_worker_network_nr when: __sap_hypervisor_node_preconfigure_register_worker.networks is defined -- name: "Create MCP for {{ __sap_hypervisor_node_preconfigure_register_worker.name }}" - kubernetes.core.k8s: - template: - path: "mcp.yml.j2" - state: present - - name: Pause so cluster can process config ansible.builtin.pause: minutes: 1 diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/download-rhel-images.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/download-rhel-images.yml deleted file mode 100644 index 6dd050ea9..000000000 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/download-rhel-images.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: "Download rhel 8.6 image" - kubernetes.core.k8s: - state: present - definition: - apiVersion: cdi.kubevirt.io/v1beta1 - kind: DataVolume - metadata: - namespace: openshift-virtualization-os-images - name: rhel-86 - annotations: - cdi.kubevirt.io/storage.bind.immediate.requested: 'true' - spec: - source: - registry: - url: 'docker://registry.redhat.io/rhel8/rhel-guest-image:8.6.0' - pullMethod: node - storage: - resources: - requests: - storage: 10Gi diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/enable-cpumanager.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/enable-cpumanager.yml deleted file mode 100644 index 25e88c1b2..000000000 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/enable-cpumanager.yml +++ /dev/null @@ -1,61 +0,0 @@ ---- -- name: Label nodes - ansible.builtin.command: "oc label node {{ __sap_hypervisor_node_preconfigure_register_worker.name }} \ - feature.node.kubernetes.io/cpu-feature-invtsc=true --overwrite=true" - register: __sap_hypervisor_node_preconfigure_register_label_node - changed_when: __sap_hypervisor_node_preconfigure_register_label_node.rc != 0 - -- name: Enable CPU Manager by patching MCP of "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" - kubernetes.core.k8s: - state: patched - definition: - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfigPool - metadata: - name: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" - labels: - custom-kubelet: "cpumanager-enabled" - -- name: Create kubletconfig for cpumanager "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" - when: sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus is defined - kubernetes.core.k8s: - state: present - definition: - apiVersion: machineconfiguration.openshift.io/v1 - kind: KubeletConfig - metadata: - name: "cpumanager-enabled" - kubernetes.io/hostname: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" - machineconfiguration.openshift.io/role: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" - spec: - machineConfigPoolSelector: - matchLabels: - custom-kubelet: "cpumanager-enabled" - kubeletConfig: - cpuManagerPolicy: static - cpuManagerReconcilePeriod: 5s - reservedSystemCPUs: "{{ sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus }}" - -- name: Create kubletconfig for cpumanager "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" - when: sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus is not defined - kubernetes.core.k8s: - state: present - definition: - apiVersion: machineconfiguration.openshift.io/v1 - kind: KubeletConfig - metadata: - name: "cpumanager-enabled" - kubernetes.io/hostname: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" - machineconfiguration.openshift.io/role: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" - spec: - machineConfigPoolSelector: - matchLabels: - custom-kubelet: "cpumanager-enabled" - kubeletConfig: - cpuManagerPolicy: static - cpuManagerReconcilePeriod: 5s - -- name: Label nodes - ansible.builtin.command: "oc label node {{ __sap_hypervisor_node_preconfigure_register_worker.name }} cpumanager=true --overwrite=true" - register: __sap_hypervisor_node_preconfigure_register_label_node - changed_when: __sap_hypervisor_node_preconfigure_register_label_node.rc != 0 diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml index fc1c7ab7a..e846f712d 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml @@ -29,6 +29,37 @@ fail_msg: No nodes found that match configuration provided in sap_hypervisor_node_preconfigure_cluster success_msg: Configured nodes found +# Determine available memory on first worker node. +# This amount will be used for all nodes, so make sure all have an identical amount. +- name: Get worker name + ansible.builtin.set_fact: + __sap_hypervisor_node_preconfigure_register_worker_name: + "{{ __sap_hypervisor_node_preconfigure_register_nodes[0]['metadata']['labels']['kubernetes.io/hostname'] }}" + +- name: Get memory of worker node + ansible.builtin.set_fact: + __sap_hypervisor_node_preconfigure_register_worker_memory_gb: + "{{ (__sap_hypervisor_node_preconfigure_register_nodes[0]['status']['capacity']['memory'] | replace('Ki', '') | int / 1048576) | int }}" + +- name: Check if host has minimal amount of memory (96Gb) + ansible.builtin.assert: + that: __sap_hypervisor_node_preconfigure_register_worker_memory_gb|int >= 96 + fail_msg: "Not enough memory on node {{ __sap_hypervisor_node_preconfigure_register_worker_name }}" + success_msg: "Enough memory on node {{ __sap_hypervisor_node_preconfigure_register_worker_name }}" + ignore_errors: "{{ sap_hypervisor_node_preconfigure_ignore_minimal_memory_check }}" + +# calculate memory to be allocated as hugepages +# if system < 512GB memory use 32GB as upper boundary, 64GB otherwise as upper boundary +- name: Calculate amount of hugepages to reserve (host memory < 512 Gb) + ansible.builtin.set_fact: + __sap_hypervisor_node_preconfigure_register_worker_reserved_hugepages: "{{ __sap_hypervisor_node_preconfigure_register_worker_memory_gb | int - sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_lt_512 }}" + when: __sap_hypervisor_node_preconfigure_register_worker_memory_gb|int < 512 + +- name: Calculate amount of hugepages to reserve (host memory >= 512 Gb) + ansible.builtin.set_fact: + __sap_hypervisor_node_preconfigure_register_worker_reserved_hugepages: "{{ __sap_hypervisor_node_preconfigure_register_worker_memory_gb | int - sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_ge_512 }}" + when: __sap_hypervisor_node_preconfigure_register_worker_memory_gb|int >= 512 + # - meta: end_play - name: Include prepare @@ -66,3 +97,4 @@ - name: Include local storage creation (HPP) ansible.builtin.include_tasks: install-hpp.yml when: sap_hypervisor_node_preconfigure_install_hpp + diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/mcp.yml.j2 b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/mcp.yml.j2 deleted file mode 100644 index 1a39d0a06..000000000 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/mcp.yml.j2 +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: machineconfiguration.openshift.io/v1 -kind: MachineConfigPool -metadata: - labels: - machineconfiguration.openshift.io/mco-built-in: "" - name: {{ __sap_hypervisor_node_preconfigure_register_worker.name }} -spec: - configuration: - source: - - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - name: 00-worker - - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - name: 01-worker-container-runtime - - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - name: 01-worker-kubelet - - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - name: 99-worker-generated-crio-capabilities - - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - name: 99-worker-generated-crio-seccomp-use-default - - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - name: 99-worker-generated-kubelet - - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - name: 99-worker-generated-registries - - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - name: 99-worker-ssh - - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - name: 99-kargs-{{ __sap_hypervisor_node_preconfigure_register_worker.name }} - machineConfigSelector: - matchExpressions: - - key: machineconfiguration.openshift.io/role - operator: In - values: - - worker - - {{ __sap_hypervisor_node_preconfigure_register_worker.name }} - nodeSelector: - matchLabels: - kubernetes.io/hostname: "{{ __sap_hypervisor_node_preconfigure_register_worker.name }}" - paused: false diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/setup-worker-node.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/setup-worker-node.yml index 2dc78034f..e144f1a9b 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/setup-worker-node.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/setup-worker-node.yml @@ -1,11 +1,4 @@ --- -- name: Include configure kargs - ansible.builtin.include_tasks: configure-kargs-per-node.yml - with_items: "{{ __sap_hypervisor_node_preconfigure_register_nodes }}" - loop_control: - loop_var: __sap_hypervisor_node_preconfigure_register_worker - index_var: __sap_hypervisor_node_preconfigure_register_worker_nr - - name: Include configure worker ansible.builtin.include_tasks: configure-worker-node.yml with_items: "{{ sap_hypervisor_node_preconfigure_cluster_config.workers }}" @@ -24,8 +17,7 @@ labels: custom-kubelet: cpumanager-enabled - -- name: Create kubletconfig for cpumanager worker +- name: Create kubletconfig for cpumanager worker with CPUs reserved for kubernetes when: sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus is defined kubernetes.core.k8s: state: absent @@ -44,7 +36,7 @@ reservedSystemCPUs: "{{ sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus }}" - name: Create kubletconfig for cpumanager worker - when: sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus is defined + when: sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus is not defined kubernetes.core.k8s: state: present definition: @@ -52,6 +44,7 @@ kind: KubeletConfig metadata: name: cpumanager-enabled + machineconfiguration.openshift.io/role: worker spec: machineConfigPoolSelector: matchLabels: @@ -59,22 +52,15 @@ kubeletConfig: cpuManagerPolicy: static cpuManagerReconcilePeriod: 5s - reservedSystemCPUs: "{{ sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus }}" -- name: Create kubletconfig for cpumanager worker - when: sap_hypervisor_node_preconfigure_cluster_config.worker_kubernetes_reserved_cpus is not defined +- name: Personalize template + ansible.builtin.template: + src: 99-kargs-worker.yml.j2 + dest: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir.path }}/99-kargs-worker.yml.j2" + mode: "0644" + +- name: Enable hugepages kubernetes.core.k8s: state: present - definition: - apiVersion: machineconfiguration.openshift.io/v1 - kind: KubeletConfig - metadata: - name: cpumanager-enabled - machineconfiguration.openshift.io/role: worker - spec: - machineConfigPoolSelector: - matchLabels: - custom-kubelet: cpumanager-enabled - kubeletConfig: - cpuManagerPolicy: static - cpuManagerReconcilePeriod: 5s + src: "{{ __sap_hypervisor_node_preconfigure_register_tmpdir.path }}/99-kargs-worker.yml.j2" + From bd0f4af70bf3dabcffe61e9da2aa9e47d66c64ab Mon Sep 17 00:00:00 2001 From: Markus Koch Date: Fri, 27 Oct 2023 16:25:05 +0200 Subject: [PATCH 013/196] update_etc_hosts: typo in argspecs --- roles/update_etc_hosts/meta/argument_specs.yml | 2 +- roles/update_etc_hosts/tests/test.hosts | 1 + roles/update_etc_hosts/tests/test.yml | 17 +++++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 roles/update_etc_hosts/tests/test.hosts diff --git a/roles/update_etc_hosts/meta/argument_specs.yml b/roles/update_etc_hosts/meta/argument_specs.yml index 416eee686..25719b14a 100644 --- a/roles/update_etc_hosts/meta/argument_specs.yml +++ b/roles/update_etc_hosts/meta/argument_specs.yml @@ -20,7 +20,7 @@ argument_specs: - IP address of the node node_name: description: - - Hostame of the node + - Hostname of the node node_domain: description: - Domainname of the node diff --git a/roles/update_etc_hosts/tests/test.hosts b/roles/update_etc_hosts/tests/test.hosts new file mode 100644 index 000000000..75721cd5a --- /dev/null +++ b/roles/update_etc_hosts/tests/test.hosts @@ -0,0 +1 @@ +127.0.0.1 localhost diff --git a/roles/update_etc_hosts/tests/test.yml b/roles/update_etc_hosts/tests/test.yml index 6cfd33070..1e8bb5b50 100644 --- a/roles/update_etc_hosts/tests/test.yml +++ b/roles/update_etc_hosts/tests/test.yml @@ -1,6 +1,23 @@ --- +# you can run 'ansible-playbook test.yml -e __update_etc_hosts_file=./test.hosts' for testing this role - name: test play hosts: localhost remote_user: root + become: true + + vars: + update_etc_hosts_list: + - node_ip: 1.2.3.4 + node_name: host1 + node_domain: abc.de + aliases: + - alias1 + - anotheralias2 + node_comment: "Here comes text after hashsign" + state: present + - node_ip: 1.2.3.5 + node_name: host2 + state: absent + roles: - update_etc_hosts From 2edc92a0988fec62ff06ce0a19a3be4dbabee4fa Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Mon, 30 Oct 2023 16:53:38 +0100 Subject: [PATCH 014/196] variable name fix (minor) --- .../tasks/platform/redhat_ocp_virt/main.