From 4411e1220b29a8d2e12fc610b6c5b1bc7fb58af9 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Thu, 23 Oct 2025 20:49:14 +0000 Subject: [PATCH 01/17] Enhance AzureDataParser to support max_mbps and max_iops properties in filesystem data logging --- src/module_utils/collector.py | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/module_utils/collector.py b/src/module_utils/collector.py index 3363498b..ebe0aa95 100644 --- a/src/module_utils/collector.py +++ b/src/module_utils/collector.py @@ -348,11 +348,17 @@ def parse_disks_vars(self, check, context) -> str: logging.WARNING, f"Mount point {mount_point} not found in filesystem data" ) return value - if property in fs_entry and fs_entry.get(property) is not None: - value = str(fs_entry[property]) + + fs_property = property + if property in ["mbps", "iops"] and property not in fs_entry: + fs_property = f"max_{property}" + + if fs_property in fs_entry and fs_entry.get(fs_property) is not None: + value = str(fs_entry[fs_property]) self.parent.log( logging.INFO, - f"Found {property}='{value}' for {mount_point} from filesystem data", + f"Found {property}='{value}' for {mount_point} " + + f"from filesystem data (via {fs_property})", ) return value if not parsed_disks: From 7a05d0d7f208d4962e6177aeb6206153f9afb04a Mon Sep 17 00:00:00 2001 From: devanshjain Date: Thu, 23 Oct 2025 21:00:13 +0000 Subject: [PATCH 02/17] Refactor debug tasks in configuration checks to log results from command-based, Azure-based, and module-based checks --- .../configuration_checks/tasks/ha_modules.yml | 21 ++++++++++++++++--- src/roles/configuration_checks/tasks/main.yml | 17 +++++++-------- 2 files changed, 25 insertions(+), 13 deletions(-) diff --git a/src/roles/configuration_checks/tasks/ha_modules.yml b/src/roles/configuration_checks/tasks/ha_modules.yml index 9810c577..bf675fa8 100644 --- a/src/roles/configuration_checks/tasks/ha_modules.yml +++ b/src/roles/configuration_checks/tasks/ha_modules.yml @@ -25,6 +25,13 @@ saphanasr_provider: "{{ saphanasr_provider | default('SAPHanaSR') }}" register: ha_db_module_result + - name: Debug logs from get_pcmk_properties_db + when: + - ha_db_module_result is defined + - ha_db_module_result.log is defined + ansible.builtin.debug: + msg: "{{ ha_db_module_result.log }}" + - name: "Store HA DB configuration result" when: >- role == 'DB' and @@ -44,6 +51,13 @@ pcmk_constants: "{{ lookup('file', 'roles/ha_scs/tasks/files/constants.yaml') | from_yaml }}" register: ha_scs_module_result + - name: Debug logs from get_pcmk_properties_scs + when: + - ha_scs_module_result is defined + - ha_scs_module_result.log is defined + ansible.builtin.debug: + msg: "{{ ha_scs_module_result.log }}" + - name: "Store HA SCS configuration result" when: >- role in ['SCS', 'ERS'] and @@ -70,10 +84,11 @@ register: ha_loadbalancer_module_result - name: "Debug HA Load Balancer configuration result" - when: ha_loadbalancer_module_result is defined + when: + - ha_loadbalancer_module_result is defined + - ha_loadbalancer_module_result.log is defined ansible.builtin.debug: - var: ha_loadbalancer_module_result - verbosity: 1 + msg: "{{ ha_loadbalancer_module_result.log }}" - name: "Store HA Load Balancer configuration result" when: >- diff --git a/src/roles/configuration_checks/tasks/main.yml b/src/roles/configuration_checks/tasks/main.yml index d7f57c20..496331a8 100644 --- a/src/roles/configuration_checks/tasks/main.yml +++ b/src/roles/configuration_checks/tasks/main.yml @@ -149,13 +149,12 @@ ansible.builtin.debug: msg: "Command-based configuration checks failed {{ command_check_results.msg }}" -- name: "{{ check_type.name }} - Debug the logs from configuration check python module" +- name: "{{ check_type.name }} - Debug the logs from command-based configuration check" when: - command_check_results is defined - command_check_results.log is defined ansible.builtin.debug: msg: "{{ command_check_results.log }}" - verbosity: 1 - name: "{{ check_type.name }} - Execute Azure-based configuration checks" when: @@ -183,13 +182,12 @@ ansible.builtin.debug: msg: "Azure-based configuration checks failed but continuing {{ azure_check_results.msg }}" -- name: "{{ check_type.name }} - Debug the formatted filesystem info from configuration check python module" +- name: "{{ check_type.name }} - Debug the logs from Azure-based configuration check" when: - azure_check_results is defined - - azure_check_results.formatted_filesystem_info is defined + - azure_check_results.log is defined ansible.builtin.debug: - msg: "{{ azure_check_results.formatted_filesystem_info }}" - verbosity: 1 + msg: "{{ azure_check_results.log }}" - name: "{{ check_type.name }} - Execute module-based configuration checks" when: @@ -216,13 +214,12 @@ ansible.builtin.debug: msg: "Module-based configuration checks