suse / saphanabootstrap-formula Goto Github PK

View Code? Open in Web Editor NEW

18.0 15.0 17.0 429 KB

SAP HANA platform bootstrap salt formula

License: Apache License 2.0

SaltStack 55.53% Shell 0.27% Jinja 37.90% Makefile 6.30%

saphanabootstrap-formula saltstack-formula hana sap clusters

saphanabootstrap-formula's Introduction

SAP HANA platform bootstrap Salt formula

Salt formula to bootstrap and manage a multi SAP HANA platform environment.

Features

The formula provides the capability to create a multi node SAP HANA environment. Here are some of the features:

Install one or multiple SAP HANA instances (in one or multiple nodes)
Setup a System replication configuration between two SAP HANA nodes
Extract the required files from the provided .tar, .sar, .exe files
Apply saptune to the nodes with the needed SAP notes
Enable all of the pre-requirements to setup a HA cluster in top of SAP HANA system replication cluster
Install and configure the handb_exporter

Installation

The project can be installed in many ways, including but not limited to:

RPM
Manual clone

RPM

On openSUSE or SUSE Linux Enterprise use zypper package manager:

zypper install saphanabootstrap-formula

Important! This will install the formula in /usr/share/salt-formulas/states/hana. In case the formula is used in a masterless mode, make sure that the /usr/share/salt-formulas/states entry is correctly configured in the file_roots entry of the Salt minion configuration.

Depending on the patch level of the target system and the release cycle of this project, the package in the regular repository might not be the latest one. If you want the latest features, have a look in the test development repositories at SUSE's Open Build Service network:ha-clustering:sap-deployments:devel/saphanabootstrap-formula.

Manual Installation

A manual installation can be done by cloning this repository:

git clone https://github.com/SUSE/saphanabootstrap-formula

Important! This will not install the the formula anywhere where salt can find it. If the formula is used in a masterless mode, also make sure to copy the complete netweaver subdirectory to location defined in file_roots entry of your Salt minion configuration.

I. e.:

cd saphanabootstrap-formula
cp -R hana /srv/salt

Important! The formulas depends on salt-shaptools package. Make sure it is installed properly if you follow the manual installation (the package can be installed as a RPM package too).

Usage

Follow the next steps to configure the formula execution. After this, the formula can be executed using master/minion or masterless options:

Modify the top.sls file (by default stored in /srv/salt) including the hana entry.

Here is an example to execute the HANA formula in all of the nodes:
```
# This file is /srv/salt/top.sls
base:
  '*':
    - hana
```
Customize the execution pillar file. Here an example of a pillar file for this formula with all of the options: pillar.example The pillar.example can be found either as a link to the file in the master branch or a file in the file system at /usr/share/salt-formulas/metadata/hana/pillar.example.
Set the execution pillar file. For that, modify the top.sls of the pillars (by default stored in /srv/pillar) including the hana entry and copy your specific hana.sls pillar file in the same folder.

Here an example to apply the recently created hana.sls pillar file to all of the nodes:
```
# This file is /srv/pillar/top.sls
base:
  '*':
    - hana
```
Execute the formula.
1. Master/Minion execution.
  
  salt '*' state.highstate
2. Masterless execution.
  
  salt-call --local state.highstate

Important! The hostnames and minion names of the HANA nodes must match the output of the hostname command.

Salt pillar encryption

Pillars are expected to contain private data such as user passwords required for the automated installation or other operations. Therefore, such pillar data need to be stored in an encrypted state, which can be decrypted during pillar compilation.

SaltStack GPG renderer provides a secure encryption/decryption of pillar data. The configuration of GPG keys and procedure for pillar encryption are described in the Saltstack documentation guide:

Note:

Only passwordless gpg keys are supported, and the already existing keys cannot be used.
If a masterless approach is used (as in the current automated deployment) the gpg private key must be imported in all the nodes. This might require the copy/paste of the keys.

OBS Packaging

The CI automatically publishes new releases to SUSE's Open Build Service every time a pull request is merged into master branch. For that, update the new package version in _service and add the new changes in saphanabootstrap-formula.changes.

The new version is published at:

https://build.opensuse.org/package/show/network:ha-clustering:sap-deployments:devel/saphanabootstrap-formula
https://build.opensuse.org/package/show/openSUSE:Factory/saphanabootstrap-formula (only if the spec file version is increased)

saphanabootstrap-formula's People

Contributors

Stargazers

Watchers

Forkers

arbulu89 diegoakechi simranpal mallozup varkoly stefanotorresi manianls tubbz-alt emaksy foxtrot1987 pirat013 rtorrero yeoldegrove aleksei-burlakov melzer-b1 mr-stringer meaksh

saphanabootstrap-formula's Issues

config file option not documented

the config file option is not documented but exists.
Its also not mentioned in the pillar.example file where it at minimal should be shown

add SAPHanaSR takeover blocker

The "SAPHanaSR takeover blocker" feature described in https://www.suse.com/c/sap-hana-cockpit-with-suse-ha-integration-greatly-improves-data-integrity/ would be a good addition.

