Merge pull request #471 from ja9fuchs/ha_for_nw

sap_ha_pacemaker_cluster: enhanced pre-checks and improved variable handling
sap-linuxlab · Sep 22, 2023 · 84fbb1e · 84fbb1e
2 parents 96145ee + 621bad6
commit 84fbb1e
Show file tree

Hide file tree

Showing 26 changed files with 1,448 additions and 721 deletions.
diff --git a/roles/sap_ha_pacemaker_cluster/README.md b/roles/sap_ha_pacemaker_cluster/README.md
diff --git a/roles/sap_ha_pacemaker_cluster/defaults/main.yml b/roles/sap_ha_pacemaker_cluster/defaults/main.yml
diff --git a/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml b/roles/sap_ha_pacemaker_cluster/meta/argument_specs.yml
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/ascertain_ha_cluster_in_inventory.yml b/roles/sap_ha_pacemaker_cluster/tasks/ascertain_ha_cluster_in_inventory.yml
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_final_hacluster_vars.yml
@@ -0,0 +1,95 @@
+---
+# After all of the previous construction flows, the final parameters must
+# be translated to 'ha_cluster' Linux System Role syntax.
+#
+# This way the include_role parameters are set as play vars and do not
+# require a static list of vars when the role is included.
+
+# List of parameters that are constructed by this role, but not all of them
+# are mandatory to be defined. For any undefined parameter the default of the
+# 'ha_cluster' role will apply, if the role has a default defined.
+#
+# Make sure to always define those parameters which have no 'ha_cluster' LSR default!
+#
+# SAP HA Pacemaker Cluster role                 -> 'ha_cluster' Linux System Role
+# ------------------------------------------------------------------------------
+# __sap_ha_pacemaker_cluster_ha_cluster             ha_cluster
+# __sap_ha_pacemaker_cluster_cluster_name           ha_cluster_cluster_name
+# __sap_ha_pacemaker_cluster_cluster_properties     ha_cluster_cluster_properties
+# __sap_ha_pacemaker_cluster_constraints_colocation ha_cluster_constraints_colocation
+# __sap_ha_pacemaker_cluster_constraints_location   ha_cluster_constraints_location
+# __sap_ha_pacemaker_cluster_constraints_order      ha_cluster_constraints_order
+# __sap_ha_pacemaker_cluster_extra_packages         ha_cluster_extra_packages
+# __sap_ha_pacemaker_cluster_fence_agent_packages   ha_cluster_fence_agent_packages
+# __sap_ha_pacemaker_cluster_hacluster_password     ha_cluster_hacluster_password
+# __sap_ha_pacemaker_cluster_repos                  __ha_cluster_repos
+# __sap_ha_pacemaker_cluster_resource_clones        ha_cluster_resource_clones
+# __sap_ha_pacemaker_cluster_resource_groups        ha_cluster_resource_groups
+# __sap_ha_pacemaker_cluster_resource_primitives    ha_cluster_resource_primitives
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster'"
+  when: __sap_ha_pacemaker_cluster_ha_cluster is defined
+  ansible.builtin.set_fact:
+    ha_cluster: "{{ __sap_ha_pacemaker_cluster_ha_cluster }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_cluster_name'"
+  when: __sap_ha_pacemaker_cluster_cluster_name is defined
+  ansible.builtin.set_fact:
+    ha_cluster_cluster_name: "{{ __sap_ha_pacemaker_cluster_cluster_name }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_cluster_properties'"
+  when: __sap_ha_pacemaker_cluster_cluster_properties is defined
+  ansible.builtin.set_fact:
+    ha_cluster_cluster_properties: "{{ __sap_ha_pacemaker_cluster_cluster_properties }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_constraints_colocation'"
+  when: __sap_ha_pacemaker_cluster_constraints_colocation is defined
+  ansible.builtin.set_fact:
+    ha_cluster_constraints_colocation: "{{ __sap_ha_pacemaker_cluster_constraints_colocation }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_constraints_location'"
+  when: __sap_ha_pacemaker_cluster_constraints_location is defined
+  ansible.builtin.set_fact:
+    ha_cluster_constraints_location: "{{ __sap_ha_pacemaker_cluster_constraints_location }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_constraints_order'"
+  when: __sap_ha_pacemaker_cluster_constraints_order is defined
+  ansible.builtin.set_fact:
+    ha_cluster_constraints_order: "{{ __sap_ha_pacemaker_cluster_constraints_order }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_extra_packages'"
+  when: __sap_ha_pacemaker_cluster_extra_packages is defined
+  ansible.builtin.set_fact:
+    ha_cluster_extra_packages: "{{ __sap_ha_pacemaker_cluster_extra_packages }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_fence_agent_packages'"
+  when: __sap_ha_pacemaker_cluster_fence_agent_packages is defined
+  ansible.builtin.set_fact:
+    ha_cluster_fence_agent_packages: "{{ __sap_ha_pacemaker_cluster_fence_agent_packages }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_hacluster_password'"
+  when: __sap_ha_pacemaker_cluster_hacluster_password is defined
+  ansible.builtin.set_fact:
+    ha_cluster_hacluster_password: "{{ __sap_ha_pacemaker_cluster_hacluster_password }}"
+  no_log: true  # secure the credential
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_repos'"
+  when: __sap_ha_pacemaker_cluster_repos is defined
+  ansible.builtin.set_fact:
+    __ha_cluster_repos: "{{ __sap_ha_pacemaker_cluster_repos }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_clones'"
+  when: __sap_ha_pacemaker_cluster_resource_clones is defined
+  ansible.builtin.set_fact:
+    ha_cluster_resource_clones: "{{ __sap_ha_pacemaker_cluster_resource_clones }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_groups'"
+  when: __sap_ha_pacemaker_cluster_resource_groups is defined
+  ansible.builtin.set_fact:
+    ha_cluster_resource_groups: "{{ __sap_ha_pacemaker_cluster_resource_groups }}"
+
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Define parameter 'ha_cluster_resource_primitives'"
+  when: __sap_ha_pacemaker_cluster_resource_primitives is defined
+  ansible.builtin.set_fact:
+    ha_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives }}"
+  no_log: true  # be paranoid, there could be credentials in it
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml
@@ -1,29 +1,49 @@
 ---
-# Create or combine input parameters for the ha_cluster role.
+# Combine input parameters with inherited vars from the 'ha_cluster' role.
+# The inherited values take precedence. Some parameters are not required to be set.
+# The 'ha_cluster' LSR will apply its role defaults.
+# For mandatory parameters, sanity checks will be done separately.
 
