Merge pull request #64 from berndfinger/master

solve issues 57...63;65...77

README.md

@@ -10,31 +10,52 @@ To use this role, your system needs to be installed according to:
 - RHEL 7: SAP note 2002167, Red Hat Enterprise Linux 7.x: Installation and Upgrade, section "Installing Red Hat Enterprise Linux 7"
 - RHEL 8: SAP note 2772999, Red Hat Enterprise Linux 8.x: Installation and Configuration, section "Installing Red Hat Enterprise Linux 8".
 
+Note
+----
+Do not run this role against an SAP or other production system. The role will enforce a certain configuration on the managed node(s), which might not be intended.
+
 Role Variables
 --------------
 
-- set in vars/RedHat_7.yml and vars/RedHat_8.yml:
+- set in `defaults/main.yml`:
+
+### Execute only certain steps of SAP notes
+If the following variable is set to no, only certain steps of SAP notes will be executed or checked as per setting of variable `sap_preconfigure_<sap_note_number>_<step>`. If this variable is undefined or set to no, all steps of applicable SAP notes will be executed.
+```yaml
+sap_preconfigure_config_all
+```
+
+### Define configuration steps of SAP notes
+For defining one or more steps of SAP notes to be executed or checked only, set variable `sap_preconfigure_config_all` to `no` and one or more of the following variables to `yes`:
+```yaml
+sap_preconfigure_2002167_0[2...6], example: sap_preconfigure_2002167_03
+sap_preconfigure_1391070
+sap_preconfigure_2772999_[02...10], example: sap_preconfigure_2772999_10
+```
+
+### Minimum package check
+The following variable will make sure packages are installed at minimum required versions as defined in files `vars/*.yml`. Default is `yes`.
+```yaml
+sap_preconfigure_min_package_check
+```
 
-### SAP notes to apply
-The following variable contains a list of all SAP notes which are used for this role. This is used to include yml files
-from directories tasks/sapnote/<SAP Note number>.
+### How to behave if reboot is required
+The following variable will ensure that the role will fail if a reboot is required, if undefined or set to `yes`, which is also the default. Rebooting the managed node can be done in the playbook which is calling this role. By setting the variable to `no`, the role will not fail if a reboot is required.
 ```yaml
-sap_preconfigure_sapnotes
+sap_preconfigure_fail_if_reboot_required
 ```
 
-### Required package groups
-The following variables define the required package groups. Note that variable sap_preconfigure_packagegroups is automatically filled from either sap_preconfigure_packagegroups_x86_64 or sap_preconfigure_packagegroups_ppc64le:
+### Define SELinux state
+The following variable allows for defining the desired SELinux state. Default is `disabled`.
 ```yaml
-sap_preconfigure_packagegroups_x86_64
-sap_preconfigure_packagegroups_ppc64le
-sap_preconfigure_packagegroups_s390x
-sap_preconfigure_packagegroups
+sap_preconfigure_selinux_state
 ```
 
-### Required packages
-The following variable defines the required additional packages:
+### Perform a yum update
+If the following variable is set to `yes`, the role will run a `yum update` before performing configuration changes. Default is `no`. \
+*Note*: The outcome of a `yum update` depends on the managed node's configuration for sticky OS minor version, see the description of the release option in `man subscription-manager`. For SAP HANA installations, setting a certain minor version with `subscscription-manager release --set=X.Y` is a strict requirement.
 ```yaml
-sap_preconfigure_packages
+sap_preconfigure_update
 ```
 
 ### size of TMPFS in GB:
@@ -50,12 +71,29 @@ sap_preconfigure_locale
 ```
 
 ### Modify /etc/hosts
-If you want the role to modify /etc/hosts, set the following variable to yes.
-If set to no, the role will only check if /etc/hosts is set according to SAP's requirements. Default is no.
+If you not want the role to check and if necessary modify `/etc/hosts` according to SAP's requirements, set the following variable to `no`. Default is `yes`.
 ```yaml
 sap_preconfigure_modify_etc_hosts
 ```
 
+### hostname
+If the role should not use the hostname as reported by Ansible (=`ansible_hostname`), set the following variable according to your needs:
+```yaml
+sap_hostname
+```
+
+### DNS domain name
+If the role should not use the DNS domain name as reported by Ansible (=`ansible_domain`), set the following variable according to your needs:
+```yaml
+sap_domain
+```
+
+### IP address
+If the role should not use the primary IP address as reported by Ansible (=`ansible_default_ipv4.address`), set the following variable according to your needs:
+```yaml
+sap_ip
+```
+
 ### Linux group name of the database user
 The following variable contains the name of the group which is used for the database(s), e.g. dba.
 ```yaml

defaults/main.yml

@@ -1,17 +1,28 @@
 ---
 # defaults file for sap-preconfigure
 
-sap_preconfigure_min_package_check: false
+# For executing just some of the configuration steps, set sap_preconfigure_config_all to "no"
+# and set one or more of the SAP notes related variables to "yes":
+#sap_preconfigure_config_all: no
+#sap_preconfigure_2002167_02: yes
+#sap_preconfigure_2002167_06: yes
+#sap_preconfigure_1391070: yes
+#sap_preconfigure_2772999_02: yes
+#sap_preconfigure_2772999_10: yes
 
