Merge pull request #110 from berndfinger/bz1891642

solve issues #38, 91, 96...102, 104, 106...111

README.md

@@ -20,19 +20,39 @@ Role Variables
 - set in `defaults/main.yml`:
 
 ### Execute only certain steps of SAP notes
-If the following variable is set to no, only certain steps of SAP notes will be executed or checked as per setting of variable `sap_preconfigure_<sap_note_number>_<step>`. If this variable is undefined or set to no, all steps of applicable SAP notes will be executed.
+If the following variable is set to no, only certain steps of SAP notes will be executed or checked as per setting of variable `sap_preconfigure_<sap_note_number>_<step>`. If this variable is undefined or set to no, all installation and configuration steps of applicable SAP notes will be executed.
 ```yaml
 sap_preconfigure_config_all
 ```
 
+### Perform installation or configuration steps, or both
+If you have set `sap_preconfigure_config_all` (see above) to `no`, you can limit the scope of the role to only execute the installation or the configuration steps. For this purpose, set one of the following variables, or both, to `yes`. The default for both is `no`.
+```yaml
+sap_preconfigure_installation
+sap_preconfigure_configuration
+```
+
 ### Define configuration steps of SAP notes
-For defining one or more steps of SAP notes to be executed or checked only, set variable `sap_preconfigure_config_all` to `no` and one or more of the following variables to `yes`:
+For defining one or more configuration steps of SAP notes to be executed or checked only, set variable `sap_preconfigure_config_all` to `no`, `sap_preconfigure_configuration` to `yes`, and one or more of the following variables to `yes`:
 ```yaml
 sap_preconfigure_2002167_0[2...6], example: sap_preconfigure_2002167_03
 sap_preconfigure_1391070
 sap_preconfigure_2772999_[02...10], example: sap_preconfigure_2772999_10
 ```
 
+### Run the role in assert mode
+If the following variable is set to `yes`, the role will only check if the configuration of the managed node(s) is according to the applicable SAP notes. Default is `no`.
+```yaml
+sap_preconfigure_assert
+```
+
+### Behavior of the role in assert mode
+If the role is run in assert mode (see above) and the following variable is set to `yes`, assertion errors will not cause the role to fail. This can be useful for creating reports.
+Default is `no`, meaning that the role will fail for any assertion error which is discovered. This variable has no meaning if the role is not run in assert mode.
+```yaml
+sap_preconfigure_assert_ignore_errors
+```
+
 ### Minimum package check
 The following variable will make sure packages are installed at minimum required versions as defined in files `vars/*.yml`. Default is `yes`.
 ```yaml
@@ -46,8 +66,16 @@ If the following variable is set to `yes`, the role will run a `yum update` befo
 sap_preconfigure_update
 ```
 