+# sap_ha_pacemaker_cluster_cluster_name   -> user-defined or default inherited from {{ ha_cluster_cluster_name }}
 - name: "SAP HA Prepare Pacemaker - Set cluster name"
+  when:
+    - __sap_ha_pacemaker_cluster_cluster_name is not defined
+    - sap_ha_pacemaker_cluster_cluster_name is defined
   ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_cluster_name: "{{ ha_cluster_cluster_name | default(sap_ha_pacemaker_cluster_cluster_name) }}"
+    __sap_ha_pacemaker_cluster_cluster_name: "{{ sap_ha_pacemaker_cluster_cluster_name }}"
 
+# sap_ha_pacemaker_cluster_hacluster_password -> user-defined or default inherited from {{ ha_cluster_hacluster_password }}
 - name: "SAP HA Prepare Pacemaker - Register the 'hacluster' user password"
+  when:
+    - __sap_ha_pacemaker_cluster_hacluster_password is not defined
+    - sap_ha_pacemaker_cluster_hacluster_password
   ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_hacluster_password: "{{ ha_cluster_hacluster_password | default(sap_ha_pacemaker_cluster_hacluster_password) }}"
-  no_log: true
+    __sap_ha_pacemaker_cluster_hacluster_password: "{{ sap_ha_pacemaker_cluster_hacluster_password }}"
+  no_log: true  # secure the credential
+
+
+# sap_ha_pacemaker_cluster_extra_packages             -> user-defined, empty by global default
+# __sap_ha_pacemaker_cluster_sap_extra_packages       -> included from vars/*
+# __sap_ha_pacemaker_cluster_platform_extra_packages  -> included from vars/platform*
+# Empty defaults defined here for optional non-user-facing parameters.
 