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml index e846f712d..6e0e5d0d4 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_ocp_virt/main.yml @@ -26,7 +26,7 @@ - name: Assert that configured nodes are found ansible.builtin.assert: that: __sap_hypervisor_node_preconfigure_register_nodes is defined - fail_msg: No nodes found that match configuration provided in sap_hypervisor_node_preconfigure_cluster + fail_msg: No nodes found that match configuration provided in sap_hypervisor_node_preconfigure_cluster_config success_msg: Configured nodes found # Determine available memory on first worker node. @@ -60,8 +60,6 @@ __sap_hypervisor_node_preconfigure_register_worker_reserved_hugepages: "{{ __sap_hypervisor_node_preconfigure_register_worker_memory_gb | int - sap_hypervisor_node_preconfigure_hypervisor_reserved_ram_host_ge_512 }}" when: __sap_hypervisor_node_preconfigure_register_worker_memory_gb|int >= 512 -# - meta: end_play - - name: Include prepare ansible.builtin.include_tasks: prepare.yml - name: Include tuned virtual host From 34a8dcab698828511fe443022d3356257675a934 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Mon, 30 Oct 2023 18:03:16 +0100 Subject: [PATCH 015/196] fixed missing vars --- .../sap_hypervisor_node_preconfigure/defaults/main.yml | 10 ++++++---- .../vars/platform_defaults_redhat_ocp_virt.yml | 3 +++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/roles/sap_hypervisor_node_preconfigure/defaults/main.yml b/roles/sap_hypervisor_node_preconfigure/defaults/main.yml index 479c11670..6dc76587f 100644 --- a/roles/sap_hypervisor_node_preconfigure/defaults/main.yml +++ b/roles/sap_hypervisor_node_preconfigure/defaults/main.yml @@ -26,12 +26,14 @@ sap_hypervisor_node_preconfigure_cluster_config: storage_driver: ontap-nas storage_prefix: ocpv_sap_ + # CPU cores reserved for kubernetes on worker node + worker_kubernetes_reserved_cpus: "0,1" + + # Storage device which should be used if host path provisioner is used + worker_localstorage_device: /dev/vdb + # detailed configuration for every worker that should be configured - # workers: - - kubernetes_reserved_cpus: "0,1" # CPU cores reserved for - # kubernetes - - name: worker-0 # name must match the node name networks: # Example network config - name: sapbridge # using a bridge diff --git a/roles/sap_hypervisor_node_preconfigure/vars/platform_defaults_redhat_ocp_virt.yml b/roles/sap_hypervisor_node_preconfigure/vars/platform_defaults_redhat_ocp_virt.yml index eed5209cd..be422195e 100644 --- a/roles/sap_hypervisor_node_preconfigure/vars/platform_defaults_redhat_ocp_virt.yml +++ b/roles/sap_hypervisor_node_preconfigure/vars/platform_defaults_redhat_ocp_virt.yml @@ -2,6 +2,9 @@ # vars file for sap_hypervisor_node_preconfigure # +# Install and configure the host path provisioner (hpp) for a local storage disk +sap_hypervisor_node_preconfigure_install_hpp: False + # Install the trident NFS storage provider sap_hypervisor_node_preconfigure_install_trident: False # URL of the trident installer package to use From 32b06cdf120a14aa220ddbfc298734c58a584463 Mon Sep 17 00:00:00 2001 From: Markus Koch Date: Tue, 31 Oct 2023 10:03:21 +0100 Subject: [PATCH 016/196] first fixes implemented --- roles/update_etc_hosts/README.md | 4 ++-- roles/update_etc_hosts/defaults/main.yml | 1 + roles/update_etc_hosts/handlers/main.yml | 2 -- roles/update_etc_hosts/meta/argument_specs.yml | 12 ++++++++++-- roles/update_etc_hosts/tasks/update_host_present.yml | 12 ++++++------ 5 files changed, 19 insertions(+), 12 deletions(-) delete mode 100644 roles/update_etc_hosts/handlers/main.yml diff --git a/roles/update_etc_hosts/README.md b/roles/update_etc_hosts/README.md index d0ccc4e39..d44ff7be7 100644 --- a/roles/update_etc_hosts/README.md +++ b/roles/update_etc_hosts/README.md @@ -1,7 +1,7 @@ Role Name ========= -This role can be used to reliably update teh /etc/hosts file +This role can be used to reliably update the /etc/hosts file -Role Variables --------------- +## Role Input Parameters -This role needs a a dictonary `update_etc_hosts_list` which contains the parameters for the hostfile. -It can be used for adding and deleting entries from `/etc/hosts` +This role requires the dictonary `update_etc_hosts_list` which contains the parameters for the hostfile. The default value is the definition of the cluster nodes like in the role `sap_ha_pacemaker_cluster`. If the value `sap_hana_cluster_nodes`or `sap_ha_pacemaker_cluster_cluster_nodes` is not defined the role creates a default value from `ansible_facts`. + +Caution: If you want to use this role to remove entries from /etc/hosts it is a good practise to do this before adding entries. The adding/removal is done in the order the entries are listed. + +### update_etc_hosts_list + +- _Type:_ `list` + + List of nodes to be added or removed in /etc/hosts + possible list options: + +#### node_ip + +- _Type:_ `string` + + IP address of the node. + It is required for adding a node. + When deleting a node use only when node_name and node_domain are not defined + +#### node_name + +- _Type:_ `string` + + Hostname of the node + It is required for adding a node. + When deleting a node use only when node_ip is not defined + +#### node_domain + +- _Type:_ `string` + + Domainname of the node + Defaults to sap_domain, if set, otherwise ansible_domain is the default + When deleting a node use only when node_name is defined + +#### aliases + +- _Type:_ `list` + + List of aliases for the node + Not used when state is absent + +#### alias_mode + +- _Type:_ `string` + + Options: + + - `merge` : merges the list of aliases with the exiting aliases of the node. (default) + - `overwrite` : overwrites the aliases of the node. + + Not used when state is absent + +#### node_comment + +- _Type:_ `string` + + default: managed by ansible update_etc_hosts role` + String which is appended to line in hosts after comment string + Not used when state is absent + +#### hana_site + +- _Type:_ `string` + + if set (e.g. for configuring cluster) it is appended to the comment + Not used when state is absent + +#### node_role + + Not used. For compatibility reason only. + +#### state + +- _Type:_ `string` + + Options: + + - `present` : creates a host entry (default)` + - `absent` : removes a host entry by ip or hostname " block: | - [sysctl] - net.ipv4.tcp_timestamps = 0 - net.ipv4.tcp_tw_reuse = 0 - net.ipv4.tcp_tw_recycle = 0 + [sysctl] + net.ipv4.tcp_timestamps = 0 + net.ipv4.tcp_tw_reuse = 0 + net.ipv4.tcp_tw_recycle = 0 when: - sap_hana_preconfigure_saptune_azure @@ -66,8 +66,8 @@ register: __sap_hana_preconfigure_register_saptune_verify changed_when: false # We're only checking, not changing! failed_when: false # We expect this to fail if it has not previously been applied - when: - __sap_hana_preconfigure_run_saptune + when: + - __sap_hana_preconfigure_run_saptune - name: Ensure no solution is currently applied ansible.builtin.command: "saptune solution revert {{ __sap_hana_preconfigure_fact_solution_configured }}" @@ -76,12 +76,11 @@ - __sap_hana_preconfigure_run_saptune - __sap_hana_preconfigure_fact_solution_configured != 'NONE' - __sap_hana_preconfigure_register_saptune_verify.rc != 0 - - name: Ensure saptune solution is applied ansible.builtin.command: "saptune solution apply {{ sap_hana_preconfigure_saptune_solution }}" #changed_when: true - when: + when: - __sap_hana_preconfigure_run_saptune - __sap_hana_preconfigure_register_saptune_verify.rc != 0 block: @@ -90,13 +89,12 @@ ansible.builtin.command: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}" changed_when: false # We're only checking, not changing! - - name: Make sure that sapconf and tuned are stopped and disabled ansible.builtin.command: "saptune service takeover" register: __sap_saptune_takeover changed_when: __sap_saptune_takeover.rc == 0 -- name: restart sapconf service +- name: Restart sapconf service ansible.builtin.systemd: name: sapconf state: restarted diff --git a/roles/sap_hana_preconfigure/tasks/SLES/installation.yml b/roles/sap_hana_preconfigure/tasks/SLES/installation.yml index 56b161a9f..3788ec552 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/installation.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/installation.yml @@ -17,46 +17,46 @@ register: sles_baseproduct when: ansible_os_family == 'Suse' -- name: Setfact if baseproduct contains SLES without SLES_SAP +- name: Set fact if baseproduct contains SLES without SLES_SAP ansible.builtin.set_fact: __sap_hana_preconfigure_run_saptune: false - when: + when: - '"SLES_SAP" not in sles_baseproduct.stat.lnk_target' - '"SLES" in sles_baseproduct.stat.lnk_target' - ansible_os_family == 'Suse' - name: Output - ansible.builtin.debug: + ansible.builtin.debug: msg: - - "OS Familiy: {{ ansible_os_family }}" - - "saptune: {{ __sap_hana_preconfigure_run_saptune }}" + - "OS Family: {{ ansible_os_family }}" + - "saptune: {{ __sap_hana_preconfigure_run_saptune }}" - "link: {{ sles_baseproduct.stat.lnk_target }}" # ----------- -- name: prepare saptune +- name: Prepare saptune + when: + - __sap_hana_preconfigure_run_saptune block: + - name: Ensure saphana pattern is installed community.general.zypper: type: pattern name: sap-hana state: present - force: yes + force: true - name: Ensure saptune is installed community.general.zypper: type: package name: "saptune={{ sap_hana_preconfigure_saptune_version }}" state: present - force: yes - when: - __sap_hana_preconfigure_run_saptune + force: true - name: Ensure sapconf is installed community.general.zypper: type: package name: "sapconf" state: present - force: yes - when: - not __sap_hana_preconfigure_run_saptune - \ No newline at end of file + force: true + when: + - not __sap_hana_preconfigure_run_saptune diff --git a/roles/sap_netweaver_preconfigure/defaults/main.yml b/roles/sap_netweaver_preconfigure/defaults/main.yml index 9883e1cea..b49137da0 100644 --- a/roles/sap_netweaver_preconfigure/defaults/main.yml +++ b/roles/sap_netweaver_preconfigure/defaults/main.yml @@ -29,4 +29,3 @@ sap_netweaver_preconfigure_saptune_version: '3.0.2' # The default value is NETWEAVER sap_netweaver_preconfigure_saptune_solution: NETWEAVER - diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/assert-configuration.