From 6763d34aab2e904c9414796de6b7697f5dfd9887 Mon Sep 17 00:00:00 2001 From: Alessio Biancalana Date: Thu, 26 Sep 2024 16:54:36 +0200 Subject: [PATCH 1/2] Remove checks from the catalog since they now are in their own repo --- priv/catalog/00081D.yaml | 68 ------------------------------ priv/catalog/0B6DB2.yaml | 73 -------------------------------- priv/catalog/156F64.yaml | 74 --------------------------------- priv/catalog/15F7A8.yaml | 71 ------------------------------- priv/catalog/205AF7.yaml | 63 ---------------------------- priv/catalog/21FCA6.yaml | 72 -------------------------------- priv/catalog/222A57.yaml | 33 --------------- priv/catalog/24ABCB.yaml | 64 ---------------------------- priv/catalog/32CFC6.yaml | 62 --------------------------- priv/catalog/33403D.yaml | 87 -------------------------------------- priv/catalog/373DB8.yaml | 90 ---------------------------------------- priv/catalog/49591F.yaml | 73 -------------------------------- priv/catalog/53D035.yaml | 75 --------------------------------- priv/catalog/61451E.yaml | 62 --------------------------- priv/catalog/68626E.yaml | 43 ------------------- priv/catalog/6E9B82.yaml | 89 --------------------------------------- priv/catalog/790926.yaml | 56 ------------------------- priv/catalog/7E0221.yaml | 89 --------------------------------------- priv/catalog/816815.yaml | 61 --------------------------- priv/catalog/822E47.yaml | 68 ------------------------------ priv/catalog/845CC9.yaml | 69 ------------------------------ priv/catalog/9FAAD0.yaml | 29 ------------- priv/catalog/9FEFB0.yaml | 31 -------------- priv/catalog/A1244C.yaml | 74 --------------------------------- priv/catalog/B089BE.yaml | 51 ----------------------- priv/catalog/C3166E.yaml | 29 ------------- priv/catalog/C620DC.yaml | 74 --------------------------------- priv/catalog/CAEFF1.yaml | 54 ------------------------ priv/catalog/D028B9.yaml | 31 -------------- priv/catalog/D78671.yaml | 90 ---------------------------------------- priv/catalog/DA114A.yaml | 67 ------------------------------ priv/catalog/DC5429.yaml | 34 --------------- priv/catalog/F50AF5.yaml | 31 -------------- priv/catalog/FB0E0D.yaml | 73 -------------------------------- 34 files changed, 2110 deletions(-) delete mode 100644 priv/catalog/00081D.yaml delete mode 100644 priv/catalog/0B6DB2.yaml delete mode 100644 priv/catalog/156F64.yaml delete mode 100644 priv/catalog/15F7A8.yaml delete mode 100644 priv/catalog/205AF7.yaml delete mode 100644 priv/catalog/21FCA6.yaml delete mode 100644 priv/catalog/222A57.yaml delete mode 100644 priv/catalog/24ABCB.yaml delete mode 100644 priv/catalog/32CFC6.yaml delete mode 100644 priv/catalog/33403D.yaml delete mode 100644 priv/catalog/373DB8.yaml delete mode 100644 priv/catalog/49591F.yaml delete mode 100644 priv/catalog/53D035.yaml delete mode 100644 priv/catalog/61451E.yaml delete mode 100644 priv/catalog/68626E.yaml delete mode 100644 priv/catalog/6E9B82.yaml delete mode 100644 priv/catalog/790926.yaml delete mode 100644 priv/catalog/7E0221.yaml delete mode 100644 priv/catalog/816815.yaml delete mode 100644 priv/catalog/822E47.yaml delete mode 100644 priv/catalog/845CC9.yaml delete mode 100644 priv/catalog/9FAAD0.yaml delete mode 100644 priv/catalog/9FEFB0.yaml delete mode 100644 priv/catalog/A1244C.yaml delete mode 100644 priv/catalog/B089BE.yaml delete mode 100644 priv/catalog/C3166E.yaml delete mode 100644 priv/catalog/C620DC.yaml delete mode 100644 priv/catalog/CAEFF1.yaml delete mode 100644 priv/catalog/D028B9.yaml delete mode 100644 priv/catalog/D78671.yaml delete mode 100644 priv/catalog/DA114A.yaml delete mode 100644 priv/catalog/DC5429.yaml delete mode 100644 priv/catalog/F50AF5.yaml delete mode 100644 priv/catalog/FB0E0D.yaml diff --git a/priv/catalog/00081D.yaml b/priv/catalog/00081D.yaml deleted file mode 100644 index 07be18a0..00000000 --- a/priv/catalog/00081D.yaml +++ /dev/null @@ -1,68 +0,0 @@ -id: "00081D" -name: Check Corosync max_messages during runtime -group: Corosync -description: | - Corosync is running with max_messages set to the recommended value -remediation: | - ## Abstract - The