diff --git a/roles/sap_ha_install_hana_hsr/tasks/configure_hsr.yml b/roles/sap_ha_install_hana_hsr/tasks/configure_hsr.yml index 688d93653..04c108471 100644 --- a/roles/sap_ha_install_hana_hsr/tasks/configure_hsr.yml +++ b/roles/sap_ha_install_hana_hsr/tasks/configure_hsr.yml @@ -49,6 +49,7 @@ loop: "{{ sap_ha_install_hana_hsr_cluster_nodes }}" loop_control: label: "{{ item.node_name }}" + changed_when: true - name: "SAP HSR - Start HANA instance on secondary" ansible.builtin.shell: | diff --git a/roles/sap_ha_install_hana_hsr/tasks/hdbuserstore.yml b/roles/sap_ha_install_hana_hsr/tasks/hdbuserstore.yml index 696eaffdf..290a8689c 100644 --- a/roles/sap_ha_install_hana_hsr/tasks/hdbuserstore.yml +++ b/roles/sap_ha_install_hana_hsr/tasks/hdbuserstore.yml @@ -2,6 +2,7 @@ # ansible-lint: # become_user string is deduced from a variable + suffix with no spaces - name: "SAP HSR - Check if hdbuserstore exists" + become: true become_user: "{{ sap_ha_install_hana_hsr_sid | lower }}adm" ansible.builtin.command: | /usr/sap/{{ sap_ha_install_hana_hsr_sid }}/SYS/exe/hdb/hdbuserstore \ @@ -15,6 +16,7 @@ # ansible-lint: # become_user string is deduced from a variable + suffix with no spaces - name: "SAP HSR - Create and Store Connection Info in hdbuserstore" + become: true become_user: "{{ sap_ha_install_hana_hsr_sid | lower }}adm" ansible.builtin.command: | /usr/sap/{{ sap_ha_install_hana_hsr_sid }}/SYS/exe/hdb/hdbuserstore \ @@ -22,3 +24,4 @@ {{ ansible_hostname }}:3{{ sap_ha_install_hana_hsr_instance_number }}13 \ SYSTEM '{{ sap_ha_install_hana_hsr_db_system_password }}' when: sap_ha_install_hana_hsr_hdbuserstore.rc != '0' + changed_when: true diff --git a/roles/sap_ha_install_hana_hsr/tasks/log_mode.yml b/roles/sap_ha_install_hana_hsr/tasks/log_mode.yml index 0b007b2a2..952abfa69 100644 --- a/roles/sap_ha_install_hana_hsr/tasks/log_mode.yml +++ b/roles/sap_ha_install_hana_hsr/tasks/log_mode.yml @@ -24,3 +24,4 @@ EOF ignore_errors: true when: sap_ha_install_hana_hsr_log_mode.rc != '0' + changed_when: true diff --git a/roles/sap_ha_install_hana_hsr/tasks/pki_files.yml b/roles/sap_ha_install_hana_hsr/tasks/pki_files.yml index 3031fda73..61e61e91f 100644 --- a/roles/sap_ha_install_hana_hsr/tasks/pki_files.yml +++ b/roles/sap_ha_install_hana_hsr/tasks/pki_files.yml @@ -5,6 +5,8 @@ # control node. - name: "SAP HSR - Direct connection handling to primary" + become: true + become_user: "{{ sap_ha_install_hana_hsr_sid | lower }}adm" block: - name: "SAP HSR - Create .ssh if missing" @@ -123,6 +125,3 @@ - __sap_ha_install_hana_hsr_create_ssh_prim.changed is defined - __sap_ha_install_hana_hsr_create_ssh_prim.changed delegate_to: "{{ __sap_ha_install_hana_hsr_primary_node }}" - - become: true - become_user: "{{ sap_ha_install_hana_hsr_sid | lower }}adm" diff --git a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml index f36d36a21..a65fc28fb 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/configure_nwas_ascs_ers_postinstallation.yml @@ -129,6 +129,7 @@ label: "{{ nwas_profile_item.0 }} -> {{ nwas_profile_item.1 }}" - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for ASCS to be up and running" + become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_where_ascs ansible.builtin.shell: | @@ -137,6 +138,7 @@ failed_when: false - name: "SAP HA Pacemaker - (SAP HA Interface) Wait for ERS to be up and running" + become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_where_ers ansible.builtin.shell: | @@ -147,6 +149,7 @@ - name: "SAP HA Pacemaker - (SAP HA Interface) Restart the ASCS service" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_restart_ascs ansible.builtin.shell: | @@ -156,6 +159,7 @@ - name: "SAP HA Pacemaker - (SAP HA Interface) Restart the ERS service" when: - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 + become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_restart_ers ansible.builtin.shell: | @@ -172,6 +176,7 @@ - name: "SAP HA Pacemaker - (SAP HA Interface) Run HA check for ASCS" when: - __sap_ha_pacemaker_cluster_register_where_ascs.rc == 0 + become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_ascs_ha ansible.builtin.shell: | @@ -181,6 +186,7 @@ - name: "SAP HA Pacemaker - (SAP HA Interface) Run HA check for ERS" when: - __sap_ha_pacemaker_cluster_register_where_ers.rc == 0 + become: true become_user: "{{ sap_ha_pacemaker_cluster_nwas_abap_sid | lower }}adm" register: __sap_ha_pacemaker_cluster_register_ers_ha ansible.builtin.shell: | diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml index bc6e17140..26ca95f7a 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_common.yml @@ -28,11 +28,11 @@ - name: "SAP HA Prepare Pacemaker - Combine extra packages lists" ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_extra_packages: "{{ ( - sap_ha_pacemaker_cluster_extra_packages + __sap_ha_pacemaker_cluster_extra_packages: "{{ + (sap_ha_pacemaker_cluster_extra_packages + __sap_ha_pacemaker_cluster_sap_extra_packages - + __sap_ha_pacemaker_cluster_platform_extra_packages - ) | unique | select() }}" + + __sap_ha_pacemaker_cluster_platform_extra_packages) + | unique | select() }}" # remove duplicates and empty elements # sap_ha_pacemaker_cluster_fence_agent_minimal_packages -> global default @@ -41,8 +41,8 @@ - name: "SAP HA Prepare Pacemaker - Combine fence agent packages lists" ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_fence_agent_packages: "{{ ( - sap_ha_pacemaker_cluster_fence_agent_minimal_packages + __sap_ha_pacemaker_cluster_fence_agent_packages: "{{ + (sap_ha_pacemaker_cluster_fence_agent_minimal_packages + sap_ha_pacemaker_cluster_fence_agent_packages - + __sap_ha_pacemaker_cluster_fence_agent_packages - ) | unique }}" + + __sap_ha_pacemaker_cluster_fence_agent_packages) + | unique }}" diff --git a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml index 43da8bf1b..e47d8ab4a 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/construct_vars_stonith.yml @@ -37,7 +37,7 @@ - name: "SAP HA Prepare Pacemaker - (STONITH) Set to disabled when no fencing resource is defined" ansible.builtin.set_fact: sap_ha_pacemaker_cluster_cluster_properties: - "{{ sap_ha_pacemaker_cluster_cluster_properties | combine({ 'stonith-enabled': false }) }}" + "{{ sap_ha_pacemaker_cluster_cluster_properties | combine({'stonith-enabled': false}) }}" - name: "SAP HA Prepare Pacemaker - Warn that there is no STONITH configured" ansible.builtin.pause: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml b/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml index 954e0216d..645f6b6e0 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/include_construct_vip_resources.yml @@ -1,21 +1,28 @@ --- +# For the sake of readability and maintainability, suppress cosmetical ansible-lint warnings. - name: "SAP HA Prepare Pacemaker - Make a list of potential VIP definitions" ansible.builtin.set_fact: - __sap_ha_pacemaker_cluster_all_vip_fact: + __sap_ha_pacemaker_cluster_all_vip_fact: # noqa: jinja[spacing] hana_scaleup_perf: "{{ { - sap_ha_pacemaker_cluster_vip_hana_primary_resource_name: sap_ha_pacemaker_cluster_vip_hana_primary_ip_address | regex_replace('/.