Fix configuring pacemaker, add SBD support

- Save creds for ha_login to /var/opt/mssql/secrets/passwd - Set watchdog and SBD devices - Don't define cidr_netmask for virtualip - Change watchdog-timeout value from 10s to 10 - Add mssql_ha_sbd_ variables to README, to inventory and playbook examples - Add mssql_ha_sbd_ variables to defaults/main.yml - Set SBD devices in test
linux-system-roles · Jun 2, 2022 · dab6be7 · dab6be7
1 parent f3002e4
commit dab6be7
Show file tree

Hide file tree

Showing 4 changed files with 168 additions and 80 deletions.
diff --git a/README.md b/README.md
@@ -389,6 +389,9 @@ group.
 The role uses the System Roles firewall role to manage the firewall,
 hence, only firewall implementations supported by the firewall role work.
 
+If you set this variable to `false`, you must open the port defined with the
+`mssql_ha_listener_port` variable prior to running this role.
+
 Default: `true`
 
 Type: `bool`
@@ -442,7 +445,6 @@ Default: `null`
 
 Type: `string`
 
-
 #### `mssql_ha_ag_name`
 
 The name of the availability group to be configured.
@@ -513,6 +515,38 @@ Default: `null`
 
 Type: `string`
 
+#### `mssql_ha_sbd_enabled`
+
+Whether to enable SBD in pacemaker for Always On availability group or not.
+
+Default: `false`
+
+Type: `string`
+
+#### `mssql_ha_sbd_watchdog`
+
+When using SBD, you must configure watchdog device for each node in inventory.
+
+See [`Setting Up SQL Server and Configuring for High Availability`](#Setting-Up-SQL-Server-and-Configuring-for-High-Availability) for an example
+inventory that sets this variable.
+
+Default: `/dev/watchdog`
+
+Type: `string`
+
+#### `mssql_ha_sbd_devices`
+
+When using SBD, you can optionally configure one or more SBD devices for each
+node in inventory. Note that all nodes must have the same number of SBD devices
+specified.
+
+See [`Setting Up SQL Server and Configuring for High Availability`](#Setting-Up-SQL-Server-and-Configuring-for-High-Availability) for an example
+inventory that sets this variable.
+
+Default: `null`
+
+Type: `list`
+
 ## Example Playbooks
 
 This section outlines example playbooks that you can use as a reference.
@@ -609,7 +643,11 @@ This example shows how to use the role to set up SQL Server and configure it for
 high availability.
 
 You must set the `mssql_ha_replica_type` variable for each host that you want to
-configure, for example in the inventory file.
+configure.
+
+If you use SBD, you must set the `mssql_ha_sbd_watchdog` variable for each host.
+You can optionally set the `mssql_ha_sbd_devices` variable to configure SBD
+devices.
 
 Example inventory file with `mssql_ha_replica_type` set for each host:
 
@@ -618,14 +656,26 @@ all:
   hosts:
     host1:
       mssql_ha_replica_type: primary
+      mssql_ha_sbd_watchdog: /dev/watchdog1
+      mssql_ha_sbd_devices:
+        - /dev/vda
+        - /dev/vdb
     host2:
       mssql_ha_replica_type: synchronous
+      mssql_ha_sbd_watchdog: /dev/watchdog2
+      mssql_ha_sbd_devices:
+        - /dev/vdc
+        - /dev/vdd
     host3:
       mssql_ha_replica_type: witness
+      mssql_ha_sbd_watchdog: /dev/watchdog3
+      mssql_ha_sbd_devices:
+        - /dev/vde
+        - /dev/vdf
+
 ```
 
-When the `mssql_ha_replica_type` variable is set for all hosts, you can execute
-a playbook.
+When all required variables are set, you can execute a playbook.
 
 Example playbook:
 
@@ -652,6 +702,7 @@ Example playbook:
     mssql_ha_login_password: "p@55w0rD3"
     mssql_ha_hacluster_password: "p@55w0rD4"
     mssql_ha_virtual_ip: 192.168.1.254
+    mssql_ha_sbd_enabled: true
   roles:
     - microsoft.sql.server
 ```

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -39,3 +39,6 @@ mssql_ha_login: null
 mssql_ha_login_password: null
 mssql_ha_hacluster_password: null
 mssql_ha_virtual_ip: null
+mssql_ha_sbd_enabled: false
+mssql_ha_sbd_watchdog: /dev/watchdog
+mssql_ha_sbd_devices: null
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -702,82 +702,111 @@
 
 - name: Configure pacemaker
   when: mssql_ha_configure | bool
-  include_role:
-    name: fedora.linux_system_roles.ha_cluster
-  vars:
-    ha_cluster_cluster_name: "{{ mssql_ha_ag_name }}"
-    ha_cluster_hacluster_password: "{{ mssql_ha_hacluster_password | quote }}"
-    ha_cluster_cluster_properties:
-      - attrs:
-          - name: cluster-recheck-interval
-            value: 2min
-          - name: start-failure-is-fatal
-            value: true
-    ha_cluster_resource_primitives:
-      - id: ag_cluster
-        agent: ocf:mssql:ag
-        instance_attrs:
-          - attrs:
-              - name: ag_name
-                value: "{{ mssql_ha_ag_name }}"
-        meta_attrs:
-          - attrs:
-              - name: failure-timeout
-                value: 60s
-      - id: virtualip
-        agent: ocf:heartbeat:IPaddr2
-        instance_attrs:
-          - attrs:
-              - name: ip
-                value: "{{ mssql_ha_virtual_ip }}"
-              - name: cidr_netmask
-                value: 24
-        operations:
-          - action: monitor
-            attrs:
-              - name: interval
-                value: 30s
-    ha_cluster_resource_clones:
-      - resource_id: ag_cluster
-        promotable: yes
-        meta_attrs:
+  block:
+    - name: Save credentials for the {{ mssql_ha_login }} SQL Server login
+      copy:
+        content: |-
+          {{ mssql_ha_login }}
+          {{ mssql_ha_login_password }}
+        dest: /var/opt/mssql/secrets/passwd
+        owner: root
+        group: root
+        mode: 0400
+        force: true
+
+    - name: Set watchdog and SBD devices facts for ha_cluster
+      set_fact:
+        ha_cluster:
+          sbd_watchdog: "{{ mssql_ha_sbd_watchdog }}"
+          sbd_devices: "{{ mssql_ha_sbd_devices }}"
+      when:
+        - mssql_ha_sbd_enabled | bool
+        - mssql_ha_sbd_devices is not none
+
+
+    - name: Set only watchdog device when SBD devices is not set
+      set_fact:
+        ha_cluster:
+          sbd_watchdog: "{{ mssql_ha_sbd_watchdog }}"
+      when:
+        - mssql_ha_sbd_enabled | bool
+        - mssql_ha_sbd_devices is none
+
+    - name: Run ha_cluster to configure pacemaker
+      include_role:
+        name: fedora.linux_system_roles.ha_cluster
+      vars:
+        ha_cluster_cluster_name: "{{ mssql_ha_ag_name }}"
+        ha_cluster_hacluster_password: "{{ mssql_ha_hacluster_password | quote }}"
+        ha_cluster_cluster_properties:
           - attrs:
-              - name: notify
+              - name: cluster-recheck-interval
+                value: 2min
+              - name: start-failure-is-fatal
                 value: true
-              # If RHEL > 8.3, set on_fail: demote.
-              # Else, set notify: true again as a workaround
-              - name: "{{
-                  'on_fail'
-                  if ansible_distribution_version is version('8.3', '>')
-                  else 'notify'
-                }}"
-                value: "{{
-                  'demote'
-                  if ansible_distribution_version is version('8.3', '>')
-                  else true
-                }}"
-    ha_cluster_constraints_colocation:
-      - resource_leader:
-          id: ag_cluster-clone
-          role: master
-        resource_follower:
-          id: virtualip
-        options:
-          - name: score
-            value: INFINITY
-          - name: with-rsc-role
-            value: Master
-    ha_cluster_constraints_order:
-      - resource_first:
-          id: ag_cluster-clone
-          action: promote
-        resource_then:
-          id: virtualip
-          action: start
-    ha_cluster_sbd_enabled: true
-    ha_cluster_sbd_options:
-      - name: watchdog-timeout
-        value: 10s
+        ha_cluster_resource_primitives:
+          - id: ag_cluster
+            agent: ocf:mssql:ag
+            instance_attrs:
+              - attrs:
+                  - name: ag_name
+                    value: "{{ mssql_ha_ag_name }}"
+            meta_attrs:
+              - attrs:
+                  - name: failure-timeout
+                    value: 60s
+          - id: virtualip
+            agent: ocf:heartbeat:IPaddr2
+            instance_attrs:
+              - attrs:
+                  - name: ip
+                    value: "{{ mssql_ha_virtual_ip }}"
+            operations:
+              - action: monitor
+                attrs:
+                  - name: interval
+                    value: 30s
+        ha_cluster_resource_clones:
+          - resource_id: ag_cluster
+            promotable: yes
+            meta_attrs:
+              - attrs:
+                  - name: notify
+                    value: true
+                  # If RHEL > 8.3, set on_fail: demote.
+                  # Else, set notify: true again as a workaround
+                  - name: "{{
+                      'on_fail'
+                      if ansible_distribution_version is version('8.3', '>')
+                      else 'notify'
+                    }}"
+                    value: "{{
+                      'demote'
+                      if ansible_distribution_version is version('8.3', '>')
+                      else true
+                    }}"
+        ha_cluster_constraints_colocation:
+          - resource_leader:
+              id: ag_cluster-clone
+              role: master
+            resource_follower:
+              id: virtualip
+            options:
+              - name: score
+                value: INFINITY
+              - name: with-rsc-role
+                value: Master
+        ha_cluster_constraints_order:
+          - resource_first:
+              id: ag_cluster-clone
+              action: promote
+            resource_then:
+              id: virtualip
+              action: start
+        ha_cluster_sbd_enabled: "{{ mssql_ha_sbd_enabled }}"
+        ha_cluster_sbd_options:
+          - name: watchdog-timeout
+            value: 10
 
 - name: Verify if the {{ mssql_ha_db_name }} database exists
   vars:

diff --git a/tests/tests_configure_ha_cluster.yml b/tests/tests_configure_ha_cluster.yml
@@ -34,7 +34,11 @@
       include_role:
         name: fedora.linux_system_roles.ha_cluster
         tasks_from: ../../../tests/ha_cluster/tasks/setup_sbd.yml
-      when: ansible_play_hosts_all | length == 1
+
+    - name: Set SBD devices and watchdogs
+      set_fact:
+          mssql_ha_sbd_devices:
+            - "{{ __test_sbd_mount.stdout }}"
 
     - name: Configure SQL Server and create an ExampleDB database on primary
       vars:
@@ -58,6 +62,7 @@
         mssql_ha_login: pacemakerLogin
         mssql_ha_login_password: "p@55w0rD3"
         mssql_ha_hacluster_password: "p@55w0rD4"
-        mssql_ha_virtual_ip: 192.168.1.254
+        mssql_ha_virtual_ip: 192.168.122.10
+        mssql_ha_sbd_enabled: true
       include_role:
         name: linux-system-roles.mssql