rhel-system-roles-sap/SOURCES/sap-hana-preconfigure-7ffd72dcbb8cda6e9b12d9d9f23a20866b143d02.patch

commit 7ffd72dcbb8cda6e9b12d9d9f23a20866b143d02
Author: Bernd Finger <bfinger@redhat.com>
Date:   Tue Feb 23 18:52:16 2021 +0100

    fix issues #163 and #164

diff --git a/README.md b/README.md
index b6f6232..74ca820 100644
--- a/README.md
+++ b/README.md
@@ -62,7 +62,7 @@ Do not run this role against an SAP HANA or other production system. The role wi
 
 Changes
 -------
-The previous version of this role used variable sap_hana_preconfigure_use_tuned_where_possible to switch between either tuned settings or kernel command line settings (where applicable).
+1) Previous versions of this role used variable sap_hana_preconfigure_use_tuned_where_possible to switch between either tuned settings or kernel command line settings (where applicable).
 The current version modifies this behavior:
 - The variable sap_hana_preconfigure_use_tuned_where_possible has been renamed to sap_hana_preconfigure_use_tuned
 - The variable sap_hana_preconfigure_switch_to_tuned_profile_sap_hana has been removed.
@@ -70,6 +70,12 @@ The current version modifies this behavior:
   If sap_hana_preconfigure_use_tuned is set to `no`, the role will perform a static configuration, including the modification of the linux command line in grub.
 - The role can use tuned, or configure the kernel command line, or both.
 
+2) Previous versions of this role used variable sap_hana_preconfigure_selinux_state to set the SELinux state to disabled, which is mentioned in
+SAP notes 2292690 (RHEL 7) and 2777782 (RHEL 8). As role sap-preconfigure already allows to specify the desired SELinux state, and as
+sap-preconfigure is run before sap-hana-preconfigure, there is no need any more to let sap-hana-preconfigure configure the SELinux state.
+Same applies to the assertion of the SELinux state. Because of this, variable sap_hana_preconfigure_selinux_state has been removed from this role and
+tasks 2292690/08-disable-selinux.yml and 2777782/01-assert-selinux.yml have been commented out.
+
 Role Variables
 --------------
 
@@ -91,8 +97,8 @@ sap_hana_preconfigure_configuration
 ### Define configuration steps of SAP notes
 For defining one or more configuration steps of SAP notes to be executed or checked only, set variable `sap_hana_preconfigure_config_all` to `no`, `sap_hana_preconfigure_configuration` to `yes`, and one or more of the following variables to `yes`:
 ```yaml
-sap_hana_preconfigure_2777782_[01...10], example: sap_hana_preconfigure_2777782_05
-sap_hana_preconfigure_2292690_[01...10], example: sap_hana_preconfigure_2292690_02
+sap_hana_preconfigure_2777782_[02...10], example: sap_hana_preconfigure_2777782_05
+sap_hana_preconfigure_2292690_[01...07,09,10], example: sap_hana_preconfigure_2292690_02
 sap_hana_preconfigure_2009879_3_9
 sap_hana_preconfigure_2009879_3_14_[1...4]
 sap_hana_preconfigure_2009879_3_15
@@ -156,6 +162,19 @@ If you want the role to set the RHEL release to a certain fixed minor release (a
 sap_hana_preconfigure_set_minor_release
 ```
 
+### Minimum package check
+The following variable will make sure packages are installed at minimum required versions as defined in files `vars/*.yml`. Default is `yes`.
+```yaml
+sap_hana_preconfigure_min_package_check
+```
+
+### Perform a yum update
+If the following variable is set to `yes`, the role will run a `yum update` before performing configuration changes. Default is `no`. \
+*Note*: The outcome of a `yum update` depends on the managed node's configuration for sticky OS minor version, see the description of the release option in `man subscription-manager`. For SAP HANA installations, setting a certain minor version with `subscscription-manager release --set=X.Y` is a strict requirement.
+```yaml
+sap_hana_preconfigure_update
+```
+
 ### Add the repository for IBM service and productivity tools for POWER (ppc64le only)
 In case you do *not* want to automatically add the repository for the IBM service and productivity tools, set the following variable to `no`. Default is `yes`, meaning that the role will download and install the package specified in variable sap_hana_preconfigure_ibm_power_repo_url (see below) and also run the command /opt/ibm/lop/configure to accept the license.
 ```yaml
@@ -183,12 +202,6 @@ By setting the variable to `no`, the role will not fail if a reboot is required
 sap_hana_preconfigure_fail_if_reboot_required
 ```
 
-### Define SELinux state
-The following variable allows for defining the desired SELinux state. Default is `disabled`.
-```yaml
-sap_hana_preconfigure_selinux_state
-```
-
 ### Use tuned profile sap-hana
 By default, the role will activate tuned profile `sap-hana` for configuring kernel parameters (where possible). If you do not want to use the tuned profile sap-hana,
 set the following variable to `no`. In this case, the role will also modify GRUB_CMDLINE_LINUX, no matter how variable `sap_hana_preconfigure_modify_grub_cmdline_linux` (see below) is set.
@@ -227,7 +240,7 @@ into the variable sap_hana_preconfigure_kernel_parameters and add or change your
 ```yaml
 sap_hana_preconfigure_kernel_parameters:
   - { name: net.core.somaxconn, value: 4096 }
-  - { name: net.ipv4.tcp_max_syn_backlog, value: 8192}
+  - { name: net.ipv4.tcp_max_syn_backlog, value: 8192 }
   - { name: net.ipv4.tcp_timestamps, value: 1 }
   - { name: net.ipv4.tcp_slow_start_after_idle, value: 0 }
 ```
diff --git a/defaults/main.yml b/defaults/main.yml
index 50d8e14..b63c14b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -24,7 +24,6 @@
 ## examples for RHEL8:
 #sap_hana_preconfigure_2777782_03: yes
 #sap_hana_preconfigure_2777782_10: yes
-#sap_hana_preconfigure_2772999_09: yes
 ## both:
 #sap_hana_preconfigure_2382421: yes
 
