Add dependency for fedora.linux-system-roles in galaxy.yml

Not print output of gathering facts because output is too long with -v

Wait for mssql-server to prepare for client connections after restart

Only print sqlcmd output when it exists

Create master key encryption after certs are removed if reset_cert

Update test template create_example_db with proper db name variable

Fix configuring pacemaker, add SBD support

- Save creds for ha_login to /var/opt/mssql/secrets/passwd
- Set watchdog and SBD devices
- Don't define cidr_netmask for virtualip
- Change watchdog-timeout value from 10s to 10
- Add mssql_ha_sbd_ variables to README, to inventory and playbook
examples
- Add mssql_ha_sbd_ variables to defaults/main.yml
- Set SBD devices in test
- Add clean_up_mssql_pacemaker.yml

.collection/galaxy.yml

@@ -16,7 +16,8 @@ readme: "README.md"
 license:
   - MIT
 
-dependencies: {}
+dependencies:
+  - "fedora.linux-system-roles": "*"
 
 tags:
   - "mssql"

README.md

@@ -389,6 +389,9 @@ group.
 The role uses the System Roles firewall role to manage the firewall,
 hence, only firewall implementations supported by the firewall role work.
 
+If you set this variable to `false`, you must open the port defined with the
+`mssql_ha_listener_port` variable prior to running this role.
+
 Default: `true`
 
 Type: `bool`
@@ -442,7 +445,6 @@ Default: `null`
 
 Type: `string`
 
-
 #### `mssql_ha_ag_name`
 
 The name of the availability group to be configured.
@@ -513,6 +515,38 @@ Default: `null`
 
 Type: `string`
 
+#### `mssql_ha_sbd_enabled`
+
+Whether to enable SBD in pacemaker for Always On availability group or not.
+
+Default: `false`
+
+Type: `string`
+
+#### `mssql_ha_sbd_watchdog`
+
+When using SBD, you must configure watchdog device for each node in inventory.
+
+See [`Setting Up SQL Server and Configuring for High Availability`](#Setting-Up-SQL-Server-and-Configuring-for-High-Availability) for an example
+inventory that sets this variable.
+
+Default: `/dev/watchdog`
+
+Type: `string`
+
+#### `mssql_ha_sbd_devices`
+
+When using SBD, you can optionally configure one or more SBD devices for each
+node in inventory. Note that all nodes must have the same number of SBD devices
+specified.
+
+See [`Setting Up SQL Server and Configuring for High Availability`](#Setting-Up-SQL-Server-and-Configuring-for-High-Availability) for an example
+inventory that sets this variable.
+
+Default: `null`
+
+Type: `list`
+
 ## Example Playbooks
 
 This section outlines example playbooks that you can use as a reference.
@@ -609,7 +643,11 @@ This example shows how to use the role to set up SQL Server and configure it for
 high availability.
 
 You must set the `mssql_ha_replica_type` variable for each host that you want to
-configure, for example in the inventory file.
+configure.
+
+If you use SBD, you must set the `mssql_ha_sbd_watchdog` variable for each host.
+You can optionally set the `mssql_ha_sbd_devices` variable to configure SBD
+devices.
 
 Example inventory file with `mssql_ha_replica_type` set for each host:
 
@@ -618,14 +656,26 @@ all:
   hosts:
     host1:
       mssql_ha_replica_type: primary
+      mssql_ha_sbd_watchdog: /dev/watchdog1
+      mssql_ha_sbd_devices:
+        - /dev/vda
+        - /dev/vdb
     host2:
       mssql_ha_replica_type: synchronous
+      mssql_ha_sbd_watchdog: /dev/watchdog2
+      mssql_ha_sbd_devices:
+        - /dev/vdc
+        - /dev/vdd
     host3:
       mssql_ha_replica_type: witness
+      mssql_ha_sbd_watchdog: /dev/watchdog3
+      mssql_ha_sbd_devices:
+        - /dev/vde
+        - /dev/vdf
+
 ```
 
-When the `mssql_ha_replica_type` variable is set for all hosts, you can execute
-a playbook.
+When all required variables are set, you can execute a playbook.
 
 Example playbook:
 
@@ -652,6 +702,7 @@ Example playbook:
     mssql_ha_login_password: "p@55w0rD3"
     mssql_ha_hacluster_password: "p@55w0rD4"
     mssql_ha_virtual_ip: 192.168.1.254
+    mssql_ha_sbd_enabled: true
   roles:
     - microsoft.sql.server
 ```

defaults/main.yml

@@ -39,3 +39,6 @@ mssql_ha_login: null
 mssql_ha_login_password: null
 mssql_ha_hacluster_password: null
 mssql_ha_virtual_ip: null
+mssql_ha_sbd_enabled: false
+mssql_ha_sbd_watchdog: /dev/watchdog
+mssql_ha_sbd_devices: null

tasks/input_sql_file.yml

@@ -43,6 +43,12 @@
         name: mssql-server
         state: started
 
+    - name: Wait for mssql-server to prepare for client connections
+      wait_for:
+        path: /var/opt/mssql/log/errorlog
+        search_regex: SQL Server is now ready for client connections
+        timeout: 10
+
     - name: Prepare MSSQL and facts for logging in
       include_tasks: verify_password.yml
       vars:
@@ -63,7 +69,7 @@
         var: __mssql_sqlcmd_input_file.stdout_lines
       changed_when: false
       when:
-        - __mssql_sqlcmd_input_file.stdout_lines is defined
+        - __mssql_sqlcmd_input_file.stdout_lines | length > 0
         - mssql_debug | bool
 
     # Keep the file if the SQL command failed for debugging

tasks/main.yml

@@ -67,6 +67,7 @@
 - name: Gather package facts
   package_facts:
     manager: auto
+  no_log: true
 
 - name: >-
     Verify if mssql_version is not smaller then the existing SQL Server version
@@ -145,6 +146,7 @@
 
 - name: Gather system services facts
   service_facts:
+  no_log: true
 
 - name: Set up MSSQL
   when: not __mssql_is_setup
@@ -447,7 +449,7 @@
   block:
     - name: >-
         Open the {{ mssql_ha_listener_port }}/tcp port and
-        enable the high-availability service
+        enable the high-availability service in firewall
       when: mssql_ha_firewall_configure | bool
       include_role:
         name: fedora.linux_system_roles.firewall
@@ -502,11 +504,6 @@
         __mssql_input_sql_file: enable_alwayson.j2
       include_tasks: input_sql_file.yml
 
-    - name: Create master key encryption
-      vars:
-        __mssql_input_sql_file: create_master_key_encryption.j2
-      include_tasks: input_sql_file.yml
-
     - name: Remove certificate from SQL Server
       vars:
         __mssql_input_sql_file: drop_cert.j2
@@ -522,6 +519,11 @@
         - "{{ __mssql_ha_private_key_dest }}"
       when: mssql_ha_reset_cert | bool
 
+    - name: Create master key encryption
+      vars:
+        __mssql_input_sql_file: create_master_key_encryption.j2
+      include_tasks: input_sql_file.yml
+
     - name: Create and back up certificate
       vars:
         __mssql_input_sql_file: create_and_back_up_cert.j2
@@ -554,6 +556,7 @@
     - name: Get mssql-server version to see if WRITE_LEASE_VALIDITY is available
       package_facts:
         manager: auto
+      no_log: true
 
     - name: Create the {{ mssql_ha_ag_name }} availability group
       vars:
@@ -699,82 +702,112 @@
 
 - name: Configure pacemaker
   when: mssql_ha_configure | bool
-  include_role:
-    name: fedora.linux_system_roles.ha_cluster
-  vars:
-    ha_cluster_cluster_name: "{{ mssql_ha_ag_name }}"
-    ha_cluster_hacluster_password: "{{ mssql_ha_hacluster_password | quote }}"
-    ha_cluster_cluster_properties:
-      - attrs:
-          - name: cluster-recheck-interval
-            value: 2min
-          - name: start-failure-is-fatal
-            value: true
-    ha_cluster_resource_primitives:
-      - id: ag_cluster
-        agent: ocf:mssql:ag
-        instance_attrs:
-          - attrs:
-              - name: ag_name
-                value: "{{ mssql_ha_ag_name }}"
-        meta_attrs:
-          - attrs:
-              - name: failure-timeout
-                value: 60s
-      - id: virtualip
-        agent: ocf:heartbeat:IPaddr2
-        instance_attrs:
-          - attrs:
-              - name: ip
-                value: "{{ mssql_ha_virtual_ip }}"
-              - name: cidr_netmask
-                value: 24
-        operations:
-          - action: monitor
-            attrs:
-              - name: interval
-                value: 30s
-    ha_cluster_resource_clones:
-      - resource_id: ag_cluster
-        promotable: yes
-        meta_attrs:
+  block:
+    - name: Save credentials for the {{ mssql_ha_login }} SQL Server login
+      copy:
+        content: |-
+          {{ mssql_ha_login }}
+          {{ mssql_ha_login_password }}
+        dest: /var/opt/mssql/secrets/passwd
+        owner: root
+        group: root
+        mode: 0400
+        force: true
+
+    - name: Set watchdog and SBD devices facts for ha_cluster
+      set_fact:
+        ha_cluster:
+          sbd_watchdog: "{{ mssql_ha_sbd_watchdog }}"
+          sbd_devices: "{{ mssql_ha_sbd_devices }}"
+      when:
+        - mssql_ha_sbd_enabled | bool
+        - mssql_ha_sbd_devices is not none
+
+
+    - name: Set only watchdog device when SBD devices is not set
+      set_fact:
+        ha_cluster:
+          sbd_watchdog: "{{ mssql_ha_sbd_watchdog }}"
+      when:
+        - mssql_ha_sbd_enabled | bool
+        - mssql_ha_sbd_devices is none
+
+    - name: Run ha_cluster to configure pacemaker
+      include_role:
+        name: fedora.linux_system_roles.ha_cluster
+      vars:
+        ha_cluster_cluster_name: "{{ mssql_ha_ag_name }}"
+        ha_cluster_hacluster_password: >-
+          {{ mssql_ha_hacluster_password | quote }}
+        ha_cluster_cluster_properties:
           - attrs:
-              - name: notify
+              - name: cluster-recheck-interval
+                value: 2min
+              - name: start-failure-is-fatal
                 value: true
-              # If RHEL > 8.3, set on_fail: demote.
-              # Else, set notify: true again as a workaround
-              - name: "{{
-                  'on_fail'
-                  if ansible_distribution_version is version('8.3', '>')
-                  else 'notify'
-                }}"
-                value: "{{
-                  'demote'
-                  if ansible_distribution_version is version('8.3', '>')
-                  else true
-                }}"
-    ha_cluster_constraints_colocation:
-      - resource_leader:
-          id: ag_cluster-clone
-          role: master
-        resource_follower:
-          id: virtualip
-        options:
-          - name: score
-            value: INFINITY
-          - name: with-rsc-role
-            value: Master
-    ha_cluster_constraints_order:
-      - resource_first:
-          id: ag_cluster-clone
-          action: promote
-        resource_then:
-          id: virtualip
-          action: start
-    ha_cluster_sbd_enabled: true
-    ha_cluster_sbd_options:
-      - name: watchdog-timeout
-        value: 10s
+        ha_cluster_resource_primitives:
+          - id: ag_cluster
+            agent: ocf:mssql:ag
+            instance_attrs:
+              - attrs:
+                  - name: ag_name
+                    value: "{{ mssql_ha_ag_name }}"
+            meta_attrs:
+              - attrs:
+                  - name: failure-timeout
+                    value: 60s
+          - id: virtualip
+            agent: ocf:heartbeat:IPaddr2
+            instance_attrs:
+              - attrs:
+                  - name: ip
+                    value: "{{ mssql_ha_virtual_ip }}"
+            operations:
+              - action: monitor
+                attrs:
+                  - name: interval
+                    value: 30s
+        ha_cluster_resource_clones:
+          - resource_id: ag_cluster
+            promotable: yes
+            meta_attrs:
+              - attrs:
+                  - name: notify
+                    value: true
+                  # If RHEL > 8.3, set on_fail: demote.
+                  # Else, set notify: true again as a workaround
+                  - name: "{{
+                      'on_fail'
+                      if ansible_distribution_version is version('8.3', '>')
+                      else 'notify'
+                    }}"
+                    value: "{{
+                      'demote'
+                      if ansible_distribution_version is version('8.3', '>')
+                      else true
+                    }}"
+        ha_cluster_constraints_colocation:
+          - resource_leader:
+              id: ag_cluster-clone
+              role: master
+            resource_follower:
+              id: virtualip
+            options:
+              - name: score
+                value: INFINITY
+              - name: with-rsc-role
+                value: Master
+        ha_cluster_constraints_order:
+          - resource_first:
+              id: ag_cluster-clone
+              action: promote
+            resource_then:
+              id: virtualip
+              action: start
+        ha_cluster_sbd_enabled: "{{ mssql_ha_sbd_enabled }}"
+        ha_cluster_sbd_options:
+          - name: watchdog-timeout
+            value: 10
 
 - name: Verify if the {{ mssql_ha_db_name }} database exists
   vars: