feat.: changes to not showing secrets using assert command, moving va…

…riable checks to main.yml, remove message with string sample-sap-monitoring-parameters.yml, show ansible results as 'OK' not 'changed' executing port checks and sap-hana-keystore checks, converting string to integer in template templates/sap_host_exporter-DI.conf.j2 to prevent typecast error
IBM · Jan 3, 2025 · 8af28ed · 8af28ed
1 parent d71a0bb
commit 8af28ed
Show file tree

Hide file tree

Showing 6 changed files with 35 additions and 36 deletions.
diff --git a/README.md b/README.md
@@ -17,7 +17,7 @@ This collection has 5 modules, which are independent of each other and can be ru
 1.	**Preparing Operating System for SAP installations.**
 1.	**Creating Filesystems for SAP installations.**
 1.	**Installing and Configuring Management Services (SQUID, NTP, NFS, DNS)**
-1.	**Creating and deleting SAP monitoring configurations**
+1.	**Creating and Deleting SAP monitoring configurations**
 1.  **OS registrations**
 
 # Roles Description

diff --git a/roles/monitoring_sap/tasks/hanadb-exporter-configuration.yml b/roles/monitoring_sap/tasks/hanadb-exporter-configuration.yml
@@ -20,12 +20,14 @@
 - name: Create a sap-hana-keystore for the <sap_monitoring_nr>
   ansible.builtin.shell:
     cmd: "/usr/sap/hdbclient/hdbuserstore SET MONITORING{{ sap_monitoring_nr }}KEY {{ sap_hana_ip }}:{{ sap_hana_sql_systemdb_port }}@SYSTEMDB {{ sap_hana_sql_systemdb_user }} {{ sap_hana_sql_systemdb_password }}"
+    changed_when: false
 
 - name: Check sap-hana-keystore for 'MONITORING{{ sap_monitoring_nr }}KEY'
   ansible.builtin.shell:
     cmd: "/usr/sap/hdbclient/hdbuserstore LIST | grep MONITORING{{ sap_monitoring_nr }}KEY"
   register: command_result
   failed_when: "'MONITORING' + sap_monitoring_nr not in command_result.stdout"
+  changed_when: false
 
 - name: Configure hanadb_exporter configuration file
   ansible.builtin.template:

diff --git a/roles/monitoring_sap/tasks/main.yml b/roles/monitoring_sap/tasks/main.yml
@@ -3,20 +3,21 @@
 # these Ansible tasks are NOT idempotent on purpose due to the actions:
 # existing configurations are overwritten on purpose
 
-#################################################################
-#  Block: Delete a SAP System from the monitoring configuration
-#################################################################
+########################################################################################
+#  Block: Delete one SAP monitoring configuration with the specific  <sap_monitoring_nr>
+########################################################################################
+
+- name: Delete the SAP monitoring configuration with the specific <sap_monitoring_nr>
 
-- name: Delete a SAP System from the monitoring configuration
   when: sap_monitoring_action == "delete"
   block:
 
-    - name: Check existence of the variables defined in ./vars/sample-monitoring-sap-parameters.yml
+    - name: Check existence of the SAP and monitoring variables
       ansible.builtin.fail:
-        msg: 'variable {{ sap_monitoring_nr }} not defined in the file ./vars/sample-monitoring-sap-parameters.yml '
+        msg: 'variable {{ sap_monitoring_nr }} is not defined but required'
       when: sap_monitoring_nr is not defined
 
-    - name: Delete one SAP System from the monitoring configuration
+    - name: Delete one SAP monitoring configuration
       ansible.builtin.include_tasks: sap-monitoring-configuration-deletion.yml
 
 
@@ -28,6 +29,23 @@
   when: sap_monitoring_action == "add"
   block:
 
+    - name: Ensure required variables are defined
+      ansible.builtin.assert:
+        that:
+          - "{{ sap_monitoring_nr is defined}}"
+          - "{{ sap_tools_directory is defined}}"
+          - "{{ ibmcloud_monitoring_instance_url is defined}}"
+          - "{{ ibmcloud_monitoring_authorization_credentials is defined}}"
+          - "{{ sap_hana_ip is defined}}"
+          - "{{ sap_hana_http_port is defined}}"
+          - "{{ sap_hana_sql_systemdb_port is defined}}"
+          - "{{ sap_hana_sql_systemdb_user is defined}}"
+          - "{{ sap_hana_sql_systemdb_password is defined}}"
+          - "{{ sap_ascs_ip is defined}}"
+          - "{{ sap_ascs_http_port is defined}}"
+          - "{{ sap_app_server is defined}}"
+        fail_msg: "The variable is not defined but required."
+
     - name: Check existing SAP monitoring configurations on the same <sap_monitoring_nr>
       ansible.builtin.stat:
         path: /etc/prometheus/{{ sap_monitoring_nr }}.yml

diff --git a/roles/monitoring_sap/tasks/port-connectivity-check.yml b/roles/monitoring_sap/tasks/port-connectivity-check.yml
@@ -4,28 +4,6 @@
   ansible.builtin.debug:
     msg: "SAP monitoring configuration using the sap_monitoring_nr: {{ sap_monitoring_nr }}"
 
-- name: Check existence of the SAP variables in the file sample-sap-monitoring-parameters.yml
-  ansible.builtin.fail:
-    msg: "variable {{ sap_item }} is not defined in the file sample-sap-monitoring-parameters.yml"
-  when: not sap_item
-  # when:  sap_item is not defined
-  # when: "{{ sap_item }}" is not defined
-  loop_control:
-    loop_var: sap_item
-  loop:
-    - "{{ sap_monitoring_nr }}"
-    - "{{ sap_tools_directory }}"
-    - "{{ ibmcloud_monitoring_instance_url }}"
-    - "{{ ibmcloud_monitoring_authorization_credentials }}"
-    - "{{ sap_hana_ip }}"
-    - "{{ sap_hana_http_port }}"
-    - "{{ sap_hana_sql_systemdb_port }}"
-    - "{{ sap_hana_sql_systemdb_user }}"
-    - "{{ sap_hana_sql_systemdb_password }}"
-    - "{{ sap_ascs_ip }}"
-    - "{{ sap_ascs_http_port }}"
-    - "{{ sap_app_server }}"
-
 - name: Install netcat-openbsd
   community.general.zypper:
     name: netcat-openbsd
@@ -40,9 +18,9 @@
     - "netcat -vz {{ sap_hana_ip }} {{ sap_hana_sql_systemdb_port }}"
     - "netcat -vz {{ sap_hana_ip }} {{ sap_hana_http_port }}"
     - "netcat -vz {{ sap_ascs_ip }} {{ sap_ascs_http_port }}"
-    # - "netcat -vz {{ sap_hana_ip }} 99"
   register: command_result
   failed_when: "'failed' in command_result.stderr"
+  changed_when: false
 
 - name: Check network connectivity to SAP App servers, fail if ports are not open
   ansible.builtin.command: "netcat -vz {{ server_item.ip }} {{ server_item.port }}"
@@ -51,3 +29,4 @@
   loop: "{{ sap_app_server }}"
   register: command_result
   failed_when: "'failed' in command_result.stderr"
+  changed_when: false
diff --git a/roles/monitoring_sap/tasks/sap-host-exporter-configuration.yml b/roles/monitoring_sap/tasks/sap-host-exporter-configuration.yml
@@ -14,7 +14,7 @@
     owner: root
     group: root
     mode: "0600"
-  tags: prometheus-sap_host_exporter HANA
+  tags: prometheus-sap_host_exporter
 
 - name: Configure sap_host_exporter file ASCS
   ansible.builtin.template:
@@ -23,7 +23,7 @@
     owner: root
     group: root
     mode: "0600"
-  tags: prometheus-sap_host_exporter ASCS
+  tags: prometheus-sap_host_exporter
 
 - name: Configure sap_host_exporter DI
   ansible.builtin.template:
@@ -35,7 +35,7 @@
   loop_control:
     loop_var: item
   loop: "{{ sap_app_server }}"
-  tags: prometheus-sap_host_exporter DI
+  tags: prometheus-sap_host_exporter
 
 - name: Configure systemd-daemon to sap_host_exporter
   ansible.builtin.template:
@@ -69,4 +69,4 @@
   loop_control:
     loop_var: daemon_item
   loop: "{{ sap_app_server }}"
-  tags: prometheus-sap_host_exporter DI
+  tags: prometheus-sap_host_exporter
diff --git a/roles/monitoring_sap/templates/sap_host_exporter-DI.conf.j2 b/roles/monitoring_sap/templates/sap_host_exporter-DI.conf.j2
@@ -1,6 +1,6 @@
 # The listening TCP/IP address and port.
 address: "0.0.0.0"
-port: "5{{ sap_monitoring_nr }}{{ item.sap_app_server_nr + 4 }}"
+port: "5{{ sap_monitoring_nr }}{{ item.sap_app_server_nr|int + 4 }}"
 log-level: "info"
 # sap_monitoring_solution_name: {{ sap_monitoring_solution_name }}
 # DI instance