Preparation for release v3.13.0.1 (#659)

* Bring in HotFix repairs (#651)

* Refactor deploy control plane script to remove unnecessary Terraform installation and Azure CLI installation
* Refactor deploy control plane script to include sourcing deploy_server.sh and fixing Terraform ownership
* Refactor deploy control plane script to include dynamic role assignment based on VM count and use managed service identity (MSI) for authentication
* Refactor pipeline script to update echo statements and export variables for installation method, workload ARM_CLIENT_ID, and Terraform state information

Co-authored-by: Kimmo Forss <[email protected]>
Co-authored-by: hdamecharla <[email protected]>

* ansible python fix (#653)

Co-authored-by: swatibehl <[email protected]>

* Fix conditional statement in install_workloadzone.sh

* Pipeline hotfixes (#654)

* Refactor echo statements in deploy control plane pipeline
* Refactor install_workloadzone.sh script to reset return_value variable
* Refactor install_workloadzone.sh script to improve error handling
* feng shui
* Refactor variables_local.tf to improve readability and error handling
* Refactor deploy control plane pipeline to include deployer_tfstate_key parameter
* Refactor deploy control plane pipeline to include deployer_tfstate_key and landscape_tfstate_key parameters
* Refactor echo statement in deploy control plane pipeline
* Refactor remover script in deploy control plane pipeline
* Refactor deploy control plane pipeline to remove unnecessary use_msi flag
* Refactor deploy control plane pipeline to update default value for spn_keyvault_id
* Refactor deploy control plane pipeline to update default value for spn_key_vault_arm_id
* Refactor deploy control plane pipeline to trim deployer_tfstate_key in imports.tf
* Refactor deploy control plane pipeline to include provider for azurerm.workload in imports.tf
* Refactor deploy control plane pipeline to update storage account authentication and export TF_VAR_tfstate_resource_id
* Refactor deploy control plane pipeline to update deployer and landscape state file paths
* Refactor deploy control plane pipeline to remove unnecessary code in remover.sh
* Refactor install_workloadzone.sh to export SPN key vault ID if keyvault is provided
* Refactor tfvar_variables.tf to set default value of short_named_endpoints_nics to true
* Refactor remover.sh to consolidate terraform destroy command
* Refactor echo statements in remover.sh and remove-control-plane.yaml
* Refactor echo statements in deploy/pipelines/01-deploy-control-plane.yaml
* Refactor providers.tf to conditionally set use_msi based on var.use_spn
* Refactor echo statements in deploy/pipelines/01-deploy-control-plane.yaml to improve clarity of deployment credentials
* Refactor install_workloadzone.sh to improve argument parsing and readability
* Refactor code for improved argument parsing and readability in install_workloadzone.sh
* Refactor LandscapeModel.cs, LandscapeDetails.json, and LandscapeTemplate.txt to add prevent_deletion_if_contains_resources property
* Refactor package dependencies in os-packages.yaml
* Refactor ansible role to remove unused variable and update passlib dependency
* Refactor echo statement in install_workloadzone.sh for improved clarity

---------

Co-authored-by: Kimmo Forss <[email protected]>

* Suse 12 fix for python (#656)

* suse 12 fix for python

* Update 1.17.1-pre_checks.yml

* Update 1.17.1-pre_checks.yml

Fix linting issues

---------

Co-authored-by: swatibehl <[email protected]>
Co-authored-by: hdamecharla <[email protected]>

* SLES 12 SP5 fixes (#658)

* Fix conditional statement in install_workloadzone.sh

* Fix subscription_id assignment in providers.tf

* Fix indentation in deployment credential messages

* Fix deployment credential messages and subscription_id assignment

* chore: enable Azure scheduled events resource start and display output on SUSE

* Refactor deployment script to improve readability and remove unnecessary output

* Update provider version to 4.7

* Refactor tfvar_variables.tf to add a new variable for preventing deletion of resource groups with resources

* Add prevent_deletion_if_contains_resources variable to SystemModel.cs

* Refactor deployment script to improve readability and display deployment credentials

* Refactor deployment script to enable Stonith and concurrent fencing

* Refactor tfvar_variables.tf to add prevent_deletion_if_contains_resources variable

* Refactor validate.yml to remove single quotes from crm_resource output

* Refactor validate.yml to remove single quotes from crm_resource output

* fix ansible schema errors

* Refactor validate.yml to remove unnecessary 'when' condition

---------

Co-authored-by: Kimmo Forss <[email protected]>
Co-authored-by: hdamecharla <[email protected]>

* extend timeout for zypp (#657)

Co-authored-by: swatibehl <[email protected]>

---------

Co-authored-by: Kimmo Forss <[email protected]>
Co-authored-by: Kimmo Forss <[email protected]>
Co-authored-by: Swatibehl <[email protected]>
Co-authored-by: swatibehl <[email protected]>

README.md

@@ -6,7 +6,7 @@ The framework uses Terraform for infrastructure deployment, and Ansible for the
 
 ## Enterprise-scale  - Reference Implementation
 
-![Ansible Lint](https://github.com/Azure/sap-automation/workflows/Ansible%20Lint/badge.svg)    [![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/azure/sap-automation.svg)](http://isitmaintained.com/project/azure/sap-automation "Average time to resolve an issue")    [![Percentage of issues still open](http://isitmaintained.com/badge/open/azure/sap-automation.svg)](http://isitmaintained.com/project/azure/sap-automation "Percentage of issues still open")
+![Ansible Lint](https://github.com/Azure/sap-automation/workflows/Ansible%20Lint/badge.svg)    [![Average time to resolve an issue](http://isitmaintained.com/badge/resolution/azure/sap-automation.svg)](http://isitmaintained.com/project/azure/sap-automation "Average time to resolve an issue")    [![Percentage of issues still open](http://isitmaintained.com/badge/open/azure/sap-automation.svg)](http://isitmaintained.com/project/azure/sap-automation "Percentage of issues still open") [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/Azure/sap-automation/badge)](https://scorecard.dev/viewer/?uri=github.com/Azure/sap-automation)
 
 ## Partnership
 

Webapp/SDAF/Models/LandscapeModel.cs

@@ -221,6 +221,8 @@ public bool IsValid()
 
     public string resourcegroup_name { get; set; }
 
+    public bool? prevent_deletion_if_contains_resources { get; set; } = true;
+
     /*---------------------------------------------------------------------------8
     |                                                                            |
     |                       Azure NetApp Files information                       |

Webapp/SDAF/Models/SystemModel.cs

@@ -183,6 +183,8 @@ public bool IsValid()
 
     public string resourcegroup_name { get; set; }
 
+    public bool? prevent_deletion_if_contains_resources { get; set; } = true;
+
     /*---------------------------------------------------------------------------8
     |                                                                            |
     |                       Miscallaneous information                            |

Webapp/SDAF/ParameterDetails/LandscapeDetails.json

@@ -120,6 +120,15 @@
         "Options": [],
         "Overrules": "",
         "Display": 2
+      },
+      {
+        "Name": "prevent_deletion_if_contains_resources",
+        "Required": false,
+        "Description": "Prevent deletion of resource group if there are Resources left within the Resource Group during deletion",
+        "Type": "checkbox",
+        "Options": [],
+        "Overrules": "",
+        "Display": 2
       }
     ]
   },

Webapp/SDAF/ParameterDetails/LandscapeTemplate.txt

@@ -305,7 +305,8 @@ $$resourcegroup_name$$
 # The resourcegroup_name arm_id is optional, it can be used to provide an existing resource group for the deployment
 $$resourcegroup_arm_id$$
 
-
+# Prevent deletion of resource group if there are Resources left within the Resource Group during deletion
+$$prevent_deletion_if_contains_resources$$
 
 #########################################################################################
 #                                                                                       #

Webapp/SDAF/ParameterDetails/SystemDetails.json

@@ -203,6 +203,15 @@
         "Options": [],
         "Overrules": "",
         "Display": 2
+      },
+      {
+        "Name": "prevent_deletion_if_contains_resources",
+        "Required": false,
+        "Description": "Prevent deletion of resource group if there are Resources left within the Resource Group during deletion",
+        "Type": "checkbox",
+        "Options": [],
+        "Overrules": "",
+        "Display": 2
       }
     ]
   },

