Is your feature request related to a problem? Please describe.
Some customers don't need to have SCS or Webdispatcher and on a separate host.

Describe the solution you'd like
Please provide the option to install PAS and WebDisp on the SCS VM.

Describe alternatives you've considered
none

Additional context
none

Hi Team,

i am in the step of Playbook: BOM Processing This playbook downloads the SAP software to the SCS virtual machine.

and i face the below error, from BOM processor.

from the storage account https://mgmtaueasapliba30.blob.core.windows.net/sapbits/sapfiles/archives/SAPCAR_1115-70006178.EXE , URL has been correctly generated...

but the BOM processing... pick up some additional letter after. EXE.

"https://mgmtaueasapliba30.blob.core.windows.net/sapbits/sapfiles/archives/SAPCAR_1115-70006178.EXEWestBrom1"}

i wonder where i can delete this additional letter

TASK [roles-sap/3.3-bom-processing : 3.3 BoM Processing: - Download Files suse12] **********************************************************************************
failed: [x00scs00l1e2] (item={'name': 'SAPCAR 7.22; OS: Linux on x86_64 64bit', 'archive': 'SAPCAR_1115-70006178.EXE', 'checksum': '765412436934362cc5497e3d659fbb78be91093a091c11ec4fbe84dfb415a0e5', 'filename': 'SAPCAR', 'permissions': '0755', 'url': 'https://softwaredownloads.sap.com/file/0020000000098642022'}) => {"ansible_loop_var": "item", "attempts": 2, "changed": false, "dest": "/usr/sap/install/downloads/SAPCAR", "elapsed": 0, "item": {"archive": "SAPCAR_1115-70006178.EXE", "checksum": "765412436934362cc5497e3d659fbb78be91093a091c11ec4fbe84dfb415a0e5", "filename": "SAPCAR", "name": "SAPCAR 7.22; OS: Linux on x86_64 64bit", "permissions": "0755", "url": "https://softwaredownloads.sap.com/file/0020000000098642022"}, "msg": "Request failed", "response": "HTTP Error 404: The specified resource does not exist.", "status_code": 404, "url": "https://mgmtaueasapliba30.blob.core.windows.net/sapbits/sapfiles/archives/SAPCAR_1115-70006178.EXEWestBrom1"}
FAILED - RETRYING: 3.3 BoM Processing: - Download Files suse12 (2 retries left).
^C [ERROR]: User interrupted execution

"https://mgmtaueasapliba30.blob.core.windows.net/sapbits/sapfiles/archives/SAPCAR_1115-70006178.EXEWestBrom1}

Describe the bug
When playbook_02_os_sap_specific_config.yaml runs directly after playbook_01_os_base_config.yaml it always files with this error.
Please add an ansible step to playbook 2 that checks for running zypper or yum and waits until these processes finishes.

To reproduce
run the playbooks 1 & 2 directly after each other

Expected behavior
no playbook failures due to running zypper or yum

Additional context
none

Describe the bug
Region prep script is crashing with following errors:
odule.sap_deployer.azurerm_key_vault.kv_user[0]: Still creating... [40s elapsed]
module.sap_deployer.azurerm_key_vault.kv_user[0]: Still creating... [50s elapsed]
module.sap_deployer.azurerm_key_vault.kv_user[0]: Still creating... [1m0s elapsed]
module.sap_deployer.azurerm_key_vault.kv_user[0]: Still creating... [1m10s elapsed]
module.sap_deployer.azurerm_key_vault.kv_user[0]: Still creating... [1m20s elapsed]
module.sap_deployer.azurerm_key_vault.kv_user[0]: Still creating... [1m30s elapsed]
module.sap_deployer.azurerm_key_vault.kv_user[0]: Still creating... [1m40s elapsed]
module.sap_deployer.azurerm_key_vault.kv_user[0]: Still creating... [1m50s elapsed]
module.sap_deployer.azurerm_key_vault.kv_user[0]: Still creating... [2m0s elapsed]
module.sap_deployer.azurerm_key_vault.kv_user[0]: Still creating... [2m10s elapsed]
module.sap_deployer.azurerm_key_vault.kv_user[0]: Creation complete after 2m11s [id=/subscriptions/1d032958-7678-44b8-82ad-3cd6fdb1f9a9/resourceGroups/SAP-AFCP-TEST/providers/Microsoft.KeyVault/vaults/MGMTWEEUDEP00user1A2]
module.sap_deployer.azurerm_key_vault_access_policy.kv_user_msi[0]: Creating...
module.sap_deployer.azurerm_key_vault_access_policy.kv_user_pre_deployer[0]: Creating...
module.sap_deployer.azurerm_key_vault_access_policy.kv_user_pre_deployer[0]: Creation complete after 9s [id=/subscriptions/1d032958-7678-44b8-82ad-3cd6fdb1f9a9/resourceGroups/SAP-AFCP-TEST/providers/Microsoft.KeyVault/vaults/MGMTWEEUDEP00user1A2/objectId/70000000-0000-0000-0000-000000000000]
module.sap_deployer.azurerm_key_vault_access_policy.kv_user_msi[0]: Still creating... [10s elapsed]
module.sap_deployer.azurerm_key_vault_access_policy.kv_user_msi[0]: Creation complete after 17s [id=/subscriptions/1d032958-7678-44b8-82ad-3cd6fdb1f9a9/resourceGroups/SAP-AFCP-TEST/providers/Microsoft.KeyVault/vaults/MGMTWEEUDEP00user1A2/objectId/c9e19a85-c394-4fc4-965d-eabfe715ae62]
module.sap_deployer.azurerm_key_vault_secret.username[0]: Creating...
module.sap_deployer.azurerm_key_vault_secret.pk[0]: Creating...
module.sap_deployer.azurerm_key_vault_secret.ppk[0]: Creating...
╷
│ Error: checking for presence of existing Secret "SAP-AFCP-TEST-sshkey" (Key Vault "https://mgmtweeudep00user1a2.vault.azure.net/"): keyvault.BaseClient#GetSecret: Failure responding to request: StatusCode=403 -- Original Error:autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="The user, group or application 'appid=b677c290-cf4b-4a8e-a60e-91ba650a4abe;oid=ea425602-a18d-4912-9375-78ee23dc2bac;numgroups=1;iss=https://sts.windows.net/1f6c67d4-7e4c-4119-8ad9-435710ee4b29/' does not have secrets get permission on key vault 'MGMTWEEUDEP00user1A2;location=westeurope'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287"InnerError={"code":"AccessDenied"}
│
│ with module.sap_deployer.azurerm_key_vault_secret.ppk[0],
│ on ../../terraform-units/modules/sap_deployer/key_vault.tf line 168, in resource "azurerm_key_vault_secret" "ppk":
│ 168: resource "azurerm_key_vault_secret" "ppk" {
│
╵
╷
│ Error: checking for presence of existing Secret "SAP-AFCP-TEST-sshkey-pub" (Key Vault "https://mgmtweeudep00user1a2.vault.azure.net/"): keyvault.BaseClient#GetSecret: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="The user, group or application 'appid=b677c290-cf4b-4a8e-a60e-91ba650a4abe;oid=ea425602-a18d-4912-9375-78ee23dc2bac;numgroups=1;iss=https://sts.windows.net/1f6c67d4-7e4c-4119-8ad9-435710ee4b29/' does not have secrets get permission on key vault 'MGMTWEEUDEP00user1A2;location=westeurope'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287" InnerError={"code":"AccessDenied"}
│
│ with module.sap_deployer.azurerm_key_vault_secret.pk[0],
│ on ../../terraform-units/modules/sap_deployer/key_vault.tf line 179, in resource "azurerm_key_vault_secret" "pk":
│ 179: resource "azurerm_key_vault_secret" "pk" {
│
╵
╷
│ Error: checking for presence of existing Secret "SAP-AFCP-TEST-username" (Key Vault "https://mgmtweeudep00user1a2.vault.azure.net/"): keyvault.BaseClient#GetSecret: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="The user, group or application 'appid=b677c290-cf4b-4a8e-a60e-91ba650a4abe;oid=ea425602-a18d-4912-9375-78ee23dc2bac;numgroups=1;iss=https://sts.windows.net/1f6c67d4-7e4c-4119-8ad9-435710ee4b29/' does not have secrets get permission on key vault 'MGMTWEEUDEP00user1A2;location=westeurope'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287" InnerError={"code":"AccessDenied"}
│
│ with module.sap_deployer.azurerm_key_vault_secret.username[0],
│ on ../../terraform-units/modules/sap_deployer/key_vault.tf line 190, in resource "azurerm_key_vault_secret" "username":
│ 190: resource "azurerm_key_vault_secret" "username" {
│
╵

To reproduce
Steps to reproduce the behavior:
just run hands-on lab commands as on https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/automation-tutorial - Deploy control plane, step 1's script

Expected behavior
Deploy region as expected

Additional context
Tested on 3 different environments/6 regions with same error
error says that my user account has no permissions to have the access to KV but scripts is ran with SPN as parameter (should it be SPN app_id there?).

