├── .ansible-lint ├── .github └── workflows │ └── ansible-lint.yml ├── .gitignore ├── .yamllint.yml ├── DISCONTINUATION_NOTICE.md ├── LICENSE ├── README.md ├── defaults └── main.yml ├── files ├── etc │ └── tmpfiles.d │ │ └── sap.conf └── tmp │ ├── hostnamectl-fix.pp │ └── hostnamectl-fix.te ├── handlers └── main.yml ├── meta ├── main.yml └── runtime.yml ├── tasks ├── RedHat │ └── generic │ │ ├── assert-dns-name-resolution.yml │ │ ├── assert-etc-hosts.yml │ │ ├── assert-firewall.yml │ │ ├── assert-hostname.yml │ │ ├── assert-kernel-parameters-loop-block.yml │ │ ├── assert-kernel-parameters.yml │ │ ├── assert-limits-conf-file.yml │ │ ├── assert-nofile-limits.yml │ │ ├── assert-nproc-limits.yml │ │ ├── assert-selinux.yml │ │ ├── assert-systemd-tmpfiles.yml │ │ ├── assert-tmpfs.yml │ │ ├── assert-uuidd.yml │ │ ├── check-dns-name-resolution.yml │ │ ├── configure-etc-hosts.yml │ │ ├── configure-firewall.yml │ │ ├── configure-hostname.yml │ │ ├── configure-kernel-parameters.yml │ │ ├── configure-selinux.yml │ │ ├── configure-systemd-tmpfiles.yml │ │ ├── configure-tmpfs.yml │ │ ├── configure-uuidd.yml │ │ ├── increase-nofile-limits.yml │ │ └── increase-nproc-limits.yml ├── assert-configuration.yml ├── assert-installation.yml ├── configuration.yml ├── installation.yml ├── main.yml └── sapnote │ ├── 2002167 │ ├── 02-assert-configuration-changes.yml │ ├── 02-configuration-changes.yml │ ├── 03-assert-setting-the-hostname.yml │ ├── 03-setting-the-hostname.yml │ ├── 04-assert-linux-kernel-parameters.yml │ ├── 04-linux-kernel-parameters.yml │ ├── 05-assert-process-resource-limits.yml │ ├── 05-process-resource-limits.yml │ ├── 06-additional-notes-for-installing-sap-systems.yml │ └── 06-assert-additional-notes-for-installing-sap-systems.yml │ ├── 2772999 │ ├── 02-assert-selinux.yml │ ├── 02-configure-selinux.yml │ ├── 03-assert-hostname.yml │ ├── 03-configure-hostname.yml │ ├── 04-assert-network-time-and-date.yml │ ├── 04-configure-network-time-and-date.yml │ ├── 05-assert-firewall.yml │ ├── 05-configure-firewall.yml │ ├── 06-assert-uuidd.yml │ ├── 06-configure-uuidd.yml │ ├── 07-assert-tmpfs.yml │ ├── 07-configure-tmpfs.yml │ ├── 08-assert-linux-kernel-parameters.yml │ ├── 08-configure-linux-kernel-parameters.yml │ ├── 09-assert-process-resource-limits.yml │ ├── 09-configure-process-resource-limits.yml │ ├── 10-assert-systemd-tmpfiles.yml │ └── 10-configure-systemd-tmpfiles.yml │ ├── 0941735.yml │ ├── 1391070.yml │ ├── 1771258.yml │ ├── 2002167.yml │ ├── 2772999.yml │ ├── assert-0941735.yml │ ├── assert-1391070.yml │ ├── assert-1771258.yml │ ├── assert-2002167.yml │ └── assert-2772999.yml ├── tests ├── beautify-assert-output.sh ├── run-sap-preconfigure-tests.py └── sap-preconfigure-default-settings.yml └── vars ├── RedHat_7.yml ├── RedHat_8.0.yml ├── RedHat_8.1.yml ├── RedHat_8.yml ├── RedHat_9.yml └── main.yml /.ansible-lint: -------------------------------------------------------------------------------- 1 | --- 2 | skip_list: 3 | # We do not intend to change the role name 4 | - role-name 5 | - ignore-errors # We use ignore_errors for all the assert tasks, which should be acceptable 6 | -------------------------------------------------------------------------------- /.github/workflows/ansible-lint.yml: -------------------------------------------------------------------------------- 1 | name: Ansible Lint 2 | 3 | on: [push, pull_request] 4 | 5 | jobs: 6 | ansible-lint: 7 | 8 | runs-on: ubuntu-latest 9 | 10 | steps: 11 | - uses: actions/checkout@v2 12 | 13 | - name: Lint Ansible Playbook 14 | uses: ansible/ansible-lint-action@master 15 | with: 16 | targets: | 17 | ./ 18 | override-deps: | 19 | ansible-core==2.12 20 | ansible-lint==5.3.0 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .cache/ 2 | -------------------------------------------------------------------------------- /.yamllint.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Based on ansible-lint config 3 | extends: default 4 | 5 | rules: 6 | braces: {max-spaces-inside: 1, level: error} 7 | brackets: {max-spaces-inside: 1, level: error} 8 | # colons: {max-spaces-after: -1, level: error} 9 | # commas: {max-spaces-after: -1, level: error} 10 | comments: disable 11 | comments-indentation: disable 12 | # document-start: disable 13 | # empty-lines: {max: 3, level: error} 14 | # hyphens: {level: error} 15 | # indentation: disable 16 | # key-duplicates: enable 17 | line-length: disable 18 | # new-line-at-end-of-file: disable 19 | # new-lines: {type: unix} 20 | # trailing-spaces: disable 21 | truthy: disable 22 | -------------------------------------------------------------------------------- /DISCONTINUATION_NOTICE.md: -------------------------------------------------------------------------------- 1 | Note: Development and maintenance of this software has stopped. 2 | 3 | Its functional scope is covered and expanded by role [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure). 4 | The role is part of Ansible Collection [sap_install](https://github.com/sap-linuxlab/community.sap_install) in the 5 | GitHub organization [sap-linuxlab](https://github.com/sap-linuxlab), which is a joint initiative by SAP Technology Partners. 6 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # **NOTE:** Development and maintenance of this software has stopped. 2 | The successor role is [sap_general_preconfigure](https://github.com/sap-linuxlab/community.sap_install/tree/main/roles/sap_general_preconfigure). 3 | 4 | For more information, see [DISCONTINUATION_NOTICE.md](DISCONTINUATION_NOTICE.md). 5 | *** 6 | 7 | sap-preconfigure 8 | ================ 9 | 10 | This role installs required packages and performs configuration steps which are required for installing and running SAP NetWeaver or SAP HANA. Specific installation and configuration steps on top of these basic steps are performed with roles sap-netweaver-preconfigure and sap-hana-preconfigure. Future implementations may reduce the scope of this role, for example if certain installation or configuration steps are done in the more specific roles. 11 | 12 | Requirements 13 | ------------ 14 | 15 | To use this role, your system needs to be installed according to: 16 | - RHEL 7: SAP note 2002167, Red Hat Enterprise Linux 7.x: Installation and Upgrade, section "Installing Red Hat Enterprise Linux 7" 17 | - RHEL 8: SAP note 2772999, Red Hat Enterprise Linux 8.x: Installation and Configuration, section "Installing Red Hat Enterprise Linux 8". 18 | 19 | Note 20 | ---- 21 | Do not run this role against an SAP or other production system. The role will enforce a certain configuration on the managed node(s), which might not be intended. 22 | 23 | Role Variables 24 | -------------- 25 | 26 | - set in `defaults/main.yml`: 27 | 28 | ### Execute only certain steps of SAP notes 29 | If the following variable is set to `no`, only certain steps of SAP notes will be executed or checked as per setting of variable `sap_preconfigure__`. If this variable is undefined or set to `yes`, all installation and configuration steps of applicable SAP notes will be executed. 30 | ```yaml 31 | sap_preconfigure_config_all 32 | ``` 33 | 34 | ### Perform installation or configuration steps, or both 35 | If you have set `sap_preconfigure_config_all` (see above) to `no`, you can limit the scope of the role to only execute the installation or the configuration steps. For this purpose, set one of the following variables, or both, to `yes`. The default for both is `no`. 36 | ```yaml 37 | sap_preconfigure_installation 38 | sap_preconfigure_configuration 39 | ``` 40 | 41 | ### Define configuration steps of SAP notes 42 | For defining one or more configuration steps of SAP notes to be executed or checked only, set variable `sap_preconfigure_config_all` to `no`, `sap_preconfigure_configuration` to `yes`, and one or more of the following variables to `yes`: 43 | ```yaml 44 | sap_preconfigure_2002167_0[2...6], example: sap_preconfigure_2002167_03 45 | sap_preconfigure_1391070 46 | sap_preconfigure_0941735 47 | sap_preconfigure_2772999_[02...10], example: sap_preconfigure_2772999_10 48 | ``` 49 | 50 | ### Run the role in assert mode 51 | If the following variable is set to `yes`, the role will only check if the configuration of the managed node(s) is according to the applicable SAP notes. Default is `no`. 52 | ```yaml 53 | sap_preconfigure_assert 54 | ``` 55 | 56 | ### Behavior of the role in assert mode 57 | If the role is run in assert mode (see above) and the following variable is set to `yes`, assertion errors will not cause the role to fail. This can be useful for creating reports. 58 | Default is `no`, meaning that the role will fail for any assertion error which is discovered. This variable has no meaning if the role is not run in assert mode. 59 | ```yaml 60 | sap_preconfigure_assert_ignore_errors 61 | ``` 62 | 63 | ### Minimum package check 64 | The following variable will make sure packages are installed at minimum required versions as defined in files `vars/*.yml`. Default is `yes`. 65 | ```yaml 66 | sap_preconfigure_min_package_check 67 | ``` 68 | 69 | ### Perform a yum update 70 | If the following variable is set to `yes`, the role will run a `yum update` before performing configuration changes. Default is `no`. \ 71 | *Note*: The outcome of a `yum update` depends on the managed node's configuration for sticky OS minor version, see the description of the release option in `man subscription-manager`. For SAP HANA installations, setting a certain minor version with `subscscription-manager release --set=X.Y` is a strict requirement. 72 | ```yaml 73 | sap_preconfigure_update 74 | ``` 75 | 76 | ### Reboot the system if required 77 | If the following variable is set to `yes`, the role will reboot the managed node if required. The default is `no`, in which case the role will only report that a reboot is required. 78 | ```yaml 79 | sap_preconfigure_reboot_ok 80 | ``` 81 | 82 | ### How to behave if reboot is required 83 | In case `sap_preconfigure_reboot_ok` (see above) is set to `no`, we should make sure that a reboot requirement does not remain unnoticed. 84 | The following variable will cause the role to fail if a reboot is required, if undefined or set to `yes`, which is also the default. 85 | By setting the variable to `no`, the role will not fail if a reboot is required but just print a warning message. 86 | ```yaml 87 | sap_preconfigure_fail_if_reboot_required 88 | ``` 89 | 90 | ### Define SELinux state 91 | The following variable allows for defining the desired SELinux state. Default is `disabled`. 92 | ```yaml 93 | sap_preconfigure_selinux_state 94 | ``` 95 | 96 | ### Size of TMPFS in GB: 97 | The following variable contains a formula for setting the size of TMPFS according to SAP note 941735. You can modify the formula or replace it by a static value if needed. 98 | ```yaml 99 | sap_preconfigure_size_of_tmpfs_gb 100 | ``` 101 | 102 | ### Locale 103 | The following variable contains the locale to be check. This check is currently not implemented. 104 | ```yaml 105 | sap_preconfigure_locale 106 | ``` 107 | 108 | ### Modify /etc/hosts 109 | If you not want the role to check and if necessary modify `/etc/hosts` according to SAP's requirements, set the following variable to `no`. Default is `yes`. 110 | ```yaml 111 | sap_preconfigure_modify_etc_hosts 112 | ``` 113 | 114 | ### Maximum length of the hostname 115 | The role will fail if the hostname has more than 13 characters (defined in vars/main.yml), to catch such cases before attempting to install SAP software. 116 | There might be cases where other limits are desired (e.g. just 8 characters). In this case, set the following variable according to your needs (e.g. '8'). 117 | See also SAP note 611361. 118 | ```yaml 119 | sap_preconfigure_max_hostname_length 120 | ``` 121 | 122 | ### hostname 123 | If the role should not use the hostname as reported by Ansible (=`ansible_hostname`), set the following variable according to your needs: 124 | ```yaml 125 | sap_hostname 126 | ``` 127 | 128 | ### DNS domain name 129 | If the role should not use the DNS domain name as reported by Ansible (=`ansible_domain`), set the following variable according to your needs: 130 | ```yaml 131 | sap_domain 132 | ``` 133 | 134 | ### IP address 135 | If the role should not use the primary IP address as reported by Ansible (=`ansible_default_ipv4.address`), set the following variable according to your needs: 136 | ```yaml 137 | sap_ip 138 | ``` 139 | 140 | ### Linux group name of the database user 141 | The following variable contains the name of the group which is used for the database(s), e.g. 'dba'. 142 | ```yaml 143 | sap_preconfigure_db_group_name 144 | ``` 145 | 146 | Dependencies 147 | ------------ 148 | 149 | This role does not depend on any other role. 150 | 151 | Example Playbook 152 | ---------------- 153 | 154 | Simple playbook, named sap.yml: 155 | ```yaml 156 | --- 157 | - hosts: all 158 | roles: 159 | - role: sap-preconfigure 160 | ``` 161 | 162 | Example Usage 163 | ------------- 164 | Normal run: 165 | ```yaml 166 | ansible-playbook sap.yml -l remote_host 167 | ``` 168 | 169 | Extended Check (assert) run, aborting for any error which has been found: 170 | ```yaml 171 | ansible-playbook sap.yml -l remote_host -e "{sap_preconfigure_assert: yes}" 172 | ``` 173 | 174 | Extended Check (assert) run, not aborting even if an error has been found: 175 | ```yaml 176 | ansible-playbook sap.yml -l remote_host -e "{sap_preconfigure_assert: yes, sap_preconfigure_assert_ignore_errors: no}" 177 | ``` 178 | 179 | Same as above, with a nice compact and colored output, this time for two hosts: 180 | ```yaml 181 | ansible-playbook sap.yml -l host_1,host_2 -e "{sap_preconfigure_assert: yes, sap_preconfigure_assert_ignore_errors: yes}" | 182 | awk '{sub (" \"msg\": ", "")} 183 | /TASK/{task_line=$0} 184 | /fatal:/{fatal_line=$0; nfatal[host]++} 185 | /...ignoring/{nfatal[host]--; if (nfatal[host]<0) nfatal[host]=0} 186 | /^[a-z]/&&/: \[/{gsub ("\\[", ""); gsub ("]", ""); gsub (":", ""); host=$2} 187 | /SAP note/{print "\033[30m[" host"] "$0} 188 | /FAIL:/{nfail[host]++; print "\033[31m[" host"] "$0} 189 | /WARN:/{nwarn[host]++; print "\033[33m[" host"] "$0} 190 | /PASS:/{npass[host]++; print "\033[32m[" host"] "$0} 191 | /INFO:/{print "\033[34m[" host"] "$0} 192 | /changed/&&/unreachable/{print "\033[30m[" host"] "$0} 193 | END{print ("---"); for (var in npass) {printf ("[%s] ", var); if (nfatal[var]>0) { 194 | printf ("\033[31mFATAL ERROR!!! Playbook might have been aborted!!!\033[30m Last TASK and fatal output:\n"); print task_line, fatal_line 195 | } 196 | else printf ("\033[31mFAIL: %d \033[33mWARN: %d \033[32mPASS: %d\033[30m\n", nfail[var], nwarn[var], npass[var])}}' 197 | ``` 198 | Note: For terminals with dark background, replace the color code `30m` by `37m`. 199 | In case you need to make an invisible font readable on a terminal with dark background, run the following command in the terminal: 200 | ```yaml 201 | printf "\033[37mreadable font\n" 202 | ``` 203 | In case you need to make an invisible font readable on a terminal with bright background, run the following command in the terminal: 204 | ```yaml 205 | printf "\033[30mreadable font\n" 206 | ``` 207 | 208 | License 209 | ------- 210 | 211 | GNU General Public License v3.0 212 | 213 | Author Information 214 | ------------------ 215 | 216 | Bernd Finger 217 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # defaults file for sap-preconfigure 3 | 4 | # For executing just some of the configuration steps, 5 | # 1 - set sap_preconfigure_config_all to "no" (default is "yes"), 6 | # 2 - set sap_preconfigure_installation or sap_preconfigure_configuration, or both, to "yes" (default for both is "no") 7 | # 3 - and set one or more of the SAP notes related variables to "yes": 8 | # sap_preconfigure_config_all: no 9 | # sap_preconfigure_installation: yes 10 | # sap_preconfigure_configuration: yes 11 | ## examples for RHEL7: 12 | # sap_preconfigure_2002167_02: yes 13 | # sap_preconfigure_2002167_06: yes 14 | # sap_preconfigure_1391070: yes 15 | # sap_preconfigure_0941735: yes 16 | ## examples for RHEL8: 17 | # sap_preconfigure_2772999_02: yes 18 | # sap_preconfigure_2772999_10: yes 19 | 20 | sap_preconfigure_assert: no 21 | 22 | sap_preconfigure_assert_ignore_errors: no 23 | 24 | sap_preconfigure_packagegroups: "{{ __sap_preconfigure_packagegroups }}" 25 | # sap_preconfigure_packagegroups: '@minimal-environment' 26 | 27 | sap_preconfigure_envgroups: "{{ __sap_preconfigure_envgroups }}" 28 | # sap_preconfigure_envgroups: '@minimal-environment' 29 | 30 | sap_preconfigure_packages: "{{ __sap_preconfigure_packages }}" 31 | 32 | sap_preconfigure_min_package_check: yes 33 | 34 | sap_preconfigure_update: no 35 | 36 | sap_preconfigure_reboot_ok: no 37 | 38 | sap_preconfigure_fail_if_reboot_required: yes 39 | 40 | sap_preconfigure_selinux_state: disabled 41 | 42 | sap_preconfigure_size_of_tmpfs_gb: "{{ ((0.75 * ( ansible_memtotal_mb + ansible_swaptotal_mb )) / 1024) | round | int }}" 43 | 44 | sap_preconfigure_locale: en_US.UTF-8 45 | 46 | sap_preconfigure_modify_etc_hosts: yes 47 | 48 | sap_preconfigure_kernel_parameters: "{{ __sap_preconfigure_kernel_parameters_default }}" 49 | 50 | # see SAP note 611361 for possible restrictions for the maximum length of the hostname: 51 | sap_preconfigure_max_hostname_length: "{{ __sap_preconfigure_max_hostname_length }}" 52 | 53 | sap_hostname: "{{ ansible_hostname }}" 54 | 55 | sap_domain: "{{ ansible_domain }}" 56 | 57 | sap_ip: "{{ ansible_default_ipv4.address }}" 58 | 59 | # use the following variable to specify the name of the RHEL group which is used for the database processes 60 | # (if it exists, it will be used to configure process limits as per step 61 | # "Configuring Process Resource Limits" of SAP note 2002167/2772999): 62 | # sap_preconfigure_db_group_name: dba 63 | -------------------------------------------------------------------------------- /files/etc/tmpfiles.d/sap.conf: -------------------------------------------------------------------------------- 1 | # systemd.tmpfiles exclude file for SAP 2 | # SAP software stores some important files in /tmp which should not be deleted automatically. 