+### Reboot the system if required
+If the following variable is set to `yes`, the role will reboot the managed node if required. The default is `no`, in which case the role will only report that a reboot is required.
+```yaml
+sap_preconfigure_reboot_ok
+```
+
 ### How to behave if reboot is required
-The following variable will ensure that the role will fail if a reboot is required, if undefined or set to `yes`, which is also the default. Rebooting the managed node can be done in the playbook which is calling this role. By setting the variable to `no`, the role will not fail if a reboot is required.
+In case `sap_preconfigure_reboot_ok` (see above) is set to `no`, we should make sure that a reboot requirement does not remain unnoticed.
+The following variable will cause the role to fail if a reboot is required, if undefined or set to `yes`, which is also the default. 
+By setting the variable to `no`, the role will not fail if a reboot is required but just print a warning message.
 ```yaml
 sap_preconfigure_fail_if_reboot_required
 ```
@@ -58,8 +86,8 @@ The following variable allows for defining the desired SELinux state. Default is
 sap_preconfigure_selinux_state
 ```
 
-### size of TMPFS in GB:
-The following variable contains a formula for setting the size of TMPFS according to SAP note 941735.
+### Size of TMPFS in GB:
+The following variable contains a formula for setting the size of TMPFS according to SAP note 941735. You can modify the formula or replace it by a static value if needed.
 ```yaml
 sap_preconfigure_size_of_tmpfs_gb
 ```
@@ -108,16 +136,52 @@ This role does not depend on any other role.
 Example Playbook
 ----------------
 
+Simple playbook, named sap.yml:
 ```yaml
 ---
-    - hosts: all
-      roles:
-         - role: sap-preconfigure
+- hosts: all
+  roles:
+    - role: sap-preconfigure
 ```
 
 Example Usage
 -------------
-ansible-playbook -l remote_host site.yml
+Normal run:
+```yaml
+ansible-playbook sap.yml -l remote_host
+```
+
+Extended Check (assert) run, aborting for any error which has been found:
+```yaml
+ansible-playbook sap.yml -l remote_host -e "{sap_preconfigure_assert: yes}"
+```
+
+Extended Check (assert) run, not aborting even if an error has been found:
+```yaml
+ansible-playbook sap.yml -l remote_host -e "{sap_preconfigure_assert: yes, sap_preconfigure_assert_ignore_errors: no}"
+```
+
+Same as above, with a nice compact and colored output, this time for two hosts:
+```yaml
+ansible-playbook sap.yml -l host_1,host_2 -e "{sap_preconfigure_assert: yes, sap_preconfigure_assert_ignore_errors: yes}" |
+awk '{sub ("    \"msg\": ", "")}
+  /TASK/{task_line=$0}
+  /fatal:/{fatal_line=$0; nfatal[host]++}
+  /...ignoring/{nfatal[host]--; if (nfatal[host]<0) nfatal[host]=0}
+  /^[a-z]/&&/: \[/{gsub ("\\[", ""); gsub ("]", ""); gsub (":", ""); host=$2}
+  /SAP note/{print "\033[30m[" host"] "$0}
+  /FAIL:/{nfail[host]++; print "\033[31m[" host"] "$0}
+  /WARN:/{nwarn[host]++; print "\033[33m[" host"] "$0}
+  /PASS:/{npass[host]++; print "\033[32m[" host"] "$0}
+  /INFO:/{print "\033[34m[" host"] "$0}
+  /changed/&&/unreachable/{print "\033[30m[" host"] "$0}
+  END{print ("---"); for (var in npass) {printf ("[%s] ", var); if (nfatal[var]>0) {
+        printf ("\033[31mFATAL ERROR!!! Playbook might have been aborted!!!\033[30m Last TASK and fatal output:\n"); print task_line, fatal_line
+     }
+     else printf ("\033[31mFAIL: %d  \033[33mWARN: %d  \033[32mPASS: %d\033[30m\n", nfail[var], nwarn[var], npass[var])}}'
+```
+Note: For terminals with white font on dark background, replace the color code `30m` by `37m`.
+In case you need to reset terminal font colors to the default, run: `tput init`.
 
 License
 -------

defaults/main.yml

@@ -1,19 +1,31 @@
 ---
 # defaults file for sap-preconfigure
 
-# For executing just some of the configuration steps, set sap_preconfigure_config_all to "no"
-# and set one or more of the SAP notes related variables to "yes":
+# For executing just some of the configuration steps,
+# 1 - set sap_preconfigure_config_all to "no" (default is "yes"),
+# 2 - set sap_preconfigure_installation or sap_preconfigure_configuration, or both, to "yes" (default for both is "no")
+# 3 - and set one or more of the SAP notes related variables to "yes":
 #sap_preconfigure_config_all: no
+#sap_preconfigure_installation: yes
+#sap_preconfigure_configuration: yes
+## examples for RHEL7:
 #sap_preconfigure_2002167_02: yes
 #sap_preconfigure_2002167_06: yes
 #sap_preconfigure_1391070: yes
+## examples for RHEL8:
 #sap_preconfigure_2772999_02: yes
 #sap_preconfigure_2772999_10: yes
 
+sap_preconfigure_assert: no
+
+sap_preconfigure_assert_ignore_errors: no
+
