Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SLES 12 SP5 fixes #658

Merged
merged 16 commits into from
Oct 25, 2024
Merged

SLES 12 SP5 fixes #658

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
62a180d
Fix conditional statement in install_workloadzone.sh
Oct 25, 2024
5c2b177
Fix subscription_id assignment in providers.tf
Oct 25, 2024
39c4428
Fix indentation in deployment credential messages
Oct 25, 2024
324a87a
Fix deployment credential messages and subscription_id assignment
Oct 25, 2024
a886198
chore: enable Azure scheduled events resource start and display outpu…
hdamecharla Oct 25, 2024
df97cc4
Refactor deployment script to improve readability and remove unnecess…
Oct 25, 2024
255adea
Update provider version to 4.7
Oct 25, 2024
2422829
Refactor tfvar_variables.tf to add a new variable for preventing dele…
Oct 25, 2024
84ff813
Add prevent_deletion_if_contains_resources variable to SystemModel.cs
Oct 25, 2024
b99558c
Refactor deployment script to improve readability and display deploym…
Oct 25, 2024
eefd7c1
Refactor deployment script to enable Stonith and concurrent fencing
hdamecharla Oct 25, 2024
d15d8ff
Refactor tfvar_variables.tf to add prevent_deletion_if_contains_resou…
Oct 25, 2024
f525fa5
Refactor validate.yml to remove single quotes from crm_resource output
Oct 25, 2024
d1443e6
Refactor validate.yml to remove single quotes from crm_resource output
Oct 25, 2024
33874a7
fix ansible schema errors
hdamecharla Oct 25, 2024
54d763b
Refactor validate.yml to remove unnecessary 'when' condition
Oct 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions Webapp/SDAF/Models/SystemModel.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,8 @@ public bool IsValid()

public string resourcegroup_name { get; set; }

public bool? prevent_deletion_if_contains_resources { get; set; } = true;

/*---------------------------------------------------------------------------8
| |
| Miscallaneous information |
Expand Down
9 changes: 9 additions & 0 deletions Webapp/SDAF/ParameterDetails/SystemDetails.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,15 @@
"Options": [],
"Overrules": "",
"Display": 2
},
{
"Name": "prevent_deletion_if_contains_resources",
"Required": false,
"Description": "Prevent deletion of resource group if there are Resources left within the Resource Group during deletion",
"Type": "checkbox",
"Options": [],
"Overrules": "",
"Display": 2
}
]
},
Expand Down
4 changes: 4 additions & 0 deletions Webapp/SDAF/ParameterDetails/SystemTemplate.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -647,6 +647,10 @@ $$resourcegroup_name$$
# The resourcegroup_name arm_id is optional, it can be used to provide an existing resource group for the deployment
$$resourcegroup_arm_id$$

# Prevent deletion of resource group if there are Resources left within the Resource Group during deletion
$$prevent_deletion_if_contains_resources$$


#########################################################################################
# #
# Proximity Placement Group #
Expand Down
2 changes: 1 addition & 1 deletion Webapp/SDAF/SDAFWebApp.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@

<ItemGroup>
<PackageReference Include="Azure.Data.Tables" Version="12.9.1" />
<PackageReference Include="Azure.Identity" Version="1.13.0" />
<PackageReference Include="Azure.Identity" Version="1.13.1" />
<PackageReference Include="Azure.ResourceManager" Version="1.13.0" />
<PackageReference Include="Azure.ResourceManager.Compute" Version="1.6.0" />
<PackageReference Include="Azure.ResourceManager.KeyVault" Version="1.3.0" />
Expand Down
22 changes: 21 additions & 1 deletion deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.2.0-cluster-Suse.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -185,7 +185,7 @@

- name: "1.17 Generic Pacemaker - Enable Stonith"
ansible.builtin.shell: |
crm configure property stonith-enabled=true \
crm configure property stonith-enabled=true
crm configure property concurrent-fencing=true
register: crm_configure_result
failed_when: crm_configure_result.rc > 1
Expand Down Expand Up @@ -405,6 +405,26 @@
- name: "1.17 Generic Pacemaker - Remove false positives"
ansible.builtin.shell: crm_resource -C

- name: "1.17 Generic Pacemaker - Ensure the Azure scheduled events resource is started"
ansible.builtin.shell: |
set -o pipefail
crm status full | grep health-azure-events | grep Started | wc -l
register: azure_scheduled_events_status
retries: 12
delay: 10
until: azure_scheduled_events_status.stdout | int == ansible_play_hosts_all | length
when: inventory_hostname == primary_instance_name
failed_when: false

