3.8.3 Release (#454)

* naming update

* Use the account ID

* Add a try statement for ANF account name

* Add a try statement for ANF pool name

* Fix for empty arm_id

* create empty dictionary

* change uuid

* Change networkFeatures

* provide empty dictionary

* Fix HANA log

* fix creationToken

* set unixPermissions

* unixPermissions

* removed unix

* add try for capacityPoolResourceId

* serviceLevel             = "Premium"

* set kerberos5xReadOnly to false

* service_level

* Add Zonal support

* xompact the volumes

* improve readability

* AVG updates

* Use the second ppg

* zonality fixes for avg

* If AVGs are used don't create standalone volumes

* correct spec

* AVG ppg logic

* Updated the creationToken

* Create the volumes

* Add dependencies

* Check the output

* Use output

* Use the AVG name

* Support updating the AVG

* location is not needed

* User standard azurerm

* remove azapi

* simplify enumerator

* remove azapi

* added resource_group_name =

* enumerator

* change provider

* HANA data data source

* HANA shared output

* Add secondary sapmnt

* Incorrect function

* make sapmnt multi value

* Don't have sap_mnt as list

* Don't look for HANA shared if it is provided by ANF

* Default to no shared disk

* HANA shared disk logic

* hana_shared_mountpoint logic

* missing if

* Debug adding shared disk

* Removed the hana shared disk from main dictionary

* Add zones to AVG volumes

* No zonal support

* Use Ansible's magic variables for mounts

* Don't show unneeded files from hosts

* Corrected the task names

* Web App semicolon fix

* Don't constrain NFS info

* Don't call AFS tasks for ANF usage

* Add a try statement to handle upgrades from older versions

* add the missing variables

* Don't use SCS cluster name

* Don't use the HA template for non HA deployments

* Add an if statement to control the jinja template name

* Don't link the VNEts if no private endpoints

* Create bom folders as orchestration user

* Add quotes for the web dispatcher instance number

* Don't fail for local DNS

* 3.8.1 release

* Add support for SPN login for control plane

* Set pipefail

* Update the linter and skip the octal value rule

* Linting updates

* Linting fixes

* remove whitespace

* update sshkey playbook

* Fix the pipefails

* password jinja updates

* set -o pipefail &&

* Don't lint chrony

* Fix lint for chrony

* Add the filter folder

* Use the correct instance numbers

* rename web_instance_number variable in sap-parameters.yml.tmpl to wd_instance_number.

* push changes

* fix web dispatcher variables

* Add Logon using SPN code

* Add SPN logon to removal pipeline

* set 20GB swap for web dispatcher

* disable selinux for web tier

* Add support for marketplace images with plan

* remove the set pipefail

* swap the attributes in plan

* swap plan components

* Add RHEL 9 support for packages, repositories and services

* Make python3 the default and only set python2 for SLES12

* Use the internal DNS when using private endpoints

* Upgrade az cli

* sudo upgrade

* Removed the connection_String setting

* Change to use MSI

* Don't assign specific permission for web app

* Provide DB SKU override

* Add the SKU override in the Web App

* Add the ability to not deploy the Microsoft.AzureCAT.AzureEnhancedMonitoring extension

* Correct the variable name

* Add RHEL 90

* Add Kernel parameters for RHEL 9

* removed the package libssh2

* removed libpng12

* removed oddjobd service

* Add RHEL9 distro

* 3119751 only mentions RHEL8

* update packages

* Set NIC name for private endpoint for control plane

* Upgrade Azure CLI & Terraform when re-running

* Bump terrafom version

* removed  compat-sap-c++-*

* Dont register Microsoft keys

* USe CLI version 2.47

* Lock 0n 2.47 on Ubuntu 20.04

* Add llogging for CLI

* Show what version got installed

* Use grep to get the cli version

* Simplify re-install

* Ad more debug info on which agent is in use

* SELinux for RHEL 9

* Allow rerun for manual deployer

* Fix virtualenv on RHEL

* RHEL deployer updates

* Save the random ID value

* missing $

* Corrected the output variable

* use $$ in template

* show YAML version

* debug HANA on RHEL 9

* testing HANA install

* debugging HANA installation

* Add package chkconfig

* only install chkconfig on hana

* move flush handler

* Use azurerm backend if reinstall

* remove extra password parameter

* test password setting for HANA installation

* add password for

* use the correct password copy

* Only delete ini file if installation is successful

* moved chkconfig to 9.0 dictionary

* Add debugging

* Improve re-install experience

* reset firewall

* storage account fire wall

* export deployer_kv_user_arm_id

* update variable name

* Don't rerun the secrets setting

* Remove Oracle repos

* Add more images for RHEL

* update BoM Validator

* Added installation of devops extension in the main pipelines

* Provide the ability to control zonal ANF

* Add zonal validation for HANA log and shared

* Update zonality for sapmnt

* Add VMSS-Flex support

* Don't create PPG if VMSS-Flex is used

* Use the PPG ID and not the full object

* typo

* Fix AVG and scale set

* Don't create AVG if VMSS-Flex is used

* change resource name

* Update the provider

* 1.3 Repos: Add the HA repositories for RHEL

* 1.3 Repos: Add the HA repositories for RHEL

* app disk zonal logic

* add support for RHEL 9

* Add RHEL 9 to clustering

* Add documentation to output variables

* Introduce resource lock variables

* Control the secondary DNS registration

* Control the output

* DNS outputs

* Add dependencies and a wait

* Use the server counters

* Add resource locks

* don't save the randomizer value

* set the connection string secret via terraform

* update resource name

* update secret name

* shorten the names for the virtual hosts

* remove duplicate

* corrected local variable

* Check for key vault existence

* correct variable for vnet

* Update the NIC name for the sapmnt private endpoint

* Add scaleset and lock support to web app

* Use both identities

* simplify keyvault existence checks

* Shorten the virtual hostname for anydb

* The IP address are in different order in SLES and RHEL

* Check the hosts code

* debugging hosts

* change play_hosts to ansible_play_hosts

* update

* debug hosts file

* Remove the serialization

* Add support for premium storage v2

* Fixed caching

* Change endpoint name

* Premium storage V2

* Identity assignment

* HANA sizing

* disable SELinux on RHEL9

* Add a dependency on blob DNS link

* add check to verify If library deployment failed

* Add the scope

* Add the mandatory scope parameter

* Fix typo in command

* Add the scope to the extension code

* pass the variables for exports when the PAS and SCS are on the same server.

* Add the missing 's'

* Add AVG to Web App

* Add the correct packages

* Install compat-libcap1 package manually

* move the yum command

* typo in package name

* disable_gpg_check on the compat-libcap1

* Use builtin package handling

* Add distro info to HANA cluster tasks

* Add the permissions

* It is not a directory but a file

* removed duplicate package

* Add the SBP fixes

* Only do the ifup eth0 on RHEL

* ASM updates

* Misc updates

* SYBASE and RHEL

* Fix the profile name to sap-netweaver

* Add the virtual host for observer

* Experimental (#456)

* Added error categorization changes.

* PR for pushing commits in SDAF-ASCS prod-ansible-3.7.0 into sap-automation.

* Added names to the block.

* Fixed the spacing for variable expansion,

* Fixed the rescue indentation.

* Resolved merge conflicts for changes to the deploy/ansible/roles-db/4.0.0-hdb-install/tasks/main.yaml.

* Resolving Hemanth's comments and Reviews.

* Fixing linting issues.

* Fixed linting issues.

---------

Co-authored-by: shayaksarkar <shayaksarkar@microsoft.com>, hdamecharla <hdamecharla@microsoft.com>

---------

Co-authored-by: Kimmo Forss <kimforss@microsoft.com>
Co-authored-by: hdamecharla <hdamecharla@microsoft.com>
Co-authored-by: ShayakSarkar <52969913+ShayakSarkar@users.noreply.github.com>

Author: 4 people

Webapp/.vs/ProjectEvaluation/sdaf.metadata.v5.2

@@ -34,6 +34,8 @@ public bool IsValid()
         public string name_override_file { get; set; }
         public bool? save_naming_information { get; set; }
 
+        public bool? place_delete_lock_on_resources { get; set; } = false;
+
         [RequiredIfNotDefault]
         [DisplayName("Network name")]
         [RegularExpression(@"^\w{0,7}$", ErrorMessage = "Logical network name cannot exceed seven characters")]

Webapp/.vs/ProjectEvaluation/sdaf.projects.v5.2

@@ -444,6 +444,12 @@ public bool IsValid()
 
         public bool? deploy_v1_monitoring_extension { get; set; } = true;
 
+        public bool? use_scalesets_for_deployment { get; set; } = false;
+
+        public bool? database_use_premium_v2_storage { get; set; } = false;
+
+        public bool? ANF_HANA_use_AVG { get; set; } = false;
+
         [DisplayName("Web SID")]
         public string web_sid { get; set; }
 

Webapp/SDAF/Models/LandscapeModel.cs

@@ -103,6 +103,15 @@
         "Overrules": "",
         "Display": 2
       },
+      {
+        "Name": "place_delete_lock_on_resources",
+        "Required": false,
+        "Description": " If defined, a delete lock will be placed on the key resources (virtual network and key vault)",
+        "Type": "checkbox",
+        "Options": [],
+        "Overrules": "",
+        "Display": 2
+      },
       {
         "Name": "resourcegroup_name",
         "Required": false,

Webapp/SDAF/Models/SystemModel.cs

@@ -79,6 +79,10 @@ $$peer_with_control_plane_vnet$$
 # Defines if access to the key vaults and storage accounts is restricted to the SAP and deployer VNets
 $$enable_firewall_for_keyvaults_and_storage$$
 
