sap_hana_install : SAP HANA Checks - Fail if the user 'sidadm' exists

[jaaphellemons82]

We are using the sap_hana_install role and as part of our deployment pipeline we create sidadm users before running this playbook. THe installation fails due to the following task:

    - name: SAP HANA Checks - Fail if the user '{{ sap_hana_install_sid | lower }}adm' exists
      ansible.builtin.fail:
        msg: "FAIL: User '{{ sap_hana_install_sid | lower }}adm' exists!"
      when: __sap_hana_install_register_getent_passwd_sidadm.rc == 0

which is part of roles/sap_hana_install/tasks/hana_exists.yml

I am not sure why this check is done, since it is fully supported by SAP to have the sidadm user created before the installation starts. Please see the official installation guide from SAP:

https://help.sap.com/docs/SAP_HANA_PLATFORM/2c1988d620e04368aa4103bf26f17727/1dbba6ac03054d7eb07c819aae47d095.html#loio3c831ee47beb4499972774f4a080d1d3

[berndfinger]

I believe we are doing the user existence check for avoiding problems with an existing user, e.g. because it belongs to another SAP system or because a previous HANA uninstallation was not performed cleanly.

The issue can be avoided by setting the role parameter sap_hana_install_check_sidadm_user to false in the playbook or inventory. Alternatively, you can set the role parameter sap_hana_install_force to true for skipping all tasks in file tasks/hana_exists.yml. In both cases, certain password related role parameters (e.g. sap_hana_install_password) have to be configured. Otherwise, the task Install SAP HANA might fail with messages like:

Mandatory parameter 'password' (Password) is missing or invalid
[...]
The defined user 'xxxadm' already exists on the system. Neither the password, nor any other attribute of the user will be changed.

Also in one of my tests, the installation failed as follows when using the parameter sap_hana_install_common_master_password:

Master Password cannot be used in combination with other initial passwords

I was successful with HANA2 rev 78 after setting the following role parameters, after commenting out the line https://github.com/sap-linuxlab/community.sap_install/blob/6694da4796e938bdf63ce30eccdda2655e2a150f/roles/sap_hana_install/tasks/main.yml#L8 :

sap_hana_install_use_master_password: 'n'
sap_hana_install_password: 'NewPass$321'
sap_hana_install_system_user_password: 'NewPass$321'
sap_hana_install_db_system_password: 'NewPass$321'
sap_hana_install_sidadm_password: 'NewPass$321'

This resulted in the following password related parameters in the hdblcm config file (hdblcm configfile parameters are set by the role by removing sap_hana_install_ from the role variable name):

# awk '!/^#/&&/passw/&&!/=$/{print}' /tmp/ansible.nwol0djbhanaconfig/configfile.cfg
use_master_password=n
password=NewPass$321
system_user_password=NewPass$321

Notes:

1. The parameters sap_hana_install_db_system_password and sap_hana_install_sidadm_password are being used by two post install steps if sap_hana_install_master_password is not set, and are not related to the HANA hdblcm installation itself.
2. Also the parameter sap_hana_install_master_password is not used for the HANA hdblcm installation. In fact, it is only required by the task Rename some variables used by hdblcm configfile, see above. In other words, this code needs to be changed to only set this variable if sap_hana_install_use_master_password is set to y. I will create an issue for this.

@jaaphellemons82 Please let us know if you think using the parameters I mentioned is feasible for your case.

[jaaphellemons82]

Thank you for your extensive reply. When adjusting the playbook with your remarks, the HANA installation indeed works and sees that the HANA user already exists. I didnt have to comment out the line for sap_hana_install_master_password.

Our playbook now uses these extra vars:

    sap_hana_install_use_master_password: 'n'
    sap_hana_install_password: "{{master_password}}"
    sap_hana_install_system_user_password: "{{master_password}}"
    sap_hana_install_db_system_password: "{{master_password}}"
    sap_hana_install_sidadm_password: "{{master_password}}"