failed but continuing {{ module_check_results.msg }}" -- name: "{{ check_type.name }} - Debug the module check results" +- name: "{{ check_type.name }} - Debug the logs from module-based configuration check" when: - module_check_results is defined - - module_check_results.check_results is defined + - module_check_results.log is defined ansible.builtin.debug: - msg: "Module checks: {{ module_check_results.check_results | length }} results" - verbosity: 1 + msg: "{{ module_check_results.log }}" - name: "{{ check_type.name }} - Merge check results with error handling" ansible.builtin.set_fact: From 4aa9b3e5683955d61ef993bbe3bd8e87e7f3af95 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Thu, 23 Oct 2025 21:02:05 +0000 Subject: [PATCH 03/17] Fix log variable names in debug tasks for HA and configuration checks --- src/roles/configuration_checks/tasks/ha_modules.yml | 12 ++++++------ src/roles/configuration_checks/tasks/main.yml | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/roles/configuration_checks/tasks/ha_modules.yml b/src/roles/configuration_checks/tasks/ha_modules.yml index bf675fa8..290d79bd 100644 --- a/src/roles/configuration_checks/tasks/ha_modules.yml +++ b/src/roles/configuration_checks/tasks/ha_modules.yml @@ -28,9 +28,9 @@ - name: Debug logs from get_pcmk_properties_db when: - ha_db_module_result is defined - - ha_db_module_result.log is defined + - ha_db_module_result.logs is defined ansible.builtin.debug: - msg: "{{ ha_db_module_result.log }}" + msg: "{{ ha_db_module_result.logs }}" - name: "Store HA DB configuration result" when: >- @@ -54,9 +54,9 @@ - name: Debug logs from get_pcmk_properties_scs when: - ha_scs_module_result is defined - - ha_scs_module_result.log is defined + - ha_scs_module_result.logs is defined ansible.builtin.debug: - msg: "{{ ha_scs_module_result.log }}" + msg: "{{ ha_scs_module_result.logs }}" - name: "Store HA SCS configuration result" when: >- @@ -86,9 +86,9 @@ - name: "Debug HA Load Balancer configuration result" when: - ha_loadbalancer_module_result is defined - - ha_loadbalancer_module_result.log is defined + - ha_loadbalancer_module_result.logs is defined ansible.builtin.debug: - msg: "{{ ha_loadbalancer_module_result.log }}" + msg: "{{ ha_loadbalancer_module_result.logs }}" - name: "Store HA Load Balancer configuration result" when: >- diff --git a/src/roles/configuration_checks/tasks/main.yml b/src/roles/configuration_checks/tasks/main.yml index 496331a8..13c788c1 100644 --- a/src/roles/configuration_checks/tasks/main.yml +++ b/src/roles/configuration_checks/tasks/main.yml @@ -152,9 +152,9 @@ - name: "{{ check_type.name }} - Debug the logs from command-based configuration check" when: - command_check_results is defined - - command_check_results.log is defined + - command_check_results.logs is defined ansible.builtin.debug: - msg: "{{ command_check_results.log }}" + msg: "{{ command_check_results.logs }}" - name: "{{ check_type.name }} - Execute Azure-based configuration checks" when: @@ -185,9 +185,9 @@ - name: "{{ check_type.name }} - Debug the logs from Azure-based configuration check" when: - azure_check_results is defined - - azure_check_results.log is defined + - azure_check_results.logs is defined ansible.builtin.debug: - msg: "{{ azure_check_results.log }}" + msg: "{{ azure_check_results.logs }}" - name: "{{ check_type.name }} - Execute module-based configuration checks" when: @@ -217,9 +217,9 @@ - name: "{{ check_type.name }} - Debug the logs from module-based configuration check" when: - module_check_results is defined - - module_check_results.log is defined + - module_check_results.logs is defined ansible.builtin.debug: - msg: "{{ module_check_results.log }}" + msg: "{{ module_check_results.logs }}" - name: "{{ check_type.name }} - Merge check results with error handling" ansible.builtin.set_fact: From 4eae16ab605440a6371ebb957ff14702f0266e47 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Thu, 23 Oct 2025 21:05:32 +0000 Subject: [PATCH 04/17] Remove test_group_invocation_id from report file name in configuration checks --- src/playbook_00_configuration_checks.