Please check the variable "db_platform" in https://github.com/Azure/sap-automation/blob/main/deploy/terraform/terraform-units/modules/sap_namegenerator/variables_local.tf. Its default value should not be LINUX, but a database platform.

Is your feature request related to a problem? Please describe.
This role rolls out sles or rhel VMs for SAP workloads, I think it would be a good idea to drop the default of another Linux vendor for the deployer VM.

Describe the solution you'd like
Use RHEL / sles for deployer VM

Describe the bug
Pipeline 4:
TASK [roles-misc/0.2-kv-secrets : BoM Secrets: Retrieve S User detail secret] ***
fatal: [localhost]: FAILED! => {"changed": false, "cmd": ["az", "keyvault", "secret", "show", "--vault-name", "MGMTNOEUDEP02user483", "--name", "S-Username"], "delta": "0:00:02.629802", "end": "2022-07-07 13:10:14.104474", "msg": "non-zero return code", "rc": 1, "start": "2022-07-07 13:10:11.474672", "stderr": "ERROR: Please run 'az login' to setup account.", "stderr_lines": ["ERROR: Please run 'az login' to setup account."], "stdout": "", "stdout_lines": []}

To reproduce
deploy control plane with parameter
auto_configure_deployer = true

Expected behavior
agent software has all required environments so that this issue doesn't happen

Additional context
can be fixed by uninstalling and installing the devops agent software again on the deploy

Describe the bug
Hello i checked out the main branch in Azure DevOps and trying to automatically deploy the control plane pipeline in Azure and got this error(See part from the log file):

2022-06-28T12:41:18.4235020Z Terraform has created a lock file �[1m.terraform.lock.hcl�[0m to record the provider
2022-06-28T12:41:18.4240789Z selections it made above. Include this file in your version control repository
2022-06-28T12:41:18.4241253Z so that Terraform can guarantee to make the same selections by default when
2022-06-28T12:41:18.4241821Z you run "terraform init" in the future.�[0m
2022-06-28T12:41:18.4241963Z
2022-06-28T12:41:18.4242387Z �[0m�[1m�[32mTerraform has been successfully initialized!�[0m�[32m�[0m
2022-06-28T12:41:18.4242772Z �[0m�[32m
2022-06-28T12:41:18.4243059Z You may now begin working with Terraform. Try running "terraform plan" to see
2022-06-28T12:41:18.4243451Z any changes that are required for your infrastructure. All Terraform commands
2022-06-28T12:41:18.4243733Z should now work.
2022-06-28T12:41:18.4243839Z
2022-06-28T12:41:18.4244100Z If you ever set or change modules or backend configuration for Terraform,
2022-06-28T12:41:18.4244474Z rerun this command to reinitialize your working directory. If you forget, other
2022-06-28T12:41:18.4244977Z commands will detect it and remind you to do so if necessary.�[0m
2022-06-28T12:41:18.4299152Z
2022-06-28T12:41:18.4299775Z #########################################################################################
2022-06-28T12:41:18.4300379Z # #
2022-06-28T12:41:18.4300852Z # Running Terraform plan #
2022-06-28T12:41:18.4301301Z # #
2022-06-28T12:41:18.4301763Z #########################################################################################
2022-06-28T12:41:18.4302042Z
2022-06-28T12:41:18.4302932Z Deployer folder specified: /home/vsts/work/1/s/WORKSPACES/DEPLOYER/MGMT-WEEU-DEP00-INFRASTRUCTURE
2022-06-28T12:41:21.0041191Z
2022-06-28T12:41:21.0041853Z #########################################################################################
2022-06-28T12:41:21.0042114Z # #
2022-06-28T12:41:21.0043028Z # �[1;4;31m Errors during the plan phase �[0m #
2022-06-28T12:41:21.0043326Z # #
2022-06-28T12:41:21.0043600Z #########################################################################################
2022-06-28T12:41:21.0043708Z
2022-06-28T12:41:21.0054278Z
2022-06-28T12:41:21.0054893Z Error: Reference to undeclared local value
2022-06-28T12:41:21.0055317Z
2022-06-28T12:41:21.0056285Z on ../../terraform-units/modules/sap_library/configuration_output.tf line 8, in resource "local_file" "backend":
2022-06-28T12:41:21.0056831Z 8: rg_name = local.rg_name,
2022-06-28T12:41:21.0057074Z
2022-06-28T12:41:21.0057471Z A local value with the name "rg_name" has not been declared.
2022-06-28T12:41:21.0057627Z
2022-06-28T12:41:21.0057852Z Error: Reference to undeclared local value
2022-06-28T12:41:21.0057994Z
2022-06-28T12:41:21.0058896Z on ../../terraform-units/modules/sap_library/configuration_output.tf line 9, in resource "local_file" "backend":
2022-06-28T12:41:21.0059302Z 9: sa_tfstate = local.sa_tfstate_name
2022-06-28T12:41:21.0059437Z
2022-06-28T12:41:21.0059701Z A local value with the name "sa_tfstate_name" has not been declared.
2022-06-28T12:41:21.0108203Z ##[error]Return code from prepare_region 20.
2022-06-28T12:41:21.0121213Z ##[error]Error message: Bootstrapping of the SAP Library failed.
2022-06-28T12:41:21.2149908Z �[1;32m--- Adding deployment automation configuration to devops repository ---�[0m
2022-06-28T12:41:21.8773351Z Already up to date.
2022-06-28T12:41:21.9024736Z [main 43ab178] Added updates from devops deployment Control plane deployment [skip ci]
2022-06-28T12:41:21.9025548Z 4 files changed, 1218 insertions(+)
2022-06-28T12:41:21.9026051Z create mode 100644 WORKSPACES/.sap_deployment_automation/MGMTWEEU
2022-06-28T12:41:21.9027206Z create mode 100644 WORKSPACES/DEPLOYER/MGMT-WEEU-DEP00-INFRASTRUCTURE/.terraform/terraform.tfstate
2022-06-28T12:41:21.9028084Z create mode 100644 WORKSPACES/DEPLOYER/MGMT-WEEU-DEP00-INFRASTRUCTURE/terraform.tfstate
2022-06-28T12:41:21.9028887Z create mode 100644 WORKSPACES/LIBRARY/MGMT-WEEU-SAP_LIBRARY/.terraform/terraform.tfstate

i disabled firewall, bastion and public ip as my subscription has no-public-ip policy
Thanks for your help.

Is your feature request related to a problem? Please describe.

Certified Azure production HANA currently requires 4x disks based LVM for Data and 3x disks based Log volumes ( with Write accelerator enabled ).
In addition, A cost conscious setup ( Non certified ) setup is typically provisioned in non-production (dev,qa,sbx) environment.
Current jinja template (https://github.com/Azure/sap-automation/blob/main/deploy/ansible/roles-os/1.5-disk-setup/templates/volume_groups.j2:16) can only process by creating LVMs comprising of single disks.

This has a technical limitation as the stripe size set during LVM creation based on number of participating disks and cannot be changed later without a complete rebuild. It also limits performance to 1x the disk irrespective of how many disks you add into the LVM in future.

Describe the solution you'd like
Modify the template https://github.com/Azure/sap-automation/blob/main/deploy/ansible/roles-os/1.5-disk-setup/templates/volume_groups.j2:16 code block to below code

{% for disk in disks if (disk.host == inventory_hostname) and (disk.type == disktype) %}
{% for lun in disk.LUN%}
{% set _ = pvlist.append('/dev/disk/azure/scsi1/lun' ~ lun) %}
{% endfor %}
{% endfor %}

This will require TF code be to modified in how it outputs the sap-automation.yaml file from the templates.

A sample disks block will be as below

disks:

- { host: 'hana-01', luns: [0], type: 'usrsap'}

- { host: 'hana-01', luns: [1], type: 'hanashared'}

- { host: 'hana-01', luns: [11,12,13,14], type: 'hanadata'}

- { host: 'hana-01', luns: [21,22,23], type: 'hanalog'}

- { host: 'hana-01', luns: [31], type: 'hanabackup'}

Note the comma separated array / list of iSCSI LUN numbers.

