feat: support SAP monitoring on IBM Cloud Monitoring using prometheus…

… hana db exporter (#752) --------- Co-authored-by: stafaniasaju <[email protected]> Co-authored-by: surajsbharadwaj <[email protected]> Co-authored-by: surajsbharadwaj <[email protected]> Co-authored-by: Terraform IBM Modules Operations <[email protected]>
terraform-ibm-modules · Jan 14, 2025 · 9f37727 · 9f37727
1 parent 6b08994
commit 9f37727
Show file tree

Hide file tree

Showing 19 changed files with 312 additions and 51 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2024-12-06T13:41:59Z",
+  "generated_at": "2024-12-17T18:27:59Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -77,6 +77,26 @@
     }
   ],
   "results": {
+    "modules/ansible/templates-ansible/configure-monitoring-sap/ansible_configure_monitoring.sh.tftpl": [
+      {
+        "hashed_secret": "3e4bdbe0b80e63c22b178576e906810777387b50",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 10,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
+    "modules/ansible/templates-ansible/configure-monitoring-sap/playbook-configure-monitoring-sap.yml.tftpl": [
+      {
+        "hashed_secret": "d2e2ab0f407e4ee3cf2ab87d61c31b25a74085e5",
+        "is_secret": false,
+        "is_verified": false,
+        "line_number": 53,
+        "type": "Secret Keyword",
+        "verified_result": null
+      }
+    ],
     "modules/pi-sap-system-type1/README.md": [
       {
         "hashed_secret": "2254481e1661d8f017a712b0d1ad9a14fd9460a3",

diff --git a/ibm_catalog.json b/ibm_catalog.json
@@ -352,7 +352,7 @@
                             {
                                 "diagram": {
                                     "caption": "Full SAP environment provisioned on a 'Power Virtual Server with VPC landing zone'",
-                                    "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-sap/main/reference-architectures/sap-ready-to-go/deploy-arch-ibm-pvs-sap-ready-to-go.svg",
+                                    "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-sap/refs/tags/v3.4.0/reference-architectures/sap-ready-to-go/deploy-arch-ibm-pvs-sap-ready-to-go.svg",
                                     "type": "image/svg+xml"
                                 },
                                 "description": "'SAP ready PowerVS' variation of 'Power Virtual Server for SAP HANA' creates a basic and expandable SAP system landscape builds on the foundation of the 'Power Virtual Server with VPC landing zone'. PowerVS instances for SAP HANA, SAP NetWeaver and optionally for shared SAP files are deployed and preconfigured for SAP installation.\n\nServices such as DNS, NTP and NFS running in VPC and provided by 'Power Virtual Server with VPC landing zone' are leveraged.\n\nThe resulting SAP landscape leverages the services such as Activity Tracker, Cloud Object Storage, Key Management and the network connectivity configuration provided by 'Power Virtual Server with VPC landing zone'."
@@ -599,6 +599,15 @@
                                 "type": "json_editor"
                             }
                         },
+                        {
+                            "key": "sap_monitoring_vars",
+                            "required": true,
+                            "custom_config": {
+                                "grouping": "deployment",
+                                "original_grouping": "deployment",
+                                "type": "json_editor"
+                            }
+                        },
                         {
                             "key": "sap_domain",
                             "required": true
@@ -692,6 +701,9 @@
                         },
                         {
                             "key": "sap_solution_vars"
+                        },
+                        {
+                            "key": "sap_monitoring_vars"
                         }
                     ],
                     "iam_permissions": [
@@ -739,7 +751,7 @@
                             {
                                 "diagram": {
                                     "caption": "Full SAP S/4HANA or BW/4HANA environment provisioned on a 'Power Virtual Server with VPC landing zone'",
-                                    "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-sap/main/reference-architectures/sap-s4hana-bw4hana/deploy-arch-ibm-pvs-sap-s4hana-bw4hana.svg",
+                                    "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-powervs-sap/refs/tags/v3.4.0/reference-architectures/sap-s4hana-bw4hana/deploy-arch-ibm-pvs-sap-s4hana-bw4hana.svg",
                                     "type": "image/svg+xml"
                                 },
                                 "description": "'SAP S/4HANA or BW/4HANA' variation of 'Power Virtual Server for SAP HANA' creates a basic and expandable SAP system landscape builds on the foundation of 'Power Virtual Server with VPC landing zone'. PowerVS instances for SAP HANA, SAP NetWeaver and optionally for shared SAP files are deployed and preconfigured for SAP installation. S/4HANA or BW/4HANA solution is installed based on selected version. \n\nServices such as DNS, NTP and NFS running in VPC and provided by 'Power Virtual Server with VPC landing zone' are leveraged.\n\nThe resulting SAP landscape leverages the services such as Activity Tracker, Cloud Object Storage, Key Management and the network connectivity configuration provided by the 'Power Virtual Server with VPC landing zone'."