Webapp/SDAF/ParameterDetails/SystemTemplate.txt

@@ -647,6 +647,10 @@ $$resourcegroup_name$$
 # The resourcegroup_name arm_id is optional, it can be used to provide an existing resource group for the deployment
 $$resourcegroup_arm_id$$
 
+# Prevent deletion of resource group if there are Resources left within the Resource Group during deletion
+$$prevent_deletion_if_contains_resources$$
+
+
 #########################################################################################
 #                                                                                       #
 #  Proximity Placement Group                                                            #

Webapp/SDAF/SDAFWebApp.csproj

@@ -16,18 +16,18 @@
 
   <ItemGroup>
     <PackageReference Include="Azure.Data.Tables" Version="12.9.1" />
-    <PackageReference Include="Azure.Identity" Version="1.12.1" />
+    <PackageReference Include="Azure.Identity" Version="1.13.1" />
     <PackageReference Include="Azure.ResourceManager" Version="1.13.0" />
     <PackageReference Include="Azure.ResourceManager.Compute" Version="1.6.0" />
     <PackageReference Include="Azure.ResourceManager.KeyVault" Version="1.3.0" />
     <PackageReference Include="Azure.ResourceManager.Network" Version="1.9.0" />
     <PackageReference Include="Azure.ResourceManager.Resources" Version="1.9.0" />
     <PackageReference Include="Azure.ResourceManager.Storage" Version="1.3.0" />
-    <PackageReference Include="Azure.Storage.Blobs" Version="12.22.1" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="6.0.33" />
-    <PackageReference Include="Microsoft.Extensions.Azure" Version="1.7.5" />
-    <PackageReference Include="Microsoft.Identity.Web" Version="3.2.0" />
-    <PackageReference Include="Microsoft.Identity.Web.UI" Version="3.2.0" />
+    <PackageReference Include="Azure.Storage.Blobs" Version="12.22.2" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.AzureAD.UI" Version="6.0.35" />
+    <PackageReference Include="Microsoft.Extensions.Azure" Version="1.7.6" />
+    <PackageReference Include="Microsoft.Identity.Web" Version="3.2.2" />
+    <PackageReference Include="Microsoft.Identity.Web.UI" Version="3.2.2" />
     <PackageReference Include="Microsoft.VisualStudio.Services.InteractiveClient" Version="19.241.0-preview" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="8.0.4" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />

deploy/ansible/roles-os/1.1-swap/defaults/main.yaml

@@ -0,0 +1,8 @@
+---
+# TODO: Maybe move these to a group_vars/all/distro file so that they
+# can be shared by all playbooks/tasks automatically, and extend with
+# standardised versions of all similar patterns used in the playbooks.
+# Changed from ansible_os_family to ansible_distribution to adopt Oracle Linux. os_family returns returns value Redhat by default.
+distro_name:    "{{ ansible_distribution | upper }}-{{ ansible_distribution_major_version }}"
+distribution_id:      "{{ ansible_distribution | lower ~ ansible_distribution_major_version }}"
+distribution_full_id: "{{ ansible_distribution | lower ~ ansible_distribution_version }}"

deploy/ansible/roles-os/1.1-swap/tasks/main.yaml

@@ -34,10 +34,9 @@
     name:                              WALinuxAgent
     state:                             latest
   environment:
-    ZYPP_LOCK_TIMEOUT:                 "20"
-
+    ZYPP_LOCK_TIMEOUT:                 "60"
   when:
-    - ansible_os_family == 'Suse'
+    - distribution_id == 'sles_sap15'
   tags:
     - skip_ansible_lint
 

deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.1-pre_checks.yml

@@ -6,10 +6,17 @@
 # |                                                                            |
 # +------------------------------------4--------------------------------------*/
 