For Cost Conscious HANA setup, we could go for 4x disks combined in a single Volume group, which carves out 3 LVM , one each for Shared, Data and Log. An identifier for this in vars/disk_config.yaml file can be added to allow

Additional context
Recommendations/requests here are based on official documentation
https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/hana-vm-operations-storage

Today my deployments started failing with terraform errors. Took me a little while to track it back to the AzureRM provider release for V3 which was released on 3/24 and includes breaking changes.

Describe the solution you'd like
Use the terraform required_providers to avoid breaking changes with the provider(s). Each release should have a specific version of the provider locked to a version. For AzureRM, this is the recommendation.

Using this approach, a fork of the repo will continue to function without worry of a breaking change by newer provider version being picked up.

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=X.0.0" 
    }
  }
}

Describe the bug

An error occurred while loading the YAML build pipeline. Variable group was not found or is not authorized for use. For authorization details, refer to https://aka.ms/yamlauthz.

Permissions unrestricted /open for the pipeline and linked to the pipeline as well
Variable group linked in the trigger section as well.
pipelinebug.docx

To reproduce
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior
A clear and concise description of what you expected to happen.

Additional context
Add any other context about the problem here.

Is your feature request related to a problem? Please describe.
I need to use BYOS images and therefore they have to be registered first with SUSE or RedHat

Describe the solution you'd like
I would like to have a Step "0) Customer specific Preparations" where I could include the registration of all VMs based on the generated hosts file

~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/configuration_menu.sh
0) Customer specific Preparations

1. Base OS Config
2. SAP specific OS Config
3. BOM Processing

Describe alternatives you've considered
well I used an own playbook to register the systems with SUSE in my particular case and than started with step 1)

Additional context
Add any other context or screenshots about the feature request here.

here is my task I added to the playbook_01
suse-register.yml

• name: Register SuseConnect
  command: "SUSEConnect -r -e "
  args:
  creates: "/etc/zypp/credentials.d/SCCcredentials"
  tags:
  • deployment

Well of course the credentials could be in a key vault - asking interactively or prepare it similar to the S-User keyvault entries

Problem DB-Hosts were not able to register to SUSE, but APP-Servers ware able. I think it might be some NSG-Rule or something, which prevents access to the internet.

Describe the bug
Refer to guide, https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/automation-tutorial, Step of Playbook: SAP-Specific OS config, run azureadm@mgmtaueadep00deploy00:~/Azure_SAP_Automated_Deployment/WORKSPACES/SYSTEM/DEV-AUEA-SAP01-X00$ ~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/configuration_menu.sh, but ended up with Fatal error

TASK [roles-sap-os/2.4-hosts-file : Check required variables are present and not empty] ****************************************************************************
fatal: [x00dhdb00l01e]: FAILED! => {
"assertion": "sap_fqdn | type_debug != 'NoneType'",
"changed": false,
"evaluated_to": false,
"msg": "Please define the sap_fqdn parameter"
}
fatal: [x00scs00l1e2]: FAILED! => {
"assertion": "sap_fqdn | type_debug != 'NoneType'",
"changed": false,
"evaluated_to": false,
"msg": "Please define the sap_fqdn parameter"
}
fatal: [x00app00l1e2]: FAILED! => {
"assertion": "sap_fqdn | type_debug != 'NoneType'",
"changed": false,
"evaluated_to": false,
"msg": "Please define the sap_fqdn parameter"

where can i define "Please define the sap_fqdn parameter" of 3 hosts ?

Describe the bug
A clear and concise description of what the bug is.

When running the SAP Downloader for the BOM S41909SPS03_v0011ms using the playbook_bom_downloader.yaml, when it gets to the HANA_2_00_059_v0001ms (./sap-automation/deploy/ansible/BOM-catalog/HANA_2_00_059_v0001ms/HANA_2_00_059_v0001ms.yaml) the file IMDB_SERVER20_059_2-80002031.SAR is not present in the download basket.

To reproduce
Steps to reproduce the behavior:
Execute the Ansible playbook playbook_bom_downloader, everything will run find until the HANA component - this is supposed to be located in the download basket at this link (https://softwaredownloads.sap.com/file/0020000000401402022)

Expected behavior
The software should download to the deployer and upload to storage container, but file is not present for download

Is your feature request related to a problem? Please describe.
The diagnostics agent must still be installed manually after the SAP deployments and should be automated as well

Describe the solution you'd like
Install the diagnostics agent in an additional step as part of pipeline 5

Describe alternatives you've considered
n.a.

Additional context
https://help.sap.com/doc/51c79d86157a4c4baec06df60467db4d/CURRENT_VERSION/en-US/swpm10_smda_setup_unix.pdf

Is your feature request related to a problem? Please describe.
We have a fairly locked down network, only connections to Azure Services are allowed.
So stuff like the IP lookup:

does not work.

Also the deployer VM being created does not have access to the internet, so it can't download anything via pip for example.

I would like to minimize the dependencies towards the internet and try to operate only with Azure Services reachable. Apart from that for normal installation with internet access I think you should document what resources you actually need as a list of URLs:
http://ipinfo.io
Pip (pypi.python.org, pypi.org, pythonhosted.org)
Terraform (registry.terraform.io, releases.hashicorp.com)
I do not have a complete list yet, those were just the first things I noticed :)

As for an Non-Internet connected (air-gapped) Install:
I think it would be a good idea to have two parts
a) download everything (apart from that which is available directly from Microsoft like OS repos) you need from the internet and put it into a storage account
b) the actual SAP install

Everything in a) you can do on your desktop or on any internet connected machine
Everything in b) will work without internet connection

Describe alternatives you've considered
A lot of enterprises may have internal mirrors for pip/... so it may be a good idea to incorporate that possibility.

Describe the bug
HANA Installation fails
fatal: [x00dhdb00l0e6]: FAILED! => {
2022-02-24T10:40:54.8461013Z "msg": "The conditional check 'hana_installation.rc > 0' failed. The error was: error while evaluating conditional (hana_installation.rc > 0): 'dict object' has no attribute 'rc'"

To reproduce
Steps to reproduce the behavior:
Run Pipeline 5 and install HANA (was using Azure DevOps)

Expected behavior
no error

Additional context
n.a.

Describe the bug
In pipeline "SAP System deployment":
Error: creating Volume: (Name "MIM-GEWC-SAP04-MM1_sapmnt" / Capacity Pool Name "MIM-GEWC-SAP04_netapp_pool" / Net App Account Name "ANF" / Resource Group "MIM-GEWC-SAP04-INFRASTRUCTURE"): netapp.VolumesClient#CreateOrUpdate: Failure sending request: StatusCode=404 -- Original Error: Code="ParentResourceNotFound" Message="Can not perform requested operation on nested resource. Parent resource 'ANF/MIM-GEWC-SAP04_netapp_pool' not found."

To reproduce
Steps to reproduce the behavior:
Reference an existing ANF account in the landscape definition when deploying the workload zone:
Example: MIM-GEWC-SAP04-INFRASTRUCTURE.tfvars
ANF_account_arm_id="/subscriptions//resourceGroups/ANF-Germany/providers/Microsoft.NetApp/netAppAccounts/ANF"

Expected behavior
Deployment should work by referencing an existing account name.