diff --git a/modules/ansible/main.tf b/modules/ansible/main.tf
@@ -9,6 +9,7 @@ locals {
   dst_playbook_file_path   = "${local.dst_files_dir}/${var.dst_playbook_file_name}"
   src_inventory_tftpl_path = "${local.src_ansible_templates_dir}/${var.src_inventory_template_name}"
   dst_inventory_file_path  = "${local.dst_files_dir}/${var.dst_inventory_file_name}"
+  ibmcloud_api_key         = var.ibmcloud_api_key == null ? "" : nonsensitive(var.ibmcloud_api_key)
 
 }
 
@@ -202,7 +203,7 @@ resource "terraform_data" "execute_playbooks_with_vault" {
   provisioner "remote-exec" {
     inline = [
       "chmod +x ${local.dst_script_file_path}",
-      local.dst_script_file_path,
+      "export IBMCLOUD_API_KEY=${local.ibmcloud_api_key} && ${local.dst_script_file_path}",
     ]
   }
 

diff --git a/.../ansible/templates-ansible/configure-monitoring-sap/ansible_configure_monitoring.sh.tftpl b/.../ansible/templates-ansible/configure-monitoring-sap/ansible_configure_monitoring.sh.tftpl
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+### Using input variables from terraform
+ansible_playbook=${ansible_playbook_file}
+ansible_log_path=${ansible_log_path}
+ansible_inventory=${ansible_inventory}
+ansible_private_key_file=${ansible_private_key_file}
+
+# shell to get the ibmcloud api token
+ibmcloud_auth_response=$(curl -X POST 'https://iam.cloud.ibm.com/identity/token' -H 'Content-Type: application/x-www-form-urlencoded' -d "apikey=$IBMCLOUD_API_KEY&grant_type=urn:ibm:params:oauth:grant-type:apikey")
+ibmcloud_iam_token=$(echo "$ibmcloud_auth_response" | jq -r '.access_token')
+
+# Create ansible.cfg file
+ansible_playbook_name=$(basename $${ansible_playbook})
+echo -e "[defaults]\nhost_key_checking=False" >ansible.cfg
+export ANSIBLE_LOG_PATH=$${ansible_log_path}/$${ansible_playbook_name}.$(date "+%Y.%m.%d-%H.%M.%S").log
+export ANSIBLE_PRIVATE_KEY_FILE=$${ansible_private_key_file}
+
+#Execute ansible playbook
+unbuffer ansible-playbook -i $${ansible_inventory} $${ansible_playbook} --extra-vars ibmcloud_iam_token=$${ibmcloud_iam_token} --vault-password-file password_file
+if [ $? -ne 0 ]; then
+    rm -rf $${ansible_private_key_file}
+    exit 1
+fi
+echo \"Playbook command successful\"
+rm -rf $${ansible_private_key_file}
diff --git a/...le/templates-ansible/configure-monitoring-sap/playbook-configure-monitoring-sap.yml.tftpl b/...le/templates-ansible/configure-monitoring-sap/playbook-configure-monitoring-sap.yml.tftpl
@@ -0,0 +1,57 @@
+# ------------------------------------------------------------------------
+# This playbook uses the ibm.power_linux_sap collection. This collection is
+# available on ansible galaxy
+# https://galaxy.ansible.com/ui/repo/published/ibm/power_linux_sap/ and can
+# be installed using 'ansible-galaxy collection install ibm.power_linux_sap'
+# ------------------------------------------------------------------------
+
+---
+- name: SAP monitoring configuration
+  hosts: all
+  become: true
+  vars:
+
+    ## variable group: monitoring meta parameters
+    sap_monitoring_action: '${sap_monitoring_action}'
+    config_override: '${config_override}'
+    sap_monitoring_nr: '${sap_monitoring_nr}'
+    sap_monitoring_solution_name: '${sap_monitoring_solution_name}'
+    sap_tools_directory: '${sap_tools_directory}'
+
+    ## variable group: hana parameters
+    sap_hana_ip: '${sap_hana_ip}'
+    sap_hana_http_port: '${sap_hana_http_port}'
+    sap_hana_sql_systemdb_port: '${sap_hana_sql_systemdb_port}'
+    sap_hana_sql_systemdb_user: '${sap_hana_sql_systemdb_user}'
+    sap_hana_sql_systemdb_password: '${sap_hana_sql_systemdb_password}'
+
+    ## variable group: application server parameters
+    sap_ascs_ip: '${sap_ascs_ip}'
+    sap_ascs_http_port: '${sap_ascs_http_port}'
+    sap_app_server: ${sap_app_server}
+
+    ## variable group: IBM cloud parameters
+    ibmcloud_monitoring_instance_url: '${ibmcloud_monitoring_instance_url}'
+    ibmcloud_monitoring_request_credential_url: '${ibmcloud_monitoring_request_credential_url}'
+    ibmcloud_monitoring_instance_guid: '${ibmcloud_monitoring_instance_guid}'
+
+  tasks:
+  # use token to get the monitoring auth cred
+  - name: Obtain IBM Cloud IAM token
+    ansible.builtin.uri:
+      url: "{{ ibmcloud_monitoring_request_credential_url }}"
+      method: GET
+      headers:
+        Content-Type: application/json
+        IBMInstanceID: "{{ ibmcloud_monitoring_instance_guid  }}"
+        Authorization: "Bearer {{ ibmcloud_iam_token }}"
+      return_content: yes
+    register: response
+
+  - name: Set fact for IBM Cloud Monitoring authorization credentials
+    ansible.builtin.set_fact:
+      ibmcloud_monitoring_authorization_credentials: "{{ response.json.token.key }}"
+
+  - name: Execute monitoring role for SAP
+    ansible.builtin.include_role:
+      name: ibm.power_linux_sap.monitoring_sap
diff --git a/modules/ansible/templates-ansible/monitoring-inventory.tftpl b/modules/ansible/templates-ansible/monitoring-inventory.tftpl
@@ -0,0 +1 @@
+${monitoring_host_ip}
diff --git a/modules/ansible/templates-ansible/s4hanab4hana-solution/playbook-sap-swpm-install.yml.tftpl b/modules/ansible/templates-ansible/s4hanab4hana-solution/playbook-sap-swpm-install.yml.tftpl
@@ -78,3 +78,20 @@
 