 sap_preconfigure_min_package_check: yes
 
 sap_preconfigure_update: no
 
+sap_preconfigure_reboot_ok: no
+
 sap_preconfigure_fail_if_reboot_required: yes
 
 sap_preconfigure_selinux_state: disabled

handlers/main.yml

@@ -1,9 +1,40 @@
 ---
 # handlers file for sap-preconfigure
 
-- name: "Reboot handler"
+- name: Reboot the managed node
+  reboot:
+    test_command: /bin/true
+  listen: __sap_preconfigure_reboot_handler
+  when:
+    - sap_preconfigure_reboot_ok|d(false)
+
+- name: Let the role fail if a reboot is required
   fail:
     msg: Reboot is required!
-  when: sap_preconfigure_fail_if_reboot_required|d(true)
+  listen: __sap_preconfigure_reboot_handler
+  when:
+    - sap_preconfigure_fail_if_reboot_required|d(true)
+    - not sap_preconfigure_reboot_ok|d(false)
+
+- name: Show a warning message if a reboot is required
+  debug:
+    msg: "WARN: Reboot is required!"
+  listen: __sap_preconfigure_reboot_handler
+  when:
+    - not sap_preconfigure_fail_if_reboot_required|d(true)
+    - not sap_preconfigure_reboot_ok|d(false)
+
+- name: Remount /dev/shm
+  command: bash -lc "mount -o remount /dev/shm"
+  listen: __sap_preconfigure_mount_tmpfs_handler
+
+- name: Check if /dev/shm is available
+  command: bash -lc "df -h /dev/shm"
+  register: shell_result
+  listen: __sap_preconfigure_mount_tmpfs_handler
+
+- debug:
+    var: shell_result.stdout_lines, shell_result.stderr_lines
+  listen: __sap_preconfigure_mount_tmpfs_handler
 
 ...

tasks/RedHat/generic/assert-dns-name-resolution.yml

@@ -0,0 +1,80 @@
+---
+
+- debug:
+    msg: "imported RedHat/generic/assert-dns-name-resolution.yml"
+
+- debug:
+    msg:
+      - "sap_hostname = {{ sap_hostname }}"
+      - "sap_domain = {{ sap_domain }}"
+      - "sap_ip = {{ sap_ip }}"
+
+- name: Assert that the DNS domain is set
+  assert:
+    that:
+      - not( (ansible_domain is undefined) or (ansible_domain is none) or (ansible_domain | trim == '') )
+    fail_msg: "FAIL: The DNS domain is not configured! So variable 'sap_domain' needs to be configured!"
+    success_msg: "PASS: The DNS domain is configured."
+#  ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}"
+  ignore_errors: yes
+
+- name: Assert that variable sap_domain is set
+  assert:
+    that:
+      - not( (sap_domain is undefined) or (sap_domain is none) or (sap_domain | trim == '') )
+    fail_msg: "FAIL: The variable 'sap_domain' is not set!"
+    success_msg: "PASS: The variable 'sap_domain' is set."
+  ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}"
+
+- name: Check if IP address for sap_hostname.sap_domain is resolved correctly
+  shell: dig {{ sap_hostname }}.{{ sap_domain }} +short
+  register: dig_short_result
+  ignore_errors: yes
+  changed_when: no
+
+- name: Assert that ansible_default_ipv4.address is set
+  assert:
+    that:
+      - not( (ansible_default_ipv4.address is undefined) or (ansible_default_ipv4.address is none) or (ansible_default_ipv4.address | trim == '') )
+    fail_msg: "FAIL: The variable 'ansible_default_ipv4.address' is not defined!"
+    success_msg: "PASS: The variable 'ansible_default_ipv4.address' is defined."
+  ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}"
+
+- name: Assert that sap_ip is set
+  assert:
+    that:
+      - dig_short_result.stdout == '{{ sap_ip }}'
+    fail_msg: "FAIL: The variable 'sap_ip' is not set!"
+    success_msg: "PASS: The variable 'sap_ip' is set."
+  ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(false) }}"
+
+### BUG: dig does not use search path in resolv.con on PPCle
+- name: Check if IP address for sap_hostname with search path is resolved correctly
+  shell: dig {{ sap_hostname }} +search +short
+  register: dig_search_short_result
+  changed_when: false
+  ignore_errors: true
+
+- name: Assert that the IP address for sap_hostname is resolved correctly
+  assert:
+    that:
+      - dig_search_short_result.stdout == '{{ sap_ip }}'
+    fail_msg: "FAIL: The IP address for 'sap_hostname' could not be resolved!"
+    success_msg: "PASS: The IP address for 'sap_hostname' was resolved."
+  ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(true) }}"
+
+- name: Check if the reverse name resolution is correct
+  shell: dig -x {{ sap_ip }} +short
+  register: dig_reverse_result
+  changed_when: false
+  ignore_errors: true
+
+- name: Assert that the reverse name resolution is correct
+  assert:
+    that:
+      - dig_reverse_result.stdout == '{{ sap_hostname }}.{{ sap_domain }}.'
+    fail_msg: "FAIL: The reverse name resolution of 'sap_ip' was not successful!"
+    success_msg: "PASS: The reverse name resolution of 'sap_ip' was successful."
+  ignore_errors: "{{ sap_preconfigure_assert_ignore_errors|d(true) }}"
+
+...