-sap_preconfigure_installation_check_only: false
+sap_preconfigure_min_package_check: yes
 
-sap_preconfigure_update: false
+sap_preconfigure_update: no
+
+sap_preconfigure_fail_if_reboot_required: yes
+
+sap_preconfigure_selinux_state: disabled
 
 sap_preconfigure_size_of_tmpfs_gb: "{{ ((0.75 * ( ansible_memtotal_mb + ansible_swaptotal_mb )) / 1024) | round | int }}"
 
 sap_preconfigure_locale: en_US.UTF-8
 
-sap_preconfigure_modify_etc_hosts: no
+sap_preconfigure_modify_etc_hosts: yes
 
 sap_hostname: '{{ ansible_hostname }}'
 

handlers/main.yml

@@ -1,4 +1,9 @@
 ---
 # handlers file for sap-preconfigure
 
+- name: "Reboot handler"
+  fail:
+    msg: Reboot is required!
+  when: sap_preconfigure_fail_if_reboot_required|d(true)
+
 ...

tasks/RedHat/generic/check-dns-name-resolution.yml

@@ -22,7 +22,7 @@
 #     name: bind-utils
 #     state: present
 
-- name: Check dns forward settings
+- name: Check dns forwarding settings
   shell: test "$(dig {{ sap_hostname }}.{{ sap_domain }} +short)" = "{{ sap_ip }}"
   changed_when: false
   ignore_errors: true

tasks/RedHat/generic/configure-etc-hosts.yml

@@ -12,9 +12,9 @@
 - name: Get all hostname aliases of {{ sap_ip }}
   shell: |
     awk '( $1 == "{{ sap_ip }}" ) {
-      for (i=2; i<=NF; ++i) { 
-        if (( $i != "{{ sap_hostname }}" ) && ( $i != "{{ sap_hostname }}.{{ sap_domain }}" )) { printf $i" " } 
-      } 
+      for (i=2; i<=NF; ++i) {
+        if (( $i != "{{ sap_hostname }}" ) && ( $i != "{{ sap_hostname }}.{{ sap_domain }}" )) { printf $i" " }
+      }
     }' /etc/hosts
   register: sap_base_settings_register_hostname_aliases
   changed_when: false

tasks/RedHat/generic/configure-firewall.yml

@@ -0,0 +1,16 @@
+---
+# tasks file for sap-preconfigure: configuration
+
+# 05-configure-firewall.yml
+
+- debug:
+    msg: "imported RedHat/generic/configure-firewall.yml"
+
+- name: Stop and disable service firewalld
+  systemd:
+    name: firewalld
+    state: stopped
+    enabled: no
+  when: "'firewalld' in ansible_facts.packages"
+
+...

tasks/RedHat/generic/configure-selinux.yml

@@ -0,0 +1,18 @@
+---
+# tasks file for sap-preconfigure: configuration
+
+- debug:
+    msg: "imported RedHat/generic/configure-selinux.yml"
+
+- name: Set SELinux State
+  selinux:
+    state: "{{ sap_preconfigure_selinux_state }}"
+    policy: targeted
+  register: selinux_result
+
+- name: Call Reboot handler if necessary
+  command: /bin/true
+  notify: "Reboot handler"
+  when: selinux_result.reboot_required == true
+
+...

tasks/RedHat/generic/configure-systemd-tmpfiles.yml

@@ -0,0 +1,16 @@
+---
+# tasks file for sap-preconfigure: configuration
+
+- debug:
+    msg: "imported RedHat/generic/configure-systemd-tmpfiles.yml"
+
+- name: Copy file /etc/tmpfiles.d/sap.conf
+  copy:
+    src: etc/tmpfiles.d/sap.conf
+    dest: /etc/tmpfiles.d/sap.conf
+    owner: root
+    group: root
+    mode: '0644'
+    backup: yes
+
+...

tasks/RedHat/generic/configure-uuidd.yml

@@ -4,16 +4,16 @@
 - debug:
     msg: "imported RedHat/generic/configure-uuidd.yml"
 
-- name: Start and enable service uuidd
+- name: Enable and start service uuidd
   systemd:
     name: uuidd
-    state: started
     enabled: yes
+    state: started
 
-- name: Start and enable service uuidd.socket
+- name: Enable and start service uuidd.socket
   systemd:
     name: uuidd.socket
-    state: started
     enabled: yes
+    state: started
 
 ...

tasks/configuration.yml

@@ -3,16 +3,16 @@
 
 - name: list of required SAP Notes
   debug:
-    var: sap_preconfigure_sapnotes | difference([''])
+    var: __sap_preconfigure_sapnotes | difference([''])
 
 # SAP note 2772999 disables firewalld, we want to check if it is installed
-- name: Gather facts about install packages
+- name: Gather facts about installed packages
   package_facts:
     manager: auto
 
