Azure · hdamecharla · Oct 7, 2024 · Oct 1, 2024 · Oct 1, 2024 · Oct 1, 2024
@@ -51,22 +51,22 @@ public override bool IsValid(object value)
         if (addresses.Contains(","))
         {
           bool returnValue = true;
-          foreach(string address in addresses.Split(','))
+          foreach (string address in addresses.Split(','))
+          {
+            if (!RegexValidation(address, pattern))
             {
-              if(!RegexValidation(address, pattern))
-                {
-                  returnValue = false;
-                }
+              returnValue = false;
             }
+          }
           return returnValue;
 
         }
         else
         {
-          
+
           return RegexValidation(value, pattern);
         }
-      
+
       }
     }
     public class IpAddressValidator : ValidationAttribute
@@ -133,20 +133,56 @@ public override bool IsValid(object value)
         return RegexValidation(value, pattern);
       }
     }
+
     public class PrivateEndpointIdValidator : ValidationAttribute
     {
       public override bool IsValid(object value)
       {
+        if (value == null) return true;
         string pattern = @"^\/subscriptions\/\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\/resourceGroups\/[a-zA-Z0-9-_]+\/providers\/Microsoft.Network\/privateEndpoints\/[a-zA-Z0-9-_]+$";
-        return RegexValidation(value, pattern);
+        if (value.GetType().IsArray)
+        {
+          string[] values = (string[])value;
+          foreach (string v in values)
+          {
+            if (!RegexValidation(v, pattern)) return false;
+          }
+          return true;
+        }
+        else if (value.GetType() == typeof(string))
+        {
+          return RegexValidation(value, pattern);
+        }
+        else
+        {
+          return false;
+        }
       }
     }
     public class StorageAccountIdValidator : ValidationAttribute
     {
+
       public override bool IsValid(object value)
       {
+        if (value == null) return true;
         string pattern = @"^\/subscriptions\/\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\/resourceGroups\/[a-zA-Z0-9-_]+\/providers\/Microsoft.Storage\/storageAccounts\/[a-zA-Z0-9-_]+$";
-        return RegexValidation(value, pattern);
+        if (value.GetType().IsArray)
+        {
+          string[] values = (string[])value;
+          foreach (string v in values)
+          {
+            if (!RegexValidation(v, pattern)) return false;
+          }
+          return true;
+        }
+        else if (value.GetType() == typeof(string))
+        {
+          return RegexValidation(value, pattern);
+        }
+        else
+        {
+          return false;
+        }
       }
     }
     public class GuidValidator : ValidationAttribute
@@ -224,7 +260,7 @@ public override bool IsValid(object value)
         }
       }
     }
-    
+
     public class UserAssignedIdentityIdValidator : ValidationAttribute
     {
       public override bool IsValid(object value)
@@ -268,7 +304,7 @@ public override bool IsValid(object value)
         return RegexValidation(value, pattern);
       }
     }
-    
+
 
     public class SubnetRequired : ValidationAttribute
     {

@@ -362,7 +362,9 @@ public bool IsValid()
     [PrivateEndpointIdValidator]
     public string install_private_endpoint_id { get; set; }
 
+    public bool? shared_access_key_enabled { get; set; } = false;
 
+    public bool? shared_access_key_enabled_nfs { get; set; } = true;
 
     /*---------------------------------------------------------------------------8
     |                                                                            |

@@ -211,12 +211,17 @@ public bool IsValid()
 
     public bool? register_endpoints_with_dns { get; set; } = true;
 
+    public bool? shared_access_key_enabled { get; set; } = false;
 
-    /*---------------------------------------------------------------------------8
-    |                                                                            |
-    |                       Cluster information                                  |
-    |                                                                            |
-    +------------------------------------4--------------------------------------*/
+    public bool? shared_access_key_enabled_nfs { get; set; } = true;
+
+
+
+/*---------------------------------------------------------------------------8
+|                                                                            |
+|                       Cluster information                                  |
+|                                                                            |
++------------------------------------4--------------------------------------*/
 
     public string fencing_role_name { get; set; }
 

@@ -144,6 +144,25 @@
         "Options": [],
         "Overrules": "",
         "Display": 2
+      },
+      {
+        "Name": "shared_access_key_enabled",
+        "Required": false,
+        "Description": "Storage account authorization using Shared Access Key.",
+        "Type": "checkbox",
+        "Options": [],
+        "Overrules": "",
+        "Display": 2
+      },
+
+      {
+        "Name": "shared_access_key_enabled_nfs",
+        "Required": false,
+        "Description": "Storage account authorization using Shared Access Key (NFS shares).",
+        "Type": "checkbox",
+        "Options": [],
+        "Overrules": "",
+        "Display": 2
       }
     ]
   },

