From c92e4724371a2d7974a1d4269b22fa8a4a213a8a Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Wed, 9 Oct 2024 11:20:38 +0100 Subject: [PATCH 01/12] sap_swpm: New functionality to push SUM through the manual steps --- roles/sap_swpm/tasks/post_install.yml | 8 + .../tasks/post_install/sum_push_to_finish.yml | 163 ++++++++++++++++++ 2 files changed, 171 insertions(+) create mode 100644 roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml diff --git a/roles/sap_swpm/tasks/post_install.yml b/roles/sap_swpm/tasks/post_install.yml index 935ed0571..c0ded279f 100644 --- a/roles/sap_swpm/tasks/post_install.yml +++ b/roles/sap_swpm/tasks/post_install.yml @@ -57,3 +57,11 @@ - __sap_swpm_post_install_register_hdbuserstore_exists.stat.exists register: __sap_swpm_post_install_register_hdbuserstore_connection changed_when: __sap_swpm_post_install_register_hdbuserstore_connection is succeeded + +# Now that SWPM finished we may need to deal with SUM before continuing when sap_swpm_sum_start: 'true' +# If observer mode is enabled, SWPM will wait for SUM to finish before continuing so we don't need to do anything here +- name: SAP SWPM Post Install - Control SUM if required + ansible.builtin.include_tasks: post_install/sum_push_to_finish.yml + when: + - sap_swpm_sum_start == 'true' + - not sap_swpm_swpm_observer_mode diff --git a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml new file mode 100644 index 000000000..6d852cb29 --- /dev/null +++ b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml @@ -0,0 +1,163 @@ +--- +# Will keep pushing SUM through the two key stopping points until it finishes +# This allows to fully automate the SWPM+SUM installation process +# Based on research by @sean-freeman + +# Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until we are in BIND_PATCH phase +- name: Checking the status of SUM + uri: + url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + register: _sap_swpm_sum_push + until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|CONFIGURE|PREP_EXTENSION|BIND_PATCH|PatchSelection' in _sap_swpm_sum_push.content + retries: 60 + delay: 60 + failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|CONFIGURE|PREP_EXTENSION|BIND_PATCH|PatchSelection' not in _sap_swpm_sum_push.content + +# Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly +- name: Get the config XML from SUM + uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + # headers: + # Cookie: "{{ _sap_swpm_sum_push.cookies_string }}" + register: _sap_swpm_sum_push_config + until: _sap_swpm_sum_push_config.status == 200 + retries: 3 + delay: 60 + failed_when: _sap_swpm_sum_push_config.status != 200 + +# Get the CSRF token from SUM by calling config +- name: Get the CSRF token from SUM + uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: GET + validate_certs: false + return_content: false + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + headers: + Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" + X-CSRF-Token: Fetch + # X-Requested-With: XMLHttpRequest + register: _sap_swpm_sum_push + failed_when: _sap_swpm_sum_push.status != 200 + +# Post the config XML back to SUM unchanged as we want to keep the default patch levels as per the XML file. This will move SUM to the next step. +- name: Move SUM to the next step + uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: POST + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + headers: + Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" + X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}" + body_format: raw + body: "{{ _sap_swpm_sum_push_config.content }}" + register: _sap_swpm_sum_push + until: _sap_swpm_sum_push.status == 200 + failed_when: _sap_swpm_sum_push.status != 200 + +# At this point SUM should be running. This will take anything between 6-12 hours to complete. +# Patiently check every 10 minutes to see if SUM has completed all the steps and is now in the SPAUINFO step. +# Check the SUM status via SUMOBSEVER.XML +- name: Checking the status of SUM + uri: + url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + register: _sap_swpm_sum_push + until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' in _sap_swpm_sum_push.content + retries: 72 # 12 hours + delay: 600 # 10 minutes + failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' not in _sap_swpm_sum_push.content + +# Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly +# Need to get config XML even through we are not going to use it. This is to get the diagtime cookie. +- name: Get the config XML from SUM + uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + # headers: + # Cookie: "{{ _sap_swpm_sum_push.cookies_string }}" + register: _sap_swpm_sum_push_config + until: _sap_swpm_sum_push_config.status == 200 + retries: 3 + delay: 60 + failed_when: _sap_swpm_sum_push_config.status != 200 + +# Get the CSRF token from SUM by calling config +- name: Get the CSRF token from SUM + uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: GET + validate_certs: false + return_content: false + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + headers: + Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" + X-CSRF-Token: Fetch + # X-Requested-With: XMLHttpRequest + register: _sap_swpm_sum_push + failed_when: _sap_swpm_sum_push.status != 200 + +# Post confirmation to SUM that no SPAU is required. This will move SUM to the next step. +- name: Move SUM to the next step + uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: POST + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + headers: + Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" + X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}" + body_format: raw + body: 'DialogueValueslp.parameter.type.SCALAR10yes' + register: _sap_swpm_sum_push + failed_when: _sap_swpm_sum_push.status != 200 + +# Finally wait for SUM to finish the final steps. This shouldn't take more than 1 hour. +# Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until the status is 'MAIN_POSTCLEAN|EXIT' +- name: Checking the status of SUM and making sure it has finished + uri: + url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + register: _sap_swpm_sum_push + until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' in _sap_swpm_sum_push.content + retries: 60 + delay: 60 + failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content \ No newline at end of file From 546d97dcf9e3cd3c3cc97e6da69f9a3546dc05c9 Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Wed, 9 Oct 2024 11:48:39 +0100 Subject: [PATCH 02/12] sap_swpm: New functionality to push SUM through the manual steps --- .../tasks/post_install/sum_push_to_finish.yml | 39 ++++++++++--------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml index 6d852cb29..41c266d91 100644 --- a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml +++ b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml @@ -5,7 +5,7 @@ # Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until we are in BIND_PATCH phase - name: Checking the status of SUM - uri: + ansible.builtin.uri: url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" method: GET validate_certs: false @@ -21,7 +21,7 @@ # Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly - name: Get the config XML from SUM - uri: + ansible.builtin.uri: url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" method: GET validate_certs: false @@ -38,8 +38,8 @@ failed_when: _sap_swpm_sum_push_config.status != 200 # Get the CSRF token from SUM by calling config -- name: Get the CSRF token from SUM - uri: +- name: Get the CSRF token from SUM + ansible.builtin.uri: url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" method: GET validate_certs: false @@ -50,13 +50,13 @@ headers: Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" X-CSRF-Token: Fetch - # X-Requested-With: XMLHttpRequest - register: _sap_swpm_sum_push + # X-Requested-With: XMLHttpRequest + register: _sap_swpm_sum_push failed_when: _sap_swpm_sum_push.status != 200 # Post the config XML back to SUM unchanged as we want to keep the default patch levels as per the XML file. This will move SUM to the next step. -- name: Move SUM to the next step - uri: +- name: Move SUM to the next step + ansible.builtin.uri: url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" method: POST validate_certs: false @@ -77,7 +77,7 @@ # Patiently check every 10 minutes to see if SUM has completed all the steps and is now in the SPAUINFO step. # Check the SUM status via SUMOBSEVER.XML - name: Checking the status of SUM - uri: + ansible.builtin.uri: url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" method: GET validate_certs: false @@ -94,7 +94,7 @@ # Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly # Need to get config XML even through we are not going to use it. This is to get the diagtime cookie. - name: Get the config XML from SUM - uri: + ansible.builtin.uri: url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" method: GET validate_certs: false @@ -111,8 +111,8 @@ failed_when: _sap_swpm_sum_push_config.status != 200 # Get the CSRF token from SUM by calling config -- name: Get the CSRF token from SUM - uri: +- name: Get the CSRF token from SUM + ansible.builtin.uri: url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" method: GET validate_certs: false @@ -123,13 +123,13 @@ headers: Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" X-CSRF-Token: Fetch - # X-Requested-With: XMLHttpRequest - register: _sap_swpm_sum_push + # X-Requested-With: XMLHttpRequest + register: _sap_swpm_sum_push failed_when: _sap_swpm_sum_push.status != 200 # Post confirmation to SUM that no SPAU is required. This will move SUM to the next step. -- name: Move SUM to the next step - uri: +- name: Move SUM to the next step + ansible.builtin.uri: url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" method: POST validate_certs: false @@ -142,13 +142,13 @@ X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}" body_format: raw body: 'DialogueValueslp.parameter.type.SCALAR10yes' - register: _sap_swpm_sum_push + register: _sap_swpm_sum_push failed_when: _sap_swpm_sum_push.status != 200 # Finally wait for SUM to finish the final steps. This shouldn't take more than 1 hour. # Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until the status is 'MAIN_POSTCLEAN|EXIT' - name: Checking the status of SUM and making sure it has finished - uri: + ansible.builtin.uri: url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" method: GET validate_certs: false @@ -160,4 +160,5 @@ until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' in _sap_swpm_sum_push.content retries: 60 delay: 60 - failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content \ No newline at end of file + failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content + \ No newline at end of file From 0e9867cea924eb519af0972bff2cd3c63b93819d Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Wed, 9 Oct 2024 12:01:07 +0100 Subject: [PATCH 03/12] sap_swpm: New functionality to push SUM through the manual steps --- roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml index 41c266d91..fda6720af 100644 --- a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml +++ b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml @@ -1,5 +1,5 @@ --- -# Will keep pushing SUM through the two key stopping points until it finishes +# Will keep pushing SUM through the two key manual steps until it finishes # This allows to fully automate the SWPM+SUM installation process # Based on research by @sean-freeman @@ -126,7 +126,7 @@ # X-Requested-With: XMLHttpRequest register: _sap_swpm_sum_push failed_when: _sap_swpm_sum_push.status != 200 - + # Post confirmation to SUM that no SPAU is required. This will move SUM to the next step. - name: Move SUM to the next step ansible.builtin.uri: @@ -161,4 +161,3 @@ retries: 60 delay: 60 failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content - \ No newline at end of file From bca86cd3061df72931d1d6fc7ddff2f2d5de792e Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Fri, 22 Nov 2024 17:29:21 +0000 Subject: [PATCH 04/12] sap_swpm: improved detection of running SUM and more accurate starting conditions --- roles/sap_swpm/tasks/post_install.yml | 135 +++++++++--------- .../tasks/post_install/sum_push_to_finish.yml | 9 ++ 2 files changed, 77 insertions(+), 67 deletions(-) diff --git a/roles/sap_swpm/tasks/post_install.yml b/roles/sap_swpm/tasks/post_install.yml index c0ded279f..cd5a107f1 100644 --- a/roles/sap_swpm/tasks/post_install.yml +++ b/roles/sap_swpm/tasks/post_install.yml @@ -1,67 +1,68 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -# Reason for noqa: The command might change things but we do not yet attempt to find out -- name: SAP SWPM Post Install - ensure password expiry disabled {{ sap_swpm_sid | lower + 'adm' }} - ansible.builtin.shell: | - chage -m 0 -M 99999 -I -1 -E -1 {{ sap_swpm_sid | lower }}adm - chage -m 0 -M 99999 -I -1 -E -1 sapadm - args: - executable: /bin/bash - become: true - register: __sap_swpm_post_install_register_sidadm_noexpire - changed_when: __sap_swpm_post_install_register_sidadm_noexpire is succeeded - -# Firewall - -- name: SAP SWPM Post Install - Firewall Setup - ansible.builtin.include_tasks: post_install/firewall.yml - when: - - "sap_swpm_setup_firewall | bool" - -######################################################################################################################## - -- name: SAP SWPM Deployment - Finished - ansible.builtin.debug: - msg: - - ' SAP SWPM deployment successfully completed ' - - ' ' - - ' SAP Product - {{ sap_swpm_product_catalog_id }} ' - - ' SID - {{ sap_swpm_sid | d("") }} ' - - ' Primary Instance - {{ sap_swpm_pas_instance_nr | d("") }} ' - - ' Host - {{ ansible_hostname }} ' - - ' FQDN - {{ ansible_fqdn }} ' - - ' IP - {{ ansible_default_ipv4.address | d(ansible_all_ipv4_addresses[0]) }} ' -# - ' Master Password - {{ sap_swpm_master_password }} ' -# - ' DDIC 000 Password - {{ sap_swpm_ddic_000_password }} ' - -# SAP HANA Client will not be installed for any installation with SAP AnyDB -# and will only be installed alongside SAP NWAS PAS or AAS (not NWAS ASCS) -- name: SAP SWPM Post Install - Check for SAP HANA Client hdbuserstore - ansible.builtin.stat: - path: /usr/sap/{{ sap_swpm_sid }}/hdbclient/hdbuserstore - register: __sap_swpm_post_install_register_hdbuserstore_exists - -- name: SAP SWPM Post Install - Enforce Connection Info in SAP HANA Client hdbuserstore - ansible.builtin.shell: | - /usr/sap/{{ sap_swpm_sid }}/hdbclient/hdbuserstore \ - SET DEFAULT \ - {{ sap_swpm_db_host }}:3{{ sap_swpm_db_instance_nr }}13@{{ sap_swpm_db_sid }} \ - {{ sap_swpm_db_schema_abap }} '{{ sap_swpm_db_schema_abap_password }}' - args: - executable: /bin/bash - become: true - become_user: "{{ sap_swpm_sid | lower }}adm" - when: - - sap_swpm_install_saphostagent is defined and sap_swpm_install_saphostagent - - __sap_swpm_post_install_register_hdbuserstore_exists.stat.exists - register: __sap_swpm_post_install_register_hdbuserstore_connection - changed_when: __sap_swpm_post_install_register_hdbuserstore_connection is succeeded - -# Now that SWPM finished we may need to deal with SUM before continuing when sap_swpm_sum_start: 'true' -# If observer mode is enabled, SWPM will wait for SUM to finish before continuing so we don't need to do anything here -- name: SAP SWPM Post Install - Control SUM if required - ansible.builtin.include_tasks: post_install/sum_push_to_finish.yml - when: - - sap_swpm_sum_start == 'true' - - not