+- name:                                "5.6 SCS/ERS Validation: - Set Python version {{ distribution_id }}"
+  ansible.builtin.set_fact:
+    python_version:                    "python2"
+  when: (ansible_distribution | lower ~ ansible_distribution_major_version) in ['sles_sap12']
+
 - name:                                "1.17 Generic Pacemaker: - Ensure passlib is installed"
   ansible.builtin.pip:
     name:                              passlib
     state:                             present
+  vars:
+    ansible_python_interpreter:        "{{ python_version }}"
   tags:
     - always
 

deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.2.0-cluster-Suse.yml

@@ -185,7 +185,7 @@
 
     - name:                            "1.17 Generic Pacemaker - Enable Stonith"
       ansible.builtin.shell: |
-                                       crm configure property stonith-enabled=true \
+                                       crm configure property stonith-enabled=true
                                        crm configure property concurrent-fencing=true
       register:                        crm_configure_result
       failed_when:                     crm_configure_result.rc > 1
@@ -405,6 +405,26 @@
     - name:                            "1.17 Generic Pacemaker - Remove false positives"
       ansible.builtin.shell:           crm_resource -C
 
+    - name:                            "1.17 Generic Pacemaker - Ensure the Azure scheduled events resource is started"
+      ansible.builtin.shell: |
+                                       set -o pipefail
+                                       crm status full | grep health-azure-events | grep Started | wc -l
+      register:                        azure_scheduled_events_status
+      retries:                         12
+      delay:                           10
+      until:                           azure_scheduled_events_status.stdout | int == ansible_play_hosts_all | length
+      when:                            inventory_hostname == primary_instance_name
+      failed_when:                     false
+
+    - name:                            "1.17 Generic Pacemaker - display output of Azure scheduled events"
+      when:                            inventory_hostname == primary_instance_name
+      ansible.builtin.debug:
+        msg:
+          - "output lines:             {{ azure_scheduled_events_status.stdout_lines }}"
+          - "output:                   {{ azure_scheduled_events_status.stdout | int }}"
+          - "output_truthiness:        {{ azure_scheduled_events_status.stdout | int == ansible_play_hosts_all | length }}"
+        verbosity:                     2
+
     - name:                            "1.17 Generic Pacemaker - Ensure maintenance mode is disabled"
       ansible.builtin.shell:           crm configure property maintenance-mode=false
 

deploy/ansible/roles-os/1.3-repository/tasks/1.3.0-preparation-Suse.yaml

@@ -15,7 +15,7 @@
       # change anything so ensure it doesn't report as changed.
       changed_when:                    false
       environment:
-        ZYPP_LOCK_TIMEOUT:             "20"
+        ZYPP_LOCK_TIMEOUT:             "60"
 
   rescue:
     # Attempt to configure the repos by re-registering instance
@@ -39,7 +39,7 @@
           # registercloudguest rc == 1 when successful
           failed_when:                     reg_result.rc > 1
           environment:
-            ZYPP_LOCK_TIMEOUT:        "20"
+            ZYPP_LOCK_TIMEOUT:        "60"
 
         - name:                        "1.3 Packages - Wait 30 secs before retrying"
           ansible.builtin.wait_for:

deploy/ansible/roles-os/1.4-packages/tasks/1.4.0-packages-Suse-prep.yaml

@@ -35,7 +35,7 @@
                                        SUSEConnect -p sle-module-public-cloud/{{ ansible_distribution_version }}/x86_64
       register:                        cloud_extension
       environment:
-        ZYPP_LOCK_TIMEOUT:              "20"
+        ZYPP_LOCK_TIMEOUT:              "60"
 
   rescue:
     - name:                            "1.4 Packages - Wait 10 secs before retrying"

deploy/ansible/roles-os/1.4-packages/tasks/1.4.3-update-packages-Suse.yaml

@@ -13,7 +13,7 @@
     state:                             latest
     update_cache:                      true
   environment:
-    ZYPP_LOCK_TIMEOUT:                 "20"
+    ZYPP_LOCK_TIMEOUT:                 "60"
   tags:
     - skip_ansible_lint
 

