Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GCP - Wrong srHook Configurations #900

Open
ab-mohamed opened this issue Sep 13, 2022 · 7 comments
Open

GCP - Wrong srHook Configurations #900

ab-mohamed opened this issue Sep 13, 2022 · 7 comments
Assignees
@mr-stringer @arbulu89
Labels
bug Something isn't working

Comments

@ab-mohamed
Copy link

Used cloud platform
GCP

Used SLES4SAP version
SLES12 SP4|5 for SAP Applications

Used client machine OS
macOS

Expected behaviour vs observed behaviour
Successful srHook configurations in /etc/sudoers.d/SAPHanaSR file

How to reproduce
Deploy HANA HA cluster using SLES12 SP4|5 for SAP Applications

Check /etc/sudoers.d/SAPHanaSR:

vmhana01 ~ # cat /etc/sudoers.d/SAPHanaSR
# SAPHanaSR needs for /usr/share/SAPHanaSR/SAPHanaSR.py
Cmnd_Alias SOK_SITEA      = /usr/sbin/crm_attribute -n hana_prd_site_srHook_u'NUE' -v SOK   -t crm_config -s SAPHanaSR
Cmnd_Alias SFAIL_SITEA    = /usr/sbin/crm_attribute -n hana_prd_site_srHook_u'NUE' -v SFAIL -t crm_config -s SAPHanaSR
Cmnd_Alias SOK_SITEB      = /usr/sbin/crm_attribute -n hana_prd_site_srHook_u'FRA' -v SOK   -t crm_config -s SAPHanaSR
Cmnd_Alias SFAIL_SITEB    = /usr/sbin/crm_attribute -n hana_prd_site_srHook_u'FRA' -v SFAIL -t crm_config -s SAPHanaSR
prdadm ALL=(ALL) NOPASSWD: SOK_SITEA, SFAIL_SITEA, SOK_SITEB, SFAIL_SITEB
# SAPHanaSR takeover blocker needs for /usr/share/SAPHanaSR/susTkOver.py
Cmnd_Alias HOOK_HELPER_TKOVER = /usr/sbin/SAPHanaSR-hookHelper --case checkTakeover --sid=prd
prdadm ALL=(ALL) NOPASSWD: HOOK_HELPER_TKOVER

hana_prd_site_srHook_u'NUE' should be replaced by hana_prd_site_srHook_NUE. The same for the rest.
@ab-mohamed ab-mohamed added the bug Something isn't working label Sep 13, 2022
@ab-mohamed
Copy link
Author

Here is the Terraform execution part:

module.hana_node.module.hana_provision.null_resource.provision[1] (remote-exec): [INFO    ] {u'ha_dr_provider_sustkover': {u'after': {u'execution_order': u'2', u'path': u'/usr/share/SAPHanaSR', u'provider': u'susTkOver'}, u'before': None}, u'trace': {u'ha_dr_sustkover': {u'after': u'info', u'before': None}}}
@mr-stringer mr-stringer self-assigned this Sep 15, 2022
@mr-stringer
Copy link
Contributor

I will look into this and attempt to reproduce it.
@mr-stringer
Copy link
Contributor

mr-stringer commented Sep 20, 2022
edited
Loading

I have not been able to reproduce this error.

In my terraform.tfvars file I have identified the sites as below:

hana_sid = "GPT"
hana_instance_number = "00"
hana_master_password = "[REDACTED]"
hana_primary_site = "node01"
hana_secondary_site = "node02"

This results in the following content in /etc/sudoers.d/SAPHanaSR

Cmnd_Alias SOK_SITEA      = /usr/sbin/crm_attribute -n hana_gpt_site_srHook_node01 -v SOK   -t crm_config -s SAPHanaSR
Cmnd_Alias SFAIL_SITEA    = /usr/sbin/crm_attribute -n hana_gpt_site_srHook_node01 -v SFAIL -t crm_config -s SAPHanaSR
Cmnd_Alias SOK_SITEB      = /usr/sbin/crm_attribute -n hana_gpt_site_srHook_node02 -v SOK   -t crm_config -s SAPHanaSR
Cmnd_Alias SFAIL_SITEB    = /usr/sbin/crm_attribute -n hana_gpt_site_srHook_node02 -v SFAIL -t crm_config -s SAPHanaSR
gptadm ALL=(ALL) NOPASSWD: SOK_SITEA, SFAIL_SITEA, SOK_SITEB, SFAIL_SITEB
# SAPHanaSR takeover blocker needs for /usr/share/SAPHanaSR/susTkOver.py
Cmnd_Alias HOOK_HELPER_TKOVER = /usr/sbin/SAPHanaSR-hookHelper --case checkTakeover --sid=gpt
gptadm ALL=(ALL) NOPASSWD: HOOK_HELPER_TKOVER

Can you please share your terraform.tfvars after redacting any sensitive information?
@mr-stringer
Copy link
Contributor

@ab-mohamed I am still unable to reproduce the issue. Please post a redacted terraform.tfvars file.
@abdurrahman84
Copy link

@mr-stringer

Please ensure that you use SLES 12 SP4|5 for SAP Applications.

Here is my Terraform configurations:

project = "<PROJECT ID>"
gcp_credentials_file = "<SERVICE ACCOUNT KEY>.json"
region = "us-west1"
os_image = "suse-sap-cloud/sles-12-sp4-sap"
public_key  = "<PUBLIC SSH KEY>"
private_key = "<PRIVAT SSH KEY>"
cluster_ssh_pub = "salt://sshkeys/cluster.id_rsa.pub"
cluster_ssh_key = "salt://sshkeys/cluster.id_rsa"
ha_sap_deployment_repo = "https://download.opensuse.org/repositories/network:/ha-clustering:/sap-deployments:/v9"
provisioning_log_level = "info"
pre_deployment = true
bastion_enabled = true
bastion_os_image = "suse-sap-cloud/sles-15-sp5-sap"
bastion_nat_min_ports_per_vm = 1204
hana_count = "2"
machine_type = "n1-highmem-4"
hana_data_disks_configuration = {
  disks_type       = "pd-ssd,pd-ssd,pd-ssd,pd-ssd,pd-ssd,pd-ssd,pd-ssd"
  disks_size       = "128,64,128,64,32,32,64"
  # The next variables are used during the provisioning
  luns             = "0,1#2,3#4#5#6"
  names            = "data#log#shared#usrsap#backup"
  lv_sizes         = "100#100#100#100#100"
  paths            = "/hana/data#/hana/log#/hana/shared#/usr/sap#/hana/backup"
}
hana_inst_master = "<GCP Bucket>/<EXTRACTED HANA 2.0 SPS05>"
hana_master_password = "<PASSWORD>"
hana_primary_site = "NUE"
hana_secondary_site = "FRA"
@ab-mohamed
Copy link
Author

@mr-stringer Any updates about this issue?
@mr-stringer
Copy link
Contributor

Sorry, I didn't see you'd posted this. I'll give it a try in the next day or two. Thanks :)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
4 participants
@mr-stringer @abdurrahman84 @arbulu89 @ab-mohamed