 - name: "SAP HA Prepare Pacemaker - Combine extra packages lists"
   ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_extra_packages: "{{
+    __sap_ha_pacemaker_cluster_extra_packages: "{{ (
       sap_ha_pacemaker_cluster_extra_packages
-      +
-      sap_ha_pacemaker_cluster_sap_extra_packages | default([])
-      +
-      sap_ha_pacemaker_cluster_platform_extra_packages | default([])
-    }}"
+      + __sap_ha_pacemaker_cluster_sap_extra_packages
+      + __sap_ha_pacemaker_cluster_platform_extra_packages
+    ) | unique }}"
+
+
+# sap_ha_pacemaker_cluster_fence_agent_minimal_packages -> global default
+# sap_ha_pacemaker_cluster_fence_agent_packages         -> global default
+# __sap_ha_pacemaker_cluster_fence_agent_packages       -> internal default (vars/main.yml)
 
 - name: "SAP HA Prepare Pacemaker - Combine fence agent packages lists"
   ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_fence_agent_packages: "{{
-      sap_ha_pacemaker_cluster_fence_agent_packages
-      +
-      __sap_ha_pacemaker_cluster_fence_agent_packages
-    }}"
+    __sap_ha_pacemaker_cluster_fence_agent_packages: "{{ (
+      sap_ha_pacemaker_cluster_fence_agent_minimal_packages
+      + sap_ha_pacemaker_cluster_fence_agent_packages
+      + __sap_ha_pacemaker_cluster_fence_agent_packages
+    ) | unique }}"
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml
@@ -7,7 +7,7 @@
 # This block is entered when
 # - no default stonith resource is defined and no custom is defined either
 # - an empty custom is defined to override any default (defined or not)
-- name: "SAP HA Prepare Pacemaker - Block when no STONITH resource is defined"
+- name: "SAP HA Prepare Pacemaker - (STONITH) Block when no STONITH resource is defined"
   when:
     - (
         sap_ha_pacemaker_cluster_stonith_custom is defined
@@ -34,7 +34,7 @@
       )
   block:
 
-    - name: "SAP HA Prepare Pacemaker - Set STONITH to disabled when no fencing resource is defined"
+    - name: "SAP HA Prepare Pacemaker - (STONITH) Set to disabled when no fencing resource is defined"
       ansible.builtin.set_fact:
         sap_ha_pacemaker_cluster_cluster_properties:
           "{{ sap_ha_pacemaker_cluster_cluster_properties | combine({ 'stonith-enabled': false }) }}"
@@ -53,13 +53,15 @@
 # END of block for disabling stonith
 
 
-- name: "SAP HA Prepare Pacemaker - Define cluster stonith properties"
+- name: "SAP HA Prepare Pacemaker - (STONITH) Define cluster properties"
   when:
     - sap_ha_pacemaker_cluster_cluster_properties is defined
     - sap_ha_pacemaker_cluster_cluster_properties is iterable
     - sap_ha_pacemaker_cluster_cluster_properties | length > 0
   ansible.builtin.set_fact:
-    __sap_ha_pacemaker_cluster_cluster_properties:
+    __sap_ha_pacemaker_cluster_cluster_properties: "{{ __sap_ha_pacemaker_cluster_cluster_properties | default([]) + __stonith_properties }}"
+  vars:
+    __stonith_properties:
       - attrs: |-
           {% set attrs = __sap_ha_pacemaker_cluster_cluster_properties | map(attribute='attrs') | flatten -%}
           {%- for default_cluster_properties in (sap_ha_pacemaker_cluster_cluster_properties | dict2items) -%}
@@ -83,7 +85,7 @@
 # - generic pacemaker fence resource options
 #   (see defaults: sap_ha_pacemaker_cluster_fence_options)
 
-- name: "SAP HA Prepare Pacemaker - Assemble the stonith resource definition from platform default"
+- name: "SAP HA Prepare Pacemaker - (STONITH) Assemble the resource definition from platform default"
   when:
     - sap_ha_pacemaker_cluster_stonith_default is defined
     - sap_ha_pacemaker_cluster_stonith_custom is not defined
@@ -117,7 +119,7 @@
               {%- endfor %}
             {{ attrs }}
 
-- name: "SAP HA Prepare Pacemaker - Assemble the stonith resources from custom definition"
+- name: "SAP HA Prepare Pacemaker - (STONITH) Assemble the resources from custom definition"
   when:
     - sap_ha_pacemaker_cluster_stonith_custom is defined
   ansible.builtin.set_fact:
@@ -144,7 +146,7 @@
 
 
 # The STONITH resource is an element in the cluster_resource_primitives list
-- name: "SAP HA Prepare Pacemaker - Construct stonith resources definition"
+- name: "SAP HA Prepare Pacemaker - (STONITH) Construct resources definition"
   when:
     - __sap_ha_pacemaker_cluster_stonith_resource is defined
   ansible.builtin.set_fact:

diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_resources_default.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_vip_resources_default.yml
@@ -2,7 +2,7 @@
 # Reminder: This file is included in a loop over a dictionary.
 