     - name: SAP SWPM Post Install - Enforce Connection Info in hdbuserstore
       ansible.builtin.shell: "runuser -l {{sap_swpm_sid|lower}}adm -c 'hdbuserstore SET DEFAULT {{ sap_swpm_db_host }}:3{{ sap_swpm_db_instance_nr }}15 {{ sap_swpm_db_schema_abap }} '{{ sap_swpm_db_system_password }}"
+
+    - name: Update the service/protectedwebmethods line in the file DEFAULT.PFL profile
+      ansible.builtin.lineinfile:
+        path: /usr/sap/{{ sap_swpm_sid }}/SYS/profile/DEFAULT.PFL
+        regexp: '^service/protectedwebmethods ='
+        line: 'service/protectedwebmethods = ${sap_swpm_service_protectedwebmethods}'
+        backup: yes
+
+    - name: Restart ASCS instance for service/protectedwebmethods to take effect
+      ansible.builtin.shell: "runuser -l {{sap_swpm_sid|lower}}adm -c 'sapcontrol -nr {{ sap_swpm_ascs_instance_nr }} -function RestartService'"
+
+    - name: Pause for 30 seconds
+      ansible.builtin.pause:
+        seconds: 30
+
+    - name: Restart PAS instance for service/protectedwebmethods to take effect
+      ansible.builtin.shell: "runuser -l {{sap_swpm_sid|lower}}adm -c 'sapcontrol -nr {{ sap_swpm_pas_instance_nr }} -function RestartService'"
diff --git a/modules/ansible/variables.tf b/modules/ansible/variables.tf
@@ -65,3 +65,10 @@ variable "ansible_vault_password" {
   sensitive   = true
   default     = null
 }
+
+variable "ibmcloud_api_key" {
+  description = "IBM Cloud platform API key needed to deploy IAM enabled resources."
+  type        = string
+  sensitive   = true
+  default     = null
+}
diff --git a/reference-architectures/sap-ready-to-go/deploy-arch-ibm-pvs-sap-ready-to-go.md b/reference-architectures/sap-ready-to-go/deploy-arch-ibm-pvs-sap-ready-to-go.md
@@ -2,7 +2,7 @@
 
 copyright:
   years: 2024
-lastupdated: "2024-12-13"
+lastupdated: "2025-01-14"
 keywords:
 subcollection: deployable-reference-architectures
 authors:
@@ -16,7 +16,7 @@ use-case: ITServiceManagement
 industry: Technology
 compliance: SAPCertified
 content-type: reference-architecture
-version: v3.3.0
+version: v3.4.0
 related_links:
   - title: 'SAP in IBM Cloud documentation'
     url: 'https://cloud.ibm.com/docs/sap'
@@ -38,7 +38,7 @@ related_links:
 {: toc-industry="Technology"}
 {: toc-use-case="ITServiceManagement"}
 {: toc-compliance="SAPCertified"}
-{: toc-version="3.3.0"}
+{: toc-version="3.4.0"}
 