@@ -427,6 +427,12 @@ $$witness_storage_account_arm_id$$
 # storage_account_replication_type defines the replication type for Azure Files for NFS storage accounts
 $$storage_account_replication_type$$
 
+# shared_access_key_enabled defines Storage account authorization using Shared Access Key.
+$$shared_access_key_enabled$$
+
+# shared_access_key_enabled_nfs defines Storage account used for NFS shares authorization using Shared Access Key.
+$$shared_access_key_enabled_nfs$$
+
 
 #########################################################################################
 #                                                                                       #

@@ -313,6 +313,25 @@
         "Options": [],
         "Overrules": "",
         "Display": 2
+      },
+      {
+        "Name": "shared_access_key_enabled",
+        "Required": false,
+        "Description": "Storage account authorization using Shared Access Key.",
+        "Type": "checkbox",
+        "Options": [],
+        "Overrules": "",
+        "Display": 2
+      },
+
+      {
+        "Name": "shared_access_key_enabled_nfs",
+        "Required": false,
+        "Description": "Storage account authorization using Shared Access Key (NFS shares).",
+        "Type": "checkbox",
+        "Options": [],
+        "Overrules": "",
+        "Display": 2
       }
 
     ]

@@ -965,4 +965,8 @@ $$use_prefix$$
 # use_zonal_markers defines if a zonal markers will be added to the virtual machine resource names
 $$use_zonal_markers$$
 
+# shared_access_key_enabled defines Storage account authorization using Shared Access Key.
+$$shared_access_key_enabled$$
 
+# shared_access_key_enabled_nfs defines Storage account used for NFS shares authorization using Shared Access Key.
+$$shared_access_key_enabled_nfs$$
@@ -31,7 +31,7 @@
     <PackageReference Include="Microsoft.VisualStudio.Services.InteractiveClient" Version="19.241.0-preview" />
     <PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="8.0.4" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageReference Include="NuGet.Packaging" Version="6.11.0" />
+    <PackageReference Include="NuGet.Packaging" Version="6.11.1" />
     <PackageReference Include="System.Data.SqlClient" Version="4.8.6" />
     <PackageReference Include="System.Linq.Async" Version="6.0.1" />
   </ItemGroup>

@@ -472,7 +472,8 @@ $("#subscription").on("change", function () {
                 "witness_storage_account_arm_id",
                 "transport_storage_account_id",
                 "install_storage_account_id",
-                "azure_files_sapmnt_id"
+                "azure_files_sapmnt_id",
+                "hanashared_id"
             ],
             controller: "/Armclient/GetStorageAccountOptions",
             errorMessage: "Error retrieving storage accounts for specified subscription",
@@ -483,7 +484,8 @@ $("#subscription").on("change", function () {
         {
             ids: ["transport_private_endpoint_id",
                 "install_private_endpoint_id",
-                "sapmnt_private_endpoint_id"
+                "sapmnt_private_endpoint_id",
+                "hanashared_private_endpoint_id"
             ],
             controller: "/Armclient/GetPrivateEndpointOptions",
             errorMessage: "Error retrieving private endpoints for specified subscription",
@@ -503,7 +505,9 @@ $("#subscription").on("change", function () {
             }
         },
         {
-            ids: ["proximityplacementgroup_arm_ids"],
+            ids: ["proximityplacementgroup_arm_ids",
+              "app_proximityplacementgroup_arm_ids"
+            ],
             controller: "/Armclient/GetPPGroupOptions",
             errorMessage: "Error retrieving proximity placement groups for specified subscription",
             input: {
@@ -552,11 +556,12 @@ $("#network_arm_id").on("change", function () {
             controller: "/Armclient/GetSubnetOptions",
             ids: [
                 "admin_subnet_arm_id",
-                "db_subnet_arm_id",
+                "anf_subnet_arm_id",
                 "app_subnet_arm_id",
-                "web_subnet_arm_id",
+                "db_subnet_arm_id",
                 "iscsi_subnet_arm_id",
-                "anf_subnet_arm_id"
+                "storage_subnet_arm_id",
+                "web_subnet_arm_id"
             ],
             errorMessage: "Error retrieving subnets for specified vnet",
             input: {
@@ -567,11 +572,12 @@ $("#network_arm_id").on("change", function () {
             controller: "/Armclient/GetNsgOptions",
             ids: [
                 "admin_subnet_nsg_arm_id",
-                "db_subnet_nsg_arm_id",
+                "anf_subnet_nsg_arm_id",
                 "app_subnet_nsg_arm_id",
-                "web_subnet_nsg_arm_id",
+                "db_subnet_nsg_arm_id",
                 "iscsi_subnet_nsg_arm_id",
-                "anf_subnet_nsg_arm_id"
+                "storage_subnet_nsg_arm_id",
+                "web_subnet_nsg_arm_id"
             ],
             errorMessage: "Error retrieving network security groups for specified vnet's resource group",
             input: {