Additional context
none

Describe the bug
Hi,
if you do not set a private ip you'll currently fall back on a behavior with cidrhost:
https://github.com/Azure/sap-automation/blob/main/deploy/terraform/terraform-units/modules/sap_system/hdb_node/vm-hdb.tf#L26-L31
The right behavior would be to just use dynamic: hashicorp/terraform-provider-azurerm#15264

Getting the following error when trying to deploy the workload zone from the deployer VM per the tutorial https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/automation-deploy-workload-zone?tabs=linux

#########################################################################################

Running Terraform plan

#########################################################################################

Error: "network_acls.0.ip_rules.0" is not a valid IPv4 address: "3f27b93e-3b0a-4871-91fb-fc2695718314"

with module.sap_landscape.azurerm_key_vault.kv_user[0],
on ../../terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf line 77, in resource "azurerm_key_vault" "kv_user":
77: ip_rules = var.use_private_endpoint ? (
78: compact
79: (
80: [
81: length(local.deployer_public_ip_address) > 0 ? local.deployer_public_ip_address : "",
82: length(var.Agent_IP) > 0 ? var.Agent_IP : ""
83: ]
84: )) : (
85: []
86: )

Error: network_acls.0.ip_rules.0 must start with IPV4 address and/or slash, number of bits (0-32) as prefix. Example: 127.0.0.1/8. Got "3f27b93e-3b0a-4871-91fb-fc2695718314".

with module.sap_landscape.azurerm_key_vault.kv_user[0],
on ../../terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf line 77, in resource "azurerm_key_vault" "kv_user":
77: ip_rules = var.use_private_endpoint ? (
78: compact
79: (
80: [
81: length(local.deployer_public_ip_address) > 0 ? local.deployer_public_ip_address : "",
82: length(var.Agent_IP) > 0 ? var.Agent_IP : ""
83: ]
84: )) : (
85: []
86: )

#########################################################################################

Errors running plan

#########################################################################################

Warning: Empty provider configuration blocks are not required

on ../../terraform-units/modules/sap_landscape/providers.tf line 1:
1: provider "azurerm" {

Remove the azurerm.main provider block from module.sap_landscape. Add azurerm.main to the list of configuration_aliases for azurerm in
required_providers to define the provider configuration name.

(and 2 more similar warnings elsewhere)

To reproduce
Steps to reproduce the behavior:

1. Create a landscape tfvars file (parameters below, copied from one of the example files)
2. Set environment variables per the tutorial
3. Execute install_workloadzone.sh per the tutorial (link above)

Expected behavior
The script should complete without error and create the infrastructure expected.

Additional context
Parameters:
tfstate_resource_id = null
deployer_tfstate_key = null
environment = "SBX"
location = "northcentralus"
network_logical_name = "SAP00"
network_address_space = "10.150.0.0/16"
admin_subnet_address_prefix = "10.150.0.0/19"
db_subnet_address_prefix = "10.150.96.0/19"
app_subnet_address_prefix = "10.150.32.0/19"
web_subnet_address_prefix = "10.150.128.0/19"
/* iscsi subnet information /
automation_username = "azureadm"
enable_purge_control_for_keyvaults = false
NFS_provider = "AFS"
transport_volume_size = 100
/ anf subnet information */
use_private_endpoint = true

Is this related to bug #77 ?

Describe the bug
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Authentication error, please check the SAS token"}

To reproduce
Steps to reproduce the behavior:
Deploy region, library, workload zone and then download the binaries.
The error occurs during the ansible pipeline run playbook_bom_downloader.yaml

Expected behavior
A valid SAS token is available in the keyvault

Additional context
none

Describe the bug
Running a new system deployment via pipeline and ran into the following error:

#########################################################################################
#                                                                                       #
#                             Running Terraform plan                                    #
#                                                                                       #
#########################################################################################


Error: Missing required argument

  on module.tf line 34, in module "common_infrastructure":
  34: module "common_infrastructure" {

The argument "hana_dual_nics" is required, but no definition was found.

To reproduce
Steps to reproduce the behavior:

1. Execute the 03-sap-system-deployment.yaml pipeline.

Expected behavior
For values which are not defined in the sample system tfvars file, this should follow the same pattern of having a default value secified in the variable definition file.

Additional context
Variable defined on line 86 in deploy\terraform\terraform-units\modules\sap_system\common_infrastructure\variables_local.tf should have a default value set.

Describe the bug
Deployment error in preparing the region.
The deployment service principle does not have secrets get permission on key vault.
An unknown ID 70000000-0000-0000-0000-000000000000 visible in key vault access policy tab.

To reproduce
Steps to reproduce the behavior:
Deploy the region

Expected behavior
grant the correct service principle secret get permission

Additional context
deployment via devops

When I use SAP automation framework tutorial for deployment Hands-on lab ..After setting environment variable and other pre-requisites steps , when I execute the

"${DEPLOYMENT_REPO_PATH}/deploy/scripts/prepare_region.sh " to deploy the deployer -- I am running into key vault issue

==============
########################################################################################

during the plan phase

#########################################################################################

╷
│ Error: Error in function call
│
│ on ../../terraform-units/modules/sap_deployer/key_vault.tf line 120, in resource "azurerm_key_vault_access_policy" "kv_user_pre_deployer":
│ 120: object_id = coalesce(
│ 121: data.azurerm_client_config.deployer.object_id,
│ 122: data.azurerm_client_config.deployer.client_id,
│ 123: var.arm_client_id
│ 124: )
│ ├────────────────
│ │ data.azurerm_client_config.deployer.client_id is ""
│ │ data.azurerm_client_config.deployer.object_id is ""
│ │ var.arm_client_id is ""
│
│ Call to function "coalesce" failed: no non-null, non-empty-string
│ arguments.
╵
satish@Azure:~/Azure_SAP_Automated_Deployment/WORKSPACES$

Appreciate any help on this ..

Satish Gurjar

Describe the bug
I get the syntax error when i try to run the OS SAP Specific Configuration:

To reproduce
Steps to reproduce the behavior:

1. Go to '...'
   ~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/configuration_menu.sh

2. Click on '....'
   Option 2

3. See error

Read vars_file 'vars/ansible-input-api.yaml'
Read vars_file 'vars/ansible-input-api.yaml'
Read vars_file 'vars/ansible-input-api.yaml'
Read vars_file 'vars/ansible-input-api.yaml'
Read vars_file 'vars/ansible-input-api.yaml'

ERROR! We were unable to read either as JSON nor YAML, these are the errors we got from each: JSON: Expecting value: line 1 column 1 (char O)
Syntax Error while loading YAML .
could not find expected ':'

The error appears to be in /home/azureadm/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/roles-sap-os/2.6-sap-mounts/tasks/2.6.0-afs-mounts.yaml': line 94, column 15, but may be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:

<<<<<<< HEAD
when: MULTI_SIDS is defined
^ here

Additional context
I also tried inputting variables in the following Ansible to configure page as follows, yet the same error occurred.

sap_params_file=sap-parameters.yaml

if [[ ! -e "${sap_params_file}" ]]; then
echo "Error: '${sap_params_file}' file not found!"
exit 1
fi

"# Extract the sap_sid from the sap_params_file, so that we can determine
"# the inventory file name to use.
sap_sid="$(awk '$1 == "sap_sid:" {print $2}' ${sap_params_file})"

kv_name="$(awk '$1 == "kv_name:" {print $2}' ${sap_params_file})"

prefix="$(awk '$1 == "secret_prefix:" {print $2}' ${sap_params_file})"
password_secret_name=$prefix-sid-password

password_secret=$(az keyvault secret show --vault-name ${kv_name} --name ${password_secret_name} | jq -r .value)

export ANSIBLE_PASSWORD=$password_secret
export ANSIBLE_INVENTORY="${sap_sid}_hosts.yaml"
export ANSIBLE_PRIVATE_KEY_FILE=sshkey
export ANSIBLE_COLLECTIONS_PATHS=/opt/ansible/collections${ANSIBLE_COLLECTIONS_PATHS:+${ANSIBLE_COLLECTIONS_PATHS}}
export ANSIBLE_REMOTE_USER=azureadm

"# Ref: https://docs.ansible.com/ansible/2.9/reference_appendices/interpreter_discovery.html
"# Silence warnings about Python interpreter discovery
export ANSIBLE_PYTHON_INTERPRETER=auto_silent

"# Set of options that will be passed to the ansible-playbook command
playbook_options=(
--inventory-file="${sap_sid}_hosts.yaml"
--private-key=${ANSIBLE_PRIVATE_KEY_FILE}
--extra-vars="_workspace_directory=pwd"
--extra-vars="@${sap_params_file}"
-e ansible_ssh_pass='{{ lookup("env", "ANSIBLE_PASSWORD") }}'
"${@}"
)

ansible-playbook "${playbook_options[@]}" ~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/playbook_01_os_base_config.yaml

(the quotes before number signs have put by me to simplify the view.)

Is your feature request related to a problem? Please describe.
I think it would be a good idea to utilize the SAP Ansible collection instead of maintaining own ansible code
https://github.com/sap-linuxlab/community.sap_install
(Or merge your roles into the SAP roles)

Greetings
Klaas

[Enhancement]

[Observation]
Current schema backup directory for S4HANA and NetWeaver in DBLoad stage is set to /usr/sap//backup/data/DB_HDB.
During installation, this schema export crosses 77GB for S4CORE and ~40GB for NetWeaver.
For Small systems where /usr/sap is provided as a 1 x P6 ( as per MSFT documenation ), this will result in installation failure.
Resuming installation requires manually dropping the Schema 'SAPHANADB' and restarting setup.

