deploy/ansible/playbook_01_os_base_config.yaml (279 lines of code) (raw):
# Copyright (c) Microsoft Corporation.
# Licensed under the MIT License.
---
# /*---------------------------------------------------------------------------8
# | |
# | Preparation for performing general baseline OS configuration tasks |
# | |
# +------------------------------------4--------------------------------------*/
- hosts: localhost
name: "OS configuration playbook: - Initialization"
gather_facts: true
vars_files:
- vars/ansible-input-api.yaml # API Input template with defaults
tasks:
- name: "OS configuration playbook: - Ensure jmespath is installed in the playbook python"
ansible.builtin.pip:
name: jmespath
state: present
tags:
- always
- name: "OS configuration playbook: - Create Progress folder"
ansible.builtin.file:
path: "{{ _workspace_directory }}/.progress"
state: directory
mode: 0755
tags:
- always
- name: "OS configuration playbook: - Remove os-install-done flag"
ansible.builtin.file:
path: "{{ _workspace_directory }}/.progress/os-configuration-done"
state: absent
tags:
- always
- name: "OS configuration playbook: - Read password"
ansible.builtin.include_role:
name: roles-misc/0.1-passwords
tasks_from: windows.yaml
when:
- platform == "SQLSERVER"
tags:
- always
- 0.1-win-passwords
# /*---------------------------------------------------------------------------8
# | |
# | Playbook for performing general baseline OS configuration tasks |
# | |
# +------------------------------------4--------------------------------------*/
- hosts: "{{ sap_sid | upper }}_DB :
{{ sap_sid | upper }}_SCS :
{{ sap_sid | upper }}_ERS :
{{ sap_sid | upper }}_PAS :
{{ sap_sid | upper }}_ERS :
{{ sap_sid | upper }}_APP :
{{ sap_sid | upper }}_WEB :
{{ sap_sid | upper }}_OBSERVER_DB"
name: "OS - Base Configuration"
remote_user: "{{ orchestration_ansible_user }}"
gather_facts: true # Important to collect hostvars information
any_errors_fatal: true
vars_files:
- vars/ansible-input-api.yaml # API Input template with defaults
# -----------------------------------+---------------------------------------8
#
# Build the list of tasks to be executed in order here.
#
# -----------------------------------+---------------------------------------8
tasks:
- name: "OS Configuration - Linux based systems"
become: true
become_user: "root"
block:
- name: "OS configuration playbook: - Set os fact"
ansible.builtin.set_fact:
tier: os
tags:
- always
- name: "OS configuration playbook: - Create directories"
become: true
ansible.builtin.file:
path: '/etc/sap_deployment_automation/{{ sap_sid | upper }}'
state: directory
mode: '0755'
tags:
- always
- name: "OS configuration playbook: - Set sudoers"
ansible.builtin.include_role:
name: roles-os/1.0-sudoers
tags:
- 1.0-sudoers
- name: "OS configuration playbook: - Set swap"
ansible.builtin.include_role:
name: roles-os/1.1-swap
tags:
- 1.1-swap
- name: "OS configuration playbook: - Set hostname"
ansible.builtin.include_role:
name: roles-os/1.2-hostname
tags:
- 1.2-hostname
- name: "OS configuration playbook: - Ensure the repositories are registered"
ansible.builtin.include_role:
name: roles-os/1.3-repository
tags:
- 1.3-repository
- name: "OS configuration playbook: - Ensure the packages are registered"
ansible.builtin.include_role:
name: roles-os/1.4-packages
tags:
- 1.4-packages
- name: "OS configuration playbook: - Configure volume groups and logical volumes"
when: node_tier not in ["oracle-multi-sid", "oracle-asm"]
ansible.builtin.include_role:
name: roles-os/1.5-disk-setup
tags:
- 1.5-disk-setup
- name: "OS configuration playbook: - Configure volume groups and logical volumes (sharedHome)"
when: node_tier == "oracle-multi-sid"
ansible.builtin.include_role:
name: roles-os/1.5.2-disk-setup-ora-multi-sid
tags:
- 1.5.2-disk-setup-ora-multi-sid
- name: "OS configuration playbook: - Chrony role"
ansible.builtin.include_role:
name: roles-os/1.7-chrony
tags:
- 1.7-chrony
- name: "OS configuration playbook: - Ensure the kernel parameters are set"
ansible.builtin.include_role:
name: roles-os/1.9-kernelparameters
tags:
- 1.9-kernelparameters
- name: "OS configuration playbook: - Configure networking"
when: ansible_os_family | upper == "REDHAT"
ansible.builtin.include_role:
name: roles-os/1.10-networking
tags:
- 1.10-networking
- name: "OS configuration playbook: - Configure accounts"
ansible.builtin.include_role:
name: roles-os/1.11-accounts
tags:
- 1.11-accounts
- name: "OS configuration playbook: - Configure accounts (Oracle)"
when: node_tier in ["oracle", "observer"]
ansible.builtin.include_role:
name: roles-os/1.11-accounts
vars:
tier: ora
- name: "OS configuration playbook: - Configure MOTD"
ansible.builtin.include_role:
name: roles-os/1.13-MOTD
tags:
- 1.13-MOTD
- name: "OS configuration playbook: - Ensure the needed services are started"
ansible.builtin.include_role:
name: roles-os/1.16-services
tags:
- 1.16-services
- name: "OS configuration playbook: - Configure Prometheus"
when:
- prometheus
- ansible_os_family | upper == "SUSE" or ansible_os_family | upper == "REDHAT"
ansible.builtin.include_role:
name: roles-os/1.20-prometheus
tags:
- 1.20-prometheus
when:
- ansible_os_family != "Windows"
- name: OS Configuration - Windows based systems
when:
- ansible_os_family == "Windows"
block:
- name: "OS configuration playbook: - Set os fact"
ansible.builtin.set_fact:
tier: os
tags:
- always
- name: "OS configuration playbook: - Debug"
ansible.builtin.debug:
var: hostvars.localhost
verbosity: 4
- name: "OS configuration playbook: - Add Needed packages"
ansible.builtin.include_role:
name: roles-os/windows/1.4-packages
tags:
- 1.4-packages
- name: "OS configuration playbook: - Set swap"
ansible.builtin.include_role:
name: roles-os/windows/1.1-swap
tags:
- 1.1-swap
- name: "OS configuration playbook: - Memory Dump"
ansible.builtin.include_role:
name: roles-os/windows/1.2-memory-dump
tags:
- 1.2-memory-dump
- name: "OS configuration playbook: - Configure Disks"
ansible.builtin.include_role:
name: roles-os/windows/1.5-disk-setup
tags:
- 1.5-disk-setup
- name: "OS configuration playbook: - Disable the Firewall"
ansible.builtin.include_role:
name: roles-os/windows/1.10-firewall
tags:
- 1.10-firewall
- name: "OS configuration playbook: - Join Domain"
ansible.builtin.include_role:
name: roles-os/windows/1.11-domain-join
vars:
winadm_password: "{{ hostvars.localhost.winadm_password }}"
domain_service_password: "{{ hostvars.localhost.adsvc_password }}"
domain_service_account: "{{ hostvars.localhost.adsvc_account }}"
tags:
- 1.11-domain-join
- name: "OS configuration playbook: - Checks"
when:
- scs_high_availability
block:
- name: "OS configuration playbook: - Check if required DNS entries are made"
ansible.windows.win_shell: "[System.Net.DNS]::Resolve('{{ sap_sid | lower }}scs{{ scs_instance_number }}cl1').AddressList.IPAddressToString"
register: dns_check_results
failed_when: dns_check_results.rc > 0
- name: "OS configuration playbook: - Check if required DNS entries are made"
ansible.builtin.set_fact:
dns_in_AD: "{{ dns_check_results.stdout_lines[0] }}"
when:
- dns_check_results is defined
tags:
- always
- name: "OS configuration playbook: - Check if required DNS entries match"
ansible.builtin.assert:
that: "dns_in_AD == scs_lb_ip"
fail_msg: "The DNS entry for the SCS cluster is not correct in Active Directory"
when:
- dns_in_AD is defined
- name: "OS configuration playbook: - Check if required DNS entries are made - show results"
ansible.builtin.debug:
msg: "DNS query results: {{ dns_check_results.stdout }}"
verbosity: 2
when:
- dns_check_results is defined
# /*---------------------------------------------------------------------------8
# | |
# | Playbook for configuring the iSCSI hosts |
# | |
# +------------------------------------4--------------------------------------*/
- hosts: "{{ sap_sid | upper }}_ISCSI"
name: "ISCSI - Base Configuration"
remote_user: "{{ orchestration_ansible_user }}"
gather_facts: true # Important to collect hostvars information
any_errors_fatal: true
vars_files:
- vars/ansible-input-api.yaml # API Input template with defaults
# -----------------------------------+---------------------------------------8
#
# Build the list of tasks to be executed in order here.
#
# -----------------------------------+---------------------------------------8
tasks:
- name: "OS Configuration - Linux based systems"
become: true
become_user: "root"
block:
- name: "OS configuration playbook: - Set os fact"
ansible.builtin.set_fact:
tier: issci
tags:
- always
- name: "Create directories"
become: true
ansible.builtin.file:
path: '/etc/sap_deployment_automation/{{ sap_sid | upper }}'
state: directory
mode: '0755'
tags:
- always
- name: "OS configuration playbook: - Ensure the packages are registered"
ansible.builtin.include_role:
name: roles-os/1.4-packages
tags:
- 1.4-packages
- name: "OS configuration playbook: - Ensure the needed services are started"
ansible.builtin.include_role:
name: roles-os/1.16-services
tags:
- 1.16-services
- name: "OS configuration playbook: - Ensure the needed services are started"
ansible.builtin.include_role:
name: roles-sap-os/2.11-iscsi-server
tags:
- 2.11-iSCSI-server
- hosts: localhost
name: "OS configuration playbook: - Initialization"
gather_facts: true
vars_files:
- vars/ansible-input-api.yaml # API Input template with defaults
tasks:
- name: "OS configuration playbook: - Create os-configuration-done flag"
ansible.builtin.file:
path: "{{ _workspace_directory }}/.progress/os-configuration-done"
state: touch
mode: 0755
tags:
- always
...
# /*----------------------------------------------------------------------------8
# | END |
# +------------------------------------4--------------------------------------*/