Merge branch 'master' of ssh://github.com/SUSE/ha-sap-terraform-deployments

Author: yeoldegrove

.github/workflows/ci.yml

@@ -161,14 +161,7 @@ jobs:
         uses: hashicorp/setup-terraform@v1
         with:
           cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
-          terraform_version: 0.13.4
-
-      - name: Install Terraform libvirt provider
-        run: |
-          echo 'deb http://download.opensuse.org/repositories/systemsmanagement:/terraform/Ubuntu_20.04/ /' | sudo tee /etc/apt/sources.list.d/systemsmanagement:terraform.list
-          curl -fsSL https://download.opensuse.org/repositories/systemsmanagement:terraform/Ubuntu_20.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/systemsmanagement_terraform.gpg > /dev/null
-          sudo apt-get update
-          sudo apt-get -y install terraform-provider-libvirt
+          terraform_version: 1.1.6
 
       - name: terraform-format
         run: make test-terraform-format
@@ -192,14 +185,7 @@ jobs:
         uses: hashicorp/setup-terraform@v1
         with:
           cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
-          terraform_version: 0.13.4
-
-      - name: Install Terraform libvirt provider
-        run: |
-          echo 'deb http://download.opensuse.org/repositories/systemsmanagement:/terraform/Ubuntu_20.04/ /' | sudo tee /etc/apt/sources.list.d/systemsmanagement:terraform.list
-          curl -fsSL https://download.opensuse.org/repositories/systemsmanagement:terraform/Ubuntu_20.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/systemsmanagement_terraform.gpg > /dev/null
-          sudo apt-get update
-          sudo apt-get -y install terraform-provider-libvirt
+          terraform_version: 1.1.6
 
       - name: terraform-validation
         run: make test-terraform-validation
@@ -224,14 +210,7 @@ jobs:
 #         uses: hashicorp/setup-terraform@v1
 #         with:
 #           cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
-#           terraform_version: 0.13.4
-
-#       - name: Install Terraform libvirt provider
-#         run: |
-#           echo 'deb http://download.opensuse.org/repositories/systemsmanagement:/terraform/Ubuntu_20.04/ /' | sudo tee /etc/apt/sources.list.d/systemsmanagement:terraform.list
-#           curl -fsSL https://download.opensuse.org/repositories/systemsmanagement:terraform/Ubuntu_20.04/Release.key | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/systemsmanagement_terraform.gpg > /dev/null
-#           sudo apt-get update
-#           sudo apt-get -y install terraform-provider-libvirt
+#           terraform_version: 1.1.6
 
 #       - name: terraform-plan
 #         run: make test-terraform-plan

.gitignore

@@ -1,10 +1,12 @@
 **/.terraform
 **/terraform.tfstate*
+**/.terraform.tfstate*
 **/terraform*.tfvars
 azure/terraform/provision/node0_id_rsa
 azure/terraform/provision/node0_id_rsa.pub
 azure/terraform/provision/node1_id_rsa
 azure/terraform/provision/node1_id_rsa.pub
+gcp/*.json
 **/id_rsa*
 
 salt/sshkeys

README.md

@@ -2,7 +2,7 @@
 
 [![Build Status](https://github.com/SUSE/ha-sap-terraform-deployments/workflows/CI%20tests/badge.svg)](https://github.com/SUSE/ha-sap-terraform-deployments/actions)
 
-**Supported terraform version  `0.13.4`**
+**Supported terraform version  `1.1.X`**
 ___
 
 # Supported cloud providers
@@ -19,9 +19,8 @@ ___
 - HA Clusters and HANA deployment
 - [Preparing SAP software](doc/sap_software.md)
 - [Monitoring of cluster](doc/monitoring.md)
-- [Netweaver](doc/netweaver.md)
+- [S/4HANA and NetWeaver](doc/netweaver.md)
 - [DRBD](doc/drbd.md)
-- [QA](doc/qa.md)
 - [Saptune](doc/saptune.md)
 - [Fencing mechanism](doc/fencing.md)
 - [IP addresses auto generation](doc/ip_autogeneration.md)

aws/.terraform.lock.hcl

@@ -4,7 +4,6 @@
 - [highlevel description](#highlevel-description)
 - [advanced usage](#advanced-usage)
 - [monitoring](../doc/monitoring.md)
-- [QA](../doc/qa.md)
 - [specification](#specification)
 
 # Quickstart
@@ -145,7 +144,7 @@ In order to deploy the environment, different configurations are available throu
 
 ## QA deployment
 
-The project has been created in order to provide the option to run the deployment in a `Test` or `QA` mode. This mode only enables the packages coming properly from SLE channels, so no other packages will be used. Find more information [here](../doc/qa.md).
+The project has been created in order to provide the option to run the deployment in a `Test` or `QA` mode. This mode only enables the packages coming properly from SLE channels, so no other packages will be used. Set `offline_mode = true` in `terraform.tfvars` to enable it.
 
 ## Pillar files configuration
 
@@ -166,7 +165,7 @@ There are some fixed values used throughout the terraform configuration:
 - The iSCSI server has a second disk volume that is being used as a shared device.
 - Salt is partitioning this device in 5 x 1MB partitions and then configuring just the LUN 0 for iSCSI (improvement is needed in iscsi-formula to create more than one device). **Until this improvement is added, an iscsi config file (/etc/target/saveconfig.json) is loaded when the qa_mode is set to true to configure 5 more LUN, mandatory for other tests like DRBD.**
 - iSCSI LUN 0 is being used in the cluster as SBD device.
-- The cluster nodes have a second disk volume that is being used for Hana installation.
+- The cluster nodes have a second disk volume that is being used for HANA installation.
 
 # Advanced Usage
 # notes:

aws/README.md

@@ -1,6 +1,6 @@
 # create a dynamodb table for locking the state file
 resource "aws_dynamodb_table" "dynamodb-terraform-state-lock" {
-  name           = "${var.dynamodb_name}"
+  name           = var.dynamodb_name
   hash_key       = "LockID"
   read_capacity  = 20
   write_capacity = 20

aws/create_remote_state/dynamodb.tf

@@ -1,9 +1,9 @@
 provider "aws" {
-  region = "${var.aws_region}"
+  region = var.aws_region
 }
 
 resource "aws_s3_bucket" "terraform_state" {
-  bucket = "${var.bucket_name}"
+  bucket = var.bucket_name
 
   versioning {
     enabled = true

aws/create_remote_state/main.tf

@@ -1,13 +1,3 @@
-# Configure the AWS Provider
-provider "aws" {
-  version = "~> 3.11.0"
-  region  = var.aws_region
-}
-
-terraform {
-  required_version = ">= 0.13"
-}
-
 data "aws_vpc" "current-vpc" {
   count = var.vpc_id != "" ? 1 : 0
   id    = var.vpc_id
@@ -238,6 +228,17 @@ resource "aws_security_group_rule" "ha_exporter" {
   security_group_id = local.security_group_id
 }
 
+resource "aws_security_group_rule" "saphost_exporter" {
+  count       = local.create_security_group_monitoring
+  type        = "ingress"
+  from_port   = 9680
+  to_port     = 9680
+  protocol    = "tcp"
+  cidr_blocks = ["0.0.0.0/0"]
+
+  security_group_id = local.security_group_id
+}
+
 resource "aws_security_group_rule" "prometheus_server" {
   count       = local.create_security_group_monitoring
   type        = "ingress"