- name: "1.17 Generic Pacemaker - display output of Azure scheduled events"
when: inventory_hostname == primary_instance_name
ansible.builtin.debug:
msg:
- "output lines: {{ azure_scheduled_events_status.stdout_lines }}"
- "output: {{ azure_scheduled_events_status.stdout | int }}"
- "output_truthiness: {{ azure_scheduled_events_status.stdout | int == ansible_play_hosts_all | length }}"
verbosity: 2

- name: "1.17 Generic Pacemaker - Ensure maintenance mode is disabled"
ansible.builtin.shell: crm configure property maintenance-mode=false

Expand Down
90 changes: 38 additions & 52 deletions deploy/ansible/roles-sap/5.6-scsers-pacemaker/tasks/5.6.6-validate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
---

# Validate that the SCS cluster is working as expected

- name: "5.6 SCS/ERS Validation: - Set Python version {{ distribution_id }}"
Expand Down Expand Up @@ -83,56 +85,48 @@
when:
- cluster_group_location.stdout_lines is defined

# move cluster group g-{{ sap_sid | upper }}_{{ instance_type | upper }} to primary_instance_name
- name: "5.6 SCS/ERS Validation: Move cluster group g-{{ sap_sid | upper }}_{{ instance_type | upper }} to {{ primary_instance_name }}"
ansible.builtin.shell: "crm resource move g-{{ sap_sid | upper }}_{{ instance_type | upper }} {{ primary_instance_name }}"
vars:
allow_world_readable_tmpfiles: true
ansible_python_interpreter: "{{ python_version }}"
when:
- ansible_os_family | upper == 'SUSE'
- cluster_group_location.stdout_lines != primary_instance_name
- primary_instance_name not in cluster_group_location.stdout_lines
- scs_running_on is not defined
failed_when: false
changed_when: false
register: cluster_group_moved
block:

# move cluster group g-{{ sap_sid | upper }}_{{ instance_type | upper }} to primary_instance_name
- name: "5.6 SCS/ERS Validation: Move cluster group g-{{ sap_sid | upper }}_{{ instance_type | upper }} to {{ primary_instance_name }}"
ansible.builtin.shell: "pcs resource move g-{{ sap_sid | upper }}_{{ instance_type | upper }} {{ primary_instance_name }}"
vars:
allow_world_readable_tmpfiles: true
ansible_python_interpreter: "{{ python_version }}"
when:
- ansible_os_family | upper == 'REDHAT'
- ansible_hostname == primary_instance_name
- cluster_group_location.stdout_lines != primary_instance_name
- scs_running_on is not defined
register: cluster_group_moved
failed_when: false
changed_when: false
# failed_when: cluster_group_moved.rc != 0 and (
# cluster_group_moved.stderr is not search('Already in requested state')
# or cluster_group_moved.stderr is not search('is already active on')
# )
# move cluster group g-{{ sap_sid | upper }}_{{ instance_type | upper }} to primary_instance_name
- name: "5.6 SCS/ERS Validation: Move cluster group g-{{ sap_sid | upper }}_{{ instance_type | upper }} to {{ primary_instance_name }}"
ansible.builtin.shell: "crm resource move g-{{ sap_sid | upper }}_{{ instance_type | upper }} {{ primary_instance_name }}"
vars:
allow_world_readable_tmpfiles: true
ansible_python_interpreter: "{{ python_version }}"
when:
- ansible_os_family | upper == 'SUSE'
failed_when: false
changed_when: false
register: cluster_group_moved

- name: "5.6 SCS/ERS Validation: Wait {{ scs_wait_for_start_in_sec }} seconds for the StartService {{ sap_sid | upper }} to finish"
ansible.builtin.debug:
msg: "Wait for {{ scs_wait_for_start_in_sec }} seconds for the StartService {{ sap_sid | upper }} to finish"
when:
- ansible_hostname == primary_instance_name
- cluster_group_location.stdout_lines != primary_instance_name
- scs_running_on is not defined
# move cluster group g-{{ sap_sid | upper }}_{{ instance_type | upper }} to primary_instance_name
- name: "5.6 SCS/ERS Validation: Move cluster group g-{{ sap_sid | upper }}_{{ instance_type | upper }} to {{ primary_instance_name }}"
ansible.builtin.shell: "pcs resource move g-{{ sap_sid | upper }}_{{ instance_type | upper }} {{ primary_instance_name }}"
vars:
allow_world_readable_tmpfiles: true
ansible_python_interpreter: "{{ python_version }}"
when:
- ansible_os_family | upper == 'REDHAT'
register: cluster_group_moved
failed_when: false
changed_when: false

- name: "5.6 SCS/ERS Validation: Wait {{ scs_wait_for_start_in_sec }} seconds for the StartService {{ sap_sid | upper }} to finish"
ansible.builtin.wait_for:
timeout: "{{ scs_wait_for_start_in_sec }}"
when:
- ansible_hostname == primary_instance_name
- cluster_group_location.stdout_lines != primary_instance_name
- scs_running_on is not defined
- name: "5.6 SCS/ERS Validation: Wait {{ scs_wait_for_start_in_sec }} seconds for the StartService {{ sap_sid | upper }} to finish"
ansible.builtin.debug:
msg: "Wait for {{ scs_wait_for_start_in_sec }} seconds for the StartService {{ sap_sid | upper }} to finish"