 The SAP-ready PowerVS variation of the Power Virtual Server for SAP HANA creates a basic and expandable SAP system landscape. The variation builds on the foundation of the VPC landing zone and Power Virtual Server with VPC landing zone. PowerVS instances for SAP HANA, SAP NetWeaver, and optionally for shared SAP files are deployed and preconfigured for SAP installation.
 

diff --git a/...ence-architectures/sap-s4hana-bw4hana/deploy-arch-ibm-pvs-sap-s4hana-bw4hana.md b/...ence-architectures/sap-s4hana-bw4hana/deploy-arch-ibm-pvs-sap-s4hana-bw4hana.md
@@ -2,7 +2,7 @@
 
 copyright:
   years: 2024
-lastupdated: "2024-12-13"
+lastupdated: "2025-01-14"
 keywords:
 subcollection: deployable-reference-architectures
 authors:
@@ -16,7 +16,7 @@ use-case: ITServiceManagement
 industry: Technology
 compliance: SAPCertified
 content-type: reference-architecture
-version: v3.3.0
+version: v3.4.0
 related_links:
   - title: 'SAP in IBM Cloud documentation'
     url: 'https://cloud.ibm.com/docs/sap'
@@ -38,7 +38,7 @@ related_links:
 {: toc-industry="Technology"}
 {: toc-use-case="ITServiceManagement"}
 {: toc-compliance="SAPCertified"}
-{: toc-version="3.3.0"}
+{: toc-version="3.4.0"}
 
 'SAP S/4HANA or BW/4HANA' variation of 'Power Virtual Server for SAP HANA' creates a basic and expandable SAP system landscape built on the foundation of 'Power Virtual Server with VPC landing zone'. PowerVS instances for SAP HANA, SAP NetWeaver, and optionally for shared SAP files are deployed and preconfigured for SAP installation. The S/4HANA or BW/4HANA solution is installed based on the selected version.
 