aws/infrastructure.tf

@@ -64,6 +64,7 @@ module "common_variables" {
   source                              = "../generic_modules/common_variables"
   provider_type                       = "aws"
   deployment_name                     = local.deployment_name
+  deployment_name_in_hostname         = var.deployment_name_in_hostname
   reg_code                            = var.reg_code
   reg_email                           = var.reg_email
   reg_additional_modules              = var.reg_additional_modules
@@ -79,7 +80,7 @@ module "common_variables" {
   background                          = var.background
   monitoring_enabled                  = var.monitoring_enabled
   monitoring_srv_ip                   = var.monitoring_enabled ? local.monitoring_ip : ""
-  qa_mode                             = var.qa_mode
+  offline_mode                        = var.offline_mode
   hana_hwcct                          = var.hwcct
   hana_sid                            = var.hana_sid
   hana_instance_number                = var.hana_instance_number
@@ -100,12 +101,17 @@ module "common_variables" {
   hana_client_archive_file            = var.hana_client_archive_file
   hana_client_extract_dir             = var.hana_client_extract_dir
   hana_scenario_type                  = var.scenario_type
-  hana_cluster_vip_mechanism          = ""
+  hana_cluster_vip_mechanism          = "route"
   hana_cluster_vip                    = local.hana_cluster_vip
   hana_cluster_vip_secondary          = var.hana_active_active ? local.hana_cluster_vip_secondary : ""
   hana_ha_enabled                     = var.hana_ha_enabled
+  hana_ignore_min_mem_check           = var.hana_ignore_min_mem_check
   hana_cluster_fencing_mechanism      = var.hana_cluster_fencing_mechanism
   hana_sbd_storage_type               = var.sbd_storage_type
+  hana_scale_out_enabled              = var.hana_scale_out_enabled
+  hana_scale_out_shared_storage_type  = var.hana_scale_out_shared_storage_type
+  hana_scale_out_addhosts             = var.hana_scale_out_addhosts
+  hana_scale_out_standby_count        = var.hana_scale_out_standby_count
   netweaver_sid                       = var.netweaver_sid
   netweaver_ascs_instance_number      = var.netweaver_ascs_instance_number
   netweaver_ers_instance_number       = var.netweaver_ers_instance_number
@@ -126,17 +132,30 @@ module "common_variables" {
   netweaver_hana_instance_number      = var.hana_instance_number
   netweaver_hana_master_password      = var.hana_master_password
   netweaver_ha_enabled                = var.netweaver_ha_enabled
+  netweaver_cluster_vip_mechanism     = "route"
   netweaver_cluster_fencing_mechanism = var.netweaver_cluster_fencing_mechanism
   netweaver_sbd_storage_type          = var.sbd_storage_type
+  netweaver_shared_storage_type       = var.netweaver_shared_storage_type
+  monitoring_hana_targets             = local.hana_ips
+  monitoring_hana_targets_ha          = var.hana_ha_enabled ? local.hana_ips : []
+  monitoring_hana_targets_vip         = var.hana_ha_enabled ? [local.hana_cluster_vip] : [local.hana_ips[0]] # we use the vip for HA scenario and 1st hana machine for non HA to target the active hana instance
+  monitoring_drbd_targets             = var.drbd_enabled ? local.drbd_ips : []
+  monitoring_drbd_targets_ha          = var.drbd_enabled ? local.drbd_ips : []
+  monitoring_drbd_targets_vip         = var.drbd_enabled ? [local.drbd_cluster_vip] : []
+  monitoring_netweaver_targets        = var.netweaver_enabled ? local.netweaver_ips : []
+  monitoring_netweaver_targets_ha     = var.netweaver_enabled && var.netweaver_ha_enabled ? [local.netweaver_ips[0], local.netweaver_ips[1]] : []
+  monitoring_netweaver_targets_vip    = var.netweaver_enabled ? local.netweaver_virtual_ips : []
   drbd_cluster_vip                    = local.drbd_cluster_vip
-  drbd_cluster_vip_mechanism          = ""
+  drbd_cluster_vip_mechanism          = "route"
   drbd_cluster_fencing_mechanism      = var.drbd_cluster_fencing_mechanism
   drbd_sbd_storage_type               = var.sbd_storage_type
 }
 
