GCP - Wrong srHook Configurations

[ab-mohamed]

Used cloud platform GCP

Used SLES4SAP version SLES12 SP4|5 for SAP Applications

Used client machine OS macOS

Expected behaviour vs observed behaviour Successful srHook configurations in /etc/sudoers.d/SAPHanaSR file

How to reproduce Deploy HANA HA cluster using SLES12 SP4|5 for SAP Applications

Check /etc/sudoers.d/SAPHanaSR:

vmhana01 ~ # cat /etc/sudoers.d/SAPHanaSR
# SAPHanaSR needs for /usr/share/SAPHanaSR/SAPHanaSR.py
Cmnd_Alias SOK_SITEA      = /usr/sbin/crm_attribute -n hana_prd_site_srHook_u'NUE' -v SOK   -t crm_config -s SAPHanaSR
Cmnd_Alias SFAIL_SITEA    = /usr/sbin/crm_attribute -n hana_prd_site_srHook_u'NUE' -v SFAIL -t crm_config -s SAPHanaSR
Cmnd_Alias SOK_SITEB      = /usr/sbin/crm_attribute -n hana_prd_site_srHook_u'FRA' -v SOK   -t crm_config -s SAPHanaSR
Cmnd_Alias SFAIL_SITEB    = /usr/sbin/crm_attribute -n hana_prd_site_srHook_u'FRA' -v SFAIL -t crm_config -s SAPHanaSR
prdadm ALL=(ALL) NOPASSWD: SOK_SITEA, SFAIL_SITEA, SOK_SITEB, SFAIL_SITEB
# SAPHanaSR takeover blocker needs for /usr/share/SAPHanaSR/susTkOver.py
Cmnd_Alias HOOK_HELPER_TKOVER = /usr/sbin/SAPHanaSR-hookHelper --case checkTakeover --sid=prd
prdadm ALL=(ALL) NOPASSWD: HOOK_HELPER_TKOVER

hana_prd_site_srHook_u'NUE' should be replaced by hana_prd_site_srHook_NUE. The same for the rest.

[ab-mohamed]

Here is the Terraform execution part:

module.hana_node.module.hana_provision.null_resource.provision[1] (remote-exec): [INFO    ] {u'ha_dr_provider_sustkover': {u'after': {u'execution_order': u'2', u'path': u'/usr/share/SAPHanaSR', u'provider': u'susTkOver'}, u'before': None}, u'trace': {u'ha_dr_sustkover': {u'after': u'info', u'before': None}}}

[mr-stringer]

I will look into this and attempt to reproduce it.

[mr-stringer]

I have not been able to reproduce this error.

In my terraform.tfvars file I have identified the sites as below:

hana_sid = "GPT"
hana_instance_number = "00"
hana_master_password = "[REDACTED]"
hana_primary_site = "node01"
hana_secondary_site = "node02"

This results in the following content in /etc/sudoers.d/SAPHanaSR

Cmnd_Alias SOK_SITEA      = /usr/sbin/crm_attribute -n hana_gpt_site_srHook_node01 -v SOK   -t crm_config -s SAPHanaSR
Cmnd_Alias SFAIL_SITEA    = /usr/sbin/crm_attribute -n hana_gpt_site_srHook_node01 -v SFAIL -t crm_config -s SAPHanaSR
Cmnd_Alias SOK_SITEB      = /usr/sbin/crm_attribute -n hana_gpt_site_srHook_node02 -v SOK   -t crm_config -s SAPHanaSR
Cmnd_Alias SFAIL_SITEB    = /usr/sbin/crm_attribute -n hana_gpt_site_srHook_node02 -v SFAIL -t crm_config -s SAPHanaSR
gptadm ALL=(ALL) NOPASSWD: SOK_SITEA, SFAIL_SITEA, SOK_SITEB, SFAIL_SITEB
# SAPHanaSR takeover blocker needs for /usr/share/SAPHanaSR/susTkOver.py
Cmnd_Alias HOOK_HELPER_TKOVER = /usr/sbin/SAPHanaSR-hookHelper --case checkTakeover --sid=gpt
gptadm ALL=(ALL) NOPASSWD: HOOK_HELPER_TKOVER

Can you please share your terraform.tfvars after redacting any sensitive information?

[mr-stringer]

@ab-mohamed I am still unable to reproduce the issue. Please post a redacted terraform.tfvars file.

[abdurrahman84]

@mr-stringer

Please ensure that you use SLES 12 SP4|5 for SAP Applications.

Here is my Terraform configurations:

project = "<PROJECT ID>"
gcp_credentials_file = "<SERVICE ACCOUNT KEY>.json"
region = "us-west1"
os_image = "suse-sap-cloud/sles-12-sp4-sap"
public_key  = "<PUBLIC SSH KEY>"
private_key = "<PRIVAT SSH KEY>"
cluster_ssh_pub = "salt://sshkeys/cluster.id_rsa.pub"
cluster_ssh_key = "salt://sshkeys/cluster.id_rsa"
ha_sap_deployment_repo = "https://download.opensuse.org/repositories/network:/ha-clustering:/sap-deployments:/v9"
provisioning_log_level = "info"
pre_deployment = true
bastion_enabled = true
bastion_os_image = "suse-sap-cloud/sles-15-sp5-sap"
bastion_nat_min_ports_per_vm = 1204
hana_count = "2"
machine_type = "n1-highmem-4"
hana_data_disks_configuration = {
  disks_type       = "pd-ssd,pd-ssd,pd-ssd,pd-ssd,pd-ssd,pd-ssd,pd-ssd"
  disks_size       = "128,64,128,64,32,32,64"
  # The next variables are used during the provisioning
  luns             = "0,1#2,3#4#5#6"
  names            = "data#log#shared#usrsap#backup"
  lv_sizes         = "100#100#100#100#100"
  paths            = "/hana/data#/hana/log#/hana/shared#/usr/sap#/hana/backup"
}
hana_inst_master = "<GCP Bucket>/<EXTRACTED HANA 2.0 SPS05>"
hana_master_password = "<PASSWORD>"
hana_primary_site = "NUE"
hana_secondary_site = "FRA"

[ab-mohamed]

@mr-stringer Any updates about this issue?

[mr-stringer]

Sorry, I didn't see you'd posted this. I'll give it a try in the next day or two. Thanks :)