sap_swpm_swpm_observer_mode +--- + +# Reason for noqa: The command might change things but we do not yet attempt to find out +- name: SAP SWPM Post Install - ensure password expiry disabled {{ sap_swpm_sid | lower + 'adm' }} + ansible.builtin.shell: | + chage -m 0 -M 99999 -I -1 -E -1 {{ sap_swpm_sid | lower }}adm + chage -m 0 -M 99999 -I -1 -E -1 sapadm + args: + executable: /bin/bash + become: true + register: __sap_swpm_post_install_register_sidadm_noexpire + changed_when: __sap_swpm_post_install_register_sidadm_noexpire is succeeded + +# Firewall + +- name: SAP SWPM Post Install - Firewall Setup + ansible.builtin.include_tasks: post_install/firewall.yml + when: + - "sap_swpm_setup_firewall | bool" + +######################################################################################################################## + +- name: SAP SWPM Deployment - Finished + ansible.builtin.debug: + msg: + - ' SAP SWPM deployment successfully completed ' + - ' ' + - ' SAP Product - {{ sap_swpm_product_catalog_id }} ' + - ' SID - {{ sap_swpm_sid | d("") }} ' + - ' Primary Instance - {{ sap_swpm_pas_instance_nr | d("") }} ' + - ' Host - {{ ansible_hostname }} ' + - ' FQDN - {{ ansible_fqdn }} ' + - ' IP - {{ ansible_default_ipv4.address | d(ansible_all_ipv4_addresses[0]) }} ' +# - ' Master Password - {{ sap_swpm_master_password }} ' +# - ' DDIC 000 Password - {{ sap_swpm_ddic_000_password }} ' + +# SAP HANA Client will not be installed for any installation with SAP AnyDB +# and will only be installed alongside SAP NWAS PAS or AAS (not NWAS ASCS) +- name: SAP SWPM Post Install - Check for SAP HANA Client hdbuserstore + ansible.builtin.stat: + path: /usr/sap/{{ sap_swpm_sid }}/hdbclient/hdbuserstore + register: __sap_swpm_post_install_register_hdbuserstore_exists + +- name: SAP SWPM Post Install - Enforce Connection Info in SAP HANA Client hdbuserstore + ansible.builtin.shell: | + /usr/sap/{{ sap_swpm_sid }}/hdbclient/hdbuserstore \ + SET DEFAULT \ + {{ sap_swpm_db_host }}:3{{ sap_swpm_db_instance_nr }}13@{{ sap_swpm_db_sid }} \ + {{ sap_swpm_db_schema_abap }} '{{ sap_swpm_db_schema_abap_password }}' + args: + executable: /bin/bash + become: true + become_user: "{{ sap_swpm_sid | lower }}adm" + when: + - sap_swpm_install_saphostagent is defined and sap_swpm_install_saphostagent + - __sap_swpm_post_install_register_hdbuserstore_exists.stat.exists + register: __sap_swpm_post_install_register_hdbuserstore_connection + changed_when: __sap_swpm_post_install_register_hdbuserstore_connection is succeeded + +# Now that SWPM finished we may need to deal with SUM before continuing when sap_swpm_sum_start: 'true' +# and if we are doing OneHost or CI/PAS installation +# If observer mode is enabled, SWPM will wait for SUM to finish before continuing so we can't do anything here +- name: SAP SWPM Post Install - Control SUM if required + ansible.builtin.include_tasks: post_install/sum_push_to_finish.yml + when: + - sap_swpm_sum_start == 'true' + - not sap_swpm_swpm_observer_mode + - "'NW_ABAP_CI:' in sap_swpm_product_catalog_id or 'NW_ABAP_OneHost:' in sap_swpm_product_catalog_id" diff --git a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml index fda6720af..139675c68 100644 --- a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml +++ b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml @@ -3,6 +3,15 @@ # This allows to fully automate the SWPM+SUM installation process # Based on research by @sean-freeman +# Check if the SUMup process is running, give it 5 minutes to start +- name: Check if SAPup_real process is running (wait for 5 minutes until it starts) + ansible.builtin.shell: pgrep -c -u "{{ sap_swpm_sid | lower }}adm" -f SAPup_real + register: _sapup_process + retries: 5 + delay: 60 + until: _sapup_process.rc == 0 and _sapup_process.stdout|int > 0 + failed_when: _sapup_process.rc != 0 + # Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until we are in BIND_PATCH phase - name: Checking the status of SUM ansible.builtin.uri: From d99880fa1f45f2a5ae5610059ff6b290afcf66e0 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 19 Dec 2024 15:26:41 +0100 Subject: [PATCH 05/12] sap_swpm: Fix wrong merge conflict resolution Signed-off-by: Bernd Finger --- roles/sap_swpm/tasks/post_install.yml | 198 +++++++++----------------- 1 file changed, 69 insertions(+), 129 deletions(-) diff --git a/roles/sap_swpm/tasks/post_install.yml b/roles/sap_swpm/tasks/post_install.yml index 5fcb0d960..964d8e8b6 100644 --- a/roles/sap_swpm/tasks/post_install.yml +++ b/roles/sap_swpm/tasks/post_install.yml @@ -1,129 +1,69 @@ -# SPDX-License-Identifier: Apache-2.0 ---- - -# Reason for noqa: The command might change things but we do not yet attempt to find out -- name: SAP SWPM Post Install - ensure password expiry disabled {{ sap_swpm_sid | lower + 'adm' }} - ansible.builtin.shell: | - chage -m 0 -M 99999 -I -1 -E -1 {{ sap_swpm_sid | lower }}adm - chage -m 0 -M 99999 -I -1 -E -1 sapadm - args: - executable: /bin/bash - become: true - register: __sap_swpm_post_install_register_sidadm_noexpire - changed_when: __sap_swpm_post_install_register_sidadm_noexpire is succeeded - -# Firewall - -- name: SAP SWPM Post Install - Firewall Setup - ansible.builtin.include_tasks: post_install/firewall.yml - when: - - sap_swpm_setup_firewall - -######################################################################################################################## - -- name: SAP SWPM Deployment - Finished - ansible.builtin.debug: - msg: - - ' SAP SWPM deployment successfully completed ' - - ' ' - - ' SAP Product - {{ sap_swpm_product_catalog_id }} ' - - ' SID - {{ sap_swpm_sid | d("") }} ' - - ' Primary Instance - {{ sap_swpm_pas_instance_nr | d("") }} ' - - ' Host - {{ ansible_hostname }} ' - - ' FQDN - {{ ansible_fqdn }} ' - - ' IP - {{ ansible_default_ipv4.address | d(ansible_all_ipv4_addresses[0]) }} ' -# - ' Master Password - {{ sap_swpm_master_password }} ' -# - ' DDIC 000 Password - {{ sap_swpm_ddic_000_password }} ' - -# SAP HANA Client will not be installed for any installation with SAP AnyDB -# and will only be installed alongside SAP NWAS PAS or AAS (not NWAS ASCS) -- name: SAP SWPM Post Install - Check for SAP HANA Client hdbuserstore - ansible.builtin.stat: - path: /usr/sap/{{ sap_swpm_sid }}/hdbclient/hdbuserstore - register: __sap_swpm_post_install_register_hdbuserstore_exists - -- name: SAP SWPM Post Install - Enforce Connection Info in SAP HANA Client hdbuserstore - ansible.builtin.shell: | - /usr/sap/{{ sap_swpm_sid }}/hdbclient/hdbuserstore \ - SET DEFAULT \ - {{ sap_swpm_db_host }}:3{{ sap_swpm_db_instance_nr }}13@{{ sap_swpm_db_sid }} \ - {{ sap_swpm_db_schema_abap }} '{{ sap_swpm_db_schema_abap_password }}' - args: - executable: /bin/bash - become: true - become_user: "{{ sap_swpm_sid | lower }}adm" - when: - - sap_swpm_install_saphostagent is defined and sap_swpm_install_saphostagent - - __sap_swpm_post_install_register_hdbuserstore_exists.stat.exists - register: __sap_swpm_post_install_register_hdbuserstore_connection - changed_when: __sap_swpm_post_install_register_hdbuserstore_connection is succeeded - -# Now that SWPM finished we may need to deal with SUM before continuing when sap_swpm_sum_start: 'true' -# and if we are doing OneHost or CI/PAS installation -# If observer mode is enabled, SWPM will wait for SUM to finish before continuing so we can't do anything here -- name: SAP SWPM Post Install - Control SUM if required - ansible.builtin.include_tasks: post_install/sum_push_to_finish.yml - when: - - sap_swpm_sum_start == 'true' - - not sap_swpm_swpm_observer_mode - - "'NW_ABAP_CI:' in sap_swpm_product_catalog_id or 'NW_ABAP_OneHost:' in sap_swpm_product_catalog_id" -======= -# SPDX-License-Identifier: Apache-2.0 ---- - -# Reason for noqa: The