 # VIP resource definition itself
-- name: "SAP HA Prepare Pacemaker - Add resource: VIP {{ vip_list_item.key }}"
+- name: "SAP HA Prepare Pacemaker - Add resource: VIP {{ vip_list_item.key }} ({{ sap_ha_pacemaker_cluster_vip_resource_agent }})"
   ansible.builtin.set_fact:
     __sap_ha_pacemaker_cluster_resource_primitives: "{{ __sap_ha_pacemaker_cluster_resource_primitives + [__resource_vip] }}"
   vars:
@@ -17,3 +17,4 @@
               value: "{{ sap_ha_pacemaker_cluster_vip_client_interface }}"
   when:
     - __sap_ha_pacemaker_cluster_vip_resource_id not in (__sap_ha_pacemaker_cluster_resource_primitives | map(attribute='id'))
+    - '"IPaddr2" in sap_ha_pacemaker_cluster_vip_resource_agent'
diff --git a/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml b/roles/sap_ha_pacemaker_cluster/tasks/import_hacluster_vars_from_inventory.yml
@@ -0,0 +1,94 @@
+---
+# If there are "ha_cluster" Linux System Role parameters already defined in the
+# inventory, we will include these custom specifications and they take precedence.
+
+# Only parameters which need to be adjusted or enhanced by the SAP HA role
+# need to be included here.
+
+
+### Take the following template to add additional parameters to be inherited:
+# - name: "SAP HA Prepare Pacemaker - Register ha_cluster_"
+#   ansible.builtin.set_fact:
+#     __sap_ha_pacemaker_cluster_: "{{ ha_cluster_ }}"
+#   when: ha_cluster_ is defined
+
+
+# ha_cluster
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster'"
+  when: ha_cluster is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_ha_cluster: "{{ ha_cluster }}"
+
+# ha_cluster_cluster_name
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_cluster_name'"
+  when: ha_cluster_cluster_name is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_cluster_name: "{{ ha_cluster_cluster_name }}"
+
+# ha_cluster_cluster_properties
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_cluster_properties'"
+  when: ha_cluster_cluster_properties is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_cluster_properties: "{{ ha_cluster_cluster_properties }}"
+
+#__sap_ha_pacemaker_cluster_resource_groups ha_cluster_constraints_colocation
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_constraints_colocation'"
+  when: ha_cluster_constraints_colocation is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_constraints_colocation: "{{ ha_cluster_constraints_colocation }}"
+
+# ha_cluster_constraints_location
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_constraints_location'"
+  when: ha_cluster_constraints_location is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_constraints_location: "{{ ha_cluster_constraints_location }}"
+
+# ha_cluster_constraints_order
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_constraints_order'"
+  when: ha_cluster_constraints_order is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_constraints_order: "{{ ha_cluster_constraints_order }}"
+
+# ha_cluster_extra_packages
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_extra_packages'"
+  when: ha_cluster_extra_packages is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_extra_packages: "{{ ha_cluster_extra_packages }}"
+
+# ha_cluster_fence_agent_packages
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_fence_agent_packages'"
+  when: ha_cluster_fence_agent_packages is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_fence_agent_packages: "{{ ha_cluster_fence_agent_packages }}"
+
+# ha_cluster_hacluster_password
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_repos'"
+  when: ha_cluster_hacluster_password is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_hacluster_password: "{{ ha_cluster_hacluster_password }}"
+  no_log: true  # handle credentials with care
+
+# ha_cluster_repos
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_repos'"
+  when: ha_cluster_repos is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_repos: "{{ ha_cluster_repos }}"
+
+# ha_cluster_resource_clones
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_resource_clones'"
+  when: ha_cluster_resource_clones is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_resource_clones: "{{ ha_cluster_resource_clones }}"
+
+# ha_cluster_resource_groups
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_resource_groups'"
+  when: ha_cluster_resource_groups is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_resource_groups: "{{ ha_cluster_resource_groups }}"
+
+# ha_cluster_resource_primitives
+- name: "SAP HA Prepare Pacemaker - (ha_cluster) Register parameter 'ha_cluster_resource_primitives'"
+  when: ha_cluster_resource_primitives is defined
+  ansible.builtin.set_fact:
+    __sap_ha_pacemaker_cluster_resource_primitives: "{{ ha_cluster_resource_primitives }}"
+  no_log: true  # be paranoid, there could be credentials in it