[Primary Fix]
Change the "NW_Recovery_Install_HDB.extractLocation" to /hana/backup in DBLoad template

[Alternative Fix]
/hana/shared can be used as well where this volume is minimum of 1.25x the VM Memory size.

Describe the bug
When HA is enabled (modedatabase_high_availability=true) and AvZones are specified (e.g. database_vm_zones=["2","3"]), the name of both HANA VM and related NICs contain only the first zone number:

• DEV-WEEU-SAP01-HDB_hdbdhdb_z2_00l0b9e
• DEV-WEEU-SAP01-HDB_hdbdhdb_z2_00l1b9e

Expected behaviour
Expected name of resources should be:

• DEV-WEEU-SAP01-HDB_hdbdhdb_z2_00l0b9e
• DEV-WEEU-SAP01-HDB_hdbdhdb_z3_00l0b9e

Running prepare_region.sh get this error.

Error: "network_acls.0.ip_rules.0" is not a valid IPv4 address: "f8f3db70-239b-4fc6-ad2a-1c386961a5df"

with module.sap_landscape.azurerm_key_vault.kv_user[0],
on ../../terraform-units/modules/sap_landscape/key_vault_sap_landscape.tf line 61, in resource "azurerm_key_vault" "kv_user":
61: ip_rules = var.use_private_endpoint ? (
62: compact
63: (
64: [
65: length(local.deployer_public_ip_address) > 0 ? local.deployer_public_ip_address : "",
66: length(var.Agent_IP) > 0 ? var.Agent_IP : ""
67: ]
68: )) : (
69: [
70: length(var.Agent_IP) > 0 ? var.Agent_IP : ""
71: ]
72: )

Describe the bug
When running SAP installation with options 1) Base OS Config and 2) SAP specific OS Config I get error during the task roles-os/1.3-repository : Check that zypper repos are registered:

fatal: [hdbscs00lb9e]: FAILED! => {"changed": false, "cmd": ["zypper", "lr"], "delta": "0:00:00.798262", "end": "2022-01-07 08:37:47.944257", "msg": "non-zero return code", "rc": 6, "start": "2022-01-07 08:37:47.145995", "stderr": "", "stderr_lines": [], "stdout": "Warning: No repositories defined.\nUse the 'zypper addrepo' command to add one or more repositories.", "stdout_lines": ["Warning: No repositories defined.", "Use the 'zypper addrepo' command to add one or more repositories."]}

When following the steps in the hands on lab and when I get to the part of the section where I have to execute configuration_menu.sh it errors on menu item 3. I believe that there is a step missing in the hands on lab to run the generate_bom.sh before executing step 3 of BOM processing.

Here is the error message when I execute option 3 of the configuration_menu.sh

Please select playbook: 3
You selected (3) BOM Processing

PLAY [localhost] ***************************************************************************************************************************************************************************************************************************************************************************************
Thursday 13 January 2022 13:56:02 +0000 (0:00:00.020) 0:00:00.020 ******

TASK [Load the SAP parameters] *************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:02 +0000 (0:00:00.040) 0:00:00.060 ******

TASK [Construct SSH key secret name] *******************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:02 +0000 (0:00:00.037) 0:00:00.097 ******

TASK [Retrieve SSH Key secret details] *****************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:03 +0000 (0:00:00.920) 0:00:01.018 ******

TASK [Extract SSH Key content from secret details] *****************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:03 +0000 (0:00:00.039) 0:00:01.057 ******

TASK [Determine SSH key file name] *********************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:03 +0000 (0:00:00.039) 0:00:01.096 ******

TASK [Determine SSH key file path] *********************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:03 +0000 (0:00:00.039) 0:00:01.135 ******

TASK [Write out SSH Key content as sshkey file] ********************************************************************************************************************************************************************************************************************************************************
ok: [localhost]

PLAY RECAP *********************************************************************************************************************************************************************************************************************************************************************************************
localhost : ok=7 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Thursday 13 January 2022 13:56:04 +0000 (0:00:00.542) 0:00:01.678 ******

Retrieve SSH Key secret details ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.92s
Write out SSH Key content as sshkey file -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.54s
Load the SAP parameters ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
Extract SSH Key content from secret details ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
Determine SSH key file path --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
Determine SSH key file name --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
Construct SSH key secret name ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s

PLAY [Get Storage account details from KeyVault] *******************************************************************************************************************************************************************************************************************************************************
Thursday 13 January 2022 13:56:04 +0000 (0:00:00.034) 0:00:01.712 ******

TASK [Set 'sa' tier] ***********************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:04 +0000 (0:00:00.037) 0:00:01.749 ******

TASK [Remove .step3 flag] ******************************************************************************************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:04 +0000 (0:00:00.333) 0:00:02.083 ******
Thursday 13 January 2022 13:56:04 +0000 (0:00:00.043) 0:00:02.126 ******
Thursday 13 January 2022 13:56:04 +0000 (0:00:00.035) 0:00:02.162 ******

TASK [roles-misc/0.3.sap-installation-media-storage-details : Workload Keyvault name] ******************************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:04 +0000 (0:00:00.037) 0:00:02.199 ******

TASK [roles-misc/0.3.sap-installation-media-storage-details : Get Deployer Keyvault name from keyvault] ************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:05 +0000 (0:00:00.802) 0:00:03.002 ******
Thursday 13 January 2022 13:56:05 +0000 (0:00:00.035) 0:00:03.037 ******

TASK [roles-misc/0.3.sap-installation-media-storage-details : Save Deployer Keyvault name] *************************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:05 +0000 (0:00:00.040) 0:00:03.078 ******
Thursday 13 January 2022 13:56:05 +0000 (0:00:00.037) 0:00:03.116 ******

TASK [roles-misc/0.3.sap-installation-media-storage-details : Extract SAP Binaries Storage Account information] ****************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:06 +0000 (0:00:00.801) 0:00:03.917 ******

TASK [roles-misc/0.3.sap-installation-media-storage-details : Save SAP Binaries Storage Account information] *******************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:06 +0000 (0:00:00.037) 0:00:03.955 ******
Thursday 13 January 2022 13:56:06 +0000 (0:00:00.036) 0:00:03.992 ******

TASK [roles-misc/0.3.sap-installation-media-storage-details : Extract SAP Binaries Storage Account SAS] ************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:07 +0000 (0:00:00.791) 0:00:04.783 ******

TASK [roles-misc/0.3.sap-installation-media-storage-details : Extract SAP Binaries Storage Account SAS] ************************************************************************************************************************************************************************************************
ok: [localhost]
Thursday 13 January 2022 13:56:07 +0000 (0:00:00.038) 0:00:04.822 ******

PLAY [BOM Processing] **********************************************************************************************************************************************************************************************************************************************************************************
Thursday 13 January 2022 13:56:07 +0000 (0:00:00.056) 0:00:04.878 ******

TASK [Gathering Facts] *********************************************************************************************************************************************************************************************************************************************************************************
ok: [x00scs00le3f]
Thursday 13 January 2022 13:56:09 +0000 (0:00:01.576) 0:00:06.454 ******

TASK [Set facts] ***************************************************************************************************************************************************************************************************************************************************************************************
ok: [x00scs00le3f]
Thursday 13 January 2022 13:56:09 +0000 (0:00:00.031) 0:00:06.486 ******
Thursday 13 January 2022 13:56:09 +0000 (0:00:00.033) 0:00:06.519 ******

TASK [roles-sap/3.3-bom-processing : Check required variables are present and not empty] ***************************************************************************************************************************************************************************************************************
ok: [x00scs00le3f] => {
"changed": false,
"msg": "All assertions passed"
}
Thursday 13 January 2022 13:56:09 +0000 (0:00:00.038) 0:00:06.558 ******

TASK [roles-sap/3.3-bom-processing : Check required variables are present and not empty (bom)] *********************************************************************************************************************************************************************************************************
fatal: [x00scs00le3f]: FAILED! => {
"assertion": "bom_base_name | type_debug != 'NoneType'",
"changed": false,
"evaluated_to": false,
"msg": "Please ensure that the BOM details are provided"
}

PLAY RECAP *********************************************************************************************************************************************************************************************************************************************************************************************
localhost : ok=16 changed=0 unreachable=0 failed=0 skipped=5 rescued=0 ignored=0
x00scs00le3f : ok=3 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