simplify pkg installation especiall pattern

https://github.com/SUSE/saphanabootstrap-formula/blob/master/hana/packages.sls#L9

error

module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): [CRITICAL] Rendering SLS 'base:cluster.packages' failed: Problem running salt function in Jinja template: Zypper command failure: Check Zypper's logs.; line 11 module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): --- module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): [...] module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): {% if grains['os_family'] == 'Suse' %} module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): {% set pattern_available = salt['cmd.retcode']('zypper search patterns-ha-ha_sles') %} module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): {% endif %} module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): {% if pattern_available == 0 %} module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): {% set repo = salt['pkg.info_available']('patterns-ha-ha_sles')['patterns-ha-ha_sles']['repository'] %} <====================== module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): patterns-ha-ha_sles: module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): pkg.installed: module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): - fromrepo: {{ repo }} module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): - retry: module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): attempts: 3 module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): [...] module.hana_node.null_resource.hana_node_provisioner[1] (remote-exec): ---
`

proposed solution

we should simplify this by just installing it without jinja functions.
(to do : https://github.com/uyuni-project/sumaform/blob/e9664647208498cf5b0b79695fa647c37a172dcf/salt/suse_manager_server/init.sls#L32)

this will fix also issue SUSE/ha-sap-terraform-deployments#140

salt-formula finish to fast

Running the formula as single task showed, that i still can not connect/login to the database after the salt call is finished, as the database is still starting up.
It would be helpful to do something like a check if its accessible, before finishing the formula, especial in an fully automated workflow

do not run enablement of primary/secondary a second time

In case the formula is run a second time, the whole code in hana/enable_primary.sls and hana/enable_secondary.sls is run a second time. This means a service interruption.

Something like 42245b9 could be an option to prevent this.
Ideally this is solved in salt-shaptools.

Azure: g_ip_{{ sid }}_HDB{{ instance }} is not moving together with SAP master

In Azure, I have noticed that the resource agents group composed by socat and ip address it's not properly colocated with SAP master.
Most probably due colocation value after we changed socat resource to azure-lb.
The official docs says 4000 of value, but we use 2000.
We should change the template, test and fix the issue.

sudo crm configure primitive rsc_nc_HN1_HDB03 azure-lb port=62503 \
  meta resource-stickiness=0

sudo crm configure group g_ip_HN1_HDB03 rsc_ip_HN1_HDB03 rsc_nc_HN1_HDB03

sudo crm configure colocation col_saphana_ip_HN1_HDB03 4000: g_ip_HN1_HDB03:Started \
  msl_SAPHana_HN1_HDB03:Master

https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/sap-hana-high-availability

The root & SAP administrator passwords should be optional

We're using this Salt formula in the Terraform deployments where we use SSH public keys. These passwords should be optional IMHO.

        root_user: 'root'
        root_password: 'linux'
        system_user_password: 'Qwerty1234'
        sapadm_password: 'Qwerty1234'

pillar.example file is not consistent

The pillar example file should show the key value pairs in a consistent state
Sometime its provided as comment only
but on other areas it shows e.g. two different methods as active values
e.g.
# Fetch HANA passwords from XML file
-> hdb_pwd_file: 'salt://passwords.xml'
# Or specify HANA system & sapadm users' passwords like below
^^^^^
-> system_user_password: 'Qwerty1234'
sapadm_password: 'Qwerty1234'

enable SAPHanaSR-ScaleOut multi-target system replication

Starting with version 0.180 the SAPHanaSR-ScaleOut package supports SAP HANA scale-out multi-target system replication. That means you can connect a third HANA site by system replication to either of the two HANA sites which are managed by the SUSE HA cluster.

More Details can be found here:
https://www.suse.com/c/sap-hana-scale-out-upgrade-details/
https://www.suse.com/c/sap-hana-scale-out-multi-target-upgrade/

To enable this feature, a different hook script needs to be used:
~~/usr/share/SAPHanaSR-ScaleOut/SAPHanaSR.py~~
/usr/share/SAPHanaSR-ScaleOut/SAPHanaSrMultiTarget.py

use template files like netweaver formula

So I was researching how to inject the gid and id for active directory integration and I found out that the best and elegant approach is to inject template files like https://github.com/SUSE/sapnwbootstrap-formula/blob/82f104952d812f4413920b8e38e63a95fc8984c5/netweaver/install_ascs.sls#L16

So having a template file, I would then from the deployment project modify those variable on the file adding if the ad present these vars. Then the formula here (hana) would just take the template file with the modified vars.

I have considered the pillar or other approaches/grains but I still considered that if we expose such files as template, it will be much more clear and easy to understand the whole machinery.

As alternative there is the grain approach where during the deployment, we set grains like ad_sapys_gid , ad_userid so and the formula here would take in case the exists.

On longerm, I think perhaps having a template file would simplify the install.

I was also thinking that the install function is to much "intelligent" or take to much responsability.

Imho we should split this call, in different phase:

create conf file
validate etc if needed
install
do post install if needed

Actually right now the install function is doing everything of this, which make difficult imho to have a fine grained debugging experience.

I will meanwhile explore the grain approach