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/playbook_00_configuration_checks.yml b/src/playbook_00_configuration_checks.yml index d1f7603f..6fefb72e 100644 --- a/src/playbook_00_configuration_checks.yml +++ b/src/playbook_00_configuration_checks.yml @@ -438,8 +438,8 @@ ansible.builtin.include_tasks: "./roles/misc/tasks/render-html-report.yml" vars: html_template_name: "./templates/config_checks_report.html" - report_file_name: "CONFIG_{{ sap_sid | upper }}_{{ platform | upper }}_{{ test_group_invocation_id }}" + report_file_name: "CONFIG_{{ sap_sid | upper }}_{{ platform | upper }}" - name: "Debug the file name of the report generated" ansible.builtin.debug: - msg: "Report file CONFIG_{{ sap_sid | upper }}_{{ platform | upper }}_{{ test_group_invocation_id }} generated." + msg: "Report file CONFIG_{{ sap_sid | upper }}_{{ platform | upper }} generated." From adcb59b04e134db03d4efac7f48038fd354a47ae Mon Sep 17 00:00:00 2001 From: devanshjain Date: Thu, 23 Oct 2025 21:15:20 +0000 Subject: [PATCH 05/17] Refactor AzureDataParser to simplify property retrieval from filesystem data --- src/module_utils/collector.py | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/src/module_utils/collector.py b/src/module_utils/collector.py index ebe0aa95..3363498b 100644 --- a/src/module_utils/collector.py +++ b/src/module_utils/collector.py @@ -348,17 +348,11 @@ def parse_disks_vars(self, check, context) -> str: logging.WARNING, f"Mount point {mount_point} not found in filesystem data" ) return value - - fs_property = property - if property in ["mbps", "iops"] and property not in fs_entry: - fs_property = f"max_{property}" - - if fs_property in fs_entry and fs_entry.get(fs_property) is not None: - value = str(fs_entry[fs_property]) + if property in fs_entry and fs_entry.get(property) is not None: + value = str(fs_entry[property]) self.parent.log( logging.INFO, - f"Found {property}='{value}' for {mount_point} " - + f"from filesystem data (via {fs_property})", + f"Found {property}='{value}' for {mount_point} from filesystem data", ) return value if not parsed_disks: From 476446ab61157dc0d945556661dbbc217835fdb9 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 27 Oct 2025 04:28:28 +0000 Subject: [PATCH 06/17] Enhance configuration checks by adding LVM and ANF volume checks for ASCS and APP roles; update disk task inclusion logic and improve HTML report layout --- .../configuration_checks/tasks/disks.yml | 32 +++++----- .../configuration_checks/tasks/files/app.yml | 59 +++++++++++++++++++ .../configuration_checks/tasks/files/ascs.yml | 59 +++++++++++++++++++ src/roles/configuration_checks/tasks/main.yml | 2 +- src/templates/config_checks_report.html | 2 +- 5 files changed, 137 insertions(+), 17 deletions(-) diff --git a/src/roles/configuration_checks/tasks/disks.yml b/src/roles/configuration_checks/tasks/disks.yml index 5556eea0..8f02c77c 100644 --- a/src/roles/configuration_checks/tasks/disks.yml +++ b/src/roles/configuration_checks/tasks/disks.yml @@ -195,7 +195,7 @@ when: - has_nfs_mounts | bool - NFS_provider is defined - - "'AFS' in NFS_provider" + - NFS_provider == "AFS" - afs_storage_accounts is defined - afs_storage_accounts | length > 0 register: afs_storage_metadata_results @@ -203,25 +203,27 @@ ansible.builtin.shell: executable: /bin/bash cmd: | + #!/bin/bash set -o pipefail - for acc in {{ afs_storage_accounts | join(' ') }}; do + for acc in "${afs_storage_accounts[@]}"; do sa_info=$(az storage account show --name "$acc" --query "{rg:resourceGroup,name:name,id:id}" -o tsv) + if [ $? -ne 0 ] || [ -z "$sa_info" ]; then + echo "Error: Failed to retrieve storage account info for $acc" >&2 + continue + fi rg=$(echo "$sa_info" | awk '{print $1}') sid=$(echo "$sa_info" | awk '{print $3}') dns="$acc.file.core.windows.net" - for sh in $(az storage share-rm list --resource-group "$rg" --storage-account "$acc" \ - --query "[?enabledProtocols=='NFS'].[name,accessTier,quotaGiB]" -o tsv); do - name=$(echo "$sh" | awk '{print $1}') - tier=$(echo "$sh" | awk '{print $2}') - quota=$(echo "$sh" | awk '{print $3}') - peip=$(az network private-endpoint list \ - --query "[?privateLinkServiceConnections[?privateLinkServiceId=='$sid']].customDnsConfigs[].ipAddresses[]" -o tsv) - for ip in $peip; do - thr=$((100 + ( (quota*4+99)/100 ) + ( (quota*6+99)/100 ) )) - iops=$((quota+3000)) - if [ $iops -gt 100000 ]; then iops=100000; fi - echo "{\"Type\":\"AFS\",\"Name\":\"$name\",\"Pool\":\"$acc\",\"ServiceLevel\":\"$tier\",\"ThroughputMibps\":$thr,\"ProtocolTypes\":\"NFS4.1\",\"NFSAddressDNS\":\"$dns:/$acc/$name\",\"NFSAddress\":\"$ip:/$acc/$name\",\"QoSType\":\"Manual\",\"IOPS\":$iops,\"Id\":\"$sid\"}" - done + az storage share-rm list --resource-group "$rg" --storage-account "$acc" \ + --query "[?enabledProtocols=='NFS'].