command might change things but we do not yet attempt to find out -- name: SAP SWPM Post Install - ensure password expiry disabled {{ sap_swpm_sid | lower + 'adm' }} - ansible.builtin.shell: | - chage -m 0 -M 99999 -I -1 -E -1 {{ sap_swpm_sid | lower }}adm - chage -m 0 -M 99999 -I -1 -E -1 sapadm - args: - executable: /bin/bash - become: true - register: __sap_swpm_post_install_register_sidadm_noexpire - changed_when: __sap_swpm_post_install_register_sidadm_noexpire is succeeded - -# Firewall - -- name: SAP SWPM Post Install - Firewall Setup - ansible.builtin.include_tasks: post_install/firewall.yml - when: - - sap_swpm_setup_firewall - -######################################################################################################################## - -- name: SAP SWPM Deployment - Finished - ansible.builtin.debug: - msg: - - ' SAP SWPM deployment successfully completed ' - - ' ' - - ' SAP Product - {{ sap_swpm_product_catalog_id }} ' - - ' SID - {{ sap_swpm_sid | d("") }} ' - - ' Primary Instance - {{ sap_swpm_pas_instance_nr | d("") }} ' - - ' Host - {{ ansible_hostname }} ' - - ' FQDN - {{ ansible_fqdn }} ' - - ' IP - {{ ansible_default_ipv4.address | d(ansible_all_ipv4_addresses[0]) }} ' -# - ' Master Password - {{ sap_swpm_master_password }} ' -# - ' DDIC 000 Password - {{ sap_swpm_ddic_000_password }} ' - -# SAP HANA Client will not be installed for any installation with SAP AnyDB -# and will only be installed alongside SAP NWAS PAS or AAS (not NWAS ASCS) -- name: SAP SWPM Post Install - Check for SAP HANA Client hdbuserstore - ansible.builtin.stat: - path: /usr/sap/{{ sap_swpm_sid }}/hdbclient/hdbuserstore - register: __sap_swpm_post_install_register_hdbuserstore_exists - -- name: SAP SWPM Post Install - Enforce Connection Info in SAP HANA Client hdbuserstore - ansible.builtin.shell: | - /usr/sap/{{ sap_swpm_sid }}/hdbclient/hdbuserstore \ - SET DEFAULT \ - {{ sap_swpm_db_host }}:3{{ sap_swpm_db_instance_nr }}13@{{ sap_swpm_db_sid }} \ - {{ sap_swpm_db_schema_abap }} '{{ sap_swpm_db_schema_abap_password }}' - args: - executable: /bin/bash - become: true - become_user: "{{ sap_swpm_sid | lower }}adm" - when: - - sap_swpm_install_saphostagent is defined and sap_swpm_install_saphostagent - - __sap_swpm_post_install_register_hdbuserstore_exists.stat.exists - register: __sap_swpm_post_install_register_hdbuserstore_connection - changed_when: __sap_swpm_post_install_register_hdbuserstore_connection is succeeded \ No newline at end of file +# SPDX-License-Identifier: Apache-2.0 +--- + +# Reason for noqa: The command might change things but we do not yet attempt to find out +- name: SAP SWPM Post Install - ensure password expiry disabled {{ sap_swpm_sid | lower + 'adm' }} + ansible.builtin.shell: | + chage -m 0 -M 99999 -I -1 -E -1 {{ sap_swpm_sid | lower }}adm + chage -m 0 -M 99999 -I -1 -E -1 sapadm + args: + executable: /bin/bash + become: true + register: __sap_swpm_post_install_register_sidadm_noexpire + changed_when: __sap_swpm_post_install_register_sidadm_noexpire is succeeded + +# Firewall + +- name: SAP SWPM Post Install - Firewall Setup + ansible.builtin.include_tasks: post_install/firewall.yml + when: + - sap_swpm_setup_firewall + +######################################################################################################################## + +- name: SAP SWPM Deployment - Finished + ansible.builtin.debug: + msg: + - ' SAP SWPM deployment successfully completed ' + - ' ' + - ' SAP Product - {{ sap_swpm_product_catalog_id }} ' + - ' SID - {{ sap_swpm_sid | d("") }} ' + - ' Primary Instance - {{ sap_swpm_pas_instance_nr | d("") }} ' + - ' Host - {{ ansible_hostname }} ' + - ' FQDN - {{ ansible_fqdn }} ' + - ' IP - {{ ansible_default_ipv4.address | d(ansible_all_ipv4_addresses[0]) }} ' +# - ' Master Password - {{ sap_swpm_master_password }} ' +# - ' DDIC 000 Password - {{ sap_swpm_ddic_000_password }} ' + +# SAP HANA Client will not be installed for any installation with SAP AnyDB +# and will only be installed alongside SAP NWAS PAS or AAS (not NWAS ASCS) +- name: SAP SWPM Post Install - Check for SAP HANA Client hdbuserstore + ansible.builtin.stat: + path: /usr/sap/{{ sap_swpm_sid }}/hdbclient/hdbuserstore + register: __sap_swpm_post_install_register_hdbuserstore_exists + +- name: SAP SWPM Post Install - Enforce Connection Info in SAP HANA Client hdbuserstore + ansible.builtin.shell: | + /usr/sap/{{ sap_swpm_sid }}/hdbclient/hdbuserstore \ + SET DEFAULT \ + {{ sap_swpm_db_host }}:3{{ sap_swpm_db_instance_nr }}13@{{ sap_swpm_db_sid }} \ + {{ sap_swpm_db_schema_abap }} '{{ sap_swpm_db_schema_abap_password }}' + args: + executable: /bin/bash + become: true + become_user: "{{ sap_swpm_sid | lower }}adm" + when: + - sap_swpm_install_saphostagent is defined and sap_swpm_install_saphostagent + - __sap_swpm_post_install_register_hdbuserstore_exists.stat.exists + register: __sap_swpm_post_install_register_hdbuserstore_connection + changed_when: __sap_swpm_post_install_register_hdbuserstore_connection is succeeded + +# Now that SWPM finished we may need to deal with SUM before continuing when sap_swpm_sum_start: 'true' +# and if we are doing OneHost or CI/PAS installation +# If observer mode is enabled, SWPM will wait for SUM to finish before continuing so we can't do anything here +- name: SAP SWPM Post Install - Control SUM if required + ansible.builtin.include_tasks: post_install/sum_push_to_finish.yml + when: + - sap_swpm_sum_start == 'true' + - not sap_swpm_swpm_observer_mode + - "'NW_ABAP_CI:' in sap_swpm_product_catalog_id or 'NW_ABAP_OneHost:' in sap_swpm_product_catalog_id" From b34bdad624e2056670789877712184cca57d7994 Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 19 Dec 2024 15:28:41 +0100 Subject: [PATCH 06/12] sap_swpm: Add missing SPDX itentifier ... to new file tasks/post_install/sum_push_to_finish.yml Signed-off-by: Bernd Finger --- roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml index 139675c68..4942fc1e6 100644 --- a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml +++ b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml @@ -1,3 +1,4 @@ +# SPDX-License-Identifier: Apache-2.0 --- # Will keep pushing SUM through the two key manual steps until it finishes # This allows to fully automate the SWPM+SUM installation process From 10330ebc90fdab5781594e05dc56259629df38ed Mon Sep 17 00:00:00 2001 From: Bernd Finger Date: Thu, 19 Dec 2024 15:47:01 +0100 Subject: [PATCH 07/12] sap_swpm: Fix ansible-test sanity line-endings errors Signed-off-by: Bernd Finger --- .../tasks/post_install/sum_push_to_finish.yml | 346 +++++++++--------- 1 file changed, 173 insertions(+), 173 deletions(-) diff --git a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml index 4942fc1e6..3240ef5fb 100644 --- a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml +++ b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml @@ -1,173 +1,173 @@ -# SPDX-License-Identifier: Apache-2.0 ---- -# Will keep pushing SUM through the two key manual steps until it finishes -# This allows to fully automate the SWPM+SUM installation process -# Based on research by @sean-freeman - -# Check if the SUMup process is running, give it 5 minutes to start -- name: Check if SAPup_real process is running (wait for 5 minutes until it starts) - ansible.builtin.shell: pgrep -c -u "{{ sap_swpm_sid | lower }}adm" -f SAPup_real - register: _sapup_process - retries: 5 - delay: 60 - until: _sapup_process.rc == 0 and _sapup_process.stdout|int > 0 - failed_when: _sapup_process.rc != 0 - -# Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until we are in BIND_PATCH phase -- name: Checking the status of SUM - ansible.builtin.uri: - url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" - method: GET - validate_certs: false - return_content: true - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - register: _sap_swpm_sum_push - until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|CONFIGURE|PREP_EXTENSION|BIND_PATCH|PatchSelection' in _sap_swpm_sum_push.content - retries: 60 - delay: 60 - failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|CONFIGURE|PREP_EXTENSION|BIND_PATCH|PatchSelection' not in _sap_swpm_sum_push.content - -# Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly -- name: Get the config XML from SUM - ansible.builtin.uri: - url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" - method: GET - validate_certs: false - return_content: true - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - # headers: - # Cookie: "{{ _sap_swpm_sum_push.cookies_string }}" - register: _sap_swpm_sum_push_config - until: _sap_swpm_sum_push_config.status == 200 - retries: 3 - delay: 60 - failed_when: _sap_swpm_sum_push_config.status != 200 - -# Get the CSRF token from SUM by calling config -- name: Get the CSRF token from SUM - ansible.builtin.uri: - url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" - method: GET - validate_certs: false - return_content: false - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - headers: - Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" - X-CSRF-Token: Fetch - # X-Requested-With: XMLHttpRequest - register: _sap_swpm_sum_push - failed_when: _sap_swpm_sum_push.status != 200 - -# Post the config XML back to SUM unchanged as we want to keep the default patch levels as per the XML file. This will move SUM to the next step. -- name: Move SUM to the next step - ansible.builtin.uri: - url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" - method: POST - validate_certs: false - return_content: true - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - headers: - Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" - X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}" - body_format: raw - body: "{{ _sap_swpm_sum_push_config.content }}" - register: _sap_swpm_sum_push - until: _sap_swpm_sum_push.status == 200 - failed_when: _sap_swpm_sum_push.status != 200 - -# At this point SUM should be running. This will take anything between 6-12 hours to complete. -# Patiently check every 10 minutes to see if SUM has completed all the steps and is now in the SPAUINFO step. -# Check the SUM status via SUMOBSEVER.XML -- name: Checking the status of SUM - ansible.builtin.uri: - url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" - method: GET - validate_certs: false - return_content: true - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - register: _sap_swpm_sum_push - until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' in _sap_swpm_sum_push.content - retries: 72 # 12 hours - delay: 600 # 10 minutes - failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' not in _sap_swpm_sum_push.content - -# Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly -# Need to get config XML even through we are not going to use it. This is to get the diagtime cookie. -- name: Get the config XML from SUM - ansible.builtin.uri: - url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" - method: GET - validate_certs: false - return_content: true - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - # headers: - # Cookie: "{{ _sap_swpm_sum_push.cookies_string }}" - register: _sap_swpm_sum_push_config - until: _sap_swpm_sum_push_config.status == 200 - retries: 3 - delay: 60 - failed_when: _sap_swpm_sum_push_config.status != 200 - -# Get the CSRF token from SUM by calling config -- name: Get the CSRF token from SUM - ansible.builtin.uri: - url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" - method: GET - validate_certs: false - return_content: false - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - headers: - Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" - X-CSRF-Token: Fetch - # X-Requested-With: XMLHttpRequest - register: _sap_swpm_sum_push - failed_when: _sap_swpm_sum_push.status != 200 - -# Post confirmation to SUM that no SPAU is required. This will move SUM to the next step. -- name: Move SUM to the next step - ansible.builtin.uri: - url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" - method: POST - validate_certs: false - return_content: true - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - headers: - Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" - X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}" - body_format: raw - body: 'DialogueValueslp.parameter.type.SCALAR10yes' - register: _sap_swpm_sum_push - failed_when: _sap_swpm_sum_push.status != 200 - -# Finally wait for SUM to finish the final steps. This shouldn't take more than 1 hour. -# Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until the status is 'MAIN_POSTCLEAN|EXIT' -- name: Checking the status of SUM and making sure it has finished - ansible.builtin.uri: - url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" - method: GET - validate_certs: false - return_content: true - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - register: _sap_swpm_sum_push - until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' in _sap_swpm_sum_push.content - retries: 60 - delay: 60 - failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content +# SPDX-License-Identifier: Apache-2.0 +--- +# Will keep pushing SUM through the two key manual steps until it finishes +# This allows to fully automate the SWPM+SUM installation process +# Based on research by @sean-freeman + +# Check if the SUMup process is running, give it 5 minutes to start +- name: Check if SAPup_real process is running (wait for 5 minutes until it starts) + ansible.builtin.shell: pgrep -c -u "{{ sap_swpm_sid | lower }}adm" -f SAPup_real + register: _sapup_process + retries: 5 + delay: 60 + until: _sapup_process.rc == 0 and _sapup_process.stdout|int > 0 + failed_when: _sapup_process.rc != 0 + +# Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until we are in BIND_PATCH phase +- name: Checking the status of SUM + ansible.builtin.uri: + url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + register: _sap_swpm_sum_push + until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|CONFIGURE|PREP_EXTENSION|BIND_PATCH|PatchSelection' in _sap_swpm_sum_push.content + retries: 60 + delay: 60 + failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|CONFIGURE|PREP_EXTENSION|BIND_PATCH|PatchSelection' not in _sap_swpm_sum_push.content + +# Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly +- name: Get the config XML from SUM + ansible.builtin.uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + # headers: + # Cookie: "{{ _sap_swpm_sum_push.cookies_string }}" + register: _sap_swpm_sum_push_config + until: _sap_swpm_sum_push_config.status == 200 + retries: 3 + delay: 60 + failed_when: _sap_swpm_sum_push_config.status != 200 + +# Get the CSRF token from SUM by calling config +- name: Get the CSRF token from SUM + ansible.builtin.uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: GET + validate_certs: false + return_content: false + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + headers: + Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" + X-CSRF-Token: Fetch + # X-Requested-With: XMLHttpRequest + register: _sap_swpm_sum_push + failed_when: _sap_swpm_sum_push.status != 200 + +# Post the config XML back to SUM unchanged as we want to keep the default patch levels as per the XML file. This will move SUM to the next step. +- name: Move SUM to the next step + ansible.builtin.uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: POST + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + headers: + Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" + X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}" + body_format: raw + body: "{{ _sap_swpm_sum_push_config.content }}" + register: _sap_swpm_sum_push + until: _sap_swpm_sum_push.status == 200 + failed_when: _sap_swpm_sum_push.status != 200 + +# At this point SUM should be running. This will take anything between 6-12 hours to complete. +# Patiently check every 10 minutes to see if SUM has completed all the steps and is now in the SPAUINFO step. +# Check the SUM status via SUMOBSEVER.XML +- name: Checking the status of SUM + ansible.builtin.uri: + url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + register: _sap_swpm_sum_push + until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' in _sap_swpm_sum_push.content + retries: 72 # 12 hours + delay: 600 # 10 minutes + failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' not in _sap_swpm_sum_push.content + +# Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly +# Need to get config XML even through we are not going to use it. This is to get the diagtime cookie. +- name: Get the config XML from SUM + ansible.builtin.uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + # headers: + # Cookie: "{{ _sap_swpm_sum_push.cookies_string }}" + register: _sap_swpm_sum_push_config + until: _sap_swpm_sum_push_config.status == 200 + retries: 3 + delay: 60 + failed_when: _sap_swpm_sum_push_config.status != 200 + +# Get the CSRF token from SUM by calling config +- name: Get the CSRF token from SUM + ansible.builtin.uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: GET + validate_certs: false + return_content: false + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + headers: + Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" + X-CSRF-Token: Fetch + # X-Requested-With: XMLHttpRequest + register: _sap_swpm_sum_push + failed_when: _sap_swpm_sum_push.status != 200 + +# Post confirmation to SUM that no SPAU is required. This will move SUM to the next step. +- name: Move SUM to the next step + ansible.builtin.uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: POST + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + headers: + Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" + X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}" + body_format: raw + body: 'DialogueValueslp.parameter.type.SCALAR10yes' + register: _sap_swpm_sum_push + failed_when: _sap_swpm_sum_push.status != 200 + +# Finally wait for SUM to finish the final steps. This shouldn't take more than 1 hour. +# Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until the status is 'MAIN_POSTCLEAN|EXIT' +- name: Checking the status of SUM and making sure it has finished + ansible.builtin.uri: + url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + register: _sap_swpm_sum_push + until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' in _sap_swpm_sum_push.content + retries: 60 + delay: 60 + failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content From 489bdac88ec23e00d828a4b5e32a7490f4821d9b Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Fri, 3 Jan 2025 15:13:06 +0000 Subject: [PATCH 08/12] sap_swpm: Improved SUM handling and lint fixes --- .../tasks/post_install/sum_push_to_finish.yml | 158 +++++++++--------- 1 file changed, 83 insertions(+), 75 deletions(-) diff --git a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml index 3240ef5fb..4389e60b4 100644 --- a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml +++ b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml @@ -6,15 +6,16 @@ # Check if the SUMup process is running, give it 5 minutes to start - name: Check if SAPup_real process is running (wait for 5 minutes until it starts) - ansible.builtin.shell: pgrep -c -u "{{ sap_swpm_sid | lower }}adm" -f SAPup_real + ansible.builtin.command: pgrep -c -u "{{ sap_swpm_sid | lower }}adm" -f SAPup_real register: _sapup_process retries: 5 delay: 60 until: _sapup_process.rc == 0 and _sapup_process.stdout|int > 0 failed_when: _sapup_process.rc != 0 + changed_when: false # Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until we are in BIND_PATCH phase -- name: Checking the status of SUM +- name: Checking the status of SUM (BIND_PATCH) ansible.builtin.uri: url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" method: GET @@ -30,7 +31,7 @@ failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|CONFIGURE|PREP_EXTENSION|BIND_PATCH|PatchSelection' not in _sap_swpm_sum_push.content # Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly -- name: Get the config XML from SUM +- name: Get the config XML from SUM (BIND_PATCH) ansible.builtin.uri: url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" method: GET @@ -48,7 +49,7 @@ failed_when: _sap_swpm_sum_push_config.status != 200 # Get the CSRF token from SUM by calling config -- name: Get the CSRF token from SUM +- name: Get the CSRF token from SUM (BIND_PATCH) ansible.builtin.uri: url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" method: GET @@ -65,7 +66,7 @@ failed_when: _sap_swpm_sum_push.status != 200 # Post the config XML back to SUM unchanged as we want to keep the default patch levels as per the XML file. This will move SUM to the next step. -- name: Move SUM to the next step +- name: Move SUM to the next step (SPAUINFO) ansible.builtin.uri: url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" method: POST @@ -86,7 +87,7 @@ # At this point SUM should be running. This will take anything between 6-12 hours to complete. # Patiently check every 10 minutes to see if SUM has completed all the steps and is now in the SPAUINFO step. # Check the SUM status via SUMOBSEVER.XML -- name: Checking the status of SUM +- name: Checking the status of SUM (SPAUINFO) ansible.builtin.uri: url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" method: GET @@ -96,78 +97,85 @@ user: "{{ sap_swpm_sid | lower }}adm" password: "{{ sap_swpm_sap_sidadm_password }}" register: _sap_swpm_sum_push - until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' in _sap_swpm_sum_push.content + until: _sap_swpm_sum_push.status == 200 and ('SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' in _sap_swpm_sum_push.content or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' in _sap_swpm_sum_push.content) retries: 72 # 12 hours delay: 600 # 10 minutes - failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' not in _sap_swpm_sum_push.content + failed_when: _sap_swpm_sum_push.status != 200 or + ('SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' not in _sap_swpm_sum_push.content and + 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content) -# Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly -# Need to get config XML even through we are not going to use it. This is to get the diagtime cookie. -- name: Get the config XML from SUM - ansible.builtin.uri: - url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" - method: GET - validate_certs: false - return_content: true - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - # headers: - # Cookie: "{{ _sap_swpm_sum_push.cookies_string }}" - register: _sap_swpm_sum_push_config - until: _sap_swpm_sum_push_config.status == 200 - retries: 3 - delay: 60 - failed_when: _sap_swpm_sum_push_config.status != 200 +# If SUM is already in MAIN_POSTCLEAN|EXIT phase it has skipped SPAUINFO and has finished +# No need to do anything else +- name: Check if SUM has skipped SPAUINFO and has finished + block: + # Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly + # Need to get config XML even through we are not going to use it. This is to get the diagtime cookie. + - name: Get the config XML from SUM (SPAUINFO) + ansible.builtin.uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + # headers: + # Cookie: "{{ _sap_swpm_sum_push.cookies_string }}" + register: _sap_swpm_sum_push_config + until: _sap_swpm_sum_push_config.status == 200 + retries: 3 + delay: 60 + failed_when: _sap_swpm_sum_push_config.status != 200 -# Get the CSRF token from SUM by calling config -- name: Get the CSRF token from SUM - ansible.builtin.uri: - url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" - method: GET - validate_certs: false - return_content: false - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - headers: - Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" - X-CSRF-Token: Fetch - # X-Requested-With: XMLHttpRequest - register: _sap_swpm_sum_push - failed_when: _sap_swpm_sum_push.status != 200 + # Get the CSRF token from SUM by calling config + - name: Get the CSRF token from SUM (SPAUINFO) + ansible.builtin.uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: GET + validate_certs: false + return_content: false + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + headers: + Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" + X-CSRF-Token: Fetch + # X-Requested-With: XMLHttpRequest + register: _sap_swpm_sum_push + failed_when: _sap_swpm_sum_push.status != 200 -# Post confirmation to SUM that no SPAU is required. This will move SUM to the next step. -- name: Move SUM to the next step - ansible.builtin.uri: - url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" - method: POST - validate_certs: false - return_content: true - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - headers: - Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" - X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}" - body_format: raw - body: 'DialogueValueslp.parameter.type.SCALAR10yes' - register: _sap_swpm_sum_push - failed_when: _sap_swpm_sum_push.status != 200 + # Post confirmation to SUM that no SPAU is required. This will move SUM to the next step. + - name: Move SUM to the next step (Past SPAUINFO) + ansible.builtin.uri: + url: "https://localhost:1129/slp/sumabap/{{ sap_swpm_sid | upper }}/config" + method: POST + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + headers: + Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" + X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}" + body_format: raw + body: 'DialogueValueslp.parameter.type.SCALAR10yes' + register: _sap_swpm_sum_push + failed_when: _sap_swpm_sum_push.status != 200 -# Finally wait for SUM to finish the final steps. This shouldn't take more than 1 hour. -# Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until the status is 'MAIN_POSTCLEAN|EXIT' -- name: Checking the status of SUM and making sure it has finished - ansible.builtin.uri: - url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" - method: GET - validate_certs: false - return_content: true - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - register: _sap_swpm_sum_push - until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' in _sap_swpm_sum_push.content - retries: 60 - delay: 60 - failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content + # Finally wait for SUM to finish the final steps. This shouldn't take more than 1 hour. + # Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until the status is 'MAIN_POSTCLEAN|EXIT' + - name: Checking the status of SUM and making sure it has finished (MAIN_POSTCLEAN|EXIT) + ansible.builtin.uri: + url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + register: _sap_swpm_sum_push + until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' in _sap_swpm_sum_push.content + retries: 60 + delay: 60 + failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content + when: "'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' not in _sap_swpm_sum_push.content" From a43cb7f333b4742bed66552850bb32198f002686 Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Fri, 3 Jan 2025 15:19:07 +0000 Subject: [PATCH 09/12] sap_swpm: Improved SUM handling and lint fixes --- roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml index 4389e60b4..10114e877 100644 --- a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml +++ b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml @@ -107,6 +107,7 @@ # If SUM is already in MAIN_POSTCLEAN|EXIT phase it has skipped SPAUINFO and has finished # No need to do anything else - name: Check if SUM has skipped SPAUINFO and has finished + when: "'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' not in _sap_swpm_sum_push.content" block: # Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly # Need to get config XML even through we are not going to use it. This is to get the diagtime cookie. @@ -178,4 +179,3 @@ retries: 60 delay: 60 failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content - when: "'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' not in _sap_swpm_sum_push.content" From 44151af69a0da267a5f8e3df895f02ba672f8c33 Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Mon, 13 Jan 2025 21:34:24 +0000 Subject: [PATCH 10/12] sap_swpm: Fixes and minor enhancements + alignment of check interval --- roles/sap_swpm/tasks/post_install.yml | 2 +- .../tasks/post_install/sum_push_to_finish.yml | 80 ++++++++++--------- 2 files changed, 44 insertions(+), 38 deletions(-) diff --git a/roles/sap_swpm/tasks/post_install.yml b/roles/sap_swpm/tasks/post_install.yml index 964d8e8b6..33fdc96f9 100644 --- a/roles/sap_swpm/tasks/post_install.yml +++ b/roles/sap_swpm/tasks/post_install.yml @@ -64,6 +64,6 @@ - name: SAP SWPM Post Install - Control SUM if required ansible.builtin.include_tasks: post_install/sum_push_to_finish.yml when: - - sap_swpm_sum_start == 'true' + - sap_swpm_sum_start - not sap_swpm_swpm_observer_mode - "'NW_ABAP_CI:' in sap_swpm_product_catalog_id or 'NW_ABAP_OneHost:' in sap_swpm_product_catalog_id" diff --git a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml index 10114e877..20f963bd0 100644 --- a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml +++ b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml @@ -6,13 +6,21 @@ # Check if the SUMup process is running, give it 5 minutes to start - name: Check if SAPup_real process is running (wait for 5 minutes until it starts) - ansible.builtin.command: pgrep -c -u "{{ sap_swpm_sid | lower }}adm" -f SAPup_real + ansible.builtin.shell: pgrep -c -u "{{ sap_swpm_sid | lower }}adm" -f SAPup_real register: _sapup_process retries: 5 delay: 60 until: _sapup_process.rc == 0 and _sapup_process.stdout|int > 0 failed_when: _sapup_process.rc != 0 - changed_when: false + +- name: Print SUM monitoring and action URLs + ansible.builtin.debug: + msg: + - "Check the following URLs for SAP Software Update Manager (SUM) monitoring or actions:" + - "Note: If these URLs don't work, check the sapinst.log file for the correct URLs." + - "SUM Monitor - https://{{ ansible_fqdn }}:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/monitor/index.html" + - "SUM Admin - https://{{ ansible_fqdn }}:1129/lmsl/sumabap/{{ sap_swpm_sid | upper }}/slui/" + - "SUM Admin Utilities - https://{{ ansible_fqdn }}:1129/lmsl/sumabap/{{ sap_swpm_sid | upper }}/slui_ext/" # Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until we are in BIND_PATCH phase - name: Checking the status of SUM (BIND_PATCH) @@ -87,7 +95,7 @@ # At this point SUM should be running. This will take anything between 6-12 hours to complete. # Patiently check every 10 minutes to see if SUM has completed all the steps and is now in the SPAUINFO step. # Check the SUM status via SUMOBSEVER.XML -- name: Checking the status of SUM (SPAUINFO) +- name: Checking the status of SUM (SPAUINFO) every 5 minutes ansible.builtin.uri: url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" method: GET @@ -98,16 +106,14 @@ password: "{{ sap_swpm_sap_sidadm_password }}" register: _sap_swpm_sum_push until: _sap_swpm_sum_push.status == 200 and ('SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' in _sap_swpm_sum_push.content or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' in _sap_swpm_sum_push.content) - retries: 72 # 12 hours - delay: 600 # 10 minutes - failed_when: _sap_swpm_sum_push.status != 200 or - ('SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' not in _sap_swpm_sum_push.content and - 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content) + retries: 144 # 12 hours + delay: 300 # 5 minutes + failed_when: _sap_swpm_sum_push.status != 200 or ('SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' not in _sap_swpm_sum_push.content and 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content) # If SUM is already in MAIN_POSTCLEAN|EXIT phase it has skipped SPAUINFO and has finished -# No need to do anything else -- name: Check if SUM has skipped SPAUINFO and has finished - when: "'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' not in _sap_swpm_sum_push.content" +# Process SPAUINFO if required +- name: Check if SUM is still in SPAUINFO or has finished + when: "'SUM4ABAP|POST-EXECUTE|MAIN_POSTPROC|SPAUINFO|FinishSPAU' in _sap_swpm_sum_push.content" block: # Get the config XML from SUM, repeat 3 times in case SUM is still busy and doesn't respond promptly # Need to get config XML even through we are not going to use it. This is to get the diagtime cookie. @@ -122,11 +128,11 @@ password: "{{ sap_swpm_sap_sidadm_password }}" # headers: # Cookie: "{{ _sap_swpm_sum_push.cookies_string }}" - register: _sap_swpm_sum_push_config - until: _sap_swpm_sum_push_config.status == 200 + register: _sap_swpm_sum_push_config2 + until: _sap_swpm_sum_push_config2.status == 200 retries: 3 delay: 60 - failed_when: _sap_swpm_sum_push_config.status != 200 + failed_when: _sap_swpm_sum_push_config2.status != 200 # Get the CSRF token from SUM by calling config - name: Get the CSRF token from SUM (SPAUINFO) @@ -139,11 +145,11 @@ user: "{{ sap_swpm_sid | lower }}adm" password: "{{ sap_swpm_sap_sidadm_password }}" headers: - Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" + Cookie: "{{ _sap_swpm_sum_push_config2.cookies_string }}" X-CSRF-Token: Fetch # X-Requested-With: XMLHttpRequest - register: _sap_swpm_sum_push - failed_when: _sap_swpm_sum_push.status != 200 + register: _sap_swpm_sum_push2 + failed_when: _sap_swpm_sum_push2.status != 200 # Post confirmation to SUM that no SPAU is required. This will move SUM to the next step. - name: Move SUM to the next step (Past SPAUINFO) @@ -156,26 +162,26 @@ user: "{{ sap_swpm_sid | lower }}adm" password: "{{ sap_swpm_sap_sidadm_password }}" headers: - Cookie: "{{ _sap_swpm_sum_push_config.cookies_string }}" - X-CSRF-Token: "{{ _sap_swpm_sum_push.x_csrf_token }}" + Cookie: "{{ _sap_swpm_sum_push_config2.cookies_string }}" + X-CSRF-Token: "{{ _sap_swpm_sum_push2.x_csrf_token }}" body_format: raw body: 'DialogueValueslp.parameter.type.SCALAR10yes' - register: _sap_swpm_sum_push - failed_when: _sap_swpm_sum_push.status != 200 + register: _sap_swpm_sum_push2 + failed_when: _sap_swpm_sum_push2.status != 200 - # Finally wait for SUM to finish the final steps. This shouldn't take more than 1 hour. - # Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until the status is 'MAIN_POSTCLEAN|EXIT' - - name: Checking the status of SUM and making sure it has finished (MAIN_POSTCLEAN|EXIT) - ansible.builtin.uri: - url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" - method: GET - validate_certs: false - return_content: true - status_code: 200 - user: "{{ sap_swpm_sid | lower }}adm" - password: "{{ sap_swpm_sap_sidadm_password }}" - register: _sap_swpm_sum_push - until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' in _sap_swpm_sum_push.content - retries: 60 - delay: 60 - failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content +# Finally wait for SUM to finish the final steps. This shouldn't take more than 1 hour. +# Check the SUM status via SUMOBSEVER.XML, wait for 60 minutes until the status is 'MAIN_POSTCLEAN|EXIT' +- name: Checking the status of SUM and making sure it has finished (MAIN_POSTCLEAN|EXIT) + ansible.builtin.uri: + url: "https://localhost:1129/lmsl/sumobserver/{{ sap_swpm_sid | upper }}/analysis/SUMOBSERVER.XML" + method: GET + validate_certs: false + return_content: true + status_code: 200 + user: "{{ sap_swpm_sid | lower }}adm" + password: "{{ sap_swpm_sap_sidadm_password }}" + register: _sap_swpm_sum_push + until: _sap_swpm_sum_push.status == 200 and 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' in _sap_swpm_sum_push.content + retries: 60 + delay: 60 + failed_when: _sap_swpm_sum_push.status != 200 or 'SUM4ABAP|MAIN_POSTCLEAN|EXIT|UnitWizard' not in _sap_swpm_sum_push.content From 1520919b5b4aeac0b7bd5933739435739b8168b2 Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Tue, 14 Jan 2025 11:38:38 +0000 Subject: [PATCH 11/12] sap_swpm: Change shell to command module for process check and set changed_when to false to fix lint errors --- roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml index 20f963bd0..24e416a2c 100644 --- a/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml +++ b/roles/sap_swpm/tasks/post_install/sum_push_to_finish.yml @@ -6,12 +6,13 @@ # Check if the SUMup process is running, give it 5 minutes to start - name: Check if SAPup_real process is running (wait for 5 minutes until it starts) - ansible.builtin.shell: pgrep -c -u "{{ sap_swpm_sid | lower }}adm" -f SAPup_real + ansible.builtin.command: pgrep -c -u "{{ sap_swpm_sid | lower }}adm" -f SAPup_real register: _sapup_process retries: 5 delay: 60 until: _sapup_process.rc == 0 and _sapup_process.stdout|int > 0 failed_when: _sapup_process.rc != 0 + changed_when: false - name: Print SUM monitoring and action URLs ansible.builtin.debug: From 8d41de3cbc377ef5457c42cd2ab355aba0ff5e35 Mon Sep 17 00:00:00 2001 From: Rob Dobozy Date: Fri, 31 Jan 2025 16:52:18 +0000 Subject: [PATCH 12/12] sap_swpm: Updated README.md to include info regarding SUM execution handling for up-to-date installations --- roles/sap_swpm/README.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/sap_swpm/README.md b/roles/sap_swpm/README.md index aafa3f751..f5148f53c 100644 --- a/roles/sap_swpm/README.md +++ b/roles/sap_swpm/README.md @@ -110,6 +110,8 @@ It is also possible to use method 1 for creating the inifile and then replace or - Set expiry of Linux created users to 'never' - (Optional) Apply firewall rules for SAP Netweaver if `sap_swpm_setup_firewall` is set to `true` (Default: `false`). + +- (Optional) Handle the execution of SUM if SWPM started it (See Up-To-Date Installation below). ### Example @@ -181,6 +183,16 @@ With the following tags, the role can be called to perform certain activities on - tag `sap_swpm_update_etchosts`: Only update file `/etc/hosts` (but only if variable `sap_swpm_update_etchosts` is set to `true`). +## Additional information + +### Up-To-Date Installation (UDI) +The Software Update Manager can run on any host with an Application Server instance (e.g. NWAS ABAP PAS/AAS, NWAS JAVA CI/AAS) with correct permissions to access /usr/sap/ and /sapmnt/ directories. + +When using the Software Provisioning Manager (SWPM) with a Maintenance Planner Stack XML file to perform an "up-to-date installation" (UDI) - it will start the Software Update Manager (SUM) automatically at the end of the installation process. This UDI feature applies only to SAP ABAP Platform / SAP NetWeaver, and must be performed from the Primary Application Server instance (i.e. NWAS ABAP PAS, or a OneHost installation). + +Furthermore, during SWPM variable selection the enabling of Transport Management System (TMS) is required, see SAP Note 2522253 - SWPM can not call SUM automatically when doing the up-to-date installation. + + ## License Apache 2.0