deploy/ansible/roles-os/1.4-packages/vars/os-packages.yaml

@@ -339,33 +339,35 @@ packages:
     - { tier: 'ha',     package: 'socat',                                        node_tier: 'all',     state: 'present' }
     - { tier: 'ha',     package: 'corosync',                                     node_tier: 'all',     state: 'present' }
     - { tier: 'ha',     package: 'resource-agents>=4.3',                         node_tier: 'all',     state: 'present' }
-    - { tier: 'ha',     package: 'fence-agents>=4.4.0',                          node_tier: 'all',     state: 'present' }
     - { tier: 'ha',     package: 'cloud-netconfig-azure>=1.3',                   node_tier: 'all',     state: 'present' }
   # Assumption: Public_Cloud_Module_x86_64 already available
     - { tier: 'ha',     package: 'python-azure-mgmt-compute',                    node_tier: 'all',     state: 'present' }
     - { tier: 'ha',     package: 'python-azure-identity',                        node_tier: 'all',     state: 'present' }  # Added as part of documentation update
-    - { tier: 'ha',     package: 'sap-suse-cluster-connector',                   node_tier: 'hana',     state: 'present' }
+    - { tier: 'ha',     package: 'sap-suse-cluster-connector',                   node_tier: 'hana',    state: 'present' }
     - { tier: 'ha',     package: 'sap-suse-cluster-connector',                   node_tier: 'scs',     state: 'present' }
     - { tier: 'ha',     package: 'sap-suse-cluster-connector',                   node_tier: 'ers',     state: 'present' }
   # -------------------------- End - packages required for Clustering ------------------------------------8
   sles_sap12.4:
   # --------------------------- Begin - Packages required for SYBASE -----------------------------------------8
     # 2371942 - Error Executing isql or dscp on SAP ASE or SAP HANA Accelerator for SAP ASE
-    - { tier: 'os',     package: 'glibc-32bit',                                  node_tier: 'sybase',     state: 'present' }
+    - { tier: 'os',     package: 'glibc-32bit',                                  node_tier: 'sybase',  state: 'present' }
+    - { tier: 'ha',     package: 'fence-agents>=4.4.0',                          node_tier: 'all',     state: 'present' }
     # --------------------------- End - Packages required for SYBASE -------------------------------------------8
   sles_sap12.5:
   # --------------------------- Begin - Packages required for SYBASE -----------------------------------------8
     # 2371942 - Error Executing isql or dscp on SAP ASE or SAP HANA Accelerator for SAP ASE
-    - { tier: 'os',     package: 'glibc-32bit',                                  node_tier: 'sybase',     state: 'present' }
-    # --------------------------- End - Packages required for SYBASE -------------------------------------------8
+    - { tier: 'os',     package: 'glibc-32bit',                                  node_tier: 'sybase',  state: 'present' }
+    - { tier: 'ha',     package: 'fence-agents-azure-arm',                       node_tier: 'scs',     state: 'present' }
+    - { tier: 'ha',     package: 'fence-agents-azure-arm',                       node_tier: 'ers',     state: 'present' }
+    - { tier: 'ha',     package: 'fence-agents-azure-arm',                       node_tier: 'hana',    state: 'present' }    # --------------------------- End - Packages required for SYBASE -------------------------------------------8
   sles_sap15:
     - { tier: 'os',     package: 'chrony',                                       node_tier: 'all',     state: 'present' }
 #   - { tier: 'os',     package: 'libyui-qt-pkg11',                              node_tier: 'all',     state: 'present' }
     - { tier: 'os',     package: 'glibc',                                        node_tier: 'all',     state: 'present' }
     - { tier: 'os',     package: 'systemd',                                      node_tier: 'all',     state: 'present' }
     - { tier: 'os',     package: 'tuned',                                        node_tier: 'all',     state: 'present' }
     - { tier: 'os',     package: 'numad',                                        node_tier: 'all',     state: 'present' }
-    - { tier: 'os',     package: 'ntp',                                          node_tier: 'all',     state: 'absent' }
+    - { tier: 'os',     package: 'ntp',                                          node_tier: 'all',     state: 'absent'  }
     - { tier: 'os',     package: 'unrar',                                        node_tier: 'scs',     state: 'present' }
     # --------------------------- Begin - Packages required for DB2 -----------------------------------------8
     # https://www.ibm.com/docs/en/db2/11.5?topic=servers-linux