From 5a161da0a70aa1753346158e01dff7e2325726e1 Mon Sep 17 00:00:00 2001 From: Michele Pagot Date: Tue, 16 Dec 2025 18:09:28 +0100 Subject: [PATCH] Fix ansible lint warning in sap_hana_install role --- .../roles/sap_hana_install/README.md | 7 +- .../roles/sap_hana_install/defaults/main.yml | 86 +++++++++---------- .../roles/sap_hana_install/tasks/main.yml | 12 +-- .../tasks/post_install/firewall.yml | 10 +-- .../tasks/post_install/log_mode.yml | 10 +-- .../tasks/pre_install/prepare_sarfiles.yml | 25 +++--- 6 files changed, 74 insertions(+), 76 deletions(-) diff --git a/ansible/playbooks/roles/sap_hana_install/README.md b/ansible/playbooks/roles/sap_hana_install/README.md index 68a7411b..e1810301 100644 --- a/ansible/playbooks/roles/sap_hana_install/README.md +++ b/ansible/playbooks/roles/sap_hana_install/README.md @@ -140,7 +140,8 @@ or if it will add further hosts to an existing SAP HANA system as specified by v `sap_hana_install_addhosts`. Default is `yes` for a fresh SAP HANA installation. The role can be configured to also set the required firewall ports for SAP HANA. If this is desired, set -the variable `sap_hana_install_update_firewall` to `yes` (default is `no`). The firewall ports are defined +the variable `sap_hana_install_update_firewall` to `true` (default is `false` that means the role will not touch +any firewall related system settings, leaving whatever the system has unchanged). The firewall ports are defined in a variable which is compatible with the variable structure used by Linux System Role `firewall`. The firewall ports for SAP HANA are defined in member `port` of the first field of variable `sap_hana_install_firewall` (`sap_hana_install_firewall[0].port`), see file `defaults/main.yml`. If the @@ -257,7 +258,7 @@ You can find more complex playbooks in directory `playbooks` of the collection ` - Extract all SAR files into `sap_hana_install_software_extract_directory`. Note: For each SAPCAR or SAR file called or used by the role, if variable `sap_hana_install_verify_checksums` -is set to `yes`, the role will perform a checksum verification against a specific or global checksum file. +is set to `true`, the role will perform a checksum verification against a specific or global checksum file. - Check existence of `hdblcm` in `SAP_HANA_DATABASE` directory from the extracted SAR files. @@ -327,7 +328,7 @@ With the following tags, the role can be called to perform certain activities on with `--skip-tags`, to skip modifying these directories. This can be useful when using tag `sap_hana_install_preinstall`. - tag `sap_hana_install_configure_firewall`: Use this flag to only configure the firewall ports for - SAP HANA. Note: The role variable `sap_hana_install_update_firewall` has to be set to `yes` as + SAP HANA. Note: The role variable `sap_hana_install_update_firewall` has to be set to `true` as well. - tag `sap_hana_install_extract_sarfiles`: Use this flag with `--skip-tags` to run the SAR file preparation steps of tag `sap_hana_install_prepare_sarfiles` without extracting the SAR files. diff --git a/ansible/playbooks/roles/sap_hana_install/defaults/main.yml b/ansible/playbooks/roles/sap_hana_install/defaults/main.yml index 9ee3d91f..3d5ca98c 100644 --- a/ansible/playbooks/roles/sap_hana_install/defaults/main.yml +++ b/ansible/playbooks/roles/sap_hana_install/defaults/main.yml @@ -11,39 +11,39 @@ sap_hana_install_software_directory: '/software/hana' # created again before the extraction starts. sap_hana_install_software_extract_directory: "{{ sap_hana_install_software_directory }}/extracted" -# Set this variabe to `yes` if you want to copy the SAR files from `sap_hana_install_software_directory` +# Set this variabe to `true` if you want to copy the SAR files from `sap_hana_install_software_directory` # to `sap_hana_install_software_extract_directory/sarfiles` before extracting. # This might be useful if the SAR files are on a slow fileshare. -sap_hana_install_copy_sarfiles: no +sap_hana_install_copy_sarfiles: false -# Set the following variable to `yes` if you want to keep the copied SAR files. By default, the SAR files will be +# Set the following variable to `true` if you want to keep the copied SAR files. By default, the SAR files will be # removed after extraction. -sap_hana_install_keep_copied_sarfiles: no +sap_hana_install_keep_copied_sarfiles: false # File name of SAPCAR*EXE in the software directory. If the variable is not set and there is more than one SAPCAR executable # in the software directory, the latest SAPCAR executable for the CPU architecture will be selected automatically. -#sap_hana_install_sapcar_filename: SAPCAR_1115-70006178.EXE +# sap_hana_install_sapcar_filename: SAPCAR_1115-70006178.EXE # List of file names of SAR files to extract. Can be set in case there are more SAR files in the software directory # than needed or desired for the HANA installation. -#sap_hana_install_sarfiles: -# - SAPHOSTAGENT54_54-80004822.SAR -# - IMDB_SERVER20_060_0-80002031.SAR +# sap_hana_install_sarfiles: +# - SAPHOSTAGENT54_54-80004822.SAR +# - IMDB_SERVER20_060_0-80002031.SAR -# Set the following variable to `yes` to let the role abort if checksum verification fails for any SAPCAR or SAR file +# Set the following variable to `true` to let the role abort if checksum verification fails for any SAPCAR or SAR file # called or used by the role. -sap_hana_install_verify_checksums: no +sap_hana_install_verify_checksums: false # Checksum algorithm for checksum verification. Default is sha256, for which a checksum is available in the SAP software # download pages. sap_hana_install_checksum_algorithm: sha256 # In case a global checksum file is present, use the following variable to specify the full path to this file: -#sap_hana_install_global_checksum_file: "{{ sap_hana_install_software_directory }}/SHA256" +# sap_hana_install_global_checksum_file: "{{ sap_hana_install_software_directory }}/SHA256" -# Set the following variable to `yes` to let hdbclm verify SAR file signatures. This corresponds to the hdblcm command line +# Set the following variable to `true` to let hdbclm verify SAR file signatures. This corresponds to the hdblcm command line # argument `--verify_signature`. -sap_hana_install_verify_signature: no +sap_hana_install_verify_signature: false # hdblcm configfile related variables: # Directory where to store the hdblcm configfile template and the Jinja2 template: @@ -57,31 +57,31 @@ sap_hana_install_local_configfile_directory: '/tmp' # If you would like to perform an installation check after the installation, set the following variable to 'yes'. # Note: This only works if there is no static configfile available in sap_hana_install_configfile_directory. -sap_hana_install_check_installation: no +sap_hana_install_check_installation: false -# Only if sap_hana_install_check_installation (above) is set to 'yes', you can select which command to use by setting the -# following variable to `yes` or `no`. +# Only if sap_hana_install_check_installation (above) is set to 'true', you can select which command to use by setting the +# following variable to `true` or `false`. # yes: use the command 'hdbcheck', with parameters `--remote_execution=ssh` and `--scope=system` # no: use the command `hdblcm --action=check_installation` -sap_hana_install_use_hdbcheck: yes +sap_hana_install_use_hdbcheck: true -# If the following variable is set to `no`, the role will attempt to install SAP HANA even if there is already a sidadm user. -# Default is `yes`. -sap_hana_install_check_sidadm_user: yes +# If the following variable is set to `false`, the role will attempt to install SAP HANA even if there is already a sidadm user. +# Default is `true`. +sap_hana_install_check_sidadm_user: true -# If the following variable is undefined or set to `yes`, the role will perform a fresh SAP HANA installation. -# If set to `no`, additional hosts as specified by variable sap_hana_install_addhosts will be added to +# If the following variable is undefined or set to `true`, the role will perform a fresh SAP HANA installation. +# If set to `false`, additional hosts