3 | # This file has been created using role sap-preconfigure in RHEL System Roles for SAP. 4 | # Do not change this file as it might be overwritten when running role sap-preconfigure again. 5 | 6 | # Exclude SAP socket and lock files 7 | x /tmp/.sap* 8 | 9 | # Exclude HANA lock file 10 | x /tmp/.hdb*lock 11 | 12 | # Exclude TREX lock file 13 | x /tmp/.trex*lock 14 | -------------------------------------------------------------------------------- /files/tmp/hostnamectl-fix.pp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/linux-system-roles/sap-preconfigure/1bd867dc0d68822aedba771049ea77f98b721133/files/tmp/hostnamectl-fix.pp -------------------------------------------------------------------------------- /files/tmp/hostnamectl-fix.te: -------------------------------------------------------------------------------- 1 | 2 | module hostnamectl-fix 1.0; 3 | 4 | require { 5 | type initrc_t; 6 | type systemd_hostnamed_t; 7 | class dbus send_msg; 8 | } 9 | 10 | #============= systemd_hostnamed_t ============== 11 | allow systemd_hostnamed_t initrc_t:dbus send_msg; 12 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for sap-preconfigure 3 | 4 | - name: Reboot the managed node 5 | reboot: 6 | test_command: /bin/true 7 | listen: __sap_preconfigure_reboot_handler 8 | when: 9 | - sap_preconfigure_reboot_ok|d(false) 10 | 11 | - name: Let the role fail if a reboot is required 12 | fail: 13 | msg: Reboot is required! 14 | listen: __sap_preconfigure_reboot_handler 15 | when: 16 | - sap_preconfigure_fail_if_reboot_required|d(true) 17 | - not sap_preconfigure_reboot_ok|d(false) 18 | 19 | - name: Show a warning message if a reboot is required 20 | debug: 21 | msg: "WARN: Reboot is required!" 22 | listen: __sap_preconfigure_reboot_handler 23 | when: 24 | - not sap_preconfigure_fail_if_reboot_required|d(true) 25 | - not sap_preconfigure_reboot_ok|d(false) 26 | 27 | - name: Set the flag that reboot is needed to apply changes 28 | set_fact: 29 | sap_preconfigure_fact_reboot_required: true 30 | listen: __sap_preconfigure_reboot_handler 31 | when: 32 | - not sap_preconfigure_fail_if_reboot_required|d(true) 33 | - not sap_preconfigure_reboot_ok|d(false) 34 | 35 | - name: Remount /dev/shm 36 | command: mount -o remount /dev/shm 37 | args: 38 | warn: false 39 | listen: __sap_preconfigure_mount_tmpfs_handler 40 | 41 | - name: Check if /dev/shm is available 42 | command: df -h /dev/shm 43 | register: __sap_preconfigure_command_df_shm_result 44 | listen: __sap_preconfigure_mount_tmpfs_handler 45 | 46 | - name: Show the result of df -h /dev/shm 47 | debug: 48 | var: __sap_preconfigure_command_df_shm_result.stdout_lines, __sap_preconfigure_command_df_shm_result.stderr_lines 49 | listen: __sap_preconfigure_mount_tmpfs_handler 50 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Bernd Finger, Markus Koch 4 | description: Prepares a RHEL system for SAP NetWeaver or SAP HANA installation, common steps 5 | company: Red Hat, Inc. 6 | license: GPLv3 7 | min_ansible_version: 2.9 8 | platforms: 9 | - name: EL 10 | versions: [ 7, 8 ] 11 | galaxy_tags: [ 'sap', 'rhel' ] 12 | dependencies: [] -------------------------------------------------------------------------------- /meta/runtime.yml: -------------------------------------------------------------------------------- 1 | --- 2 | requires_ansible: '>=2.9.10' 3 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-dns-name-resolution.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert that the DNS domain is set 4 | assert: 5 | that: not( (ansible_domain is undefined) or (ansible_domain is none) or (ansible_domain | trim == '') ) 6 | fail_msg: "FAIL: The DNS domain is not configured! So variable 'sap_domain' needs to be configured!" 7 | success_msg: "PASS: The DNS domain is configured." 8 | # ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 9 | ignore_errors: yes 10 | 11 | - name: Assert that variable sap_domain is set 12 | assert: 13 | that: not( (sap_domain is undefined) or (sap_domain is none) or (sap_domain | trim == '') ) 14 | fail_msg: "FAIL: The variable 'sap_domain' is not set!" 15 | success_msg: "PASS: The variable 'sap_domain' is set." 16 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 17 | 18 | - name: Check if the bind-utils package, which contains the dig command, is available 19 | assert: 20 | that: "'bind-utils' in ansible_facts.packages" 21 | fail_msg: "FAIL: The package 'bind-utils' is not installed! DNS checking not possible!" 22 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 23 | 24 | - name: Check if IP address for sap_hostname.sap_domain is resolved correctly 25 | command: dig {{ sap_hostname }}.{{ sap_domain }} +short 26 | register: __sap_preconfigure_register_dig_short_assert 27 | ignore_errors: yes 28 | changed_when: no 29 | when: "'bind-utils' in ansible_facts.packages" 30 | 31 | - name: Assert that ansible_default_ipv4.address is set 32 | assert: 33 | that: not( (ansible_default_ipv4.address is undefined) or (ansible_default_ipv4.address is none) or (ansible_default_ipv4.address | trim == '') ) 34 | fail_msg: "FAIL: The variable 'ansible_default_ipv4.address' is not defined!" 35 | success_msg: "PASS: The variable 'ansible_default_ipv4.address' is defined." 36 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 37 | 38 | - name: Assert that sap_ip is set 39 | assert: 40 | that: "__sap_preconfigure_register_dig_short_assert.stdout == '{{ sap_ip }}'" 41 | fail_msg: "FAIL: The variable 'sap_ip' is not set!" 42 | success_msg: "PASS: The variable 'sap_ip' is set." 43 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 44 | when: "'bind-utils' in ansible_facts.packages" 45 | 46 | ### BUG: dig does not use search path in resolv.con on PPCle 47 | - name: Check if IP address for sap_hostname with search path is resolved correctly 48 | command: dig {{ sap_hostname }} +search +short 49 | register: __sap_preconfigure_register_dig_search_short_assert 50 | changed_when: false 51 | ignore_errors: true 52 | when: "'bind-utils' in ansible_facts.packages" 53 | 54 | - name: Assert that the IP address for sap_hostname is resolved correctly 55 | assert: 56 | that: "__sap_preconfigure_register_dig_search_short_assert.stdout == '{{ sap_ip }}'" 57 | fail_msg: "FAIL: The IP address for 'sap_hostname' could not be resolved!" 58 | success_msg: "PASS: The IP address for 'sap_hostname' was resolved." 59 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(true) }}" 60 | when: "'bind-utils' in ansible_facts.packages" 61 | 62 | - name: Check if the reverse name resolution is correct 63 | command: dig -x {{ sap_ip }} +short 64 | register: __sap_preconfigure_register_dig_reverse_assert 65 | changed_when: false 66 | ignore_errors: true 67 | when: "'bind-utils' in ansible_facts.packages" 68 | 69 | - name: Assert that the reverse name resolution is correct 70 | assert: 71 | that: "__sap_preconfigure_register_dig_reverse_assert.stdout == '{{ sap_hostname }}.{{ sap_domain }}.'" 72 | fail_msg: "FAIL: The reverse name resolution of 'sap_ip' was not successful!" 73 | success_msg: "PASS: The reverse name resolution of 'sap_ip' was successful." 74 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(true) }}" 75 | when: "'bind-utils' in ansible_facts.packages" 76 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-etc-hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert - Display host and domain name, and IP address 4 | debug: 5 | msg: 6 | - "sap_hostname = {{ sap_hostname }}" 7 | - "sap_domain = {{ sap_domain }}" 8 | - "sap_ip = {{ sap_ip }}" 9 | 10 | # Note: There is no check related to hostname aliases. 11 | #- name: Get all hostname aliases of {{ sap_ip }} 12 | # shell: | 13 | # awk '( $1 == "{{ sap_ip }}" ) { 14 | # for (i=2; i<=NF; ++i) { 15 | # if (( $i != "{{ sap_hostname }}" ) && ( $i != "{{ sap_hostname }}.{{ sap_domain }}" )) { printf $i" " } 16 | # } 17 | # }' /etc/hosts 18 | # register: sap_base_settings_register_hostname_aliases 19 | # changed_when: false 20 | # check_mode: false 21 | 22 | #- name: Print hostname aliases 23 | # debug: 24 | # var=sap_hostname_aliases 25 | 26 | - name: Check if ipv4 address, FQDN, and hostname are once in /etc/hosts 27 | command: awk 'BEGIN{a=0}/{{ sap_ip }}/&&/{{ sap_hostname }}.{{ sap_domain }}/&&/{{ sap_hostname }}/{a++}END{print a}' /etc/hosts 28 | register: __sap_preconfigure_register_ipv4_fqdn_sap_hostname_once_assert 29 | ignore_errors: yes 30 | changed_when: no 31 | 32 | - name: Assert that ipv4 address, FQDN, and hostname are once in /etc/hosts 33 | assert: 34 | that: "__sap_preconfigure_register_ipv4_fqdn_sap_hostname_once_assert.stdout == '1'" 35 | fail_msg: "FAIL: The line '{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}' needs to be once in /etc/hosts!" 36 | success_msg: "PASS: The line '{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}' is once in /etc/hosts." 37 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 38 | 39 | #- name: Ensure that the entry in /etc/hosts is correct 40 | # lineinfile: 41 | # path: /etc/hosts 42 | # regexp: '^{{ sap_ip }}\s' 43 | # line: "{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }} {{ sap_base_settings_register_hostname_aliases.stdout }}" 44 | # when: 45 | # - sap_preconfigure_assert_modify_etc_hosts | bool 46 | 47 | - name: Count the number of sap_ip ({{ sap_ip }}) entries in /etc/hosts 48 | command: awk 'BEGIN{a=0}/{{ sap_ip }}/{a++}END{print a}' /etc/hosts 49 | register: __sap_preconfigure_register_sap_ip_once_assert 50 | ignore_errors: yes 51 | changed_when: no 52 | 53 | - name: Assert that there is just one line containing {{ sap_ip }} in /etc/hosts 54 | assert: 55 | that: "__sap_preconfigure_register_sap_ip_once_assert.stdout == '1'" 56 | fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_ip }}' in /etc/hosts!" 57 | success_msg: "PASS: There is only one line containing '{{ sap_ip }}' in /etc/hosts." 58 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 59 | 60 | - name: Check for duplicate or missing entries of {{ sap_hostname }}.{{ sap_domain }} in /etc/hosts 61 | command: awk '/^{{ sap_hostname }}.{{ sap_domain }} /|| 62 | / {{ sap_hostname }}.{{ sap_domain }} /|| 63 | / {{ sap_hostname }}.{{ sap_domain }}$/{a++}END{print a}' /etc/hosts 64 | register: __sap_preconfigure_register_fqdn_once_assert 65 | ignore_errors: yes 66 | changed_when: no 67 | 68 | - name: Assert that there is just one line containing {{ sap_hostname }}.{{ sap_domain }} in /etc/hosts 69 | assert: 70 | that: "__sap_preconfigure_register_fqdn_once_assert.stdout == '1'" 71 | fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_hostname }}.{{ sap_domain }}' in /etc/hosts!" 72 | success_msg: "PASS: There is only one line containing '{{ sap_hostname }}.{{ sap_domain }}' in /etc/hosts." 73 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 74 | 75 | - name: Check for duplicate or missing entries of {{ sap_hostname }} in /etc/hosts 76 | command: awk '/^{{ sap_hostname }} /|| 77 | / {{ sap_hostname }} /|| 78 | / {{ sap_hostname }}$/{a++}END{print a}' /etc/hosts 79 | register: __sap_preconfigure_register_sap_hostname_once_assert 80 | ignore_errors: yes 81 | changed_when: no 82 | 83 | - name: Assert that there is just one line containing {{ sap_hostname }} in /etc/hosts 84 | assert: 85 | that: "__sap_preconfigure_register_sap_hostname_once_assert.stdout == '1'" 86 | fail_msg: "FAIL: There is no line, or more than one line, containing '{{ sap_hostname }}' in /etc/hosts!" 87 | success_msg: "PASS: There is only one line containing '{{ sap_hostname }}' in /etc/hosts." 88 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 89 | 90 | - name: Check hostname -s 91 | shell: test "$(hostname -s)" = "$(hostname)" 92 | register: __sap_preconfigure_register_hostname_s_assert 93 | ignore_errors: yes 94 | changed_when: no 95 | 96 | - name: Assert that hostname -s matches the output of hostname 97 | assert: 98 | that: __sap_preconfigure_register_hostname_s_assert is success 99 | fail_msg: "FAIL: The output of 'hostname -s' does not match the output of 'hostname'!" 100 | success_msg: "PASS: The output of 'hostname -s' matches the output of 'hostname'." 101 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 102 | 103 | - name: Check hostname -f 104 | shell: test "$(hostname -f)" = "$(hostname).$(hostname -d)" 105 | register: __sap_preconfigure_register_hostname_f_assert 106 | ignore_errors: yes 107 | changed_when: no 108 | 109 | - name: Assert that hostname -f matches the output of hostname.hostname -d 110 | assert: 111 | that: __sap_preconfigure_register_hostname_f_assert is success 112 | fail_msg: "FAIL: The output of 'hostname -f' does not match the output of 'hostname'.'hostname -d'!" 113 | success_msg: "PASS: The output of 'hostname -f' matches the output of 'hostname'.'hostname -d'." 114 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 115 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-firewall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Note: firewalld is not contained in ansible_facts.services. 4 | #- name: Check firewalld 5 | # block: 6 | # - name: Assert that firewalld is disabled 7 | # assert: 8 | # that: 9 | # - "'stopped' in ansible_facts.packages['firewalld'].state" 10 | # - "'disabled' in ansible_facts.packages['firewalld'].status" 11 | 12 | - name: Check firewalld 13 | block: 14 | 15 | # Reason for noqa: We need to get the current status only 16 | - name: Get status of firewalld # noqa command-instead-of-module 17 | command: systemctl status firewalld 18 | register: __sap_preconfigure_register_firewalld_status_assert 19 | ignore_errors: yes 20 | changed_when: no 21 | no_log: yes 22 | 23 | - name: Assert that firewalld is disabled 24 | assert: 25 | that: "'/usr/lib/systemd/system/firewalld.service; disabled' in __sap_preconfigure_register_firewalld_status_assert.stdout" 26 | fail_msg: "FAIL: Service 'firewalld' is not disabled!" 27 | success_msg: "PASS: Service 'firewalld' is disabled." 28 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 29 | 30 | - name: Assert that firewalld is inactive 31 | assert: 32 | that: "'inactive (dead)' in __sap_preconfigure_register_firewalld_status_assert.stdout" 33 | fail_msg: "FAIL: Service 'firewalld' is active!" 34 | success_msg: "PASS: Service 'firewalld' is inactive." 35 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 36 | 37 | when: "'firewalld' in ansible_facts.packages" 38 | 39 | - name: Report firewall install status 40 | debug: 41 | msg: "PASS: Service 'firewalld' is not installed." 42 | 43 | when: "'firewalld' not in ansible_facts.packages" 44 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-hostname.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Check if hostname is set 4 | command: hostname 5 | register: __sap_preconfigure_register_hostname_assert 6 | ignore_errors: yes 7 | changed_when: no 8 | 9 | - name: Assert that the output of hostname matches the content of variable sap_hostname 10 | assert: 11 | that: "__sap_preconfigure_register_hostname_assert.stdout == '{{ sap_hostname }}'" 12 | fail_msg: "FAIL: The output of 'hostname' does not match the content of variable 'sap_hostname'!" 13 | success_msg: "PASS: The output of 'hostname' matches the content of variable 'sap_hostname'." 