diff --git a/...nce-architectures/sap-s4hana-bw4hana/deploy-arch-ibm-pvs-sap-s4hana-bw4hana.svg b/...nce-architectures/sap-s4hana-bw4hana/deploy-arch-ibm-pvs-sap-s4hana-bw4hana.svg
diff --git a/solutions/ibm-catalog/sap-ready-to-go/README.md b/solutions/ibm-catalog/sap-ready-to-go/README.md
@@ -75,7 +75,7 @@
 | <a name="input_powervs_netweaver_cpu_number"></a> [powervs\_netweaver\_cpu\_number](#input\_powervs\_netweaver\_cpu\_number) | Number of CPUs for each PowerVS SAP NetWeaver instance. | `string` | `"3"` | no |
 | <a name="input_powervs_netweaver_instance_count"></a> [powervs\_netweaver\_instance\_count](#input\_powervs\_netweaver\_instance\_count) | Number of PowerVS SAP NetWeaver instances that should be created. | `number` | `1` | no |
 | <a name="input_powervs_netweaver_instance_name"></a> [powervs\_netweaver\_instance\_name](#input\_powervs\_netweaver\_instance\_name) | PowerVS SAP NetWeaver instance hostname (non FQDN). Will get the form of <var.prefix>-<var.powervs\_netweaver\_instance\_name>-<number>. Max length of final hostname must be <= 13 characters. | `string` | `"nw"` | no |
-| <a name="input_powervs_netweaver_instance_storage_config"></a> [powervs\_netweaver\_instance\_storage\_config](#input\_powervs\_netweaver\_instance\_storage\_config) | File systems to be created and attached to PowerVS SAP NetWeaver instance. 'size' is in GB. 'count' specify over how many storage volumes the file system will be striped. 'tier' specifies the storage tier in PowerVS workspace. 'mount' specifies the target mount point on OS. Do not specify volume for 'sapmnt' as this will be created internally if 'powervs\_create\_separate\_sharefs\_instance' is false, else 'sapmnt' be will mounted from sharefs instance. | <pre>list(object({<br/>    name  = string<br/>    size  = string<br/>    count = string<br/>    tier  = string<br/>    mount = string<br/>    pool  = optional(string)<br/>  }))</pre> | <pre>[<br/>  {<br/>    "count": "1",<br/>    "mount": "/usr/sap",<br/>    "name": "usrsap",<br/>    "size": "50",<br/>    "tier": "tier3"<br/>  }<br/>]</pre> | no |
+| <a name="input_powervs_netweaver_instance_storage_config"></a> [powervs\_netweaver\_instance\_storage\_config](#input\_powervs\_netweaver\_instance\_storage\_config) | File systems to be created and attached to PowerVS SAP NetWeaver instance. 'size' is in GB. 'count' specify over how many storage volumes the file system will be striped. 'tier' specifies the storage tier in PowerVS workspace. 'mount' specifies the target mount point on OS. Do not specify volume for 'sapmnt' as this will be created internally if 'powervs\_create\_separate\_sharefs\_instance' is false, else 'sapmnt' will be mounted from sharefs instance. | <pre>list(object({<br/>    name  = string<br/>    size  = string<br/>    count = string<br/>    tier  = string<br/>    mount = string<br/>    pool  = optional(string)<br/>  }))</pre> | <pre>[<br/>  {<br/>    "count": "1",<br/>    "mount": "/usr/sap",<br/>    "name": "usrsap",<br/>    "size": "50",<br/>    "tier": "tier3"<br/>  }<br/>]</pre> | no |
 | <a name="input_powervs_netweaver_memory_size"></a> [powervs\_netweaver\_memory\_size](#input\_powervs\_netweaver\_memory\_size) | Memory size for each PowerVS SAP NetWeaver instance. | `string` | `"32"` | no |
 | <a name="input_powervs_sap_network_cidr"></a> [powervs\_sap\_network\_cidr](#input\_powervs\_sap\_network\_cidr) | Network range for dedicated SAP network. Used for communication between SAP Application servers with SAP HANA Database. E.g., '10.53.0.0/24' | `string` | `"10.53.0.0/24"` | no |
 | <a name="input_powervs_sharefs_instance"></a> [powervs\_sharefs\_instance](#input\_powervs\_sharefs\_instance) | Share fs instance. This parameter is effective if 'powervs\_create\_separate\_sharefs\_instance' is set to true. size' is in GB. 'count' specify over how many storage volumes the file system will be striped. 'tier' specifies the storage tier in PowerVS workspace. 'mount' specifies the target mount point on OS. | <pre>object({<br/>    name       = string<br/>    processors = string<br/>    memory     = string<br/>    proc_type  = string<br/>    storage_config = list(object({<br/>      name  = string<br/>      size  = string<br/>      count = string<br/>      tier  = string<br/>      mount = string<br/>      pool  = optional(string)<br/>    }))<br/>  })</pre> | <pre>{<br/>  "memory": "2",<br/>  "name": "share",<br/>  "proc_type": "shared",<br/>  "processors": "0.5",<br/>  "storage_config": [<br/>    {<br/>      "count": "1",<br/>      "mount": "/sapmnt",<br/>      "name": "sapmnt",<br/>      "size": "300",<br/>      "tier": "tier3"<br/>    },<br/>    {<br/>      "count": "1",<br/>      "mount": "/usr/trans",<br/>      "name": "trans",<br/>      "size": "50",<br/>      "tier": "tier3"<br/>    }<br/>  ]<br/>}</pre> | no |

diff --git a/solutions/ibm-catalog/sap-ready-to-go/variables.tf b/solutions/ibm-catalog/sap-ready-to-go/variables.tf
@@ -157,7 +157,7 @@ variable "powervs_hana_instance_additional_storage_config" {
 }
 
 variable "powervs_netweaver_instance_storage_config" {
-  description = "File systems to be created and attached to PowerVS SAP NetWeaver instance. 'size' is in GB. 'count' specify over how many storage volumes the file system will be striped. 'tier' specifies the storage tier in PowerVS workspace. 'mount' specifies the target mount point on OS. Do not specify volume for 'sapmnt' as this will be created internally if 'powervs_create_separate_sharefs_instance' is false, else 'sapmnt' be will mounted from sharefs instance."
+  description = "File systems to be created and attached to PowerVS SAP NetWeaver instance. 'size' is in GB. 'count' specify over how many storage volumes the file system will be striped. 'tier' specifies the storage tier in PowerVS workspace. 'mount' specifies the target mount point on OS. Do not specify volume for 'sapmnt' as this will be created internally if 'powervs_create_separate_sharefs_instance' is false, else 'sapmnt' will be mounted from sharefs instance."
   type = list(object({
     name  = string
     size  = string