as specified by variable sap_hana_install_addhosts will be added to # an existing HANA system. -sap_hana_install_new_system: yes +sap_hana_install_new_system: true # The first tenant database is using a port range not within the range of the ports of additional tenant databases. # In case this is not desired, you can set the following parameter to `yes` to recreate the initial tenant database. -sap_hana_install_recreate_tenant_database: no +sap_hana_install_recreate_tenant_database: false # The following parameter controls if the log_mode should be set to overwrite following the installation of the database. # log_mode overwrite is useful in non-prod testing as log backups are not created and disk use is kept low # However, log_mode overwrite disabled to ability to do point-in-time restores and is not supported in production -sap_hana_set_log_mode_overwrite: no +sap_hana_install_set_log_mode_overwrite: false ################ # Parameters for hdblcm: @@ -91,8 +91,8 @@ sap_hana_set_log_mode_overwrite: no sap_hana_install_components: 'all' # Pass some extra arguments to hdblcm, see some examples below. -#sap_hana_install_hdblcm_extraargs: '--verify_signature' -#sap_hana_install_hdblcm_extraargs: '--ignore=check_diskspace,check_min_mem' +# sap_hana_install_hdblcm_extraargs: '--verify_signature' +# sap_hana_install_hdblcm_extraargs: '--ignore=check_diskspace,check_min_mem' # Instance details sap_hana_install_sid: @@ -105,25 +105,25 @@ sap_hana_install_restrict_max_mem: 'n' sap_hana_install_max_mem: # hdblcm will use default ids if blank -sap_hana_install_userid: +sap_hana_install_userid: sap_hana_install_groupid: # Passwords # Setting master password to 'y' will use that master password for all passwords - recommended sap_hana_install_use_master_password: 'y' # Set one or more of the following password variables in your playbook or inventory. -#sap_hana_install_master_password: -#sap_hana_install_sidadm_password: -#sap_hana_install_db_system_password: -#sap_hana_install_lss_user_password: -#sap_hana_install_lss_backup_password: -#sap_hana_install_ase_user_password: -#sap_hana_install_root_password: -#sap_hana_install_sapadm_password: -#sap_hana_install_xs_org_password: +# sap_hana_install_master_password: +# sap_hana_install_sidadm_password: +# sap_hana_install_db_system_password: +# sap_hana_install_lss_user_password: +# sap_hana_install_lss_backup_password: +# sap_hana_install_ase_user_password: +# sap_hana_install_root_password: +# sap_hana_install_sapadm_password: +# sap_hana_install_xs_org_password: # Optional steps -sap_hana_install_update_firewall: no +sap_hana_install_update_firewall: false # List of firewall ports for SAP HANA. Note: The structure of the variable is compatible # with the variable `firewall` of Linux System Role `firewall`. @@ -149,16 +149,16 @@ sap_hana_install_firewall: state: 'enabled' } # The following variable is no longer used. Setting /etc/hosts entries is done in role sap_general_preconfigure. -#sap_hana_install_update_etchosts: yes +# sap_hana_install_update_etchosts: yes # Post install parameters sap_hana_install_hdbuserstore_key: 'HDB_SYSTEMDB' sap_hana_install_nw_input_location: '/tmp' # License -sap_hana_install_apply_license: no -#sap_hana_install_license_path: -#sap_hana_install_license_file_name: +sap_hana_install_apply_license: false +# sap_hana_install_license_path: +# sap_hana_install_license_file_name: # Misc @@ -178,7 +178,7 @@ sap_hana_install_create_initial_tenant: 'y' # hosts to an existing HANA system. # Corresponding hdblcm parameter: addhosts # Example: -#sap_hana_install_addhosts: 'host2:role=worker,host3:role=worker:group=g02,host4:role=standby:group=g02' +# sap_hana_install_addhosts: 'host2:role=worker,host3:role=worker:group=g02,host4:role=standby:group=g02' # The hostname is set by 'hdblcm --dump_configfile_template' during the preinstall phase but can also # be set to a different value in your playbook or hostvars: diff --git a/ansible/playbooks/roles/sap_hana_install/tasks/main.yml b/ansible/playbooks/roles/sap_hana_install/tasks/main.yml