[name,accessTier,shareQuota]" -o tsv | \ + while IFS=$'\t' read -r name tier quota; do + if [ -z "$name" ]; then + continue + fi + thr=$((100 + ( (quota*4+99)/100 ) + ( (quota*6+99)/100 ) )) + iops=$((quota+3000)) + if [ $iops -gt 100000 ]; then iops=100000; fi + echo "{\"Type\":\"AFS\",\"Name\":\"$name\",\"Pool\":\"$acc\",\"ServiceLevel\":\"$tier\",\"Quota\":\"$quota\",\"ThroughputMibps\":$thr,\"ProtocolTypes\":\"NFS4.1\",\"NFSAddressDNS\":\"$dns:/$acc/$name\",\"NFSAddress\":\"$dns:/$acc/$name\",\"QoSType\":\"Manual\",\"IOPS\":$iops,\"Id\":\"$sid\"}" done done diff --git a/src/roles/configuration_checks/tasks/files/app.yml b/src/roles/configuration_checks/tasks/files/app.yml index b0fe7d77..0587a542 100644 --- a/src/roles/configuration_checks/tasks/files/app.yml +++ b/src/roles/configuration_checks/tasks/files/app.yml @@ -262,3 +262,62 @@ checks: references: other: "https://www.suse.com/support/kb/doc/?id=000019722" + - id: "APP-0008" + name: "LVM Groups" + description: "Lists all LVM groups to ensure APP server directories are configured with supported LVM configurations." + category: *sap_check + severity: *info + workload: *sap + applicability: + os_type: [*suse, *redhat] + os_version: *all_versions + hardware_type: *vm + storage_type: *all_storage + role: [*app_role, *pas] + collector_type: *azure + collector_args: + resource_type: "lvm_groups" + report: *table + references: + sap: "2972496" + microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" + + - id: "APP-0009" + name: "LVM Volumes" + description: "Lists all LVM volumes to ensure APP server directories are configured with supported LVM configurations." + category: *sap_check + severity: *info + workload: *sap + applicability: + os_type: [*suse, *redhat] + os_version: *all_versions + hardware_type: *vm + storage_type: *all_storage + role: [*app_role, *pas] + collector_type: *azure + collector_args: + resource_type: "lvm_volumes" + report: *table + references: + sap: "2972496" + microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" + + - id: "APP-0010" + name: "ANF Volumes" + description: "Lists all ANF volumes to ensure APP server directories are configured with supported ANF configurations." + category: *sap_check + severity: *info + workload: *sap + applicability: + os_type: [*suse, *redhat] + os_version: *all_versions + hardware_type: *vm + storage_type: *all_storage + role: [*app_role, *pas] + collector_type: *azure + collector_args: + resource_type: "anf_volumes" + report: *table + references: + sap: "2972496" + microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" diff --git a/src/roles/configuration_checks/tasks/files/ascs.yml b/src/roles/configuration_checks/tasks/files/ascs.yml index 680b345a..79791096 100644 --- a/src/roles/configuration_checks/tasks/files/ascs.yml +++ b/src/roles/configuration_checks/tasks/files/ascs.yml @@ -108,3 +108,62 @@ checks: expected_output: "0" report: *check + - id: "ASCS-0002" + name: "LVM Groups" + description: "Lists all LVM groups to ensure ASCS directories are configured with supported LVM configurations." + category: *sap_check + severity: *info + workload: *sap + applicability: + os_type: [*suse, *redhat] + os_version: *all_versions + hardware_type: *vm + storage_type: *all_storage + role: [*ascs_role, *ers_role] + collector_type: *azure + collector_args: + resource_type: "lvm_groups" + report: *table + references: + sap: "2972496" + microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" + + - id: "ASCS-0003" + name: "LVM Volumes" + description: "Lists all LVM volumes to ensure ASCS directories are configured with supported LVM configurations." + category: *sap_check + severity: *info + workload: *sap + applicability: + os_type: [*suse, *redhat] + os_version: *all_versions + hardware_type: *vm + storage_type: *all_storage + role: [*ascs_role, *ers_role] + collector_type: *azure + collector_args: + resource_type: "lvm_volumes" + report: *table + references: + sap: "2972496" + microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" + + - id: "ASCS-0004" + name: "ANF Volumes" + description: "Lists all ANF volumes to ensure ASCS directories are configured with supported ANF configurations." + category: *sap_check + severity: *info + workload: *sap + applicability: + os_type: [*suse, *redhat] + os_version: *all_versions + hardware_type: *vm + storage_type: *all_storage + role: [*ascs_role, *ers_role] + collector_type: *azure + collector_args: + resource_type: "anf_volumes" + report: *table + references: + sap: "2972496" + microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" diff --git a/src/roles/configuration_checks/tasks/main.yml b/src/roles/configuration_checks/tasks/main.yml index 13c788c1..9f87125e 100644 --- a/src/roles/configuration_checks/tasks/main.yml +++ b/src/roles/configuration_checks/tasks/main.yml @@ -41,7 +41,7 @@ - name: "{{ check_type.name }} - Include disks task when HANA or Db2 checks to be run" ansible.builtin.include_tasks: disks.yml - when: check_type.file_name in ["hana", "db2"] + when: check_type.file_name in ["hana", "db2", "ascs", "app"] - name: "{{ check_type.name }} - Execute HA and Load Balancer module when high_availability checks to be run" ansible.builtin.include_tasks: ha_modules.yml diff --git a/src/templates/config_checks_report.html b/src/templates/config_checks_report.html index 6e491830..f8d0c1f1 100644 --- a/src/templates/config_checks_report.html +++ b/src/templates/config_checks_report.html @@ -326,7 +326,7 @@ .container { display: grid; - grid-template-columns: minmax(0, 1fr) minmax(auto, 1400px) minmax(0, 1fr); + grid-template-columns: minmax(0, 1fr) minmax(auto, 1800px) minmax(0, 1fr); gap: 20px; } From 693fe2c046ee89748927731bbd155287b7a2288a Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 27 Oct 2025 04:37:55 +0000 Subject: [PATCH 07/17] Add verbosity to debug logs in HA and configuration check tasks --- src/roles/configuration_checks/tasks/ha_modules.yml | 2 ++ src/roles/configuration_checks/tasks/main.yml | 3 +++ 2 files changed, 5 insertions(+) diff --git a/src/roles/configuration_checks/tasks/ha_modules.yml b/src/roles/configuration_checks/tasks/ha_modules.yml index 290d79bd..aa2b8ba9 100644 --- a/src/roles/configuration_checks/tasks/ha_modules.yml +++ b/src/roles/configuration_checks/tasks/ha_modules.yml @@ -57,6 +57,7 @@ - ha_scs_module_result.logs is defined ansible.builtin.debug: msg: "{{ ha_scs_module_result.logs }}" + verbosity: 1 - name: "Store HA SCS configuration result" when: >- @@ -89,6 +90,7 @@ - ha_loadbalancer_module_result.logs is defined ansible.builtin.debug: msg: "{{ ha_loadbalancer_module_result.logs }}" + verbosity: 1 - name: "Store HA Load Balancer configuration result" when: >- diff --git a/src/roles/configuration_checks/tasks/main.yml b/src/roles/configuration_checks/tasks/main.yml index 9f87125e..21e7cc92 100644 --- a/src/roles/configuration_checks/tasks/main.yml +++ b/src/roles/configuration_checks/tasks/main.yml @@ -155,6 +155,7 @@ - command_check_results.logs is defined ansible.builtin.debug: msg: "{{ command_check_results.logs }}" + verbosity: 1 - name: "{{ check_type.name }} - Execute Azure-based configuration checks" when: @@ -188,6 +189,7 @@ - azure_check_results.logs is defined ansible.builtin.debug: msg: "{{ azure_check_results.logs }}" + verbosity: 1 - name: "{{ check_type.name }} - Execute module-based configuration checks" when: @@ -220,6 +222,7 @@ - module_check_results.logs is defined ansible.builtin.debug: msg: "{{ module_check_results.logs }}" + verbosity: 1 - name: "{{ check_type.name }} - Merge check results with error handling" ansible.builtin.set_fact: From 8f024a3a367ec69e0c14100e8fac271a1e344ff0 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 27 Oct 2025 04:49:21 +0000 Subject: [PATCH 08/17] Fix role reference for PAS in enums and add section to report --- src/roles/configuration_checks/tasks/files/app.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/roles/configuration_checks/tasks/files/app.yml b/src/roles/configuration_checks/tasks/files/app.yml index 0587a542..a5472be6 100644 --- a/src/roles/configuration_checks/tasks/files/app.yml +++ b/src/roles/configuration_checks/tasks/files/app.yml @@ -79,6 +79,7 @@ enums: report: - check: &check "check" - section: §ion "section" + - table: &table "table" # Checks for APP roles From 18671f5981884fa3be67d52abbeeb932eb4b52b4 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 27 Oct 2025 04:56:22 +0000 Subject: [PATCH 09/17] Add table entry to report enums in ASCS configuration --- src/roles/configuration_checks/tasks/files/ascs.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/roles/configuration_checks/tasks/files/ascs.yml b/src/roles/configuration_checks/tasks/files/ascs.yml index 79791096..6b9418dd 100644 --- a/src/roles/configuration_checks/tasks/files/ascs.yml +++ b/src/roles/configuration_checks/tasks/files/ascs.yml @@ -82,6 +82,7 @@ enums: report: - check: &check "check" - section: §ion "section" + - table: &table "table" - report: &report [*check, *section] checks: From 51c8a20403d41d70f3c5440497fa08083c4e6354 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 27 Oct 2025 05:12:47 +0000 Subject: [PATCH 10/17] Enhance configuration checks to include ASCS and APP roles; streamline private IP retrieval in Azure Load Balancer module --- src/modules/configuration_check_module.py | 7 ++++++- src/modules/get_azure_lb.py | 5 +---- tests/modules/get_azure_lb_test.py | 4 +--- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/modules/configuration_check_module.py b/src/modules/configuration_check_module.py index a153508f..87db874b 100644 --- a/src/modules/configuration_check_module.py +++ b/src/modules/configuration_check_module.py @@ -934,7 +934,12 @@ def run(self): context["hostname"] = custom_hostname self.set_context(context) - if self.context.get("check_type", {}).get("file_name") in ["hana", "db2"]: + if self.context.get("check_type", {}).get("file_name") in [ + "hana", + "db2", + "ascs", + "app", + ]: temp_context = FileSystemCollector(parent=self).collect( check=None, context=self.context ) diff --git a/src/modules/get_azure_lb.py b/src/modules/get_azure_lb.py index 16f0faf7..1a4b222c 100644 --- a/src/modules/get_azure_lb.py +++ b/src/modules/get_azure_lb.py @@ -243,10 +243,7 @@ def get_private_ip_from_config(config): Extract private IP from frontend config, handling different key variations. Azure SDK might return different structures based on authentication context. """ - private_ip = ( - config.get("private_ip_address") - or config.get("privateIpAddress") - ) + private_ip = config.get("private_ip_address") or config.get("privateIpAddress") return private_ip found_load_balancer = next( diff --git a/tests/modules/get_azure_lb_test.py b/tests/modules/get_azure_lb_test.py index bc9e7fd8..5525eeee 100644 --- a/tests/modules/get_azure_lb_test.py +++ b/tests/modules/get_azure_lb_test.py @@ -246,9 +246,7 @@ class LBWithNestedProperties: def __init__(self): self.name = "nested-lb" self.location = "test" - self.frontend_ip_configurations = [ - {"private_ip_address": "10.0.0.5"} - ] + self.frontend_ip_configurations = [{"private_ip_address": "10.0.0.5"}] self.load_balancing_rules = [] self.probes = [] From b24b0b3bcf266dc1aa7459098b3c404cfc74f8d3 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 27 Oct 2025 05:21:52 +0000 Subject: [PATCH 11/17] Add filesystem and Azure disk checks for APP and ASCS roles; enhance configuration validation --- .../configuration_checks/tasks/files/app.yml | 45 +++++++++++++++++- .../configuration_checks/tasks/files/ascs.yml | 46 ++++++++++++++++++- 2 files changed, 87 insertions(+), 4 deletions(-) diff --git a/src/roles/configuration_checks/tasks/files/app.yml b/src/roles/configuration_checks/tasks/files/app.yml index a5472be6..dbd642a7 100644 --- a/src/roles/configuration_checks/tasks/files/app.yml +++ b/src/roles/configuration_checks/tasks/files/app.yml @@ -264,6 +264,47 @@ checks: other: "https://www.suse.com/support/kb/doc/?id=000019722" - id: "APP-0008" + name: "Filesystem Mount Points" + description: "Lists all mounted filesystems and their types to ensure APP directories are configured with supported filesystems." + category: *sap_check + severity: *info + workload: *sap + applicability: + os_type: [*suse, *redhat] + os_version: *all_versions + hardware_type: *vm + storage_type: *all_storage + role: [*app_role, *pas] + collector_type: *azure + collector_args: + resource_type: "filesystem" + report: *table + references: + sap: "2972496" + microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" + + - id: "APP-0009" + name: "Azure Disks" + description: "Lists all attached Azure disks to ensure APP directories are configured with supported disks." + category: *sap_check + severity: *info + workload: *sap + applicability: + os_type: [*suse, *redhat] + os_version: *all_versions + hardware_type: *vm + storage_type: *all_storage + role: [*app_role, *pas] + collector_type: *azure + collector_args: + resource_type: "azure_disks" + report: *table + references: + sap: "2972496" + microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" + + + - id: "APP-0010" name: "LVM Groups" description: "Lists all LVM groups to ensure APP server directories are configured with supported LVM configurations." category: *sap_check @@ -283,7 +324,7 @@ checks: sap: "2972496" microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" - - id: "APP-0009" + - id: "APP-0011" name: "LVM Volumes" description: "Lists all LVM volumes to ensure APP server directories are configured with supported LVM configurations." category: *sap_check @@ -303,7 +344,7 @@ checks: sap: "2972496" microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" - - id: "APP-0010" + - id: "APP-0012" name: "ANF Volumes" description: "Lists all ANF volumes to ensure APP server directories are configured with supported ANF configurations." category: *sap_check diff --git a/src/roles/configuration_checks/tasks/files/ascs.yml b/src/roles/configuration_checks/tasks/files/ascs.yml index 6b9418dd..513e0caa 100644 --- a/src/roles/configuration_checks/tasks/files/ascs.yml +++ b/src/roles/configuration_checks/tasks/files/ascs.yml @@ -110,6 +110,48 @@ checks: report: *check - id: "ASCS-0002" + name: "Filesystem Mount Points" + description: "Lists all mounted filesystems and their types to ensure SAP HANA directories are configured with supported filesystems." + category: *sap_check + severity: *info + workload: *sap + applicability: + os_type: [*suse, *redhat] + os_version: *all_versions + hardware_type: *vm + storage_type: *all_storage + role: [*db_role] + database_type: [*hana] + collector_type: *azure + collector_args: + resource_type: "filesystem" + report: *table + references: + sap: "2972496" + microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" + + - id: "ASCS-0003" + name: "Azure Disks" + description: "Lists all attached Azure disks to ensure SAP HANA directories are configured with supported disks." + category: *sap_check + severity: *info + workload: *sap + applicability: + os_type: [*suse, *redhat] + os_version: *all_versions + hardware_type: *vm + storage_type: *all_storage + role: [*db_role] + database_type: [*hana] + collector_type: *azure + collector_args: + resource_type: "azure_disks" + report: *table + references: + sap: "2972496" + microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" + + - id: "ASCS-0004" name: "LVM Groups" description: "Lists all LVM groups to ensure ASCS directories are configured with supported LVM configurations." category: *sap_check @@ -129,7 +171,7 @@ checks: sap: "2972496" microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" - - id: "ASCS-0003" + - id: "ASCS-0005" name: "LVM Volumes" description: "Lists all LVM volumes to ensure ASCS directories are configured with supported LVM configurations." category: *sap_check @@ -149,7 +191,7 @@ checks: sap: "2972496" microsoft: "https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage" - - id: "ASCS-0004" + - id: "ASCS-0006" name: "ANF Volumes" description: "Lists all ANF volumes to ensure ASCS directories are configured with supported ANF configurations." category: *sap_check From 3887743186e4f11ebdaea5ae693c79e0c53e5c7e Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 27 Oct 2025 05:28:50 +0000 Subject: [PATCH 12/17] Add ASCS role to checks for database and storage types in ASCS configuration --- src/roles/configuration_checks/tasks/files/ascs.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/roles/configuration_checks/tasks/files/ascs.yml b/src/roles/configuration_checks/tasks/files/ascs.yml index 513e0caa..40fd9539 100644 --- a/src/roles/configuration_checks/tasks/files/ascs.yml +++ b/src/roles/configuration_checks/tasks/files/ascs.yml @@ -120,8 +120,7 @@ checks: os_version: *all_versions hardware_type: *vm storage_type: *all_storage - role: [*db_role] - database_type: [*hana] + role: [*ascs_role, *ers_role] collector_type: *azure collector_args: resource_type: "filesystem" @@ -141,8 +140,7 @@ checks: os_version: *all_versions hardware_type: *vm storage_type: *all_storage - role: [*db_role] - database_type: [*hana] + role: [*ascs_role, *ers_role] collector_type: *azure collector_args: resource_type: "azure_disks" From 176d55e7689d5cadc493a5e44216c414314fdcaf Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 27 Oct 2025 05:50:47 +0000 Subject: [PATCH 13/17] Remove verbosity from debug output for AFS storage data collection --- src/roles/configuration_checks/tasks/disks.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/src/roles/configuration_checks/tasks/disks.yml b/src/roles/configuration_checks/tasks/disks.yml index 8f02c77c..30f98a85 100644 --- a/src/roles/configuration_checks/tasks/disks.yml +++ b/src/roles/configuration_checks/tasks/disks.yml @@ -230,5 +230,4 @@ - name: Debug AFS storage data collected when: afs_storage_metadata_results is defined ansible.builtin.debug: - verbosity: 1 var: afs_storage_metadata_results From 9d2f05375fd3b8a878fe9a47d97751b57dc0c689 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 27 Oct 2025 06:00:19 +0000 Subject: [PATCH 14/17] Enhance error handling in Azure storage account retrieval; improve output for failed commands --- src/roles/configuration_checks/tasks/disks.yml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/src/roles/configuration_checks/tasks/disks.yml b/src/roles/configuration_checks/tasks/disks.yml index 30f98a85..d9f8f62d 100644 --- a/src/roles/configuration_checks/tasks/disks.yml +++ b/src/roles/configuration_checks/tasks/disks.yml @@ -200,22 +200,29 @@ - afs_storage_accounts | length > 0 register: afs_storage_metadata_results delegate_to: localhost + vars: + accounts_list: "{{ afs_storage_accounts | join(' ') }}" ansible.builtin.shell: executable: /bin/bash cmd: | #!/bin/bash set -o pipefail - for acc in "${afs_storage_accounts[@]}"; do - sa_info=$(az storage account show --name "$acc" --query "{rg:resourceGroup,name:name,id:id}" -o tsv) + for acc in {{ accounts_list }}; do + sa_info=$(az storage account show --name "$acc" --query "{rg:resourceGroup,name:name,id:id}" -o tsv 2>&1) if [ $? -ne 0 ] || [ -z "$sa_info" ]; then - echo "Error: Failed to retrieve storage account info for $acc" >&2 + echo "Error: Failed to retrieve storage account info for $acc: $sa_info" >&2 continue fi rg=$(echo "$sa_info" | awk '{print $1}') sid=$(echo "$sa_info" | awk '{print $3}') dns="$acc.file.core.windows.net" - az storage share-rm list --resource-group "$rg" --storage-account "$acc" \ - --query "[?enabledProtocols=='NFS'].[name,accessTier,shareQuota]" -o tsv | \ + share_list=$(az storage share-rm list --resource-group "$rg" --storage-account "$acc" \ + --query "[?enabledProtocols=='NFS'].