diff --git a/ansible/configs/sap-hana-rhel9/README.adoc b/ansible/configs/sap-hana-dist/README.adoc similarity index 100% rename from ansible/configs/sap-hana-rhel9/README.adoc rename to ansible/configs/sap-hana-dist/README.adoc diff --git a/ansible/configs/sap-hana-dist/default_vars.yml b/ansible/configs/sap-hana-dist/default_vars.yml new file mode 100644 index 00000000000..4662f743657 --- /dev/null +++ b/ansible/configs/sap-hana-dist/default_vars.yml @@ -0,0 +1,493 @@ +output_dir: /tmp/output_dir + +## Common repositories +rhel_repos: + - "rhel-8-for-x86_64-baseos-rpms" + - "rhel-8-for-x86_64-appstream-rpms" + - "rhel-8-for-x86_64-sap-netweaver-rpms" + - "rhel-8-for-x86_64-sap-solutions-rpms" + - "rhel-8-for-x86_64-baseos-e4s-rpms" + - "rhel-8-for-x86_64-appstream-e4s-rpms" + - "rhel-8-for-x86_64-sap-solutions-e4s-rpms" + - "rhel-8-for-x86_64-sap-netweaver-e4s-rpms" + - "ansible-2-for-rhel-8-x86_64-rpms" + - "ansible-2.9-for-rhel-8-x86_64-rpms" + +rhel_lock_release: '8.6' +rhel_lock_release_sap: '8.4' + + +## Networking +subdomain_base_short: "{{ guid }}" +subdomain_base_suffix: ".example.opentlc.com" +subdomain_base: "{{ subdomain_base_short}}{{subdomain_base_suffix }}" + + +### Common Host settings + +install_ipa_client: false + +install_student_user: false + +# Do you want to run a full yum update +update_packages: false + +## guid is the deployment unique identifier, it will be appended to all tags, +## files and anything that identifies this environment from another "just like it" +guid: defaultguid + +# This var is used to identify stack (cloudformation, azure resourcegroup, ...) +project_tag: "{{ env_type }}-{{ guid }}" + +# This is where the ssh_config file will be created, this file is used to +# define the communication method to all the hosts in the deployment +deploy_local_ssh_config_location: "{{output_dir}}/" + +install_bastion: true +install_common: true + +# Variable used to identify the request being made by a Red Hatter or Partner (external) +rh_internal: true + +### If you want a Key Pair name created and injected into the hosts, +# set `set_env_authorized_key` to true and set the keyname in `env_authorized_key` +# you can use the key used to create the environment or use your own self generated key +env_authorized_key: "{{guid}}key" +#ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem +set_env_authorized_key: true + +# Is this running from Red Hat Ansible Tower +tower_run: false + +common_packages: + - unzip + - bash-completion + - tmux + - bind-utils + - wget + - git + - vim-enhanced + - at + +cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer " + +### Variables ofr the role to download AAP2 ### +app_image: "ansible-automation-platform-2.0-early-access-for-rhel-8-x86_64-files" +offline_token: "{{ sap-e2e-offline-token }}" + +### TODO: Change here +### Ansible Tower default variables ### +#ansible_tower_download_url: "https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-3.6.3-1.tar.gz" +ansible_tower_download_url: "https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-{{ ansible_tower_version }}.tar.gz" +#ansible_tower_epel_download_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm" +ansible_tower_epel_gpg_download_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8" +### Disable GPG check for epel ### +#ansible_tower_epel_disable_gpg_check: "yes" +ansible_tower_epel_download_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm" +ansible_tower_epel_disable_gpg_check: 'no' +ansible_tower_version: 3.8.6-2 + +ansible_tower_password: "{{ tower_password }}" + + +tower_cli_config: | + [general] + username = admin + password = {{ ansible_tower_password }} + verify_ssl = false + host = https://localhost + +### Ansible Tower default variables ### + +ansible_tower: + admin_username: "admin" + admin_password: "{{ ansible_tower_password }}" + url: "https://localhost" + validate_certs: false + install: + manifest_file: "/tmp/{{ tower_manifest.url | regex_search('(\\w+)(\\.\\w+)+(?!.*(\\w+)(\\.\\w+)+)') }}" + inventories: + - name: "sap-hosts" + #variables: '---\nsap_preconfigure_modify_etc_hosts: true\nsap_preconfigure_fail_if_reboot_required: \"no\"\nsap_domain: \"labs.local\"\nsap_hostagent_installation_type: \"rpm\"\nsap_hostagent_rpm_remote_path: \"/software/SAPHOSTAGENT\"\nsap_hostagent_rpm_file_name: \"saphostagentrpm_44-20009394.rpm\"' + variables: |- + --- + sap_domain: example.com + sap_hostagent_installation_type: rpm + sap_hostagent_rpm_remote_path: /software/SAPHOSTAGENT + sap_hostagent_rpm_file_name: saphostagentrpm_44-20009394.rpm + description: "SAP HANA and S/4HANA" + organization: "Default" + hosts: + - name: "{{ ansible_hana1_hostname }}" + description: "Primary SAP HANA Host" + #variables: '---\nstorage_pools:\n - name: sap\n disks:\n - {{ sap_extra_device }}\n volumes:\n - name: data\n size: \"128 GiB\"\n mount_point: \"/hana/data\"\n state: present\n - name: log\n size: \"64 GiB\"\n mount_point: \"/hana/log\"\n state: present\n - name: shared\n size: \"256 GiB\"\n mount_point: \"/hana/shared\"\n state: present\n - name: sap\n size: \"50 GiB\"\n mount_point: \"/usr/sap\"\n state: present\nsap_hana_deployment_bundle_path: /software/HANA_installation\nsap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR\nsap_hana_deployment_sapcar_path: /software/SAPCAR\nsap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE\nsap_hana_deployment_root_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sapadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_sid: RHE\nsap_hana_deployment_hana_instance_number: \"00\"\nsap_hana_deployment_hana_env_type: development\nsap_hana_deployment_hana_mem_restrict: \"n\"\nsap_hana_deployment_common_master_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sidadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_ase_user_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_apply_license: \"false\"\nsap_hana_hsr_hana_sid: \"RHE\"\nsap_hana_hsr_hana_instance_number: \"00\"\nsap_hana_hsr_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_hsr_hana_primary_hostname: \"{{ ansible_hana1_hostname }}\"\nsap_hana_hsr_role: \"primary\"\nsap_hana_hsr_alias: \"DC1\"' + variables: |- + --- + sap_preconfigure_modify_etc_hosts: false + storage_pools: + - name: sap + disks: + - {{ sap_extra_device }} + volumes: + - name: data + size: 128 GiB + mount_point: /hana/data + state: present + - name: log + size: 64 GiB + mount_point: /hana/log + state: present + - name: shared + size: 256 GiB + mount_point: /hana/shared + state: present + - name: sap + size: 50 GiB + mount_point: /usr/sap + state: present + sap_hana_deployment_bundle_path: /software/HANA_installation + sap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR + sap_hana_deployment_sapcar_path: /software/SAPCAR + sap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE + sap_hana_deployment_root_password: R3dh4t123! + sap_hana_deployment_sapadm_password: R3dh4t123! + sap_hana_deployment_hana_sid: RHE + sap_hana_deployment_hana_instance_number: "00" + sap_hana_deployment_hana_env_type: development + sap_hana_deployment_hana_mem_restrict: n + sap_hana_deployment_common_master_password: R3dh4t123! + sap_hana_deployment_sidadm_password: R3dh4t123! + sap_hana_deployment_hana_db_system_password: R3dh4t123! + sap_hana_deployment_ase_user_password: R3dh4t123! + sap_hana_deployment_apply_license: false + sap_hana_hsr_hana_sid: RHE + sap_hana_hsr_hana_instance_number: "00" + sap_hana_hsr_hana_db_system_password: "{{ master_sap_password }}" + sap_hana_hsr_hana_primary_hostname: "hana-{{ guid }}1" + sap_hana_hsr_role: primary + sap_hana_hsr_alias: DC1 + sap_hana_hsr_full_primary_hostname: "{{ ansible_hana1_fqdn_hostname }}" + sap_hana_hsr_full_secondary_hostname: "{{ ansible_hana2_fqdn_hostname }}" + sap_hana_ha_pacemaker_hacluster_password: "R3dh4t123!" + sap_hana_ha_pacemaker_node1_ip: "{{ ansible_hana1_ip }}" + sap_hana_ha_pacemaker_node2_ip: "{{ ansible_hana2_ip }}" + sap_hana_ha_pacemaker_node1_fqdn: "{{ ansible_hana1_fqdn_hostname }}" + sap_hana_ha_pacemaker_node2_fqdn: "{{ ansible_hana2_fqdn_hostname }}" + sap_hana_ha_pacemaker_hana_sid: RHE + sap_hana_ha_pacemaker_hana_instance_number: '00' + sap_hana_ha_pacemaker_vip: "192.168.47.100" + - name: "{{ ansible_hana2_hostname }}" + description: "Secondary SAP HANA Host" + #variables: '---\nstorage_pools:\n - name: sap\n disks:\n - {{ sap_extra_device }}\n volumes:\n - name: data\n size: \"128 GiB\"\n mount_point: \"/hana/data\"\n state: present\n - name: log\n size: \"64 GiB\"\n mount_point: \"/hana/log\"\n state: present\n - name: shared\n size: \"256 GiB\"\n mount_point: \"/hana/shared\"\n state: present\n - name: sap\n size: \"50 GiB\"\n mount_point: \"/usr/sap\"\n state: present\nsap_hana_deployment_bundle_path: /software/HANA_installation\nsap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR\nsap_hana_deployment_sapcar_path: /software/SAPCAR\nsap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE\nsap_hana_deployment_root_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sapadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_sid: RHE\nsap_hana_deployment_hana_instance_number: \"00\"\nsap_hana_deployment_hana_env_type: development\nsap_hana_deployment_hana_mem_restrict: \"n\"\nsap_hana_deployment_common_master_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sidadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_ase_user_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_apply_license: \"false\"\nsap_hana_hsr_hana_sid: \"RHE\"\nsap_hana_hsr_hana_instance_number: \"00\"\nsap_hana_hsr_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_hsr_hana_primary_hostname: \"{{ ansible_hana1_hostname }}\"\nsap_hana_hsr_role: \"secondary\"\nsap_hana_hsr_alias: \"DC2\"' + variables: |- + --- + sap_preconfigure_modify_etc_hosts: false + storage_pools: + - name: sap + disks: + - {{ sap_extra_device }} + volumes: + - name: data + size: 128 GiB + mount_point: /hana/data + state: present + - name: log + size: 64 GiB + mount_point: /hana/log + state: present + - name: shared + size: 256 GiB + mount_point: /hana/shared + state: present + - name: sap + size: 50 GiB + mount_point: /usr/sap + state: present + sap_hana_deployment_bundle_path: /software/HANA_installation + sap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR + sap_hana_deployment_sapcar_path: /software/SAPCAR + sap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE + sap_hana_deployment_root_password: R3dh4t123! + sap_hana_deployment_sapadm_password: R3dh4t123! + sap_hana_deployment_hana_sid: RHE + sap_hana_deployment_hana_instance_number: "00" + sap_hana_deployment_hana_env_type: development + sap_hana_deployment_hana_mem_restrict: n + sap_hana_deployment_common_master_password: R3dh4t123! + sap_hana_deployment_sidadm_password: R3dh4t123! + sap_hana_deployment_hana_db_system_password: R3dh4t123! + sap_hana_deployment_ase_user_password: R3dh4t123! + sap_hana_deployment_apply_license: false + sap_hana_hsr_hana_sid: RHE + sap_hana_hsr_hana_instance_number: "00" + sap_hana_hsr_hana_db_system_password: "{{ master_sap_password }}" + sap_hana_hsr_hana_primary_hostname: "hana-{{ guid }}1" + sap_hana_hsr_role: secondary + sap_hana_hsr_alias: DC2 + sap_hana_hsr_full_primary_hostname: "{{ ansible_hana1_fqdn_hostname }}" + sap_hana_hsr_full_secondary_hostname: "{{ ansible_hana2_fqdn_hostname }}" + sap_hana_ha_pacemaker_hacluster_password: "R3dh4t123!" + sap_hana_ha_pacemaker_node1_ip: "{{ ansible_hana1_ip }}" + sap_hana_ha_pacemaker_node2_ip: "{{ ansible_hana2_ip }}" + sap_hana_ha_pacemaker_node1_fqdn: "{{ ansible_hana1_fqdn_hostname }}" + sap_hana_ha_pacemaker_node2_fqdn: "{{ ansible_hana2_fqdn_hostname }}" + sap_hana_ha_pacemaker_hana_sid: RHE + sap_hana_ha_pacemaker_hana_instance_number: '00' + sap_hana_ha_pacemaker_vip: "192.168.47.100" + - name: "{{ ansible_s4hana_hostname }}" + description: "SAP S/4HANA Host" + #variables: '---\nstorage_pools:\n - name: sap\n disks:\n - {{ sap_extra_device }}\n volumes:\n - name: sap\n size: \"50 GiB\"\n mount_point: \"/usr/sap\"\n state: present\n - name: sapmnt\n size: \"20 GiB\"\n mount_point: \"/usr/sapmnt\"\n state: present\n - name: swap\n size: \"20 GiB\"\n state: present\n\nsap_s4hana_deployment_product_id: \"NW_ABAP_OneHost:S4HANA1909.CORE.HDB.ABAP\"\nsap_s4hana_deployment_sapcar_path: \"/software/SAPCAR\"\nsap_s4hana_deployment_sapcar_file_name: \"SAPCAR_1311-80000935.EXE\"\nsap_s4hana_deployment_swpm_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_swpm_sar_file_name: \"SWPM20SP04_6-80003424.SAR\"\nsap_s4hana_deployment_db_schema_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_db_schema_abap_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_master_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_hana_systemdb_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_sid: \"RHE\"\nsap_s4hana_deployment_db_host: \"{{ deployment_db_host }}\"\nsap_s4hana_deployment_db_sid: \"RHE\"\nsap_s4hana_deployment_hana_instance_nr: \"00\"\nsap_s4hana_deployment_hana_system_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_parallel_jobs_nr: \"30\"\nsap_s4hana_deployment_db_sidadm_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_igs_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_igs_file_name: \"igsexe_9-80003187.sar\"\nsap_s4hana_deployment_igs_helper_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_igs_helper_file_name: \"igshelper_17-10010245.sar\"\nsap_s4hana_deployment_kernel_dependent_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_kernel_dependent_file_name: \"SAPEXEDB_201-80003385.SAR\"\nsap_s4hana_deployment_kernel_independent_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_kernel_independent_file_name: \"SAPEXE_201-80003386.SAR\"\nsap_s4hana_deployment_software_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_sapadm_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_sap_sidadm_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_set_fqdn: \"false\"' + variables: |- + --- + sap_preconfigure_modify_etc_hosts: false + storage_pools: + - name: sap + disks: + - {{ sap_extra_device }} + volumes: + - name: sap + size: 50 GiB + mount_point: /usr/sap + state: present + - name: sapmnt + size: 20 GiB + mount_point: /usr/sapmnt + state: present + - name: swap + size: 20 GiB + state: present + sap_s4hana_deployment_product_id: NW_ABAP_OneHost:S4HANA1909.CORE.HDB.ABAP + sap_s4hana_deployment_sapcar_path: /software/SAPCAR + sap_s4hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE + sap_s4hana_deployment_swpm_path: /software/S4HANA_installation + sap_s4hana_deployment_swpm_sar_file_name: SWPM20SP04_6-80003424.SAR + sap_s4hana_deployment_db_schema_password: R3dh4t123! + sap_s4hana_deployment_db_schema_abap_password: R3dh4t123! + sap_s4hana_deployment_master_password: R3dh4t123! + sap_s4hana_deployment_hana_systemdb_password: R3dh4t123! + sap_s4hana_deployment_sid: RHE + sap_s4hana_deployment_db_host: "hana-{{ guid }}1" + sap_s4hana_deployment_db_sid: RHE + sap_s4hana_deployment_hana_instance_nr: "00" + sap_s4hana_deployment_hana_system_password: R3dh4t123! + sap_s4hana_deployment_parallel_jobs_nr: "30" + sap_s4hana_deployment_db_sidadm_password: R3dh4t123! + sap_s4hana_deployment_igs_path: /software/S4HANA_installation + sap_s4hana_deployment_igs_file_name: igsexe_9-80003187.sar + sap_s4hana_deployment_igs_helper_path: /software/S4HANA_installation + sap_s4hana_deployment_igs_helper_file_name: igshelper_17-10010245.sar + sap_s4hana_deployment_kernel_dependent_path: /software/S4HANA_installation + sap_s4hana_deployment_kernel_dependent_file_name: SAPEXEDB_201-80003385.SAR + sap_s4hana_deployment_kernel_independent_path: /software/S4HANA_installation + sap_s4hana_deployment_kernel_independent_file_name: SAPEXE_201-80003386.SAR + sap_s4hana_deployment_software_path: /software/S4HANA_installation + sap_s4hana_deployment_sapadm_password: R3dh4t123! + sap_s4hana_deployment_sap_sidadm_password: R3dh4t123! + sap_s4hana_deployment_set_fqdn: false + groups: + - name: "sap" + hosts: + - name: "{{ ansible_hana1_hostname }}" + - name: "{{ ansible_hana2_hostname }}" + - name: "{{ ansible_s4hana_hostname }}" + - name: "hanas" + ##variables: '---\nsap_hana_ha_pacemaker_vip: {{ 192.168.0.0/16\ | ansible.netcommon.ipaddr(next_usable) }}\nsap_hana_ha_pacemaker_hana_sid: \"RHE\"\nsap_hana_ha_pacemaker_hana_instance_number: \"00"\' + hosts: + - name: "{{ ansible_hana1_hostname }}" + - name: "{{ ansible_hana2_hostname }}" + - name: "s4hanas" + hosts: + - name: "{{ ansible_s4hana_hostname }}" + + projects: + - name: "sap-rhsm" + description: "SAP RHSM" + scm_type: "git" + scm_url: "https://github.com/ahsen-shah/sap-tower-projects.git" + scm_branch: "sap-rhsm" + organization: "Default" + - name: "storage" + description: "SAP Storage" + scm_type: "git" + scm_url: "https://github.com/ahsen-shah/sap-tower-projects.git" + scm_branch: "storage" + organization: "Default" + - name: "sap-preconfigure" + description: "SAP Preconfigure" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-preconfigure" + organization: "Default" + - name: "sap-hostagent" + description: "SAP HostAgent" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-hostagent" + organization: "Default" + - name: "sap-hana-preconfigure" + description: "SAP HANA Preconfigure" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-hana-preconfigure" + organization: "Default" + - name: "sap-hana-deployment" + description: "SAP HANA Deployment" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-hana-deployment" + organization: "Default" + - name: "sap-netweaver-preconfigure" + description: "SAP NetWeaver Preconfigure" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-netweaver-preconfigure" + organization: "Default" + - name: "sap-hana-hsr" + description: "SAP HANA System Replication" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-hana-hsr-raw" + organization: "Default" + - name: "sap-hana-ha-pacemaker" + description: "Pacemaker cluster for SAP HANA" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-hana-ha-pacemaker" + organization: "Default" + - name: "sap-s4hana-deployment" + description: "SAP S/4HANA Deployment" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-s4hana-deployment" + organization: "Default" + job_templates: + - name: "sap-repositories" + description: "Enable RHEL for SAP Solutions Repos" + inventory: "sap-hosts" + project: "sap-rhsm" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-storage" + description: "Configure required File Systems for HANA and S/4HANA" + inventory: "sap-hosts" + project: "storage" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-preconfigure" + description: "Apply specific OS requirements to deploy SAP Workloads" + inventory: "sap-hosts" + project: "sap-preconfigure" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-hostagent" + description: "Deploy SAP Host Agent" + inventory: "sap-hosts" + project: "sap-hostagent" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-hana-preconfigure" + description: "Apply specific OS requirements to deploy SAP HANA" + inventory: "sap-hosts" + inventory_limit_pattern: "hanas" + project: "sap-hana-preconfigure" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-hana-deployment" + description: "Deploy SAP HANA" + inventory: "sap-hosts" + inventory_limit_pattern: "hanas" + project: "sap-hana-deployment" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-netweaver-preconfigure" + description: "Apply specific OS requirements to deploy SAP S/4HANA" + inventory: "sap-hosts" + inventory_limit_pattern: "s4hanas" + project: "sap-netweaver-preconfigure" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-s4hana-deployment" + description: "Deploy SAP S/4HANA" + inventory: "sap-hosts" + inventory_limit_pattern: "s4hanas" + project: "sap-s4hana-deployment" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-hana-hsr" + description: "Enable HANA System Replication" + inventory: "sap-hosts" + inventory_limit_pattern: "hanas" + project: "sap-hana-hsr" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-hana-ha-pacemaker" + description: "Create Pacemaker cluster for SAP HANA" + inventory: "sap-hosts" + inventory_limit_pattern: "hanas" + project: "sap-hana-ha-pacemaker" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + credentials: + - name: "ssh-key" + description: "SAP Hosts SSH Key" + organization: "Default" + credential_type: "Machine" + inputs: + username: "{{ remote_user }}" + ssh_key_data: "{{lookup('file', '{{ output_dir}}/{{ guid }}_infra_ssh_key.pem') }}" + +workflow_schema_non_ha: | + - job_template: 'sap-repositories' + success_nodes: + - job_template: 'sap-storage' + success_nodes: + - job_template: 'sap-hostagent' + success_nodes: + - job_template: 'sap-preconfigure' + success_nodes: + - job_template: 'sap-hana-preconfigure' + success_nodes: + - job_template: 'sap-hana-deployment' + success_nodes: + - job_template: 'sap-s4hana-deployment' + - job_template: 'sap-netweaver-preconfigure' + +workflow_schema_ha: | + - job_template: 'sap-repositories' + success_nodes: + - job_template: 'sap-storage' + success_nodes: + - job_template: 'sap-hostagent' + success_nodes: + - job_template: 'sap-preconfigure' + success_nodes: + - job_template: 'sap-hana-preconfigure' + success_nodes: + - job_template: 'sap-hana-deployment' + success_nodes: + - job_template: 'sap-hana-hsr' + success_nodes: + - job_template: 'sap-hana-ha-pacemaker' + success_nodes: + - job_template: 'sap-s4hana-deployment' + - job_template: 'sap-netweaver-preconfigure' diff --git a/ansible/configs/sap-hana-rhel9/ec2-lateruse/default_vars_ec2.yml b/ansible/configs/sap-hana-dist/default_vars_ec2.yml similarity index 100% rename from ansible/configs/sap-hana-rhel9/ec2-lateruse/default_vars_ec2.yml rename to ansible/configs/sap-hana-dist/default_vars_ec2.yml diff --git a/ansible/configs/sap-hana-dist/default_vars_openshift_cnv.yaml b/ansible/configs/sap-hana-dist/default_vars_openshift_cnv.yaml new file mode 100644 index 00000000000..9f96dd6cc3a --- /dev/null +++ b/ansible/configs/sap-hana-dist/default_vars_openshift_cnv.yaml @@ -0,0 +1,640 @@ +## Environment Sizing and OS + +bastion_instance_image: rhel-8.4 +bastion_instance_type: "sap-2-16" +bastion_instance_count: 1 + +hana_instance_image: rhel-8.4 +hana_instance_type: "sap-4-64" +hana_instance_count: 2 +pv_size_hana: 500 + +s4hana_instance_image: rhel-8.4 +s4hana_instance_type: "sap-4-32" +s4hana_instance_count: 1 +pv_size_s4hana: 200 + +## Variables required when deploying Ansible Tower alongside the HANA and bastion instances +tower_instance_image: rhel-8.6 +tower_instance_type: "sap-4-32" +tower_instance_count: "{{ tower_instance_count }}" + +sap_extra_device: vdb +sap_software_device: vdb + +ansible_user: cloud-user +remote_user: cloud-user + +# SAP Software image and variables +sap_software_image: sap-software-v1.2 +sap_software_size: "{{ sap_software_size }}" +networks: + - name: sap + +instances: + - name: "bastion-{{ guid }}" + count: "{{ bastion_instance_count }}" + cores: 2 + memory: "16G" + unique: true + public_dns: true + dns_loadbalancer: true + floating_ip: true + image: "{{ bastion_instance_image }}" + image_size: "50G" + tags: + - key: "AnsibleGroup" + value: "bastions" + - key: "ostype" + value: "linux" + - key: "instance_filter" + value: "{{ env_type }}-{{ guid }}" + - key: ansible_python_interpreter + value: /usr/libexec/platform-python + networks: + - sap + - default + networkdata: | + version: 2 + ethernets: + eth0: + addresses: + - 192.168.47.10/24 + + disks: + - metadata: + name: "sapsoftware{{ guid }}" + spec: + source: + pvc: + name: "{{ sap_software_image }}" + namespace: cnv-images + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "{{ sap_software_size }}Gi" + + + + - name: "hana-{{ guid }}1" + cores: 16 + memory: "64G" + public_dns: false + dns_loadbalancer: false + floating_ip: false + image: "{{ hana_instance_image }}" + image_size: "100G" + networks: + - sap + - default + networkdata: | + version: 2 + ethernets: + eth0: + addresses: + - 192.168.47.28/24 + tags: + - key: "AnsibleGroup" + value: "hanas" + - key: "ostype" + value: "rhel" + - key: "instance_filter" + value: "{{ env_type }}-{{ guid }}" + - key: ansible_python_interpreter + value: /usr/libexec/platform-python + disks: + - metadata: + name: "INSTANCENAME-{{ guid }}2" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "{{ pv_size_hana }}Gi" + + - name: "hana-{{ guid }}2" + cores: 16 + memory: "64G" + public_dns: false + dns_loadbalancer: false + floating_ip: false + image: "{{ hana_instance_image }}" + image_size: "100G" + networks: + - sap + - default + networkdata: | + version: 2 + ethernets: + eth0: + addresses: + - 192.168.47.135/24 + tags: + - key: "AnsibleGroup" + value: "hanas" + - key: "ostype" + value: "rhel" + - key: "instance_filter" + value: "{{ env_type }}-{{ guid }}" + - key: ansible_python_interpreter + value: /usr/libexec/platform-python + disks: + - metadata: + name: "INSTANCENAME-{{ guid }}2" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "{{ pv_size_hana }}Gi" + + + + - name: "s4hana-{{ guid }}" + count: "{{ s4hana_instance_count }}" + cores: 6 + memory: "64G" + public_dns: true + dns_loadbalancer: false + floating_ip: true + image: "{{ s4hana_instance_image }}" + image_size: "100G" + tags: + - key: "AnsibleGroup" + value: "s4hanas" + - key: "ostype" + value: "rhel" + - key: "instance_filter" + value: "{{ env_type }}-{{ guid }}" + - key: ansible_python_interpreter + value: /usr/libexec/platform-python + networks: + - sap + - default + networkdata: | + version: 2 + ethernets: + eth0: + addresses: + - 192.168.47.150/24 + disks: + - metadata: + name: "s4hanapv-{{ guid }}" + spec: + source: + blank: {} + pvc: + accessModes: + - ReadWriteMany + volumeMode: Block + resources: + requests: + storage: "{{ pv_size_s4hana }}Gi" + + + - name: "tower-{{ guid }}" + count: "{{ tower_instance_count }}" + cores: 4 + memory: "32G" + public_dns: true + dns_loadbalancer: true + floating_ip: true + image: "{{ tower_instance_image }}" + image_size: "200G" + tags: + - key: "AnsibleGroup" + value: "towers" + - key: "ostype" + value: "rhel" + - key: "instance_filter" + value: "{{ env_type }}-{{ guid }}" + - key: ansible_python_interpreter + value: /usr/libexec/platform-python + networks: + - sap + - default + networkdata: | + version: 2 + ethernets: + eth0: + addresses: + - 192.168.47.11/24 + services: + - name: tower-svc + ports: + - port: 443 + protocol: TCP + targetPort: 443 + name: tower-https + - port: 80 + protocol: TCP + targetPort: 80 + name: tower-http + routes: + - name: "tower-{{ guid }}" + service: tower-svc + targetPort: 443 + tls: true + - name: "tower-{{ guid }}-http" + host: "tower-{{ guid }}" + service: tower-svc + targetPort: 80 + tls: false + path: "/.well-known/" + +zone_internal_dns: "{{guid}}.internal." +chomped_zone_internal_dns: "{{guid}}.internal" + +bastion_public_dns: "bastion-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}." +bastion_public_dns_chomped: "bastion-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}" +tower_public_dns_chomped: "tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}" +vpcid_cidr_block: "192.168.0.0/16" +vpcid_name_tag: "{{ subdomain_base }}" + + +rtb_public_name_tag: "{{ subdomain_base }}-public" +rtb_private_name_tag: "{{ subdomain_base }}-private" + +ansible_hana1_hostname: "{{ hostvars[groups.hanas[0]].ansible_hostname }}" +ansible_hana1_fqdn_hostname: "{{ hostvars[groups.hanas[0]].ansible_fqdn }}" +ansible_hana1_ip: "{{ hostvars[groups.hanas[0]].ansible_eth0.ipv4.address }}" +ansible_hana2_hostname: "{{ hostvars[groups.hanas[1]].ansible_hostname }}" +ansible_hana2_fqdn_hostname: "{{ hostvars[groups.hanas[1]].ansible_fqdn }}" +ansible_hana2_ip: "{{ hostvars[groups.hanas[1]].ansible_eth0.ipv4.address }}" +ansible_hana_hostname: "hana-{{ guid }}" +ansible_s4hana_hostname: "s4hana-{{ guid }}" +bastion_hostname: "bastion-{{ guid }}" +deployment_db_host: "hana-{{ guid }}1" + +__run_aap_deployment: true + +ansible_tower: + admin_username: "admin" + admin_password: "{{ ansible_tower_password }}" + url: "https://localhost" + validate_certs: false + install: + manifest_file: "/tmp/{{ tower_manifest.url | regex_search('(\\w+)(\\.\\w+)+(?!.*(\\w+)(\\.\\w+)+)') }}" + inventories: + - name: "sap-hosts" + #variables: '---\nsap_preconfigure_modify_etc_hosts: true\nsap_preconfigure_fail_if_reboot_required: \"no\"\nsap_domain: \"labs.local\"\nsap_hostagent_installation_type: \"rpm\"\nsap_hostagent_rpm_remote_path: \"/software/SAPHOSTAGENT\"\nsap_hostagent_rpm_file_name: \"saphostagentrpm_44-20009394.rpm\"' + variables: |- + --- + sap_domain: example.com + sap_hostagent_installation_type: rpm + sap_hostagent_rpm_remote_path: /software/SAPHOSTAGENT + sap_hostagent_rpm_file_name: saphostagentrpm_44-20009394.rpm + description: "SAP HANA and S/4HANA" + organization: "Default" + hosts: + - name: "{{ ansible_hana1_hostname }}" + description: "Primary SAP HANA Host" + #variables: '---\nstorage_pools:\n - name: sap\n disks:\n - {{ sap_extra_device }}\n volumes:\n - name: data\n size: \"128 GiB\"\n mount_point: \"/hana/data\"\n state: present\n - name: log\n size: \"64 GiB\"\n mount_point: \"/hana/log\"\n state: present\n - name: shared\n size: \"256 GiB\"\n mount_point: \"/hana/shared\"\n state: present\n - name: sap\n size: \"50 GiB\"\n mount_point: \"/usr/sap\"\n state: present\nsap_hana_deployment_bundle_path: /software/HANA_installation\nsap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR\nsap_hana_deployment_sapcar_path: /software/SAPCAR\nsap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE\nsap_hana_deployment_root_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sapadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_sid: RHE\nsap_hana_deployment_hana_instance_number: \"00\"\nsap_hana_deployment_hana_env_type: development\nsap_hana_deployment_hana_mem_restrict: \"n\"\nsap_hana_deployment_common_master_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sidadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_ase_user_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_apply_license: \"false\"\nsap_hana_hsr_hana_sid: \"RHE\"\nsap_hana_hsr_hana_instance_number: \"00\"\nsap_hana_hsr_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_hsr_hana_primary_hostname: \"{{ ansible_hana1_hostname }}\"\nsap_hana_hsr_role: \"primary\"\nsap_hana_hsr_alias: \"DC1\"' + variables: |- + --- + sap_ip: '192.168.47.28' + sap_preconfigure_modify_etc_hosts: true + storage_pools: + - name: sap + disks: + - {{ sap_extra_device }} + volumes: + - name: data + size: 128 GiB + mount_point: /hana/data + state: present + - name: log + size: 64 GiB + mount_point: /hana/log + state: present + - name: shared + size: 256 GiB + mount_point: /hana/shared + state: present + - name: sap + size: 50 GiB + mount_point: /usr/sap + state: present + sap_hana_deployment_bundle_path: /software/HANA_installation + sap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR + sap_hana_deployment_sapcar_path: /software/SAPCAR + sap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE + sap_hana_deployment_root_password: R3dh4t123! + sap_hana_deployment_sapadm_password: R3dh4t123! + sap_hana_deployment_hana_sid: RHE + sap_hana_deployment_hana_instance_number: "00" + sap_hana_deployment_hana_env_type: development + sap_hana_deployment_hana_mem_restrict: n + sap_hana_deployment_common_master_password: R3dh4t123! + sap_hana_deployment_sidadm_password: R3dh4t123! + sap_hana_deployment_hana_db_system_password: R3dh4t123! + sap_hana_deployment_ase_user_password: R3dh4t123! + sap_hana_deployment_apply_license: false + sap_hana_hsr_hana_sid: RHE + sap_hana_hsr_hana_instance_number: "00" + sap_hana_hsr_hana_db_system_password: "{{ master_sap_password }}" + sap_hana_hsr_hana_primary_hostname: "hana-{{ guid }}1" + sap_hana_hsr_role: primary + sap_hana_hsr_alias: DC1 + sap_hana_hsr_full_primary_hostname: "{{ ansible_hana1_fqdn_hostname }}" + sap_hana_hsr_full_secondary_hostname: "{{ ansible_hana2_fqdn_hostname }}" + sap_hana_ha_pacemaker_hacluster_password: "R3dh4t123!" + sap_hana_ha_pacemaker_node1_ip: "{{ ansible_hana1_ip }}" + sap_hana_ha_pacemaker_node2_ip: "{{ ansible_hana2_ip }}" + sap_hana_ha_pacemaker_node1_fqdn: "{{ ansible_hana1_fqdn_hostname }}" + sap_hana_ha_pacemaker_node2_fqdn: "{{ ansible_hana2_fqdn_hostname }}" + sap_hana_ha_pacemaker_hana_sid: RHE + sap_hana_ha_pacemaker_hana_instance_number: '00' + sap_hana_ha_pacemaker_vip: "192.168.47.100" + - name: "{{ ansible_hana2_hostname }}" + description: "Secondary SAP HANA Host" + #variables: '---\nstorage_pools:\n - name: sap\n disks:\n - {{ sap_extra_device }}\n volumes:\n - name: data\n size: \"128 GiB\"\n mount_point: \"/hana/data\"\n state: present\n - name: log\n size: \"64 GiB\"\n mount_point: \"/hana/log\"\n state: present\n - name: shared\n size: \"256 GiB\"\n mount_point: \"/hana/shared\"\n state: present\n - name: sap\n size: \"50 GiB\"\n mount_point: \"/usr/sap\"\n state: present\nsap_hana_deployment_bundle_path: /software/HANA_installation\nsap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR\nsap_hana_deployment_sapcar_path: /software/SAPCAR\nsap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE\nsap_hana_deployment_root_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sapadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_sid: RHE\nsap_hana_deployment_hana_instance_number: \"00\"\nsap_hana_deployment_hana_env_type: development\nsap_hana_deployment_hana_mem_restrict: \"n\"\nsap_hana_deployment_common_master_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sidadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_ase_user_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_apply_license: \"false\"\nsap_hana_hsr_hana_sid: \"RHE\"\nsap_hana_hsr_hana_instance_number: \"00\"\nsap_hana_hsr_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_hsr_hana_primary_hostname: \"{{ ansible_hana1_hostname }}\"\nsap_hana_hsr_role: \"secondary\"\nsap_hana_hsr_alias: \"DC2\"' + variables: |- + --- + sap_preconfigure_modify_etc_hosts: true + sap_ip: '192.168.47.135' + storage_pools: + - name: sap + disks: + - {{ sap_extra_device }} + volumes: + - name: data + size: 128 GiB + mount_point: /hana/data + state: present + - name: log + size: 64 GiB + mount_point: /hana/log + state: present + - name: shared + size: 256 GiB + mount_point: /hana/shared + state: present + - name: sap + size: 50 GiB + mount_point: /usr/sap + state: present + sap_hana_deployment_bundle_path: /software/HANA_installation + sap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR + sap_hana_deployment_sapcar_path: /software/SAPCAR + sap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE + sap_hana_deployment_root_password: R3dh4t123! + sap_hana_deployment_sapadm_password: R3dh4t123! + sap_hana_deployment_hana_sid: RHE + sap_hana_deployment_hana_instance_number: "00" + sap_hana_deployment_hana_env_type: development + sap_hana_deployment_hana_mem_restrict: n + sap_hana_deployment_common_master_password: R3dh4t123! + sap_hana_deployment_sidadm_password: R3dh4t123! + sap_hana_deployment_hana_db_system_password: R3dh4t123! + sap_hana_deployment_ase_user_password: R3dh4t123! + sap_hana_deployment_apply_license: false + sap_hana_hsr_hana_sid: RHE + sap_hana_hsr_hana_instance_number: "00" + sap_hana_hsr_hana_db_system_password: "{{ master_sap_password }}" + sap_hana_hsr_hana_primary_hostname: "hana-{{ guid }}1" + sap_hana_hsr_role: secondary + sap_hana_hsr_alias: DC2 + sap_hana_hsr_full_primary_hostname: "{{ ansible_hana1_fqdn_hostname }}" + sap_hana_hsr_full_secondary_hostname: "{{ ansible_hana2_fqdn_hostname }}" + sap_hana_ha_pacemaker_hacluster_password: "R3dh4t123!" + sap_hana_ha_pacemaker_node1_ip: "{{ ansible_hana1_ip }}" + sap_hana_ha_pacemaker_node2_ip: "{{ ansible_hana2_ip }}" + sap_hana_ha_pacemaker_node1_fqdn: "{{ ansible_hana1_fqdn_hostname }}" + sap_hana_ha_pacemaker_node2_fqdn: "{{ ansible_hana2_fqdn_hostname }}" + sap_hana_ha_pacemaker_hana_sid: RHE + sap_hana_ha_pacemaker_hana_instance_number: '00' + sap_hana_ha_pacemaker_vip: "192.168.47.100" + - name: "{{ ansible_s4hana_hostname }}" + description: "SAP S/4HANA Host" + #variables: '---\nstorage_pools:\n - name: sap\n disks:\n - {{ sap_extra_device }}\n volumes:\n - name: sap\n size: \"50 GiB\"\n mount_point: \"/usr/sap\"\n state: present\n - name: sapmnt\n size: \"20 GiB\"\n mount_point: \"/usr/sapmnt\"\n state: present\n - name: swap\n size: \"20 GiB\"\n state: present\n\nsap_s4hana_deployment_product_id: \"NW_ABAP_OneHost:S4HANA1909.CORE.HDB.ABAP\"\nsap_s4hana_deployment_sapcar_path: \"/software/SAPCAR\"\nsap_s4hana_deployment_sapcar_file_name: \"SAPCAR_1311-80000935.EXE\"\nsap_s4hana_deployment_swpm_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_swpm_sar_file_name: \"SWPM20SP04_6-80003424.SAR\"\nsap_s4hana_deployment_db_schema_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_db_schema_abap_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_master_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_hana_systemdb_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_sid: \"RHE\"\nsap_s4hana_deployment_db_host: \"{{ deployment_db_host }}\"\nsap_s4hana_deployment_db_sid: \"RHE\"\nsap_s4hana_deployment_hana_instance_nr: \"00\"\nsap_s4hana_deployment_hana_system_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_parallel_jobs_nr: \"30\"\nsap_s4hana_deployment_db_sidadm_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_igs_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_igs_file_name: \"igsexe_9-80003187.sar\"\nsap_s4hana_deployment_igs_helper_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_igs_helper_file_name: \"igshelper_17-10010245.sar\"\nsap_s4hana_deployment_kernel_dependent_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_kernel_dependent_file_name: \"SAPEXEDB_201-80003385.SAR\"\nsap_s4hana_deployment_kernel_independent_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_kernel_independent_file_name: \"SAPEXE_201-80003386.SAR\"\nsap_s4hana_deployment_software_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_sapadm_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_sap_sidadm_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_set_fqdn: \"false\"' + variables: |- + --- + sap_ip: '192.168.47.150' + sap_preconfigure_modify_etc_hosts: true + storage_pools: + - name: sap + disks: + - {{ sap_extra_device }} + volumes: + - name: sap + size: 50 GiB + mount_point: /usr/sap + state: present + - name: sapmnt + size: 20 GiB + mount_point: /usr/sapmnt + state: present + - name: swap + size: 20 GiB + state: present + sap_s4hana_deployment_product_id: NW_ABAP_OneHost:S4HANA1909.CORE.HDB.ABAP + sap_s4hana_deployment_sapcar_path: /software/SAPCAR + sap_s4hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE + sap_s4hana_deployment_swpm_path: /software/S4HANA_installation + sap_s4hana_deployment_swpm_sar_file_name: SWPM20SP04_6-80003424.SAR + sap_s4hana_deployment_db_schema_password: R3dh4t123! + sap_s4hana_deployment_db_schema_abap_password: R3dh4t123! + sap_s4hana_deployment_master_password: R3dh4t123! + sap_s4hana_deployment_hana_systemdb_password: R3dh4t123! + sap_s4hana_deployment_sid: RHE + sap_s4hana_deployment_db_host: "hana-{{ guid }}1.example.com" + sap_s4hana_deployment_db_sid: RHE + sap_s4hana_deployment_hana_instance_nr: "00" + sap_s4hana_deployment_hana_system_password: R3dh4t123! + sap_s4hana_deployment_parallel_jobs_nr: "30" + sap_s4hana_deployment_db_sidadm_password: R3dh4t123! + sap_s4hana_deployment_igs_path: /software/S4HANA_installation + sap_s4hana_deployment_igs_file_name: igsexe_9-80003187.sar + sap_s4hana_deployment_igs_helper_path: /software/S4HANA_installation + sap_s4hana_deployment_igs_helper_file_name: igshelper_17-10010245.sar + sap_s4hana_deployment_kernel_dependent_path: /software/S4HANA_installation + sap_s4hana_deployment_kernel_dependent_file_name: SAPEXEDB_201-80003385.SAR + sap_s4hana_deployment_kernel_independent_path: /software/S4HANA_installation + sap_s4hana_deployment_kernel_independent_file_name: SAPEXE_201-80003386.SAR + sap_s4hana_deployment_software_path: /software/S4HANA_installation + sap_s4hana_deployment_sapadm_password: R3dh4t123! + sap_s4hana_deployment_sap_sidadm_password: R3dh4t123! + sap_s4hana_deployment_set_fqdn: false + groups: + - name: "sap" + hosts: + - name: "{{ ansible_hana1_hostname }}" + - name: "{{ ansible_hana2_hostname }}" + - name: "{{ ansible_s4hana_hostname }}" + - name: "hanas" + ##variables: '---\nsap_hana_ha_pacemaker_vip: {{ 192.168.0.0/16\ | ansible.netcommon.ipaddr(next_usable) }}\nsap_hana_ha_pacemaker_hana_sid: \"RHE\"\nsap_hana_ha_pacemaker_hana_instance_number: \"00"\' + hosts: + - name: "{{ ansible_hana1_hostname }}" + - name: "{{ ansible_hana2_hostname }}" + - name: "s4hanas" + hosts: + - name: "{{ ansible_s4hana_hostname }}" + + projects: + - name: "sap-rhsm" + description: "SAP RHSM" + scm_type: "git" + scm_url: "https://github.com/ahsen-shah/sap-tower-projects.git" + scm_branch: "sap-rhsm" + organization: "Default" + - name: "storage" + description: "SAP Storage" + scm_type: "git" + scm_url: "https://github.com/ahsen-shah/sap-tower-projects.git" + scm_branch: "storage" + organization: "Default" + - name: "sap-preconfigure" + description: "SAP Preconfigure" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-preconfigure" + organization: "Default" + - name: "sap-hostagent" + description: "SAP HostAgent" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-hostagent" + organization: "Default" + - name: "sap-hana-preconfigure" + description: "SAP HANA Preconfigure" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-hana-preconfigure" + organization: "Default" + - name: "sap-hana-deployment" + description: "SAP HANA Deployment" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-hana-deployment" + organization: "Default" + - name: "sap-netweaver-preconfigure" + description: "SAP NetWeaver Preconfigure" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-netweaver-preconfigure" + organization: "Default" + - name: "sap-hana-hsr" + description: "SAP HANA System Replication" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-hana-hsr-raw" + organization: "Default" + - name: "sap-hana-ha-pacemaker" + description: "Pacemaker cluster for SAP HANA" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-hana-ha-pacemaker" + organization: "Default" + - name: "sap-s4hana-deployment" + description: "SAP S/4HANA Deployment" + scm_type: "git" + scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" + scm_branch: "sap-s4hana-deployment" + organization: "Default" + job_templates: + - name: "sap-repositories" + description: "Enable RHEL for SAP Solutions Repos" + inventory: "sap-hosts" + project: "sap-rhsm" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-storage" + description: "Configure required File Systems for HANA and S/4HANA" + inventory: "sap-hosts" + project: "storage" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-preconfigure" + description: "Apply specific OS requirements to deploy SAP Workloads" + inventory: "sap-hosts" + project: "sap-preconfigure" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-hostagent" + description: "Deploy SAP Host Agent" + inventory: "sap-hosts" + project: "sap-hostagent" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-hana-preconfigure" + description: "Apply specific OS requirements to deploy SAP HANA" + inventory: "sap-hosts" + inventory_limit_pattern: "hanas" + project: "sap-hana-preconfigure" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-hana-deployment" + description: "Deploy SAP HANA" + inventory: "sap-hosts" + inventory_limit_pattern: "hanas" + project: "sap-hana-deployment" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-netweaver-preconfigure" + description: "Apply specific OS requirements to deploy SAP S/4HANA" + inventory: "sap-hosts" + inventory_limit_pattern: "s4hanas" + project: "sap-netweaver-preconfigure" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-s4hana-deployment" + description: "Deploy SAP S/4HANA" + inventory: "sap-hosts" + inventory_limit_pattern: "s4hanas" + project: "sap-s4hana-deployment" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-hana-hsr" + description: "Enable HANA System Replication" + inventory: "sap-hosts" + inventory_limit_pattern: "hanas" + project: "sap-hana-hsr" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + - name: "sap-hana-ha-pacemaker" + description: "Create Pacemaker cluster for SAP HANA" + inventory: "sap-hosts" + inventory_limit_pattern: "hanas" + project: "sap-hana-ha-pacemaker" + playbook: "play.yml" + enable_privilege_escalation: true + credentials: + - "ssh-key" + credentials: + - name: "ssh-key" + description: "SAP Hosts SSH Key" + organization: "Default" + credential_type: "Machine" + inputs: + username: "{{ remote_user }}" + ssh_key_data: "{{lookup('file', '{{ hostvars.localhost.ssh_provision_key_path }}') }}" diff --git a/ansible/configs/sap-hana-rhel9/.cleanup/default_vars_osp.yml b/ansible/configs/sap-hana-dist/default_vars_osp.yml similarity index 100% rename from ansible/configs/sap-hana-rhel9/.cleanup/default_vars_osp.yml rename to ansible/configs/sap-hana-dist/default_vars_osp.yml diff --git a/ansible/configs/sap-hana-rhel9/destroy_env.yml b/ansible/configs/sap-hana-dist/destroy_env.yml similarity index 100% rename from ansible/configs/sap-hana-rhel9/destroy_env.yml rename to ansible/configs/sap-hana-dist/destroy_env.yml diff --git a/ansible/configs/sap-hana-rhel9/.cleanup/files/cloud_providers/osp_cloud_template_master.j2 b/ansible/configs/sap-hana-dist/files/cloud_providers/osp_cloud_template_master.j2 similarity index 100% rename from ansible/configs/sap-hana-rhel9/.cleanup/files/cloud_providers/osp_cloud_template_master.j2 rename to ansible/configs/sap-hana-dist/files/cloud_providers/osp_cloud_template_master.j2 diff --git a/ansible/configs/sap-hana-rhel9/.cleanup/files/hosts_template.j2 