index 0d2dc1c9..57a83d0d 100644 --- a/ansible/playbooks/roles/sap_hana_install/tasks/main.yml +++ b/ansible/playbooks/roles/sap_hana_install/tasks/main.yml @@ -2,12 +2,12 @@ - name: Rename some variables used by hdblcm configfile ansible.builtin.set_fact: - sap_hana_install_sid: "{{ sap_hana_sid|d(sap_hana_install_sid)|d('') }}" - sap_hana_install_number: "{{ sap_hana_instance_number|d(sap_hana_install_instance_number|d(sap_hana_install_number)|d('')) }}" - sap_hana_install_master_password: "{{ sap_hana_install_common_master_password|d(sap_hana_install_master_password) }}" - sap_hana_install_system_usage: "{{ sap_hana_install_env_type|d(sap_hana_install_system_usage) }}" - sap_hana_install_restrict_max_mem: "{{ sap_hana_install_mem_restrict|d(sap_hana_install_restrict_max_mem) }}" - sap_hana_set_log_mode_overwrite: "{{ sap_hana_set_log_mode_overwrite|default (true)}}" + sap_hana_install_sid: "{{ sap_hana_sid | d(sap_hana_install_sid) | d('') }}" + sap_hana_install_number: "{{ sap_hana_instance_number | d(sap_hana_install_instance_number | d(sap_hana_install_number) | d('')) }}" + sap_hana_install_master_password: "{{ sap_hana_install_common_master_password | d(sap_hana_install_master_password) }}" + sap_hana_install_system_usage: "{{ sap_hana_install_env_type | d(sap_hana_install_system_usage) }}" + sap_hana_install_restrict_max_mem: "{{ sap_hana_install_mem_restrict | d(sap_hana_install_restrict_max_mem) }}" + sap_hana_install_set_log_mode_overwrite: "{{ sap_hana_install_set_log_mode_overwrite | default(true) }}" tags: - sap_hana_install_preinstall - sap_hana_install_set_log_mode diff --git a/ansible/playbooks/roles/sap_hana_install/tasks/post_install/firewall.yml b/ansible/playbooks/roles/sap_hana_install/tasks/post_install/firewall.yml index a11661b6..bbe1a9e0 100644 --- a/ansible/playbooks/roles/sap_hana_install/tasks/post_install/firewall.yml +++ b/ansible/playbooks/roles/sap_hana_install/tasks/post_install/firewall.yml @@ -4,7 +4,7 @@ ansible.builtin.systemd: name: firewalld state: started - enabled: yes + enabled: true tags: sap_hana_install_configure_firewall - name: SAP HANA Post Install - Construct the argument list for 'firewall-cmd --add-port' @@ -37,12 +37,12 @@ # of the no-changed-when rule, we just set changed_when to true here. - name: SAP HANA Post Install - Enable the required ports immediately ansible.builtin.command: "{{ __sap_hana_install_fact_firewall_cmd_command }}" - changed_when: yes + changed_when: true tags: sap_hana_install_configure_firewall - name: SAP HANA Post Install - Get the current firewall configuration of the default zone ansible.builtin.command: firewall-cmd --list-all - changed_when: no + changed_when: false register: __sap_hana_install_register_current_firewall_ports tags: sap_hana_install_configure_firewall @@ -56,12 +56,12 @@ # of the no-changed-when rule, we just set changed_when to true here. - name: SAP HANA Post Install - Enable the required ports permanently ansible.builtin.command: "{{ __sap_hana_install_fact_firewall_cmd_command }} --permanent" - changed_when: yes + changed_when: true tags: sap_hana_install_configure_firewall - name: SAP HANA Post Install - Get the permanent firewall configuration of the default zone ansible.builtin.command: firewall-cmd --list-all - changed_when: no + changed_when: false register: __sap_hana_install_register_permanent_firewall_ports tags: sap_hana_install_configure_firewall diff --git a/ansible/playbooks/roles/sap_hana_install/tasks/post_install/log_mode.yml b/ansible/playbooks/roles/sap_hana_install/tasks/post_install/log_mode.yml index 9cc1e332..283205ac 100644 --- a/ansible/playbooks/roles/sap_hana_install/tasks/post_install/log_mode.yml +++ b/ansible/playbooks/roles/sap_hana_install/tasks/post_install/log_mode.yml @@ -8,7 +8,7 @@ -i '{{ sap_hana_install_number }}' \ -d SYSTEMDB \ -u SYSTEM \ - -p '{{ sap_hana_install_db_system_password|d(sap_hana_install_master_password) }}' \ + -p '{{ sap_hana_install_db_system_password | d(sap_hana_install_master_password) }}' \ -m <