- name: "5.6 SCS/ERS Validation: Wait {{ scs_wait_for_start_in_sec }} seconds for the StartService {{ sap_sid | upper }} to finish"
ansible.builtin.wait_for:
timeout: "{{ scs_wait_for_start_in_sec }}"

- name: "5.6 SCS/ERS Validation: Validate Cluster resource move and SAP start when the group g-{{ sap_sid | upper }}_{{ instance_type | upper }} has moved"
when:
- scs_running_on is not defined
- ansible_hostname == primary_instance_name
block:
- name: "Check if cluster group g-{{ sap_sid | upper }}_{{ instance_type | upper }} is running on {{ primary_instance_name }}"
ansible.builtin.shell: >-
Expand All @@ -146,13 +140,6 @@
failed_when: false
changed_when: false

# - name: "5.6 SCS/ERS Validation: Validate that cluster group g-{{ sap_sid | upper }}_{{ instance_type | upper }} is running on {{ primary_instance_name }}"
# ansible.builtin.assert:
# that:
# - cluster_group_location.stdout == primary_instance_name
# fail_msg: "cluster group g-{{ sap_sid | upper }}_{{ instance_type | upper }} is not running on {{ primary_instance_name }}"

# {{ sapcontrol_path }} -nr {{ scs_instance_number }} -function GetProcessList | grep MessageServer | awk '{split($0,result,", "); print result[1],result[3] }'
- name: "5.6 SCS/ERS Validation: Determine if SCS is running on {{ ansible_hostname }}"
ansible.builtin.shell: "{{ sapcontrol_path }} -nr {{ scs_instance_number }} -function StartService {{ sap_sid | upper }}"
changed_when: false
Expand Down Expand Up @@ -193,6 +180,5 @@
DIR_LIBRARY: /usr/sap/{{ sap_sid | upper }}/SYS/exe/run
LD_LIBRARY_PATH: /usr/sap/{{ sap_sid | upper }}/SYS/exe/run:/usr/sap/{ sap_sid | upper }}/SYS/exe/uc/linuxx86_64
SAPSYSTEMNAME: "{{ sap_sid | upper }}"
when:
- scs_running_on is not defined
- ansible_hostname == primary_instance_name

...
4 changes: 2 additions & 2 deletions deploy/pipelines/02-sap-workload-zone.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -432,7 +432,7 @@ stages:
echo -e "$green---az login ---$reset"
echo -e "$cyan---Sourcing the deploy_server.sh file$reset"
. /etc/profile.d/deploy_server.sh ; /opt/bin/terraform/terraform --version
. /etc/profile.d/deploy_server.sh
if [ $USE_MSI != "true" ]; then
Expand Down Expand Up @@ -465,7 +465,7 @@ stages:
echo "Set Secrets returned: $secrets_set"
else
echo "Deployment credentials: Managed Identity"
echo "Deployment credentials: Managed Identity"
# export ARM_SUBSCRIPTION_ID=$ARM_SUBSCRIPTION_ID
export ARM_USE_MSI=true
export ARM_USE_AZUREAD=true
Expand Down
56 changes: 36 additions & 20 deletions deploy/pipelines/03-sap-system-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,28 +259,44 @@ stages:
fi
fi

echo -e "$cyan---Sourcing the deploy_server.sh file$reset"
. /etc/profile.d/deploy_server.sh
export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID
if [ $USE_MSI != "true" ]; then
echo "Deployment credentials: Service Principal"
echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID"

export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID
export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET
export ARM_TENANT_ID=$WL_ARM_TENANT_ID
export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID
export ARM_USE_MSI=false
az login --service-principal --username $WL_ARM_CLIENT_ID --password=$WL_ARM_CLIENT_SECRET --tenant $WL_ARM_TENANT_ID --output none
return_code=$?
if [ 0 != $return_code ]; then
echo -e "$boldred--- Login failed ---$reset"
echo "##vso[task.logissue type=error]az login failed."
exit $return_code
fi

echo "Deployment credentials: Service Principal"
echo "Deployment credential ID (SPN): $WL_ARM_CLIENT_ID"
echo "Deployer subscription: $STATE_SUBSCRIPTION"

export ARM_CLIENT_ID=$WL_ARM_CLIENT_ID
export ARM_CLIENT_SECRET=$WL_ARM_CLIENT_SECRET
export ARM_OBJECT_ID=$WL_ARM_OBJECT_ID
export ARM_TENANT_ID=$WL_ARM_TENANT_ID
export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID
export ARM_USE_AZUREAD=true
unset ARM_USE_MSI
az login --service-principal --username $ARM_CLIENT_ID --password=$ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID --output none

return_code=$?
if [ 0 != $return_code ]; then
echo -e "$boldred--- Login failed ---$reset"
echo "##vso[task.logissue type=error]az login failed."
exit $return_code
fi
az account set --subscription $STATE_SUBSCRIPTION
echo -e "$green --- Set secrets ---$reset"