*', ''), - sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name: sap_ha_pacemaker_cluster_vip_hana_secondary_ip_address | regex_replace('/.*', '') + sap_ha_pacemaker_cluster_vip_hana_primary_resource_name: + sap_ha_pacemaker_cluster_vip_hana_primary_ip_address | regex_replace('/.*', ''), + sap_ha_pacemaker_cluster_vip_hana_secondary_resource_name: + sap_ha_pacemaker_cluster_vip_hana_secondary_ip_address | regex_replace('/.*', '') } }}" nwas_abap_ascs_ers: "{{ { - sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_name: sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_ip_address | regex_replace('/.*', ''), - sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_name: sap_ha_pacemaker_cluster_vip_nwas_abap_ers_ip_address | regex_replace('/.*', '') + sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_resource_name: + sap_ha_pacemaker_cluster_vip_nwas_abap_ascs_ip_address | regex_replace('/.*', ''), + sap_ha_pacemaker_cluster_vip_nwas_abap_ers_resource_name: + sap_ha_pacemaker_cluster_vip_nwas_abap_ers_ip_address | regex_replace('/.*', '') } }}" nwas_abap_pas_aas: "{{ { - sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name: sap_ha_pacemaker_cluster_vip_nwas_abap_pas_ip_address | regex_replace('/.*', ''), - sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name: sap_ha_pacemaker_cluster_vip_nwas_abap_aas_ip_address | regex_replace('/.*', '') + sap_ha_pacemaker_cluster_vip_nwas_abap_pas_resource_name: + sap_ha_pacemaker_cluster_vip_nwas_abap_pas_ip_address | regex_replace('/.*', ''), + sap_ha_pacemaker_cluster_vip_nwas_abap_aas_resource_name: + sap_ha_pacemaker_cluster_vip_nwas_abap_aas_ip_address | regex_replace('/.*', '') } }}" - name: "SAP HA Prepare Pacemaker - Combine VIP parameters" diff --git a/roles/sap_ha_pacemaker_cluster/tasks/main.yml b/roles/sap_ha_pacemaker_cluster/tasks/main.yml index 74a9868e2..d2d9b3ccd 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/main.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/main.yml @@ -190,6 +190,7 @@ loop_control: label: "{{ item.key }}={{ item.value }}" run_once: true + changed_when: true - name: "SAP HA Install Pacemaker - Include srHook configuration" ansible.builtin.include_tasks: diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/ascertain_platform_type.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/ascertain_platform_type.yml index a12ee9c30..e7f8d1f2f 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/ascertain_platform_type.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/ascertain_platform_type.yml @@ -74,6 +74,7 @@ ansible.builtin.shell: | set -o pipefail && rpm -qa | grep -E -e "rsct.basic" register: __sap_ha_pacemaker_cluster_power_rsct_check + changed_when: false when: ansible_architecture == "ppc64le" - name: "SAP HA Prepare Pacemaker - Check if platform is IBM Power - RSCT binary check" @@ -87,6 +88,7 @@ ansible.builtin.shell: | /opt/rsct/bin/ctgethscid register: __sap_ha_pacemaker_cluster_power_rsct_hscid + changed_when: false when: - ansible_architecture == "ppc64le" - __sap_ha_pacemaker_cluster_power_rsct_check.stdout != "" diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/include_vars_platform.