 module "drbd_node" {
   source                = "./modules/drbd_node"
   common_variables      = module.common_variables.configuration
+  name                  = var.drbd_name
+  network_domain        = var.drbd_network_domain == "" ? var.network_domain : var.drbd_network_domain
   drbd_count            = var.drbd_enabled == true ? 2 : 0
   instance_type         = var.drbd_instancetype
   aws_region            = var.aws_region
@@ -169,6 +188,8 @@ module "drbd_node" {
 module "iscsi_server" {
   source             = "./modules/iscsi_server"
   common_variables   = module.common_variables.configuration
+  name               = var.iscsi_name
+  network_domain     = var.iscsi_network_domain == "" ? var.network_domain : var.iscsi_network_domain
   iscsi_count        = local.iscsi_enabled == true ? 1 : 0
   aws_region         = var.aws_region
   availability_zones = data.aws_availability_zones.available.names
@@ -192,10 +213,11 @@ module "iscsi_server" {
 module "netweaver_node" {
   source                = "./modules/netweaver_node"
   common_variables      = module.common_variables.configuration
+  name                  = var.netweaver_name
+  network_domain        = var.netweaver_network_domain == "" ? var.network_domain : var.netweaver_network_domain
   xscs_server_count     = local.netweaver_xscs_server_count
   app_server_count      = var.netweaver_enabled ? var.netweaver_app_server_count : 0
   instance_type         = var.netweaver_instancetype
-  name                  = "netweaver"
   aws_region            = var.aws_region
   availability_zones    = data.aws_availability_zones.available.names
   os_image              = local.netweaver_os_image
@@ -226,9 +248,10 @@ module "netweaver_node" {
 module "hana_node" {
   source                = "./modules/hana_node"
   common_variables      = module.common_variables.configuration
+  name                  = var.hana_name
+  network_domain        = var.hana_network_domain == "" ? var.network_domain : var.hana_network_domain
   hana_count            = var.hana_count
   instance_type         = var.hana_instancetype
-  name                  = var.name
   aws_region            = var.aws_region
   availability_zones    = data.aws_availability_zones.available.names
   os_image              = local.hana_os_image
@@ -257,6 +280,8 @@ module "hana_node" {
 module "monitoring" {
   source             = "./modules/monitoring"
   common_variables   = module.common_variables.configuration
+  name               = var.monitoring_name
+  network_domain     = var.monitoring_network_domain == "" ? var.network_domain : var.monitoring_network_domain
   monitoring_enabled = var.monitoring_enabled
   instance_type      = var.monitor_instancetype
   key_name           = aws_key_pair.key-pair.key_name
@@ -268,9 +293,6 @@ module "monitoring" {
   os_owner           = local.monitoring_os_owner
   subnet_ids         = aws_subnet.infra-subnet.*.id
   timezone           = var.timezone
-  hana_targets       = concat(local.hana_ips, var.hana_ha_enabled ? [local.hana_cluster_vip] : [local.hana_ips[0]]) # we use the vip for HA scenario and 1st hana machine for non HA to target the active hana instance
-  drbd_targets       = var.drbd_enabled ? local.drbd_ips : []
-  netweaver_targets  = var.netweaver_enabled ? local.netweaver_virtual_ips : []
   on_destroy_dependencies = [
     aws_route_table_association.infra-subnet-route-association,
     aws_route.public,

aws/main.tf

@@ -1,4 +1,7 @@
 # drbd resources
+locals {
+  hostname = var.common_variables["deployment_name_in_hostname"] ? format("%s-%s", var.common_variables["deployment_name"], var.name) : var.name
+}
 
 resource "aws_subnet" "drbd-subnet" {
   count             = var.drbd_count
@@ -22,7 +25,7 @@ resource "aws_route" "drbd-cluster-vip" {
   count                  = var.drbd_count > 0 ? 1 : 0
   route_table_id         = var.route_table_id
   destination_cidr_block = "${var.common_variables["drbd"]["cluster_vip"]}/32"
-  instance_id            = aws_instance.drbd.0.id
+  network_interface_id   = aws_instance.drbd.0.primary_network_interface_id
 }
 
 module "sap_cluster_policies" {
@@ -67,13 +70,13 @@ resource "aws_instance" "drbd" {
   }
 
   volume_tags = {
-    Name = "${var.common_variables["deployment_name"]}-${var.name}0${count.index + 1}"
+    Name = "${var.common_variables["deployment_name"]}-${var.name}${format("%02d", count.index + 1)}"
   }
 
   tags = {
-    Name                                                 = "${var.common_variables["deployment_name"]} - ${var.name}0${count.index + 1}"
+    Name                                                 = "${var.common_variables["deployment_name"]}-${var.name}${format("%02d", count.index + 1)}"
     Workspace                                            = var.common_variables["deployment_name"]
-    "${var.common_variables["deployment_name"]}-cluster" = "${var.name}0${count.index + 1}"
+    "${var.common_variables["deployment_name"]}-cluster" = "${var.name}${format("%02d", count.index + 1)}"
   }
 }