commit 7ffd72dcbb8cda6e9b12d9d9f23a20866b143d02 Author: Bernd Finger Date: Tue Feb 23 18:52:16 2021 +0100 fix issues #163 and #164 diff --git a/README.md b/README.md index b6f6232..74ca820 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,7 @@ Do not run this role against an SAP HANA or other production system. The role wi Changes ------- -The previous version of this role used variable sap_hana_preconfigure_use_tuned_where_possible to switch between either tuned settings or kernel command line settings (where applicable). +1) Previous versions of this role used variable sap_hana_preconfigure_use_tuned_where_possible to switch between either tuned settings or kernel command line settings (where applicable). The current version modifies this behavior: - The variable sap_hana_preconfigure_use_tuned_where_possible has been renamed to sap_hana_preconfigure_use_tuned - The variable sap_hana_preconfigure_switch_to_tuned_profile_sap_hana has been removed. @@ -70,6 +70,12 @@ The current version modifies this behavior: If sap_hana_preconfigure_use_tuned is set to `no`, the role will perform a static configuration, including the modification of the linux command line in grub. - The role can use tuned, or configure the kernel command line, or both. +2) Previous versions of this role used variable sap_hana_preconfigure_selinux_state to set the SELinux state to disabled, which is mentioned in +SAP notes 2292690 (RHEL 7) and 2777782 (RHEL 8). As role sap-preconfigure already allows to specify the desired SELinux state, and as +sap-preconfigure is run before sap-hana-preconfigure, there is no need any more to let sap-hana-preconfigure configure the SELinux state. +Same applies to the assertion of the SELinux state. Because of this, variable sap_hana_preconfigure_selinux_state has been removed from this role and +tasks 2292690/08-disable-selinux.yml and 2777782/01-assert-selinux.yml have been commented out. + Role Variables -------------- @@ -91,8 +97,8 @@ sap_hana_preconfigure_configuration ### Define configuration steps of SAP notes For defining one or more configuration steps of SAP notes to be executed or checked only, set variable `sap_hana_preconfigure_config_all` to `no`, `sap_hana_preconfigure_configuration` to `yes`, and one or more of the following variables to `yes`: ```yaml -sap_hana_preconfigure_2777782_[01...10], example: sap_hana_preconfigure_2777782_05 -sap_hana_preconfigure_2292690_[01...10], example: sap_hana_preconfigure_2292690_02 +sap_hana_preconfigure_2777782_[02...10], example: sap_hana_preconfigure_2777782_05 +sap_hana_preconfigure_2292690_[01...07,09,10], example: sap_hana_preconfigure_2292690_02 sap_hana_preconfigure_2009879_3_9 sap_hana_preconfigure_2009879_3_14_[1...4] sap_hana_preconfigure_2009879_3_15 @@ -156,6 +162,19 @@ If you want the role to set the RHEL release to a certain fixed minor release (a sap_hana_preconfigure_set_minor_release ``` +### Minimum package check +The following variable will make sure packages are installed at minimum required versions as defined in files `vars/*.yml`. Default is `yes`. +```yaml +sap_hana_preconfigure_min_package_check +``` + +### Perform a yum update +If the following variable is set to `yes`, the role will run a `yum update` before performing configuration changes. Default is `no`. \ +*Note*: The outcome of a `yum update` depends on the managed node's configuration for sticky OS minor version, see the description of the release option in `man subscription-manager`. For SAP HANA installations, setting a certain minor version with `subscscription-manager release --set=X.Y` is a strict requirement. +```yaml +sap_hana_preconfigure_update +``` + ### Add the repository for IBM service and productivity tools for POWER (ppc64le only) In case you do *not* want to automatically add the repository for the IBM service and productivity tools, set the following variable to `no`. Default is `yes`, meaning that the role will download and install the package specified in variable sap_hana_preconfigure_ibm_power_repo_url (see below) and also run the command /opt/ibm/lop/configure to accept the license. ```yaml @@ -183,12 +202,6 @@ By setting the variable to `no`, the role will not fail if a reboot is required sap_hana_preconfigure_fail_if_reboot_required ``` -### Define SELinux state -The following variable allows for defining the desired SELinux state. Default is `disabled`. -```yaml -sap_hana_preconfigure_selinux_state -``` - ### Use tuned profile sap-hana By default, the role will activate tuned profile `sap-hana` for configuring kernel parameters (where possible). If you do not want to use the tuned profile sap-hana, set the following variable to `no`. In this case, the role will also modify GRUB_CMDLINE_LINUX, no matter how variable `sap_hana_preconfigure_modify_grub_cmdline_linux` (see below) is set. @@ -227,7 +240,7 @@ into the variable