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/assert-configuration.yml index 3360e8232..a3a4a87b8 100644 --- a/roles/sap_netweaver_preconfigure/tasks/SLES/assert-configuration.yml +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/assert-configuration.yml @@ -25,7 +25,7 @@ - name: Discover active solution ansible.builtin.command: saptune solution enabled register: __sap_netweaver_preconfigure_register_saptune_status - changed_when: no + changed_when: false - name: Set solution fact ansible.builtin.set_fact: @@ -34,7 +34,7 @@ - name: Discover active solution ansible.builtin.command: saptune solution enabled register: __sap_netweaver_preconfigure_register_saptune_status - changed_when: no + changed_when: false - name: Set fact for active solution ansible.builtin.set_fact: diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml index fc773af8a..502f02ce8 100644 --- a/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml @@ -1,8 +1,8 @@ --- -- name: saptune - when: - __sap_netweaver_preconfigure_run_saptune +- name: Configure saptune + when: + - __sap_netweaver_preconfigure_run_saptune block: - name: Ensure saptune is running and enabled @@ -15,7 +15,6 @@ ansible.builtin.command: saptune_check changed_when: false - - name: Discover active solution ansible.builtin.command: saptune solution enabled register: __sap_netweaver_preconfigure_register_saptune_status @@ -48,23 +47,23 @@ - name: Ensure saptune solution is applied ansible.builtin.command: "saptune solution apply {{ sap_netweaver_preconfigure_saptune_solution }}" #changed_when: true - when: + when: - __sap_netweaver_preconfigure_run_saptune - __sap_netweaver_preconfigure_register_saptune_verify.rc != 0 - name: Ensure solution was successful ansible.builtin.command: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}" changed_when: false # We're only checking, not changing! - when: - __sap_netweaver_preconfigure_run_saptune + when: + - __sap_netweaver_preconfigure_run_saptune # restart sapconf service -- name: restart sapconf service +- name: Restart sapconf service ansible.builtin.systemd: name: sapconf state: restarted when: - not __sap_netweaver_preconfigure_run_saptune + - not __sap_netweaver_preconfigure_run_saptune - name: Warn if not enough swap space is configured ansible.builtin.fail: diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml index dd219a1dd..feef1ae71 100644 --- a/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/installation.yml @@ -14,26 +14,26 @@ - name: Setfact if baseproduct contains SLES without SLES_SAP ansible.builtin.set_fact: __sap_netweaver_preconfigure_run_saptune: false - when: + when: - '"SLES_SAP" not in sles_baseproduct.stat.lnk_target' - '"SLES" in sles_baseproduct.stat.lnk_target' - ansible_os_family == 'Suse' -#The use of zypper here allows exact saptune version to be declared and used. +# The use of zypper here allows exact saptune version to be declared and used. - name: Ensure saptune is installed community.general.zypper: type: package name: "saptune={{ sap_netweaver_preconfigure_saptune_version }}" state: present - force: yes + force: true when: - __sap_netweaver_preconfigure_run_saptune + - __sap_netweaver_preconfigure_run_saptune - name: Ensure sapconf is installed community.general.zypper: type: package name: "sapconf" state: present - force: yes + force: true when: - not __sap_netweaver_preconfigure_run_saptune \ No newline at end of file + - not __sap_netweaver_preconfigure_run_saptune From 27d7770294e019f81795f475505a967951a07439 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Sat, 13 Jan 2024 15:31:43 +0000 Subject: [PATCH 181/196] sap_hana_preconfigure: trailing space in vars --- roles/sap_hana_preconfigure/vars/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/sap_hana_preconfigure/vars/main.yml b/roles/sap_hana_preconfigure/vars/main.yml index af1f7ccbb..c438d4919 100644 --- a/roles/sap_hana_preconfigure/vars/main.yml +++ b/roles/sap_hana_preconfigure/vars/main.yml @@ -26,6 +26,6 @@ __sap_hana_preconfigure_ibm_power_repo_url: '' # for SLES saptune is only available for Sles for SAP Application, but for SLES (Standard) only sapconf is available. # Pls set __sap_hana_preconfigure_run_saptune: false for "SLES" (Standard) # __sap_hana_preconfigure_run_saptune: true for "SLES for SAP Applications" -# for RHEL saptune is available: -# Pls set __sap_hana_preconfigure_run_saptune: true for "RHEL" +# for RHEL saptune is available: +# Pls set __sap_hana_preconfigure_run_saptune: true for "RHEL" __sap_hana_preconfigure_run_saptune: true From e704b30c14b18671c3ee72baa2f5926ec4e1b383 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Mon, 15 Jan 2024 08:36:55 +0000 Subject: [PATCH 182/196] Issue 566 AWS instances detection improvement --- .../tasks/platform/ascertain_platform_type.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/ascertain_platform_type.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/ascertain_platform_type.yml index c2fccb0e3..95196df6f 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/ascertain_platform_type.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/ascertain_platform_type.yml @@ -49,7 +49,8 @@ - name: "SAP HA Prepare Pacemaker - Check if platform is Amazon Web Services EC2 Virtual Server" when: - '"amazon" in ansible_system_vendor | lower - or "amazon" in ansible_product_name | lower' + or "amazon" in ansible_product_name | lower + or "amazon" in ansible_product_version | lower' ansible.builtin.set_fact: __sap_ha_pacemaker_cluster_platform: cloud_aws_ec2_vs From ae6c7603b5b91dea63e6267ffb448f0a450d86d1 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Mon, 15 Jan 2024 09:45:33 +0000 Subject: [PATCH 183/196] Code fixes for #499 and improvements for #539 --- .../tasks/SLES/configuration.yml | 88 +++++++++---------- roles/sap_hana_preconfigure/vars/main.yml | 7 +- .../tasks/SLES/configuration.yml | 70 +++++++-------- .../sap_netweaver_preconfigure/vars/main.yml | 4 + 4 files changed, 81 insertions(+), 88 deletions(-) diff --git a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml index 57c56194e..b588e9d88 100644 --- a/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_hana_preconfigure/tasks/SLES/configuration.yml @@ -1,13 +1,11 @@ --- - -#- name: Enable Debugging -# debug: -# verbosity: "{{ debuglevel }}" -# - -- name: Prepare saptune +- name: Takover saptune and enable when: __sap_hana_preconfigure_run_saptune block: + - name: Make sure that sapconf and tuned are stopped and disabled + ansible.builtin.command: "saptune service takeover" + register: __sap_saptune_takeover + changed_when: __sap_saptune_takeover.rc == 0 - name: Ensure saptune is running and enabled ansible.builtin.systemd: @@ -26,19 +24,27 @@ - name: Set fact for active solution ansible.builtin.set_fact: - __sap_hana_preconfigure_fact_solution_configured: "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" # Capture the first block on none whitespace + # Capture the first block on none whitespace + __sap_hana_preconfigure_fact_solution_configured: + "{{ (__sap_hana_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" - name: Show configured solution ansible.builtin.debug: var: __sap_hana_preconfigure_fact_solution_configured -- name: Ensure sapconf is running and enabled - ansible.builtin.systemd: - name: sapconf - state: started - enabled: true - when: - - not __sap_hana_preconfigure_run_saptune +- name: Enable sapconf + when: not __sap_hana_preconfigure_run_saptune + block: + - name: Enable sapconf service + ansible.builtin.systemd: + name: sapconf + state: started + enabled: true + + - name: Restart sapconf service + ansible.builtin.systemd: + name: sapconf + state: restarted # If this is a cluster node on Azure, we need to override to disable tcp timestamps, reuse and recycle. # This can be done by copying the sapnote file 2382421 from /usr/share/saptune/notes to /etc/saptune/override @@ -61,42 +67,28 @@ when: - sap_hana_preconfigure_saptune_azure -- name: Check if saptune solution needs to be applied - ansible.builtin.command: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}" - register: __sap_hana_preconfigure_register_saptune_verify - changed_when: false # We're only checking, not changing! - failed_when: false # We expect this to fail if it has not previously been applied - when: - - __sap_hana_preconfigure_run_saptune +- name: Apply saptune solution + when: __sap_hana_preconfigure_run_saptune + block: + - name: Check if saptune solution needs to be applied + ansible.builtin.command: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}" + register: __sap_hana_preconfigure_register_saptune_verify + changed_when: false # We're only checking, not changing! + failed_when: false # We expect this to fail if it has not previously been applied -- name: Ensure no solution is currently applied - ansible.builtin.command: "saptune solution revert {{ __sap_hana_preconfigure_fact_solution_configured }}" - changed_when: true - when: - - __sap_hana_preconfigure_run_saptune - - __sap_hana_preconfigure_fact_solution_configured != 'NONE' - - __sap_hana_preconfigure_register_saptune_verify.rc != 0 + - name: Ensure no solution is currently applied + ansible.builtin.command: "saptune solution revert {{ __sap_hana_preconfigure_fact_solution_configured }}" + changed_when: true + when: + - __sap_hana_preconfigure_fact_solution_configured != 'NONE' + - __sap_hana_preconfigure_register_saptune_verify.rc != 0 -- name: Ensure saptune solution is applied - ansible.builtin.command: "saptune solution apply {{ sap_hana_preconfigure_saptune_solution }}" - #changed_when: true - when: - - __sap_hana_preconfigure_run_saptune - - __sap_hana_preconfigure_register_saptune_verify.rc != 0 - block: + - name: Ensure saptune solution is applied + ansible.builtin.command: "saptune solution apply {{ sap_hana_preconfigure_saptune_solution }}" + changed_when: true + when: + - __sap_hana_preconfigure_register_saptune_verify.rc != 0 - name: Ensure solution was successful ansible.builtin.command: "saptune solution verify {{ sap_hana_preconfigure_saptune_solution }}" changed_when: false # We're only checking, not changing! - - - name: Make sure that sapconf and tuned are stopped and disabled - ansible.builtin.command: "saptune service takeover" - register: __sap_saptune_takeover - changed_when: __sap_saptune_takeover.rc == 0 - -- name: Restart sapconf service - ansible.builtin.systemd: - name: sapconf - state: restarted - when: - not __sap_hana_preconfigure_run_saptune diff --git a/roles/sap_hana_preconfigure/vars/main.yml b/roles/sap_hana_preconfigure/vars/main.yml index c438d4919..9f808286c 100644 --- a/roles/sap_hana_preconfigure/vars/main.yml +++ b/roles/sap_hana_preconfigure/vars/main.yml @@ -23,9 +23,6 @@ __sap_hana_preconfigure_kernel_parameters_default: [] __sap_hana_preconfigure_kernel_parameters_default_ppc64le: [] __sap_hana_preconfigure_ibm_power_repo_url: '' -# for SLES saptune is only available for Sles for SAP Application, but for SLES (Standard) only sapconf is available. -# Pls set __sap_hana_preconfigure_run_saptune: false for "SLES" (Standard) -# __sap_hana_preconfigure_run_saptune: true for "SLES for SAP Applications" -# for RHEL saptune is available: -# Pls set __sap_hana_preconfigure_run_saptune: true for "RHEL" +# SLES_SAP is using saptune, but SLES is using sapconf. +# Default value true runs saptune, but installation.yml auto-detects base product and adjusts. __sap_hana_preconfigure_run_saptune: true diff --git a/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml b/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml index 502f02ce8..58ca75c3e 100644 --- a/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml +++ b/roles/sap_netweaver_preconfigure/tasks/SLES/configuration.yml @@ -1,9 +1,11 @@ --- - -- name: Configure saptune - when: - - __sap_netweaver_preconfigure_run_saptune +- name: Takover saptune and enable + when: __sap_netweaver_preconfigure_run_saptune block: + - name: Make sure that sapconf and tuned are stopped and disabled + ansible.builtin.command: "saptune service takeover" + register: __sap_saptune_takeover + changed_when: __sap_saptune_takeover.rc == 0 - name: Ensure saptune is running and enabled ansible.builtin.systemd: @@ -20,14 +22,11 @@ register: __sap_netweaver_preconfigure_register_saptune_status changed_when: false - - name: Make sure that sapconf and tuned are stopped and disabled - ansible.builtin.command: "saptune service takeover" - register: __sap_saptune_takeover - changed_when: __sap_saptune_takeover.rc == 0 - - name: Set fact for active solution ansible.builtin.set_fact: - __sap_netweaver_preconfigure_fact_solution_configured: "{{ (__sap_netweaver_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" # Capture the first block on none whitespace + # Capture the first block on none whitespace + __sap_netweaver_preconfigure_fact_solution_configured: + "{{ (__sap_netweaver_preconfigure_register_saptune_status.stdout | regex_search('(\\S+)', '\\1'))[0] | default('NONE') }}" - name: Check if saptune solution needs to be applied ansible.builtin.command: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}" @@ -35,35 +34,36 @@ changed_when: false # We're only checking, not changing! failed_when: false # We expect this to fail if it has not previously been applied + - name: Ensure no solution is currently applied + ansible.builtin.command: "saptune solution revert {{ __sap_netweaver_preconfigure_fact_solution_configured }}" + changed_when: true + when: + - __sap_netweaver_preconfigure_fact_solution_configured != 'NONE' + - __sap_netweaver_preconfigure_register_saptune_verify.rc != 0 -- name: Ensure no solution is currently applied - ansible.builtin.command: "saptune solution revert {{ __sap_netweaver_preconfigure_fact_solution_configured }}" - changed_when: true - when: - - __sap_netweaver_preconfigure_run_saptune - - __sap_netweaver_preconfigure_fact_solution_configured != 'NONE' - - __sap_netweaver_preconfigure_register_saptune_verify.rc != 0 + - name: Ensure saptune solution is applied + ansible.builtin.command: "saptune solution apply {{ sap_netweaver_preconfigure_saptune_solution }}" + changed_when: true + when: + - __sap_netweaver_preconfigure_register_saptune_verify.rc != 0 -- name: Ensure saptune solution is applied - ansible.builtin.command: "saptune solution apply {{ sap_netweaver_preconfigure_saptune_solution }}" - #changed_when: true - when: - - __sap_netweaver_preconfigure_run_saptune - - __sap_netweaver_preconfigure_register_saptune_verify.rc != 0 + - name: Ensure solution was successful + ansible.builtin.command: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}" + changed_when: false # We're only checking, not changing! -- name: Ensure solution was successful - ansible.builtin.command: "saptune solution verify {{ sap_netweaver_preconfigure_saptune_solution }}" - changed_when: false # We're only checking, not changing! - when: - - __sap_netweaver_preconfigure_run_saptune +- name: Enable sapconf + when: not __sap_netweaver_preconfigure_run_saptune + block: + - name: Enable sapconf service + ansible.builtin.systemd: + name: sapconf + state: started + enabled: true -# restart sapconf service -- name: Restart sapconf service - ansible.builtin.systemd: - name: sapconf - state: restarted - when: - - not __sap_netweaver_preconfigure_run_saptune + - name: Restart sapconf service + ansible.builtin.systemd: + name: sapconf + state: restarted - name: Warn if not enough swap space is configured ansible.builtin.fail: diff --git a/roles/sap_netweaver_preconfigure/vars/main.yml b/roles/sap_netweaver_preconfigure/vars/main.yml index 5684d51f3..44765b247 100644 --- a/roles/sap_netweaver_preconfigure/vars/main.yml +++ b/roles/sap_netweaver_preconfigure/vars/main.yml @@ -3,3 +3,7 @@ # define variables here that will not change # Those are valid for all OS # + +# SLES_SAP is using saptune, but SLES is using sapconf. +# Default value true runs saptune, but installation.yml auto-detects base product and adjusts. +__sap_netweaver_preconfigure_run_saptune: true From 3825cf7fd3c0cbdac10ac52e753829604223f154 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Mon, 15 Jan 2024 13:14:50 +0100 Subject: [PATCH 184/196] fixed typo --- .../hyp_redhat_rhel_kvm_vm/assert-set-tuned-profile.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_vm_preconfigure/tasks/platform/hyp_redhat_rhel_kvm_vm/assert-set-tuned-profile.yml b/roles/sap_vm_preconfigure/tasks/platform/hyp_redhat_rhel_kvm_vm/assert-set-tuned-profile.yml index c378a3d7b..720fa49f7 100644 --- a/roles/sap_vm_preconfigure/tasks/platform/hyp_redhat_rhel_kvm_vm/assert-set-tuned-profile.yml +++ b/roles/sap_vm_preconfigure/tasks/platform/hyp_redhat_rhel_kvm_vm/assert-set-tuned-profile.yml @@ -7,7 +7,7 @@ changed_when: __sap_vm_preconfigure_register_tuned_profile_assert.rc != 0 - name: Verify tuned profile - iansible.builtin.assert: + ansible.builtin.assert: that: "'Current active profile: sap-hana-kvm-host' in __sap_vm_preconfigure_register_tuned_profile_assert.stdout" fail_msg: "FAIL: tuned profile is not sap-hana-kvm-guest" success_msg: "PASS: tuned profile is sap-hana-kvm-guest" From f6dc49d92c844a3efba4c037b4d1f6e576c598ed Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Mon, 15 Jan 2024 13:57:25 +0100 Subject: [PATCH 185/196] fixed detect_platform --- .../tasks/detect_platform/main.yml | 96 +++++++++---------- 1 file changed, 48 insertions(+), 48 deletions(-) diff --git a/roles/sap_vm_preconfigure/tasks/detect_platform/main.yml b/roles/sap_vm_preconfigure/tasks/detect_platform/main.yml index 095f22892..ee7161ce1 100644 --- a/roles/sap_vm_preconfigure/tasks/detect_platform/main.yml +++ b/roles/sap_vm_preconfigure/tasks/detect_platform/main.yml @@ -41,7 +41,8 @@ # TODO: detection based on multiple facts and providing one standard # name for use as platform type in related include files -# cloud_aliyun_ecs_vm, cloud_aws_ec2_vs, cloud_gcp_ce_vm, cloud_ibmcloud_powervs, cloud_ibmcloud_vs, cloud_msazure_vm, hyp_ibmpower_lpar, hyp_redhat_ocp_virt_vm, hyp_redhat_rhel_kvm_vm, hyp_vmware_vsphere_vm +# cloud_aliyun_ecs_vm, cloud_aws_ec2_vs, cloud_gcp_ce_vm, cloud_ibmcloud_powervs, cloud_ibmcloud_vs, cloud_msazure_vm, +# hyp_ibmpower_lpar, hyp_redhat_ocp_virt_vm, hyp_redhat_rhel_kvm_vm, hyp_vmware_vsphere_vm - name: "SAP VM Preconfigure - Check if platform is Amazon Web Services EC2 Virtual Server" when: @@ -49,7 +50,7 @@ ansible.builtin.set_fact: sap_vm_platform: cloud_aws_ec2_vs -#- name: "SAP VM Preconfigure - Check if platform is Google Cloud Compute Engine Virtual Machine" +# - name: "SAP VM Preconfigure - Check if platform is Google Cloud Compute Engine Virtual Machine" # when: # - ansible_product_name == 'Google Compute Engine' # ansible.builtin.set_fact: @@ -61,14 +62,14 @@ ansible.builtin.set_fact: sap_vm_platform: cloud_ibmcloud_vs -#- name: "SAP VM Preconfigure - Check if platform is Microsoft Azure Virtual Machine" +# - name: "SAP VM Preconfigure - Check if platform is Microsoft Azure Virtual Machine" # when: # - ansible_chassis_vendor == 'Virtual Machine' # - ansible_product_name == 'Microsoft Corporation' # ansible.builtin.set_fact: # sap_vm_platform: cloud_msazure_vm -#- name: "SAP VM Preconfigure - Check if platform is VMware vSphere" +# - name: "SAP VM Preconfigure - Check if platform is VMware vSphere" # when: # - ansible_virtualization_type == 'VMware' # ansible.builtin.set_fact: @@ -79,53 +80,52 @@ when: sap_vm_platform == cloud_aws_ec2_vs block: - - name: (AWS) Get instance metadata token - ansible.builtin.uri: - headers: - X-aws-ec2-metadata-token-ttl-seconds: 21600 - method: PUT - return_content: true - url: http://169.254.169.254/latest/api/token - register: detect_cloud_provider_aws_token - changed_when: false - ignore_errors: true - - - name: (AWS) Get instance metadata ami-id - ansible.builtin.uri: - headers: - X-aws-ec2-metadata-token: "{{ detect_cloud_provider_aws_token.content }}" - method: GET - return_content: true - url: http://169.254.169.254/latest/meta-data/ami-id - register: detect_cloud_provider_aws_ami_id - changed_when: false - ignore_errors: true - - - name: (AWS) Fail if cannot reach Instance Metadata Service - ansible.builtin.fail: - msg: Detected MS Azure, but could not confirm with the Instance Metadata Service - when: - - detect_cloud_provider_aws_ami_id.failed + - name: (AWS) Get instance metadata token + ansible.builtin.uri: + headers: + X-aws-ec2-metadata-token-ttl-seconds: 21600 + method: PUT + return_content: true + url: http://169.254.169.254/latest/api/token + register: detect_cloud_provider_aws_token + changed_when: false + ignore_errors: true + + - name: (AWS) Get instance metadata ami-id + ansible.builtin.uri: + headers: + X-aws-ec2-metadata-token: "{{ detect_cloud_provider_aws_token.content }}" + method: GET + return_content: true + url: http://169.254.169.254/latest/meta-data/ami-id + register: detect_cloud_provider_aws_ami_id + changed_when: false + ignore_errors: true + + - name: (AWS) Fail if cannot reach Instance Metadata Service + ansible.builtin.fail: + msg: Detected MS Azure, but could not confirm with the Instance Metadata Service + when: + - detect_cloud_provider_aws_ami_id.failed - name: SAP VM Preconfigure - confirm Microsoft Azure Virtual Machine when: sap_vm_platform == cloud_msazure_vm block: - - name: (Azure) Get instance metadata - ansible.builtin.uri: - headers: - Metadata: true - method: GET - url: http://169.254.169.254/metadata/instance/compute?api-version=2021-10-01 - register: detect_cloud_provider_azure_instance_metadata - changed_when: false - ignore_errors: true - - - name: (Azure) Fail if cannot reach Instance Metadata Service - ansible.builtin.fail: - msg: Detected MS Azure, but could not confirm with the Instance Metadata Service - when: - - detect_cloud_provider_azure_instance_metadata.json.azEnvironment is not defined - - detect_cloud_provider_azure_instance_metadata.json.azEnvironment != "AzurePublicCloud" - + - name: (Azure) Get instance metadata + ansible.builtin.uri: + headers: + Metadata: true + method: GET + url: http://169.254.169.254/metadata/instance/compute?api-version=2021-10-01 + register: detect_cloud_provider_azure_instance_metadata + changed_when: false + ignore_errors: true + + - name: (Azure) Fail if cannot reach Instance Metadata Service + ansible.builtin.fail: + msg: Detected MS Azure, but could not confirm with the Instance Metadata Service + when: + - detect_cloud_provider_azure_instance_metadata.json.azEnvironment is not defined + - detect_cloud_provider_azure_instance_metadata.json.azEnvironment != "AzurePublicCloud" From d1846940aef1611061507bf2c64ab2f256b841a8 Mon Sep 17 00:00:00 2001 From: Nils Koenig Date: Mon, 15 Jan 2024 13:59:52 +0100 Subject: [PATCH 186/196] reverted .ansible-lint --- roles/sap_vm_preconfigure/.ansible-lint | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/sap_vm_preconfigure/.ansible-lint b/roles/sap_vm_preconfigure/.ansible-lint index 1405704bf..63122b8f9 100644 --- a/roles/sap_vm_preconfigure/.ansible-lint +++ b/roles/sap_vm_preconfigure/.ansible-lint @@ -1,10 +1,7 @@ --- -exclude_paths: - - tests/ enable_list: - yaml skip_list: - - meta-runtime[unsupported-version] # We don't want to enforce new Ansible versions for Galaxy - ignore-errors # We use ignore_errors for all the assert tasks, which should be acceptable - schema # We want to allow single digit version numbers in a role's meta/main.yml file. This is allowed as per https://galaxy.ansible.com/docs/contributing/creating_role.html and https://galaxy.ansible.com/api/v1/platforms/?page=6. - name[template] # Allow templating inside name. During dev and qa, it should be possible to identify cases where it doesn't work From 1a3dc24b247b03957278d61fbdedbd90b17c39f8 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 15 Jan 2024 16:13:04 +0100 Subject: [PATCH 187/196] collection: Bump version of ansible-lint to 6.22.1 Signed-off-by: Bernd Finger --- .github/workflows/ansible-lint.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml index 48249fc4c..b97f0a635 100644 --- a/.github/workflows/ansible-lint.yml +++ b/.github/workflows/ansible-lint.yml @@ -21,14 +21,14 @@ jobs: - name: Set up Python 3 uses: actions/setup-python@main with: - python-version: '3.9' + python-version: '3.12' - name: Install test dependencies run: | - pip3 install ansible==7.5.0 - pip3 install ansible-compat==3.0.2 - pip3 install ansible-core==2.14.5 - pip3 install ansible-lint==6.8.6 + pip3 install ansible==9.1.0 + pip3 install ansible-compat==4.1.10 + pip3 install ansible-core==2.16.2 + pip3 install ansible-lint==6.22.1 # - name: Install collection dependencies # run: ansible-galaxy collection install community.general From f835a7caeaa90b8b0044f4b304970d40f6da77b1 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 15 Jan 2024 16:28:18 +0100 Subject: [PATCH 188/196] collection: Remove superfluous yamllint workflows Solves issue #600. Signed-off-by: Bernd Finger --- ...llint-sap_hypervisor_node_preconfigure.yml | 32 ------------------- .../yamllint-sap_vm_preconfigure.yml | 32 ------------------- 2 files changed, 64 deletions(-) delete mode 100644 .github/workflows/yamllint-sap_hypervisor_node_preconfigure.yml delete mode 100644 .github/workflows/yamllint-sap_vm_preconfigure.yml diff --git a/.github/workflows/yamllint-sap_hypervisor_node_preconfigure.yml b/.github/workflows/yamllint-sap_hypervisor_node_preconfigure.yml deleted file mode 100644 index 603fd3617..000000000 --- a/.github/workflows/yamllint-sap_hypervisor_node_preconfigure.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: yamllint-sap_hypervisor_node_preconfigure - -on: - push: - branches: [ main ] - paths: - - 'roles/sap_hypervisor_node_preconfigure/**' - pull_request: - branches: [ main ] - paths: - - 'roles/sap_hypervisor_node_preconfigure/**' - - workflow_dispatch: - -jobs: - # This workflow contains a single job called "build" - yamllint: - # The type of runner that the job will run on - runs-on: ubuntu-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - # Runs a single command using the runners shell - - name: Install dependencies - run: pip install yamllint - - # Runs a set of commands using the runners shell - - name: yamllint - run: yamllint ./roles/sap_hypervisor_node_preconfigure diff --git a/.github/workflows/yamllint-sap_vm_preconfigure.yml b/.github/workflows/yamllint-sap_vm_preconfigure.yml deleted file mode 100644 index e7d301518..000000000 --- a/.github/workflows/yamllint-sap_vm_preconfigure.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: yamllint-sap_vm_preconfigure - -on: - push: - branches: [ main ] - paths: - - 'roles/sap_vm_preconfigure/**' - pull_request: - branches: [ main ] - paths: - - 'roles/sap_vm_preconfigure/**' - - workflow_dispatch: - -jobs: - # This workflow contains a single job called "build" - yamllint: - # The type of runner that the job will run on - runs-on: ubuntu-latest - - # Steps represent a sequence of tasks that will be executed as part of the job - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - # Runs a single command using the runners shell - - name: Install dependencies - run: pip install yamllint - - # Runs a set of commands using the runners shell - - name: yamllint - run: yamllint ./roles/sap_vm_preconfigure From 5e10b4fdd21fd01c41c277ae9930f23ff447e6b8 Mon Sep 17 00:00:00 2001 From: Marcel Mamula Date: Mon, 15 Jan 2024 15:36:49 +0000 Subject: [PATCH 189/196] saptune vars moved under sles for PR #597 --- roles/sap_hana_preconfigure/vars/SLES_15.yml | 4 ++++ roles/sap_hana_preconfigure/vars/main.yml | 4 ---- roles/sap_netweaver_preconfigure/vars/SLES_15.yml | 4 ++++ roles/sap_netweaver_preconfigure/vars/main.yml | 4 ---- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/sap_hana_preconfigure/vars/SLES_15.yml b/roles/sap_hana_preconfigure/vars/SLES_15.yml index a69c294bd..32dac1dea 100644 --- a/roles/sap_hana_preconfigure/vars/SLES_15.yml +++ b/roles/sap_hana_preconfigure/vars/SLES_15.yml @@ -24,3 +24,7 @@ __sap_hana_preconfigure_packages: # __sap_hana_preconfigure_grub_file: /tmp/grub + +# SLES_SAP is using saptune, but SLES is using sapconf. +# Default value true runs saptune, but installation.yml auto-detects base product and adjusts. +__sap_hana_preconfigure_run_saptune: true diff --git a/roles/sap_hana_preconfigure/vars/main.yml b/roles/sap_hana_preconfigure/vars/main.yml index 9f808286c..48003185c 100644 --- a/roles/sap_hana_preconfigure/vars/main.yml +++ b/roles/sap_hana_preconfigure/vars/main.yml @@ -22,7 +22,3 @@ __sap_hana_preconfigure_packages: [] __sap_hana_preconfigure_kernel_parameters_default: [] __sap_hana_preconfigure_kernel_parameters_default_ppc64le: [] __sap_hana_preconfigure_ibm_power_repo_url: '' - -# SLES_SAP is using saptune, but SLES is using sapconf. -# Default value true runs saptune, but installation.yml auto-detects base product and adjusts. -__sap_hana_preconfigure_run_saptune: true diff --git a/roles/sap_netweaver_preconfigure/vars/SLES_15.yml b/roles/sap_netweaver_preconfigure/vars/SLES_15.yml index ee37ca633..86ce492f5 100644 --- a/roles/sap_netweaver_preconfigure/vars/SLES_15.yml +++ b/roles/sap_netweaver_preconfigure/vars/SLES_15.yml @@ -27,3 +27,7 @@ __sap_netweaver_preconfigure_packages: - yast2-vpn - tcsh - acl + +# SLES_SAP is using saptune, but SLES is using sapconf. +# Default value true runs saptune, but installation.yml auto-detects base product and adjusts. +__sap_netweaver_preconfigure_run_saptune: true diff --git a/roles/sap_netweaver_preconfigure/vars/main.yml b/roles/sap_netweaver_preconfigure/vars/main.yml index 44765b247..5684d51f3 100644 --- a/roles/sap_netweaver_preconfigure/vars/main.yml +++ b/roles/sap_netweaver_preconfigure/vars/main.yml @@ -3,7 +3,3 @@ # define variables here that will not change # Those are valid for all OS # - -# SLES_SAP is using saptune, but SLES is using sapconf. -# Default value true runs saptune, but installation.yml auto-detects base product and adjusts. -__sap_netweaver_preconfigure_run_saptune: true From a71a3d35f5a9232e8e76ce94b108565dcccc0702 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Mon, 15 Jan 2024 17:41:40 +0000 Subject: [PATCH 190/196] collection: prepare for v1.3.4 --- CHANGELOG.rst | 24 ++++++++++++++++++++++++ changelogs/changelog.yaml | 23 +++++++++++++++++++++++ galaxy.yml | 3 ++- 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index db32a0bb9..a1fbceb70 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,30 @@ community.sap_install Release Notes .. contents:: Topics +v1.3.4 +====== + +Release Summary +--------------- + +| Release Date: 2024-01-15 +| collection: Feature add for CodeSpell in git repository +| collection: Bug fix for ansible-lint of each Ansible Role within Ansible Collection +| collection: Bug Fix for Ansible Core minimum version update to 2.12.0 for import compliance with Ansible Galaxy +| collection: Bug Fix for Ansible CVE-2023-5764 +| sap_general_preconfigure: Feature add for additional RHEL for SAP 8.8 and 9.2 release compatibility +| sap_hana_preconfigure: Feature add for compatibility with SLES using sapconf and SLES for SAP using saptune +| sap_hana_preconfigure: Feature add for additional RHEL for SAP 8.8 and 9.2 release compatibility +| sap_hana_preconfigure: Feature add to reduce restrictions on new OS versions which are not yet supported by SAP +| sap_netweaver_preconfigure: Feature add for compatibility with SLES using sapconf and SLES for SAP using saptune +| sap_ha_pacemaker_cluster: Feature add for Virtual IP and Constraints logic with Cloud Hyperscaler vendors +| sap_hypervisor_node_preconfigure: Feature add for preconfiguration of KubeVirt (OpenShift Virtualization) hypervisor nodes +| sap_hypervisor_node_preconfigure: Bug fix for preconfiguration code structure of KVM (Red Hat Enterprise Virtualization) hypervisor nodes +| sap_install_media_detect: Bug Fix for existing files +| sap_maintain_etc_hosts: Feature add for maintaining the /etc/hosts file of an SAP software host +| sap_swpm: Bug fix for runtime missing dependency python3-pip and advanced execution mode skipped tasks during certain installations +| sap_swpm: Feature add for basic System Copy executions in default mode + v1.3.3 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 3c47209ba..cd27c4a59 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -126,3 +126,26 @@ releases: ' release_date: '2023-12-22' + 1.3.4: + changes: + release_summary: '| Release Date: 2024-01-15 + + | collection: Feature add for CodeSpell in git repository + | collection: Bug fix for ansible-lint of each Ansible Role within Ansible Collection + | collection: Bug Fix for Ansible Core minimum version update to 2.12.0 for import compliance with Ansible Galaxy + | collection: Bug Fix for Ansible CVE-2023-5764 + | sap_general_preconfigure: Feature add for additional RHEL for SAP 8.8 and 9.2 release compatibility + | sap_hana_preconfigure: Feature add for compatibility with SLES using sapconf and SLES for SAP using saptune + | sap_hana_preconfigure: Feature add for additional RHEL for SAP 8.8 and 9.2 release compatibility + | sap_hana_preconfigure: Feature add to reduce restrictions on new OS versions which are not yet supported by SAP + | sap_netweaver_preconfigure: Feature add for compatibility with SLES using sapconf and SLES for SAP using saptune + | sap_ha_pacemaker_cluster: Feature add for Virtual IP and Constraints logic with Cloud Hyperscaler vendors + | sap_hypervisor_node_preconfigure: Feature add for preconfiguration of KubeVirt (OpenShift Virtualization) hypervisor nodes + | sap_hypervisor_node_preconfigure: Bug fix for preconfiguration code structure of KVM (Red Hat Enterprise Virtualization) hypervisor nodes + | sap_install_media_detect: Bug Fix for existing files + | sap_maintain_etc_hosts: Feature add for maintaining the /etc/hosts file of an SAP software host + | sap_swpm: Bug fix for runtime missing dependency python3-pip and advanced execution mode skipped tasks during certain installations + | sap_swpm: Feature add for basic System Copy executions in default mode + + ' + release_date: '2024-01-15' diff --git a/galaxy.yml b/galaxy.yml index 2a2ddd20e..e00bfe582 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -10,7 +10,7 @@ namespace: community name: sap_install # The version of the collection. Must be compatible with semantic versioning -version: 1.3.3 +version: 1.3.4 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md @@ -24,6 +24,7 @@ authors: - Markus Moster - Janine Fuchs - Steven Stringer + - Marcel Mamula ### OPTIONAL but strongly recommended # A short summary description of the collection From c5693607c7188e09bea3d7a5e30d0e64ed1378cb Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Mon, 15 Jan 2024 18:50:02 +0100 Subject: [PATCH 191/196] sap_hypervisor_node_preconfigure: Fix leftover 'that:' statement ... for CVE-2023-5764 Signed-off-by: Bernd Finger --- .../tasks/platform/redhat_rhel_kvm/assert-installation.