b/ansible/configs/sap-hana-dist/files/hosts_template.j2 similarity index 100% rename from ansible/configs/sap-hana-rhel9/.cleanup/files/hosts_template.j2 rename to ansible/configs/sap-hana-dist/files/hosts_template.j2 diff --git a/ansible/configs/sap-hana-rhel9/.cleanup/files/inventory.j2 b/ansible/configs/sap-hana-dist/files/inventory.j2 similarity index 100% rename from ansible/configs/sap-hana-rhel9/.cleanup/files/inventory.j2 rename to ansible/configs/sap-hana-dist/files/inventory.j2 diff --git a/ansible/configs/sap-hana/find_snapshot.yml b/ansible/configs/sap-hana-dist/find_snapshot.yml similarity index 100% rename from ansible/configs/sap-hana/find_snapshot.yml rename to ansible/configs/sap-hana-dist/find_snapshot.yml diff --git a/ansible/configs/sap-hana-rhel9/post_infra.yml b/ansible/configs/sap-hana-dist/post_infra.yml similarity index 60% rename from ansible/configs/sap-hana-rhel9/post_infra.yml rename to ansible/configs/sap-hana-dist/post_infra.yml index 2d800487566..65f049992ce 100644 --- a/ansible/configs/sap-hana-rhel9/post_infra.yml +++ b/ansible/configs/sap-hana-dist/post_infra.yml @@ -1,7 +1,4 @@ -- name: Step 002 - Post Infrastructure - # - # Creates/Updates inventory for deployment in deploy Satellite - # +- name: Step 002 Post Infrastructure hosts: localhost connection: local become: false @@ -11,18 +8,18 @@ - post_infrastructure tasks: - name: Job Template to launch a Job Template with update on launch inventory set - ansible.builtin.uri: + uri: url: "https://{{ ansible_tower_ip }}/api/v1/job_templates/{{ job_template_id }}/launch/" method: POST - user: "{{ tower_admin }}" - password: "{{ tower_admin_password }}" + user: "{{tower_admin}}" + password: "{{tower_admin_password}}" body: extra_vars: - guid: "{{ guid }}" - ipa_host_password: "{{ ipa_host_password }}" + guid: "{{guid}}" + ipa_host_password: "{{ipa_host_password}}" body_format: json - validate_certs: false + validate_certs: False HEADER_Content-Type: "application/json" status_code: 200, 201 when: tower_run == 'true' diff --git a/ansible/configs/sap-hana-dist/post_software.yml b/ansible/configs/sap-hana-dist/post_software.yml new file mode 100644 index 00000000000..a474620b469 --- /dev/null +++ b/ansible/configs/sap-hana-dist/post_software.yml @@ -0,0 +1,228 @@ +- name: Step 00xxxxx post software + hosts: support + gather_facts: False + become: yes + tasks: + - debug: + msg: "Post-Software tasks Started" + +#- name: Make Ansible Tower License file available +# hosts: localhost +# gather_facts: False +# become: false +# tasks: + +# - name: Dump Ansible Tower License to a file +# copy: +# content: "{{ tower_license }}" +# dest: /tmp/license.json +# when: tower_instance_count > 0 + +- name: Make Ansible Tower License file available + hosts: localhost + gather_facts: False + become: false + tasks: + + - debug: + msg: "Post-Software tasks Started" + + - name: downloading tower manifest from OpenTLC + get_url: + url: "{{ tower_manifest.url }}" + dest: "{{ ansible_tower.install.manifest_file }}" + username: "{{ tower_manifest.username | default(omit) }}" + password: "{{ tower_manifest.password | default(omit) }}" + + +- name: Configure Ansible Tower + hosts: towers + gather_facts: False + become: yes + tasks: + + - block: + + - name: Ensure dependencies for tower-cli are installed + dnf: + name: python3-pip + state: latest + + - name: Ensure tower-cli is installed + pip: + name: ansible-tower-cli + state: latest + executable: pip3 + + - name: Dump tower-cli config + copy: + content: "{{ tower_cli_config }}" + dest: /etc/tower/tower_cli.cfg + + - name: Dump Ansible Tower Workflow Schema HA to a file + copy: + content: "{{ workflow_schema_ha }}" + dest: /tmp/schema_ha.yml + + - name: Dump Ansible Tower Workflow Schema non-HA to a file + copy: + content: "{{ workflow_schema_non_ha }}" + dest: /tmp/schema_non_ha.yml + + - name: Create symlink to support internal infra-ansible role includes + file: + src: infra-ansible/roles/ansible + dest: "{{ __agnosticd_roles_install_path }}/ansible" + state: link + delegate_to: localhost + become: false + run_once: true + vars: + __agnosticd_roles_install_path: >- + {%- if requirements_content is defined and requirements_content | length > 0 -%} + {{ playbook_dir }}/dynamic-roles + {%- else -%} + {{ ANSIBLE_REPO_PATH | default(playbook_dir) }}/roles + {%- endif -%} + + - name: Ensure Tower License is configured + include_role: + name: infra-ansible/roles/ansible/tower/config-ansible-tower-subscription-manifest + + - name: Ensure required Credentials are added to Tower + include_role: + name: infra-ansible/roles/ansible/tower/manage-credentials + + - name: Ensure required inventories are added to Tower + include_role: + name: infra-ansible/roles/ansible/tower/manage-inventories + + - name: Ensure required Projects are added to Tower + include_role: + name: infra-ansible/roles/ansible/tower/manage-projects + + - name: Ensure required Job Templates are added to Tower + include_role: + name: infra-ansible/roles/ansible/tower/manage-job-templates + + - name: Ensure required WorkFlow Templates are added to Tower + shell: "{{ item }}" + loop: + - /usr/local/bin/tower-cli workflow create --name="SAP HANA and S/4HANA E2E deployment" + - /usr/local/bin/tower-cli workflow create --name="SAP HANA and S/4HANA E2E deployment - HA Mode" + + - name: Populate new WorkFlows with specified schemas + shell: "{{ item }}" + loop: + - /usr/local/bin/tower-cli workflow schema "SAP HANA and S/4HANA E2E deployment" @/tmp/schema_non_ha.yml + - /usr/local/bin/tower-cli workflow schema "SAP HANA and S/4HANA E2E deployment - HA Mode" @/tmp/schema_ha.yml + + - name: Copy letsencrypt cert + copy: + src: "/etc/letsencrypt/live/tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}/fullchain.pem" + dest: "/etc/tower/tower.cert" + remote_src: true + when: cloud_provider == "openshift_cnv" + + - name: Copy letsencrypt key + copy: + src: "/etc/letsencrypt/live/tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}/privkey.pem" + dest: "/etc/tower/tower.key" + remote_src: true + when: cloud_provider == "openshift_cnv" + + - name: restart-tower + command: ansible-tower-service restart + become: true + when: cloud_provider == "openshift_cnv" + +# when: +# - tower_instance_count > 0 +# - __run_aap_deployment + + +- name: Print out information for the user to consume the lab + hosts: localhost + gather_facts: False + become: false + tasks: + - name: Print Student Information + when: + - install_student_user | bool + - cloud_provider != "openshift_cnv" + block: + - name: Store bastion hostname as a fact + set_fact: + bastion_hostname: "{{groups['bastions'].0 }}" + - name: Report user info + agnosticd_user_info: + msg: "{{ item }}" + loop: + - "You can access your bastion via SSH:" + - "ssh {{ student_name }}@bastion-{{ guid }}.{{ guid }}.{{ osp_cluster_dns_zone }}" + - "" + - "Make sure you use the username '{{ student_name }}' and the password '{{ hostvars[bastion_hostname]['student_password'] }}' when prompted." + - "" + - "You can access your Tower:" + - "https://{{ tower_public_dns_chomped }}" + - "Make sure you are using the following credentials:" + - "" + - "Username: admin" + - "Password: {{ tower_password }}" + + - name: Print Student Information + when: + - install_student_user | bool + - cloud_provider == "openshift_cnv" + block: + - name: Store bastion hostname as a fact + set_fact: + bastion_hostname: "{{groups['bastions'].0 }}" + - name: Report user info + agnosticd_user_info: + msg: "{{ item }}" + loop: + - "You can access your bastion via SSH:" + - "ssh {{ student_name }}@{{ openshift_cnv_ssh_address }} -p {{ hostvars[groups['bastions'][0]].bastion_ssh_port }}" + - "" + - "Make sure you use the username '{{ student_name }}' and the password '{{ hostvars[bastion_hostname]['student_password'] }}' when prompted." + - "" + - "You can access your Tower:" + - "https://{{ tower_public_dns_chomped }}" + - "Make sure you are using the following credentials:" + - "" + - "Username: admin" + - "Password: {{ tower_password }}" + + - name: Set agnosticd user info data for tower + when: + - tower_instance_count > 0 + - cloud_provider != "openshift_cnv" + agnosticd_user_info: + data: + tower_url: "https://tower-{{ guid }}.{{ guid }}.{{ osp_cluster_dns_zone }}" + tower_username: "admin" + tower_password: "{{ tower_password }}" + + - name: Set agnosticd user info data for tower + when: + - tower_instance_count > 0 + - cloud_provider == "openshift_cnv" + agnosticd_user_info: + data: + tower_url: "https://tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}" + tower_username: "admin" + tower_password: "{{ tower_password }}" + + + +- name: PostSoftware flight-check + hosts: localhost + connection: local + gather_facts: false + become: false + tags: + - post_flight_check + tasks: + - debug: + msg: "Post-Software checks completed successfully" diff --git a/ansible/configs/sap-hana-dist/pre_infra.yml b/ansible/configs/sap-hana-dist/pre_infra.yml new file mode 100644 index 00000000000..f6270f854f0 --- /dev/null +++ b/ansible/configs/sap-hana-dist/pre_infra.yml @@ -0,0 +1,34 @@ +- name: Step 000 Pre Infrastructure + hosts: localhost + connection: local + gather_facts: false + become: false + tags: + - step001 + - pre_infrastructure + - generate_env_keys + tasks: + - debug: + msg: "Step 000 Pre Infrastructure" + + - name: Generate SSH keys + shell: ssh-keygen -b 2048 -t rsa -f "{{output_dir}}/{{env_authorized_key}}" -q -N "" + args: + creates: "{{output_dir}}/{{env_authorized_key}}" + when: set_env_authorized_key | bool + + - name: fix permission + file: + path: "{{output_dir}}/{{env_authorized_key}}" + mode: 0400 + when: set_env_authorized_key | bool + + - name: Generate SSH pub key + shell: ssh-keygen -y -f "{{output_dir}}/{{env_authorized_key}}" > "{{output_dir}}/{{env_authorized_key}}.pub" + args: + creates: "{{output_dir}}/{{env_authorized_key}}.pub" + when: set_env_authorized_key | bool + + - name: Include tasks to find snapshot in AWS + when: cloud_provider == 'ec2' + include_tasks: find_snapshot.yml diff --git a/ansible/configs/sap-hana-dist/pre_software.yml b/ansible/configs/sap-hana-dist/pre_software.yml new file mode 100644 index 00000000000..706889eddea --- /dev/null +++ b/ansible/configs/sap-hana-dist/pre_software.yml @@ -0,0 +1,149 @@ +# Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} + +- name: Configure all hosts with Repositories, Common Files and Set environment key + hosts: + - all:!windows + become: true + gather_facts: False + roles: + - { role: "set-repositories", when: 'repo_method is defined' } + tags: + - step004 + - common_tasks + +- name: Lock RHEL release + hosts: + - bastions:towers + become: true + gather_facts: False + tasks: + - name: Lock RHEL release to one providing ansible-core + command: subscription-manager release --set={{ rhel_lock_release }} + register: lock_result + until: lock_result is succeeded + retries: 15 + delay: 10 + +- name: Lock RHEL release SAP + hosts: + - hanas:s4hanas + become: true + gather_facts: False + tasks: + - name: Lock RHEL release to one SAP certified + command: subscription-manager release --set={{ rhel_lock_release_sap }} + register: lock_result + until: lock_result is succeeded + retries: 15 + delay: 10 + + tags: + - step004 + - common_tasks + +- name: Install Common packages and Set environment key + hosts: + - all:!windows + become: true + gather_facts: False + roles: + - { role: "common", when: 'install_common' } + - { role: "set_env_authorized_key", when: 'set_env_authorized_key' } + tags: + - step004 + - common_tasks + +- name: Configure firewalld + hosts: bastions + become: true + tasks: + - name: Install firewalld + ansible.builtin.yum: + name: firewalld + state: installed + - name: 'Ensure firewalld is running' + ansible.builtin.service: + name: firewalld + state: started + enabled: true + + - ansible.posix.firewalld: + masquerade: true + state: enabled + permanent: true + immediate: true + zone: public + + - name: permit nfs traffic + ansible.posix.firewalld: + service: nfs + permanent: true + immediate: true + state: enabled + +- name: Change default gw + hosts: hanas:s4hanas + become: true + tasks: + - name: Set 192.168.47.10 as default gw + command: "{{ item }}" + loop: + - ip r add 10.0.0.0/8 via 10.0.2.1 + - ip r add default via 192.168.47.10 metric 1 + - nmcli con modify "System eth0" ipv4.gateway 192.168.47.10 ipv4.route-metric 1 + - nmcli con mod "Wired connection 1" ipv4.routes "10.0.0.0/8 10.0.2.1 0" + +- name: Configuring Bastion Hosts + hosts: bastions + become: true + roles: + - { role: "bastion", when: 'install_bastion' } + - role: bastion-student-user + when: install_student_user | bool + tags: + - step004 + - bastion_tasks + +- name: Copy SSH RSA to cloud-user + hosts: bastions + become: true + tasks: + - copy: + src: /root/.ssh/{{env_authorized_key}}.pem + dest: /home/cloud-user/.ssh/id_rsa + owner: cloud-user + group: cloud-user + mode: 0400 + remote_src: yes + when: cloud_provider == "osp" + tags: + - step004 + - bastion_tasks + +- name: Copy SSH RSA to ec2-user + hosts: bastions + become: true + tasks: + - copy: + src: /root/.ssh/{{env_authorized_key}}.pem + dest: /home/ec2-user/.ssh/id_rsa + owner: ec2-user + group: ec2-user + mode: 0400 + remote_src: yes + when: cloud_provider == "ec2" + tags: + - step004 + - bastion_tasks + + +- name: PreSoftware flight-check + hosts: localhost + connection: local + gather_facts: false + become: false + tags: + - flight_check + tasks: + - debug: + msg: "Pre-Software checks completed successfully" diff --git a/ansible/configs/sap-hana-rhel9/.cleanup/print_info.yml b/ansible/configs/sap-hana-dist/print_info.yml similarity index 100% rename from ansible/configs/sap-hana-rhel9/.cleanup/print_info.yml rename to ansible/configs/sap-hana-dist/print_info.yml diff --git a/ansible/configs/sap-hana-rhel9/requirements.yml b/ansible/configs/sap-hana-dist/requirements.yml similarity index 100% rename from ansible/configs/sap-hana-rhel9/requirements.yml rename to ansible/configs/sap-hana-dist/requirements.yml diff --git a/ansible/configs/sap-hana-rhel9/ec2-lateruse/sample_vars_ec2.yml b/ansible/configs/sap-hana-dist/sample_vars_ec2.yml similarity index 100% rename from ansible/configs/sap-hana-rhel9/ec2-lateruse/sample_vars_ec2.yml rename to ansible/configs/sap-hana-dist/sample_vars_ec2.yml diff --git a/ansible/configs/sap-hana-rhel9/.cleanup/sample_vars_osp.yml b/ansible/configs/sap-hana-dist/sample_vars_osp.yml similarity index 100% rename from ansible/configs/sap-hana-rhel9/.cleanup/sample_vars_osp.yml rename to ansible/configs/sap-hana-dist/sample_vars_osp.yml diff --git a/ansible/configs/sap-hana-dist/software.yml b/ansible/configs/sap-hana-dist/software.yml new file mode 100644 index 00000000000..d5b87a5003e --- /dev/null +++ b/ansible/configs/sap-hana-dist/software.yml @@ -0,0 +1,226 @@ +--- +- name: Step 00xxxxx software + hosts: localhost + gather_facts: False + become: false + tasks: + - debug: + msg: "Software tasks Started" + +- name: Configure /etc/hosts for openshift_cnv + hosts: all + become: True + gather_facts: True + tasks: + - name: Configure /etc/hosts + when: cloud_provider == "openshift_cnv" + ansible.builtin.blockinfile: + path: /etc/hosts + block: | + 192.168.47.10 bastion-{{ guid }}.example.com bastion-{{ guid }} + 192.168.47.11 tower-{{ guid }}.example.com tower-{{ guid }} + 192.168.47.28 hana-{{ guid }}1.example.com hana-{{ guid }}1 + 192.168.47.135 hana-{{ guid }}2.example.com hana-{{ guid }}2 + 192.168.47.150 s4hana-{{ guid }}.example.com s4hana-{{ guid }} + +- name: Ensure NFS Server is installed, SAP Software Device Mounted and Ansible Installed + hosts: bastions + become: True + gather_facts: True + tasks: + + - name: Ensure NFS directory exists + file: + path: "/nfs" + state: directory + + - name: Mount up device by UUID + mount: + path: /nfs + src: "/dev/{{ sap_software_device }}" + fstype: xfs + state: present + + - name: 'Ensure required packages are installed' + package: + name: nfs-utils + state: installed + + - name: "Ensure export file contains the directory to be shared" + lineinfile: + path: /etc/exports + state: present + regexp: "^/nfs" + line: "/nfs *(insecure,rw,no_root_squash,no_wdelay,sync)" + + - name: 'Ensure nfs-server is restarted and running' + service: + name: nfs-server + state: restarted + enabled: yes + + - name: Ensure additional packages are installed + yum: + name: + - ansible + - java-1.8.0-openjdk + - rhel-system-roles-sap + state: latest + + - name: Ensure /nfs directory is owned by '{{ remote_user }}' + file: + path: /nfs + state: directory + owner: "{{ remote_user }}" + + - name: Ensure SAP software is not present for external (non Red Hatters) requesters + file: + state: absent + path: "{{ item }}" + loop: + - '/nfs/HANA_installation/' + - '/nfs/S4HANA_installation/' + - '/nfs/SAPCAR/' + - '/nfs/SAPHOSTAGENT/' + when: not rh_internal + +- name: Ensure NFS share is mounted in HANA and S/4HANA Hosts + hosts: hanas:s4hanas + become: True + gather_facts: True + tasks: + + - name: Ensure additional packages are installed + yum: + name: + - rpcbind + - nfs-utils + state: latest + + - name: Ensure Software directory exists + file: + path: "/software" + state: directory + + - name: Ensure NFS share is mounted + mount: + path: "/software" + src: "{{ bastion_hostname }}:/nfs" + fstype: nfs4 + opts: "rw,bg,hard,_netdev" + state: mounted + +- name: Add short and fqdn resolution for every host + hosts: hanas:s4hanas + become: true + gather_facts: true + tasks: + + - name: Add HANA and S4HANA hosts info to /etc/hosts + lineinfile: + path: /etc/hosts + state: present + line: "{{ hostvars[item].ansible_default_ipv4.address }} {{ hostvars[item].ansible_hostname }}.example.com {{ hostvars[item].ansible_hostname }}" + when: + - cloud_provider is match("osp") + with_items: + - "{{ groups['hanas'] }}" + - "{{ groups['s4hanas'] }}" + ignore_errors: true + +##Below tasks has been added because Sap E2E CI failing when running the tower job sap-repositories, +##as per the article in Red Hat we need to move two files in /tmp dir + +- name: Redgistering Insights-client and moving files + hosts: hanas:s4hanas + become: true + gather_facts: true + tasks: + - name: Registering the client with Red Hat insight + command: insights-client --register + ignore_errors: true + + - name: Move newest.egg file to /tmp directory + command: mv /var/lib/insights/newest.egg /tmp + ignore_errors: true + + - name: Move newest.egg.asc file to /tmp directory + command: mv /var/lib/insights/newest.egg.asc /tmp + ignore_errors: true + +- name: Deploy Ansible Tower + hosts: towers + gather_facts: False + become: yes + tasks: + # This is a bit hacky but we are facing some issues with Ansible, RHEL8 and python for some + # modules and this workaround solved this particular issue +# - name: Debug offline token +# debug: +# var: offline_token + +# - name: Debug sap-e2e-offline token +# debug: +# var: sap-e2e-offline-token + + - name: Ensure Python3 package is installed and alternatives for python updated + shell: > + yum install -y python3 && alternatives --set python /usr/bin/python3 + +# - name: Ensure EPEL GPG is installed +# rpm_key: +# state: present +# key: "{{ ansible_tower_epel_gpg_download_url }}" + + - name: Add RPM package key RPM-GPG-KEY-EPEL-8 + rpm_key: + key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8 + + - name: "install epel-release" + dnf: + name: "{{ ansible_tower_epel_download_url }}" + state: present + disable_gpg_check: "{{ ansible_tower_epel_disable_gpg_check | default('no') }}" + + + - name: install certbot + yum: + name: "certbot" + when: cloud_provider == "openshift_cnv" + + - name: Generate certificate using certbot + command: certbot certonly --standalone -d tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }} -m rhpds-admins@redhat.com --agree-tos -n --cert-path /etc/tower/tower.cert --key-path /etc/tower/tower.key + when: cloud_provider == "openshift_cnv" + + - name: Ensure additional packages are installed + yum: + name: + - ansible + state: present + exclude: + - ansible-6.3.0-2.el8.1.noarch + - ansible-7.2.0-1.el8.noarch + - ansible-8.3.0-1.el8.noarch + - ansible-9.2.0-1.el8.noarch + + - name: Install Ansible Tower + include_role: + name: infra-ansible/roles/ansible/tower/config-ansible-tower + + - name: Install ansible for module psutil + pip: + name: ansible + virtualenv: /var/lib/awx/venv/ansible + + +- name: Software flight-check + hosts: localhost + connection: local + gather_facts: false + become: false + tags: + - post_flight_check + tasks: + - debug: + msg: "Software checks completed successfully" + diff --git a/ansible/configs/sap-hana-rhel9/topology.png b/ansible/configs/sap-hana-dist/topology.png similarity index 100% rename from ansible/configs/sap-hana-rhel9/topology.png rename to ansible/configs/sap-hana-dist/topology.png diff --git a/ansible/configs/sap-hana-rhel9/default_vars.yml b/ansible/configs/sap-hana-rhel9/default_vars.yml deleted file mode 100644 index a52067fffe7..00000000000 --- a/ansible/configs/sap-hana-rhel9/default_vars.yml +++ /dev/null @@ -1,93 +0,0 @@ -output_dir: /tmp/output_dir - -## Common repositories -repo_method: satellite # Default method -set_repositories_rhel9_lock_release: '9.2' # Default Version Lock -# rhel_repos: will be only be added. The purge code in the role is not working (purge at the wrong place) -rhel_repos_zstream: - - "rhel-9-for-x86_64-baseos-rpms" - - "rhel-9-for-x86_64-appstream-rpms" -# - "rhel-9-for-x86_64-sap-netweaver-rpms" -# - "rhel-9-for-x86_64-sap-solutions-rpms" -rhel_repos_e4s: - - "rhel-9-for-x86_64-baseos-e4s-rpms" - - "rhel-9-for-x86_64-appstream-e4s-rpms" - - "rhel-9-for-x86_64-sap-solutions-e4s-rpms" - - "rhel-9-for-x86_64-sap-netweaver-e4s-rpms" -# - "ansible-2-for-rhel-8-x86_64-rpms" -# - "ansible-2.9-for-rhel-8-x86_64-rpms" - -rhel_lock_release_sap: 9.2 - -## Networking -subdomain_base_short: "{{ guid }}" -subdomain_base_suffix: ".example.opentlc.com" -subdomain_base: "{{ subdomain_base_short}}{{subdomain_base_suffix }}" - -### Common Host settings -install_ipa_client: false -install_student_user: false - -# Do you want to run a full yum update -update_packages: false - -## guid is the deployment unique identifier, it will be appended to all tags, -## files and anything that identifies this environment from another "just like it" -guid: defaultguid - -# This var is used to identify stack (cloudformation, azure resourcegroup, ...) -project_tag: "{{ env_type }}-{{ guid }}" - -# This is where the ssh_config file will be created, this file is used to -# define the communication method to all the hosts in the deployment -deploy_local_ssh_config_location: "{{output_dir}}/" - -install_bastion: true -install_common: true - -# Variable used to identify the request being made by a Red Hatter or Partner (external) -rh_internal: true - -### If you want a Key Pair name created and injected into the hosts, -# set `set_env_authorized_key` to true and set the keyname