sap_hana_preconfigure_kernel_parameters and add or change your ```yaml sap_hana_preconfigure_kernel_parameters: - { name: net.core.somaxconn, value: 4096 } - - { name: net.ipv4.tcp_max_syn_backlog, value: 8192} + - { name: net.ipv4.tcp_max_syn_backlog, value: 8192 } - { name: net.ipv4.tcp_timestamps, value: 1 } - { name: net.ipv4.tcp_slow_start_after_idle, value: 0 } ``` diff --git a/defaults/main.yml b/defaults/main.yml index 50d8e14..b63c14b 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -24,7 +24,6 @@ ## examples for RHEL8: #sap_hana_preconfigure_2777782_03: yes #sap_hana_preconfigure_2777782_10: yes -#sap_hana_preconfigure_2772999_09: yes ## both: #sap_hana_preconfigure_2382421: yes @@ -107,7 +106,8 @@ sap_hana_preconfigure_ppcle_mtu9000_if: '' ## defaults to all interfaces sap_hana_preconfigure_ppcle_tso_if: "{{ ansible_interfaces| difference(['lo']) }}" -sap_hana_preconfigure_selinux_state: "{{ __sap_hana_preconfigure_selinux_state }}" +# SELinux is already configured in role sap-preconfigure: +#sap_hana_preconfigure_selinux_state: "{{ __sap_hana_preconfigure_selinux_state }}" sap_hana_preconfigure_use_tuned: yes diff --git a/tasks/RedHat/assert-installation.yml b/tasks/RedHat/assert-installation.yml index eda7d22..55346b9 100644 --- a/tasks/RedHat/assert-installation.yml +++ b/tasks/RedHat/assert-installation.yml @@ -169,7 +169,7 @@ args: warn: false changed_when: false - ignore_errors: "{{ sap_hana_preconfigure_ignore_errors|d(false) }}" + ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors|d(false) }}" when: sap_hana_preconfigure_update - name: Assert that there are no more possible package updates diff --git a/tasks/sapnote/2292690.yml b/tasks/sapnote/2292690.yml index 8b4c95c..3137f22 100644 --- a/tasks/sapnote/2292690.yml +++ b/tasks/sapnote/2292690.yml @@ -22,7 +22,7 @@ - import_tasks: 2292690/07-disable-ksm.yml when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2292690_07|d(false) -# We can skip the following task as it is already part of role sap-preconfigure: +# SELinux is already configured in role sap-preconfigure: #- import_tasks: 2292690/08-disable-selinux.yml # when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2292690_08|d(false) diff --git a/tasks/sapnote/2777782.yml b/tasks/sapnote/2777782.yml index ec4677f..8c904bb 100644 --- a/tasks/sapnote/2777782.yml +++ b/tasks/sapnote/2777782.yml @@ -1,8 +1,9 @@ --- # tasks file for sap-hana-preconfigure configuration -- import_tasks: 2777782/01-disable-selinux.yml - when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_01|d(false) +# SELinux is already configured in role sap-preconfigure: +#- import_tasks: 2777782/01-disable-selinux.yml +# when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_01|d(false) - import_tasks: 2777782/02-configure-tuned.yml when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_02|d(false) diff --git a/tasks/sapnote/assert-2292690.yml b/tasks/sapnote/assert-2292690.yml index 588f6c8..b9a5cf2 100644 --- a/tasks/sapnote/assert-2292690.yml +++ b/tasks/sapnote/assert-2292690.yml @@ -25,9 +25,9 @@ - import_tasks: 2292690/07-assert-ksm.yml when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2292690_07|d(false) -# The following task is already part of role sap-preconfigure: -- import_tasks: 2292690/08-assert-selinux.yml - when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2292690_08|d(false) +# SELinux is already configured in role sap-preconfigure: +#- import_tasks: 2292690/08-assert-selinux.yml +# when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2292690_08|d(false) - import_tasks: 2292690/09-assert-etc-sudoers.yml when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2292690_09|d(false) diff --git a/tasks/sapnote/assert-2777782.yml b/tasks/sapnote/assert-2777782.yml index e226e00..995960a 100644 --- a/tasks/sapnote/assert-2777782.yml +++ b/tasks/sapnote/assert-2777782.yml @@ -4,9 +4,9 @@ - debug: msg: "sapnote/assert-2777782.yml" -# The following task is already part of role sap-preconfigure: -- import_tasks: 2777782/01-assert-selinux.yml - when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_01|d(false) +# SELinux is already configured in role sap-preconfigure: +#- import_tasks: 2777782/01-assert-selinux.yml +# when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_01|d(false) - import_tasks: 2777782/02-assert-tuned.yml when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_02|d(false) diff --git a/vars/main.yml b/vars/main.yml index 183f4a1..490b0fc 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -7,7 +7,8 @@ # Default parameter file for SYSCTL settings according to SAP NOTE 2382421 __sap_hana_preconfigure_etc_sysctl_saphana_conf: /etc/sysctl.d/sap_hana.conf -__sap_hana_preconfigure_selinux_state: disabled +# SELinux is already configured in role sap-preconfigure: +#__sap_hana_preconfigure_selinux_state: disabled __sap_hana_preconfigure_run_grub2_mkconfig: yes