Merge pull request #479 from wdfgeekos/mbs-sql

chabowski · web-flow · commit 8753fc6d4d1b · 2025-02-18T12:36:40.000+01:00
MS SQL support statement
diff --git a/DC-SBP-SLES-SQL b/DC-SBP-SLES-SQL
@@ -4,7 +4,7 @@ ADOC_TYPE="article"
 
 ADOC_POST="yes"
 
-ADOC_ATTRIBUTES="--attribute docdate=2024-11-16"
+ADOC_ATTRIBUTES="--attribute docdate=2025-2-16"
 
 # stylesheets
 STYLEROOT=/usr/share/xml/docbook/stylesheet/sbp
diff --git a/adoc/SLES-SQL-server-linux.adoc b/adoc/SLES-SQL-server-linux.adoc
@@ -15,8 +15,6 @@
 :sles: SUSE Linux Enterprise Server
 :sqls: SQL Server
 
-image:sqlserver.svg[SQL Server,400,400]
-
 == Motivation
 
 === Background
@@ -51,10 +49,15 @@ Another reason may be lower negotiated pricing for Linux subscriptions to replac
 The guide covers a basic installation of {sqls} on {sles} including the OS tuning specific for {sqls}.
 It is meant to be agnostic of underlying infrastructure excepting the nuance of registering your server discussed in <<server_registration>> <<Server registration>>.
 
+=== Important notice
+
+include::SLES-SQL-support.adoc[tags=mvs-general;mvs-sql]
+
 == Installation
 
-At first, the manual installation for a stand-alone {sqls} is described by starting in <<man_inst>>.
-The automated installation based on Ansible is decribed in<<ansi_inst>>.
+At first the manual installation for a standalone {sqls} is described by starting at <<man_inst>>.
+
+// The automated installation based on Ansible is decribed in<<ansi_inst>>.
 
 [id="man_inst"]
 === System requirements
@@ -82,17 +85,18 @@ The automated installation based on Ansible is decribed in<<ansi_inst>>.
 To gain access to SUSE repositories, you first need to register your server with `SUSEConnect`. If you are launching an On-Demand (or Pay-As-You-Go) 
 instance and not a BYOS (Bring Your Own Subscription) instance at a public cloud provider, skip this step.
 
+Usage of SUSE SCC if you have Internet access.
+
+* SUSE https://scc.suse.com[SCC] (SUSE Customer Center)
+
 [source,shell]
 ----
 sudo SUSEConnect --regcode ${REGISTRATION_CODE} --email ${EMAIL_ADDRESS}
 ----
 
-
 Alternatively, if you have access to a
 
 * SUSE https://documentation.suse.com/sles/15-SP6/single-html/SLES-rmt/#book-rmt[RMT] (Repository Mirroring Tool) 
-* or https://documentation.suse.com/suma/5.0/[SUSE Manager] 
-* or https://scc.suse.com/[SCC] (SUSE Customer Center)
 
 server you want to use, use the `--url` option instead.
 
@@ -101,6 +105,11 @@ server you want to use, use the `--url` option instead.
 sudo SUSEConnect --url ${REGISTRATION_SERVER_URL}
 ----
 
+The registration procedure for SUSE Multi-Linux Manager client's are different.
+
+* SUSE https://www.suse.com/products/multi-linux-manager[Multi-Linux Manager] (former known as SUMA)
+** https://documentation.suse.com/suma/5.0/en/suse-manager/client-configuration/registration-overview.html[Client Registration]
+
 More information about registering can be found in the https://documentation.suse.com/sles/15-SP6/single-html/SLES-deployment/#sec-yast-install-scc-registration[{sles} 15 SP6 Deployment Guide].
 