runtime value of the Corosync `max_messages` parameter is not set as recommended. - - ## Remediation - Adjust the corosync `max_messages` count as recommended on the best practices, and reload the corosync service. - - 1. Set the correct `max_messages` count in the `totem` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - totem { - max_messages: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - AZURE: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - AWS: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: max_messages - gatherer: corosync-cmapctl@v1 - argument: runtime.config.totem.max_messages - -values: - - name: expected_max_messages - default: 20 - -expectations: - - name: expectations_max_messages - expect: facts.max_messages == values.expected_max_messages - failure_message: Corosync 'max_messages' value was expected to be '${values.expected_max_messages}' but value of running config is '${facts.max_messages}' diff --git a/priv/catalog/0B6DB2.yaml b/priv/catalog/0B6DB2.yaml deleted file mode 100644 index fa7f75b5..00000000 --- a/priv/catalog/0B6DB2.yaml +++ /dev/null @@ -1,73 +0,0 @@ -id: "0B6DB2" -name: SBD_PACEMAKER -group: SBD -description: | - SBD_PACEMAKER value is correctly set in SBD configuration (/etc/sysconfig/sbd) -remediation: | - ## Abstract - For proper SBD fencing, make sure that the integration with Pacemaker is enabled. - **IMPORTANT**: Always verify these steps in a testing environment before doing so in production ones! - - The SBD is not used in GCP or AWS environments. - ## Remediation - Run the following commands in order: - - 1. Put cluster into maintenance mode: - ```crm configure property maintenance-mode=true``` - 2. Stop the cluster: - ```crm cluster stop``` - 3. Set the SBD_PACEMAKER parameter to `yes` on `/etc/sysconfig/sbd`: - ``` - [...] - SBD_PACEMAKER="yes" - [...] - ``` - 4. Restart the cluster: - ```crm cluster start``` - 5. Put cluster out of maintenance mode - ```crm configure property maintenance-mode=false``` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#set-up-the-iscsi-target-server-sbd-device - - Nutanix: - - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#pro-ha-storage-protect-sbd-config - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#pro-ha-storage-protect-confdiskless - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-adapting-the-sbd-configuration - - SUSE / KVM: - - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#pro-ha-storage-protect-sbd-config - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#pro-ha-storage-protect-confdiskless - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-adapting-the-sbd-configuration - - VMware: - - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#pro-ha-storage-protect-sbd-config - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#pro-ha-storage-protect-confdiskless - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-adapting-the-sbd-configuration - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - provider: [azure, nutanix, kvm, vmware] - -facts: - - name: sbd_pacemaker - gatherer: sbd_config@v1 - argument: SBD_PACEMAKER - -values: - - name: expected_sbd_pacemaker - default: yes - -expectations: - - name: expectations_sbd_pacemaker - expect: facts.sbd_pacemaker == values.expected_sbd_pacemaker - failure_message: value of 'SBD_PACEMAKER' was expected to be '${values.expected_sbd_pacemaker}' but configured value in /etc/sysconfig/sbd is '${facts.sbd_pacemaker}' diff --git a/priv/catalog/156F64.yaml b/priv/catalog/156F64.yaml deleted file mode 100644 index c4f4ffa2..00000000 --- a/priv/catalog/156F64.yaml +++ /dev/null @@ -1,74 +0,0 @@ -id: "156F64" -name: Check Corosync token_timeout value -group: Corosync -description: | - Corosync `token` timeout is set to expected value -remediation: | - ## Abstract - The value of the Corosync `token` timeout is not set as recommended. - - ## Remediation - - Adjust the corosync `token` timeout as recommended on the best practices, and reload the corosync configuration - - 1. Set the correct `token` timeout in the `totem` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - totem { - token: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: corosync_token_timeout - gatherer: corosync.conf@v1 - argument: totem.token - -values: - - name: expected_token_timeout - default: 5000 - conditions: - - value: 30000 - when: env.provider == "azure" || env.provider == "aws" - - value: 20000 - when: env.provider == "gcp" - -expectations: - - name: token_timeout - expect: facts.corosync_token_timeout == values.expected_token_timeout - failure_message: Corosync 'token' timeout value was expected to be '${values.expected_token_timeout}' but configured value is '${facts.corosync_token_timeout}' diff --git a/priv/catalog/15F7A8.yaml b/priv/catalog/15F7A8.yaml deleted file mode 100644 index db352bb7..00000000 --- a/priv/catalog/15F7A8.yaml +++ /dev/null @@ -1,71 +0,0 @@ -id: "15F7A8" -name: Check Corosync token_retransmits_before_loss_const during runtime -group: Corosync -description: | - Corosync is running with `token_retransmits_before_loss_const` set to the recommended value -remediation: | - ## Abstract - The runtime value of the corosync `token_retransmits_before_loss_const` parameter is not set as recommended - - ## Remediation - Adjust the corosync `token_retransmits_before_loss_const` parameter as recommended on the best practices, and reload the corosync service. - - 1. Set the correct `token_retransmits_before_loss_const` count in the `totem` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - totem { - token_retransmits_before_loss_const: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - AZURE: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: token_retransmits - gatherer: corosync-cmapctl@v1 - argument: runtime.config.totem.token_retransmits_before_loss_const - -values: - - name: expected_token_retransmits - default: 10 - conditions: - - value: 6 - when: env.provider == "aws" - -expectations: - - name: expectations_token_retransmits - expect: facts.token_retransmits == values.expected_token_retransmits - failure_message: Corosync 'token_retransmits_before_loss_const' value was expected to be '${values.expected_token_retransmits}' but value of running config is '${facts.token_retransmits}' diff --git a/priv/catalog/205AF7.yaml b/priv/catalog/205AF7.yaml deleted file mode 100644 index 0f973797..00000000 --- a/priv/catalog/205AF7.yaml +++ /dev/null @@ -1,63 +0,0 @@ -id: "205AF7" -name: fencing enabled -group: Pacemaker -description: | - Fencing is enabled in the cluster properties 'cib-bootstrap-options': stonith-enabled -remediation: | - ## Abstract - Fencing is mandatory to guarantee data integrity for your SAP Applications. - Running a HA Cluster without fencing is not supported and might cause data loss. - - ## Remediation - Execute the following command to enable it: - ``` - crm configure property stonith-enabled=true - ``` - - ## References - AZURE: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#create-a-fencing-device-on-the-pacemaker-cluster - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-resources.html#sap-hana-on-aws-cluster-the-bootstrap - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#configure_the_general_cluster_properties - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-cluster-bootstrap-and-more - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#sec-ha-fencing-recommend - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-cluster-bootstrap-and-more - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#sec-ha-fencing-recommend - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-cluster-bootstrap-and-more - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#sec-ha-fencing-recommend - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: crm_config_properties - gatherer: cibadmin@v1 - argument: cib.configuration.crm_config.cluster_property_set - -expectations: - - name: expectations_fencing_enabled - expect: | - facts.crm_config_properties - .find(|item| item.id == "cib-bootstrap-options").nvpair - .find(|prop| prop.name == "stonith-enabled").value - failure_message: Fencing was expected to be enabled in the cluster configuration, but property 'stonith-enabled' is set to false or missing. diff --git a/priv/catalog/21FCA6.yaml b/priv/catalog/21FCA6.yaml deleted file mode 100644 index 5827345a..00000000 --- a/priv/catalog/21FCA6.yaml +++ /dev/null @@ -1,72 +0,0 @@ -id: "21FCA6" -name: Check Corosync token_retransmits_before_loss_const value -group: Corosync -description: | - Corosync `token_retransmits_before_loss_const` is set to expected value -remediation: | - ## Abstract - The Corosync `token_retransmits_before_loss_const` is set as recommended. - - ## Remediation - - Adjust the corosync `token_retransmits_before_loss_const` count as recommended on the best practices, and reload the corosync configuration - - 1. Set the correct `token_retransmits_before_loss_const` count in the `totem` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - totem { - token_retransmits_before_loss_const: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: corosync_token_retransmits_before_loss_const - gatherer: corosync.conf@v1 - argument: totem.token_retransmits_before_loss_const - -values: - - name: expected_token_retransmits_before_loss_const - default: 10 - conditions: - - value: 6 - when: env.provider == "aws" - -expectations: - - name: corosync_retransmits - expect: facts.corosync_token_retransmits_before_loss_const == values.expected_token_retransmits_before_loss_const - failure_message: Corosync 'token_retransmits_before_loss_const' value was expected to be '${values.expected_token_retransmits_before_loss_const}' but configured value is '${facts.corosync_token_retransmits_before_loss_const}' diff --git a/priv/catalog/222A57.yaml b/priv/catalog/222A57.yaml deleted file mode 100644 index e3710589..00000000 --- a/priv/catalog/222A57.yaml +++ /dev/null @@ -1,33 +0,0 @@ -id: "222A57" -name: supported sbd version -group: OS and package versions -description: | - SBD version is supported -remediation: | - ## Abstract - Installed SBD version must be equal or higher than the recommended version (1.4.0) - - ## Remediation - Install or upgrade to a supported SBD version - - ## Reference - The recommended minimal version of the sbd package is 1.4.0. - It is the *first* version supported with SUSE Linux Enterprise Server for SAP Applications 15 SP1. - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - provider: [azure, nutanix, kvm, vmware] - -facts: - - name: compare_sbd_version - gatherer: package_version@v1 - argument: sbd,1.4.0 - -expectations: - - name: expectations_sbd_version - expect: facts.compare_sbd_version < 1 - failure_message: The installed SBD version is older than the recommended version (1.4.0) diff --git a/priv/catalog/24ABCB.yaml b/priv/catalog/24ABCB.yaml deleted file mode 100644 index b5b700fe..00000000 --- a/priv/catalog/24ABCB.yaml +++ /dev/null @@ -1,64 +0,0 @@ -id: "24ABCB" -name: Check Corosync join timeout value -group: Corosync -description: | - Corosync `join` timeout is set to expected value -remediation: | - ## Abstract - The value of the Corosync `join` timeout is not set as recommended. - - ## Remediation - Adjust the Corosync `join` timeout as recommended on the best practices. - - 1. Set the correct `join` timeout in the `totem` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - totem { - join: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - AWS: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: corosync_join_timeout - gatherer: corosync.conf@v1 - argument: totem.join - -values: - - name: expected_join_timeout - default: 60 - -expectations: - - name: join_timeout - expect: facts.corosync_join_timeout == values.expected_join_timeout - failure_message: Corosync 'join' timeout value was expected to be '${values.expected_join_timeout}' but configured value is '${facts.corosync_join_timeout}' diff --git a/priv/catalog/32CFC6.yaml b/priv/catalog/32CFC6.yaml deleted file mode 100644 index 308ec42c..00000000 --- a/priv/catalog/32CFC6.yaml +++ /dev/null @@ -1,62 +0,0 @@ -id: "32CFC6" -name: corosync running 2 ring configuration -group: Corosync -description: | - Corosync is running with at least 2 rings -remediation: | - ## Abstract - It is strongly recommended to add a