in `env_authorized_key` -# you can use the key used to create the environment or use your own self generated key -env_authorized_key: "{{guid}}key" -#ansible_ssh_private_key_file: ~/.ssh/{{key_name}}.pem -set_env_authorized_key: true - -# Is this running from Red Hat Ansible Tower -tower_run: false - -# commented packages are installed by standard -common_extra_packages: - # unzip - # bash-completion - # tmux - # bind-utils - # wget - # git - # vim-enhanced - - at - - python3-pip - -cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer " - -### Variables of the role to download AAP2 ### -aap_download_client_id: rhsm_api -#aap_download_client_id: cloud-services -aap_pull_secret: "{{ ocp4_ai_pull_secret }}" -# offline_token: "{{ rhsm_api_offline_token }}" # defined in playbook - -# AA2 Downloadfile -provided_sha_value: '84bc290cda822a883a95d5d51e6d441a9f3189edbe76f63476400b823d8c8106' # RHEl 9 2.5 Containerized Bundle - -# EPEL -#ansible_tower_epel_download_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm" -ansible_tower_epel_gpg_download_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}" -ansible_tower_epel_download_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm" -### Disable GPG check for epel ### -#ansible_tower_epel_disable_gpg_check: "yes" -ansible_tower_epel_disable_gpg_check: 'no' - -# Do not install OpenShift -install_ocp4: false \ No newline at end of file diff --git a/ansible/configs/sap-hana-rhel9/default_vars_openshift_cnv.yaml b/ansible/configs/sap-hana-rhel9/default_vars_openshift_cnv.yaml deleted file mode 100644 index fd3c287c332..00000000000 --- a/ansible/configs/sap-hana-rhel9/default_vars_openshift_cnv.yaml +++ /dev/null @@ -1,280 +0,0 @@ -## Environment Sizing and OS - -bastion_instance_image: rhel-9.3 -bastion_instance_type: "sap-2-16" -bastion_instance_count: 1 - -hana_instance_image: rhel-9.2 -hana_instance_type: "sap-4-64" -hana_instance_count: 2 -pv_size_hana: 500 - -s4hana_instance_image: rhel-9.2 -s4hana_instance_type: "sap-4-32" -s4hana_instance_count: 1 -pv_size_s4hana: 200 - -## Variables required when deploying Ansible Tower alongside the HANA and bastion instances -tower_instance_image: rhel-9.3 -tower_instance_type: "sap-4-32" -tower_instance_count: "{{ tower_instance_count }}" - -sap_extra_device: vdb -sap_software_device: vdb - -ansible_user: cloud-user -remote_user: cloud-user - -# SAP Software image and variables -sap_software_image: sap-software-v1.2 -sap_software_size: "{{ sap_software_size }}" -networks: - - name: sap - -instances: - - name: "bastion-{{ guid }}" - count: "{{ bastion_instance_count }}" - cores: 2 - memory: "16G" - unique: true - public_dns: true - dns_loadbalancer: true - floating_ip: true - image: "{{ bastion_instance_image }}" - image_size: "50G" - tags: - - key: "AnsibleGroup" - value: "bastions" - - key: "ostype" - value: "linux" - - key: "instance_filter" - value: "{{ env_type }}-{{ guid }}" - - key: ansible_python_interpreter - value: /usr/libexec/platform-python - networks: - - sap - - default - networkdata: | - version: 2 - ethernets: - eth0: - addresses: - - 192.168.47.10/24 - - disks: - - metadata: - name: "sapsoftware{{ guid }}" - spec: - source: - pvc: - name: "{{ sap_software_image }}" - namespace: cnv-images - pvc: - accessModes: - - ReadWriteMany - volumeMode: Block - resources: - requests: - storage: "{{ sap_software_size }}Gi" - - - - - name: "hana-{{ guid }}1" - cores: 4 - memory: "40G" - public_dns: false - dns_loadbalancer: false - floating_ip: false - image: "{{ hana_instance_image }}" - image_size: "100G" - networks: - - sap - - default - networkdata: | - version: 2 - ethernets: - eth0: - addresses: - - 192.168.47.28/24 - tags: - - key: "AnsibleGroup" - value: "hanas" - - key: "ostype" - value: "rhel" - - key: "instance_filter" - value: "{{ env_type }}-{{ guid }}" - - key: ansible_python_interpreter - value: /usr/libexec/platform-python - disks: - - metadata: - name: "INSTANCENAME-{{ guid }}2" - spec: - source: - blank: {} - pvc: - accessModes: - - ReadWriteMany - volumeMode: Block - resources: - requests: - storage: "{{ pv_size_hana }}Gi" - - - name: "hana-{{ guid }}2" - cores: 4 - memory: "40G" - public_dns: false - dns_loadbalancer: false - floating_ip: false - image: "{{ hana_instance_image }}" - image_size: "100G" - networks: - - sap - - default - networkdata: | - version: 2 - ethernets: - eth0: - addresses: - - 192.168.47.135/24 - tags: - - key: "AnsibleGroup" - value: "hanas" - - key: "ostype" - value: "rhel" - - key: "instance_filter" - value: "{{ env_type }}-{{ guid }}" - - key: ansible_python_interpreter - value: /usr/libexec/platform-python - disks: - - metadata: - name: "INSTANCENAME-{{ guid }}2" - spec: - source: - blank: {} - pvc: - accessModes: - - ReadWriteMany - volumeMode: Block - resources: - requests: - storage: "{{ pv_size_hana }}Gi" - - - - - name: "s4hana-{{ guid }}" - count: "{{ s4hana_instance_count }}" - cores: 2 - memory: "16G" - public_dns: true - dns_loadbalancer: false - floating_ip: true - image: "{{ s4hana_instance_image }}" - image_size: "100G" - tags: - - key: "AnsibleGroup" - value: "s4hanas" - - key: "ostype" - value: "rhel" - - key: "instance_filter" - value: "{{ env_type }}-{{ guid }}" - - key: ansible_python_interpreter - value: /usr/libexec/platform-python - networks: - - sap - - default - networkdata: | - version: 2 - ethernets: - eth0: - addresses: - - 192.168.47.150/24 - disks: - - metadata: - name: "s4hanapv-{{ guid }}" - spec: - source: - blank: {} - pvc: - accessModes: - - ReadWriteMany - volumeMode: Block - resources: - requests: - storage: "{{ pv_size_s4hana }}Gi" - - - - name: "tower-{{ guid }}" - count: "{{ tower_instance_count }}" - cores: 4 - memory: "32G" - public_dns: true - dns_loadbalancer: true - floating_ip: true - image: "{{ tower_instance_image }}" - image_size: "200G" - tags: - - key: "AnsibleGroup" - value: "towers" - - key: "ostype" - value: "rhel" - - key: "instance_filter" - value: "{{ env_type }}-{{ guid }}" - - key: ansible_python_interpreter - value: /usr/libexec/platform-python - networks: - - sap - - default - networkdata: | - version: 2 - ethernets: - eth0: - addresses: - - 192.168.47.11/24 - services: - - name: tower-svc - ports: - - port: 443 - protocol: TCP - targetPort: 443 - name: tower-https - - port: 80 - protocol: TCP - targetPort: 80 - name: tower-http - routes: - - name: "tower-{{ guid }}" - service: tower-svc - targetPort: 443 - tls: true - - name: "tower-{{ guid }}-http" - host: "tower-{{ guid }}" - service: tower-svc - targetPort: 80 - tls: false - path: "/.well-known/" - -zone_internal_dns: "{{guid}}.internal." -chomped_zone_internal_dns: "{{guid}}.internal" - -bastion_public_dns: "bastion-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}." -bastion_public_dns_chomped: "bastion-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}" -tower_public_dns_chomped: "tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}" -vpcid_cidr_block: "192.168.0.0/16" -vpcid_name_tag: "{{ subdomain_base }}" - - -rtb_public_name_tag: "{{ subdomain_base }}-public" -rtb_private_name_tag: "{{ subdomain_base }}-private" - -ansible_hana1_hostname: "{{ hostvars[groups.hanas[0]].ansible_hostname }}" -ansible_hana1_fqdn_hostname: "{{ hostvars[groups.hanas[0]].ansible_fqdn }}" -ansible_hana1_ip: "{{ hostvars[groups.hanas[0]].ansible_eth0.ipv4.address }}" -ansible_hana2_hostname: "{{ hostvars[groups.hanas[1]].ansible_hostname }}" -ansible_hana2_fqdn_hostname: "{{ hostvars[groups.hanas[1]].ansible_fqdn }}" -ansible_hana2_ip: "{{ hostvars[groups.hanas[1]].ansible_eth0.ipv4.address }}" -ansible_hana_hostname: "hana-{{ guid }}" -ansible_s4hana_hostname: "s4hana-{{ guid }}" -bastion_hostname: "bastion-{{ guid }}" -deployment_db_host: "hana-{{ guid }}1" - -#__run_aap_deployment: true diff --git a/ansible/configs/sap-hana-rhel9/post_software.yml b/ansible/configs/sap-hana-rhel9/post_software.yml deleted file mode 100644 index efa005c8829..00000000000 --- a/ansible/configs/sap-hana-rhel9/post_software.yml +++ /dev/null @@ -1,108 +0,0 @@ -- name: Print out information for the user to consume the lab - hosts: localhost - gather_facts: False - become: false - tasks: - - name: Print Student Information - when: - - install_student_user | bool - - cloud_provider != "openshift_cnv" - block: - - name: Store bastion and tower hostname as a fact - ansible.builtin.set_fact: - bastion_hostname: "{{ groups['bastions'].0 }}" - tower_hostname: "{{ groups['towers'].0 }}" - - - name: Get tower admin password - ansible.builtin.set_fact: - tower_password: "{{ hostvars[tower_hostname]['tower_password'] | d('not_set') }}" - - - name: Report user info # noqa syntax-check[unknown-module] - agnosticd_user_info: - msg: "{{ item }}" - loop: - - "You can access your bastion via SSH:" - - "ssh {{ student_name }}@bastion-{{ guid }}.{{ guid }}.{{ osp_cluster_dns_zone }}" - - "" - - "Make sure you use the username '{{ student_name }}' and the password '{{ hostvars[bastion_hostname]['student_password'] }}' when prompted." - - "" - - "You can access your Tower:" - - "https://{{ tower_public_dns_chomped | d('not_deployed') }}" - - "Make sure you are using the following credentials:" - - "" - - "Username: admin" - - "Password: {{ tower_password | d('not_deployed') }}" - - "" - - "Note: The controller installation runs in the background and may take additional 30Min" - - "To follow the installation log in to {{ tower_hostname }} and tail the installation log:" - - "" - - "ssh {{ student_name }}@{{ openshift_cnv_ssh_address }} -p {{ hostvars[groups['bastions'][0]].bastion_ssh_port }}" - - "sudo ssh {{ tower_hostname }}" - - "tail -f aap_unpacked/aap_install.log" - - - name: Print Student Information - when: - - install_student_user | bool - - cloud_provider == "openshift_cnv" - block: - - name: Store bastion hostname as a fact - set_fact: - bastion_hostname: "{{groups['bastions'].0 }}" - tower_hostname: "{{ groups['towers'].0 }}" - - name: Get tower admin password - ansible.builtin.set_fact: - tower_password: "{{ hostvars[tower_hostname]['tower_password'] | d('not_set') }}" - - - name: Report user info - agnosticd_user_info: - msg: "{{ item }}" - loop: - - "You can access your bastion via SSH:" - - "ssh {{ student_name }}@{{ openshift_cnv_ssh_address }} -p {{ hostvars[groups['bastions'][0]].bastion_ssh_port }}" - - "" - - "Make sure you use the username '{{ student_name }}' and the password '{{ hostvars[bastion_hostname]['student_password'] }}' when prompted." - - "" - - "You can access your Tower:" - - "https://{{ tower_public_dns_chomped | d('undefined') }}" - - "Make sure you are using the following credentials:" - - "" - - "Username: admin" - - "Password: {{ tower_password| d('not_deployed') }}" - - "" - - "Note: The controller installation runs in the background and may take additional 30Min" - - "To follow the installation log in to {{ tower_hostname }} and tail the installation log:" - - "" - - "ssh {{ student_name }}@{{ openshift_cnv_ssh_address }} -p {{ hostvars[groups['bastions'][0]].bastion_ssh_port }}" - - "sudo ssh {{ tower_hostname }}" - - "tail -f aap_unpacked/aap_install.log" - - - name: Set agnosticd user info data for tower - when: - - tower_instance_count > 0 - - cloud_provider != "openshift_cnv" - agnosticd_user_info: - data: - tower_url: "https://tower-{{ guid }}.{{ guid }}.{{ osp_cluster_dns_zone }}" - tower_username: "admin" - tower_password: "{{ tower_password| d('not_deployed') }}" - - - name: Set agnosticd user info data for tower - when: - - tower_instance_count > 0 - - cloud_provider == "openshift_cnv" - agnosticd_user_info: - data: - tower_url: "https://tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}" - tower_username: "admin" - tower_password: "{{ tower_password | d('not_deployed') }}" - -- name: PostSoftware flight-check - hosts: localhost - connection: local - gather_facts: false - become: false - tags: - - post_flight_check - tasks: - - debug: - msg: "Post-Software checks completed successfully - Stage {{ purpose | d('undefined') }}" diff --git a/ansible/configs/sap-hana-rhel9/pre_infra.yml b/ansible/configs/sap-hana-rhel9/pre_infra.yml deleted file mode 100644 index 99f6a49cd66..00000000000 --- a/ansible/configs/sap-hana-rhel9/pre_infra.yml +++ /dev/null @@ -1,53 +0,0 @@ ---- -- name: Step 000 - Pre Infrastructure - # - # Creates SSH keys for logging in and search snapshot disk in AWS - # - hosts: localhost - connection: local - gather_facts: true - become: false - tags: - - step001 - - pre_infrastructure - - generate_env_keys - - tasks: - - name: Print Ansible version, python version and OS of ansible deployment - ansible.builtin.debug: - msg: - - 'Ansible version: {{ ansible_version.full | d("not found") }}' - - 'Python version: {{ ansible_python.version.major }}.{{ ansible_python.version.minor - }}' - - 'OS: {{ ansible_distribution }} {{ ansible_distribution_major_version }}' - - ## TODO: replace ansible by command - - name: Generate SSH keypair - ansible.builtin.command: ssh-keygen -b 2048 -t rsa -f "{{ output_dir }}/{{ env_authorized_key }}" -q -N "" - args: - creates: "{{ output_dir }}/{{ env_authorized_key }}" - when: set_env_authorized_key | bool - - - name: Output newly generated private key for logging in - ansible.builtin.debug: - msg: "{{ lookup('ansible.builtin.file', output_dir + '/' + env_authorized_key) }}" - when: set_env_authorized_key | bool - - ## TODO: change mode line - - name: Fix permission - ansible.builtin.file: - path: "{{ output_dir }}/{{ env_authorized_key }}" - mode: '0400' - when: set_env_authorized_key | bool - - ### TODO: seems superflous -- double check - ## This logic overwrites the public with the private key if public was not created !! - # - name: Generate SSH pub key - # ansible.builtin.shell: ssh-keygen -y -f "{{ output_dir }}/{{ env_authorized_key }}" > "{{ output_dir }}/{{ env_authorized_key }}.pub" - # args: - # creates: "{{ output_dir }}/{{ env_authorized_key }}.pub" - # when: set_env_authorized_key | bool - - - name: Include tasks to find snapshot in AWS - when: cloud_provider == 'ec2' - ansible.builtin.include_tasks: find_snapshot.yml diff --git a/ansible/configs/sap-hana-rhel9/pre_software.yml b/ansible/configs/sap-hana-rhel9/pre_software.yml deleted file mode 100644 index cc99680a090..00000000000 --- a/ansible/configs/sap-hana-rhel9/pre_software.yml +++ /dev/null @@ -1,213 +0,0 @@ -# Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} - -# copy login keys and ensures all systems are subscribed to proper repositories in Satellite -# configure firewall and networking, install common_packages -# configure modified routing on designated SAP servers - -- name: Step 003 - PreSoftware - hosts: - - all:!windows - become: true - gather_facts: false - tasks: - - name: Configure Repositories - when: repo_method is defined - ansible.builtin.include_role: - name: "set-repositories" - tags: - - step004 - - common_tasks - - - name: DEBUG - Configuration after repo setup - ansible.builtin.shell: | - echo "===================================" - cat /etc/redhat-release - dnf clean all - subscription-manager status - subscription-manager release --list - subscription-manager repos - changed_when: false - failed_when: false - -- name: Step 003 - Unlock RHEL release on non-SAP systems - hosts: - - bastions:towers - become: true - gather_facts: false - tasks: - - name: Get current RHEL release - ansible.builtin.setup: - gather_subset: - - distribution - - name: Print current RHEL release - ansible.builtin.debug: - msg: "This system is RHEL {{ ansible_distribution_major_version }}" - # - name: Print all evaluated playbook variables - # ansible.builtin.debug: - # var: hostvars[inventory_hostname] - - - name: Unlock RHEL release # noqa: no-changed-when - ansible.builtin.command: subscription-manager release --set={{ ansible_distribution_major_version }} - register: lock_result - until: lock_result is succeeded - retries: 15 - delay: 10 - - - name: Configure zstream repositories only - community.general.rhsm_repository: - name: "{{ rhel_repos_zstream }}" - purge: true - -- name: Step 003 - Lock RHEL release on SAP systems - hosts: - - hanas:s4hanas - become: true - gather_facts: false - tasks: - - name: Get current RHEL release - ansible.builtin.setup: - gather_subset: - - distribution - - name: Print current RHEL release - ansible.builtin.debug: - msg: "This system is RHEL {{ ansible_distribution_version }}" - - ## TODO: use system_role rhc instead - - name: Ensure RHEL release is locked to SAP certified # noqa: no-changed-when - # when: ansible_distribution_major_version | int < 9 - ansible.builtin.command: subscription-manager release --set={{ rhel_lock_release_sap }} - register: lock_result - until: lock_result is succeeded - retries: 15 - delay: 10 - - # required because regular repositories are not synched in Satellite - - name: Configure e4s repositories only - community.general.rhsm_repository: - name: "{{ rhel_repos_e4s }}" - purge: true - -- name: Step 003 - Install Common packages and Set environment key - hosts: - - all:!windows - become: true - gather_facts: false - - tasks: - - name: DEBUG - Figure out current package/release versions - ansible.builtin.shell: | - subscription-manager release - subscription-manager release --list - dnf repolist - changed_when: false - failed_when: false - - # update all packages (update_packages: true - default) - # Install standard packages in common_packages_el9 - # Installs common_extra_packages - defined in default_vars.yml - - name: Install common packages - when: install_common - ansible.builtin.include_role: - name: "common" - - - name: Set Authorized Keys for default logins - when: set_env_authorized_key - ansible.builtin.include_role: - name: "set_env_authorized_key" - -- name: Step 003 - Configure firewalld on bastion host - hosts: bastions - become: true - tasks: - - name: Install firewalld - ansible.builtin.dnf: - name: firewalld - state: installed - - - name: Ensure firewalld is running - ansible.builtin.service: - name: firewalld - state: started - enabled: true - - - name: Enable firewalld - ansible.posix.firewalld: - masquerade: true - state: enabled - permanent: true - immediate: true - zone: public - - - name: Permit nfs traffic - ansible.posix.firewalld: - service: nfs - permanent: true - immediate: true - state: enabled - - # required for downloading SAP Software - - name: Install python3-pip - ansible.builtin.package: - name: python3-pip - state: present - -- name: Step 003 - Change default gw on SAP servers - hosts: hanas:s4hanas - become: true - tasks: - - name: Set 192.168.47.10 as default gw # noqa: no-changed-when - ansible.builtin.command: "{{ item }}" - loop: - - ip r add 10.0.0.0/8 via 10.0.2.1 - - ip r add default via 192.168.47.10 metric 1 - - nmcli con modify "System eth0" ipv4.gateway 192.168.47.10 ipv4.route-metric 1 - - nmcli con mod "Wired connection 1" ipv4.routes "10.0.0.0/8 10.0.2.1 0" - -- name: Step 003 - Configuring Bastion Hosts - hosts: bastions - become: true - tasks: - - name: Install bastion host - when: 'install_bastion' - ansible.builtin.include_role: - name: bastion - - - name: Install student user on bastion host - when: install_student_user | bool - ansible.builtin.include_role: - name: bastion-student-user - - - name: Copy private keyfile to bastion host (OSP) - ansible.builtin.copy: - src: /root/.ssh/{{ env_authorized_key }}.pem - dest: /home/cloud-user/.ssh/id_rsa - owner: cloud-user - group: cloud-user - mode: '0400' - remote_src: true - when: cloud_provider == "osp" - - - name: Copy private keyfile to bastion host (AWS) - ansible.builtin.copy: - src: /root/.ssh/{{ env_authorized_key }}.pem - dest: /home/ec2-user/.ssh/id_rsa - owner: ec2-user - group: ec2-user - mode: '0400' - remote_src: true - when: cloud_provider == "ec2" - tags: - - step004 - - bastion_tasks - -- name: Step 003 - PreSoftware flight-check - hosts: localhost - connection: local - gather_facts: false - become: false - tags: - - flight_check - tasks: - - name: Pre-flight-check results - ansible.builtin.debug: - msg: "Pre-Software checks completed successfully" diff --git a/ansible/configs/sap-hana-rhel9/software.yml b/ansible/configs/sap-hana-rhel9/software.yml deleted file mode 100644 index a0bdf9d4558..00000000000 --- a/ansible/configs/sap-hana-rhel9/software.yml +++ /dev/null @@ -1,369 +0,0 @@ ---- -# - name: Step 004 - Software Provisioning -# hosts: localhost -# gather_facts: false -# become: false -# tasks: -# - debug: -# msg: "Software tasks Started" - -- name: Step 004 - Configure /etc/hosts for openshift_cnv - hosts: all - become: true - gather_facts: true - tasks: - - name: Configure /etc/hosts - when: cloud_provider == "openshift_cnv" - ansible.builtin.blockinfile: - path: /etc/hosts - block: | - 192.168.47.10 bastion-{{ guid }}.example.com bastion-{{ guid }} - 192.168.47.11 tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }} tower-{{ guid }}.example.com tower-{{ guid }} - 192.168.47.28 hana-{{ guid }}1.example.com hana-{{ guid }}1 - 192.168.47.135 hana-{{ guid }}2.example.com hana-{{ guid }}2 - 192.168.47.150 s4hana-{{ guid }}.example.com s4hana-{{ guid }} - 192.168.47.200 hana-vip.example.com hana-vip -# Note: The external DNS Name has to be here to accept the cert in 2.5 containerized install -# only necessary on tower, but does not harm the other nodes. - -- name: Ensure NFS Server is installed, SAP Software Device Mounted and Ansible Installed - hosts: bastions - become: true - gather_facts: true - tasks: - - - name: Ensure NFS directory exists - ansible.builtin.file: - path: "/nfs" - state: directory - mode: "0755" - - - name: Mount up device by UUID - ansible.posix.mount: - path: /nfs - src: "/dev/{{ sap_software_device }}" - fstype: xfs - state: present - - - name: Ensure required packages are installed - ansible.builtin.dnf: - name: nfs-utils - state: installed - - - name: Ensure export file contains the directory to be shared - ansible.builtin.lineinfile: - path: /etc/exports - state: present - regexp: "^/nfs" - line: "/nfs *(insecure,rw,no_root_squash,no_wdelay,sync)" - - - name: Ensure nfs-server is restarted and running - ansible.builtin.service: - name: nfs-server - state: restarted - enabled: true - -# - name: Ensure additional packages are installed -# ansible.builtin.dnf: -# name: -# - ansible -# - java-1.8.0-openjdk -# - rhel-system-roles-sap -# state: present - - - name: Ensure /nfs directory is owned by '{{ remote_user }}' - ansible.builtin.file: - path: /nfs - state: directory - owner: "{{ remote_user }}" - mode: "755" - - - name: Ensure SAP software is not present for external (non Red Hatters) requesters - ansible.builtin.file: - state: absent - path: "{{ item }}" - loop: - - '/nfs/HANA_installation/' - - '/nfs/S4HANA_installation/' - - '/nfs/SAPCAR/' - - '/nfs/SAPHOSTAGENT/' - when: not rh_internal - -- name: Step 004 - Ensure NFS share is mounted in HANA and S/4HANA Hosts - hosts: hanas:s4hanas - become: true - gather_facts: true - tasks: - - - name: Ensure NFS client packages are installed - ansible.builtin.dnf: - name: - - rpcbind - - nfs-utils - state: present - - - name: Ensure Software directory exists - ansible.builtin.file: - path: "/software" - state: directory - mode: "0755" - - - name: Ensure NFS share is mounted - ansible.posix.mount: - path: "/software" - src: "{{ bastion_hostname }}:/nfs" - fstype: nfs4 - opts: "rw,bg,hard,_netdev" - state: mounted - -## TODO: replace with SAP dowload instead in future release - -### The change of /etc/hosts has been done above, so next play should be redundant for openshift_cnv -- name: Step 004 - Add short and fqdn resolution for every host - hosts: hanas:s4hanas - become: true - gather_facts: true - tasks: - - - name: Add HANA and S4HANA hosts info to /etc/hosts # noqa: ignore-errors - ansible.builtin.lineinfile: - path: /etc/hosts - state: present - line: "{{ hostvars[item].ansible_default_ipv4.address }} {{ hostvars[item].ansible_hostname }}.example.com {{ hostvars[item].ansible_hostname }}" - when: - - cloud_provider is match("osp") - with_items: - - "{{ groups['hanas'] }}" - - "{{ groups['s4hanas'] }}" - ignore_errors: true - -## Below tasks has been added because Sap E2E CI failing when running the tower job sap-repositories, -## as per the article in Red Hat we need to move two files in /tmp dir - -- name: Step 004 - Registering Insights-client and moving files - hosts: hanas:s4hanas - become: true - gather_facts: true - tasks: - - name: Registering the client with Red Hat insight # noqa: no-changed-when ignore-errors - ansible.builtin.command: insights-client --register - ignore_errors: true - - - name: Move newest.egg file to /tmp directory # noqa: no-changed-when ignore-errors - ansible.builtin.command: mv /var/lib/insights/newest.egg /tmp - ignore_errors: true - - - name: Move newest.egg.asc file to /tmp directory # noqa: no-changed-when ignore-errors - ansible.builtin.command: mv /var/lib/insights/newest.egg.asc /tmp - ignore_errors: true - -- name: Step 004 - Prepare deployment of AAP - hosts: towers - gather_facts: false - become: true - tasks: - - name: Add RPM package key RPM-GPG-KEY-EPEL-9 - ansible.builtin.rpm_key: - key: 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}' - when: cloud_provider == "openshift_cnv" - - - name: Install epel-release - ansible.builtin.dnf: - name: 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm' - state: present - disable_gpg_check: "{{ ansible_tower_epel_disable_gpg_check | default('no') }}" - when: cloud_provider == "openshift_cnv" - - - name: Install certbot - ansible.builtin.dnf: - name: certbot - when: cloud_provider == "openshift_cnv" - - - name: Install ansible-core - ansible.builtin.package: - name: ansible-core - state: present - - - name: Ensure Directory for certificates exist - ansible.builtin.file: - path: "/home/cloud-user/aap_cert" - state: directory - owner: cloud-user - group: cloud-user - mode: '0755' - when: cloud_provider == "openshift_cnv" - - - name: Generate certificate using certbot # noqa: no-changed-when - ansible.builtin.command: - argv: - - certbot - - certonly - - --standalone - - -d - - tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }} - - -m - - rhpds-admins@redhat.com - - --agree-tos - - -n - - --cert-path - - /home/cloud-user/aap_cert/fullchain.pem - - --key-path - - /home/cloud-user/aap_cert/privkey.pem - when: cloud_provider == "openshift_cnv" - - - name: Copy certificate files to /home/cloud-user/aap_cert - ansible.builtin.copy: - src: '/etc/letsencrypt/live/tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}/{{ item }}' - dest: '/home/cloud-user/aap_cert/{{ item }}' - owner: cloud-user - group: cloud-user - mode: '0644' - remote_src: true - when: cloud_provider == "openshift_cnv" - loop: - - fullchain.pem - - privkey.pem - - # Should move into secret file - - name: Create offline token - ansible.builtin.set_fact: - offline_token: "{{ rhsm_api_offline_token }}" - - name: Debug offline token - when: purpose == 'development' - ansible.builtin.debug: - var: offline_token - - - name: Copy ssh key to cloud-user - ansible.builtin.copy: - src: '{{ hostvars.localhost.ssh_provision_key_path }}' - dest: /home/cloud-user/.ssh/id_rsa - owner: cloud-user - group: cloud-user - mode: '0600' - - - name: Ensure directory aap_postinstall exists - ansible.builtin.file: - path: /home/cloud-user/aap_postinstall - state: directory - owner: cloud-user - group: cloud-user - mode: '0755' - - - name: Copy configuration templates to aap_postinstall - ansible.builtin.template: - src: "{{ item }}" - dest: "/home/cloud-user/aap_postinstall/{{ item | basename | regex_replace('\\.j2', '') }}" - owner: cloud-user - group: cloud-user - mode: '0644' - with_fileglob: - - templates/aap_postinstall/* - when: cloud_provider == "openshift_cnv" - - # NOTE: Download role is only for "localhost" - - name: Download AAP2 - ansible.builtin.include_role: - name: "aap_download" - tags: - - step004 - - - name: Ensure aap_unpacked directory exist - ansible.builtin.file: - path: "/home/cloud-user/aap_unpacked" - state: directory - mode: '0755' - owner: cloud-user - group: cloud-user - - - name: Unpack previously downloaded aap2.tar.gz in playbook_dir - ansible.builtin.unarchive: - src: "{{ playbook_dir }}/aap.tar.gz" - dest: "/home/cloud-user/aap_unpacked/" - owner: cloud-user - group: cloud-user - extra_opts: - - --strip-components=1 - # remote_src: true - - - name: Create Random Controller Admin password - ansible.builtin.set_fact: - tower_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters,digits') }}" - - - name: Copy customized inventory template to aap_unpacked - ansible.builtin.template: - src: aap_inventory.{{ cloud_provider }}.j2 - dest: '/home/cloud-user/aap_unpacked/inventory' - owner: cloud-user - group: cloud-user - mode: '0644' - - - name: Downloading tower manifest # noqa ignore-errors - ansible.builtin.get_url: - url: "{{ controller_manifest | regex_search('url:\\s+(.*)', '\\1') | join }}" - dest: /home/cloud-user/aap_unpacked/manifest.zip - owner: cloud-user - group: cloud-user - mode: "0644" -# username: "{{ tower_manifest.username | default(omit) }}" -# password: "{{ tower_manifest.password | default(omit) }}" - ignore_errors: true - - - name: Execute the ansible.containerized_installer.install playbook - ansible.builtin.shell: | - ansible-playbook -i inventory ansible.containerized_installer.install - become: true - become_user: cloud-user - changed_when: true - args: - chdir: /home/cloud-user/aap_unpacked/ - register: r_aap_deploy - async: 10800 # Seconds for maximum runtime, set to 3 hours - poll: 0 # Seconds between polls, use 0 to continue with playbook - # retries: 3 - # until: r_aap_deploy is succeeded - - # Installation runs in the background. - # We use the inventory to deploy the initial controller content. - # So we can continue with the playbooks and send out the email. - # Depending on the AAP Installation, we may wait for the UI to be reachable - # or make an info on the order page - - # For Debugging ONLY (pupose == development) - - name: Copy postinstall_only.yml to collection - when: purpose == "development" - ansible.builtin.copy: - src: templates/postinstall_only.yml - dest: /home/cloud-user/aap_unpacked/collections/ansible_collections/ansible/containerized_installer/playbooks/postinstall_only.yml - owner: cloud-user - group: cloud-user - mode: '0644' - - - name: Copy postinstall variable template to aap_unpacked - when: purpose == "development" - ansible.builtin.template: - src: postinstvar.j2 - dest: /home/cloud-user/aap_unpacked/postinstvars - owner: cloud-user - group: cloud-user - mode: '0644' - - - name: Check sync status - when: purpose != "development" - ansible.builtin.async_status: - jid: "{{ r_aap_deploy.ansible_job_id }}" - register: async_poll_results - until: async_poll_results.finished - retries: 30 - - -- name: Software flight-check - hosts: localhost - connection: local - gather_facts: false - become: false - tags: - - post_flight_check - tasks: - - name: Software checks - ansible.builtin.debug: - msg: "Software checks completed successfully" diff --git a/ansible/configs/sap-hana-rhel9/templates/aap_postinstall/aap_autorun.yml b/ansible/configs/sap-hana-rhel9/templates/aap_postinstall/aap_autorun.yml deleted file mode 100644 index e92925e27f0..00000000000 --- a/ansible/configs/sap-hana-rhel9/templates/aap_postinstall/aap_autorun.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -# Downloads the SAP software inside the controller, so in case of a problem the demo user can fix it -controller_launch_jobs: - - name: "91 - Download SAP Software" -... \ No newline at end of file diff --git a/ansible/configs/sap-hana/default_vars_osp.yml b/ansible/configs/sap-hana/.cleanup/default_vars_osp.yml similarity index 100% rename from ansible/configs/sap-hana/default_vars_osp.yml rename to ansible/configs/sap-hana/.cleanup/default_vars_osp.yml diff --git a/ansible/configs/sap-hana/files/cloud_providers/osp_cloud_template_master.j2 b/ansible/configs/sap-hana/.cleanup/files/cloud_providers/osp_cloud_template_master.j2 similarity index 100% rename from ansible/configs/sap-hana/files/cloud_providers/osp_cloud_template_master.j2 rename to ansible/configs/sap-hana/.cleanup/files/cloud_providers/osp_cloud_template_master.j2 diff --git a/ansible/configs/sap-hana/files/hosts_template.j2 b/ansible/configs/sap-hana/.cleanup/files/hosts_template.j2 similarity index 100% rename from ansible/configs/sap-hana/files/hosts_template.j2 rename to ansible/configs/sap-hana/.cleanup/files/hosts_template.j2 diff --git a/ansible/configs/sap-hana/files/inventory.j2 b/ansible/configs/sap-hana/.cleanup/files/inventory.j2 similarity index 100% rename from ansible/configs/sap-hana/files/inventory.j2 rename to ansible/configs/sap-hana/.cleanup/files/inventory.j2 diff --git a/ansible/configs/sap-hana/print_info.yml b/ansible/configs/sap-hana/.cleanup/print_info.yml similarity index 100% rename from ansible/configs/sap-hana/print_info.yml rename to ansible/configs/sap-hana/.cleanup/print_info.yml diff --git a/ansible/configs/sap-hana/sample_vars_osp.yml b/ansible/configs/sap-hana/.cleanup/sample_vars_osp.yml similarity index 100% rename from ansible/configs/sap-hana/sample_vars_osp.yml rename to ansible/configs/sap-hana/.cleanup/sample_vars_osp.yml diff --git a/ansible/configs/sap-hana/default_vars.yml b/ansible/configs/sap-hana/default_vars.yml index 4662f743657..c56c1d5bc5c 100644 --- a/ansible/configs/sap-hana/default_vars.yml +++ b/ansible/configs/sap-hana/default_vars.yml @@ -1,32 +1,31 @@ output_dir: /tmp/output_dir ## Common repositories -rhel_repos: - - "rhel-8-for-x86_64-baseos-rpms" - - "rhel-8-for-x86_64-appstream-rpms" - - "rhel-8-for-x86_64-sap-netweaver-rpms" - - "rhel-8-for-x86_64-sap-solutions-rpms" - - "rhel-8-for-x86_64-baseos-e4s-rpms" - - "rhel-8-for-x86_64-appstream-e4s-rpms" - - "rhel-8-for-x86_64-sap-solutions-e4s-rpms" - - "rhel-8-for-x86_64-sap-netweaver-e4s-rpms" - - "ansible-2-for-rhel-8-x86_64-rpms" - - "ansible-2.9-for-rhel-8-x86_64-rpms" - -rhel_lock_release: '8.6' -rhel_lock_release_sap: '8.4' - +repo_method: satellite # Default method +set_repositories_rhel9_lock_release: '9.2' # Default Version Lock +# rhel_repos: will be only be added. The purge code in the role is not working (purge at the wrong place) +rhel_repos_zstream: + - "rhel-9-for-x86_64-baseos-rpms" + - "rhel-9-for-x86_64-appstream-rpms" +# - "rhel-9-for-x86_64-sap-netweaver-rpms" +# - "rhel-9-for-x86_64-sap-solutions-rpms" +rhel_repos_e4s: + - "rhel-9-for-x86_64-baseos-e4s-rpms" + - "rhel-9-for-x86_64-appstream-e4s-rpms" + - "rhel-9-for-x86_64-sap-solutions-e4s-rpms" + - "rhel-9-for-x86_64-sap-netweaver-e4s-rpms" +# - "ansible-2-for-rhel-8-x86_64-rpms" +# - "ansible-2.9-for-rhel-8-x86_64-rpms" + +rhel_lock_release_sap: 9.2 ## Networking subdomain_base_short: "{{ guid }}" subdomain_base_suffix: ".example.opentlc.com" subdomain_base: "{{ subdomain_base_short}}{{subdomain_base_suffix }}" - ### Common Host settings - install_ipa_client: false - install_student_user: false # Do you want to run a full yum update @@ -59,435 +58,42 @@ set_env_authorized_key: true # Is this running from Red Hat Ansible Tower tower_run: false -common_packages: - - unzip - - bash-completion - - tmux - - bind-utils - - wget - - git - - vim-enhanced +# commented packages are installed by standard +common_extra_packages: + # unzip + # bash-completion + # tmux + # bind-utils + # wget + # git + # vim-enhanced - at + - python3-pip cf_template_description: "{{ env_type }}-{{ guid }} Ansible Agnostic Deployer " ### Variables ofr the role to download AAP2 ### -app_image: "ansible-automation-platform-2.0-early-access-for-rhel-8-x86_64-files" -offline_token: "{{ sap-e2e-offline-token }}" - -### TODO: Change here -### Ansible Tower default variables ### -#ansible_tower_download_url: "https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-3.6.3-1.tar.gz" -ansible_tower_download_url: "https://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-{{ ansible_tower_version }}.tar.gz" +#app_image: "ansible-automation-platform-2.0-early-access-for-rhel-8-x86_64-files" +aap_download_client_id: rhsm_api +#aap_download_client_id: cloud-services +aap_pull_secret: "{{ ocp4_ai_pull_secret }}" +rhsm_api_token_enc: 'gAAAAABnEkUKnsRBAuOIBc-s73_cd6MW_kWQb54U7X0odwWto2m09Z46YI6QrWqiynCdJCpGiDt7hiO53uw9jKc5aJqEinXEHir0uX7TjQGc0Bc3mJH0CoNV54ZKjL5ruKQtWxHNvELq1VOUHJodQAmbAW-gPsOAsqiuu3fmUBHdkflEUTgrVVciJMQKYqM_Gyya4IEotb0UnSzQpSj6a58U5KRDOSvV7oU8ni7cxtHWIQQmXA2Ku8wIGsQIWv3qk4lBKqZZJk41weAqifRKYzlzsTiJwVj4Xzv3wVOnjDiCDIrmqKbFpGoSQmXq3XrsRzhsrARTl0_aGAcakm1Jx9iJrVNV9vnN-wfJT17IyxXRPXNvrvLl2fS9_LUp2MNjepcfD2DNkgeXyKIXUky11E2R_PkmBeCB5rTEC90PeURxINNtcLbT00hdMzOeKrAorwY0H7qyaFei8amiWWc3nPlWljAlS7U7h7XOg_boFCv820tMnFvzsA37oXXCOROa208svLM1Fn19PmnyXir57EossNmDbN0k8wYX-Ce2R79mQlUpztiLtF8EoaFTf0EZHNeDqrSdiyYGyQuG9w5b48mBacN_my9wMxsUtP8vDoNJAdLX8_WqTOs6zsIbAZuqsH87S9i4ksKdHUuNR1ZXcGGFZDHBND5xjAvVrb9DVsz2wH7qtRU_JAeaFJ0amzxtrEcF2C09pYrUEN8Vqg9oyjWs7TTZpj1lidonYJaD_ic-iwNbX0ZhAd2NQiCFlaK_yDYHRc0cPuhxHIxA-23sPr9V3GBuPbXsIvZkwLfOIq7uq5EPUFeyqfbE6WQcPPzhNyg4YpTSdhknV0LOjRi4ys2yJj6IafeBBpvhKN7AMLQSm6E1OHbSqgsUiRLtIAodnyPpJ-LCscHYrssWLn-FZChpxvQyrYPmh39Rzy__Nj616jnVZUY85lOjzJOzVuOihlnpyStfREIlavpggaWTTlyUKWpK0UM3UxnivdRZepc5B__Og_QFghM=' +### TODO: Change here for different AAP versions +# AA2 Downloadfile +# Get Checksum from https://access.redhat.com/downloads/content/480/ver=2.4/rhel---8/2.4/x86_64/product-software +# provided_sha_value: 'd8587a2835877d6f6323eba49fb9486ce6b83cb7782c47951215a6f9de463de6' # RHEL8 +# provided_sha_value: '0781cab21cd21992a22bb8ed6f9b1018dff0d092d5882e1e9aafbd48337f6662' # RHEL9 Containerized +# provided_sha_value: '730c4b831a8c1cddd0a7023db2dd1159d0aebd2dc81921fe3224999d771b5dfb' # RHEL 9 2.4 Setup Bundle +provided_sha_value: '84bc290cda822a883a95d5d51e6d441a9f3189edbe76f63476400b823d8c8106' # RHEl 9 2.5 Containerized Bundle +# provided_sha_value: 'f4cd1a1bca80ea5b76b649db2597e85ec44eb98e427a99384a16a959e52360c2' # RHEL 9 2.5 setup Bundle + +# EPEL #ansible_tower_epel_download_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm" -ansible_tower_epel_gpg_download_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8" +ansible_tower_epel_gpg_download_url: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}" +ansible_tower_epel_download_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm" ### Disable GPG check for epel ### #ansible_tower_epel_disable_gpg_check: "yes" -ansible_tower_epel_download_url: "https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm" ansible_tower_epel_disable_gpg_check: 'no' -ansible_tower_version: 3.8.6-2 - -ansible_tower_password: "{{ tower_password }}" - - -tower_cli_config: | - [general] - username = admin - password = {{ ansible_tower_password }} - verify_ssl = false - host = https://localhost - -### Ansible Tower default variables ### - -ansible_tower: - admin_username: "admin" - admin_password: "{{ ansible_tower_password }}" - url: "https://localhost" - validate_certs: false - install: - manifest_file: "/tmp/{{ tower_manifest.url | regex_search('(\\w+)(\\.\\w+)+(?!.*(\\w+)(\\.\\w+)+)') }}" - inventories: - - name: "sap-hosts" - #variables: '---\nsap_preconfigure_modify_etc_hosts: true\nsap_preconfigure_fail_if_reboot_required: \"no\"\nsap_domain: \"labs.local\"\nsap_hostagent_installation_type: \"rpm\"\nsap_hostagent_rpm_remote_path: \"/software/SAPHOSTAGENT\"\nsap_hostagent_rpm_file_name: \"saphostagentrpm_44-20009394.rpm\"' - variables: |- - --- - sap_domain: example.com - sap_hostagent_installation_type: rpm - sap_hostagent_rpm_remote_path: /software/SAPHOSTAGENT - sap_hostagent_rpm_file_name: saphostagentrpm_44-20009394.rpm - description: "SAP HANA and S/4HANA" - organization: "Default" - hosts: - - name: "{{ ansible_hana1_hostname }}" - description: "Primary SAP HANA Host" - #variables: '---\nstorage_pools:\n - name: sap\n disks:\n - {{ sap_extra_device }}\n volumes:\n - name: data\n size: \"128 GiB\"\n mount_point: \"/hana/data\"\n state: present\n - name: log\n size: \"64 GiB\"\n mount_point: \"/hana/log\"\n state: present\n - name: shared\n size: \"256 GiB\"\n mount_point: \"/hana/shared\"\n state: present\n - name: sap\n size: \"50 GiB\"\n mount_point: \"/usr/sap\"\n state: present\nsap_hana_deployment_bundle_path: /software/HANA_installation\nsap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR\nsap_hana_deployment_sapcar_path: /software/SAPCAR\nsap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE\nsap_hana_deployment_root_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sapadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_sid: RHE\nsap_hana_deployment_hana_instance_number: \"00\"\nsap_hana_deployment_hana_env_type: development\nsap_hana_deployment_hana_mem_restrict: \"n\"\nsap_hana_deployment_common_master_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sidadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_ase_user_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_apply_license: \"false\"\nsap_hana_hsr_hana_sid: \"RHE\"\nsap_hana_hsr_hana_instance_number: \"00\"\nsap_hana_hsr_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_hsr_hana_primary_hostname: \"{{ ansible_hana1_hostname }}\"\nsap_hana_hsr_role: \"primary\"\nsap_hana_hsr_alias: \"DC1\"' - variables: |- - --- - sap_preconfigure_modify_etc_hosts: false - storage_pools: - - name: sap - disks: - - {{ sap_extra_device }} - volumes: - - name: data - size: 128 GiB - mount_point: /hana/data - state: present - - name: log - size: 64 GiB - mount_point: /hana/log - state: present - - name: shared - size: 256 GiB - mount_point: /hana/shared - state: present - - name: sap - size: 50 GiB - mount_point: /usr/sap - state: present - sap_hana_deployment_bundle_path: /software/HANA_installation - sap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR - sap_hana_deployment_sapcar_path: /software/SAPCAR - sap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE - sap_hana_deployment_root_password: R3dh4t123! - sap_hana_deployment_sapadm_password: R3dh4t123! - sap_hana_deployment_hana_sid: RHE - sap_hana_deployment_hana_instance_number: "00" - sap_hana_deployment_hana_env_type: development - sap_hana_deployment_hana_mem_restrict: n - sap_hana_deployment_common_master_password: R3dh4t123! - sap_hana_deployment_sidadm_password: R3dh4t123! - sap_hana_deployment_hana_db_system_password: R3dh4t123! - sap_hana_deployment_ase_user_password: R3dh4t123! - sap_hana_deployment_apply_license: false - sap_hana_hsr_hana_sid: RHE - sap_hana_hsr_hana_instance_number: "00" - sap_hana_hsr_hana_db_system_password: "{{ master_sap_password }}" - sap_hana_hsr_hana_primary_hostname: "hana-{{ guid }}1" - sap_hana_hsr_role: primary - sap_hana_hsr_alias: DC1 - sap_hana_hsr_full_primary_hostname: "{{ ansible_hana1_fqdn_hostname }}" - sap_hana_hsr_full_secondary_hostname: "{{ ansible_hana2_fqdn_hostname }}" - sap_hana_ha_pacemaker_hacluster_password: "R3dh4t123!" - sap_hana_ha_pacemaker_node1_ip: "{{ ansible_hana1_ip }}" - sap_hana_ha_pacemaker_node2_ip: "{{ ansible_hana2_ip }}" - sap_hana_ha_pacemaker_node1_fqdn: "{{ ansible_hana1_fqdn_hostname }}" - sap_hana_ha_pacemaker_node2_fqdn: "{{ ansible_hana2_fqdn_hostname }}" - sap_hana_ha_pacemaker_hana_sid: RHE - sap_hana_ha_pacemaker_hana_instance_number: '00' - sap_hana_ha_pacemaker_vip: "192.168.47.100" - - name: "{{ ansible_hana2_hostname }}" - description: "Secondary SAP HANA Host" - #variables: '---\nstorage_pools:\n - name: sap\n disks:\n - {{ sap_extra_device }}\n volumes:\n - name: data\n size: \"128 GiB\"\n mount_point: \"/hana/data\"\n state: present\n - name: log\n size: \"64 GiB\"\n mount_point: \"/hana/log\"\n state: present\n - name: shared\n size: \"256 GiB\"\n mount_point: \"/hana/shared\"\n state: present\n - name: sap\n size: \"50 GiB\"\n mount_point: \"/usr/sap\"\n state: present\nsap_hana_deployment_bundle_path: /software/HANA_installation\nsap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR\nsap_hana_deployment_sapcar_path: /software/SAPCAR\nsap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE\nsap_hana_deployment_root_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sapadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_sid: RHE\nsap_hana_deployment_hana_instance_number: \"00\"\nsap_hana_deployment_hana_env_type: development\nsap_hana_deployment_hana_mem_restrict: \"n\"\nsap_hana_deployment_common_master_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sidadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_ase_user_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_apply_license: \"false\"\nsap_hana_hsr_hana_sid: \"RHE\"\nsap_hana_hsr_hana_instance_number: \"00\"\nsap_hana_hsr_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_hsr_hana_primary_hostname: \"{{ ansible_hana1_hostname }}\"\nsap_hana_hsr_role: \"secondary\"\nsap_hana_hsr_alias: \"DC2\"' - variables: |- - --- - sap_preconfigure_modify_etc_hosts: false - storage_pools: - - name: sap - disks: - - {{ sap_extra_device }} - volumes: - - name: data - size: 128 GiB - mount_point: /hana/data - state: present - - name: log - size: 64 GiB - mount_point: /hana/log - state: present - - name: shared - size: 256 GiB - mount_point: /hana/shared - state: present - - name: sap - size: 50 GiB - mount_point: /usr/sap - state: present - sap_hana_deployment_bundle_path: /software/HANA_installation - sap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR - sap_hana_deployment_sapcar_path: /software/SAPCAR - sap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE - sap_hana_deployment_root_password: R3dh4t123! - sap_hana_deployment_sapadm_password: R3dh4t123! - sap_hana_deployment_hana_sid: RHE - sap_hana_deployment_hana_instance_number: "00" - sap_hana_deployment_hana_env_type: development - sap_hana_deployment_hana_mem_restrict: n - sap_hana_deployment_common_master_password: R3dh4t123! - sap_hana_deployment_sidadm_password: R3dh4t123! - sap_hana_deployment_hana_db_system_password: R3dh4t123! - sap_hana_deployment_ase_user_password: R3dh4t123! - sap_hana_deployment_apply_license: false - sap_hana_hsr_hana_sid: RHE - sap_hana_hsr_hana_instance_number: "00" - sap_hana_hsr_hana_db_system_password: "{{ master_sap_password }}" - sap_hana_hsr_hana_primary_hostname: "hana-{{ guid }}1" - sap_hana_hsr_role: secondary - sap_hana_hsr_alias: DC2 - sap_hana_hsr_full_primary_hostname: "{{ ansible_hana1_fqdn_hostname }}" - sap_hana_hsr_full_secondary_hostname: "{{ ansible_hana2_fqdn_hostname }}" - sap_hana_ha_pacemaker_hacluster_password: "R3dh4t123!" - sap_hana_ha_pacemaker_node1_ip: "{{ ansible_hana1_ip }}" - sap_hana_ha_pacemaker_node2_ip: "{{ ansible_hana2_ip }}" - sap_hana_ha_pacemaker_node1_fqdn: "{{ ansible_hana1_fqdn_hostname }}" - sap_hana_ha_pacemaker_node2_fqdn: "{{ ansible_hana2_fqdn_hostname }}" - sap_hana_ha_pacemaker_hana_sid: RHE - sap_hana_ha_pacemaker_hana_instance_number: '00' - sap_hana_ha_pacemaker_vip: "192.168.47.100" - - name: "{{ ansible_s4hana_hostname }}" - description: "SAP S/4HANA Host" - #variables: '---\nstorage_pools:\n - name: sap\n disks:\n - {{ sap_extra_device }}\n volumes:\n - name: sap\n size: \"50 GiB\"\n mount_point: \"/usr/sap\"\n state: present\n - name: sapmnt\n size: \"20 GiB\"\n mount_point: \"/usr/sapmnt\"\n state: present\n - name: swap\n size: \"20 GiB\"\n state: present\n\nsap_s4hana_deployment_product_id: \"NW_ABAP_OneHost:S4HANA1909.CORE.HDB.ABAP\"\nsap_s4hana_deployment_sapcar_path: \"/software/SAPCAR\"\nsap_s4hana_deployment_sapcar_file_name: \"SAPCAR_1311-80000935.EXE\"\nsap_s4hana_deployment_swpm_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_swpm_sar_file_name: \"SWPM20SP04_6-80003424.SAR\"\nsap_s4hana_deployment_db_schema_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_db_schema_abap_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_master_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_hana_systemdb_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_sid: \"RHE\"\nsap_s4hana_deployment_db_host: \"{{ deployment_db_host }}\"\nsap_s4hana_deployment_db_sid: \"RHE\"\nsap_s4hana_deployment_hana_instance_nr: \"00\"\nsap_s4hana_deployment_hana_system_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_parallel_jobs_nr: \"30\"\nsap_s4hana_deployment_db_sidadm_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_igs_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_igs_file_name: \"igsexe_9-80003187.sar\"\nsap_s4hana_deployment_igs_helper_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_igs_helper_file_name: \"igshelper_17-10010245.sar\"\nsap_s4hana_deployment_kernel_dependent_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_kernel_dependent_file_name: \"SAPEXEDB_201-80003385.SAR\"\nsap_s4hana_deployment_kernel_independent_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_kernel_independent_file_name: \"SAPEXE_201-80003386.SAR\"\nsap_s4hana_deployment_software_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_sapadm_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_sap_sidadm_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_set_fqdn: \"false\"' - variables: |- - --- - sap_preconfigure_modify_etc_hosts: false - storage_pools: - - name: sap - disks: - - {{ sap_extra_device }} - volumes: - - name: sap - size: 50 GiB - mount_point: /usr/sap - state: present - - name: sapmnt - size: 20 GiB - mount_point: /usr/sapmnt - state: present - - name: swap - size: 20 GiB - state: present - sap_s4hana_deployment_product_id: NW_ABAP_OneHost:S4HANA1909.CORE.HDB.ABAP - sap_s4hana_deployment_sapcar_path: /software/SAPCAR - sap_s4hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE - sap_s4hana_deployment_swpm_path: /software/S4HANA_installation - sap_s4hana_deployment_swpm_sar_file_name: SWPM20SP04_6-80003424.SAR - sap_s4hana_deployment_db_schema_password: R3dh4t123! - sap_s4hana_deployment_db_schema_abap_password: R3dh4t123! - sap_s4hana_deployment_master_password: R3dh4t123! - sap_s4hana_deployment_hana_systemdb_password: R3dh4t123! - sap_s4hana_deployment_sid: RHE - sap_s4hana_deployment_db_host: "hana-{{ guid }}1" - sap_s4hana_deployment_db_sid: RHE - sap_s4hana_deployment_hana_instance_nr: "00" - sap_s4hana_deployment_hana_system_password: R3dh4t123! - sap_s4hana_deployment_parallel_jobs_nr: "30" - sap_s4hana_deployment_db_sidadm_password: R3dh4t123! - sap_s4hana_deployment_igs_path: /software/S4HANA_installation - sap_s4hana_deployment_igs_file_name: igsexe_9-80003187.sar - sap_s4hana_deployment_igs_helper_path: /software/S4HANA_installation - sap_s4hana_deployment_igs_helper_file_name: igshelper_17-10010245.sar - sap_s4hana_deployment_kernel_dependent_path: /software/S4HANA_installation - sap_s4hana_deployment_kernel_dependent_file_name: SAPEXEDB_201-80003385.SAR - sap_s4hana_deployment_kernel_independent_path: /software/S4HANA_installation - sap_s4hana_deployment_kernel_independent_file_name: SAPEXE_201-80003386.SAR - sap_s4hana_deployment_software_path: /software/S4HANA_installation - sap_s4hana_deployment_sapadm_password: R3dh4t123! - sap_s4hana_deployment_sap_sidadm_password: R3dh4t123! - sap_s4hana_deployment_set_fqdn: false - groups: - - name: "sap" - hosts: - - name: "{{ ansible_hana1_hostname }}" - - name: "{{ ansible_hana2_hostname }}" - - name: "{{ ansible_s4hana_hostname }}" - - name: "hanas" - ##variables: '---\nsap_hana_ha_pacemaker_vip: {{ 192.168.0.0/16\ | ansible.netcommon.ipaddr(next_usable) }}\nsap_hana_ha_pacemaker_hana_sid: \"RHE\"\nsap_hana_ha_pacemaker_hana_instance_number: \"00"\' - hosts: - - name: "{{ ansible_hana1_hostname }}" - - name: "{{ ansible_hana2_hostname }}" - - name: "s4hanas" - hosts: - - name: "{{ ansible_s4hana_hostname }}" - - projects: - - name: "sap-rhsm" - description: "SAP RHSM" - scm_type: "git" - scm_url: "https://github.com/ahsen-shah/sap-tower-projects.git" - scm_branch: "sap-rhsm" - organization: "Default" - - name: "storage" - description: "SAP Storage" - scm_type: "git" - scm_url: "https://github.com/ahsen-shah/sap-tower-projects.git" - scm_branch: "storage" - organization: "Default" - - name: "sap-preconfigure" - description: "SAP Preconfigure" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-preconfigure" - organization: "Default" - - name: "sap-hostagent" - description: "SAP HostAgent" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-hostagent" - organization: "Default" - - name: "sap-hana-preconfigure" - description: "SAP HANA Preconfigure" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-hana-preconfigure" - organization: "Default" - - name: "sap-hana-deployment" - description: "SAP HANA Deployment" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-hana-deployment" - organization: "Default" - - name: "sap-netweaver-preconfigure" - description: "SAP NetWeaver Preconfigure" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-netweaver-preconfigure" - organization: "Default" - - name: "sap-hana-hsr" - description: "SAP HANA System Replication" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-hana-hsr-raw" - organization: "Default" - - name: "sap-hana-ha-pacemaker" - description: "Pacemaker cluster for SAP HANA" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-hana-ha-pacemaker" - organization: "Default" - - name: "sap-s4hana-deployment" - description: "SAP S/4HANA Deployment" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-s4hana-deployment" - organization: "Default" - job_templates: - - name: "sap-repositories" - description: "Enable RHEL for SAP Solutions Repos" - inventory: "sap-hosts" - project: "sap-rhsm" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-storage" - description: "Configure required File Systems for HANA and S/4HANA" - inventory: "sap-hosts" - project: "storage" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-preconfigure" - description: "Apply specific OS requirements to deploy SAP Workloads" - inventory: "sap-hosts" - project: "sap-preconfigure" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-hostagent" - description: "Deploy SAP Host Agent" - inventory: "sap-hosts" - project: "sap-hostagent" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-hana-preconfigure" - description: "Apply specific OS requirements to deploy SAP HANA" - inventory: "sap-hosts" - inventory_limit_pattern: "hanas" - project: "sap-hana-preconfigure" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-hana-deployment" - description: "Deploy SAP HANA" - inventory: "sap-hosts" - inventory_limit_pattern: "hanas" - project: "sap-hana-deployment" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-netweaver-preconfigure" - description: "Apply specific OS requirements to deploy SAP S/4HANA" - inventory: "sap-hosts" - inventory_limit_pattern: "s4hanas" - project: "sap-netweaver-preconfigure" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-s4hana-deployment" - description: "Deploy SAP S/4HANA" - inventory: "sap-hosts" - inventory_limit_pattern: "s4hanas" - project: "sap-s4hana-deployment" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-hana-hsr" - description: "Enable HANA System Replication" - inventory: "sap-hosts" - inventory_limit_pattern: "hanas" - project: "sap-hana-hsr" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-hana-ha-pacemaker" - description: "Create Pacemaker cluster for SAP HANA" - inventory: "sap-hosts" - inventory_limit_pattern: "hanas" - project: "sap-hana-ha-pacemaker" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - credentials: - - name: "ssh-key" - description: "SAP Hosts SSH Key" - organization: "Default" - credential_type: "Machine" - inputs: - username: "{{ remote_user }}" - ssh_key_data: "{{lookup('file', '{{ output_dir}}/{{ guid }}_infra_ssh_key.pem') }}" - -workflow_schema_non_ha: | - - job_template: 'sap-repositories' - success_nodes: - - job_template: 'sap-storage' - success_nodes: - - job_template: 'sap-hostagent' - success_nodes: - - job_template: 'sap-preconfigure' - success_nodes: - - job_template: 'sap-hana-preconfigure' - success_nodes: - - job_template: 'sap-hana-deployment' - success_nodes: - - job_template: 'sap-s4hana-deployment' - - job_template: 'sap-netweaver-preconfigure' -workflow_schema_ha: | - - job_template: 'sap-repositories' - success_nodes: - - job_template: 'sap-storage' - success_nodes: - - job_template: 'sap-hostagent' - success_nodes: - - job_template: 'sap-preconfigure' - success_nodes: - - job_template: 'sap-hana-preconfigure' - success_nodes: - - job_template: 'sap-hana-deployment' - success_nodes: - - job_template: 'sap-hana-hsr' - success_nodes: - - job_template: 'sap-hana-ha-pacemaker' - success_nodes: - - job_template: 'sap-s4hana-deployment' - - job_template: 'sap-netweaver-preconfigure' +# Do not install OpenShift +install_ocp4: false \ No newline at end of file diff --git a/ansible/configs/sap-hana/default_vars_openshift_cnv.yaml b/ansible/configs/sap-hana/default_vars_openshift_cnv.yaml index 9f96dd6cc3a..fd3c287c332 100644 --- a/ansible/configs/sap-hana/default_vars_openshift_cnv.yaml +++ b/ansible/configs/sap-hana/default_vars_openshift_cnv.yaml @@ -1,21 +1,21 @@ ## Environment Sizing and OS -bastion_instance_image: rhel-8.4 +bastion_instance_image: rhel-9.3 bastion_instance_type: "sap-2-16" bastion_instance_count: 1 -hana_instance_image: rhel-8.4 +hana_instance_image: rhel-9.2 hana_instance_type: "sap-4-64" hana_instance_count: 2 pv_size_hana: 500 -s4hana_instance_image: rhel-8.4 +s4hana_instance_image: rhel-9.2 s4hana_instance_type: "sap-4-32" s4hana_instance_count: 1 pv_size_s4hana: 200 ## Variables required when deploying Ansible Tower alongside the HANA and bastion instances -tower_instance_image: rhel-8.6 +tower_instance_image: rhel-9.3 tower_instance_type: "sap-4-32" tower_instance_count: "{{ tower_instance_count }}" @@ -80,8 +80,8 @@ instances: - name: "hana-{{ guid }}1" - cores: 16 - memory: "64G" + cores: 4 + memory: "40G" public_dns: false dns_loadbalancer: false floating_ip: false @@ -120,8 +120,8 @@ instances: storage: "{{ pv_size_hana }}Gi" - name: "hana-{{ guid }}2" - cores: 16 - memory: "64G" + cores: 4 + memory: "40G" public_dns: false dns_loadbalancer: false floating_ip: false @@ -163,8 +163,8 @@ instances: - name: "s4hana-{{ guid }}" count: "{{ s4hana_instance_count }}" - cores: 6 - memory: "64G" + cores: 2 + memory: "16G" public_dns: true dns_loadbalancer: false floating_ip: true @@ -277,364 +277,4 @@ ansible_s4hana_hostname: "s4hana-{{ guid }}" bastion_hostname: "bastion-{{ guid }}" deployment_db_host: "hana-{{ guid }}1" -__run_aap_deployment: true - -ansible_tower: - admin_username: "admin" - admin_password: "{{ ansible_tower_password }}" - url: "https://localhost" - validate_certs: false - install: - manifest_file: "/tmp/{{ tower_manifest.url | regex_search('(\\w+)(\\.\\w+)+(?!.*(\\w+)(\\.\\w+)+)') }}" - inventories: - - name: "sap-hosts" - #variables: '---\nsap_preconfigure_modify_etc_hosts: true\nsap_preconfigure_fail_if_reboot_required: \"no\"\nsap_domain: \"labs.local\"\nsap_hostagent_installation_type: \"rpm\"\nsap_hostagent_rpm_remote_path: \"/software/SAPHOSTAGENT\"\nsap_hostagent_rpm_file_name: \"saphostagentrpm_44-20009394.rpm\"' - variables: |- - --- - sap_domain: example.com - sap_hostagent_installation_type: rpm - sap_hostagent_rpm_remote_path: /software/SAPHOSTAGENT - sap_hostagent_rpm_file_name: saphostagentrpm_44-20009394.rpm - description: "SAP HANA and S/4HANA" - organization: "Default" - hosts: - - name: "{{ ansible_hana1_hostname }}" - description: "Primary SAP HANA Host" - #variables: '---\nstorage_pools:\n - name: sap\n disks:\n - {{ sap_extra_device }}\n volumes:\n - name: data\n size: \"128 GiB\"\n mount_point: \"/hana/data\"\n state: present\n - name: log\n size: \"64 GiB\"\n mount_point: \"/hana/log\"\n state: present\n - name: shared\n size: \"256 GiB\"\n mount_point: \"/hana/shared\"\n state: present\n - name: sap\n size: \"50 GiB\"\n mount_point: \"/usr/sap\"\n state: present\nsap_hana_deployment_bundle_path: /software/HANA_installation\nsap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR\nsap_hana_deployment_sapcar_path: /software/SAPCAR\nsap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE\nsap_hana_deployment_root_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sapadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_sid: RHE\nsap_hana_deployment_hana_instance_number: \"00\"\nsap_hana_deployment_hana_env_type: development\nsap_hana_deployment_hana_mem_restrict: \"n\"\nsap_hana_deployment_common_master_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sidadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_ase_user_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_apply_license: \"false\"\nsap_hana_hsr_hana_sid: \"RHE\"\nsap_hana_hsr_hana_instance_number: \"00\"\nsap_hana_hsr_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_hsr_hana_primary_hostname: \"{{ ansible_hana1_hostname }}\"\nsap_hana_hsr_role: \"primary\"\nsap_hana_hsr_alias: \"DC1\"' - variables: |- - --- - sap_ip: '192.168.47.28' - sap_preconfigure_modify_etc_hosts: true - storage_pools: - - name: sap - disks: - - {{ sap_extra_device }} - volumes: - - name: data - size: 128 GiB - mount_point: /hana/data - state: present - - name: log - size: 64 GiB - mount_point: /hana/log - state: present - - name: shared - size: 256 GiB - mount_point: /hana/shared - state: present - - name: sap - size: 50 GiB - mount_point: /usr/sap - state: present - sap_hana_deployment_bundle_path: /software/HANA_installation - sap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR - sap_hana_deployment_sapcar_path: /software/SAPCAR - sap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE - sap_hana_deployment_root_password: R3dh4t123! - sap_hana_deployment_sapadm_password: R3dh4t123! - sap_hana_deployment_hana_sid: RHE - sap_hana_deployment_hana_instance_number: "00" - sap_hana_deployment_hana_env_type: development - sap_hana_deployment_hana_mem_restrict: n - sap_hana_deployment_common_master_password: R3dh4t123! - sap_hana_deployment_sidadm_password: R3dh4t123! - sap_hana_deployment_hana_db_system_password: R3dh4t123! - sap_hana_deployment_ase_user_password: R3dh4t123! - sap_hana_deployment_apply_license: false - sap_hana_hsr_hana_sid: RHE - sap_hana_hsr_hana_instance_number: "00" - sap_hana_hsr_hana_db_system_password: "{{ master_sap_password }}" - sap_hana_hsr_hana_primary_hostname: "hana-{{ guid }}1" - sap_hana_hsr_role: primary - sap_hana_hsr_alias: DC1 - sap_hana_hsr_full_primary_hostname: "{{ ansible_hana1_fqdn_hostname }}" - sap_hana_hsr_full_secondary_hostname: "{{ ansible_hana2_fqdn_hostname }}" - sap_hana_ha_pacemaker_hacluster_password: "R3dh4t123!" - sap_hana_ha_pacemaker_node1_ip: "{{ ansible_hana1_ip }}" - sap_hana_ha_pacemaker_node2_ip: "{{ ansible_hana2_ip }}" - sap_hana_ha_pacemaker_node1_fqdn: "{{ ansible_hana1_fqdn_hostname }}" - sap_hana_ha_pacemaker_node2_fqdn: "{{ ansible_hana2_fqdn_hostname }}" - sap_hana_ha_pacemaker_hana_sid: RHE - sap_hana_ha_pacemaker_hana_instance_number: '00' - sap_hana_ha_pacemaker_vip: "192.168.47.100" - - name: "{{ ansible_hana2_hostname }}" - description: "Secondary SAP HANA Host" - #variables: '---\nstorage_pools:\n - name: sap\n disks:\n - {{ sap_extra_device }}\n volumes:\n - name: data\n size: \"128 GiB\"\n mount_point: \"/hana/data\"\n state: present\n - name: log\n size: \"64 GiB\"\n mount_point: \"/hana/log\"\n state: present\n - name: shared\n size: \"256 GiB\"\n mount_point: \"/hana/shared\"\n state: present\n - name: sap\n size: \"50 GiB\"\n mount_point: \"/usr/sap\"\n state: present\nsap_hana_deployment_bundle_path: /software/HANA_installation\nsap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR\nsap_hana_deployment_sapcar_path: /software/SAPCAR\nsap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE\nsap_hana_deployment_root_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sapadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_sid: RHE\nsap_hana_deployment_hana_instance_number: \"00\"\nsap_hana_deployment_hana_env_type: development\nsap_hana_deployment_hana_mem_restrict: \"n\"\nsap_hana_deployment_common_master_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_sidadm_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_ase_user_password: \"{{ master_sap_password }}\"\nsap_hana_deployment_apply_license: \"false\"\nsap_hana_hsr_hana_sid: \"RHE\"\nsap_hana_hsr_hana_instance_number: \"00\"\nsap_hana_hsr_hana_db_system_password: \"{{ master_sap_password }}\"\nsap_hana_hsr_hana_primary_hostname: \"{{ ansible_hana1_hostname }}\"\nsap_hana_hsr_role: \"secondary\"\nsap_hana_hsr_alias: \"DC2\"' - variables: |- - --- - sap_preconfigure_modify_etc_hosts: true - sap_ip: '192.168.47.135' - storage_pools: - - name: sap - disks: - - {{ sap_extra_device }} - volumes: - - name: data - size: 128 GiB - mount_point: /hana/data - state: present - - name: log - size: 64 GiB - mount_point: /hana/log - state: present - - name: shared - size: 256 GiB - mount_point: /hana/shared - state: present - - name: sap - size: 50 GiB - mount_point: /usr/sap - state: present - sap_hana_deployment_bundle_path: /software/HANA_installation - sap_hana_deployment_bundle_sar_file_name: IMDB_SERVER20_046_0-80002031.SAR - sap_hana_deployment_sapcar_path: /software/SAPCAR - sap_hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE - sap_hana_deployment_root_password: R3dh4t123! - sap_hana_deployment_sapadm_password: R3dh4t123! - sap_hana_deployment_hana_sid: RHE - sap_hana_deployment_hana_instance_number: "00" - sap_hana_deployment_hana_env_type: development - sap_hana_deployment_hana_mem_restrict: n - sap_hana_deployment_common_master_password: R3dh4t123! - sap_hana_deployment_sidadm_password: R3dh4t123! - sap_hana_deployment_hana_db_system_password: R3dh4t123! - sap_hana_deployment_ase_user_password: R3dh4t123! - sap_hana_deployment_apply_license: false - sap_hana_hsr_hana_sid: RHE - sap_hana_hsr_hana_instance_number: "00" - sap_hana_hsr_hana_db_system_password: "{{ master_sap_password }}" - sap_hana_hsr_hana_primary_hostname: "hana-{{ guid }}1" - sap_hana_hsr_role: secondary - sap_hana_hsr_alias: DC2 - sap_hana_hsr_full_primary_hostname: "{{ ansible_hana1_fqdn_hostname }}" - sap_hana_hsr_full_secondary_hostname: "{{ ansible_hana2_fqdn_hostname }}" - sap_hana_ha_pacemaker_hacluster_password: "R3dh4t123!" - sap_hana_ha_pacemaker_node1_ip: "{{ ansible_hana1_ip }}" - sap_hana_ha_pacemaker_node2_ip: "{{ ansible_hana2_ip }}" - sap_hana_ha_pacemaker_node1_fqdn: "{{ ansible_hana1_fqdn_hostname }}" - sap_hana_ha_pacemaker_node2_fqdn: "{{ ansible_hana2_fqdn_hostname }}" - sap_hana_ha_pacemaker_hana_sid: RHE - sap_hana_ha_pacemaker_hana_instance_number: '00' - sap_hana_ha_pacemaker_vip: "192.168.47.100" - - name: "{{ ansible_s4hana_hostname }}" - description: "SAP S/4HANA Host" - #variables: '---\nstorage_pools:\n - name: sap\n disks:\n - {{ sap_extra_device }}\n volumes:\n - name: sap\n size: \"50 GiB\"\n mount_point: \"/usr/sap\"\n state: present\n - name: sapmnt\n size: \"20 GiB\"\n mount_point: \"/usr/sapmnt\"\n state: present\n - name: swap\n size: \"20 GiB\"\n state: present\n\nsap_s4hana_deployment_product_id: \"NW_ABAP_OneHost:S4HANA1909.CORE.HDB.ABAP\"\nsap_s4hana_deployment_sapcar_path: \"/software/SAPCAR\"\nsap_s4hana_deployment_sapcar_file_name: \"SAPCAR_1311-80000935.EXE\"\nsap_s4hana_deployment_swpm_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_swpm_sar_file_name: \"SWPM20SP04_6-80003424.SAR\"\nsap_s4hana_deployment_db_schema_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_db_schema_abap_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_master_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_hana_systemdb_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_sid: \"RHE\"\nsap_s4hana_deployment_db_host: \"{{ deployment_db_host }}\"\nsap_s4hana_deployment_db_sid: \"RHE\"\nsap_s4hana_deployment_hana_instance_nr: \"00\"\nsap_s4hana_deployment_hana_system_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_parallel_jobs_nr: \"30\"\nsap_s4hana_deployment_db_sidadm_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_igs_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_igs_file_name: \"igsexe_9-80003187.sar\"\nsap_s4hana_deployment_igs_helper_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_igs_helper_file_name: \"igshelper_17-10010245.sar\"\nsap_s4hana_deployment_kernel_dependent_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_kernel_dependent_file_name: \"SAPEXEDB_201-80003385.SAR\"\nsap_s4hana_deployment_kernel_independent_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_kernel_independent_file_name: \"SAPEXE_201-80003386.SAR\"\nsap_s4hana_deployment_software_path: \"/software/S4HANA_installation\"\nsap_s4hana_deployment_sapadm_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_sap_sidadm_password: \"{{ master_sap_password }}\"\nsap_s4hana_deployment_set_fqdn: \"false\"' - variables: |- - --- - sap_ip: '192.168.47.150' - sap_preconfigure_modify_etc_hosts: true - storage_pools: - - name: sap - disks: - - {{ sap_extra_device }} - volumes: - - name: sap - size: 50 GiB - mount_point: /usr/sap - state: present - - name: sapmnt - size: 20 GiB - mount_point: /usr/sapmnt - state: present - - name: swap - size: 20 GiB - state: present - sap_s4hana_deployment_product_id: NW_ABAP_OneHost:S4HANA1909.CORE.HDB.ABAP - sap_s4hana_deployment_sapcar_path: /software/SAPCAR - sap_s4hana_deployment_sapcar_file_name: SAPCAR_1311-80000935.EXE - sap_s4hana_deployment_swpm_path: /software/S4HANA_installation - sap_s4hana_deployment_swpm_sar_file_name: SWPM20SP04_6-80003424.SAR - sap_s4hana_deployment_db_schema_password: R3dh4t123! - sap_s4hana_deployment_db_schema_abap_password: R3dh4t123! - sap_s4hana_deployment_master_password: R3dh4t123! - sap_s4hana_deployment_hana_systemdb_password: R3dh4t123! - sap_s4hana_deployment_sid: RHE - sap_s4hana_deployment_db_host: "hana-{{ guid }}1.example.com" - sap_s4hana_deployment_db_sid: RHE - sap_s4hana_deployment_hana_instance_nr: "00" - sap_s4hana_deployment_hana_system_password: R3dh4t123! - sap_s4hana_deployment_parallel_jobs_nr: "30" - sap_s4hana_deployment_db_sidadm_password: R3dh4t123! - sap_s4hana_deployment_igs_path: /software/S4HANA_installation - sap_s4hana_deployment_igs_file_name: igsexe_9-80003187.sar - sap_s4hana_deployment_igs_helper_path: /software/S4HANA_installation - sap_s4hana_deployment_igs_helper_file_name: igshelper_17-10010245.sar - sap_s4hana_deployment_kernel_dependent_path: /software/S4HANA_installation - sap_s4hana_deployment_kernel_dependent_file_name: SAPEXEDB_201-80003385.SAR - sap_s4hana_deployment_kernel_independent_path: /software/S4HANA_installation - sap_s4hana_deployment_kernel_independent_file_name: SAPEXE_201-80003386.SAR - sap_s4hana_deployment_software_path: /software/S4HANA_installation - sap_s4hana_deployment_sapadm_password: R3dh4t123! - sap_s4hana_deployment_sap_sidadm_password: R3dh4t123! - sap_s4hana_deployment_set_fqdn: false - groups: - - name: "sap" - hosts: - - name: "{{ ansible_hana1_hostname }}" - - name: "{{ ansible_hana2_hostname }}" - - name: "{{ ansible_s4hana_hostname }}" - - name: "hanas" - ##variables: '---\nsap_hana_ha_pacemaker_vip: {{ 192.168.0.0/16\ | ansible.netcommon.ipaddr(next_usable) }}\nsap_hana_ha_pacemaker_hana_sid: \"RHE\"\nsap_hana_ha_pacemaker_hana_instance_number: \"00"\' - hosts: - - name: "{{ ansible_hana1_hostname }}" - - name: "{{ ansible_hana2_hostname }}" - - name: "s4hanas" - hosts: - - name: "{{ ansible_s4hana_hostname }}" - - projects: - - name: "sap-rhsm" - description: "SAP RHSM" - scm_type: "git" - scm_url: "https://github.com/ahsen-shah/sap-tower-projects.git" - scm_branch: "sap-rhsm" - organization: "Default" - - name: "storage" - description: "SAP Storage" - scm_type: "git" - scm_url: "https://github.com/ahsen-shah/sap-tower-projects.git" - scm_branch: "storage" - organization: "Default" - - name: "sap-preconfigure" - description: "SAP Preconfigure" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-preconfigure" - organization: "Default" - - name: "sap-hostagent" - description: "SAP HostAgent" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-hostagent" - organization: "Default" - - name: "sap-hana-preconfigure" - description: "SAP HANA Preconfigure" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-hana-preconfigure" - organization: "Default" - - name: "sap-hana-deployment" - description: "SAP HANA Deployment" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-hana-deployment" - organization: "Default" - - name: "sap-netweaver-preconfigure" - description: "SAP NetWeaver Preconfigure" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-netweaver-preconfigure" - organization: "Default" - - name: "sap-hana-hsr" - description: "SAP HANA System Replication" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-hana-hsr-raw" - organization: "Default" - - name: "sap-hana-ha-pacemaker" - description: "Pacemaker cluster for SAP HANA" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-hana-ha-pacemaker" - organization: "Default" - - name: "sap-s4hana-deployment" - description: "SAP S/4HANA Deployment" - scm_type: "git" - scm_url: "https://github.com/redhat-sap/sap-tower-projects.git" - scm_branch: "sap-s4hana-deployment" - organization: "Default" - job_templates: - - name: "sap-repositories" - description: "Enable RHEL for SAP Solutions Repos" - inventory: "sap-hosts" - project: "sap-rhsm" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-storage" - description: "Configure required File Systems for HANA and S/4HANA" - inventory: "sap-hosts" - project: "storage" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-preconfigure" - description: "Apply specific OS requirements to deploy SAP Workloads" - inventory: "sap-hosts" - project: "sap-preconfigure" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-hostagent" - description: "Deploy SAP Host Agent" - inventory: "sap-hosts" - project: "sap-hostagent" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-hana-preconfigure" - description: "Apply specific OS requirements to deploy SAP HANA" - inventory: "sap-hosts" - inventory_limit_pattern: "hanas" - project: "sap-hana-preconfigure" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-hana-deployment" - description: "Deploy SAP HANA" - inventory: "sap-hosts" - inventory_limit_pattern: "hanas" - project: "sap-hana-deployment" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-netweaver-preconfigure" - description: "Apply specific OS requirements to deploy SAP S/4HANA" - inventory: "sap-hosts" - inventory_limit_pattern: "s4hanas" - project: "sap-netweaver-preconfigure" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-s4hana-deployment" - description: "Deploy SAP S/4HANA" - inventory: "sap-hosts" - inventory_limit_pattern: "s4hanas" - project: "sap-s4hana-deployment" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-hana-hsr" - description: "Enable HANA System Replication" - inventory: "sap-hosts" - inventory_limit_pattern: "hanas" - project: "sap-hana-hsr" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - - name: "sap-hana-ha-pacemaker" - description: "Create Pacemaker cluster for SAP HANA" - inventory: "sap-hosts" - inventory_limit_pattern: "hanas" - project: "sap-hana-ha-pacemaker" - playbook: "play.yml" - enable_privilege_escalation: true - credentials: - - "ssh-key" - credentials: - - name: "ssh-key" - description: "SAP Hosts SSH Key" - organization: "Default" - credential_type: "Machine" - inputs: - username: "{{ remote_user }}" - ssh_key_data: "{{lookup('file', '{{ hostvars.localhost.ssh_provision_key_path }}') }}" +#__run_aap_deployment: true diff --git a/ansible/configs/sap-hana/default_vars_ec2.yml b/ansible/configs/sap-hana/ec2-lateruse/default_vars_ec2.yml similarity index 100% rename from ansible/configs/sap-hana/default_vars_ec2.yml rename to ansible/configs/sap-hana/ec2-lateruse/default_vars_ec2.yml diff --git a/ansible/configs/sap-hana-rhel9/ec2-lateruse/find_snapshot.yml b/ansible/configs/sap-hana/ec2-lateruse/find_snapshot.yml similarity index 100% rename from ansible/configs/sap-hana-rhel9/ec2-lateruse/find_snapshot.yml rename to ansible/configs/sap-hana/ec2-lateruse/find_snapshot.yml diff --git a/ansible/configs/sap-hana/sample_vars_ec2.yml b/ansible/configs/sap-hana/ec2-lateruse/sample_vars_ec2.yml similarity index 100% rename from ansible/configs/sap-hana/sample_vars_ec2.yml rename to ansible/configs/sap-hana/ec2-lateruse/sample_vars_ec2.yml diff --git a/ansible/configs/sap-hana/filter_plugins/crypto_filters.py b/ansible/configs/sap-hana/filter_plugins/crypto_filters.py new file mode 100644 index 00000000000..d6a77083dc0 --- /dev/null +++ b/ansible/configs/sap-hana/filter_plugins/crypto_filters.py @@ -0,0 +1,36 @@ +import base64 +import os +from cryptography.fernet import Fernet +from cryptography.hazmat.primitives import hashes +from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC + +def encrypt(value, password): + + kdf = PBKDF2HMAC( + algorithm=hashes.SHA256(), + length=32, + salt = b'\x8f\xc6\x9f\x89\x974\xaf+\xfd\x0f\x98\x0e\xecF\xc8\xb1', + iterations=390000, + ) + key = base64.urlsafe_b64encode(kdf.derive(password.encode())) + f = Fernet(key) + return f.encrypt(value.encode()).decode() + +def decrypt(value, password): + kdf = PBKDF2HMAC( + algorithm=hashes.SHA256(), + length=32, + salt = b'\x8f\xc6\x9f\x89\x974\xaf+\xfd\x0f\x98\x0e\xecF\xc8\xb1', + iterations=390000, + ) + key = base64.urlsafe_b64encode(kdf.derive(password.encode())) + f = Fernet(key) + return f.decrypt(value.encode()).decode() + +class FilterModule(object): + def filters(self): + return { + 'encrypt': encrypt, + 'decrypt': decrypt + } + diff --git a/ansible/configs/sap-hana/post_infra.yml b/ansible/configs/sap-hana/post_infra.yml index 65f049992ce..2d800487566 100644 --- a/ansible/configs/sap-hana/post_infra.yml +++ b/ansible/configs/sap-hana/post_infra.yml @@ -1,4 +1,7 @@ -- name: Step 002 Post Infrastructure +- name: Step 002 - Post Infrastructure + # + # Creates/Updates inventory for deployment in deploy Satellite + # hosts: localhost connection: local become: false @@ -8,18 +11,18 @@ - post_infrastructure tasks: - name: Job Template to launch a Job Template with update on launch inventory set - uri: + ansible.builtin.uri: url: "https://{{ ansible_tower_ip }}/api/v1/job_templates/{{ job_template_id }}/launch/" method: POST - user: "{{tower_admin}}" - password: "{{tower_admin_password}}" + user: "{{ tower_admin }}" + password: "{{ tower_admin_password }}" body: extra_vars: - guid: "{{guid}}" - ipa_host_password: "{{ipa_host_password}}" + guid: "{{ guid }}" + ipa_host_password: "{{ ipa_host_password }}" body_format: json - validate_certs: False + validate_certs: false HEADER_Content-Type: "application/json" status_code: 200, 201 when: tower_run == 'true' diff --git a/ansible/configs/sap-hana/post_software.yml b/ansible/configs/sap-hana/post_software.yml index a474620b469..efa005c8829 100644 --- a/ansible/configs/sap-hana/post_software.yml +++ b/ansible/configs/sap-hana/post_software.yml @@ -1,146 +1,3 @@ -- name: Step 00xxxxx post software - hosts: support - gather_facts: False - become: yes - tasks: - - debug: - msg: "Post-Software tasks Started" - -#- name: Make Ansible Tower License file available -# hosts: localhost -# gather_facts: False -# become: false -# tasks: - -# - name: Dump Ansible Tower License to a file -# copy: -# content: "{{ tower_license }}" -# dest: /tmp/license.json -# when: tower_instance_count > 0 - -- name: Make Ansible Tower License file available - hosts: localhost - gather_facts: False - become: false - tasks: - - - debug: - msg: "Post-Software tasks Started" - - - name: downloading tower manifest from OpenTLC - get_url: - url: "{{ tower_manifest.url }}" - dest: "{{ ansible_tower.install.manifest_file }}" - username: "{{ tower_manifest.username | default(omit) }}" - password: "{{ tower_manifest.password | default(omit) }}" - - -- name: Configure Ansible Tower - hosts: towers - gather_facts: False - become: yes - tasks: - - - block: - - - name: Ensure dependencies for tower-cli are installed - dnf: - name: python3-pip - state: latest - - - name: Ensure tower-cli is installed - pip: - name: ansible-tower-cli - state: latest - executable: pip3 - - - name: Dump tower-cli config - copy: - content: "{{ tower_cli_config }}" - dest: /etc/tower/tower_cli.cfg - - - name: Dump Ansible Tower Workflow Schema HA to a file - copy: - content: "{{ workflow_schema_ha }}" - dest: /tmp/schema_ha.yml - - - name: Dump Ansible Tower Workflow Schema non-HA to a file - copy: - content: "{{ workflow_schema_non_ha }}" - dest: /tmp/schema_non_ha.yml - - - name: Create symlink to support internal infra-ansible role includes - file: - src: infra-ansible/roles/ansible - dest: "{{ __agnosticd_roles_install_path }}/ansible" - state: link - delegate_to: localhost - become: false - run_once: true - vars: - __agnosticd_roles_install_path: >- - {%- if requirements_content is defined and requirements_content | length > 0 -%} - {{ playbook_dir }}/dynamic-roles - {%- else -%} - {{ ANSIBLE_REPO_PATH | default(playbook_dir) }}/roles - {%- endif -%} - - - name: Ensure Tower License is configured - include_role: - name: infra-ansible/roles/ansible/tower/config-ansible-tower-subscription-manifest - - - name: Ensure required Credentials are added to Tower - include_role: - name: infra-ansible/roles/ansible/tower/manage-credentials - - - name: Ensure required inventories are added to Tower - include_role: - name: infra-ansible/roles/ansible/tower/manage-inventories - - - name: Ensure required Projects are added to Tower - include_role: - name: infra-ansible/roles/ansible/tower/manage-projects - - - name: Ensure required Job Templates are added to Tower - include_role: - name: infra-ansible/roles/ansible/tower/manage-job-templates - - - name: Ensure required WorkFlow Templates are added to Tower - shell: "{{ item }}" - loop: - - /usr/local/bin/tower-cli workflow create --name="SAP HANA and S/4HANA E2E deployment" - - /usr/local/bin/tower-cli workflow create --name="SAP HANA and S/4HANA E2E deployment - HA Mode" - - - name: Populate new WorkFlows with specified schemas - shell: "{{ item }}" - loop: - - /usr/local/bin/tower-cli workflow schema "SAP HANA and S/4HANA E2E deployment" @/tmp/schema_non_ha.yml - - /usr/local/bin/tower-cli workflow schema "SAP HANA and S/4HANA E2E deployment - HA Mode" @/tmp/schema_ha.yml - - - name: Copy letsencrypt cert - copy: - src: "/etc/letsencrypt/live/tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}/fullchain.pem" - dest: "/etc/tower/tower.cert" - remote_src: true - when: cloud_provider == "openshift_cnv" - - - name: Copy letsencrypt key - copy: - src: "/etc/letsencrypt/live/tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}/privkey.pem" - dest: "/etc/tower/tower.key" - remote_src: true - when: cloud_provider == "openshift_cnv" - - - name: restart-tower - command: ansible-tower-service restart - become: true - when: cloud_provider == "openshift_cnv" - -# when: -# - tower_instance_count > 0 -# - __run_aap_deployment - - - name: Print out information for the user to consume the lab hosts: localhost gather_facts: False @@ -151,10 +8,16 @@ - install_student_user | bool - cloud_provider != "openshift_cnv" block: - - name: Store bastion hostname as a fact - set_fact: - bastion_hostname: "{{groups['bastions'].0 }}" - - name: Report user info + - name: Store bastion and tower hostname as a fact + ansible.builtin.set_fact: + bastion_hostname: "{{ groups['bastions'].0 }}" + tower_hostname: "{{ groups['towers'].0 }}" + + - name: Get tower admin password + ansible.builtin.set_fact: + tower_password: "{{ hostvars[tower_hostname]['tower_password'] | d('not_set') }}" + + - name: Report user info # noqa syntax-check[unknown-module] agnosticd_user_info: msg: "{{ item }}" loop: @@ -164,12 +27,19 @@ - "Make sure you use the username '{{ student_name }}' and the password '{{ hostvars[bastion_hostname]['student_password'] }}' when prompted." - "" - "You can access your Tower:" - - "https://{{ tower_public_dns_chomped }}" + - "https://{{ tower_public_dns_chomped | d('not_deployed') }}" - "Make sure you are using the following credentials:" - "" - "Username: admin" - - "Password: {{ tower_password }}" - + - "Password: {{ tower_password | d('not_deployed') }}" + - "" + - "Note: The controller installation runs in the background and may take additional 30Min" + - "To follow the installation log in to {{ tower_hostname }} and tail the installation log:" + - "" + - "ssh {{ student_name }}@{{ openshift_cnv_ssh_address }} -p {{ hostvars[groups['bastions'][0]].bastion_ssh_port }}" + - "sudo ssh {{ tower_hostname }}" + - "tail -f aap_unpacked/aap_install.log" + - name: Print Student Information when: - install_student_user | bool @@ -178,6 +48,11 @@ - name: Store bastion hostname as a fact set_fact: bastion_hostname: "{{groups['bastions'].0 }}" + tower_hostname: "{{ groups['towers'].0 }}" + - name: Get tower admin password + ansible.builtin.set_fact: + tower_password: "{{ hostvars[tower_hostname]['tower_password'] | d('not_set') }}" + - name: Report user info agnosticd_user_info: msg: "{{ item }}" @@ -188,12 +63,19 @@ - "Make sure you use the username '{{ student_name }}' and the password '{{ hostvars[bastion_hostname]['student_password'] }}' when prompted." - "" - "You can access your Tower:" - - "https://{{ tower_public_dns_chomped }}" + - "https://{{ tower_public_dns_chomped | d('undefined') }}" - "Make sure you are using the following credentials:" - "" - "Username: admin" - - "Password: {{ tower_password }}" - + - "Password: {{ tower_password| d('not_deployed') }}" + - "" + - "Note: The controller installation runs in the background and may take additional 30Min" + - "To follow the installation log in to {{ tower_hostname }} and tail the installation log:" + - "" + - "ssh {{ student_name }}@{{ openshift_cnv_ssh_address }} -p {{ hostvars[groups['bastions'][0]].bastion_ssh_port }}" + - "sudo ssh {{ tower_hostname }}" + - "tail -f aap_unpacked/aap_install.log" + - name: Set agnosticd user info data for tower when: - tower_instance_count > 0 @@ -202,7 +84,7 @@ data: tower_url: "https://tower-{{ guid }}.{{ guid }}.{{ osp_cluster_dns_zone }}" tower_username: "admin" - tower_password: "{{ tower_password }}" + tower_password: "{{ tower_password| d('not_deployed') }}" - name: Set agnosticd user info data for tower when: @@ -212,9 +94,7 @@ data: tower_url: "https://tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}" tower_username: "admin" - tower_password: "{{ tower_password }}" - - + tower_password: "{{ tower_password | d('not_deployed') }}" - name: PostSoftware flight-check hosts: localhost @@ -225,4 +105,4 @@ - post_flight_check tasks: - debug: - msg: "Post-Software checks completed successfully" + msg: "Post-Software checks completed successfully - Stage {{ purpose | d('undefined') }}" diff --git a/ansible/configs/sap-hana/pre_infra.yml b/ansible/configs/sap-hana/pre_infra.yml index f6270f854f0..99f6a49cd66 100644 --- a/ansible/configs/sap-hana/pre_infra.yml +++ b/ansible/configs/sap-hana/pre_infra.yml @@ -1,34 +1,53 @@ -- name: Step 000 Pre Infrastructure +--- +- name: Step 000 - Pre Infrastructure + # + # Creates SSH keys for logging in and search snapshot disk in AWS + # hosts: localhost connection: local - gather_facts: false + gather_facts: true become: false tags: - step001 - pre_infrastructure - generate_env_keys + tasks: - - debug: - msg: "Step 000 Pre Infrastructure" + - name: Print Ansible version, python version and OS of ansible deployment + ansible.builtin.debug: + msg: + - 'Ansible version: {{ ansible_version.full | d("not found") }}' + - 'Python version: {{ ansible_python.version.major }}.{{ ansible_python.version.minor + }}' + - 'OS: {{ ansible_distribution }} {{ ansible_distribution_major_version }}' - - name: Generate SSH keys - shell: ssh-keygen -b 2048 -t rsa -f "{{output_dir}}/{{env_authorized_key}}" -q -N "" + ## TODO: replace ansible by command + - name: Generate SSH keypair + ansible.builtin.command: ssh-keygen -b 2048 -t rsa -f "{{ output_dir }}/{{ env_authorized_key }}" -q -N "" args: - creates: "{{output_dir}}/{{env_authorized_key}}" + creates: "{{ output_dir }}/{{ env_authorized_key }}" when: set_env_authorized_key | bool - - name: fix permission - file: - path: "{{output_dir}}/{{env_authorized_key}}" - mode: 0400 + - name: Output newly generated private key for logging in + ansible.builtin.debug: + msg: "{{ lookup('ansible.builtin.file', output_dir + '/' + env_authorized_key) }}" when: set_env_authorized_key | bool - - name: Generate SSH pub key - shell: ssh-keygen -y -f "{{output_dir}}/{{env_authorized_key}}" > "{{output_dir}}/{{env_authorized_key}}.pub" - args: - creates: "{{output_dir}}/{{env_authorized_key}}.pub" + ## TODO: change mode line + - name: Fix permission + ansible.builtin.file: + path: "{{ output_dir }}/{{ env_authorized_key }}" + mode: '0400' when: set_env_authorized_key | bool + ### TODO: seems superflous -- double check + ## This logic overwrites the public with the private key if public was not created !! + # - name: Generate SSH pub key + # ansible.builtin.shell: ssh-keygen -y -f "{{ output_dir }}/{{ env_authorized_key }}" > "{{ output_dir }}/{{ env_authorized_key }}.pub" + # args: + # creates: "{{ output_dir }}/{{ env_authorized_key }}.pub" + # when: set_env_authorized_key | bool + - name: Include tasks to find snapshot in AWS when: cloud_provider == 'ec2' - include_tasks: find_snapshot.yml + ansible.builtin.include_tasks: find_snapshot.yml diff --git a/ansible/configs/sap-hana/pre_software.yml b/ansible/configs/sap-hana/pre_software.yml index 706889eddea..cc99680a090 100644 --- a/ansible/configs/sap-hana/pre_software.yml +++ b/ansible/configs/sap-hana/pre_software.yml @@ -1,143 +1,206 @@ # Cloudformation template or equivalent should tag all hosts with Project:{{ env_type }}-{{ guid }} -- name: Configure all hosts with Repositories, Common Files and Set environment key +# copy login keys and ensures all systems are subscribed to proper repositories in Satellite +# configure firewall and networking, install common_packages +# configure modified routing on designated SAP servers + +- name: Step 003 - PreSoftware hosts: - all:!windows become: true - gather_facts: False - roles: - - { role: "set-repositories", when: 'repo_method is defined' } - tags: - - step004 - - common_tasks + gather_facts: false + tasks: + - name: Configure Repositories + when: repo_method is defined + ansible.builtin.include_role: + name: "set-repositories" + tags: + - step004 + - common_tasks -- name: Lock RHEL release + - name: DEBUG - Configuration after repo setup + ansible.builtin.shell: | + echo "===================================" + cat /etc/redhat-release + dnf clean all + subscription-manager status + subscription-manager release --list + subscription-manager repos + changed_when: false + failed_when: false + +- name: Step 003 - Unlock RHEL release on non-SAP systems hosts: - bastions:towers become: true - gather_facts: False + gather_facts: false tasks: - - name: Lock RHEL release to one providing ansible-core - command: subscription-manager release --set={{ rhel_lock_release }} + - name: Get current RHEL release + ansible.builtin.setup: + gather_subset: + - distribution + - name: Print current RHEL release + ansible.builtin.debug: + msg: "This system is RHEL {{ ansible_distribution_major_version }}" + # - name: Print all evaluated playbook variables + # ansible.builtin.debug: + # var: hostvars[inventory_hostname] + + - name: Unlock RHEL release # noqa: no-changed-when + ansible.builtin.command: subscription-manager release --set={{ ansible_distribution_major_version }} register: lock_result until: lock_result is succeeded retries: 15 delay: 10 -- name: Lock RHEL release SAP + - name: Configure zstream repositories only + community.general.rhsm_repository: + name: "{{ rhel_repos_zstream }}" + purge: true + +- name: Step 003 - Lock RHEL release on SAP systems hosts: - hanas:s4hanas become: true - gather_facts: False + gather_facts: false tasks: - - name: Lock RHEL release to one SAP certified - command: subscription-manager release --set={{ rhel_lock_release_sap }} + - name: Get current RHEL release + ansible.builtin.setup: + gather_subset: + - distribution + - name: Print current RHEL release + ansible.builtin.debug: + msg: "This system is RHEL {{ ansible_distribution_version }}" + + ## TODO: use system_role rhc instead + - name: Ensure RHEL release is locked to SAP certified # noqa: no-changed-when + # when: ansible_distribution_major_version | int < 9 + ansible.builtin.command: subscription-manager release --set={{ rhel_lock_release_sap }} register: lock_result until: lock_result is succeeded retries: 15 delay: 10 - tags: - - step004 - - common_tasks + # required because regular repositories are not synched in Satellite + - name: Configure e4s repositories only + community.general.rhsm_repository: + name: "{{ rhel_repos_e4s }}" + purge: true -- name: Install Common packages and Set environment key +- name: Step 003 - Install Common packages and Set environment key hosts: - all:!windows become: true - gather_facts: False - roles: - - { role: "common", when: 'install_common' } - - { role: "set_env_authorized_key", when: 'set_env_authorized_key' } - tags: - - step004 - - common_tasks + gather_facts: false + + tasks: + - name: DEBUG - Figure out current package/release versions + ansible.builtin.shell: | + subscription-manager release + subscription-manager release --list + dnf repolist + changed_when: false + failed_when: false + + # update all packages (update_packages: true - default) + # Install standard packages in common_packages_el9 + # Installs common_extra_packages - defined in default_vars.yml + - name: Install common packages + when: install_common + ansible.builtin.include_role: + name: "common" -- name: Configure firewalld + - name: Set Authorized Keys for default logins + when: set_env_authorized_key + ansible.builtin.include_role: + name: "set_env_authorized_key" + +- name: Step 003 - Configure firewalld on bastion host hosts: bastions become: true tasks: - name: Install firewalld - ansible.builtin.yum: + ansible.builtin.dnf: name: firewalld state: installed - - name: 'Ensure firewalld is running' + + - name: Ensure firewalld is running ansible.builtin.service: name: firewalld state: started enabled: true - - ansible.posix.firewalld: + - name: Enable firewalld + ansible.posix.firewalld: masquerade: true state: enabled permanent: true immediate: true zone: public - - name: permit nfs traffic + - name: Permit nfs traffic ansible.posix.firewalld: service: nfs permanent: true immediate: true state: enabled -- name: Change default gw + # required for downloading SAP Software + - name: Install python3-pip + ansible.builtin.package: + name: python3-pip + state: present + +- name: Step 003 - Change default gw on SAP servers hosts: hanas:s4hanas become: true tasks: - - name: Set 192.168.47.10 as default gw - command: "{{ item }}" + - name: Set 192.168.47.10 as default gw # noqa: no-changed-when + ansible.builtin.command: "{{ item }}" loop: - ip r add 10.0.0.0/8 via 10.0.2.1 - ip r add default via 192.168.47.10 metric 1 - nmcli con modify "System eth0" ipv4.gateway 192.168.47.10 ipv4.route-metric 1 - nmcli con mod "Wired connection 1" ipv4.routes "10.0.0.0/8 10.0.2.1 0" -- name: Configuring Bastion Hosts +- name: Step 003 - Configuring Bastion Hosts hosts: bastions become: true - roles: - - { role: "bastion", when: 'install_bastion' } - - role: bastion-student-user + tasks: + - name: Install bastion host + when: 'install_bastion' + ansible.builtin.include_role: + name: bastion + + - name: Install student user on bastion host when: install_student_user | bool - tags: - - step004 - - bastion_tasks + ansible.builtin.include_role: + name: bastion-student-user -- name: Copy SSH RSA to cloud-user - hosts: bastions - become: true - tasks: - - copy: - src: /root/.ssh/{{env_authorized_key}}.pem + - name: Copy private keyfile to bastion host (OSP) + ansible.builtin.copy: + src: /root/.ssh/{{ env_authorized_key }}.pem dest: /home/cloud-user/.ssh/id_rsa owner: cloud-user group: cloud-user - mode: 0400 - remote_src: yes + mode: '0400' + remote_src: true when: cloud_provider == "osp" - tags: - - step004 - - bastion_tasks -- name: Copy SSH RSA to ec2-user - hosts: bastions - become: true - tasks: - - copy: - src: /root/.ssh/{{env_authorized_key}}.pem + - name: Copy private keyfile to bastion host (AWS) + ansible.builtin.copy: + src: /root/.ssh/{{ env_authorized_key }}.pem dest: /home/ec2-user/.ssh/id_rsa owner: ec2-user group: ec2-user - mode: 0400 - remote_src: yes + mode: '0400' + remote_src: true when: cloud_provider == "ec2" tags: - step004 - bastion_tasks - -- name: PreSoftware flight-check +- name: Step 003 - PreSoftware flight-check hosts: localhost connection: local gather_facts: false @@ -145,5 +208,6 @@ tags: - flight_check tasks: - - debug: + - name: Pre-flight-check results + ansible.builtin.debug: msg: "Pre-Software checks completed successfully" diff --git a/ansible/configs/sap-hana/software.yml b/ansible/configs/sap-hana/software.yml index d5b87a5003e..a41d22cbb24 100644 --- a/ansible/configs/sap-hana/software.yml +++ b/ansible/configs/sap-hana/software.yml @@ -1,16 +1,16 @@ --- -- name: Step 00xxxxx software - hosts: localhost - gather_facts: False - become: false - tasks: - - debug: - msg: "Software tasks Started" +# - name: Step 004 - Software Provisioning +# hosts: localhost +# gather_facts: false +# become: false +# tasks: +# - debug: +# msg: "Software tasks Started" -- name: Configure /etc/hosts for openshift_cnv +- name: Step 004 - Configure /etc/hosts for openshift_cnv hosts: all - become: True - gather_facts: True + become: true + gather_facts: true tasks: - name: Configure /etc/hosts when: cloud_provider == "openshift_cnv" @@ -18,63 +18,68 @@ path: /etc/hosts block: | 192.168.47.10 bastion-{{ guid }}.example.com bastion-{{ guid }} - 192.168.47.11 tower-{{ guid }}.example.com tower-{{ guid }} + 192.168.47.11 tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }} tower-{{ guid }}.example.com tower-{{ guid }} 192.168.47.28 hana-{{ guid }}1.example.com hana-{{ guid }}1 192.168.47.135 hana-{{ guid }}2.example.com hana-{{ guid }}2 192.168.47.150 s4hana-{{ guid }}.example.com s4hana-{{ guid }} + 192.168.47.200 hana-vip.example.com hana-vip +# Note: The external DNS Name has to be here to accept the cert in 2.5 containerized install +# only necessary on tower, but does not harm the other nodes. - name: Ensure NFS Server is installed, SAP Software Device Mounted and Ansible Installed hosts: bastions - become: True - gather_facts: True + become: true + gather_facts: true tasks: - name: Ensure NFS directory exists - file: + ansible.builtin.file: path: "/nfs" state: directory + mode: "0755" - name: Mount up device by UUID - mount: + ansible.posix.mount: path: /nfs src: "/dev/{{ sap_software_device }}" fstype: xfs state: present - - name: 'Ensure required packages are installed' - package: + - name: Ensure required packages are installed + ansible.builtin.dnf: name: nfs-utils state: installed - - name: "Ensure export file contains the directory to be shared" - lineinfile: + - name: Ensure export file contains the directory to be shared + ansible.builtin.lineinfile: path: /etc/exports state: present regexp: "^/nfs" line: "/nfs *(insecure,rw,no_root_squash,no_wdelay,sync)" - - name: 'Ensure nfs-server is restarted and running' - service: + - name: Ensure nfs-server is restarted and running + ansible.builtin.service: name: nfs-server state: restarted - enabled: yes - - - name: Ensure additional packages are installed - yum: - name: - - ansible - - java-1.8.0-openjdk - - rhel-system-roles-sap - state: latest - + enabled: true + +# - name: Ensure additional packages are installed +# ansible.builtin.dnf: +# name: +# - ansible +# - java-1.8.0-openjdk +# - rhel-system-roles-sap +# state: present + - name: Ensure /nfs directory is owned by '{{ remote_user }}' - file: + ansible.builtin.file: path: /nfs state: directory owner: "{{ remote_user }}" + mode: "755" - name: Ensure SAP software is not present for external (non Red Hatters) requesters - file: + ansible.builtin.file: state: absent path: "{{ item }}" loop: @@ -84,40 +89,44 @@ - '/nfs/SAPHOSTAGENT/' when: not rh_internal -- name: Ensure NFS share is mounted in HANA and S/4HANA Hosts +- name: Step 004 - Ensure NFS share is mounted in HANA and S/4HANA Hosts hosts: hanas:s4hanas - become: True - gather_facts: True + become: true + gather_facts: true tasks: - - name: Ensure additional packages are installed - yum: + - name: Ensure NFS client packages are installed + ansible.builtin.dnf: name: - rpcbind - nfs-utils - state: latest + state: present - name: Ensure Software directory exists - file: + ansible.builtin.file: path: "/software" state: directory + mode: "0755" - name: Ensure NFS share is mounted - mount: + ansible.posix.mount: path: "/software" src: "{{ bastion_hostname }}:/nfs" fstype: nfs4 opts: "rw,bg,hard,_netdev" state: mounted -- name: Add short and fqdn resolution for every host +## TODO: replace with SAP dowload instead in future release + +### The change of /etc/hosts has been done above, so next play should be redundant for openshift_cnv +- name: Step 004 - Add short and fqdn resolution for every host hosts: hanas:s4hanas become: true gather_facts: true tasks: - - name: Add HANA and S4HANA hosts info to /etc/hosts - lineinfile: + - name: Add HANA and S4HANA hosts info to /etc/hosts # noqa: ignore-errors + ansible.builtin.lineinfile: path: /etc/hosts state: present line: "{{ hostvars[item].ansible_default_ipv4.address }} {{ hostvars[item].ansible_hostname }}.example.com {{ hostvars[item].ansible_hostname }}" @@ -126,91 +135,228 @@ with_items: - "{{ groups['hanas'] }}" - "{{ groups['s4hanas'] }}" - ignore_errors: true - -##Below tasks has been added because Sap E2E CI failing when running the tower job sap-repositories, -##as per the article in Red Hat we need to move two files in /tmp dir + ignore_errors: true -- name: Redgistering Insights-client and moving files +## Below tasks has been added because Sap E2E CI failing when running the tower job sap-repositories, +## as per the article in Red Hat we need to move two files in /tmp dir + +- name: Step 004 - Registering Insights-client and moving files hosts: hanas:s4hanas become: true gather_facts: true tasks: - - name: Registering the client with Red Hat insight - command: insights-client --register + - name: Registering the client with Red Hat insight # noqa: no-changed-when ignore-errors + ansible.builtin.command: insights-client --register + ignore_errors: true + + - name: Move newest.egg file to /tmp directory # noqa: no-changed-when ignore-errors + ansible.builtin.command: mv /var/lib/insights/newest.egg /tmp + ignore_errors: true + + - name: Move newest.egg.asc file to /tmp directory # noqa: no-changed-when ignore-errors + ansible.builtin.command: mv /var/lib/insights/newest.egg.asc /tmp ignore_errors: true - - - name: Move newest.egg file to /tmp directory - command: mv /var/lib/insights/newest.egg /tmp - ignore_errors: true - - - name: Move newest.egg.asc file to /tmp directory - command: mv /var/lib/insights/newest.egg.asc /tmp - ignore_errors: true - -- name: Deploy Ansible Tower + +- name: Step 004 - Prepare deployment of AAP hosts: towers - gather_facts: False - become: yes + gather_facts: false + become: true tasks: - # This is a bit hacky but we are facing some issues with Ansible, RHEL8 and python for some - # modules and this workaround solved this particular issue -# - name: Debug offline token -# debug: -# var: offline_token - -# - name: Debug sap-e2e-offline token -# debug: -# var: sap-e2e-offline-token - - - name: Ensure Python3 package is installed and alternatives for python updated - shell: > - yum install -y python3 && alternatives --set python /usr/bin/python3 - -# - name: Ensure EPEL GPG is installed -# rpm_key: -# state: present -# key: "{{ ansible_tower_epel_gpg_download_url }}" - - - name: Add RPM package key RPM-GPG-KEY-EPEL-8 - rpm_key: - key: https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8 - - - name: "install epel-release" - dnf: - name: "{{ ansible_tower_epel_download_url }}" + - name: Add RPM package key RPM-GPG-KEY-EPEL-9 + ansible.builtin.rpm_key: + key: 'https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-{{ ansible_distribution_major_version }}' + when: cloud_provider == "openshift_cnv" + + - name: Install epel-release + ansible.builtin.dnf: + name: 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm' state: present disable_gpg_check: "{{ ansible_tower_epel_disable_gpg_check | default('no') }}" - - - - name: install certbot - yum: - name: "certbot" when: cloud_provider == "openshift_cnv" - - name: Generate certificate using certbot - command: certbot certonly --standalone -d tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }} -m rhpds-admins@redhat.com --agree-tos -n --cert-path /etc/tower/tower.cert --key-path /etc/tower/tower.key + - name: Install certbot + ansible.builtin.dnf: + name: certbot when: cloud_provider == "openshift_cnv" - - name: Ensure additional packages are installed - yum: - name: - - ansible + - name: Install ansible-core + ansible.builtin.package: + name: ansible-core state: present - exclude: - - ansible-6.3.0-2.el8.1.noarch - - ansible-7.2.0-1.el8.noarch - - ansible-8.3.0-1.el8.noarch - - ansible-9.2.0-1.el8.noarch - - name: Install Ansible Tower - include_role: - name: infra-ansible/roles/ansible/tower/config-ansible-tower + - name: Ensure Directory for certificates exist + ansible.builtin.file: + path: "/home/cloud-user/aap_cert" + state: directory + owner: cloud-user + group: cloud-user + mode: '0755' + when: cloud_provider == "openshift_cnv" + + - name: Generate certificate using certbot # noqa: no-changed-when + ansible.builtin.command: + argv: + - certbot + - certonly + - --standalone + - -d + - tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }} + - -m + - rhpds-admins@redhat.com + - --agree-tos + - -n + - --cert-path + - /home/cloud-user/aap_cert/fullchain.pem + - --key-path + - /home/cloud-user/aap_cert/privkey.pem + when: cloud_provider == "openshift_cnv" + + - name: Copy certificate files to /home/cloud-user/aap_cert + ansible.builtin.copy: + src: '/etc/letsencrypt/live/tower-{{ guid }}.{{ guid }}.{{ sandbox_openshift_apps_domain }}/{{ item }}' + dest: '/home/cloud-user/aap_cert/{{ item }}' + owner: cloud-user + group: cloud-user + mode: '0644' + remote_src: true + when: cloud_provider == "openshift_cnv" + loop: + - fullchain.pem + - privkey.pem + + # Should move into secret file + - name: Create offline token + ansible.builtin.set_fact: + offline_token: "{{ rhsm_api_token_enc | decrypt(ocp4_ai_offline_token) }}" + - name: Debug offline token + ansible.builtin.debug: + var: offline_token + + # - name: Debug sap-e2e-offline token + # ansible.builtin.debug: + # var: sap-e2e-offline-token + + - name: Copy ssh key to cloud-user + ansible.builtin.copy: + src: '{{ hostvars.localhost.ssh_provision_key_path }}' + dest: /home/cloud-user/.ssh/id_rsa + owner: cloud-user + group: cloud-user + mode: '0600' + + - name: Ensure directory aap_postinstall exists + ansible.builtin.file: + path: /home/cloud-user/aap_postinstall + state: directory + owner: cloud-user + group: cloud-user + mode: '0755' + + - name: Copy configuration templates to aap_postinstall + ansible.builtin.template: + src: "{{ item }}" + dest: "/home/cloud-user/aap_postinstall/{{ item | basename | regex_replace('\\.j2', '') }}" + owner: cloud-user + group: cloud-user + mode: '0644' + with_fileglob: + - templates/aap_postinstall/* + when: cloud_provider == "openshift_cnv" + + # NOTE: Download role is only for "localhost" + - name: Download AAP2 + ansible.builtin.include_role: + name: "aap_download" + tags: + - step004 + + - name: Ensure aap_unpacked directory exist + ansible.builtin.file: + path: "/home/cloud-user/aap_unpacked" + state: directory + mode: '0755' + owner: cloud-user + group: cloud-user + + - name: Unpack previously downloaded aap2.tar.gz in playbook_dir + ansible.builtin.unarchive: + src: "{{ playbook_dir }}/aap.tar.gz" + dest: "/home/cloud-user/aap_unpacked/" + owner: cloud-user + group: cloud-user + extra_opts: + - --strip-components=1 + # remote_src: true + + - name: Create Random Controller Admin password + ansible.builtin.set_fact: + tower_password: "{{ lookup('password', '/dev/null length=12 chars=ascii_letters,digits') }}" + + - name: Copy customized inventory template to aap_unpacked + ansible.builtin.template: + src: aap_inventory.{{ cloud_provider }}.j2 + dest: '/home/cloud-user/aap_unpacked/inventory' + owner: cloud-user + group: cloud-user + mode: '0644' - - name: Install ansible for module psutil - pip: - name: ansible - virtualenv: /var/lib/awx/venv/ansible + - name: Downloading tower manifest # noqa ignore-errors + ansible.builtin.get_url: + url: "{{ controller_manifest | regex_search('url:\\s+(.*)', '\\1') | join }}" + dest: /home/cloud-user/aap_unpacked/manifest.zip + owner: cloud-user + group: cloud-user + mode: "0644" +# username: "{{ tower_manifest.username | default(omit) }}" +# password: "{{ tower_manifest.password | default(omit) }}" + ignore_errors: true + + - name: Execute the ansible.containerized_installer.install playbook + ansible.builtin.shell: | + ansible-playbook -i inventory ansible.containerized_installer.install + become: true + become_user: cloud-user + changed_when: true + args: + chdir: /home/cloud-user/aap_unpacked/ + register: r_aap_deploy + async: 10800 # Seconds for maximum runtime, set to 3 hours + poll: 0 # Seconds between polls, use 0 to continue with playbook + # retries: 3 + # until: r_aap_deploy is succeeded + + # Installation runs in the background. + # We use the inventory to deploy the initial controller content. + # So we can continue with the playbooks and send out the email. + # Depending on the AAP Installation, we may wait for the UI to be reachable + # or make an info on the order page + + # For Debugging ONLY (pupose == development) + - name: Copy postinstall_only.yml to collection + when: purpose == "development" + ansible.builtin.copy: + src: templates/postinstall_only.yml + dest: /home/cloud-user/aap_unpacked/collections/ansible_collections/ansible/containerized_installer/playbooks/postinstall_only.yml + owner: cloud-user + group: cloud-user + mode: '0644' + + - name: Copy postinstall variable template to aap_unpacked + when: purpose == "development" + ansible.builtin.template: + src: postinstvar.j2 + dest: /home/cloud-user/aap_unpacked/postinstvars + owner: cloud-user + group: cloud-user + mode: '0644' + + - name: Check sync status + when: purpose != "development" + ansible.builtin.async_status: + jid: "{{ r_aap_deploy.ansible_job_id }}" + register: async_poll_results + until: async_poll_results.finished + retries: 30 - name: Software flight-check @@ -221,6 +367,6 @@ tags: - post_flight_check tasks: - - debug: + - name: Software checks + ansible.builtin.debug: msg: "Software checks completed successfully" - diff --git a/ansible/configs/sap-hana-rhel9/templates/aap_inventory.generic.j2 b/ansible/configs/sap-hana/templates/aap_inventory.generic.j2 similarity index 100% rename from ansible/configs/sap-hana-rhel9/templates/aap_inventory.generic.j2 rename to ansible/configs/sap-hana/templates/aap_inventory.generic.j2 diff --git a/ansible/configs/sap-hana-rhel9/templates/aap_inventory.openshift_cnv.j2 b/ansible/configs/sap-hana/templates/aap_inventory.openshift_cnv.j2 similarity index 93% rename from ansible/configs/sap-hana-rhel9/templates/aap_inventory.openshift_cnv.j2 rename to ansible/configs/sap-hana/templates/aap_inventory.openshift_cnv.j2 index 2d9674f545e..3eadae1fd8e 100644 --- a/ansible/configs/sap-hana-rhel9/templates/aap_inventory.openshift_cnv.j2 +++ b/ansible/configs/sap-hana/templates/aap_inventory.openshift_cnv.j2 @@ -46,10 +46,8 @@ controller_license_file=/home/cloud-user/aap_unpacked/manifest.zip gateway_tls_cert=/home/cloud-user/aap_cert/fullchain.pem gateway_tls_key=/home/cloud-user/aap_cert/privkey.pem -# Do not propagate AH content to speed up deployment -#automationhub_seed_collections=false -hub_seed_collections=false -hub_postinstall=false +# Do not propagate AH content +automationhub_seed_collections=false # Propagate postinstallation content controller_postinstall=true diff --git a/ansible/configs/sap-hana-rhel9/templates/aap_postinstall/aap_config.yml.j2 b/ansible/configs/sap-hana/templates/aap_postinstall/aap_config.yml.j2 similarity index 100% rename from ansible/configs/sap-hana-rhel9/templates/aap_postinstall/aap_config.yml.j2 rename to ansible/configs/sap-hana/templates/aap_postinstall/aap_config.yml.j2 diff --git a/ansible/configs/sap-hana-rhel9/templates/aap_postinstall/aap_ee.yml b/ansible/configs/sap-hana/templates/aap_postinstall/aap_ee.yml similarity index 100% rename from ansible/configs/sap-hana-rhel9/templates/aap_postinstall/aap_ee.yml rename to ansible/configs/sap-hana/templates/aap_postinstall/aap_ee.yml diff --git a/ansible/configs/sap-hana-rhel9/templates/aap_postinstall/aap_job_templates.yml b/ansible/configs/sap-hana/templates/aap_postinstall/aap_job_templates.yml similarity index 100% rename from ansible/configs/sap-hana-rhel9/templates/aap_postinstall/aap_job_templates.yml rename to ansible/configs/sap-hana/templates/aap_postinstall/aap_job_templates.yml diff --git a/ansible/configs/sap-hana-rhel9/templates/aap_postinstall/aap_workflows.yml b/ansible/configs/sap-hana/templates/aap_postinstall/aap_workflows.yml similarity index 99% rename from ansible/configs/sap-hana-rhel9/templates/aap_postinstall/aap_workflows.yml rename to ansible/configs/sap-hana/templates/aap_postinstall/aap_workflows.yml index c1bf68af696..1084f262eb8 100644 --- a/ansible/configs/sap-hana-rhel9/templates/aap_postinstall/aap_workflows.yml +++ b/ansible/configs/sap-hana/templates/aap_postinstall/aap_workflows.yml @@ -57,3 +57,6 @@ controller_workflows: failure_nodes: [] always_nodes: [] credentials: [] + + + diff --git a/ansible/configs/sap-hana-rhel9/templates/aap_postinstall/workflow01.vars b/ansible/configs/sap-hana/templates/aap_postinstall/workflow01.vars similarity index 100% rename from ansible/configs/sap-hana-rhel9/templates/aap_postinstall/workflow01.vars rename to ansible/configs/sap-hana/templates/aap_postinstall/workflow01.vars diff --git a/ansible/configs/sap-hana-rhel9/templates/postinstall_only.yml b/ansible/configs/sap-hana/templates/postinstall_only.yml similarity index 100% rename from ansible/configs/sap-hana-rhel9/templates/postinstall_only.yml rename to ansible/configs/sap-hana/templates/postinstall_only.yml diff --git a/ansible/configs/sap-hana-rhel9/templates/postinstvar.j2 b/ansible/configs/sap-hana/templates/postinstvar.j2 similarity index 100% rename from ansible/configs/sap-hana-rhel9/templates/postinstvar.j2 rename to ansible/configs/sap-hana/templates/postinstvar.j2