Thursday 13 January 2022 13:56:09 +0000 (0:00:00.025) 0:00:06.583 ******

Gathering Facts --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 1.58s
Retrieve SSH Key secret details ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.92s
roles-misc/0.3.sap-installation-media-storage-details : Get Deployer Keyvault name from keyvault ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.80s
roles-misc/0.3.sap-installation-media-storage-details : Extract SAP Binaries Storage Account information ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.80s
roles-misc/0.3.sap-installation-media-storage-details : Extract SAP Binaries Storage Account SAS ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.79s
Write out SSH Key content as sshkey file -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.54s
Remove .step3 flag ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.33s
roles-misc/0.3.sap-installation-media-storage-details : Debug, SAS Token ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.06s
Include 0.3.sap-installation-media-storage-details role ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
roles-misc/0.3.sap-installation-media-storage-details : Save Deployer Keyvault name ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
Load the SAP parameters ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
Extract SSH Key content from secret details ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
Determine SSH key file path --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
Determine SSH key file name --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
roles-misc/0.3.sap-installation-media-storage-details : Extract SAP Binaries Storage Account SAS ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.04s
roles-sap/3.3-bom-processing : Check required variables are present and not empty --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
roles-misc/0.3.sap-installation-media-storage-details : Debug, Deployer Keyvault ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
Set 'sa' tier ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
roles-misc/0.3.sap-installation-media-storage-details : Save SAP Binaries Storage Account information ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.04s
roles-misc/0.3.sap-installation-media-storage-details : Workload Keyvault name ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 0.04s

Describe the bug
Pipeline 5: Validate the input parameters
TASK [Check internet connectivity]
fatal: [aznlslx1]: FAILED! => {"changed": false, "content": "", "elapsed": 30, "msg": "Status code was -1 and not [200]: Request failed: ", "redirected": false, "status": -1, "url": "http://www.github.com"}

To reproduce
Run Pipeline 5 in an environment without internet connectivity

Expected behavior
Validate the input parameters successful without internet connectivity

Additional context
none

Describe the bug
A clear and concise description of what the bug is.

I'm following hands-on lab - https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/automation-tutorial

While running prepare_region.sh, I see this error

module.sap_deployer.azurerm_subnet_network_security_group_association.associate_nsg_mgmt[0]: Creating...
module.sap_deployer.azurerm_subnet_network_security_group_association.associate_nsg_mgmt[0]: Creation complete after 8s [id=/subscriptions/49d64d54-e966-4c46-a868-1999802b762c/resourceGroups/MGMT-EAUS-DEP00-INFRASTRUCTURE/providers/Microsoft.Network/virtualNetworks/MGMT-EAUS-DEP00-vnet/subnets/MGMT-EAUS-DEP00_deployment-subnet]
module.sap_deployer.null_resource.prepare-deployer[0]: Still creating... [20s elapsed]
module.sap_deployer.null_resource.prepare-deployer[0]: Still creating... [30s elapsed]
Releasing state lock. This may take a few moments...

#########################################################################################

!Errors during the apply phase!

#########################################################################################

╷
│ Error: file provisioner error
│
│ with module.sap_deployer.null_resource.prepare-deployer[0],
│ on ../../terraform-units/modules/sap_deployer/configure-deployer.tf line 22, in resource "null_resource" "prepare-deployer":
│ 22: provisioner "file" {
│
│ timeout - last error: dial tcp 20.120.121.156:22: i/o timeout

To reproduce
Steps to reproduce the behavior:

1. Follow SDAF hands-on lab
2. Run prepare_region.sh as a step in the lab
3. See error

Expected behavior

Script should succeed

This could be related to Microsoft tenant policies which block access to public IP via ssh.

Describe the bug
Error: Unsupported attribute
│
│ on ../../terraform-units/modules/sap_deployer/configure-deployer.tf line 16, in resource "null_resource" "prepare-deployer":
│ 16: user = var.deployer.authentication.username
│ ├────────────────
│ │ var.deployer.authentication is object with 1 attribute "type"
│
│ This object does not have an attribute named "username".
╵
╷
│ Error: Unsupported attribute
│
│ on ../../terraform-units/modules/sap_deployer/configure-deployer.tf line 17, in resource "null_resource" "prepare-deployer":
│ 17: private_key = var.deployer.authentication.type == "key" ? var.deployer.authentication.sshkey.private_key : null
│ ├────────────────
│ │ var.deployer.authentication is object with 1 attribute "type"
│
│ This object does not have an attribute named "sshkey".

Describe the bug
the following error is reported during download of the BOM "S41909SPS03_v0008ms" by using

cd ~/Azure_SAP_Automated_Deployment/WORKSPACES/BOMS
~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/download_menu.sh

ASK [roles-sap/0.1-bom-validator : BOM: S41909SPS03_v0008ms Download File SWPM20SP10_3-80003424.SAR] ****************************************************************************************
fatal: [localhost]: FAILED! => {"attempts": 1, "changed": false, "dest": "/mnt/downloads/files/SWPM20SP10_3-80003424.SAR", "elapsed": 0, "msg": "Request failed", "response": "HTTP Error 404: Not Found", "status_code": 404, "url": "https://softwaredownloads.sap.com/file/0020000001808612021"}

Changes made to ~/Azure_SAP_Automated_Deployment/sap-automation/deploy/ansible/BOM-catalog/S41909SPS03_v0008ms/S41909SPS03_v0008ms.yaml

#Comments
before:

name: 'S41909SPS03_v0006ms'
target: 'S/4 HANA 1909 SPS 03'
version: 7

after:

name: 'S41909SPS03_v0008ms'
target: 'S/4 HANA 1909 SPS 03'
version: 8

SWPM

before:

- name:         "SWPM20SP10; OS: Linux on x86_64 64bit"
  archive:      SWPM20SP10_3-80003424.SAR
  checksum:     1d8cf46f4ad43aea7eca0174fb1b6d9fb1e01bde5d9882388064dc10d61a0495
  extract:      true
  extractDir:   SWPM
  creates:      SIGNATURE.SMF
  url:          https://softwaredownloads.sap.com/file/0020000001808612021

after:

- name:         "SWPM20SP10; OS: Linux on x86_64 64bit"
  archive:      SWPM20SP10_4-80003424.SAR
  checksum:     8dcdf68d52d95a2a1aa7322ef986a1154b36269fd07313bd1afe48013c07b4ee
  extract:      true
  extractDir:   SWPM
  creates:      SIGNATURE.SMF
  url:          https://softwaredownloads.sap.com/file/0020000001848492021

#SUM
before:

- name:         "Patch 4 for SOFTWARE UPDATE MANAGER 2.0 SP12 ; OS: Linux on x86_64 64bit"
  archive:      SUM20SP12_4-80002456.SAR
  checksum:     dd1b677342bbda47d9585fffc6a7107f845b41b3d114f895d954c19d70987087
  download:     false
  url:          https://softwaredownloads.sap.com/file/0020000001731572021

after:

- name:         "Patch 5 for SOFTWARE UPDATE MANAGER 2.0 SP12 ; OS: Linux on x86_64 64bit"
  archive:      SUM20SP12_5-80002456.SAR
  checksum:     c774960a82d651e57bec8f0de436e3d7d6859ed6bbf08ec25306b6678d5f1a28
  download:     false
  url:          https://softwaredownloads.sap.com/file/0020000001834832021

Is your feature request related to a problem? Please describe.
All SAP systems are installed on secondary virtual IPs to allow adaptive compute approach.

Describe the solution you'd like
Please add the possibly to deploy a secondary IP address.

Describe alternatives you've considered
For now this is a manual additional step which doesn't make sense and is a show-stopper to use the automation framework.

Additional context
https://techcommunity.microsoft.com/t5/running-sap-applications-on-the/use-sap-virtual-host-names-with-linux-in-azure/ba-p/3251593

Describe the bug
The Storage Container SAS token doesn't work

To reproduce
Setup everything according to documentation and try to download sap binaries.
The error
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Authentication error, please check the SAS token"}
will complain that the SAS token is incorrect.

Expected behavior
SAS Token as created and placed in to keyvault during control plane deployment is usable

Additional context
The workaround is:
Create the SAS token for the sapbits container manually again and update the secret in the keyvault with a leading "?":
storage account: e.g. mgmtnoeusaplibcde -> container "sapbits"
keyvault: e.g. MGMTNOEUDEP00userEAC
secret: sapbits-sas-token
set a new value: ?