+
+# place_delete_lock_on_resources, If defined, a delete lock will be placed on the key resources
+$$place_delete_lock_on_resources$$
+
 #########################################################################################
 #                                                                                       #
 #  Admin Subnet variables                                                               #
@@ -286,11 +290,11 @@ $$storage_account_replication_type$$
 #########################################################################################
 
 # The two resource group name and arm_id can be used to control the naming and the creation of the resource group
-# The resourcegroup_name value is optional, it can be used to override the name of the resource group that will be provisioned
-# The resourcegroup_name arm_id is optional, it can be used to provide an existing resource group for the deployment
 
+# The resourcegroup_name value is optional, it can be used to override the name of the resource group that will be provisioned
 $$resourcegroup_name$$
 
+# The resourcegroup_name arm_id is optional, it can be used to provide an existing resource group for the deployment
 $$resourcegroup_arm_id$$
 
 

Webapp/SDAF/ParameterDetails/LandscapeDetails.json

@@ -63,6 +63,11 @@ $$use_secondary_ips$$
 # subscription is the subscription in which the system will be deployed (informational only)
 $$subscription$$
 
+# use_scalesets_for_deployment defines if Flexible Virtual Machine Scale Sets are used for the deployment
+$$use_scalesets_for_deployment$$
+
+# database_use_premium_v2_storage defines if the database tier will use premium v2 storage
+$$database_use_premium_v2_storage$$
 
 #########################################################################################
 #                                                                                       #
@@ -449,6 +454,10 @@ $$sapmnt_private_endpoint_id$$
 
 # use_random_id_for_storageaccounts defines if the sapmnt storage account name will have a random suffix
 $$use_random_id_for_storageaccounts$$
+
+# ANF_HANA_use_AVG defines if the ANF volume will be created in an Application Volume Group
+$$ANF_HANA_use_AVG$$
+
 #########################################################################################
 #                                                                                       #
 #  HANA Data                                                                            #

Webapp/SDAF/ParameterDetails/LandscapeTemplate.txt

@@ -23,7 +23,13 @@
         {'task_tag=zypper_registration'}),
     (r'(.*)Zypper run command failed with return code 7(.*)',
         'INSTALL:0019:Update OS Packages has failed for host since zypper was locked by another process.',
-        {'task_tag=update_os_package'})
+        {'task_tag=update_os_package'}),
+    (r'([\s\d\w\D\W]*)Connect to message server([\s\w\d\W\D]*)Make sure that the message server is started([\s\w\d\W\D]*)',
+        'INSTALL:0020:DB Load failure, unable to connect to message server.',
+        {'task_tag=dbload', 'failure=messageserver_offline'}),
+    (r'([\s\d\w\D\W]*)Make sure the database is online([\s\w\d\W\D]*)',
+        'INSTALL:0021:DB Load failure, database is offline.',
+        {'task_tag=dbload', 'failure=db_offline'})
 ]
 
 # Takes a dictionary and converts it into a set of
@@ -141,7 +147,7 @@ def filters(self):
 #         }
 #     ]
 # }
-# message = "non-zero return code"
+# message = "asdConnect to message server\n<>>Make sure that the message server is started*asd\n"
 # print(try_get_error_code_results(result, task_tag="update_os_packages", host_name="host"))
-# print(try_get_error_code(message, task_tag="zypper_registration"))
+# print(try_get_error_code(message,task_tag="dbload_messageserver"))
 # convert_kwargs_to_tags(None)

Webapp/SDAF/ParameterDetails/SystemDetails.json

@@ -20,17 +20,26 @@
       ansible.builtin.set_fact:
         secret_name:                   "{{ secret_prefix }}-sid-sshkey"
 
+    - name:                                Retrieve SSH Key secret details and rescue on failure
+      block:
+        - name:                            Retrieve SSH Key secret details
+          ansible.builtin.command: >-
+                                          az keyvault secret show
+                                            --vault-name {{ kv_name }}
+                                            --name {{ secret_name }}
+                                            --query value
+                                            --output tsv
+          changed_when:                    false
+          register:                        keyvault_secret_show
+          no_log:                          true
+      rescue:
+        - name:                           Rescue Log the error message to be transformed
+          ansible.builtin.debug:
+            msg:                          "Error message to transform: {{ keyvault_secret_show.stderr }}"
 
-    - name:                            Retrieve SSH Key secret details
-      ansible.builtin.command: >-
-                                       az keyvault secret show
-                                         --vault-name {{ kv_name }}
-                                         --name {{ secret_name }}
-                                         --query value
-                                         --output tsv
-      changed_when:                    false
-      register:                        keyvault_secret_show
-      no_log:                          true
+        - name:                           Rescue Retrieve SSH Key secret details
+          ansible.builtin.fail:
+            msg:                            "{{ keyvault_secret_show.stderr | try_get_error_code }}"
 
     - name:                            Extract SSH Key content from secret details
       ansible.builtin.set_fact: