Add tests for templates, fix bugs in templates

Add error message when running against RHEL < 8 configure_ag ha incorrect tasks order and didn't concider ag name sometimes Remove WRITE_LEASE_VALIDITY it's not working requires MS troubleshoot Need to test restore_cert.j2
linux-system-roles · Jun 9, 2022 · 992aa43 · 992aa43
1 parent 31890be
commit 992aa43
Show file tree

Hide file tree

Showing 15 changed files with 890 additions and 81 deletions.
diff --git a/tasks/input_sql_file.yml b/tasks/input_sql_file.yml
@@ -53,7 +53,9 @@
       include_tasks: verify_password.yml
       vars:
         __mssql_password: "{{ mssql_password }}"
-      when: __mssql_sqlcmd_login_cmd is none
+      when: >-
+        (__mssql_sqlcmd_login_cmd is none) or
+        (__mssql_sqlcmd_login_cmd is not defined)
 
     - name: Input {{ __mssql_input_sql_file }} with the sqlcmd command
       command: >-
@@ -72,14 +74,20 @@
         - __mssql_sqlcmd_input_file.stdout_lines | length > 0
         - mssql_debug | bool
 
-    # Keep the file if the SQL command failed for debugging
+    # Keep the file if the SQL command failed or when mssql_debug is true
+    # for debugging
     - name: Remove the tempfile
       file:
         path: "{{ __mssql_sql_tempfile.path }}"
         state: absent
-      when: __mssql_sqlcmd_input_file is succeeded
+      when:
+        - __mssql_sqlcmd_input_file is succeeded
+        - not mssql_debug
       changed_when: false
 
+    # This is required because in the case when a task that precedes the input
+    # task fails, the print task prints a previous result
     - name: Unset the __mssql_sqlcmd_input_file variable
       set_fact:
         __mssql_sqlcmd_input_file: ""
+      when: not mssql_debug
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -41,11 +41,19 @@
     - mssql_upgrade | bool
     - mssql_version | int == 2017
 
-- name: Verify if the mssql_ha_replica_type variable is provided correctly
+- name: Verify that EL < 8 is not used with mssql_ha_configure=true
   assert:
     that:
-      - mssql_ha_replica_type in
-          ['primary', 'synchronous', 'witness', 'absent']
+      - ansible_distribution in ['CentOS', 'RedHat']
+      - ansible_distribution_version is version('8', '>')
+    fail_msg: >-
+      mssql_ha_configure=true does not support running against EL 7 hosts
+  when: mssql_ha_configure | bool
+
+- name: Verify if the mssql_ha_replica_type variable is provided correctly
+  assert:
+    that: mssql_ha_replica_type in
+      ['primary', 'synchronous', 'witness', 'absent']
     fail_msg: >-
       You must set the mssql_ha_replica_type variable to one of 'primary',
       'synchronous', 'witness', 'absent'

diff --git a/templates/configure_ag.j2 b/templates/configure_ag.j2
@@ -1,69 +1,31 @@
-IF NOT EXISTS (
+IF EXISTS (
   SELECT name, cluster_type_desc
   FROM sys.availability_groups
   WHERE name = '{{ mssql_ha_ag_name }}' AND
-        cluster_type_desc = 'external'
+        cluster_type_desc != 'external'
 )
 BEGIN
-  PRINT 'Creating the {{ mssql_ha_ag_name }} availability group';
-  CREATE AVAILABILITY GROUP {{ mssql_ha_ag_name }}
-{% if ansible_os_family == 'RedHat' and
-  ansible_distribution_version is version('8.3', '<') %}
-    WITH (DB_FAILOVER = ON, CLUSTER_TYPE = EXTERNAL)
-{% else %}
-    WITH (DB_FAILOVER = ON, CLUSTER_TYPE = EXTERNAL, WRITE_LEASE_VALIDITY=60)
-{% endif %}
-    FOR REPLICA ON
-      N'{{ ansible_hostname }}' WITH (
-        ENDPOINT_URL = N'tcp://{{ ansible_fqdn }}:{{ mssql_ha_listener_port }}',
-        AVAILABILITY_MODE = {{ __mssql_ha_availability_mode }},
-        FAILOVER_MODE = {{ __mssql_ha_failover_mode }},
-        SEEDING_MODE = {{ __mssql_ha_seeding_mode }},
-        SECONDARY_ROLE (ALLOW_CONNECTIONS = ALL)
-{% for item in ansible_play_hosts %}
-{%   if hostvars[item]['mssql_ha_replica_type'] == 'synchronous' %}
-      ),
-      N'{{ hostvars[item]['ansible_hostname'] }}' WITH (
-        ENDPOINT_URL = N'tcp://{{
-          hostvars[item]['ansible_fqdn'] }}:{{ mssql_ha_listener_port }}',
-        AVAILABILITY_MODE = {{ hostvars[item]['__mssql_ha_availability_mode'] }},
-        FAILOVER_MODE = {{ hostvars[item]['__mssql_ha_failover_mode'] }},
-        SEEDING_MODE = {{ hostvars[item]['__mssql_ha_seeding_mode'] }},
-        SECONDARY_ROLE (ALLOW_CONNECTIONS = ALL)
-{%   elif hostvars[item]['mssql_ha_replica_type'] == 'witness' %}
-      ),
-      N'{{ hostvars[item]['ansible_hostname'] }}' WITH (
-        ENDPOINT_URL = N'tcp://{{
-          hostvars[item]['ansible_fqdn'] }}:{{ mssql_ha_listener_port }}',
-        AVAILABILITY_MODE = {{ hostvars[item]['__mssql_ha_availability_mode'] }}
-{%   endif %}
-{% endfor %}
-      );
-  PRINT 'The {{ mssql_ha_ag_name }} availability group created successfully';
+  PRINT 'The existing {{ mssql_ha_ag_name }} availability group has \
+incorrect cluster type set, dropping the group to re-create it';
+  DROP AVAILABILITY GROUP {{ mssql_ha_ag_name }};
+  PRINT 'The {{ mssql_ha_ag_name }} availability group dropped successfully';
 END
-ELSE
+
+IF EXISTS (
+  SELECT name, cluster_type_desc
+  FROM sys.availability_groups
+  WHERE name = '{{ mssql_ha_ag_name }}'
+)
 BEGIN
   PRINT 'Verifying the existing availability group {{ mssql_ha_ag_name }}'
-  IF EXISTS (
-    SELECT name, cluster_type_desc
-    FROM sys.availability_groups
-    WHERE name = '{{ mssql_ha_ag_name }}' AND
-          cluster_type_desc != 'external'
-  )
-  BEGIN
-    PRINT 'The existing {{ mssql_ha_ag_name }} availability group has \
-incorrect cluster type set, dropping the groupt to re-create it';
-    DROP AVAILABILITY GROUP ag1;
-    PRINT 'The {{ mssql_ha_ag_name }} availability group dropped successfully';
-  END
   IF NOT EXISTS (
     SELECT name, db_failover
     FROM sys.availability_groups
     WHERE name = '{{ mssql_ha_ag_name }}' AND
           db_failover = 1
   )
   BEGIN
-    ALTER AVAILABILITY GROUP ag1 SET (DB_FAILOVER = ON)
+    ALTER AVAILABILITY GROUP {{ mssql_ha_ag_name }} SET (DB_FAILOVER = ON)
     PRINT 'Set DB_FAILOVER to ON succesfully'
   END
   ELSE
@@ -75,9 +37,13 @@ incorrect cluster type set, dropping the groupt to re-create it';
 {%   if hostvars[item]['mssql_ha_replica_type'] != 'absent' %}
   IF EXISTS (
     SELECT replica_server_name, availability_mode_desc
-    FROM sys.availability_replicas
-    WHERE replica_server_name = '{{ hostvars[item]['ansible_hostname'] }}' AND
-          availability_mode_desc !=
+    FROM sys.availability_replicas replicas
+    JOIN sys.availability_groups groups
+    ON replicas.group_id = groups.group_id
+    WHERE groups.name = '{{ mssql_ha_ag_name }}' AND
+          replicas.replica_server_name =
+            '{{ hostvars[item]['ansible_hostname'] }}' AND
+          replicas.availability_mode_desc !=
             '{{ hostvars[item]['__mssql_ha_availability_mode'] }}'
   )
   BEGIN
@@ -90,8 +56,12 @@ removing this replica re-create it';
   END
   IF NOT EXISTS (
     SELECT replica_server_name
-    FROM sys.availability_replicas
-    WHERE replica_server_name = '{{ hostvars[item]['ansible_hostname'] }}'
+    FROM sys.availability_replicas replicas
+    JOIN sys.availability_groups groups
+    ON replicas.group_id = groups.group_id
+    WHERE groups.name = '{{ mssql_ha_ag_name }}' AND
+          replicas.replica_server_name =
+            '{{ hostvars[item]['ansible_hostname'] }}'
   )
   BEGIN
     PRINT 'Adding the {{ hostvars[item]['ansible_hostname'] }} \
@@ -117,7 +87,7 @@ removing this replica re-create it';
   END
   ELSE
   BEGIN
-    PRINT 'Verifying the existing replica {{ item }}';
+    PRINT 'Verifying the existing replica {{ hostvars[item]['ansible_hostname'] }}';
 {%     if (hostvars[item]['mssql_ha_replica_type'] == 'primary') or
           (hostvars[item]['mssql_ha_replica_type'] == 'synchronous') %}
 {%       set ag_replica_settings = ({
@@ -151,15 +121,17 @@ removing this replica re-create it';
   "setting_value":"N'tcp://" + hostvars[item]['ansible_fqdn'] + ":" +
     mssql_ha_listener_port | string + "'"
 }
-         })
-%}
+}) %}
 {%     endif %}
 {%     for key, value in ag_replica_settings.items() %}
     IF NOT EXISTS (
       SELECT replica_server_name, {{ value.sys_setting_name }}
-      FROM sys.availability_replicas
-      WHERE replica_server_name = N'{{ hostvars[item]['ansible_hostname'] }}'
-      AND
+      FROM sys.availability_replicas replicas
+      JOIN sys.availability_groups groups
+      ON replicas.group_id = groups.group_id
+      WHERE groups.name = '{{ mssql_ha_ag_name }}' AND
+            replicas.replica_server_name =
+              '{{ hostvars[item]['ansible_hostname'] }}' AND
 {%       if key == 'endpoint_url' %}
             {{ value.sys_setting_name }} = {{ value.setting_value }}
 {%       else %}
@@ -191,23 +163,72 @@ correctly, skipping';
 {%   elif hostvars[item]['mssql_ha_replica_type'] == 'absent' %}
   IF NOT EXISTS (
     SELECT replica_server_name
-    FROM sys.availability_replicas
-    WHERE replica_server_name = '{{ hostvars[item]['ansible_hostname'] }}'
+    FROM sys.availability_replicas replicas
+    JOIN sys.availability_groups groups
+    ON replicas.group_id = groups.group_id
+    WHERE groups.name = '{{ mssql_ha_ag_name }}' AND
+          replicas.replica_server_name =
+            '{{ hostvars[item]['ansible_hostname'] }}'
   )
   BEGIN
-    PRINT '{{ item }}: this replica is already removed, skipping';
+    PRINT '{{ hostvars[item]['ansible_hostname'] }}: this replica is already \
+removed, skipping';
   END
   ELSE
   BEGIN
-    PRINT '{{ item }}: Removing this replica';
+    PRINT '{{ hostvars[item]['ansible_hostname'] }}: Removing this replica';
     ALTER AVAILABILITY GROUP {{ mssql_ha_ag_name }}
       REMOVE REPLICA ON N'{{ hostvars[item]['ansible_hostname'] }}';
-    PRINT '{{ item }}: This replica is removed successfully';
+    PRINT '{{ hostvars[item]['ansible_hostname'] }}: This replica is removed \
+successfully';
   END
 {%   endif %}
 {% endfor %}
 END
 
+IF NOT EXISTS (
+  SELECT name, cluster_type_desc
+  FROM sys.availability_groups
+  WHERE name = '{{ mssql_ha_ag_name }}'
+)
+BEGIN
+  PRINT 'Creating the {{ mssql_ha_ag_name }} availability group';
+  CREATE AVAILABILITY GROUP {{ mssql_ha_ag_name }}
+{% if ansible_os_family == 'RedHat' and
+  ansible_distribution_version is version('8.3', '<') %}
+    WITH (DB_FAILOVER = ON, CLUSTER_TYPE = EXTERNAL)
+{% else %}
+    WITH (DB_FAILOVER = ON, CLUSTER_TYPE = EXTERNAL)
+{% endif %}
+    FOR REPLICA ON
+      N'{{ ansible_hostname }}' WITH (
+        ENDPOINT_URL = N'tcp://{{ ansible_fqdn }}:{{ mssql_ha_listener_port }}',
+        AVAILABILITY_MODE = {{ __mssql_ha_availability_mode }},
+        FAILOVER_MODE = {{ __mssql_ha_failover_mode }},
+        SEEDING_MODE = {{ __mssql_ha_seeding_mode }},
+        SECONDARY_ROLE (ALLOW_CONNECTIONS = ALL)
+{% for item in ansible_play_hosts %}
+{%   if hostvars[item]['mssql_ha_replica_type'] == 'synchronous' %}
+      ),
+      N'{{ hostvars[item]['ansible_hostname'] }}' WITH (
+        ENDPOINT_URL = N'tcp://{{
+          hostvars[item]['ansible_fqdn'] }}:{{ mssql_ha_listener_port }}',
+        AVAILABILITY_MODE = {{ hostvars[item]['__mssql_ha_availability_mode'] }},
+        FAILOVER_MODE = {{ hostvars[item]['__mssql_ha_failover_mode'] }},
+        SEEDING_MODE = {{ hostvars[item]['__mssql_ha_seeding_mode'] }},
+        SECONDARY_ROLE (ALLOW_CONNECTIONS = ALL)
+{%   elif hostvars[item]['mssql_ha_replica_type'] == 'witness' %}
+      ),
+      N'{{ hostvars[item]['ansible_hostname'] }}' WITH (
+        ENDPOINT_URL = N'tcp://{{
+          hostvars[item]['ansible_fqdn'] }}:{{ mssql_ha_listener_port }}',
+        AVAILABILITY_MODE = {{ hostvars[item]['__mssql_ha_availability_mode'] }}
+{%   endif %}
+{% endfor %}
+      );
+  PRINT 'The {{ mssql_ha_ag_name }} availability group created successfully';
+END
+
 -- It is not possible to grant permissions fully idempotently
 ALTER AVAILABILITY GROUP {{ mssql_ha_ag_name }} GRANT CREATE ANY DATABASE;
 PRINT 'Granted the CREATE ANY DATABASE permission to the \

diff --git a/templates/configure_endpoint.j2 b/templates/configure_endpoint.j2
@@ -66,12 +66,12 @@ endpoint is already set to {{ __mssql_ha_endpoint_role }}, skipping';
         AUTHENTICATION = CERTIFICATE {{ mssql_ha_cert_name }}
       );
     PRINT 'The certificate for the {{ mssql_ha_endpoint_name }} \
-endpoint updated successfully';
+endpoint updated to {{ mssql_ha_cert_name }} successfully';
   END
   ELSE
   BEGIN
     PRINT 'The certificate for the {{ mssql_ha_endpoint_name }} \
-endpoint is already correct, skipping';
+endpoint is already set to {{ mssql_ha_cert_name }}, skipping';
   END
   IF NOT EXISTS (
     SELECT name, encryption_algorithm_desc
@@ -83,12 +83,12 @@ endpoint is already correct, skipping';
     ALTER ENDPOINT {{ mssql_ha_endpoint_name }}
       FOR DATABASE_MIRRORING (ENCRYPTION = REQUIRED ALGORITHM AES);
     PRINT 'The ENCRYPTION setting for the {{ mssql_ha_endpoint_name }} \
-endpoint updated successfully';
+endpoint updated to AES successfully';
   END
   ELSE
   BEGIN
     PRINT 'The ENCRYPTION setting for the {{ mssql_ha_endpoint_name }} \
-endpoint is already correct, skipping';
+endpoint is already set to AES, skipping';
   END
   IF NOT EXISTS (
     SELECT name, state

diff --git a/templates/create_ha_login.j2 b/templates/create_ha_login.j2
@@ -16,7 +16,7 @@ END
 
 IF IS_SRVROLEMEMBER ('sysadmin','{{ mssql_ha_login }}') = 1
 BEGIN
-  PRINT '{{ mssql_ha_login }} is a mameber of sysadmin role, skipping';
+  PRINT '{{ mssql_ha_login }} is a member of sysadmin role, skipping';
 END
 ELSE
 BEGIN

diff --git a/tests/clean_up_mssql_pacemaker.yml b/tests/clean_up_mssql_pacemaker.yml
@@ -0,0 +1,27 @@
+---
+- name: Purge cluster and mssql configuration
+  hosts: all
+  tasks:
+    - name: Purge cluster configuration
+      vars:
+        ha_cluster_cluster_present: no
+        ha_cluster_enable_repos: false
+      include_role:
+        name: fedora.linux_system_roles.ha_cluster
+
+    - name: Remove cluster RPMs
+      package:
+        name:
+          - pacemaker
+          - pcs
+          - fence-agents-all
+          - resource-agents
+        state: absent
+
+    - name: Remove mssql RPMs
+      shell: dnf remove mssql-* -y
+      changed_when: true
+
+    - name: Remove related files
+      shell: rm -rf /var/opt/mssql/ /opt/mssql* /tmp/ansible.*
+      changed_when: true