@@ -107,7 +106,8 @@ sap_hana_preconfigure_ppcle_mtu9000_if: ''
 ## defaults to all interfaces
 sap_hana_preconfigure_ppcle_tso_if: "{{ ansible_interfaces| difference(['lo']) }}"
 
-sap_hana_preconfigure_selinux_state: "{{ __sap_hana_preconfigure_selinux_state }}"
+# SELinux is already configured in role sap-preconfigure:
+#sap_hana_preconfigure_selinux_state: "{{ __sap_hana_preconfigure_selinux_state }}"
 
 sap_hana_preconfigure_use_tuned: yes
 
diff --git a/tasks/RedHat/assert-installation.yml b/tasks/RedHat/assert-installation.yml
index eda7d22..55346b9 100644
--- a/tasks/RedHat/assert-installation.yml
+++ b/tasks/RedHat/assert-installation.yml
@@ -169,7 +169,7 @@
   args:
     warn: false
   changed_when: false
-  ignore_errors: "{{ sap_hana_preconfigure_ignore_errors|d(false) }}"
+  ignore_errors: "{{ sap_hana_preconfigure_assert_ignore_errors|d(false) }}"
   when: sap_hana_preconfigure_update
 
 - name: Assert that there are no more possible package updates
diff --git a/tasks/sapnote/2292690.yml b/tasks/sapnote/2292690.yml
index 8b4c95c..3137f22 100644
--- a/tasks/sapnote/2292690.yml
+++ b/tasks/sapnote/2292690.yml
@@ -22,7 +22,7 @@
 - import_tasks: 2292690/07-disable-ksm.yml
   when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2292690_07|d(false)
 
-# We can skip the following task as it is already part of role sap-preconfigure:
+# SELinux is already configured in role sap-preconfigure:
 #- import_tasks: 2292690/08-disable-selinux.yml
 #  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2292690_08|d(false)
 
diff --git a/tasks/sapnote/2777782.yml b/tasks/sapnote/2777782.yml
index ec4677f..8c904bb 100644
--- a/tasks/sapnote/2777782.yml
+++ b/tasks/sapnote/2777782.yml
@@ -1,8 +1,9 @@
 ---
 # tasks file for sap-hana-preconfigure configuration
 
-- import_tasks: 2777782/01-disable-selinux.yml
-  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_01|d(false)
+# SELinux is already configured in role sap-preconfigure:
+#- import_tasks: 2777782/01-disable-selinux.yml
+#  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_01|d(false)
 
 - import_tasks: 2777782/02-configure-tuned.yml
   when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_02|d(false)
diff --git a/tasks/sapnote/assert-2292690.yml b/tasks/sapnote/assert-2292690.yml
index 588f6c8..b9a5cf2 100644
--- a/tasks/sapnote/assert-2292690.yml
+++ b/tasks/sapnote/assert-2292690.yml
@@ -25,9 +25,9 @@
 - import_tasks: 2292690/07-assert-ksm.yml
   when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2292690_07|d(false)
 
-# The following task is already part of role sap-preconfigure:
-- import_tasks: 2292690/08-assert-selinux.yml
-  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2292690_08|d(false)
+# SELinux is already configured in role sap-preconfigure:
+#- import_tasks: 2292690/08-assert-selinux.yml
+#  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2292690_08|d(false)
 
 - import_tasks: 2292690/09-assert-etc-sudoers.yml
   when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2292690_09|d(false)
diff --git a/tasks/sapnote/assert-2777782.yml b/tasks/sapnote/assert-2777782.yml
index e226e00..995960a 100644
--- a/tasks/sapnote/assert-2777782.yml
+++ b/tasks/sapnote/assert-2777782.yml
@@ -4,9 +4,9 @@
 - debug:
     msg: "sapnote/assert-2777782.yml"
 
-# The following task is already part of role sap-preconfigure:
-- import_tasks: 2777782/01-assert-selinux.yml
-  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_01|d(false)
+# SELinux is already configured in role sap-preconfigure:
+#- import_tasks: 2777782/01-assert-selinux.yml
+#  when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_01|d(false)
 
 - import_tasks: 2777782/02-assert-tuned.yml
   when: sap_hana_preconfigure_config_all|d(true) or sap_hana_preconfigure_2777782_02|d(false)
diff --git a/vars/main.yml b/vars/main.yml
index 183f4a1..490b0fc 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -7,7 +7,8 @@
 # Default parameter file for SYSCTL settings according to SAP NOTE 2382421
 __sap_hana_preconfigure_etc_sysctl_saphana_conf: /etc/sysctl.d/sap_hana.conf
 
-__sap_hana_preconfigure_selinux_state: disabled
+# SELinux is already configured in role sap-preconfigure:
+#__sap_hana_preconfigure_selinux_state: disabled
 
 __sap_hana_preconfigure_run_grub2_mkconfig: yes