@@ -15,7 +15,9 @@ stdout_callback = yaml
 bin_ansible_callbacks = True
 host_key_checking = False
 error_on_undefined_vars = True
-log_path = /var/log/ansible.log
+log_path = /var/tmp/ansible.log
+
+allow_world_readable_tmpfiles = True
 
 [connection]
 # ServerAliveInternal - Coming from Achmea, keeps the connection alive and

@@ -284,12 +284,6 @@
           vars:
             tier:                      ha
 
-        - name:                        "SAP OS configuration playbook: - directory permissions"
-          ansible.builtin.include_role:
-            name:                      roles-sap-os/2.2-sapPermissions
-          tags:
-            - 2.2-sapPermissions
-
         - name:                        "SAP OS configuration playbook: - Configurations according to SAP Notes"
           ansible.builtin.include_role:
             name:                      roles-sap-os/2.10-sap-notes
@@ -308,6 +302,12 @@
           tags:
             - 2.6-sap-mounts
 
+        - name:                        "SAP OS configuration playbook: - directory permissions"
+          ansible.builtin.include_role:
+            name:                      roles-sap-os/2.2-sapPermissions
+          tags:
+            - 2.2-sapPermissions
+
       when:
         - ansible_os_family != "Windows"
 

@@ -324,6 +324,7 @@
       become:                          true
       when:
         - node_tier == 'hana'
+        - database_scale_out
       block:
         - name:                        "Database Installation Playbook: - Setting the DB facts"
           ansible.builtin.set_fact:
@@ -332,7 +333,7 @@
             sapbits_location_base_path: "{{ hostvars.localhost.sapbits_location_base_path }}"
             sapbits_sas_token:         "{{ hostvars.localhost.sapbits_sas_token }}"
             primary_instance_name:      "{{ ansible_play_hosts_all[0] }}"         # Setting up Primary Instance Name
-            secondary_instance_name:    "{{ ansible_play_hosts_all[1] }}"         # Setting up Secondary Instance Name
+            secondary_instance_name:    "{{ ansible_play_hosts_all[1] | default('')}}"         # Setting up Secondary Instance Name
             # Only applicable for scale out with HSR
           tags:
             - always

@@ -71,8 +71,12 @@
         _rsp_sid:                      "{{ db_sid | upper }}"
         _rsp_number:                   "{{ db_instance_number }}"
         _rsp_system_usage:             "custom"
-        use_master_password:           "{{ hana_use_master_password }}"
-        password_copy:                 "{%if hana_use_master_password == 'n' %}{{ main_password }}{% else %}{% endif %}"
+        pwd_hdb_system:                "{{ hana_system_user_password | default(main_password) }}"
+        pwd_os_sidadm:                 "{{ hana_os_sidadm_password | default(main_password) }}"
+        pwd_os_sapadm:                 "{{ hana_os_sapadm_password | default(main_password) }}"
+
+        # use_master_password:           "{{ hana_use_master_password }}"
+        # password_copy:                 "{{ main_password if hana_use_master_password == 'n' else '' }}"
 
     - name:                            "SAP HANA: Progress"
       ansible.builtin.debug:

@@ -7,7 +7,7 @@ component_medium=
 component_dirs=
 
 # Use single master password for all users, created during installation ( Default: n )
-use_master_password= {{ use_master_password }}
+use_master_password=
 
 # Directory root to search for components
 component_root={{ _rsp_component_root }}
@@ -66,7 +66,7 @@ root_user=root
 root_password=
 
 # SAP Host Agent User (sapadm) Password
-sapadm_password={{ password_copy }}
+sapadm_password={{ pwd_os_sapadm }}
 
 # Directory containing a storage configuration
 storage_cfg=
@@ -123,7 +123,7 @@ certificates_hostmap=
 master_password={{ main_password }}
 
 # System Administrator Password
-password={{ password_copy }}
+password={{ pwd_os_sidadm }}
 
 # System Administrator Home Directory ( Default: /usr/sap/${sid}/home )
 home=/usr/sap/${sid}/home
@@ -138,7 +138,7 @@ userid={{ hdbadm_uid }}
 groupid={{ sapsys_gid }}
 
 # Database User (SYSTEM) Password
-system_user_password={{ password_copy }}
+system_user_password={{ pwd_hdb_system }}
 
 # Restart system after machine reboot? ( Default: n )
 autostart=n