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/include_vars_platform.yml index b8a0f0d46..6113928b0 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/include_vars_platform.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/include_vars_platform.yml @@ -16,14 +16,14 @@ __sap_ha_pacemaker_cluster_pcmk_host_map: |- {% for node in ansible_play_hosts_all -%} {{ hostvars[node].ansible_hostname }}:{{ hostvars[node].ansible_board_asset_tag }} - {%- if not loop.last %};{% endif %} + {%- if not loop.last %};{% endif %} {% endfor %} when: __sap_ha_pacemaker_cluster_platform == "cloud_aws_ec2_vs" - name: "SAP HA Prepare Pacemaker - IBM Power VS from IBM Cloud - Set variable for fencing agent" ansible.builtin.set_fact: sap_ha_pacemaker_cluster_ibmcloud_powervs_host_guid: "{{ __sap_ha_pacemaker_cluster_register_ibmcloud_powervs_host }}" - sap_ha_pacemaker_cluster_ibmcloud_powervs_workspace_guid: '{{ sap_ha_pacemaker_cluster_ibmcloud_powervs_workspace_crn | replace("::","") | regex_replace(".*\:") }}' + sap_ha_pacemaker_cluster_ibmcloud_powervs_workspace_guid: '{{ sap_ha_pacemaker_cluster_ibmcloud_powervs_workspace_crn | replace("::", "") | regex_replace(".*\:") }}' when: __sap_ha_pacemaker_cluster_platform == "cloud_ibmcloud_powervs" # pcmk_host_map format: :;:... @@ -32,7 +32,7 @@ __sap_ha_pacemaker_cluster_pcmk_host_map: |- {% for node in ansible_play_hosts_all -%} {{ hostvars[node].ansible_hostname }}:{{ hostvars[node].__sap_ha_pacemaker_cluster_register_ibmcloud_powervs_host.stdout }} - {%- if not loop.last %};{% endif %} + {%- if not loop.last %};{% endif %} {% endfor %} when: __sap_ha_pacemaker_cluster_platform == "cloud_ibmcloud_powervs" @@ -50,7 +50,7 @@ __sap_ha_pacemaker_cluster_pcmk_host_map: |- {% for node in ansible_play_hosts_all -%} {{ hostvars[node].ansible_hostname }}:{{ hostvars[node].sap_ha_pacemaker_cluster_ibmpower_vm_hmc_system_partition_name }} - {%- if not loop.last %};{% endif %} + {%- if not loop.last %};{% endif %} {% endfor %} when: __sap_ha_pacemaker_cluster_platform == "hyp_ibmpower_vm" @@ -61,7 +61,7 @@ __sap_ha_pacemaker_cluster_pcmk_host_map: |- {% for node in ansible_play_hosts_all -%} {{ hostvars[node].ansible_hostname }}:{{ hostvars[node].__sap_ha_pacemaker_cluster_register_ibmcloud_vs_host.stdout }} - {%- if not loop.last %};{% endif %} + {%- if not loop.last %};{% endif %} {% endfor %} when: __sap_ha_pacemaker_cluster_platform == "cloud_ibmcloud_vs" @@ -72,6 +72,6 @@ __sap_ha_pacemaker_cluster_pcmk_host_map: |- {% for node in ansible_play_hosts_all -%} {{ hostvars[node].ansible_hostname }}:{{ hostvars[node].ansible_hostname }} - {%- if not loop.last %};{% endif %} + {%- if not loop.last %};{% endif %} {% endfor %} when: __sap_ha_pacemaker_cluster_platform == "cloud_msazure_vm" diff --git a/roles/sap_ha_pacemaker_cluster/tasks/platform/preconfigure_cloud_ibmcloud_vs.yml b/roles/sap_ha_pacemaker_cluster/tasks/platform/preconfigure_cloud_ibmcloud_vs.yml index e1b1baf28..3553ffee1 100644 --- a/roles/sap_ha_pacemaker_cluster/tasks/platform/preconfigure_cloud_ibmcloud_vs.yml +++ b/roles/sap_ha_pacemaker_cluster/tasks/platform/preconfigure_cloud_ibmcloud_vs.yml @@ -10,10 +10,12 @@ ansible.builtin.file: path: /var/log/haproxy state: directory + mode: '0755' - name: "SAP HA Prepare Pacemaker - IBM Cloud VS - Create haproxy config for rsyslog" ansible.builtin.copy: dest: /etc/rsyslog.d/haproxy.conf + mode: '0644' content: | # Additional socket in haproxy's chroot # to allow logging via /dev/log to chroot'ed HAProxy processes