 
@@ -147,10 +156,10 @@ To install the {sqls} package non-interactively, and the add-ons, run the follow
 sudo ACCEPT_EULA=Y zypper install -y  mssql-server mssql-tools18 unixODBC-devel glibc-locale-base sqlcmd tuned
 ----
 
-
+////
 [id="ansi_inst"]
-// === Automated Deployment with Ansible
-
+=== Automated Deployment with Ansible
+////
 
 == Configuration
 
@@ -161,12 +170,10 @@ This section is covering the OS modification, the NIC configuration, the recomme
 ==== OS configuration (CPU, Kernel, Memory)
 
 [discrete]
-==== CPU/sysctl/disk/memory setting
-{sles} contains a `TuneD` profile for mssql (within the `tuned` package), but it does not align with the {sqls} best practices guide. The next steps outline and describe the changes recommended for {sqls}.
-Using TuneD it automatically configures CPU frequency governor, ENERGY_PERF_BIAS, and min_perf_pct settings appropriately because of the `throughput-performance` profile being used as base for the `mssql profile`. 
-C-States parameter must be configured manually. The disk readahead section is also covered by including the file `throughput-performance`, check the settings if they are equal and skip them if not needed.
-
-Create an mssql profile:
+==== CPU | sysctl | disk | memory setting
+{sles} contains a `TuneD` profile for mssql (within the `tuned` package), but it's not according to the {sqls} best practices guide. The next steps describe and line out the changes recommended for {sqls}.
+Using TuneD it automatically configures CPU frequency governor, ENERGY_PERF_BIAS, and min_perf_pct settings appropriately due to the `throughput-performance` profile being used as base for the `mssql profile`. 
+C-States parameter must be configured manually. The disk readahead section is also covered by including the file `throughput-performance`, please check the settings if they are equal and skip them if not needed.
 
 [source,shell]
 ----
@@ -213,9 +220,11 @@ transparent_hugepages = madvise
 mssql_is_multi_instance: true
 ----
 
-Depending on the infrastructure it might be necessary that the CPU setting is disabled (for example log message: `cpu0: 'energy_perf_bias' = 'None', expected 'performance'`). 
-This can be achieved by copying the source file `throughput-performance` and modifying it. Comment the line `energy_perf_bias=performance`. This will avoid error messages (like mentioned before) if `TuneD` is started and cannot set this parameter.
+Depending on the infrastructure it might be necessary that the CPU setting must be disabled (e.g. log message: `cpu0: 'energy_perf_bias' = 'None', expected 'performance'`). 
+
+This can be achieved by copying the source file `throughput-performance` and modifying it. 
 
+Comment the line `energy_perf_bias=performance`, this will avoid error messages (like mentioned before) if `TuneD` is started and can't set this parameter.
 [source,shell]
 ----
 mkdir -p /etc/tuned/throughput-performance
@@ -556,8 +565,7 @@ Optional:
 firewall-cmd --permanent --add-port=135/tcp  --add-port=1433/tcp && firewall-cmd --reload
 ----
 
-Check the configuration:
-
+Check the configuration
 [source,shell]
 ----
 firewall-cmd --list-ports
@@ -572,9 +580,38 @@ Use storage subsystem with appropriate IOPS, throughput, and redundancy. Based o
 * transaction log (mount point /log)
 * tempdb (mount point /tempdb)
 
-The default file system for the OS is Btrfs, all others use XFS. Based on the database sizing the required disk must be provided. The example will decribe a Linux Software RAID based setup.
-The disks `sdb - sdh` are the partitions from the NVME storage underneath. The command `lsblk` helps to find the right partition name to build a reasonable RAID setup later and avoid having all partitions 
-from one NVME only in the same RAID configuration.
+The default filesystem for OS will be btrfs all others will have xfs. Based on the database sizing the required disk must be provided. The example will decribe a Linux Software RAID based setup.
+The disk `sdb - sdi` are the partitions from the NVME storage underneath. The command `lsblk` helps to find the right partition name to build a reasonable RAID setup later and avoid having all partitions 
+from only one NVME in the same RAID configuration.
+
+.Example for `lsblk`
+[source,shell]
+----
+# lsblk
+NAME   MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
+sda      8:0    0  50G  0 disk 
+├─sda1   8:1    0   8M  0 part 
+├─sda2   8:2    0  48G  0 part /var
+│                              /opt
+│                              /home
+│                              /srv
+│                              /root
+│                              /usr/local
+│                              /tmp
+│                              /boot/grub2/x86_64-efi
+│                              /boot/grub2/i386-pc
+│                              /.snapshots
+│                              /
+└─sda3   8:3    0   2G  0 part [SWAP]
+sdb      8:16   0  10G  0 disk 
+sdc      8:32   0  10G  0 disk 
+sdd      8:48   0  10G  0 disk 
+sde      8:64   0  10G  0 disk 
+sdf      8:80   0  11G  0 disk 
+sdg      8:96   0  11G  0 disk 
+sdh      8:112  0  12G  0 disk 
+sdi      8:128  0  12G  0 disk 
+----
 
 INFO: The following chapter is done as `root` user, if this is not possible the `sudo` must be put in front of each command.
 
@@ -734,7 +771,10 @@ MSSQL_MEMORY_LIMIT_MB='<some value here>' ACCEPT_EULA='Y' MSSQL_PID='Developer'
 WARNING: It is recommended to change the SA password later with `mssql-conf set-sa-password` 
 or disable the history prior to configuring SQL Server with `set +o history`, and re-enabling it afterward with `set -o history` (Bash).
 
-If specifying a *product key*, it must be in the form of #####-#####-#####-#####-#####, where '#' is a number or a letter.
+:hash: #
+:hash5: #####
+
+If specifying a `product key`, it must be in the form of `{hash5}`-`{hash5}`-`{hash5}`-`{hash5}`-`{hash5}`, where `{hash}` is a number or a letter in summary 25.
 
 - {sqls} should be started at this point. You can verify this with `systemctl status mssql-server.service`. 
 - {sqls} listens for connections on port `1433` by default, that is a second option to verify the {sqls} is up and running.
@@ -780,7 +820,7 @@ tcp   LISTEN 0      128                                 *:1433
 ----
 sqlcmd -S mssql -U SA -P Strong\!Passw0rd -Q "SELECT @@VERSION" 2>/dev/null
                                                                                                                                                                                                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
+----------------------------------------------------------------------------------
 Microsoft SQL Server 2022 (RTM-CU15-GDR) (KB5046059) - 16.0.4150.1 (X64) 
 	Sep 25 2024 17:34:41 
 	Copyright (C) 2022 Microsoft Corporation
@@ -798,8 +838,9 @@ The following example moves `tempdb` from its current default location on the di
 MSSQLSERVER service is started, you do not need to physically move the data and log files. The files are created when the service is restarted. 
 Until the service is restarted, tempdb continues to function in its existing location. Determine the logical file names of the tempdb database and their current location on disk.
 
-Check the current location and decided if a move is required or not with `sqlcmd -S <hostname> -U SA -P <password>`:
+.Check the current location with `sqlcmd -S <hostname> -U SA -P <password>`
 
+(decide if a move is required or not) 
 [source,sql]
 ----
 sqlcmd -S mssql -U SA -P Strong\!Passw0rd
@@ -993,7 +1034,7 @@ To start Azure Data Studio run the command on your shell:
 azuredatastudio
 ----
 
-image:azure-data-studio.png[Azure Data Studio,480,360,scaledwidth=90%]
+image:azure-data-studio.png[Azure Data Studio,480,360,float="right",align="center"]
 
 With `Create a connection` the {sqls} can be added. A pop-up window is asking for the required parameter. The connection can be established to a single node or the virtual IP of a cluster setup.
 
@@ -1202,8 +1243,15 @@ To stay up to date on the latest SQL Server on Linux features, bookmark https://
 [id="password_requirements"]
 === SQL Server password requirements
 
+<<<<<<< HEAD
+Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords. 
+When password complexity policy is enforced, new passwords must meet the following guidelines:
+
+* The password doesn't contain the account name of the user.
+=======
 Password complexity policies are designed to deter brute force attacks by increasing the number of possible passwords. When password complexity policy is enforced, new passwords must meet the following guidelines:
 * The password does not contain the account name of the user.
+>>>>>>> main
 * The password is at least eight characters long.
 * The password contains characters from three of the following four categories:
 ** Latin uppercase letters (A through Z)
@@ -1216,9 +1264,16 @@ Passwords can be up to 128 characters long. Use passwords that are as long and c
 === Security limitations of SQL Server on Linux
 
 SQL Server on Linux currently has the following limitations:
+<<<<<<< HEAD
+
+* A standard password policy is provided. `MUST_CHANGE` is the only option you might configure. The `CHECK_POLICY` option isn't supported.
+* Extensible Key Management isn't supported.
+* SQL Server authentication mode can't be disabled.
+=======
 * A standard password policy is provided. `MUST_CHANGE` is the only option you might configure. The `CHECK_POLICY` option is not supported.
 * Extensible Key Management is not supported.
 * SQL Server authentication mode cannot be disabled.
+>>>>>>> main
 * Password expiration is hard-coded to 90 days if you use SQL Server authentication.
 * Using keys stored in the Azure Key Vault is not supported.
 * SQL Server generates its own self-signed certificate for encrypting connections. SQL Server can be configured to use a user provided certificate for TLS.
@@ -1266,7 +1321,7 @@ lspci |grep balloon
 === References
 
 * https://documentation.suse.com/sles/15-SP6/[SUSE Linux Enterprise Server 15 SP6]
-* https://documentation.suse.com/suma/5.0/[SUSE Manager 5.0 Documentation]
+* https://www.suse.com/products/multi-linux-manager[SUSE Multi-Linux Manager]
 * https://documentation.suse.com/sles/15-SP6/single-html/SLES-rmt/#book-rmt[Repository Mirroring Tool Guide]
 * https://docs.microsoft.com/en-us/sql/linux/sql-server-linux-setup?view=sql-server-ver16[Installation guidance for SQL Server on Linux]
 * https://docs.microsoft.com/en-us/sql/linux/quickstart-install-connect-suse?view=sql-server-ver16[Quickstart: Install SQL Server and create a database on SUSE Linux Enterprise Server]
diff --git a/adoc/SLES-SQL-support.adoc b/adoc/SLES-SQL-support.adoc
@@ -0,0 +1,38 @@
+//multi vendor solution (mvs)
+
+# tag::mvs-general[]
+
+==== Multi Vendor solution
+
+This section will provided some advise how to handle business critical solutions where multiple vendors are involved.
+
+# end::mvs-general[]
+
+# tag::mvs-sql[]
+
+==== SUSE and Microsoft SQL Server
+
+The solution in this guide requires a support contract for both products. With SUSE (valid and active subscription) for the operating system and with Microsoft a license for  MS SQL Server.
+
+Details about the SUSE subscriptions can be found here:
+
+* https://www.suse.com/support/
+
+Details about the SQL Server licensing can be found here:
+
+* https://www.microsoft.com/en-us/sql-server/sql-server-2022-pricing
+* https://www.microsoft.com/licensing/docs/view/SQL-Server
+
+In case your infrastructure is running in a public cloud environment, your CSP (cloud service provider) may have different support contract offerings.
+
+* BYOS ( = SUSE Subscription + support for OS)
+* PAYG ( = only CSP support for OS)
+
+In case of support is required: Depending on the support contract, a decision must be made.
+
+[discrete]
+.Support from Microsoft
+A collection support channels can be found here:
+https://learn.microsoft.com/en-us/troubleshoot/sql/database-engine/install/windows/support-policy-sql-server#obtain-support-from-microsoft
+
+# end::mvs-sql[]