14 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 15 | 16 | - name: "Assert that the length of the hostname is not longer than 'sap_preconfigure_max_hostname_length'" 17 | assert: 18 | that: "{{ sap_hostname | length | int }} <= {{ sap_preconfigure_max_hostname_length | int }}" 19 | fail_msg: "FAIL: The length of the hostname is {{ sap_hostname | length | int }} but must be less or equal to {{ sap_preconfigure_max_hostname_length }} (variable 'sap_preconfigure_max_hostname_length')!" 20 | success_msg: "PASS: The length of the hostname is {{ sap_hostname | length | int }}, which is less or equal to {{ sap_preconfigure_max_hostname_length }} (variable 'sap_preconfigure_max_hostname_length')." 21 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 22 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-kernel-parameters-loop-block.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # loop block for sapnote/RedHat/generic/assert-kernel-parameters.yml 4 | 5 | - name: Get {{ line_item.name }} from {{ __sap_preconfigure_etc_sysctl_sap_conf }} 6 | shell: awk 'BEGIN{FS="="}/{{ line_item.name }}/{gsub ("^\\s*", "", $NF); print $NF}' {{ __sap_preconfigure_etc_sysctl_sap_conf }} 7 | register: __sap_preconfigure_register_sysctl_sap_conf_kernel_parameter_assert 8 | changed_when: no 9 | ignore_errors: yes 10 | when: __sap_preconfigure_register_stat_sysctl_sap_conf_assert.stat.exists 11 | 12 | - name: Assert that {{ line_item.name }} is set correctly in {{ __sap_preconfigure_etc_sysctl_sap_conf }} 13 | assert: 14 | that: "__sap_preconfigure_register_sysctl_sap_conf_kernel_parameter_assert.stdout == '{{ line_item.value }}'" 15 | fail_msg: "FAIL: The value of '{{ line_item.name }}' in '{{ __sap_preconfigure_etc_sysctl_sap_conf }}' is 16 | '{{ __sap_preconfigure_register_sysctl_sap_conf_kernel_parameter_assert.stdout }}' but the expected value is '{{ line_item.value }}'!" 17 | success_msg: "PASS: The value of '{{ line_item.name }}' in '{{ __sap_preconfigure_etc_sysctl_sap_conf }}' is 18 | '{{ __sap_preconfigure_register_sysctl_sap_conf_kernel_parameter_assert.stdout }}'." 19 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 20 | when: __sap_preconfigure_register_stat_sysctl_sap_conf_assert.stat.exists 21 | 22 | - name: Get {{ line_item.name }} from sysctl 23 | shell: sysctl -n {{ line_item.name }} | awk '{gsub ("\t", " "); print}' 24 | register: __sap_preconfigure_register_sysctl_kernel_parameter_assert 25 | changed_when: no 26 | ignore_errors: yes 27 | 28 | - name: Assert that {{ line_item.name }} is set correctly as per sysctl 29 | assert: 30 | that: "__sap_preconfigure_register_sysctl_kernel_parameter_assert.stdout == '{{ line_item.value }}'" 31 | fail_msg: "FAIL: The current value of '{{ line_item.name }}' as per sysctl is 32 | '{{ __sap_preconfigure_register_sysctl_kernel_parameter_assert.stdout }}' but the expected value is '{{ line_item.value }}'!" 33 | success_msg: "PASS: The current value of '{{ line_item.name }}' as per sysctl is 34 | '{{ __sap_preconfigure_register_sysctl_kernel_parameter_assert.stdout }}'." 35 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 36 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-kernel-parameters.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Get info about file {{ __sap_preconfigure_etc_sysctl_sap_conf }} 4 | stat: 5 | path: "{{ __sap_preconfigure_etc_sysctl_sap_conf }}" 6 | register: __sap_preconfigure_register_stat_sysctl_sap_conf_assert 7 | 8 | - name: Assert that file /etc/sysctl.d/sap.conf exists 9 | assert: 10 | that: __sap_preconfigure_register_stat_sysctl_sap_conf_assert.stat.exists 11 | fail_msg: "FAIL: File {{ __sap_preconfigure_etc_sysctl_sap_conf }} does not exist!" 12 | success_msg: "PASS: File {{ __sap_preconfigure_etc_sysctl_sap_conf }} exist." 13 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 14 | 15 | - name: Assert that file /etc/sysctl.d/sap.conf is a regular file 16 | assert: 17 | that: __sap_preconfigure_register_stat_sysctl_sap_conf_assert.stat.isreg 18 | fail_msg: "FAIL: File {{ __sap_preconfigure_etc_sysctl_sap_conf }} is not a regular file!" 19 | success_msg: "PASS: File {{ __sap_preconfigure_etc_sysctl_sap_conf }} is a regular file." 20 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 21 | when: __sap_preconfigure_register_stat_sysctl_sap_conf_assert.stat.exists 22 | 23 | - name: Get and assert kernel tunables 24 | include_tasks: assert-kernel-parameters-loop-block.yml 25 | loop: "{{ sap_preconfigure_kernel_parameters }}" 26 | loop_control: 27 | loop_var: line_item 28 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-limits-conf-file.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Get info about file /etc/security/limits.d/99-sap.conf 4 | stat: 5 | path: /etc/security/limits.d/99-sap.conf 6 | register: __sap_preconfigure_register_stat_limits_sap_conf_assert 7 | 8 | - name: Assert that file /etc/security/limits.d/99-sap.conf exists 9 | assert: 10 | that: __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 11 | fail_msg: "FAIL: File /etc/security/limits.d/99-sap.conf does not exist!" 12 | success_msg: "PASS: File /etc/security/limits.d/99-sap.conf exist." 13 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 14 | 15 | - name: Assert that file /etc/security/limits.d/99-sap.conf is a regular file 16 | assert: 17 | that: __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 18 | fail_msg: "FAIL: File /etc/security/limits.d/99-sap.conf is not a regular file!" 19 | success_msg: "PASS: File /etc/security/limits.d/99-sap.conf is a regular file." 20 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 21 | when: __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 22 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-nofile-limits.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Check if the hard limit of nofile for group sapsys is 1048576 4 | command: awk '/sapsys/&&/nofile/&&/hard/{print $NF}' /etc/security/limits.d/99-sap.conf 5 | register: __sap_preconfigure_register_limits_sap_conf_nofile_hard_assert 6 | changed_when: no 7 | ignore_errors: yes 8 | when: 9 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 10 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 11 | 12 | - name: Assert that the hard limit of nofile for group sapsys is 1048576 13 | assert: 14 | that: "__sap_preconfigure_register_limits_sap_conf_nofile_hard_assert.stdout == '1048576'" 15 | fail_msg: "FAIL: The hard limit of nofile for group 'sapsys' in /etc/security/limits.d/99-sap.conf is 16 | '{{ __sap_preconfigure_register_limits_sap_conf_nofile_hard_assert.stdout }}' but the expected value is 1048576 !" 17 | success_msg: "PASS: The hard limit of nofile for group 'sapsys' in /etc/security/limits.d/99-sap.conf is 18 | '{{ __sap_preconfigure_register_limits_sap_conf_nofile_hard_assert.stdout }}'." 19 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 20 | when: 21 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 22 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 23 | 24 | - name: Check if the soft limit of nofile for group sapsys is 1048576 25 | command: awk '/sapsys/&&/nofile/&&/soft/{print $NF}' /etc/security/limits.d/99-sap.conf 26 | register: __sap_preconfigure_register_limits_sap_conf_nofile_soft_assert 27 | changed_when: no 28 | ignore_errors: yes 29 | when: 30 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 31 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 32 | 33 | - name: Assert that the soft limit of nofile for group sapsys is 1048576 34 | assert: 35 | that: "__sap_preconfigure_register_limits_sap_conf_nofile_soft_assert.stdout == '1048576'" 36 | fail_msg: "FAIL: The soft limit of nofile for group 'sapsys' in /etc/security/limits.d/99-sap.conf is 37 | '{{ __sap_preconfigure_register_limits_sap_conf_nofile_soft_assert.stdout }}' but the expected value is 1048576 !" 38 | success_msg: "PASS: The soft limit of nofile for group 'sapsys' in /etc/security/limits.d/99-sap.conf is 39 | '{{ __sap_preconfigure_register_limits_sap_conf_nofile_soft_assert.stdout }}'." 40 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 41 | when: 42 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 43 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 44 | 45 | - name: Get the hard limit of nofile for the database group 46 | command: awk '/@{{ sap_preconfigure_db_group_name }}/&&/nofile/&&/hard/{print $NF}' /etc/security/limits.d/99-sap.conf 47 | register: __sap_preconfigure_register_limits_sap_conf_db_group_nofile_hard_assert 48 | changed_when: no 49 | ignore_errors: yes 50 | when: 51 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 52 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 53 | - sap_preconfigure_db_group_name is defined 54 | 55 | - name: Assert that the hard limit of nofile for the database group is 1048576 56 | assert: 57 | that: "__sap_preconfigure_register_limits_sap_conf_db_group_nofile_hard_assert.stdout == '1048576'" 58 | fail_msg: "FAIL: The hard limit of nofile for group '{{ sap_preconfigure_db_group_name }}' is not set to '1048576' in /etc/security/limits.d/99-sap.conf!" 59 | success_msg: "PASS: The hard limit of nofile for group '{{ sap_preconfigure_db_group_name }}' is set to '1048576' in /etc/security/limits.d/99-sap.conf." 60 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 61 | when: 62 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 63 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 64 | - sap_preconfigure_db_group_name is defined 65 | 66 | - name: Get the soft limit of nofile for the database group 67 | command: awk '/@{{ sap_preconfigure_db_group_name }}/&&/nofile/&&/soft/{print $NF}' /etc/security/limits.d/99-sap.conf 68 | register: __sap_preconfigure_register_limits_sap_conf_db_group_nofile_soft_assert 69 | changed_when: no 70 | ignore_errors: yes 71 | when: 72 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 73 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 74 | - sap_preconfigure_db_group_name is defined 75 | 76 | - name: Assert that the soft limit of nofile for the database group is 1048576 77 | assert: 78 | that: "__sap_preconfigure_register_limits_sap_conf_db_group_nofile_soft_assert.stdout == '1048576'" 79 | fail_msg: "FAIL: The soft limit of nofile for group '{{ sap_preconfigure_db_group_name }}' is not set to '1048576' in /etc/security/limits.d/99-sap.conf!" 80 | success_msg: "PASS: The soft limit of nofile for group '{{ sap_preconfigure_db_group_name }}' is set to '1048576' in /etc/security/limits.d/99-sap.conf." 81 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 82 | when: 83 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 84 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 85 | - sap_preconfigure_db_group_name is defined 86 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-nproc-limits.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Check if the hard limit of nproc for group sapsys is unlimited 4 | command: awk '/sapsys/&&/nproc/&&/hard/{print $NF}' /etc/security/limits.d/99-sap.conf 5 | register: __sap_preconfigure_register_limits_sap_conf_nproc_hard_assert 6 | changed_when: no 7 | ignore_errors: yes 8 | when: 9 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 10 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 11 | 12 | - name: Assert that the hard limit of nproc for group sapsys is unlimited 13 | assert: 14 | that: "__sap_preconfigure_register_limits_sap_conf_nproc_hard_assert.stdout == 'unlimited'" 15 | fail_msg: "FAIL: The hard limit of nproc for group 'sapsys' in /etc/security/limits.d/99-sap.conf is 16 | '{{ __sap_preconfigure_register_limits_sap_conf_nproc_hard_assert.stdout }}' but the expected value is 'unlimited'!" 17 | success_msg: "PASS: The hard limit of nproc for group 'sapsys' in /etc/security/limits.d/99-sap.conf is 18 | '{{ __sap_preconfigure_register_limits_sap_conf_nproc_hard_assert.stdout }}'." 19 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 20 | when: 21 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 22 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 23 | 24 | - name: Check if the soft limit of nproc for group sapsys is unlimited 25 | command: awk '/sapsys/&&/nproc/&&/soft/{print $NF}' /etc/security/limits.d/99-sap.conf 26 | register: __sap_preconfigure_register_limits_sap_conf_nproc_soft_assert 27 | changed_when: no 28 | ignore_errors: yes 29 | when: 30 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 31 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 32 | 33 | - name: Assert that the soft limit of nproc for group sapsys is unlimited 34 | assert: 35 | that: "__sap_preconfigure_register_limits_sap_conf_nproc_soft_assert.stdout == 'unlimited'" 36 | fail_msg: "FAIL: The soft limit of nproc for group 'sapsys' in /etc/security/limits.d/99-sap.conf is 37 | '{{ __sap_preconfigure_register_limits_sap_conf_nproc_hard_assert.stdout }}' but the expected value is 'unlimited'!" 38 | success_msg: "PASS: The soft limit of nproc for group 'sapsys' in /etc/security/limits.d/99-sap.conf is 39 | '{{ __sap_preconfigure_register_limits_sap_conf_nproc_soft_assert.stdout }}'." 40 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 41 | when: 42 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 43 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 44 | 45 | - name: Get the hard limit of nproc for the database group 46 | command: awk '/@{{ sap_preconfigure_db_group_name }}/&&/nproc/&&/hard/{print $NF}' /etc/security/limits.d/99-sap.conf 47 | register: __sap_preconfigure_register_limits_sap_conf_db_group_nproc_hard_assert 48 | changed_when: no 49 | ignore_errors: yes 50 | when: 51 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 52 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 53 | - sap_preconfigure_db_group_name is defined 54 | 55 | - name: Assert that the hard limit of nproc for the database group is unlimited 56 | assert: 57 | that: "__sap_preconfigure_register_limits_sap_conf_db_group_nproc_hard_assert.stdout == 'unlimited'" 58 | fail_msg: "FAIL: The hard limit of nproc for group '{{ sap_preconfigure_db_group_name }}' in /etc/security/limits.d/99-sap.conf is 59 | '{{ __sap_preconfigure_register_limits_sap_conf_db_group_nproc_hard_assert.stdout }}' but the expected value is 'unlimited'!" 60 | success_msg: "PASS: The hard limit of nproc for group '{{ sap_preconfigure_db_group_name }}' in /etc/security/limits.d/99-sap.conf is 61 | '{{ __sap_preconfigure_register_limits_sap_conf_db_group_nproc_hard_assert.stdout }}'." 62 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 63 | when: 64 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 65 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 66 | - sap_preconfigure_db_group_name is defined 67 | 68 | - name: Get the soft limit of nproc for the database group 69 | command: awk '/@{{ sap_preconfigure_db_group_name }}/&&/nproc/&&/soft/{print $NF}' /etc/security/limits.d/99-sap.conf 70 | register: __sap_preconfigure_register_limits_sap_conf_db_group_nproc_soft_assert 71 | changed_when: no 72 | ignore_errors: yes 73 | when: 74 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 75 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 76 | - sap_preconfigure_db_group_name is defined 77 | 78 | - name: Assert that the soft limit of nproc for the database group is unlimited 79 | assert: 80 | that: "__sap_preconfigure_register_limits_sap_conf_db_group_nproc_soft_assert.stdout == 'unlimited'" 81 | fail_msg: "FAIL: The soft limit of nproc for group '{{ sap_preconfigure_db_group_name }}' in /etc/security/limits.d/99-sap.conf is 82 | '{{ __sap_preconfigure_register_limits_sap_conf_db_group_nproc_soft_assert.stdout }}' but the expected value is 'unlimited'!" 83 | success_msg: "PASS: The soft limit of nproc for group '{{ sap_preconfigure_db_group_name }}' in /etc/security/limits.d/99-sap.conf is 84 | '{{ __sap_preconfigure_register_limits_sap_conf_db_group_nproc_soft_assert.stdout }}'." 85 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 86 | when: 87 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.exists 88 | - __sap_preconfigure_register_stat_limits_sap_conf_assert.stat.isreg 89 | - sap_preconfigure_db_group_name is defined 90 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-selinux.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Get info about file /etc/selinux/config 4 | stat: 5 | path: /etc/selinux/config 6 | register: __sap_preconfigure_register_stat_selinux_conf_assert 7 | 8 | - name: Assert that file /etc/selinux/config exists and is a regular file 9 | assert: 10 | that: __sap_preconfigure_register_stat_selinux_conf_assert.stat.isreg 11 | fail_msg: "FAIL: File /etc/selinux/config does not exist or is not a regular file!" 12 | # success_msg: "PASS: File /etc/selinux/config exists and is a regular file." 13 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 14 | 15 | - name: Warn about SELinux being set to 'enforcing' 16 | debug: 17 | msg: "WARN: The SELinux state has been set to 'enforcing' (variable sap_preconfigure_selinux_state)." 18 | ignore_errors: yes 19 | when: "sap_preconfigure_selinux_state == 'enforcing'" 20 | 21 | - name: Warn about how SELinux would be set when role is run in normal mode 22 | debug: 23 | msg: "INFO: When running in normal mode, the role will set the SELinux state to '{{ sap_preconfigure_selinux_state }}' 24 | (variable sap_preconfigure_selinux_state)." 25 | ignore_errors: yes 26 | when: "sap_preconfigure_selinux_state != 'enforcing'" 27 | 28 | - name: "Check if the permanent configuration of the SELinux state is '{{ sap_preconfigure_selinux_state }}'" 29 | command: awk 'BEGIN{FS="="}/^SELINUX=/{print $NF}' /etc/selinux/config 30 | register: __sap_preconfigure_register_selinux_conf_assert 31 | changed_when: no 32 | ignore_errors: yes 33 | when: __sap_preconfigure_register_stat_selinux_conf_assert.stat.isreg 34 | 35 | - name: "Assert that the permanent configuration of the SELinux state is set to '{{ sap_preconfigure_selinux_state }}'" 36 | assert: 37 | that: __sap_preconfigure_register_selinux_conf_assert.stdout == "{{ sap_preconfigure_selinux_state }}" 38 | fail_msg: "FAIL: The system is not configured for the SELinux state of '{{ sap_preconfigure_selinux_state }}'. 39 | Current configuration: '{{ __sap_preconfigure_register_selinux_conf_assert.stdout }}'." 40 | success_msg: "PASS: The system is configured for the SELinux state of '{{ sap_preconfigure_selinux_state }}'" 41 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 42 | when: __sap_preconfigure_register_stat_selinux_conf_assert.stat.isreg 43 | 44 | - name: Check for the current SELinux state 45 | command: getenforce 46 | register: __sap_preconfigure_register_getenforce_assert 47 | changed_when: no 48 | 49 | - name: Assert that SELinux is set correctly 50 | assert: 51 | that: __sap_preconfigure_register_getenforce_assert.stdout | lower == "{{ sap_preconfigure_selinux_state }}" 52 | fail_msg: "FAIL: SELinux is currently not '{{ sap_preconfigure_selinux_state }}'! 53 | The current SELinux state is: '{{ __sap_preconfigure_register_getenforce_assert.stdout | lower }}'." 54 | success_msg: "PASS: SELinux is currently {{ sap_preconfigure_selinux_state }}." 55 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 56 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-systemd-tmpfiles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Get info about file /etc/tmpfiles.d/sap.conf 4 | stat: 5 | path: /etc/tmpfiles.d/sap.conf 6 | register: __sap_preconfigure_register_stat_tmpfiles_sap_conf_assert 7 | 8 | - name: Assert that file /etc/tmpfiles.d/sap.conf exists 9 | assert: 10 | that: __sap_preconfigure_register_stat_tmpfiles_sap_conf_assert.stat.exists 11 | fail_msg: "FAIL: File /etc/tmpfiles.d/sap.conf does not exist!" 12 | success_msg: "PASS: File /etc/tmpfiles.d/sap.conf exist." 13 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 14 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-tmpfs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Check the size of tmpfs 4 | command: awk '/\/dev\/shm/&&/tmpfs/{gsub ("defaults,size=", "", $4); print $4}' /etc/fstab 5 | register: __sap_preconfigure_register_fstab_tmpfs_size_gb_assert 6 | ignore_errors: yes 7 | changed_when: no 8 | 9 | - name: Assert that there is an entry for tmpfs in /etc/fstab 10 | assert: 11 | that: __sap_preconfigure_register_fstab_tmpfs_size_gb_assert.stdout | length > 0 12 | fail_msg: "FAIL: There is no entry for 'tmpfs' in /etc/fstab!" 13 | success_msg: "PASS: An entry for 'tmpfs' in /etc/fstab exists." 14 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 15 | 16 | - name: Assert that the size of tmpfs is large enough as per /etc/fstab 17 | assert: 18 | that: "'{{ sap_preconfigure_size_of_tmpfs_gb }}G' in __sap_preconfigure_register_fstab_tmpfs_size_gb_assert.stdout" 19 | fail_msg: "FAIL: The size of tmpfs in /etc/fstab is '{{ __sap_preconfigure_register_fstab_tmpfs_size_gb_assert.stdout }}' 20 | but the expected size is '{{ sap_preconfigure_size_of_tmpfs_gb }}G!" 21 | success_msg: "PASS: The size of tmpfs in /etc/fstab is '{{ __sap_preconfigure_register_fstab_tmpfs_size_gb_assert.stdout }}'." 22 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 23 | when: __sap_preconfigure_register_fstab_tmpfs_size_gb_assert.stdout | length > 0 24 | 25 | - name: Check if /dev/shm is available and has the expected size 26 | shell: df -kl /dev/shm | awk '/\/dev\/shm/&&/tmpfs/{printf ("%.0fG\n", $2/1024/1024)}' 27 | register: __sap_preconfigure_register_df_shm_assert 28 | ignore_errors: yes 29 | changed_when: no 30 | 31 | - name: Assert that the current size of tmpfs is large enough as per df output 32 | assert: 33 | that: "__sap_preconfigure_register_df_shm_assert.stdout == '{{ sap_preconfigure_size_of_tmpfs_gb }}G'" 34 | fail_msg: "FAIL: The current size of tmpfs is '{{ __sap_preconfigure_register_df_shm_assert.stdout }}' 35 | but the expected size is '{{ sap_preconfigure_size_of_tmpfs_gb }}G!" 36 | success_msg: "PASS: The current size of tmpfs is '{{ __sap_preconfigure_register_df_shm_assert.stdout }}'." 37 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 38 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/assert-uuidd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert that uuidd.service exists 4 | assert: 5 | that: "'uuidd.service' in ansible_facts.services" 6 | fail_msg: "FAIL: Service 'uuidd' could not be found!" 7 | success_msg: "PASS: Service 'uuidd' is available." 8 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 9 | 10 | # uuidd is started on demand by uuidd.socket, so it does not need to be running: 11 | - name: Report uuidd service status 12 | debug: 13 | msg: "INFO: The 'uuidd' service is in status '{{ ansible_facts.services['uuidd.service']['status'] }}' and 14 | in state '{{ ansible_facts.services['uuidd.service']['state'] }}'." 15 | when: "'uuidd.service' in ansible_facts.services" 16 | 17 | # uuidd.socket is not contained in ansible_facts.services, so we need to get the status from systemctl: 18 | # Reason for noqa: We need to get the current status only 19 | - name: Get status of uuidd.socket # noqa command-instead-of-module 20 | command: systemctl status uuidd.socket 21 | register: __sap_preconfigure_register_uuidd_socket_status_assert 22 | ignore_errors: yes 23 | changed_when: no 24 | 25 | - name: Report uuidd.socket service status 26 | debug: 27 | var: __sap_preconfigure_register_uuidd_socket_status_assert.stdout 28 | 29 | - name: Assert that uuidd.socket is enabled 30 | assert: 31 | that: "'/usr/lib/systemd/system/uuidd.socket; enabled' in __sap_preconfigure_register_uuidd_socket_status_assert.stdout" 32 | fail_msg: "FAIL: Service 'uuidd.socket' is not enabled!" 33 | success_msg: "PASS: Service 'uuidd.socket' is enabled." 34 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 35 | 36 | - name: Assert that uuidd.socket is active 37 | assert: 38 | that: "'active (running)' in __sap_preconfigure_register_uuidd_socket_status_assert.stdout or 'active (listening)' 39 | in __sap_preconfigure_register_uuidd_socket_status_assert.stdout" 40 | fail_msg: "FAIL: Service 'uuidd.socket' is not active!" 41 | success_msg: "PASS: Service 'uuidd.socket' is active." 42 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 43 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/check-dns-name-resolution.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # moved to configure-etc-hosts.yml: 4 | #- name: Verify that the DNS domain is set 5 | # assert: 6 | # that: 7 | # not( (sap_domain is undefined) or (sap_domain is none) or (sap_domain | trim == '') ) 8 | # msg: "You need to define the variable 'sap_domain' in defaults/main.yml." 9 | 10 | ### DNS is not that necessary and as such the errors are ignored 11 | ### for production it is strongly recommended to have proper DNS setup 12 | # - name: Ensure dig command is installed 13 | # package: 14 | # name: bind-utils 15 | # state: present 16 | 17 | - name: Check dns forwarding settings 18 | shell: test "$(dig {{ sap_hostname }}.{{ sap_domain }} +short)" = "{{ sap_ip }}" 19 | changed_when: false 20 | ignore_errors: true 21 | 22 | ### BUG: dig does not use search path in resolv.con on PPCle 23 | - name: Check resolv.conf settings 24 | shell: test "$(dig {{ sap_hostname }} +search +short)" = "{{ sap_ip }}" 25 | changed_when: false 26 | ignore_errors: true 27 | 28 | - name: Check dns reverse settings 29 | shell: test "$(dig -x {{ sap_ip }} +short)" = "{{ sap_hostname }}.{{ sap_domain }}." 30 | changed_when: false 31 | ignore_errors: true 32 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/configure-etc-hosts.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Display host and domain name, and IP address before the modification 4 | debug: 5 | msg: 6 | - "sap_hostname = {{ sap_hostname }}" 7 | - "sap_domain = {{ sap_domain }}" 8 | - "sap_ip = {{ sap_ip }}" 9 | 10 | - name: Get all hostname aliases of {{ sap_ip }} 11 | shell: | 12 | awk '( $1 == "{{ sap_ip }}" ) { 13 | for (i=2; i<=NF; ++i) { 14 | if (( $i != "{{ sap_hostname }}" ) && ( $i != "{{ sap_hostname }}.{{ sap_domain }}" )) { printf " "$i } 15 | } 16 | }' /etc/hosts 17 | register: __sap_preconfigure_register_sap_hostname_aliases 18 | changed_when: false 19 | 20 | - name: Display hostname aliases 21 | debug: 22 | var=__sap_preconfigure_register_sap_hostname_aliases 23 | 24 | - name: Check if ipv4 address, FQDN, and hostname are in /etc/hosts 25 | block: 26 | - name: Perform the /etc/hosts completeness check 27 | command: awk 'BEGIN{a=0}/{{ sap_ip }}/&&/{{ sap_hostname }}.{{ sap_domain }}/&&/{{ sap_hostname }}/{a++}END{print a}' /etc/hosts 28 | register: __sap_preconfigure_register_ipv4_fqdn_sap_hostname_once_check 29 | changed_when: false 30 | 31 | - name: Display the output of the /etc/hosts completeness check 32 | debug: 33 | var: __sap_preconfigure_register_ipv4_fqdn_sap_hostname_once_check.stdout_lines, 34 | __sap_preconfigure_register_ipv4_fqdn_sap_hostname_once_check.stderr_lines 35 | 36 | - name: Display the expected output of the /etc/hosts completeness check 37 | debug: 38 | msg: 39 | - "Expected:" 40 | - "{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}" 41 | when: 42 | - __sap_preconfigure_register_ipv4_fqdn_sap_hostname_once_check.stdout != "1" 43 | 44 | - name: Fail if ip4 address, FQDN, or hostname are not in /etc/hosts 45 | fail: 46 | msg: 47 | - "Server's ip4 address, FQDN, or hostname are not in /etc/hosts!" 48 | - "Expected:" 49 | - "{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}" 50 | when: 51 | - __sap_preconfigure_register_ipv4_fqdn_sap_hostname_once_check.stdout != "1" 52 | ignore_errors: "{{ ansible_check_mode }}" 53 | 54 | when: 55 | - not sap_preconfigure_modify_etc_hosts | bool 56 | 57 | # We allow more than one line containing sap_ip: 58 | - name: Check for duplicate entries of {{ sap_ip }} in /etc/hosts 59 | shell: | 60 | n=$(grep "^{{ sap_ip }}\s" /etc/hosts | wc -l) 61 | if [ $n -gt 1 ]; then 62 | echo "Duplicate IP entry in /etc/hosts!" 63 | exit 1 64 | else 65 | exit 0 66 | fi 67 | register: __sap_preconfigure_register_duplicate_ip_check 68 | changed_when: false 69 | ignore_errors: yes 70 | when: not ansible_check_mode 71 | 72 | - name: Verify that variable sap_domain is set 73 | assert: 74 | that: not( (sap_domain is undefined) or (sap_domain is none) or (sap_domain | trim == '') ) 75 | msg: "Variable 'sap_domain' is undefined or empty. Please define it in defaults/main.yml or via --extra-vars!" 76 | 77 | - name: Report if there is more than one line with the IP address 78 | debug: 79 | msg: 80 | - "More than one line containing {{ sap_ip }}. File /etc/hosts will not be modified." 81 | when: 82 | - not ansible_check_mode 83 | - __sap_preconfigure_register_duplicate_ip_check.stdout == 'Duplicate IP entry in /etc/hosts!' 84 | - sap_preconfigure_modify_etc_hosts | bool 85 | 86 | - name: Ensure that the entry in /etc/hosts is correct 87 | lineinfile: 88 | path: /etc/hosts 89 | regexp: '^{{ sap_ip }}\s' 90 | line: "{{ sap_ip }} {{ sap_hostname }}.{{ sap_domain }} {{ sap_hostname }}{{ __sap_preconfigure_register_sap_hostname_aliases.stdout }}" 91 | backup: yes 92 | when: 93 | - not ansible_check_mode 94 | - sap_domain | length > 0 95 | - __sap_preconfigure_register_duplicate_ip_check.stdout != 'Duplicate IP entry in /etc/hosts!' 96 | - sap_preconfigure_modify_etc_hosts | bool 97 | 98 | - name: Check for duplicate or missing entries of hostname and fqdn in /etc/hosts 99 | shell: | 100 | n=$(awk 'BEGIN{a=0}/^{{ line_item }}\s/||/\s{{ line_item }}\s/||/\s{{ line_item }}$/{a++}END{print a}' /etc/hosts) 101 | if [ $n -eq 1 ]; then 102 | exit 0 103 | else 104 | exit 1 105 | fi 106 | with_items: 107 | - '{{ sap_hostname }}.{{ sap_domain }}' 108 | - '{{ sap_hostname }}' 109 | changed_when: false 110 | loop_control: 111 | loop_var: line_item 112 | when: not ansible_check_mode 113 | 114 | - name: Check hostname -s and hostname -f settings 115 | shell: test "$(hostname -s)" = "$(hostname)" -a "$(hostname -f)" = "$(hostname).$(hostname -d)" 116 | changed_when: false 117 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/configure-firewall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Stop and disable service firewalld 4 | systemd: 5 | name: firewalld 6 | state: stopped 7 | enabled: no 8 | when: "'firewalld' in ansible_facts.packages" 9 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/configure-hostname.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # The hostname module fails if it is run from an initrc_t context 4 | # See also: https://github.com/ansible/ansible/issues/19814 5 | # The following applies an appropriate selinux rule if the role is run in initrc_t context 6 | 7 | # 1) using compiled file tmp/hostnamectl-fix.pp: 8 | # - name: Adding SELinux rule so that hostname will work from initrc_t context 9 | # block: 10 | # - name: copy SELinux Rule 11 | # copy: 12 | # src=tmp/hostnamectl-fix.pp 13 | # dest=/tmp/hostnamectl-fix.pp 14 | # - name: apply SELinux Rule 15 | # command: semodule -i /tmp/hostnamectl-fix.pp 16 | # when: sap_base_settings_register_selinux_context.stdout.split(':')[2] is defined and sap_base_settings_register_selinux_context.stdout.split(':')[2] == 'initrc_t' 17 | 18 | # 2) using source file tmp/hostnamectl-fix.te: 19 | # - name: Get current SELinux context 20 | # command: "id -Z" 21 | # register: sap_base_settings_register_selinux_context 22 | # changed_when: false 23 | # ignore_errors: true 24 | # 25 | # - name: Debug current SELinux context 26 | # debug: 27 | # msg: "The current SELinux context is {{ sap_base_settings_register_selinux_context.stdout.split(':')[2] }} " 28 | # ignore_errors: true 29 | # 30 | # - name: Add SELinux rule so that hostname will work from initrc_t context 31 | # block: 32 | # - name: copy SELinux Rule 33 | # copy: 34 | # src=tmp/hostnamectl-fix.te 35 | # dest=/tmp/hostnamectl-fix.te 36 | # - name: compile SELinux module file 37 | # command: checkmodule -M -m -o /tmp/hostnamectl-fix.mod /tmp/hostnamectl-fix.te 38 | # - name: build SELinux policy package 39 | # command: semodule_package -M -m -o /tmp/hostnamectl-fix.pp /tmp/hostnamectl-fix.mod 40 | # - name: load SELinux policy package 41 | # command: semodule -i /tmp/hostnamectl-fix.pp 42 | # - name: Remove temporary files 43 | # file: path=/tmp/hostnamectl-fix.* 44 | # state=absent 45 | # when: sap_base_settings_register_selinux_context.stdout.split(':')[2] is defined and sap_base_settings_register_selinux_context.stdout.split(':')[2] == 'initrc_t' 46 | 47 | - name: Ensure that the short hostname is set 48 | hostname: 49 | name: "{{ sap_hostname }}" 50 | 51 | - name: "Ensure that the length of the hostname is not longer than 'sap_preconfigure_max_hostname_length'" 52 | assert: 53 | that: "{{ sap_hostname | length | int }} <= {{ sap_preconfigure_max_hostname_length | int }}" 54 | msg: "The length of the hostname is {{ sap_hostname | length | int }} but must be less or equal to {{ sap_preconfigure_max_hostname_length }} (variable 'sap_preconfigure_max_hostname_length')!" 55 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/configure-kernel-parameters.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Set kernel parameters 4 | lineinfile: 5 | path: "{{ __sap_preconfigure_etc_sysctl_sap_conf }}" 6 | create: yes 7 | mode: '0644' 8 | regexp: ^{{ line_item.name }}.* 9 | line: "{{ line_item.name }}={{ line_item.value }}" 10 | state: present 11 | with_items: "{{ sap_preconfigure_kernel_parameters }}" 12 | loop_control: 13 | loop_var: line_item 14 | 15 | - name: Reload kernel parameters from file '{{ __sap_preconfigure_etc_sysctl_sap_conf }}' 16 | command: sysctl -p "{{ __sap_preconfigure_etc_sysctl_sap_conf }}" 17 | register: __sap_preconfigure_register_sap_conf_sysctl_p_output 18 | changed_when: true 19 | 20 | - name: Display kernel parameters after setting kernel.pid_max 21 | debug: 22 | var: __sap_preconfigure_register_sap_conf_sysctl_p_output.stdout_lines 23 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/configure-selinux.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Set SELinux state to '{{ sap_preconfigure_selinux_state }}' in /etc/selinux/config 4 | lineinfile: 5 | path: /etc/selinux/config 6 | regexp: ^SELINUX\s*=.* 7 | line: "SELINUX={{ sap_preconfigure_selinux_state }}" 8 | state: present 9 | notify: __sap_preconfigure_reboot_handler 10 | 11 | - name: Set SELinux type to 'targeted' in /etc/selinux/config 12 | lineinfile: 13 | path: /etc/selinux/config 14 | regexp: ^SELINUXTYPE\s*=.* 15 | line: 'SELINUXTYPE=targeted' 16 | state: present 17 | notify: __sap_preconfigure_reboot_handler 18 | 19 | - name: Set or unset SELinux kernel parameter, RHEL 8 and RHEL 9 20 | block: 21 | 22 | - name: Disable SELinux also on the kernel command line, RHEL 8 and RHEL 9 23 | command: grubby --args="selinux=0" --update-kernel=ALL 24 | notify: __sap_preconfigure_reboot_handler 25 | when: sap_preconfigure_selinux_state == 'disabled' 26 | 27 | - name: Make sure SELinux is not disabled on the kernel command line, RHEL 8 and RHEL 9 28 | command: grubby --remove-args="selinux" --update-kernel=ALL 29 | notify: __sap_preconfigure_reboot_handler 30 | when: sap_preconfigure_selinux_state == 'enforcing' or 31 | sap_preconfigure_selinux_state == 'permissive' 32 | 33 | when: 34 | - ansible_os_family == 'RedHat' 35 | - ( ansible_distribution_major_version == '8' or 36 | ansible_distribution_major_version == '9' 37 | ) 38 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/configure-systemd-tmpfiles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Copy file /etc/tmpfiles.d/sap.conf 4 | copy: 5 | src: etc/tmpfiles.d/sap.conf 6 | dest: /etc/tmpfiles.d/sap.conf 7 | owner: root 8 | group: root 9 | mode: '0644' 10 | backup: yes 11 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/configure-tmpfs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure tmpfs in /etc/fstab 4 | lineinfile: 5 | path: /etc/fstab 6 | regexp: '/dev/shm' 7 | line: "none /dev/shm tmpfs defaults,size={{ sap_preconfigure_size_of_tmpfs_gb }}G 0 0" 8 | state: present 9 | notify: __sap_preconfigure_mount_tmpfs_handler 10 | 11 | # The following is necessary to trigger a remount of /dev/shm in case the handler has not been notified 12 | # from the previous task 13 | - name: Get the current size of /dev/shm 14 | shell: df -hl /dev/shm | awk '/\/dev\/shm/&&/tmpfs/{gsub ("G", ""); print $2}' 15 | register: __sap_preconfigure_register_df_shm 16 | ignore_errors: yes 17 | changed_when: no 18 | check_mode: no 19 | 20 | - name: Trigger remounting if /dev/shm has not the expected size 21 | command: /bin/true 22 | notify: __sap_preconfigure_mount_tmpfs_handler 23 | when: __sap_preconfigure_register_df_shm.stdout != sap_preconfigure_size_of_tmpfs_gb 24 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/configure-uuidd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Enable and start service uuidd 4 | systemd: 5 | name: uuidd 6 | enabled: yes 7 | state: started 8 | 9 | - name: Enable and start service uuidd.socket 10 | systemd: 11 | name: uuidd.socket 12 | enabled: yes 13 | state: started 14 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/increase-nofile-limits.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Reasons for noqa: 1. Tabs can increase readability; 4 | # 2. The example in man limits.conf is tab formatted; 5 | # 3. It is difficult to replace tabs by spaces for entries for which their lenghts are not known 6 | - name: Set the hard and soft limit for the max number of open files per process (nofile) to 1048576 7 | for group 'sapsys' # noqa no-tabs 8 | lineinfile: 9 | path: /etc/security/limits.d/99-sap.conf 10 | create: yes 11 | mode: 0644 12 | regexp: '^@sapsys\s+{{ line_item }}\s+nofile\s.*' 13 | line: "@sapsys\t{{ line_item }}\tnofile\t1048576" 14 | with_items: 15 | - hard 16 | - soft 17 | loop_control: 18 | loop_var: line_item 19 | 20 | # Reasons for noqa: 1. Tabs can increase readability; 21 | # 2. The example in man limits.conf is tab formatted; 22 | # 3. It is difficult to replace tabs by spaces for entries for which their lenghts are not known 23 | - name: Set the hard and soft limit for the max number of open files per process (nofile) to 1048576 24 | for group '{{ sap_preconfigure_db_group_name }}' # noqa no-tabs 25 | lineinfile: 26 | path: /etc/security/limits.d/99-sap.conf 27 | create: yes 28 | mode: 0644 29 | regexp: '^@{{ sap_preconfigure_db_group_name }}\s+{{ line_item }}\s+nofile\s.*' 30 | line: "@{{ sap_preconfigure_db_group_name }}\t{{ line_item }}\tnofile\t1048576" 31 | with_items: 32 | - hard 33 | - soft 34 | loop_control: 35 | loop_var: line_item 36 | when: 37 | - sap_preconfigure_db_group_name is defined 38 | -------------------------------------------------------------------------------- /tasks/RedHat/generic/increase-nproc-limits.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Reasons for noqa: 1. Tabs can increase readability; 4 | # 2. The example in man limits.conf is tab formatted; 5 | # 3. It is difficult to replace tabs by spaces for entries for which their lenghts are not known 6 | - name: Set the hard and soft limit for the max number of processes per user (nproc) to unlimited 7 | for group 'sapsys' # noqa no-tabs 8 | lineinfile: 9 | path: /etc/security/limits.d/99-sap.conf 10 | create: yes 11 | mode: 0644 12 | regexp: '^@sapsys\s+{{ line_item }}\s+nproc\s.*' 13 | line: "@sapsys\t{{ line_item }}\tnproc\tunlimited" 14 | with_items: 15 | - hard 16 | - soft 17 | loop_control: 18 | loop_var: line_item 19 | 20 | # Reasons for noqa: 1. Tabs can increase readability; 21 | # 2. The example in man limits.conf is tab formatted; 22 | # 3. It is difficult to replace tabs by spaces for entries for which their lenghts are not known 23 | - name: Set the hard and soft limit for the max number of processes per user (nproc) to unlimited 24 | for group '{{ sap_preconfigure_db_group_name }}' # noqa no-tabs 25 | lineinfile: 26 | path: /etc/security/limits.d/99-sap.conf 27 | create: yes 28 | mode: 0644 29 | regexp: '^@{{ sap_preconfigure_db_group_name }}\s+{{ line_item }}\s+nproc\s.*' 30 | line: "@{{ sap_preconfigure_db_group_name }}\t{{ line_item }}\tnproc\tunlimited" 31 | with_items: 32 | - hard 33 | - soft 34 | loop_control: 35 | loop_var: line_item 36 | when: 37 | - sap_preconfigure_db_group_name is defined 38 | -------------------------------------------------------------------------------- /tasks/assert-configuration.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert - List required SAP Notes 4 | debug: 5 | var: __sap_preconfigure_sapnotes_versions | difference(['']) 6 | 7 | - name: Gather service facts 8 | service_facts: 9 | 10 | - name: Assert - Include configuration actions for required sapnotes 11 | include_tasks: "sapnote/assert-{{ sap_note_line_item.number }}.yml" 12 | with_items: "{{ __sap_preconfigure_sapnotes_versions | difference(['']) }}" 13 | loop_control: 14 | loop_var: sap_note_line_item 15 | -------------------------------------------------------------------------------- /tasks/assert-installation.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Reason for noqa: A double brace might also occur in an awk command sequence. 4 | - name: Check RHEL 7 package groups 5 | block: 6 | - name: Set yum group list installed command # noqa var-spacing 7 | set_fact: 8 | __sap_preconfigure_fact_yum_group_list_installed_command_assert: "yum group list installed hidden ids | 9 | awk '/Installed Groups:/{a=1}/Done/{a=0}{if (a==1&&!/:/){print $NF}}' | 10 | sed 's,(,,;s,),,'" 11 | 12 | # Reason for noqa: The command to be executed might contain pipes 13 | - name: Check if required RHEL 7 package groups are installed # noqa command-instead-of-shell 14 | shell: "{{ __sap_preconfigure_fact_yum_group_list_installed_command_assert }}" 15 | register: __sap_preconfigure_register_yum_group_assert 16 | changed_when: no 17 | args: 18 | warn: false 19 | 20 | - name: Assert that all required RHEL 7 package groups are installed 21 | assert: 22 | that: "'{{ line_item }}' in __sap_preconfigure_register_yum_group_assert.stdout_lines" 23 | fail_msg: "FAIL: Package group '{{ line_item }}' is not installed!" 24 | success_msg: "PASS: Package group '{{ line_item }}' is installed." 25 | loop: "{{ sap_preconfigure_packagegroups | map('replace', '@', '') | list }}" 26 | loop_control: 27 | loop_var: line_item 28 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 29 | 30 | when: 31 | - sap_preconfigure_packagegroups|d([]) 32 | - ansible_os_family == 'RedHat' 33 | - ansible_distribution_major_version == '7' 34 | 35 | # Reason for noqa: A double brace might also occur in an awk command sequence. 36 | - name: Check RHEL 8 environment groups 37 | block: 38 | - name: Set yum envgroup list installed command # noqa var-spacing 39 | set_fact: 40 | __sap_preconfigure_fact_yum_envgroup_list_installed_command_assert: "yum group list installed -v | 41 | awk '/Installed Environment Groups:/{a=1}/Installed Groups:/{a=0}{if (a==1&&!/:/){print $NF}}' | 42 | sed 's,(,,;s,),,'" 43 | 44 | # Reason for noqa: The command to be executed might contain pipes 45 | - name: Check if required RHEL 8 environment groups are installed # noqa command-instead-of-shell 46 | shell: "{{ __sap_preconfigure_fact_yum_envgroup_list_installed_command_assert }}" 47 | register: __sap_preconfigure_register_yum_envgroup_assert 48 | changed_when: no 49 | args: 50 | warn: false 51 | 52 | - name: Assert that all required RHEL 8 environment groups are installed 53 | assert: 54 | that: "'{{ line_item }}' in __sap_preconfigure_register_yum_envgroup_assert.stdout_lines" 55 | fail_msg: "FAIL: Environment group '{{ line_item }}' is not installed!" 56 | success_msg: "PASS: Environment group '{{ line_item }}' is installed." 57 | with_items: 58 | - "{{ sap_preconfigure_envgroups }}" 59 | loop_control: 60 | loop_var: line_item 61 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 62 | 63 | when: 64 | - sap_preconfigure_envgroups|d([]) 65 | - ansible_os_family == 'RedHat' 66 | - ansible_distribution_major_version == '8' 67 | 68 | - name: Assert that all required packages are installed 69 | assert: 70 | that: "'{{ line_item }}' in ansible_facts.packages" 71 | fail_msg: "FAIL: Package '{{ line_item }}' is not installed!" 72 | success_msg: "PASS: Package '{{ line_item }}' is installed." 73 | with_items: 74 | - "{{ sap_preconfigure_packages }}" 75 | loop_control: 76 | loop_var: line_item 77 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 78 | 79 | - name: Minimum required package version check 80 | block: 81 | - name: Assert - Create a list of minimum required package versions to be installed 82 | # How does it work? 83 | # 1 - Print the required package name and version with a prefix "1" followed by a space. 84 | # 2 - In the same output sequence, list all installed versions of this package with a prefix "2" followed by a space. 85 | # 3 - Replace all occurrences of ".el" by ".0.0" so that the sort -V correctly sorts packages with ".el" in its name 86 | # 4 - Sort the list by the name and version. 87 | # 5 - Replace ".0.0" by ".el" again to get back the original names. 88 | # 6 - Store the last installed version of the package in variable latestpkg. 89 | # 7 - Store the last content of column 1 in variable col1, the last content of column 2 in variable col2, 90 | # and the last number of fields in variable _nf. 91 | # 8 - case 1: If the last number of output fields is greater than 2, it indicates that the package is not installed 92 | # because the output of "rpm -q" will be similar to "package XXX is not installed". 93 | # 8 - case 2a: If the first column of the last line of the output is "1", it means that the required package is 94 | # the latest of all required and installed versions of the package, so it means that the package needs 95 | # to be updated. 96 | # 8 - case 2b: If the first column of the last line of the output is "2", it means that at least of the installed 97 | # versions the package is equal to or greater than the required package version. 98 | shell: | 99 | (echo "1 {{ pkg[0] }}-{{ pkg[1] }}";rpm -q --qf "%{NAME}-%{VERSION}-%{RELEASE}\n" {{ pkg[0] }} | 100 | awk '{printf ("2 %s\n", $0)}') | 101 | awk '{gsub ("\\.el", ".0.0"); print}' | 102 | sort -k 2 -k 1 -V | 103 | awk '{gsub ("\\.0\\.0", ".el"); col1=$1; col2=$2; _nf=NF} 104 | $1==2{latestpkg=$2} 105 | END { 106 | if (_nf>2) { 107 | printf ("Package '\''{{ pkg[0] }}'\'' needs to be installed as {{ pkg[0] }}-{{ pkg[1] }}!\n") 108 | } else { 109 | if (col1==1) { 110 | printf ("Package '\''{{ pkg[0] }}'\'' needs to be updated to %s! Currently installed latest version: %s.\n", $2, latestpkg) 111 | } 112 | if (col1==2) { 113 | printf ("Package '\''{{ pkg[0] }}'\'' is already installed as {{ pkg[0] }}-{{ pkg[1] }} or later. Currently installed latest version: %s.\n", latestpkg) 114 | } 115 | } 116 | }' 117 | with_list: "{{ __sap_preconfigure_min_pkgs }}" 118 | loop_control: 119 | loop_var: pkg 120 | check_mode: no 121 | register: __sap_preconfigure_register_minpkglist_assert 122 | changed_when: no 123 | 124 | - name: Assert that minimum required package versions are installed 125 | # If the output includes the string "is already installed" (case 2b), we have a PASS. Otherwise, it's a FAIL. 126 | assert: 127 | that: "'is already installed' in line_item.stdout" 128 | fail_msg: "FAIL: {{ line_item.stdout }}" 129 | success_msg: "PASS: {{ line_item.stdout }}" 130 | with_items: "{{ __sap_preconfigure_register_minpkglist_assert.results }}" 131 | loop_control: 132 | loop_var: line_item 133 | label: "" 134 | ignore_errors: yes 135 | 136 | when: 137 | - sap_preconfigure_min_package_check|bool 138 | - __sap_preconfigure_min_pkgs|d([]) 139 | 140 | - name: Report if no minimum required package version is defined for this RHEL release 141 | debug: 142 | msg: "INFO: No minimum required package version defined (variable __sap_preconfigure_min_pkgs)." 143 | ignore_errors: yes 144 | when: not __sap_preconfigure_min_pkgs|d([]) 145 | 146 | - name: Get info about possible package updates 147 | command: yum check-update 148 | register: __sap_preconfigure_register_yum_check_update_assert 149 | args: 150 | warn: false 151 | changed_when: false 152 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 153 | when: sap_preconfigure_update 154 | 155 | - name: Assert that there are no more possible package updates 156 | assert: 157 | that: __sap_preconfigure_register_yum_check_update_assert is success 158 | fail_msg: "FAIL: System needs to be updated!" 159 | success_msg: "PASS: There are no more outstanding package updates." 160 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 161 | when: sap_preconfigure_update 162 | 163 | - name: Report if checking for possible package updates is not requested 164 | debug: 165 | msg: "INFO: Not checking for possible package updates (variable sap_preconfigure_update)." 166 | ignore_errors: yes 167 | when: not sap_preconfigure_update 168 | 169 | - name: "Assert - Set needs-restarting command in case of RHEL 7" 170 | set_fact: 171 | __sap_preconfigure_fact_needs_restarting_command_assert: "needs-restarting -r" 172 | when: 173 | - ansible_os_family == 'RedHat' 174 | - ansible_distribution_major_version == '7' 175 | 176 | - name: "Assert - Set needs-restarting command in case of RHEL 8 or RHEL 9, except RHEL 8.0" 177 | set_fact: 178 | __sap_preconfigure_fact_needs_restarting_command_assert: "yum needs-restarting -r" 179 | when: 180 | - ansible_os_family == 'RedHat' 181 | - (ansible_distribution_major_version == '8' or 182 | ansible_distribution_major_version == '9' 183 | ) 184 | - ansible_distribution_version != '8.0' 185 | 186 | - name: "Assert - Set customized needs-restarting command in case of RHEL 8.0" 187 | set_fact: 188 | __sap_preconfigure_fact_needs_restarting_command_assert: "_IKRNL=$(rpm -q --last kernel | awk 'NR==1{sub(/kernel-/,\"\"); print $1}'); 189 | _CKRNL=$(uname -r); if [ ${_IKRNL} != ${_CKRNL} ]; then exit 1; else exit 0; fi" 190 | when: 191 | - ansible_os_family == 'RedHat' 192 | - ansible_distribution_version == '8.0' 193 | 194 | - name: Assert - Display the command for checking a reboot requirement 195 | debug: 196 | var: __sap_preconfigure_fact_needs_restarting_command_assert 197 | 198 | # Reason for noqa: The command to be executed might contain pipes 199 | - name: Assert - Determine if the system needs to be restarted # noqa command-instead-of-shell 200 | shell: "{{ __sap_preconfigure_fact_needs_restarting_command_assert }}" 201 | register: __sap_preconfigure_register_needs_restarting_assert 202 | changed_when: false 203 | args: 204 | warn: false 205 | check_mode: false 206 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 207 | 208 | - name: Assert that system needs no restart 209 | assert: 210 | that: __sap_preconfigure_register_needs_restarting_assert is success 211 | fail_msg: "FAIL: System needs to be restarted!" 212 | success_msg: "PASS: System needs no restart." 213 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 214 | -------------------------------------------------------------------------------- /tasks/configuration.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure - List required SAP Notes 4 | debug: 5 | var: __sap_preconfigure_sapnotes_versions | difference(['']) 6 | 7 | - name: Configure - Include configuration actions for required sapnotes 8 | include_tasks: "sapnote/{{ sap_note_line_item.number }}.yml" 9 | with_items: "{{ __sap_preconfigure_sapnotes_versions | difference(['']) }}" 10 | loop_control: 11 | loop_var: sap_note_line_item 12 | -------------------------------------------------------------------------------- /tasks/installation.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Ensure that the required package groups are installed, RHEL 7 4 | command: "yum install {{ sap_preconfigure_packagegroups|join(' ') }} -y" 5 | args: 6 | warn: false 7 | register: __sap_preconfigure_register_yum_group_install 8 | when: 9 | - ansible_os_family == 'RedHat' 10 | - ansible_distribution_major_version == '7' 11 | 12 | - name: Ensure that the required package groups are installed, RHEL 8 and RHEL 9 13 | # Note: We want to avoid unwanted package upgrades, see bug 1983749. 14 | command: "yum install {{ sap_preconfigure_packagegroups|join(' ') }} --nobest --exclude=kernel* -y" 15 | args: 16 | warn: false 17 | register: __sap_preconfigure_register_yum_group_install 18 | when: 19 | - ansible_os_family == 'RedHat' 20 | - (ansible_distribution_major_version == '8' or 21 | ansible_distribution_major_version == '9' 22 | ) 23 | 24 | - name: Display the output of the yum install command 25 | debug: 26 | var: __sap_preconfigure_register_yum_group_install 27 | 28 | - name: Ensure that the required packages are installed 29 | package: 30 | state: present 31 | name: "{{ sap_preconfigure_packages }}" 32 | 33 | - name: Ensure that the minimum required package versions are installed 34 | block: 35 | - name: Create a list of minimum required package versions to be installed 36 | # How does it work? 37 | # 1 - Print the required package name and version with a prefix "1" followed by a space. 38 | # 2 - In the same output sequence, list all installed versions of this package with a prefix "2" followed by a space. 39 | # 3 - Replace all occurrences of ".el" by ".0.0" so that the sort -V correctly sorts packages with ".el" in its name 40 | # 4 - Sort the list by the name and version. 41 | # 5 - Replace ".0.0" by ".el" again to get back the original names. 42 | # 6 - Store the last installed version of the package in variable latestpkg. 43 | # 7 - Store the last content of column 1 in variable col1, the last content of column 2 in variable col2, 44 | # and the last number of fields in variable _nf. 45 | # 8 - case 1: If the last number of output fields is greater than 2, it indicates that the package is not installed 46 | # because the output of "rpm -q" will be similar to "package XXX is not installed". 47 | # 8 - case 2a: If the first column of the last line of the output is "1", it means that the required package is 48 | # the latest of all required and installed versions of the package, so it means that the package needs 49 | # to be updated. 50 | # 8 - case 2b: If the first column of the last line of the output is "2", it means that at least of the installed 51 | # versions the package is equal to or greater than the required package version. 52 | shell: | 53 | (echo "1 {{ pkg[0] }}-{{ pkg[1] }}";rpm -q --qf "%{NAME}-%{VERSION}-%{RELEASE}\n" {{ pkg[0] }} | 54 | awk '{printf ("2 %s\n", $0)}') | 55 | awk '{gsub ("\\.el", ".0.0"); print}' | 56 | sort -k 2 -k 1 -V | 57 | awk '{gsub ("\\.0\\.0", ".el"); col1=$1; col2=$2; _nf=NF} 58 | $1==2{latestpkg=$2} 59 | END { 60 | if (_nf>2) { 61 | printf ("{{ pkg[0] }}-{{ pkg[1] }}\n") 62 | } else { 63 | if (col1==1) { 64 | printf ("{{ pkg[0] }}-{{ pkg[1] }}\n") 65 | } 66 | } 67 | }' 68 | with_list: "{{ __sap_preconfigure_min_pkgs }}" 69 | loop_control: 70 | loop_var: pkg 71 | check_mode: no 72 | register: __sap_preconfigure_register_minpkglist 73 | changed_when: no 74 | 75 | - name: Display the content of the minimum package list variable 76 | debug: 77 | var: __sap_preconfigure_register_minpkglist 78 | 79 | - name: Install minimum packages if required 80 | yum: 81 | name: "{{ line_item.stdout }}" 82 | state: present 83 | with_items: "{{ __sap_preconfigure_register_minpkglist.results }}" 84 | loop_control: 85 | loop_var: line_item 86 | 87 | when: 88 | - sap_preconfigure_min_package_check|bool 89 | - __sap_preconfigure_min_pkgs|d([]) 90 | 91 | # Reason for noqa: Both yum and dnf support "state: latest" 92 | - name: Ensure that the system is updated to the latest patchlevel # noqa package-latest 93 | package: 94 | state: latest 95 | name: "*" 96 | when: sap_preconfigure_update 97 | 98 | - name: "Set needs-restarting command in case of RHEL 7" 99 | set_fact: 100 | __sap_preconfigure_fact_needs_restarting_command: "needs-restarting -r" 101 | when: 102 | - ansible_os_family == 'RedHat' 103 | - ansible_distribution_major_version == '7' 104 | 105 | - name: "Set needs-restarting command in case of RHEL 8 or RHEL 9, except RHEL 8.0" 106 | set_fact: 107 | __sap_preconfigure_fact_needs_restarting_command: "yum needs-restarting -r" 108 | when: 109 | - ansible_os_family == 'RedHat' 110 | - (ansible_distribution_major_version == '8' or 111 | ansible_distribution_major_version == '9' 112 | ) 113 | - ansible_distribution_version != '8.0' 114 | 115 | - name: "Set customized needs-restarting command in case of RHEL 8.0" 116 | set_fact: 117 | __sap_preconfigure_fact_needs_restarting_command: "_IKRNL=$(rpm -q --last kernel | awk 'NR==1{sub(/kernel-/,\"\"); print $1}'); 118 | _CKRNL=$(uname -r); if [ ${_IKRNL} != ${_CKRNL} ]; then exit 1; else exit 0; fi" 119 | when: 120 | - ansible_os_family == 'RedHat' 121 | - ansible_distribution_version == '8.0' 122 | 123 | - name: Display the command for checking a reboot requirement 124 | debug: 125 | var: __sap_preconfigure_fact_needs_restarting_command 126 | 127 | # Reason for noqa: The command to be executed might contain pipes 128 | - name: Determine if the system needs to be restarted # noqa command-instead-of-shell 129 | shell: "{{ __sap_preconfigure_fact_needs_restarting_command }}" 130 | register: __sap_preconfigure_register_needs_restarting 131 | ignore_errors: true 132 | changed_when: false 133 | args: 134 | warn: false 135 | check_mode: false 136 | 137 | - name: Display the output of the reboot requirement check 138 | debug: 139 | var: __sap_preconfigure_register_needs_restarting 140 | 141 | - name: Call Reboot handler if necessary 142 | command: /bin/true 143 | notify: __sap_preconfigure_reboot_handler 144 | when: __sap_preconfigure_register_needs_restarting is failed 145 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Display the role path 4 | debug: 5 | var: role_path 6 | 7 | - name: Print deprecation notice 8 | pause: 9 | prompt: | 10 | "" 11 | "*** NOTE: This role is deprecated. ***" 12 | "" 13 | "Role sap_general_preconfigure provides all the features of this role, and more." 14 | "You can find the role in repository https://www.github.com/sap-linuxlab/community.sap_install ." 15 | "" 16 | "Press RETURN to continue anyway, or c, a, to abort:" 17 | 18 | - name: Include OS specific vars 19 | include_vars: '{{ item }}' 20 | with_first_found: 21 | - '{{ ansible_distribution }}_{{ ansible_distribution_version }}.yml' 22 | - '{{ ansible_distribution }}_{{ ansible_distribution_major_version }}.yml' 23 | - '{{ ansible_os_family }}.yml' 24 | 25 | - name: Set filename prefix to empty string if role is run in normal mode 26 | set_fact: 27 | __sap_preconfigure_fact_assert_filename_prefix: "" 28 | when: not sap_preconfigure_assert|d(false) 29 | 30 | - name: Prepend filename with assert string if role is run in assert mode 31 | set_fact: 32 | __sap_preconfigure_fact_assert_filename_prefix: "assert-" 33 | when: sap_preconfigure_assert|d(false) 34 | 35 | # required for installation and configuration tasks: 36 | - name: Gather package facts 37 | package_facts: 38 | 39 | - include_tasks: '{{ __sap_preconfigure_fact_assert_filename_prefix }}installation.yml' 40 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_installation|d(false) 41 | 42 | - include_tasks: '{{ __sap_preconfigure_fact_assert_filename_prefix }}configuration.yml' 43 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_configuration|d(false) 44 | -------------------------------------------------------------------------------- /tasks/sapnote/0941735.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Configure tmpfs 4 | - block: 5 | - name: Configure - Display SAP note number 0941735 and its version 6 | debug: 7 | msg: "SAP note {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^0941735$') | first).number }} 8 | (version {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^0941735$') | first).version }}): Configure tmpfs; 9 | memtotal_mb = {{ ansible_memtotal_mb }}; 10 | swaptotal_mb = {{ ansible_swaptotal_mb }}; 11 | sap_preconfigure_size_of_tmpfs_gb = {{ sap_preconfigure_size_of_tmpfs_gb }}" 12 | 13 | - import_tasks: ../RedHat/generic/configure-tmpfs.yml 14 | 15 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_0941735|d(false) 16 | -------------------------------------------------------------------------------- /tasks/sapnote/1391070.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Linux-UUID-solutions 4 | - block: 5 | - name: Configure - Display SAP note number 1391070 and its version 6 | debug: 7 | msg: "SAP note {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).number }} 8 | (version {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).version }}): Configure uuidd" 9 | 10 | - import_tasks: ../RedHat/generic/configure-uuidd.yml 11 | 12 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_1391070|d(false) 13 | -------------------------------------------------------------------------------- /tasks/sapnote/1771258.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Set nofile 4 | - block: 5 | - name: Configure - Display SAP note number 1771258 and its version 6 | debug: 7 | msg: "SAP note {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).number }} 8 | (version {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).version }}): User and system resouce limits" 9 | 10 | - import_tasks: ../RedHat/generic/increase-nofile-limits.yml 11 | 12 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_1771258|d(false) 13 | -------------------------------------------------------------------------------- /tasks/sapnote/2002167.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure - Display SAP note number 2002167 and its version 4 | debug: 5 | msg: "SAP note {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).number }} 6 | (version {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).version }}): Configure RHEL 7" 7 | 8 | - import_tasks: 2002167/02-configuration-changes.yml 9 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2002167_02|d(false) 10 | 11 | - import_tasks: 2002167/03-setting-the-hostname.yml 12 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2002167_03|d(false) 13 | 14 | - import_tasks: 2002167/04-linux-kernel-parameters.yml 15 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2002167_04|d(false) 16 | 17 | - import_tasks: 2002167/05-process-resource-limits.yml 18 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2002167_05|d(false) 19 | 20 | - import_tasks: 2002167/06-additional-notes-for-installing-sap-systems.yml 21 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2002167_06|d(false) 22 | -------------------------------------------------------------------------------- /tasks/sapnote/2002167/02-assert-configuration-changes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2002167-2a 4 | debug: 5 | msg: "SAP note 2002167 Step 2a: Configure the Firewall" 6 | 7 | - import_tasks: ../../RedHat/generic/assert-firewall.yml 8 | 9 | - name: Assert 2002167-2b 10 | debug: 11 | msg: "SAP note 2002167 Step 2b: Configure SELinux" 12 | 13 | - import_tasks: ../../RedHat/generic/assert-selinux.yml 14 | -------------------------------------------------------------------------------- /tasks/sapnote/2002167/02-configuration-changes.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2002167-2a 4 | debug: 5 | msg: "SAP note 2002167 Step 2a: Configure the Firewall" 6 | 7 | - import_tasks: ../../RedHat/generic/configure-firewall.yml 8 | 9 | - name: Configure 2002167-2b 10 | debug: 11 | msg: "SAP note 2002167 Step 2b: Configure SELinux" 12 | 13 | - import_tasks: ../../RedHat/generic/configure-selinux.yml 14 | -------------------------------------------------------------------------------- /tasks/sapnote/2002167/03-assert-setting-the-hostname.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2002167-3 4 | debug: 5 | msg: "SAP note 2002167 Step 3: Setting the Hostname" 6 | 7 | - import_tasks: ../../RedHat/generic/assert-hostname.yml 8 | - import_tasks: ../../RedHat/generic/assert-etc-hosts.yml 9 | - import_tasks: ../../RedHat/generic/assert-dns-name-resolution.yml 10 | -------------------------------------------------------------------------------- /tasks/sapnote/2002167/03-setting-the-hostname.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2002167-3 4 | debug: 5 | msg: "SAP note 2002167 Step 3: Setting the Hostname" 6 | 7 | - import_tasks: ../../RedHat/generic/configure-hostname.yml 8 | - import_tasks: ../../RedHat/generic/configure-etc-hosts.yml 9 | - import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml 10 | -------------------------------------------------------------------------------- /tasks/sapnote/2002167/04-assert-linux-kernel-parameters.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2002167-4 4 | debug: 5 | msg: "SAP note 2002167 Step 4: Linux Kernel Parameters" 6 | 7 | - import_tasks: ../../RedHat/generic/assert-kernel-parameters.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2002167/04-linux-kernel-parameters.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2002167-4 4 | debug: 5 | msg: "SAP note 2002167 Step 4: Linux Kernel Parameters" 6 | 7 | - import_tasks: ../../RedHat/generic/configure-kernel-parameters.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2002167/05-assert-process-resource-limits.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2002167-5 4 | debug: 5 | msg: "SAP note 2002167 Step 5: Process Resource Limits" 6 | 7 | - import_tasks: ../../RedHat/generic/assert-limits-conf-file.yml 8 | - import_tasks: ../../RedHat/generic/assert-nproc-limits.yml 9 | -------------------------------------------------------------------------------- /tasks/sapnote/2002167/05-process-resource-limits.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2002167-5 4 | debug: 5 | msg: "SAP note 2002167 Step 5: Process Resource Limits" 6 | 7 | - import_tasks: ../../RedHat/generic/increase-nproc-limits.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2002167/06-additional-notes-for-installing-sap-systems.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2002167-6 4 | debug: 5 | msg: "SAP note 2002167 Step 6: Additional notes for installing SAP systems" 6 | 7 | - name: Link LDAP library libldap 8 | file: 9 | src: /usr/lib64/libldap-2.3.so.0 10 | dest: /usr/lib64/libldap.so.199 11 | state: link 12 | 13 | - name: Link LDAP library liblber 14 | file: 15 | src: /usr/lib64/liblber-2.3.so.0 16 | dest: /usr/lib64/liblber.so.199 17 | state: link 18 | 19 | - import_tasks: ../../RedHat/generic/configure-systemd-tmpfiles.yml 20 | -------------------------------------------------------------------------------- /tasks/sapnote/2002167/06-assert-additional-notes-for-installing-sap-systems.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2002167-6 4 | debug: 5 | msg: "SAP note 2002167 Step 6: Additional notes for installing SAP systems" 6 | 7 | - name: Get info about file /usr/lib64/libldap.so.199 8 | stat: 9 | path: /usr/lib64/libldap.so.199 10 | register: __sap_preconfigure_register_stat_libldap_assert 11 | 12 | - name: Assert that file /usr/lib64/libldap.so.199 exists 13 | assert: 14 | that: __sap_preconfigure_register_stat_libldap_assert.stat.exists 15 | fail_msg: "FAIL: File /usr/lib64/libldap.so.199 does not exist!" 16 | success_msg: "PASS: File /usr/lib64/libldap.so.199 exist." 17 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 18 | 19 | - name: Assert that file /usr/lib64/libldap.so.199 is a link 20 | assert: 21 | that: __sap_preconfigure_register_stat_libldap_assert.stat.islnk 22 | fail_msg: "FAIL: File /usr/lib64/libldap.so.199 is not a link!" 23 | success_msg: "PASS: File /usr/lib64/libldap.so.199 is a link." 24 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 25 | when: __sap_preconfigure_register_stat_libldap_assert.stat.exists 26 | 27 | - name: Assert that file /usr/lib64/libldap.so.199 is a link to /usr/lib64/libldap-2.3.so.0 28 | assert: 29 | that: __sap_preconfigure_register_stat_libldap_assert.stat.lnk_target == '/usr/lib64/libldap-2.3.so.0' 30 | fail_msg: "FAIL: File /usr/lib64/libldap.so.199 is not a link to /usr/lib64/libldap-2.3.so.0!" 31 | success_msg: "PASS: File /usr/lib64/libldap.so.199 is a link to /usr/lib64/libldap-2.3.so.0." 32 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 33 | when: __sap_preconfigure_register_stat_libldap_assert.stat.exists 34 | 35 | - name: Get info about file /usr/lib64/liblber.so.199 36 | stat: 37 | path: /usr/lib64/liblber.so.199 38 | register: __sap_preconfigure_register_stat_liblber_assert 39 | 40 | - name: Assert that file /usr/lib64/liblber.so.199 exists 41 | assert: 42 | that: __sap_preconfigure_register_stat_liblber_assert.stat.exists 43 | fail_msg: "FAIL: File /usr/lib64/liblber.so.199 does not exist!" 44 | success_msg: "PASS: File /usr/lib64/liblber.so.199 exist." 45 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 46 | 47 | - name: Assert that file /usr/lib64/liblber.so.199 exists and is a link 48 | assert: 49 | that: __sap_preconfigure_register_stat_liblber_assert.stat.islnk 50 | fail_msg: "FAIL: File /usr/lib64/liblber.so.199 is not a link!" 51 | success_msg: "PASS: File /usr/lib64/liblber.so.199 is a link." 52 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 53 | when: __sap_preconfigure_register_stat_liblber_assert.stat.exists 54 | 55 | - name: Assert that file /usr/lib64/liblber.so.199 is a link to /usr/lib64/liblber-2.3.so.0 56 | assert: 57 | that: __sap_preconfigure_register_stat_liblber_assert.stat.lnk_target == '/usr/lib64/liblber-2.3.so.0' 58 | fail_msg: "FAIL: File /usr/lib64/liblber.so.199 is not a link to /usr/lib64/liblber-2.3.so.0!" 59 | success_msg: "PASS: File /usr/lib64/liblber.so.199 is a link to /usr/lib64/liblber-2.3.so.0." 60 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 61 | when: __sap_preconfigure_register_stat_liblber_assert.stat.exists 62 | 63 | - import_tasks: ../../RedHat/generic/assert-systemd-tmpfiles.yml 64 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure - Display SAP note number 2772999 and its version 4 | debug: 5 | msg: "SAP note {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).number }} 6 | (version {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).version }}): Configure RHEL 8" 7 | 8 | - import_tasks: 2772999/02-configure-selinux.yml 9 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_02|d(false) 10 | 11 | - import_tasks: 2772999/03-configure-hostname.yml 12 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_03|d(false) 13 | 14 | - import_tasks: 2772999/04-configure-network-time-and-date.yml 15 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_04|d(false) 16 | 17 | - import_tasks: 2772999/05-configure-firewall.yml 18 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_05|d(false) 19 | 20 | - import_tasks: 2772999/06-configure-uuidd.yml 21 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_06|d(false) 22 | 23 | - import_tasks: 2772999/07-configure-tmpfs.yml 24 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_07|d(false) 25 | 26 | - import_tasks: 2772999/08-configure-linux-kernel-parameters.yml 27 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_08|d(false) 28 | 29 | - import_tasks: 2772999/09-configure-process-resource-limits.yml 30 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_09|d(false) 31 | 32 | - import_tasks: 2772999/10-configure-systemd-tmpfiles.yml 33 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_10|d(false) 34 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/02-assert-selinux.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2772999-2 4 | debug: 5 | msg: "SAP note 2772999 Step 2: Configure SELinux" 6 | 7 | - import_tasks: ../../RedHat/generic/assert-selinux.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/02-configure-selinux.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2772999-2 4 | debug: 5 | msg: "SAP note 2772999 Step 2: Configure SELinux" 6 | 7 | - import_tasks: ../../RedHat/generic/configure-selinux.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/03-assert-hostname.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2772999-3 4 | debug: 5 | msg: "SAP note 2772999 Step 3: Configure Hostname" 6 | 7 | - import_tasks: ../../RedHat/generic/assert-hostname.yml 8 | - import_tasks: ../../RedHat/generic/assert-etc-hosts.yml 9 | - import_tasks: ../../RedHat/generic/assert-dns-name-resolution.yml 10 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/03-configure-hostname.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2772999-3 4 | debug: 5 | msg: "SAP note 2772999 Step 3: Configure Hostname" 6 | 7 | - import_tasks: ../../RedHat/generic/configure-hostname.yml 8 | - import_tasks: ../../RedHat/generic/configure-etc-hosts.yml 9 | - import_tasks: ../../RedHat/generic/check-dns-name-resolution.yml 10 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/04-assert-network-time-and-date.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2772999-4 4 | debug: 5 | msg: "SAP note 2772999 Step 4: Configure Network Time and Date" 6 | 7 | # Reason for noqa: We need to get the current status only 8 | - name: Get status of chronyd # noqa command-instead-of-module 9 | command: systemctl status chronyd 10 | register: __sap_preconfigure_register_chronyd_status_assert 11 | ignore_errors: yes 12 | changed_when: no 13 | 14 | - name: Assert that chronyd is enabled 15 | assert: 16 | that: "'/usr/lib/systemd/system/chronyd.service; enabled' in __sap_preconfigure_register_chronyd_status_assert.stdout" 17 | fail_msg: "FAIL: Service 'chronyd' is not enabled!" 18 | success_msg: "PASS: Service 'chronyd' is enabled." 19 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 20 | 21 | - name: Assert that chronyd is active 22 | assert: 23 | that: "'active (running)' in __sap_preconfigure_register_chronyd_status_assert.stdout" 24 | fail_msg: "FAIL: Service 'chronyd' is not active!" 25 | success_msg: "PASS: Service 'chronyd' is active." 26 | ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}" 27 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/04-configure-network-time-and-date.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2772999-4 4 | debug: 5 | msg: "SAP note 2772999 Step 4: Configure Network Time and Date" 6 | 7 | - name: Start and enable service chronyd 8 | systemd: 9 | name: chronyd 10 | state: started 11 | enabled: yes 12 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/05-assert-firewall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2772999-5 4 | debug: 5 | msg: "SAP note 2772999 Step 5: Configure the Firewall" 6 | 7 | - import_tasks: ../../RedHat/generic/assert-firewall.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/05-configure-firewall.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2772999-5 4 | debug: 5 | msg: "SAP note 2772999 Step 5: Configure the Firewall" 6 | 7 | - import_tasks: ../../RedHat/generic/configure-firewall.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/06-assert-uuidd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2772999-6 4 | debug: 5 | msg: "SAP note 2772999 Step 6: Configure uuidd" 6 | 7 | - import_tasks: ../../RedHat/generic/assert-uuidd.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/06-configure-uuidd.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2772999-6 4 | debug: 5 | msg: "SAP note 2772999 Step 6: Configure uuidd" 6 | 7 | - import_tasks: ../../RedHat/generic/configure-uuidd.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/07-assert-tmpfs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2772999-7 4 | debug: 5 | msg: "SAP note 2772999 Step 7: Configure tmpfs; 6 | memtotal_mb = {{ ansible_memtotal_mb }}; 7 | swaptotal_mb = {{ ansible_swaptotal_mb }}; 8 | sap_preconfigure_size_of_tmpfs_gb = {{ sap_preconfigure_size_of_tmpfs_gb }}" 9 | 10 | - import_tasks: ../../RedHat/generic/assert-tmpfs.yml 11 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/07-configure-tmpfs.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2772999-7 4 | debug: 5 | msg: "SAP note 2772999 Step 7: Configure tmpfs; 6 | memtotal_mb = {{ ansible_memtotal_mb }}; 7 | swaptotal_mb = {{ ansible_swaptotal_mb }}; 8 | sap_preconfigure_size_of_tmpfs_gb = {{ sap_preconfigure_size_of_tmpfs_gb }}" 9 | 10 | - import_tasks: ../../RedHat/generic/configure-tmpfs.yml 11 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/08-assert-linux-kernel-parameters.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2772999-8 4 | debug: 5 | msg: "SAP note 2772999 Step 8: Configure Linux Kernel Parameters" 6 | 7 | - import_tasks: ../../RedHat/generic/assert-kernel-parameters.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/08-configure-linux-kernel-parameters.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2772999-8 4 | debug: 5 | msg: "SAP note 2772999 Step 8: Configure Linux Kernel Parameters" 6 | 7 | - import_tasks: ../../RedHat/generic/configure-kernel-parameters.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/09-assert-process-resource-limits.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2772999-9 4 | debug: 5 | msg: "SAP note 2772999 Step 9: Configure Process Resource Limits" 6 | 7 | - import_tasks: ../../RedHat/generic/assert-limits-conf-file.yml 8 | - import_tasks: ../../RedHat/generic/assert-nproc-limits.yml 9 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/09-configure-process-resource-limits.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2772999-9 4 | debug: 5 | msg: "SAP note 2772999 Step 9: Configure Process Resource Limits" 6 | 7 | - import_tasks: ../../RedHat/generic/increase-nproc-limits.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/10-assert-systemd-tmpfiles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert 2772999-10 4 | debug: 5 | msg: "SAP note 2772999 Step 10: Configure systemd-tmpfiles" 6 | 7 | - import_tasks: ../../RedHat/generic/assert-systemd-tmpfiles.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/2772999/10-configure-systemd-tmpfiles.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Configure 2772999-10 4 | debug: 5 | msg: "SAP note 2772999 Step 10: Configure systemd-tmpfiles" 6 | 7 | - import_tasks: ../../RedHat/generic/configure-systemd-tmpfiles.yml 8 | -------------------------------------------------------------------------------- /tasks/sapnote/assert-0941735.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Configure tmpfs 4 | - block: 5 | - name: Assert - Display SAP note number 0941735 and its version 6 | debug: 7 | msg: "SAP note {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^0941735$') | first).number }} 8 | (version {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^0941735$') | first).version }}): Configure tmpfs; 9 | memtotal_mb = {{ ansible_memtotal_mb }}; 10 | swaptotal_mb = {{ ansible_swaptotal_mb }}; 11 | sap_preconfigure_size_of_tmpfs_gb = {{ sap_preconfigure_size_of_tmpfs_gb }}" 12 | 13 | - import_tasks: ../RedHat/generic/assert-tmpfs.yml 14 | 15 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_0941735|d(false) 16 | -------------------------------------------------------------------------------- /tasks/sapnote/assert-1391070.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Linux-UUID-solutions 4 | - block: 5 | - name: Assert - Display SAP note number 1391070 and its version 6 | debug: 7 | msg: "SAP note {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).number }} 8 | (version {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1391070$') | first).version }}): Configure uuidd" 9 | 10 | - import_tasks: ../RedHat/generic/assert-uuidd.yml 11 | 12 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_1391070|d(false) 13 | -------------------------------------------------------------------------------- /tasks/sapnote/assert-1771258.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # Configure tmpfs 4 | - block: 5 | - name: Assert - Display SAP note number 1771258 and its version 6 | debug: 7 | msg: "SAP note {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).number }} 8 | (version {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^1771258$') | first).version }}): User and system resouce limits" 9 | 10 | - import_tasks: ../RedHat/generic/assert-nofile-limits.yml 11 | 12 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_1771258|d(false) 13 | -------------------------------------------------------------------------------- /tasks/sapnote/assert-2002167.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert - Display SAP note number 2002167 and its version 4 | debug: 5 | msg: "SAP note {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).number }} 6 | (version {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2002167$') | first).version }}): Configure RHEL 7" 7 | 8 | - import_tasks: 2002167/02-assert-configuration-changes.yml 9 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2002167_02|d(false) 10 | 11 | - import_tasks: 2002167/03-assert-setting-the-hostname.yml 12 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2002167_03|d(false) 13 | 14 | - import_tasks: 2002167/04-assert-linux-kernel-parameters.yml 15 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2002167_04|d(false) 16 | 17 | - import_tasks: 2002167/05-assert-process-resource-limits.yml 18 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2002167_05|d(false) 19 | 20 | - import_tasks: 2002167/06-assert-additional-notes-for-installing-sap-systems.yml 21 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2002167_06|d(false) 22 | -------------------------------------------------------------------------------- /tasks/sapnote/assert-2772999.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Assert - Display SAP note number 2772999 and its version 4 | debug: 5 | msg: "SAP note {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).number }} 6 | (version {{ (__sap_preconfigure_sapnotes_versions | selectattr('number', 'match', '^2772999$') | first).version }}): Configure RHEL 8" 7 | 8 | - import_tasks: 2772999/02-assert-selinux.yml 9 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_02|d(false) 10 | 11 | - import_tasks: 2772999/03-assert-hostname.yml 12 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_03|d(false) 13 | 14 | - import_tasks: 2772999/04-assert-network-time-and-date.yml 15 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_04|d(false) 16 | 17 | - import_tasks: 2772999/05-assert-firewall.yml 18 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_05|d(false) 19 | 20 | - import_tasks: 2772999/06-assert-uuidd.yml 21 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_06|d(false) 22 | 23 | - import_tasks: 2772999/07-assert-tmpfs.yml 24 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_07|d(false) 25 | 26 | - import_tasks: 2772999/08-assert-linux-kernel-parameters.yml 27 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_08|d(false) 28 | 29 | - import_tasks: 2772999/09-assert-process-resource-limits.yml 30 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_09|d(false) 31 | 32 | - import_tasks: 2772999/10-assert-systemd-tmpfiles.yml 33 | when: sap_preconfigure_config_all|d(true) or sap_preconfigure_2772999_10|d(false) 34 | -------------------------------------------------------------------------------- /tests/beautify-assert-output.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [[ ${1}. == "bright_font". ]]; then 4 | awk 'BEGIN{printf ("\033[37mResetting font color\n")}' 5 | exit 6 | elif [[ ${1}. == "dark_font". ]]; then 7 | awk 'BEGIN{printf ("\033[30mResetting font color\n")}' 8 | exit 9 | fi 10 | 11 | if [[ ${__FONT_COLOR}. = "." ]]; then 12 | __FONT_COLOR=30m 13 | fi 14 | 15 | awk '{sub (" \"msg\": ", "")} 16 | /TASK/{task_line=$0} 17 | /fatal:/{fatal_line=$0; nfatal[host]++} 18 | /...ignoring/{nfatal[host]--; if (nfatal[host]<0) nfatal[host]=0} 19 | /^[a-z]/&&/: \[/{gsub ("\\[", ""); gsub ("]", ""); gsub (":", ""); host=$2} 20 | /SAP note/{print "\033['${__FONT_COLOR}'[" host"] "$0} 21 | /FAIL:/{nfail[host]++; print "\033[31m[" host"] "$0} 22 | /WARN:/{nwarn[host]++; print "\033[33m[" host"] "$0} 23 | /PASS:/{npass[host]++; print "\033[32m[" host"] "$0} 24 | /INFO:/{print "\033[34m[" host"] "$0} 25 | /changed/&&/unreachable/{print "\033['${__FONT_COLOR}'[" host"] "$0} 26 | END{print ("---"); for (var in npass) {printf ("[%s] ", var); if (nfatal[var]>0) { 27 | printf ("\033[31mFATAL ERROR!!! Playbook might have been aborted!!!\033['${__FONT_COLOR}' Last TASK and fatal output:\n"); print task_line, fatal_line 28 | exit 199 29 | } 30 | else printf ("\033[31mFAIL: %d \033[33mWARN: %d \033[32mPASS: %d\033['${__FONT_COLOR}'\n", nfail[var], nwarn[var], npass[var])} 31 | if (nfail[var] != 0) exit (nfail[var]) 32 | }' 33 | -------------------------------------------------------------------------------- /tests/run-sap-preconfigure-tests.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | import os 4 | import sys 5 | import subprocess 6 | 7 | # output field delimiter for displaying the results: 8 | _field_delimiter = '\t' 9 | 10 | if (len(sys.argv) == 1): 11 | _managed_node=input("Provide name of managed node: ") 12 | else: 13 | _managed_node=sys.argv[1] 14 | 15 | print('Running tests for role sap-preconfigure...\n') 16 | print('Managed node: ' + _managed_node) 17 | 18 | _mn_rhel_release = subprocess.getoutput("ssh root@" + _managed_node + " cat /etc/redhat-release | awk 'BEGIN{FS=\"release \"}{split ($2, a, \" \"); print a[1]}'") 19 | print('Managed node Red Hat release: ' + _mn_rhel_release) 20 | _mn_hw_arch = subprocess.getoutput("ssh root@" + _managed_node + " uname -m") 21 | print('Managed node HW architecture: ' + _mn_hw_arch) 22 | 23 | __tests = [ 24 | { 25 | 'number': '1', 26 | 'name': 'Run in check mode on new system.', 27 | 'command_line_parameter': '--check ', 28 | 'ignore_error_final': True, 29 | 'compact_assert_output': False, 30 | 'rc': '99', 31 | 'role_vars': [] 32 | }, 33 | { 34 | 'number': '2', 35 | 'name': 'Run in assert mode on new system. Ignore a final error.', 36 | 'command_line_parameter': '', 37 | 'ignore_error_final': True, 38 | 'compact_assert_output': False, 39 | 'rc': '99', 40 | 'role_vars': [ 41 | { 42 | 'sap_preconfigure_assert': True 43 | } 44 | ] 45 | }, 46 | { 47 | 'number': '3', 48 | 'name': 'Run in assert mode on new system, check for possible RHEL update, ignore any assert error.', 49 | 'command_line_parameter': '', 50 | 'ignore_error_final': False, 51 | 'compact_assert_output': False, 52 | 'rc': '99', 53 | 'role_vars': [ 54 | { 55 | 'sap_preconfigure_assert': True, 56 | 'sap_preconfigure_assert_ignore_errors': True, 57 | 'sap_preconfigure_update': True 58 | } 59 | ] 60 | }, 61 | { 62 | 'number': '4', 63 | 'name': 'Run in assert mode on new system, check for possible RHEL update, compact output, ignore any assert or final error.', 64 | 'command_line_parameter': '', 65 | 'ignore_error_final': True, 66 | 'compact_assert_output': True, 67 | 'rc': '99', 68 | 'role_vars': [ 69 | { 70 | 'sap_preconfigure_assert': True, 71 | 'sap_preconfigure_assert_ignore_errors': True, 72 | 'sap_preconfigure_update': True 73 | } 74 | ] 75 | }, 76 | { 77 | 'number': '5', 78 | 'name': 'Run in normal mode on new system, no reboot.', 79 | 'command_line_parameter': '', 80 | 'ignore_error_final': False, 81 | 'compact_assert_output': False, 82 | 'rc': '99', 83 | 'role_vars': [ 84 | { 85 | 'sap_preconfigure_fail_if_reboot_required': False 86 | } 87 | ] 88 | }, 89 | { 90 | 'number': '6', 91 | 'name': 'Run in check mode on configured system.', 92 | 'command_line_parameter': '--check ', 93 | 'ignore_error_final': False, 94 | 'compact_assert_output': False, 95 | 'rc': '99', 96 | 'role_vars': [] 97 | }, 98 | { 99 | 'number': '7', 100 | 'name': 'Run in assert mode on modified system. Ignore a final error.', 101 | 'command_line_parameter': '', 102 | 'ignore_error_final': True, 103 | 'compact_assert_output': False, 104 | 'rc': '99', 105 | 'role_vars': [ 106 | { 107 | 'sap_preconfigure_assert': True 108 | } 109 | ] 110 | }, 111 | { 112 | 'number': '8', 113 | 'name': 'Run in assert mode on modified system, check for possible RHEL update, ignore any assert or final error.', 114 | 'command_line_parameter': '', 115 | 'ignore_error_final': True, 116 | 'compact_assert_output': True, 117 | 'rc': '99', 118 | 'role_vars': [ 119 | { 120 | 'sap_preconfigure_assert': True, 121 | 'sap_preconfigure_assert_ignore_errors': True, 122 | 'sap_preconfigure_update': True 123 | } 124 | ] 125 | }, 126 | { 127 | 'number': '9', 128 | 'name': 'Run in normal mode. Update to the latest packages. Allow a reboot.', 129 | 'command_line_parameter': '', 130 | 'ignore_error_final': False, 131 | 'compact_assert_output': False, 132 | 'rc': '99', 133 | 'role_vars': [ 134 | { 135 | 'sap_preconfigure_update': True, 136 | 'sap_preconfigure_reboot_ok': True 137 | } 138 | ] 139 | }, 140 | { 141 | 'number': '10', 142 | 'name': 'Run in assert mode on modified system. Ignore a final error.', 143 | 'command_line_parameter': '', 144 | 'ignore_error_final': True, 145 | 'compact_assert_output': False, 146 | 'rc': '99', 147 | 'role_vars': [ 148 | { 149 | 'sap_preconfigure_assert': True 150 | } 151 | ] 152 | }, 153 | { 154 | 'number': '11', 155 | 'name': 'Run in assert mode on modified system, check for possible RHEL update, compact output, ignore any assert error.', 156 | 'command_line_parameter': '', 157 | 'ignore_error_final': True, 158 | 'compact_assert_output': True, 159 | 'rc': '99', 160 | 'role_vars': [ 161 | { 162 | 'sap_preconfigure_assert': True, 163 | 'sap_preconfigure_assert_ignore_errors': True, 164 | 'sap_preconfigure_update': True 165 | } 166 | ] 167 | } 168 | ] 169 | 170 | for par1 in __tests: 171 | print ('\n' + 'Test ' + par1['number'] + ': ' + par1['name']) 172 | command = ('ansible-playbook sap-preconfigure-default-settings.yml ' 173 | + par1['command_line_parameter'] 174 | + '-l ' 175 | + _managed_node 176 | + ' ' 177 | + '-e "') 178 | for par2 in par1['role_vars']: 179 | command += str(par2) 180 | command += '"' 181 | if (par1['compact_assert_output'] == True): 182 | command += ' | ./beautify-assert-output.sh' 183 | print ("command: " + command) 184 | _py_rc = os.system(command) 185 | par1['rc'] = str(int(_py_rc/256)) 186 | if (_py_rc != 0): 187 | if (par1['ignore_error_final'] == True): 188 | print('Test ' + par1['number'] + ' finished with return code ' + par1['rc'] + '. Continuing with the next test') 189 | else: 190 | print('Test ' + par1['number'] + ' finished with return code ' + par1['rc'] + '.') 191 | exit(_py_rc) 192 | else: 193 | print('Test ' + par1['number'] + ' finished with return code ' + par1['rc'] + '.') 194 | 195 | print ('\nResults for role sap-preconfigure: ' + _managed_node + ' - RHEL ' + _mn_rhel_release + ' - ' + _mn_hw_arch + ':') 196 | 197 | print ('\n#' 198 | + _field_delimiter 199 | + 'RC' + _field_delimiter 200 | + 'name' + _field_delimiter 201 | + 'argument' + _field_delimiter 202 | + 'compact' + _field_delimiter 203 | + 'role_vars') 204 | 205 | for par1 in __tests: 206 | print (par1['number'] + _field_delimiter 207 | + par1['rc'] + _field_delimiter 208 | + par1['name'] + _field_delimiter 209 | + par1['command_line_parameter'] + _field_delimiter 210 | + str(par1['compact_assert_output']) + _field_delimiter, end='') 211 | if (len(par1['role_vars']) == 0): 212 | print ("") 213 | else: 214 | for par2 in par1['role_vars']: 215 | print (str(par2)) 216 | -------------------------------------------------------------------------------- /tests/sap-preconfigure-default-settings.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: all 3 | roles: 4 | - role: sap-preconfigure 5 | -------------------------------------------------------------------------------- /vars/RedHat_7.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # vars file for sap-preconfigure 4 | 5 | __sap_preconfigure_sapnotes_versions: 6 | - { number: '2002167', version: '33' } 7 | - { number: '1771258', version: '6' } 8 | - { number: '1391070', version: '41' } 9 | - { number: '0941735', version: '11' } 10 | 11 | __sap_preconfigure_envgroups: "" 12 | 13 | __sap_preconfigure_packagegroups_x86_64: 14 | - "@base" 15 | - "@compat-libraries" 16 | - "@large-systems" 17 | - "@network-file-system-client" 18 | - "@performance" 19 | 20 | __sap_preconfigure_packagegroups_ppc64le: 21 | - "@base" 22 | - "@compat-libraries" 23 | 24 | __sap_preconfigure_packagegroups_ppc64: 25 | - "@base" 26 | - "@compat-libraries" 27 | 28 | __sap_preconfigure_packagegroups_s390x: 29 | - "@base" 30 | - "@compat-libraries" 31 | - "@large-systems" 32 | - "@network-file-system-client" 33 | - "@performance" 34 | 35 | __sap_preconfigure_packagegroups: "{{ lookup('vars','__sap_preconfigure_packagegroups_' + ansible_architecture ) }}" 36 | 37 | __sap_preconfigure_packages_x86_64: 38 | - uuidd 39 | - tcsh 40 | - psmisc 41 | - compat-sap-c++-5 42 | - compat-sap-c++-6 43 | - compat-sap-c++-7 44 | - compat-sap-c++-9 45 | 46 | __sap_preconfigure_packages_ppc64le: 47 | - uuidd 48 | - tcsh 49 | - psmisc 50 | - compat-sap-c++-5 51 | - compat-sap-c++-6 52 | - compat-sap-c++-7 53 | - compat-sap-c++-9 54 | 55 | __sap_preconfigure_packages_ppc64: 56 | - uuidd 57 | - tcsh 58 | - psmisc 59 | - compat-sap-c++-5 60 | - compat-sap-c++-6 61 | - compat-sap-c++-7 62 | - compat-sap-c++-9 63 | 64 | __sap_preconfigure_packages_s390x: 65 | - uuidd 66 | - tcsh 67 | - psmisc 68 | 69 | __sap_preconfigure_packages: "{{ lookup('vars','__sap_preconfigure_packages_' + ansible_architecture ) }}" 70 | 71 | __sap_preconfigure_min_packages_7_2: 72 | 73 | __sap_preconfigure_min_packages_7_3: 74 | 75 | # SAP note 2812427: 76 | __sap_preconfigure_min_packages_7_4: 77 | - [ 'kernel', '3.10.0-693.58.1.el7' ] 78 | 79 | # SAP note 2812427: 80 | __sap_preconfigure_min_packages_7_5: 81 | - [ 'kernel', '3.10.0-862.43.1.el7' ] 82 | 83 | # SAP note 2812427: 84 | __sap_preconfigure_min_packages_7_6: 85 | - [ 'kernel', '3.10.0-957.35.1.el7' ] 86 | 87 | __sap_preconfigure_min_packages_7_7: 88 | 89 | __sap_preconfigure_min_packages_7_8: 90 | 91 | __sap_preconfigure_min_packages_7_9: 92 | 93 | __sap_preconfigure_min_pkgs: "{{ lookup('vars','__sap_preconfigure_min_packages_' + ansible_distribution_version|replace (\".\", \"_\")) }}" 94 | 95 | # Note: The value for vm.max_map_count of 2147483647 (previously 2000000) 96 | # is set according to SAP note 900929. 97 | __sap_preconfigure_kernel_parameters_default: 98 | - { name: kernel.sem, value: '1250 256000 100 1024' } 99 | - { name: vm.max_map_count, value: '2147483647' } 100 | -------------------------------------------------------------------------------- /vars/RedHat_8.0.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # vars file for sap-preconfigure 4 | 5 | __sap_preconfigure_sapnotes_versions: 6 | - { number: '2772999', version: '17' } 7 | - { number: '1771258', version: '6' } 8 | 9 | __sap_preconfigure_envgroups: 10 | - "server-product-environment" 11 | 12 | __sap_preconfigure_packagegroups_x86_64: 13 | - "@server" 14 | 15 | __sap_preconfigure_packagegroups_ppc64le: 16 | - "@server" 17 | 18 | __sap_preconfigure_packagegroups_s390x: 19 | - "@server" 20 | 21 | __sap_preconfigure_packagegroups: "{{ lookup('vars','__sap_preconfigure_packagegroups_' + ansible_architecture ) }}" 22 | 23 | __sap_preconfigure_packages: 24 | - uuidd 25 | - libnsl 26 | - tcsh 27 | - psmisc 28 | - nfs-utils 29 | - bind-utils 30 | 31 | # SAP notes 2772999 (setup) and 2812427 (kernel): 32 | __sap_preconfigure_min_pkgs: 33 | - [ 'setup', '2.12.2-2.el8_0.1' ] 34 | - [ 'kernel', '4.18.0-80.15.1.el8_0' ] 35 | 36 | __sap_preconfigure_kernel_parameters_default: 37 | - { name: vm.max_map_count, value: '2147483647' } 38 | - { name: kernel.pid_max, value: '4194304' } 39 | -------------------------------------------------------------------------------- /vars/RedHat_8.1.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # vars file for sap-preconfigure 4 | 5 | __sap_preconfigure_sapnotes_versions: 6 | - { number: '2772999', version: '17' } 7 | - { number: '1771258', version: '6' } 8 | 9 | __sap_preconfigure_envgroups: 10 | - "server-product-environment" 11 | 12 | __sap_preconfigure_packagegroups_x86_64: 13 | - "@server" 14 | 15 | __sap_preconfigure_packagegroups_ppc64le: 16 | - "@server" 17 | 18 | __sap_preconfigure_packagegroups_s390x: 19 | - "@server" 20 | 21 | __sap_preconfigure_packagegroups: "{{ lookup('vars','__sap_preconfigure_packagegroups_' + ansible_architecture ) }}" 22 | 23 | __sap_preconfigure_packages_x86_64: 24 | - uuidd 25 | - libnsl 26 | - tcsh 27 | - psmisc 28 | - nfs-utils 29 | - bind-utils 30 | - compat-sap-c++-9 31 | 32 | __sap_preconfigure_packages_ppc64le: 33 | - uuidd 34 | - libnsl 35 | - tcsh 36 | - psmisc 37 | - nfs-utils 38 | - bind-utils 39 | - compat-sap-c++-9 40 | 41 | __sap_preconfigure_packages_s390x: 42 | - uuidd 43 | - libnsl 44 | - tcsh 45 | - psmisc 46 | - nfs-utils 47 | - bind-utils 48 | 49 | __sap_preconfigure_packages: "{{ lookup('vars','__sap_preconfigure_packages_' + ansible_architecture ) }}" 50 | 51 | __sap_preconfigure_min_pkgs: 52 | - [ 'setup', '2.12.2-2.el8_1.1' ] 53 | 54 | __sap_preconfigure_kernel_parameters_default: 55 | - { name: vm.max_map_count, value: '2147483647' } 56 | - { name: kernel.pid_max, value: '4194304' } 57 | -------------------------------------------------------------------------------- /vars/RedHat_8.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # vars file for sap-preconfigure 4 | 5 | __sap_preconfigure_sapnotes_versions: 6 | - { number: '2772999', version: '17' } 7 | - { number: '1771258', version: '6' } 8 | 9 | __sap_preconfigure_envgroups: 10 | - "server-product-environment" 11 | 12 | __sap_preconfigure_packagegroups_x86_64: 13 | - "@server" 14 | 15 | __sap_preconfigure_packagegroups_ppc64le: 16 | - "@server" 17 | 18 | __sap_preconfigure_packagegroups_s390x: 19 | - "@server" 20 | 21 | __sap_preconfigure_packagegroups: "{{ lookup('vars','__sap_preconfigure_packagegroups_' + ansible_architecture ) }}" 22 | 23 | __sap_preconfigure_packages_x86_64: 24 | - uuidd 25 | - libnsl 26 | - tcsh 27 | - psmisc 28 | - nfs-utils 29 | - bind-utils 30 | - compat-sap-c++-9 31 | - compat-sap-c++-10 32 | 33 | __sap_preconfigure_packages_ppc64le: 34 | - uuidd 35 | - libnsl 36 | - tcsh 37 | - psmisc 38 | - nfs-utils 39 | - bind-utils 40 | - compat-sap-c++-9 41 | - compat-sap-c++-10 42 | 43 | __sap_preconfigure_packages_s390x: 44 | - uuidd 45 | - libnsl 46 | - tcsh 47 | - psmisc 48 | - nfs-utils 49 | - bind-utils 50 | 51 | __sap_preconfigure_packages: "{{ lookup('vars','__sap_preconfigure_packages_' + ansible_architecture ) }}" 52 | 53 | __sap_preconfigure_kernel_parameters_default: 54 | - { name: vm.max_map_count, value: '2147483647' } 55 | - { name: kernel.pid_max, value: '4194304' } 56 | -------------------------------------------------------------------------------- /vars/RedHat_9.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # vars file for sap-preconfigure 4 | 5 | __sap_preconfigure_sapnotes_versions: 6 | # for the time being, use SAP note 2772999: 7 | - { number: '2772999', version: '17' } 8 | - { number: '1771258', version: '6' } 9 | 10 | __sap_preconfigure_envgroups: 11 | - "server-product-environment" 12 | 13 | __sap_preconfigure_packagegroups_x86_64: 14 | - "@server" 15 | 16 | __sap_preconfigure_packagegroups_ppc64le: 17 | - "@server" 18 | 19 | __sap_preconfigure_packagegroups_s390x: 20 | - "@server" 21 | 22 | __sap_preconfigure_packagegroups: "{{ lookup('vars','__sap_preconfigure_packagegroups_' + ansible_architecture ) }}" 23 | 24 | __sap_preconfigure_packages_x86_64: 25 | - uuidd 26 | - libnsl 27 | - tcsh 28 | - psmisc 29 | - nfs-utils 30 | - bind-utils 31 | # package hostname: needed by rhel-system-roles-sap 32 | - hostname 33 | 34 | __sap_preconfigure_packages_ppc64le: 35 | - uuidd 36 | - libnsl 37 | - tcsh 38 | - psmisc 39 | - nfs-utils 40 | - bind-utils 41 | # package hostname: needed by rhel-system-roles-sap 42 | - hostname 43 | 44 | __sap_preconfigure_packages_s390x: 45 | - uuidd 46 | - libnsl 47 | - tcsh 48 | - psmisc 49 | - nfs-utils 50 | - bind-utils 51 | # package hostname: needed by rhel-system-roles-sap 52 | - hostname 53 | 54 | __sap_preconfigure_packages: "{{ lookup('vars','__sap_preconfigure_packages_' + ansible_architecture ) }}" 55 | 56 | __sap_preconfigure_kernel_parameters_default: 57 | - { name: vm.max_map_count, value: '2147483647' } 58 | - { name: kernel.pid_max, value: '4194304' } 59 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # define variables here that will not change 4 | # Those are valid for all OS 5 | # 6 | 7 | __sap_preconfigure_etc_sysctl_sap_conf: /etc/sysctl.d/sap.conf 8 | 9 | __sap_preconfigure_max_hostname_length: '13' 10 | --------------------------------------------------------------------------------