 - name: include configuration actions for required sapnotes
   include_tasks: "sapnote/{{ item }}.yml"
-  with_items: "{{ sap_preconfigure_sapnotes | difference(['']) }}"
+  with_items: "{{ __sap_preconfigure_sapnotes | difference(['']) }}"
 #- include: "{{ './' + ansible_distribution + ansible_distribution_major_version + '/recommendations.yml' }}"
 
 ...

tasks/installation.yml

@@ -1,33 +1,87 @@
 ---
 # tasks file for sap-preconfigure: installation
 
-- name: ensure minimal required packages are installed
+- name: Ensure required package groups are installed
   package:
     state: present
-    name: "{{ sap_preconfigure_min_pkgs }}"
-  when:
-    - sap_preconfigure_min_package_check|bool
-    - not( (sap_preconfigure_min_pkgs is undefined) or (sap_preconfigure_min_pkgs is none) or (sap_preconfigure_min_pkgs | trim == '') )
-
-- name: ensure required package groups are installed
-  package:
-    state: present
-    name: "{{ sap_preconfigure_packagegroups }}"
-  check_mode: "{{ sap_preconfigure_installation_check_only }}"
+    name: "{{ __sap_preconfigure_packagegroups }}"
 
-- name: ensure required packages are installed
+- name: Ensure required packages are installed
   package:
     state: present
-    name: "{{ sap_preconfigure_packages }}"
-  check_mode: "{{ sap_preconfigure_installation_check_only }}"
+    name: "{{ __sap_preconfigure_packages }}"
   register: sap_preconfigure_register_groupinstall
 
-- name: ensure system is updated to the latest patchlevel
+- name: Ensure minimum packages are installed
+  block:
+    - name: check if minimum release needs to be installed
+      shell: |
+        set -x
+        required_pkg={{ pkg | join('-') }}
+        newest=$(echo -e "$required_pkg\n$(rpm -q {{ pkg[0] }} )"| sort -V | tail -1)
+        if [ $newest == $required_pkg ]; then
+           echo $newest
+        fi
+      loop: "{{ __sap_preconfigure_min_pkgs }}"
+      loop_control:
+        loop_var: pkg
+      check_mode: no
+      register: __sap_preconfigure_register_minpkglist
+      changed_when: false
+
+    - name: Initialize an empty list for our strings
+      set_fact:
+        __sap_preconfigure_fact_minpkglist: []
+
+    - name: Create list of packages to be installed
+      set_fact:
+        __sap_preconfigure_fact_minpkglist: "{{ __sap_preconfigure_fact_minpkglist | difference(['']) + [ pkg.stdout ] }}"
+      loop: "{{ __sap_preconfigure_register_minpkglist.results }}"
+      loop_control:
+        loop_var: pkg
+    - debug: var=__sap_preconfigure_fact_minpkglist
+
+    - name: Install minimum packages if required
+      package:
+        name: "{{ __sap_preconfigure_fact_minpkglist }}"
+        state: present
+      when: not ( __sap_preconfigure_fact_minpkglist == [ "" ] )
+
+  when:
+    - sap_preconfigure_min_package_check|bool
+    - not( (__sap_preconfigure_min_pkgs is undefined) or (__sap_preconfigure_min_pkgs is none) or (__sap_preconfigure_min_pkgs | trim == '') )
+
+- name: Ensure system is updated to the latest patchlevel
   package:
     state: latest
     name: "*"
   when: sap_preconfigure_update
-  check_mode: "{{ sap_preconfigure_installation_check_only }}"
   register: sap_preconfigure_register_packageinstall
 
+- set_fact:
+    needs_restarting_command: "needs-restarting -r"
+  when:
+    - ansible_os_family == 'RedHat'
+    - ansible_distribution_major_version == '7'
+
+- set_fact:
+    needs_restarting_command: "yum needs-restarting -r"
+  when:
+    - ansible_os_family == 'RedHat'
+    - ansible_distribution_major_version == '8'
+
+- name: Check if system needs to be restarted
+  command: "{{ needs_restarting_command }}"
+  register: needs_restarting_result
+  ignore_errors: true
+  changed_when: false
+  args:
+    warn: false
+  check_mode: false
+
+- name: Call Reboot handler if necessary
+  command: /bin/true
+  notify: "Reboot handler"
+  when: needs_restarting_result.rc == 1
+
 ...

tasks/sapnote/1391070.yml

@@ -2,9 +2,11 @@
 # tasks file for sap-preconfigure: configuration
 
 # Linux-UUID-solutions
-- debug:
-    msg: "SAP note 1391070: Configure uuidd"
+- block:
+  - debug:
+      msg: "SAP note 1391070: Configure uuidd"
 
-- import_tasks: ../../RedHat/generic/configure-uuidd.yml
+  - import_tasks: ../RedHat/generic/configure-uuidd.yml
+  when: sap_preconfigure_config_all|d(true) or sap_preconfigure_1391070|d(false)
 
 ...