Is your feature request related to a problem? Please describe.
When the pipeline for BOM processing is started after a deallocation it will fail as /mnt/resource will vanish with the deallocation

Describe the solution you'd like
Create the temp donwload folder /mnt/resource in the bom processing pipeline if it doesn't exist

Describe alternatives you've considered
none

Additional context
none

Is your feature request related to a problem? Please describe.
Please add a playbook and pipeline to allow automatic HANA performance testing with HCMT

Describe the solution you'd like

• Add the HCMT to the BOM for binary upload to storage account
• Add an ansible playbook for the execution
• Add a pipeline to handle the execution from DevOps

Describe alternatives you've considered

• Manual execution is no fun ;-)

Additional context
none

Problem statement
Often customers and partner do not wish to have a public IP on the deployer VM.
Then it becomes complicated for them to connect to it.
Azure bastion would help very much.

Enhancement
Please add the possibility to deploy the Azure bastion service as part of the prepare region step

Notes
n.a.

Dependencies
n.a.

Checklist
n.a.

Script ${DEPLOYMENT_REPO_PATH}/deploy/scripts/prepare_region.sh terminated with the error below:

module.sap_deployer.null_resource.prepare-deployer[0] (remote-exec): + sudo -H /opt/ansible/venv/2.9/bin/ansible-galaxy collection install azure.azcollection --force --collections-path /opt/ansible/collections
module.sap_deployer.null_resource.prepare-deployer[0] (remote-exec): ERROR! Unexpected Exception, this is probably a bug: cannot import name 'AnsibleCollectionLoader' from 'ansible.utils.collection_loader' (/opt/ansible/venv/2.9/lib/python3.8/site-packages/ansible/utils/collection_loader/init.py)

Steps to reproduce the behavior:
Run script ${DEPLOYMENT_REPO_PATH}/deploy/scripts/prepare_region.sh along with the options as outlined in the documentation.

Describe the bug
I'm following the DevOps hands-on-lab and am using the samples/WORKSPACES/SYSTEM/DEV-WEEU-SAP01-X00 sample configuration.

Provisioning of control plane and Workload zone through ADO pipelines successfully completed.

When executing the 03-sap-system-deployment.yml pipeline from Azure DevOps the following error is thrown.

#########################################################################################
#                                                                                       #
#                             Running Terraform plan                                    #
#                                                                                       #
#########################################################################################


Error: Invalid function argument

  on ../../terraform-units/modules/sap_system/app_tier/variables_local.tf line 312, in locals:
 312:   app_sizing = lookup(local.sizes.app, local.vm_sizing)
    ├────────────────
    │ local.sizes.app is object with 2 attributes

Invalid value for "inputMap" parameter: the given object has no attribute
"Optimized".

Error: Invalid function argument

  on ../../terraform-units/modules/sap_system/app_tier/variables_local.tf line 314, in locals:
 314:   scs_sizing = lookup(local.sizes.scs, local.vm_sizing)
    ├────────────────
    │ local.sizes.scs is object with 2 attributes

Invalid value for "inputMap" parameter: the given object has no attribute
"Optimized".

Error: Invalid function argument

  on ../../terraform-units/modules/sap_system/app_tier/variables_local.tf line 316, in locals:
 316:   web_sizing = lookup(local.sizes.web, local.vm_sizing)
    ├────────────────
    │ local.sizes.web is object with 2 attributes

Invalid value for "inputMap" parameter: the given object has no attribute
"Optimized".

After some investigation, found that the file /deploy/configs/app_sizes.json does NOT contain an Optimized property for the app tier, Default and Production are the only two options.

To resolve I've made the following update to the tfvars file.

To reproduce
Steps to reproduce the behavior:

1. Setup ADO project
2. Follow instructions https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/sap/automation-devops-tutorial to deploy the Control Plane, Workload Zone and finally the SAP System step.

Expected behavior
The environment should be successfully provisioned.

Additional context
Add any other context about the problem here.

Problem statement
Setting up SAP HANA Backups involves manual steps that can be automated.

Enhancement
Please automate the setup of HANA Backups. You might leverage these existing scripts
https://github.com/mimergel/sap-hana-vm/blob/main/Ansible/roles/backup/tasks/main.yml
https://github.com/mimergel/sap-hana-vm/blob/main/Scripts/BackupEnableHANA.ps1

Notes
n.a.

Dependencies
n.a.

Checklist
n.a.

Feature
Please provide deployment support for Azure Netapp Files Application Volume Group.
This requires manual QoS capacity pool. therefore settings of throughput_in_mibps will be required as well.

Solution
Using the deployment automation framework for ANF and AVG to ensure storage and DB are in close proximity for optimal performance.
https://docs.microsoft.com/en-us/azure/azure-netapp-files/application-volume-group-introduction

Alternatives
Until this feature is available separate terraform scripts and manual mounting is required.

Additional context
Please also add ANF related OS parameters

Feature
Please provide deployment support for Azure Netapp Files Application Volume Group.
This requires manual QoS capacity pool. therefore settings of throughput_in_mibps will be required as well.

Solution
Using the deployment automation framework for ANF and AVG to ensure storage and DB are in close proximity for optimal performance.
https://docs.microsoft.com/en-us/azure/azure-netapp-files/application-volume-group-introduction

Alternatives
Until this feature is available separate terraform scripts and manual mounting is required.

Additional context
Please also add ANF related OS parameters

after starting ${DEPLOYMENT_REPO_PATH}/deploy/scripts/prepare_region.sh, I got this error.
is there any bugfix related?
Thanks.

#########################################################################################

Errors during the plan phase

#########################################################################################
Error: building account: getting authenticated object ID: listing Service Principals: autorest.DetailedError{Original:adal.tokenRefreshError{message:"adal: Refresh request failed. Status Code = '401'. Response body: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '---------------b827-47f2f44c68e5'.\r\nTrace ID: 34---------de-9b32-b71abd00cd00\r\nCorrelation ID: --------f8-4f3c-82a1-287613737fb3\r\nTimestamp: 2022-02-05 22:06:19Z","error_codes":[7000215],"timestamp":"2022-02-05 22:06:19Z","trace_id":"34317ac3-14------------0","correlation_id":"8690794d-13f8-4f3c-82a1-287613737fb3","error_uri":"https://login.microsoftonline.com/error?code=7000215\"} Endpoint https://login.microsoftonline.com/------------/oauth2/token?api-version=1.0", resp:(*http.Response)(0xc001a62120)}, PackageType:"azure.BearerAuthorizer", Method:"WithAuthorization", StatusCode:401, Message:"Failed to refresh the Token for request to https://graph.windows.net/-------------/servicePrincipals?%24filter=appId+eq+%-----------5%27&api-version=1.6", ServiceError:[]uint8(nil), Response:(*http.Response)(0xc001a62120)}

with provider["registry.terraform.io/hashicorp/azurerm"],
on providers.tf line 20, in provider "azurerm":
20: provider "azurerm" {

Error: building client: unable to obtain access token: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '-----------'.\r\nTrace ID: ---------------ee933cd00\r\nCorrelation ID: 9ff2778f-1ab----------bbc0\r\nTimestamp: 2022-02-05 22:06:18Z","error_codes":[7000215],"timestamp":"2022-02-05 22:06:18Z","trace_id":"4d90503d-6363-4a---8bdee933cd00","correlation_id":"-
with provider["registry.terraform.io/hashicorp/azuread"],
on providers.tf line 33, in provider "azuread":
33: provider "azuread" {

Is your feature request related to a problem? Please describe.
When running the code, I was troubled to see an entry in my logs consistently talking about an Authentication error. This caused me to check several times as to whether I actually had an issue - although I could see that the step was skipped and that files were uploading, it did cause me to spend a few minutes to double check my processing.

The code is in ./sap-automation/deploy/ansible/roles-sap/0.1-bom-validator/tasks/bom_download.yaml - line 22 on main branch.

Describe the solution you'd like
It would be better to have a title like

Check Storage Authentication BOM: {{ bom_name }} {{ item.archive }}

That way, if I get any response then I know I could have an issue, if it is skipped I know it is a check and not an actual issue.

Is your feature request related to a problem? Please describe.
When using Azure Netapp Files (ANF) and having DEV, QUA, PROD, ... separated in different Workloadzones with separate VNETs there is a need to use Azure Files NFS (AFS) for NFS mounts cross workloadzones (e.g. for SAPTRANS).

Describe the solution you'd like
Please introduce the possibility to deploy ANF and AFS in parallel.

Describe alternatives you've considered
Deployment and mounting of /usr/sap/trans + install + interface + etc. separately.

Additional context

Describe the bug
When running Ansible tool chain as standalone, task 1.11 throws error 'item' is undefined when looping through the item list variables 'admin_groups' & 'admin_users'

TASK [roles-os/1.11-accounts : 1.11 Accounts - Create specified admin groups if needed tier: {{ tier }}] ***********************************************************************************************************task path: /xxxxxx/sap-automation/deploy/ansible/roles-os/1.11-accounts/tasks/main.yml:27
The conditional check 'item.enabled | bool' failed. The error was: error while evaluating conditional (item.enabled | bool): 'item' is undefined

The error appears to be in '/xxxxxx/sap-automation/deploy/ansible/roles-os/1.11-accounts/tasks/main.yml': line 27, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

by the following user actions

• name: "1.11 Accounts - Create specified admin groups if needed tier: {{ tier }}"
  ^ here
  We could be wrong, but this one looks like it might be an issue with
  missing quotes. Always quote template expression brackets when they
  start a value. For instance:

  with_items:
  - {{ foo }}

Should be written as:

with_items:
  - "{{ foo }}"

fatal: [hana-01]: FAILED! => {"msg": "[{'name': 'example', 'gid': '2000', 'state': 'present', 'tier': 'example', 'enabled': True, 'node_tier': 'none'}, {'name': 'sapsys', 'gid': '{{ sapsys_gid }}', 'state': 'present', 'tier': 'os', 'enabled': True, 'node_tier': 'all'}, {'name': 'sapinst', 'gid': '{{ sapinst_gid }}', 'state': 'present', 'tier': 'os', 'enabled': True, 'node_tier': 'all'}, {'name': 'dba', 'gid': '{{ dba_gid }}', 'state': 'present', 'tier': 'ora', 'enabled': True, 'node_tier': 'oracle'}, {'name': 'oper', 'gid': '{{ oper_gid }}', 'state': 'present', 'tier': 'ora', 'enabled': True, 'node_tier': 'oracle'}, {'name': 'asmoper', 'gid': '{{ asmoper_gid }}', 'state': 'present', 'tier': 'ora', 'enabled': True, 'node_tier': 'oracle'}, {'name': 'asmadmin', 'gid': '{{ asmadmin_gid }}', 'state': 'present', 'tier': 'ora', 'enabled': True, 'node_tier': 'oracle'}, {'name': 'asmdba', 'gid': '{{ asmdba_gid }}', 'state': 'present', 'tier': 'ora', 'enabled': True, 'node_tier': 'oracle'}, {'name': 'oinstall', 'gid': '{{ oinstall_gid }}', 'state': 'present', 'tier': 'ora', 'enabled': True, 'node_tier': 'oracle'}, {'name': 'dba', 'gid': '{{ dba_gid }}', 'state': 'present', 'tier': 'oraasm', 'enabled': True, 'node_tier': 'oracle-asm'}, {'name': 'oper', 'gid': '{{ oper_gid }}', 'state': 'present', 'tier': 'oraasm', 'enabled': True, 'node_tier': 'oracle-asm'}, {'name': 'asmoper', 'gid': '{{ asmoper_gid }}', 'state': 'present', 'tier': 'oraasm', 'enabled': True, 'node_tier': 'oracle-asm'}, {'name': 'asmadmin', 'gid': '{{ asmadmin_gid }}', 'state': 'present', 'tier': 'oraasm', 'enabled': True, 'node_tier': 'oracle-asm'}, {'name': 'asmdba', 'gid': '{{ asmdba_gid }}', 'state': 'present', 'tier': 'oraasm', 'enabled': True, 'node_tier': 'oracle-asm'}, {'name': 'oinstall', 'gid': '{{ oinstall_gid }}', 'state': 'present', 'tier': 'oraasm', 'enabled': True, 'node_tier': 'oracle-asm'}]: 'dba_gid' is undefined"}
The conditional check 'item.enabled | bool' failed. The error was: error while evaluating conditional (item.enabled | bool): 'item' is undefined

The error appears to be in '/xxxxxx/sap-automation/deploy/ansible/roles-os/1.11-accounts/tasks/main.yml': line 27, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

by the following user actions

• name: "1.11 Accounts - Create specified admin groups if needed tier: {{ tier }}"
  ^ here
  We could be wrong, but this one looks like it might be an issue with
  missing quotes. Always quote template expression brackets when they
  start a value. For instance:

  with_items:
  - {{ foo }}

Should be written as:

with_items:
  - "{{ foo }}"

fatal: [app-01]: FAILED! => {"msg": "[{'name': 'example', 'gid': '2000', 'state': 'present', 'tier': 'example', 'enabled': True, 'node_tier': 'none'}, {'name': 'sapsys', 'gid': '{{ sapsys_gid }}', 'state': 'present', 'tier': 'os', 'enabled': True, 'node_tier': 'all'}, {'name': 'sapinst', 'gid': '{{ sapinst_gid }}', 'state': 'present', 'tier': 'os', 'enabled': True, 'node_tier': 'all'}, {'name': 'dba', 'gid': '{{ dba_gid }}', 'state': 'present', 'tier': 'ora', 'enabled': True, 'node_tier': 'oracle'}, {'name': 'oper', 'gid': '{{ oper_gid }}', 'state': 'present', 'tier': 'ora', 'enabled': True, 'node_tier': 'oracle'}, {'name': 'asmoper', 'gid': '{{ asmoper_gid }}', 'state': 'present', 'tier': 'ora', 'enabled': True, 'node_tier': 'oracle'}, {'name': 'asmadmin', 'gid': '{{ asmadmin_gid }}', 'state': 'present', 'tier': 'ora', 'enabled': True, 'node_tier': 'oracle'}, {'name': 'asmdba', 'gid': '{{ asmdba_gid }}', 'state': 'present', 'tier': 'ora', 'enabled': True, 'node_tier': 'oracle'}, {'name': 'oinstall', 'gid': '{{ oinstall_gid }}', 'state': 'present', 'tier': 'ora', 'enabled': True, 'node_tier': 'oracle'}, {'name': 'dba', 'gid': '{{ dba_gid }}', 'state': 'present', 'tier': 'oraasm', 'enabled': True, 'node_tier': 'oracle-asm'}, {'name': 'oper', 'gid': '{{ oper_gid }}', 'state': 'present', 'tier': 'oraasm', 'enabled': True, 'node_tier': 'oracle-asm'}, {'name': 'asmoper', 'gid': '{{ asmoper_gid }}', 'state': 'present', 'tier': 'oraasm', 'enabled': True, 'node_tier': 'oracle-asm'}, {'name': 'asmadmin', 'gid': '{{ asmadmin_gid }}', 'state': 'present', 'tier': 'oraasm', 'enabled': True, 'node_tier': 'oracle-asm'}, {'name': 'asmdba', 'gid': '{{ asmdba_gid }}', 'state': 'present', 'tier': 'oraasm', 'enabled': True, 'node_tier': 'oracle-asm'}, {'name': 'oinstall', 'gid': '{{ oinstall_gid }}', 'state': 'present', 'tier': 'oraasm', 'enabled': True, 'node_tier': 'oracle-asm'}]: 'dba_gid' is undefined"}

To reproduce
Steps to reproduce the behavior:
Execute playbook "playbook_01_00_01_os_base_config.yaml"

Expected behavior
Playbook execution should complete without errors.

Additional context
Code is running on Ubuntu 20.04 with ansible 2.11.5
Tested on Main and private-preview branch.
admin-accounts.yml is successfully loaded in /xxxxxx/sap-automation/deploy/ansible/roles-os/1.11-accounts/tasks/main.yml': line 22

ansible [core 2.11.5]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.8/dist-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0]
jinja version = 2.10.1
libyaml = True

Is your feature request related to a problem? Please describe.

When the Control Plane is deployed, the configure_deloyer.sh is hardcoded to clone the github repo.

# Azure SAP Automated Deployment directories
asad_home="${HOME}/Azure_SAP_Automated_Deployment"
asad_ws="${asad_home}/WORKSPACES"
asad_repo="https://github.com/Azure/sap-automation.git"
asad_dir="${asad_home}/$(basename ${asad_repo} .git)"

Describe the solution you'd like
Update the configure_deloyer.sh script to use a variable for the repo. When using ADO, this value should be set from the Repository variable defined in the SDAF-General varable group.

Describe alternatives you've considered
Current workaround is to manually replace the sap-automation repo on the deployer with the desired repo.

Additional context
n/a