sap_swpm: sap_swpm_install_software_extract_directory missing

[surajsbharadwaj]

sap_swpm

The role runs into an error when the software is in the NFS folder.

sap_hana_install role has a similar parameter which extracts the binaries to a user defined location using sap_hana_install_software_extract_directory and avoids the issue.

Can you enable a new parameter sap_swpm_install_software_extract_directory?

TASK [redhat.sap_install.sap_swpm : SAP SWPM Pre Install - Change ownership of software path - /software/S4HANA_2022] ***

 fatal: [10.51.0.240]: FAILED! =>
  {
      "changed": false,
      "gid": 65534,
      "group": "nobody",
      "mode": "0777",
      "msg": "chown failed: [Errno 1] Operation not permitted: b'/software/S4HANA_2022'",
      "owner": "nobody",
      "path": "/software/S4HANA_2022",
      "secontext": "system_u:object_r:nfs_t:s0",
      "size": 4096,
      "state": "directory",
      "uid": 65534
  }

[berndfinger]

@surajsbharadwaj There is already a solution available which should solve this problem. You can use the role sap_install_media_detect to prepare the SAP software to be used by the sap_swpm role. It also supports copying and extracting files from a read-only file system (typically NFS) to a writable file system.

Can you please have a look and see if it fulfills your requirement?

[surajsbharadwaj]

Hello @berndfinger ,
Thank you for your response :)

Let me give some background:

Earlier we were using :
rhel-systems-roles-sap - sap_hana_install
community.sap_install - sap_install_media_detect andsap_swpm
Worked smooth
We were doing localhost execution on POWERVS Lpars directly. Not using any central ansible node.

New and current scenario:

1. Recently sap_swpm was officially made available in rhel-systems-roles-sap,
2. We Now have a central ansible node on intel VPC in our automation. Hence downloading all roles/collections, including community roles onto the VPC intel RHEL8.8 VSI and targeting the PowerVS Lpars.
3. I thought let's switch completely to the official roles. Hence I switched to sap_swpm from official Redhat roles.
   As you already know that sap_install_media_detect is not part of official roles.
4. I still included it yesterday in the playbook . I hit an error:

TASK [community.sap_install.sap_install_media_detect : SAP Install Media Detect - Prepare - EPEL - Import the EPEL GPG key] ***
fatal: [10.51.0.49]: FAILED! => {"changed": false, "msg": "failed to fetch key at https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 , error was: Request failed: <urlopen error [Errno 101] Network is unreachable>"}

5. Hence I decided to skip this task and have just sap_swpm role.
6. Next I hit the error mentioned in this git issue.
7. I did a work around below and it successfully installed and completed.

# Since NFS as a service is being used where binaries will be download ownership change of the files are not possible.
# Removing the blocks which changes the ownership of files from the sap_swpm role.
filename="/usr/share/ansible/collections/ansible_collections/redhat/sap_install/roles/sap_swpm/tasks/swpm/prepare_software.yml"
cp "$filename" "$filename.backup"
sed '/Change ownership/,+7d' "$filename" >tmpfile && mv tmpfile "$filename"

Points open:

1. How to fix the error which I am facing regarding GPG key?
2. Will the sap_media_detect be included in the official roles in future ?
3. Will there be a fix for sap_swpm role in official roles be fixed(handle /ignore errors) in such NFS cases?

Thank you

[surajsbharadwaj]

Going deep into sap_install_media_detect,
Tried out these things:

    sap_install_media_detect_rar_package: 'linux-rar'
    sap_install_media_detect_directory: '${sap_install_media_detect_directory}'
    sap_install_media_detect_source_directory: '${sap_install_media_detect_directory}'
    sap_install_media_detect_file_server_only: true
    sap_install_media_detect_target_directory: '/tmp/sap_swpm/'

Observations:

1. Was able to get past the "failed to fetch key at https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-9 , error was: Request failed: <urlopen error [Errno
2. Hit an issue now similar to the git issue opened here:

TASK [community.sap_install.sap_install_media_detect : SAP Install Media Detect - Prepare - Ensure sapcar is executable] ***
fatal: [10.51.0.49]: FAILED! => {"changed": false, "gid": 65534, "group": "nobody", "mode": "0777", "msg": "chown failed: [Errno 1] Operation not permitted: b'/software/S4HANA_2022/SAPCAR_1115-70006238.EXE'", "owner": "nobody", "path": "/software/S4HANA_2022/SAPCAR_1115-70006238.EXE", "secontext": "system_u:object_r:nfs_t:s0", "size": 4941784, "state": "file", "uid": 65534}

[sean-freeman]

In future, 1 "point open" = 1 GH Issue.

"We were doing localhost execution on POWERVS Lpars directly. Not using any central ansible node"

Sensible to move away from executing as-if Ansible were a Shell Script, it's not. Ansible is meant to be executed from a runner/control host, and target many hosts at once (an inventory) - executing an Ansible Playbook to run Ansible Tasks as localhost is only meant for certain cases. Even the official documentation states as such "You can run commands against the control node by using “localhost” or “127.0.0.1” for the server name" Reference.

Downstream/Supported Ansible Collections for SAP

Please note, if using Downstream/Supported then the code will be adjusted and only contain code that Vendor wishes to support in their product/s. This means descope of some Ansible Roles from the Ansible Collection, or descope of certain capabilities. Only the Upstream/Community is fully vendor neutral. For example, if using release issued by Red Hat and attempting to trigger SLES HA, the code flows for SUSE may have been removed - and vice versa.

Speculation on the inclusion of capabilities in Downstream/Supported/Products will not happen within this vendor-neutral Open-Source Initiative. It is not the appropriate place, nor the responsibility of the developers to make the decision on Product roadmap. The developers within the initiative have scope only to jointly define the initiative roadmap with all participant organizations.

sap_install_media_detect EPEL requirement

Required for unpacking RAR content successfully in a repeatable manner. There is no official RAR extraction tool provided directly by RHEL, it is only available from EPEL. The assumption is the host has outbound internet access via SNAT or other means, so that the repo can be temporarily enabled to install the RPM for RAR extraction.

NFS and execution of SAP SWPM

It is not recommended to execute SAP SWPM directly from NFS, due to permissions. When SAP SWPM executes it will automatically create /tmp/sapinst_instdir and unpack part of the current execution files. Nevertheless it is using the binaries that require elevated permissions, this is why SAP SWPM attempts to elevate those permissions to the requirement for a successful execution - it assumes the path is local.

Skip of file permissions was added 2 months ago as sap_swpm_set_file_permissions: false, and due for release 1.4.1.

When using sap_install_media_detect with an NFS path, the media is still copied to the target host for local binary execution.