$SAP_AUTOMATION_REPO_PATH/deploy/scripts/set_secrets.sh --workload --vault "${key_vault}" --environment "${ENVIRONMENT}" \
--region "${LOCATION}" --subscription $ARM_SUBSCRIPTION_ID --spn_id $ARM_CLIENT_ID --spn_secret "${ARM_CLIENT_SECRET}" \
--tenant_id $ARM_TENANT_ID --keyvault_subscription $STATE_SUBSCRIPTION
secrets_set=$? ;
echo "Set Secrets returned: $secrets_set"

else
echo "Deployment credentials: Managed Identity"
export ARM_USE_MSI=true
export ARM_SUBSCRIPTION_ID=$WL_ARM_SUBSCRIPTION_ID
unset ARM_TENANT_ID
az login --identity --allow-no-subscriptions --output none
echo "Deployment credentials: Managed Identity"
export ARM_USE_MSI=true
export ARM_USE_AZUREAD=true
unset ARM_CLIENT_SECRET
fi

echo -e "$green--- Define variables ---$reset"
Expand Down
16 changes: 10 additions & 6 deletions deploy/pipelines/04-sap-software-download.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,10 +62,10 @@ stages:
green="\e[1;32m" ; reset="\e[0m" ; boldred="\e[1;31m"

echo -e "$green--- Configure devops CLI extension ---$reset"
az config set extension.use_dynamic_install=yes_without_prompt --output none
az config set extension.use_dynamic_install=yes_without_prompt --output none --only-show-errors
export AZURE_DEVOPS_EXT_PAT=$(System.AccessToken)

az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none
az devops configure --defaults organization=$(System.CollectionUri) project='$(System.TeamProject)' --output none --only-show-errors

echo -e "$green--- Validations ---$reset"
if [ ! -f ${environment_file_name} ]; then
Expand Down Expand Up @@ -95,12 +95,13 @@ stages:

echo -e "$green--- az login ---$reset"
if [ "$USE_MSI" = "true" ]; then
echo "Using MSI"
echo "Deployment credentials: Managed Identity"
source /etc/profile.d/deploy_server.sh

else
az login --service-principal --username $ARM_CLIENT_ID --password=${ARM_CLIENT_SECRET} --tenant $ARM_TENANT_ID --output none
return_code=$?
echo "Deployment credentials: Service Principal"
if [ 0 != $return_code ]; then
echo -e "$boldred--- Login failed ---$reset"
echo "##vso[task.logissue type=error]az login failed."
Expand All @@ -112,7 +113,8 @@ stages:

echo -e "$green--- Get key_vault name ---$reset"
export VARIABLE_GROUP_ID=$(az pipelines variable-group list --query "[?name=='$(variable_group)'].id | [0]")
echo '$(variable_group) id: ' $VARIABLE_GROUP_ID
printf -v val '%-15s' "$(variable_group) id:"
echo "$val $VARIABLE_GROUP_ID"
if [ -z ${VARIABLE_GROUP_ID} ]; then
echo "##vso[task.logissue type=error]Variable group $(variable_group) could not be found."
exit 2
Expand All @@ -121,9 +123,10 @@ stages:
if [ -n ${az_var} ]; then
kv_name=${az_var}; echo "Key Vault="$kv_name
else
kv_name=$(cat .sap_deployment_automation/$(environment_code)$(location_code) | grep keyvault |awk -F'=' '{print $2}'); echo "Key Vault="$kv_name
kv_name=$(cat .sap_deployment_automation/$(environment_code)$(location_code) | grep keyvault |awk -F'=' '{print $2}')
fi

echo "Keyvault: $kv_name"
echo "##vso[task.setvariable variable=KV_NAME;isOutput=true]$kv_name"

echo -e "$green--- BoM $(bom) ---$reset"
Expand Down Expand Up @@ -202,10 +205,11 @@ stages:
fi

if [ "$USE_MSI" = "true" ]; then
echo "Using MSI"
echo "Deployment credentials: Managed Identity"
source /etc/profile.d/deploy_server.sh

else
echo "Deployment credentials: Service Principal"
if [ ! -n $ARM_CLIENT_ID ]; then
echo "##vso[task.logissue type=error]Variable ARM_CLIENT_ID was not defined."
exit 2
Expand Down
Loading