[name,accessTier,shareQuota]" -o tsv 2>&1) + if [ $? -ne 0 ]; then + echo "Error: Failed to list shares for storage account $acc: $share_list" >&2 + continue + fi + echo "$share_list" | \ while IFS=$'\t' read -r name tier quota; do if [ -z "$name" ]; then continue From e6ec0887023a4dfc56c7b111482c44f6ec60c250 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 27 Oct 2025 06:34:41 +0000 Subject: [PATCH 15/17] Update DNS for Azure storage account to use private link for NFS shares --- src/roles/configuration_checks/tasks/disks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/roles/configuration_checks/tasks/disks.yml b/src/roles/configuration_checks/tasks/disks.yml index d9f8f62d..2db0bed5 100644 --- a/src/roles/configuration_checks/tasks/disks.yml +++ b/src/roles/configuration_checks/tasks/disks.yml @@ -215,7 +215,7 @@ fi rg=$(echo "$sa_info" | awk '{print $1}') sid=$(echo "$sa_info" | awk '{print $3}') - dns="$acc.file.core.windows.net" + dns="$acc.privatelink.file.core.windows.net" share_list=$(az storage share-rm list --resource-group "$rg" --storage-account "$acc" \ --query "[?enabledProtocols=='NFS'].[name,accessTier,shareQuota]" -o tsv 2>&1) if [ $? -ne 0 ]; then From 5654f1670c45d3166d630c1e781cdea1320202cf Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 27 Oct 2025 06:37:52 +0000 Subject: [PATCH 16/17] Enhance AFS storage data handling to include storage account name in NFS address matching --- src/module_utils/filesystem_collector.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/module_utils/filesystem_collector.py b/src/module_utils/filesystem_collector.py index b963cb73..9e7b82aa 100644 --- a/src/module_utils/filesystem_collector.py +++ b/src/module_utils/filesystem_collector.py @@ -110,8 +110,11 @@ def _parse_filesystem_data( if not matched: for nfs_share in afs_storage_data: + storage_account_name = nfs_share.get("Pool", "") share_address = nfs_share.get("NFSAddress", "") - if ":" in share_address and share_address.split(":")[0] == nfs_address: + if ( + ":" in share_address and share_address.split(":")[0] == nfs_address + ) or storage_account_name in nfs_address: filesystem_entry["max_mbps"] = nfs_share.get("ThroughputMibps", 0) filesystem_entry["max_iops"] = nfs_share.get("IOPS", 0) filesystem_entry["nfs_type"] = "AFS" From ffe21e4cf40c8620e618354bb0f78b65f1e59e88 Mon Sep 17 00:00:00 2001 From: devanshjain Date: Mon, 27 Oct 2025 16:54:27 +0000 Subject: [PATCH 17/17] Update Azure package dependencies in configuration and functional test playbooks --- src/playbook_00_configuration_checks.yml | 7 ++++++- src/playbook_00_ha_db_functional_tests.yml | 6 ++++-- src/playbook_00_ha_scs_functional_tests.yml | 7 ++++++- src/playbook_01_ha_offline_tests.yml | 6 ++++-- 4 files changed, 20 insertions(+), 6 deletions(-) diff --git a/src/playbook_00_configuration_checks.yml b/src/playbook_00_configuration_checks.yml index 6fefb72e..f35467c1 100644 --- a/src/playbook_00_configuration_checks.yml +++ b/src/playbook_00_configuration_checks.yml @@ -14,9 +14,14 @@ become: true ansible.builtin.pip: name: - - ansible-runner + - azure-identity - azure-kusto-data - azure-kusto-ingest + - azure-mgmt-compute + - azure-mgmt-network + - azure-storage-blob + - azure-storage-queue + - name: "Generate test group ID and timestamp" ansible.builtin.set_fact: diff --git a/src/playbook_00_ha_db_functional_tests.yml b/src/playbook_00_ha_db_functional_tests.yml index e0b91e04..10fad7f2 100644 --- a/src/playbook_00_ha_db_functional_tests.yml +++ b/src/playbook_00_ha_db_functional_tests.yml @@ -15,11 +15,13 @@ become: true ansible.builtin.pip: name: - - ansible-runner + - azure-identity - azure-kusto-data - azure-kusto-ingest - - azure-identity + - azure-mgmt-compute - azure-mgmt-network + - azure-storage-blob + - azure-storage-queue - pandas - hosts: "{{ sap_sid | upper }}_DB" diff --git a/src/playbook_00_ha_scs_functional_tests.yml b/src/playbook_00_ha_scs_functional_tests.yml index 9adcda14..55a04bbf 100644 --- a/src/playbook_00_ha_scs_functional_tests.yml +++ b/src/playbook_00_ha_scs_functional_tests.yml @@ -15,9 +15,14 @@ become: true ansible.builtin.pip: name: - - ansible-runner + - azure-identity - azure-kusto-data - azure-kusto-ingest + - azure-mgmt-compute + - azure-mgmt-network + - azure-storage-blob + - azure-storage-queue + - pandas - hosts: "{{ sap_sid | upper }}_SCS: {{ sap_sid | upper }}_ERS" diff --git a/src/playbook_01_ha_offline_tests.yml b/src/playbook_01_ha_offline_tests.yml index ba1dad0d..b6ad9a5e 100644 --- a/src/playbook_01_ha_offline_tests.yml +++ b/src/playbook_01_ha_offline_tests.yml @@ -14,11 +14,13 @@ - name: "Install python azure pacakges required" ansible.builtin.pip: name: - - ansible-runner + - azure-identity - azure-kusto-data - azure-kusto-ingest - - azure-identity + - azure-mgmt-compute - azure-mgmt-network + - azure-storage-blob + - azure-storage-queue - pandas - name: "Set the test group name based on the inputs"