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-installation.yml b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-installation.yml index 227d7e998..34aa3014e 100644 --- a/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-installation.yml +++ b/roles/sap_hypervisor_node_preconfigure/tasks/platform/redhat_rhel_kvm/assert-installation.yml @@ -4,7 +4,7 @@ - name: Assert that all required packages are installed ansible.builtin.assert: - that: "'{{ line_item }}' in ansible_facts.packages" + that: line_item in ansible_facts.packages fail_msg: "FAIL: Package '{{ line_item }}' is not installed!" success_msg: "PASS: Package '{{ line_item }}' is installed." with_items: From 129340e0bfe76e371d17d26b8594470afb7d04b2 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Mon, 15 Jan 2024 18:57:23 +0000 Subject: [PATCH 192/196] collection: update documentation content ahead of v1.3.4 --- README.md | 169 +++++---------------------------- docs/README.md | 136 ++++++++++++++++++++++++++ docs/getting_started/README.md | 13 ++- 3 files changed, 165 insertions(+), 153 deletions(-) create mode 100644 docs/README.md diff --git a/README.md b/README.md index 053319d2f..3bb046ba0 100644 --- a/README.md +++ b/README.md @@ -2,167 +2,44 @@ ![Ansible Lint](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint.yml/badge.svg?branch=main) -This Ansible Collection executes various SAP Software installations and configuration tasks for running SAP software on Linux operating systems; with handlers for SAP HANA database lifecycle manager (HDBLCM) and SAP Software Provisioning Manager (SWPM) for programmatic deployment of any SAP solution scenario. +This Ansible Collection executes various SAP Software installations and configuration tasks for running various SAP solutions and deployment scenarios on Linux operating systems (RHEL or SLES). -This can be combined with other Ansible Collections to provide end-to-end automation, from download of SAP software installation media through to technical configuration and burstable SAP NetWeaver application servers (start/stop). +This includes handlers for SAP HANA database lifecycle manager (HDBLCM) and SAP Software Provisioning Manager (SWPM), and can be combined with other Ansible Collections to provide end-to-end automation _(e.g. provision, download, install, operations)_. -## Functionality -This Ansible Collection executes various SAP Software installations for different SAP solution scenarios, including: +**Examples of verified installations include:** -- **SAP HANA installations via SAP HANA database lifecycle manager (HDBLCM)** +- SAP S/4HANA AnyPremise (1809, 1909, 2020, 2021, 2022, 2023) with setup as Standard, Distributed, High Availability and optional Maintenance Planner or Restore System Copy +- SAP Business Suite (ECC) on HANA and SAP Business Suite (ECC) with SAP AnyDB - SAP ASE, SAP MaxDB, IBM Db2, Oracle DB +- SAP BW/4HANA (2021, 2023) with setup as Standard or Scale-Out +- SAP HANA 2.0 (SPS04+) with setup as Scale-Up, Scale-Out, High Availability +- Other SAP installation activities; such as System Rename, System Copy Export, SAP Solution Manager and SAP Web Dispatcher - - Install SAP HANA database server, with any SAP HANA Component (e.g. Live Cache Apps, Application Function Library etc.) - - Configure Firewall rules and Hosts file for SAP HANA database server instance/s - - Apply license to SAP HANA - - Configure storage layout for SAP HANA mount points (i.e. /hana/data, /hana/log, /hana/shared) - - Install SAP Host Agent - - Install Linux Pacemaker, configure Pacemaker Fencing Agents and Pacemaker Resource Agents - - Install SAP HANA System Replication - - Set HA/DR for SAP HANA System Replication -- **Every SAP Software installation via SAP Software Provisioning Manager (SWPM)** - - Run software install tasks using easy Ansible Variable to generate SWPM Unattended installations _(sap_swpm Ansible Role default mode)_. - - Optional use of templating definitions for repeated installations _(sap_swpm Ansible Role default templates mode)_. - - Run software install tasks with Ansible Variables one-to-one matched to SWPM Unattended Inifile parameters to generate bespoke SWPM Unattended installations _(sap_swpm Ansible Role advanced mode)_. - - Optional use of templating definitions for repeated installations _(sap_swpm Ansible Role advanced templates mode)_. - - Run previously-defined installations with an existing SWPM Unattended inifile.params _(sap_swpm Ansible Role inifile_reuse mode)_ - - Install Linux Pacemaker, configure Pacemaker Fencing Agents and Pacemaker Resource Agents - - Set HA/DR with distributed SAP System installations (i.e. ERS) +**Please read the [full documentation](/docs#readme) for how-to guidance, requirements, and all other details. Summary documentation is below:** -### Note - -Starting with `ansible-core` versions 2.16.1, 2.15.8, and 2.14.12, templating operations inside the `that` statement of `assert` tasks -are no longer allowed. - -A typical error message is: -``` -fatal: [host01]: FAILED! => - msg: 'The conditional check ''13 <= 128'' failed. The error was: Conditional is marked as unsafe, and cannot be evaluated.' -``` - -This version of the collection ensures the compatibility with the above mentioned versions of `ansible-core` for the following roles: -- sap_general_preconfigure -- sap_netweaver_preconfigure -- sap_hana_preconfigure -- sap_hana_install - -When running the preconfigure roles with the above mentioned versions of `ansible-core` and with the parameters -`sap_general_preconfigure_assert`, `sap_netweaver_preconfigure_assert`, or `sap_hana_preconfigure_assert`, the roles will abort -in the first `assert` task which contains a templating operation. ## Contents -An Ansible Playbook can call either an Ansible Role, or the individual Ansible Modules: - -- **Ansible Roles** (runs multiple Ansible Modules) -- **Ansible Modules** (and adjoining Python/Bash Functions) - -For further information regarding the development, code structure and execution workflow please read the [Development documentation](./docs/DEVELOPMENT.md). - Within this Ansible Collection, there are various Ansible Roles and no custom Ansible Modules. ### Ansible Roles -| Name | Summary | +| Name | Summary | | :--- | :--- | -| [sap_anydb_install_oracle](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_anydb_install_oracle) | install Oracle DB 19.x for SAP | -| [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) | configure general OS settings for SAP software | -| [sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_install_hana_hsr) | install SAP HANA System Replication | -| [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster) | install and configure pacemaker and SAP resources | -| [sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_install) | install SAP HANA via HDBLCM | -| [sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) | configure settings for SAP HANA database server | -| [sap_hostagent](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hostagent) | install SAP Host Agent | -| [sap_hypervisor_node_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hypervisor_node_preconfigure) | configure a hypervisor running VMs for SAP HANA | -| [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) | detect and extract SAP Software installation media | -| [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure) | configure settings for SAP NetWeaver application server | -| [sap_storage_setup](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_storage_setup) | configure storage for SAP HANA, with LVM partitions and XFS filesystem | -| [sap_swpm](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_swpm) | install SAP Software via SWPM | -| [sap_vm_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_vm_preconfigure) | configure settings for a guest (VM) running on RHV/KVM for SAP HANA | - -**_Notes_**: - -In general the "preconfigure" and "prepare" roles are prerequisites for the corresponding installation roles. -The logic has been separated to support a flexible execution of the different steps. - -### Ansible Roles Lint Status - -| Role Name | Ansible Lint Status | -| :--- | :--- | -| [sap_anydb_install_oracle](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_anydb_install_oracle) | N/A | -| [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) | [![Ansible Lint for sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_general_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_general_preconfigure.yml) | -| [sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_install_hana_hsr) | [![Ansible Lint for sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_install_hana_hsr.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_install_hana_hsr.yml) | -| [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster) | [![Ansible Lint for sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_pacemaker_cluster.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_pacemaker_cluster.yml) | -| [sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_install) | [![Ansible Lint for sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_install.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_install.yml) | -| [sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) | [![Ansible Lint for sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_preconfigure.yml) | -| [sap_hostagent](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hostagent) | N/A | -| [sap_hypervisor_node_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hypervisor_node_preconfigure) | [![Ansible Lint for sap_hypervisor_node_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hypervisor_node_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hypervisor_node_preconfigure.yml) | -| [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) | N/A | -| [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure) | [![Ansible Lint for sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_netweaver_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_netweaver_preconfigure.yml) | -| [sap_storage_setup](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_storage_setup) | N/A | -| [sap_swpm](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_swpm) | [![Ansible Lint for sap_swpm](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_swpm.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_swpm.yml) | -| [sap_vm_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_vm_preconfigure) | N/A | - -**_Notes:_** - -- Ansible Playbook localhost executions may have limitations on SAP Software installations -- Ansible Roles for HA/DR are all designed for execution with Terraform - -## Execution examples - -There are various methods to execute the Ansible Collection, dependent on the use case. For more information, see [Execution examples with code samples](./docs/getting_started) and the summary below: - -| Execution Scenario | Use Case | Target | -| ---- | ---- | ---- | -| Ansible Playbook
-> source Ansible Collection
-> execute Ansible Task
--> run Ansible Role
---> run Ansible Module for Shell (built-in)
---> ... | Complex executions with various interlinked activities;
run in parallel or sequentially | Localhost or Remote | - -## Testing, Requirements and Dependencies - -### Testing - -Various SAP Software solutions have been extensively tested: - -- SAP HANA - - Scale-Up - - Scale-Out - - High Availability -- SAP NetWeaver AS (ABAP or JAVA) and additional addons (e.g. GRC, ADS) -- SAP S/4HANA AnyPremise (1809, 1909, 2020, 2021, 2022) - - Sandbox (One Host) installation - - Standard (Dual Host) installation - - Distributed installation - - High Availability installation - - System Copy (Homogeneous with SAP HANA Backup / Recovery) installation - - Maintenance Planner installation - - System Rename -- SAP BW/4HANA -- SAP Business Suite on HANA (SoH, i.e. SAP ECC on HANA) -- SAP Business Suite (i.e. SAP ECC with SAP AnyDB - SAP ASE, SAP MaxDB, IBM Db2, Oracle DB) -- SAP Solution Manager 7.2 -- SAP Web Dispatcher - -### Target host - Operating System requirements - -Designed for Linux operating systems, e.g. RHEL (7.x and 8.x) and SLES (15.x). - -This Ansible Collection has not been tested and amended for SAP NetWeaver Application Server instantiations on IBM AIX or Windows Server. - -Assumptions for executing the Ansible Roles from this Ansible Collection include: - -- Registered OS -- OS Package repositories are available (from the relevant content delivery network of the OS vendor) - -N.B. The Ansible Collection works with SLES from version 15 SP3 and upwards, for the following reasons: - -- firewalld is used within the Ansible Collection. In SLES 15 SP3, firewalld became the replacement for nftables. See changelog [SLE-16300](https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15-SP3/index.html#jsc-SLE-16300) -- SELinux is used within the Ansible Collection. While introduced earlier with community support, full support for SELinux was provided as of SLES 15 SP3. See changelog [SLE-17307](https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15-SP3/index.html#jsc-SLE-17307) - -### Execution/Controller host - Operating System requirements - -Execution of Ansible Playbooks using this Ansible Collection have been tested with: -- Python 3.9.7 and above (i.e. CPython distribution) -- Ansible Core 2.11.5 and above _(included with optional installation of Ansible Community Edition 4.0 and above)_ -- OS: macOS with Homebrew, RHEL, SLES, and containers in Task Runners (e.g. Azure DevOps) +| [sap_anydb_install_oracle](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_anydb_install_oracle) | install Oracle DB 19.x for SAP | +| [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) | configure general OS settings for SAP software | +| [sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_install_hana_hsr) | install SAP HANA System Replication | +| [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster) | install and configure pacemaker and SAP resources | +| [sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_install) | install SAP HANA via HDBLCM | +| [sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) | configure settings for SAP HANA database server | +| [sap_hostagent](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hostagent) | install SAP Host Agent | +| [sap_hypervisor_node_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hypervisor_node_preconfigure) | configure a hypervisor running VMs for SAP HANA | +| [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) | detect and extract SAP Software installation media | +| [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure) | configure settings for SAP NetWeaver application server | +| [sap_storage_setup](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_storage_setup) | configure storage for SAP HANA, with LVM partitions and XFS filesystem | +| [sap_swpm](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_swpm) | install SAP Software via SWPM | +| [sap_vm_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_vm_preconfigure) | configure settings for a guest (VM) running on RHV/KVM for SAP HANA | ## License diff --git a/docs/README.md b/docs/README.md new file mode 100644 index 000000000..3f3b1f31e --- /dev/null +++ b/docs/README.md @@ -0,0 +1,136 @@ +# Documentation of community.sap_install Ansible Collection + +## Introduction + +The `sap_install` Ansible Collection provides a variety of automated tasks for the configuration and installation of SAP Software. + +Each Ansible Role contained within this Ansible Collection, performs a distinct set of tasks and are designed to be run independently or cohesively - depending on the outcome desired by an end-user. + + +## Functionality + +This Ansible Collection executes various SAP Software installations for different SAP solution scenarios. The code structure and logic has been separated to support a flexible execution of different steps for various scenarios. + +Any Ansible Roles labelled "preconfigure" and "prepare" are prerequisites, executed before the corresponding installation Ansible Roles (such as `sap_hana_install` or `sap_swpm`). + +At a high-level, the key installation functionality of this Ansible Collection includes: + +1. **OS Preparation activities for SAP HANA Database Server, SAP AnyDB Database Server or SAP NetWeaver Application Server** + +2. **SAP HANA installations via SAP HANA database lifecycle manager (HDBLCM)** + - Configure Firewall rules and Hosts file for SAP HANA database server instance/s + - Install SAP Host Agent + - Install SAP HANA database server, with any SAP HANA Component (e.g. Live Cache Apps, Application Function Library etc.) + - Apply license to SAP HANA + +3. **SAP HANA High Availability tasks** + - Install SAP HANA System Replication + - Install Linux Pacemaker, configure Pacemaker Fencing Agents for a given Infrastructure Platform + - Configure Linux Pacemaker Resource Agents for SAP HANA + +4. **Every SAP Software installation via SAP Software Provisioning Manager (SWPM)** + - Execute SAP SWPM Unattended installation + - Using on-the-fly generated inifile.params from Ansible Variables + - Using a list of inifile parameters in an Ansible Dictionary + - Re-using an existing inifile.params + +5. **SAP NetWeaver High Availability tasks** + - Install Linux Pacemaker, configure Pacemaker Fencing Agents for a given Infrastructure Platform + - Configure Linux Pacemaker Resource Agents for SAP NetWeaver ASCS/ERS + + +## Execution + +An Ansible Playbook is the file created and executed by an end-user, which imports from Ansible Collections to perform various activities on the target hosts. + +The Ansible Playbook can call either an Ansible Role, or directly call the individual Ansible Modules: + +- **Ansible Roles** (runs multiple Ansible Modules) +- **Ansible Modules** (and adjoining Python/Bash Functions) + +It is strongly recommended to execute these Ansible Roles in accordance to best practice Ansible usage, where an Ansible Playbook is executed from a host and Ansible will login to a target host to perform the activities. + +> If an Ansible Playbook is executed from the target host itself (similar to logging in and running a shell script), this is known as an Ansible Playbook 'localhost execution' and is not recommended as it has limitations on SAP Software installations (particularly installations across multiple hosts). + +At a high-level, complex executions with various interlinked activities are run in parallel or sequentially using the following execution structure: + +``` +Ansible Playbook +-> source Ansible Collection +-> execute Ansible Task +---> run Ansible Role +-----> run Ansible Module (e.g. built-in Ansible Module for Shell) +``` + +### Execution examples + +There are various methods to execute the Ansible Collection, dependent on the use case. + +For more information, see [Getting started](./docs/getting_started) and edit the [sample Ansible Playbooks in `/playbooks`](../playbooks/). + + +## Requirements and Dependencies + +### Target host - Operating System requirements + +Designed for Linux operating systems, e.g. RHEL (7.x, 8.x, 9.x) and SLES (15 SPx). + +This Ansible Collection has not been tested and amended for SAP NetWeaver Application Server instantiations on IBM AIX or Windows Server. + +Assumptions for executing the Ansible Roles from this Ansible Collection include: + +- Registered OS +- OS Package repositories are available (from the relevant content delivery network of the OS vendor) + +N.B. The Ansible Collection works with SLES from version 15 SP3 and upwards, for the following reasons: + +- firewalld is used within the Ansible Collection. In SLES 15 SP3, firewalld became the replacement for nftables. See changelog [SLE-16300](https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15-SP3/index.html#jsc-SLE-16300) +- SELinux is used within the Ansible Collection. While introduced earlier with community support, full support for SELinux was provided as of SLES 15 SP3. See changelog [SLE-17307](https://www.suse.com/releasenotes/x86_64/SUSE-SLES/15-SP3/index.html#jsc-SLE-17307) + +### Execution/Controller host - Operating System requirements + +Execution of Ansible Playbooks using this Ansible Collection have been tested with: +- Python 3.9.7 and above (i.e. CPython distribution) +- Ansible Core 2.12.0 and above _(included with optional installation of Ansible Community Edition 5.0 and above)_ +- OS: macOS with Homebrew, RHEL, SLES, and containers in Task Runners (e.g. Azure DevOps) + +#### Ansible Core version + +This Ansible Collection was designed for maximum backwards compatibility, with full compatibility starting from Ansible Core 2.12.0 and above. + +**Note 1:** Ansible 2.9 was the last release before the Ansible project was split into Ansible Core and Ansible Community Edition, and was before Ansible Collections functionality was introduced. This Ansible Collection should execute when Ansible 2.9 is used, but it is not recommended and errors should be expected (and will not be resolved). + +**Note 2:** Ansible Core versions preceeding 2.14.12 , 2.15.8 , and 2.16.1 where `CVE-2023-5764` (templating inside `that` statement of `assert` Ansible Tasks) security fix was addressed, will work after `v1.3.4` of this Ansible Collection. Otherwise an error similar to the following will occur: + +```yaml +fatal: [host01]: FAILED! => + msg: 'The conditional check ''13 <= 128'' failed. The error was: Conditional is marked as unsafe, and cannot be evaluated.' +``` + + +## Testing + +Various SAP Software solutions have been extensively tested. + +Prior to each release, basic scenarios are executed to confirm functionality is working as expected; including SAP S/4HANA installation. + +Important note: it is not possible for the project maintainers to test every SAP Software installation and solution scenario for each OS hosted on each Infrastructure Platform, if an error is identified please raise a [GitHub Issue](/../../issues/). + + +### Ansible Roles Lint Status + +| Role Name | Ansible Lint Status | +| :--- | :--- | +| [sap_anydb_install_oracle](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_anydb_install_oracle) | N/A | +| [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure) | [![Ansible Lint for sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_general_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_general_preconfigure.yml) | +| [sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_install_hana_hsr) | [![Ansible Lint for sap_ha_install_hana_hsr](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_install_hana_hsr.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_install_hana_hsr.yml) | +| [sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_ha_pacemaker_cluster) | [![Ansible Lint for sap_ha_pacemaker_cluster](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_pacemaker_cluster.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_ha_pacemaker_cluster.yml) | +| [sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_install) | [![Ansible Lint for sap_hana_install](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_install.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_install.yml) | +| [sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hana_preconfigure) | [![Ansible Lint for sap_hana_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hana_preconfigure.yml) | +| [sap_hostagent](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hostagent) | N/A | +| [sap_hypervisor_node_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hypervisor_node_preconfigure) | [![Ansible Lint for sap_hypervisor_node_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hypervisor_node_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hypervisor_node_preconfigure.yml) | +| [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) | N/A | +| [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure) | [![Ansible Lint for sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_netweaver_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_netweaver_preconfigure.yml) | +| [sap_storage_setup](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_storage_setup) | N/A | +| [sap_swpm](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_swpm) | [![Ansible Lint for sap_swpm](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_swpm.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_swpm.yml) | +| [sap_vm_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_vm_preconfigure) | N/A | diff --git a/docs/getting_started/README.md b/docs/getting_started/README.md index d66abf74e..7788e3c4d 100644 --- a/docs/getting_started/README.md +++ b/docs/getting_started/README.md @@ -1,12 +1,11 @@ -# Examples and Tips +# Getting started -In this folder you find sample files, a few additional tips for using the provided ansible roles, as well as references to further information. +In this folder you will find sample files, a few additional tips for using the provided ansible roles, as well as references to further information. -- [Examples and Tips](#examples-and-tips) - - [How to run playbooks](#how-to-run-playbooks) - - [Inventory and variable parameters](#inventory-and-variable-parameters) - - [Security parameters](#security-parameters) - - [Other useful options](#other-useful-options) +- [How to run playbooks](#how-to-run-playbooks) + - [Inventory and variable parameters](#inventory-and-variable-parameters) + - [Security parameters](#security-parameters) + - [Other useful options](#other-useful-options) ## How to run playbooks From e7c7bba4cd8967091f2bb50d2f9347a7eb4a1658 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Mon, 15 Jan 2024 19:02:58 +0000 Subject: [PATCH 193/196] collection: add new role to documentation --- README.md | 1 + docs/README.md | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 3bb046ba0..62e8b3ec7 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,7 @@ Within this Ansible Collection, there are various Ansible Roles and no custom An | [sap_hostagent](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hostagent) | install SAP Host Agent | | [sap_hypervisor_node_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hypervisor_node_preconfigure) | configure a hypervisor running VMs for SAP HANA | | [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) | detect and extract SAP Software installation media | +| [sap_maintain_etc_hosts](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_maintain_etc_hosts) | maintain the /etc/hosts file of an SAP software host | | [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure) | configure settings for SAP NetWeaver application server | | [sap_storage_setup](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_storage_setup) | configure storage for SAP HANA, with LVM partitions and XFS filesystem | | [sap_swpm](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_swpm) | install SAP Software via SWPM | diff --git a/docs/README.md b/docs/README.md index 3f3b1f31e..6cedc2566 100644 --- a/docs/README.md +++ b/docs/README.md @@ -130,6 +130,7 @@ Important note: it is not possible for the project maintainers to test every SAP | [sap_hostagent](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hostagent) | N/A | | [sap_hypervisor_node_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_hypervisor_node_preconfigure) | [![Ansible Lint for sap_hypervisor_node_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hypervisor_node_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_hypervisor_node_preconfigure.yml) | | [sap_install_media_detect](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_install_media_detect) | N/A | +| [sap_maintain_etc_hosts](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_maintain_etc_hosts) | [![Ansible Lint for sap_maintain_etc_hosts](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_maintain_etc_hosts.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_maintain_etc_hosts.yml) | | [sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_netweaver_preconfigure) | [![Ansible Lint for sap_netweaver_preconfigure](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_netweaver_preconfigure.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_netweaver_preconfigure.yml) | | [sap_storage_setup](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_storage_setup) | N/A | | [sap_swpm](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_swpm) | [![Ansible Lint for sap_swpm](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_swpm.yml/badge.svg)](https://github.com/sap-linuxlab/community.sap_install/actions/workflows/ansible-lint-sap_swpm.yml) | From 342d6557479cf763aa8b8a116eb569e2d0dc9718 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Mon, 15 Jan 2024 19:05:41 +0000 Subject: [PATCH 194/196] collection: readme codespell --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index 6cedc2566..e9d87a01c 100644 --- a/docs/README.md +++ b/docs/README.md @@ -100,7 +100,7 @@ This Ansible Collection was designed for maximum backwards compatibility, with f **Note 1:** Ansible 2.9 was the last release before the Ansible project was split into Ansible Core and Ansible Community Edition, and was before Ansible Collections functionality was introduced. This Ansible Collection should execute when Ansible 2.9 is used, but it is not recommended and errors should be expected (and will not be resolved). -**Note 2:** Ansible Core versions preceeding 2.14.12 , 2.15.8 , and 2.16.1 where `CVE-2023-5764` (templating inside `that` statement of `assert` Ansible Tasks) security fix was addressed, will work after `v1.3.4` of this Ansible Collection. Otherwise an error similar to the following will occur: +**Note 2:** Ansible Core versions prior to 2.14.12 , 2.15.8 , and 2.16.1 where `CVE-2023-5764` (templating inside `that` statement of `assert` Ansible Tasks) security fix was addressed, will work after `v1.3.4` of this Ansible Collection. Otherwise an error similar to the following will occur: ```yaml fatal: [host01]: FAILED! => From 44b60b5357f8cfab22176b07d35903246b5f68e5 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Tue, 16 Jan 2024 11:18:41 +0100 Subject: [PATCH 195/196] sap_vm_preconfigure: Bump version of ansible-lint to 6.22.1 ... in GitHub workflow Signed-off-by: Bernd Finger --- .github/workflows/ansible-lint-sap_vm_preconfigure.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ansible-lint-sap_vm_preconfigure.yml b/.github/workflows/ansible-lint-sap_vm_preconfigure.yml index 4b6b38747..05d84672a 100644 --- a/.github/workflows/ansible-lint-sap_vm_preconfigure.yml +++ b/.github/workflows/ansible-lint-sap_vm_preconfigure.yml @@ -29,14 +29,14 @@ jobs: - name: Set up Python 3 uses: actions/setup-python@main with: - python-version: '3.9' + python-version: '3.12' - name: Install test dependencies run: | - pip3 install ansible==7.5.0 - pip3 install ansible-compat==3.0.2 - pip3 install ansible-core==2.14.5 - pip3 install ansible-lint==6.8.6 + pip3 install ansible==9.1.0 + pip3 install ansible-compat==4.1.10 + pip3 install ansible-core==2.16.2 + pip3 install ansible-lint==6.22.1 - name: Run ansible-lint working-directory: /home/runner/work/community.sap_install/community.sap_install/roles/sap_vm_preconfigure From 1583854c65e20e716b497d4328d2b73a0a9cf8d1 Mon Sep 17 00:00:00 2001 From: sean-freeman <1815807+sean-freeman@users.noreply.github.com> Date: Tue, 16 Jan 2024 11:18:38 +0000 Subject: [PATCH 196/196] collection: markdown url typo --- docs/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/README.md b/docs/README.md index e9d87a01c..2cc867f9b 100644 --- a/docs/README.md +++ b/docs/README.md @@ -66,7 +66,7 @@ Ansible Playbook There are various methods to execute the Ansible Collection, dependent on the use case. -For more information, see [Getting started](./docs/getting_started) and edit the [sample Ansible Playbooks in `/playbooks`](../playbooks/). +For more information, see [Getting started](./getting_started#readme) and edit the [sample Ansible Playbooks in `/playbooks`](../playbooks/). ## Requirements and Dependencies