second ring to the corosync communication. - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-checking-and-adapting-the-corosync-and-sbd-configuration - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-checking-and-adapting-the-corosync-and-sbd-configuration - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-checking-and-adapting-the-corosync-and-sbd-configuration - -severity: warning - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: totem_interfaces - gatherer: corosync-cmapctl@v1 - argument: totem.interface - -values: - - name: expected_totem_interfaces - default: 2 - conditions: - - value: 1 - when: env.provider == "azure" || env.provider == "gcp" - -expectations: - - name: expectations_totem_interfaces - expect: facts.totem_interfaces.len() >= values.expected_totem_interfaces - failure_message: Corosync configuration was expected to have at least '${values.expected_totem_interfaces}' ring(s) but configured are '${facts.totem_interfaces.len()}' diff --git a/priv/catalog/33403D.yaml b/priv/catalog/33403D.yaml deleted file mode 100644 index d5f3d460..00000000 --- a/priv/catalog/33403D.yaml +++ /dev/null @@ -1,87 +0,0 @@ -id: "33403D" -name: Check Corosync transport mechanism -group: Corosync -description: | - Corosync `transport` mechanism is set to expected value -remediation: | - ## Abstract - The current Corosync `transport` mechanism is not configured as recommended. - - ## Remediation - To change the corosync MCAST transport to UCAST edit the /etc/corosync/corosync.conf - as in the example - ``` - max_messages: 20 - interface { - ringnumber: 0 - - bindnetaddr: 10.162.32.167 - - mcastaddr: 239.11.100.41 - mcastport: 5405 - ttl: 1 - } - + transport: udpu - ... - +nodelist { - + node { - + ring0_addr: 10.162.32.167 - + nodeid: 1 - + } - + - + node { - + ring0_addr: 10.162.32.89 - + nodeid: 2 - + } - + - +} - ``` - 1. Stop the already running cluster by using **crm cluster stop** - 2. In the `totem` section, in the `interface` subsection remove the keys-value pairs **bindnetaddr** and **mcastaddr** - 3. In the `totem` section add key-value pair **transport: udpu** - 4. Add section `nodelist` and subsections `node` for each nodes of the cluster, where the **ring0_addr** is the IP address of the node - 5. Start the cluster by using **crm cluster start** - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: corosync_transport_protocol - gatherer: corosync.conf@v1 - argument: totem.transport - -values: - - name: expected_transport_protocol - default: udpu - -expectations: - - name: corosync_protocol - expect: facts.corosync_transport_protocol == values.expected_transport_protocol - failure_message: Corosync 'transport' protocol value was expected to be '${values.expected_transport_protocol}' but configured value is '${facts.corosync_transport_protocol}' diff --git a/priv/catalog/373DB8.yaml b/priv/catalog/373DB8.yaml deleted file mode 100644 index c7f08885..00000000 --- a/priv/catalog/373DB8.yaml +++ /dev/null @@ -1,90 +0,0 @@ -id: "373DB8" -name: fencing timeout -group: Pacemaker -description: | - Cluster fencing timeout is configured correctly in the cluster properties 'cib-bootstrap-options': stonith-timeout -remediation: | - ## Abstract - The fencing timeout (`stonith-timeout`) determines the time Pacemaker will wait for fencing to succeed. - The remommended default value is at least `150` seconds for SBD. - The recommended values on Azure are at least `144` seconds for SBD only or `900` seconds when using SBD combined with the Azure Fence agent. - The recommended value on AWS is at least `600` seconds. - The recommended value on GCP is at least `300` seconds. - - ## Remediation - Execute the following command to adjust the timeout for your usecase: - ```crm configure property stonith-timeout=144``` - or - ```crm configure property stonith-timeout=900``` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#create-a-fencing-device-on-the-pacemaker-cluster - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-resources.html#sap-hana-on-aws-cluster-the-bootstrap - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#configure_the_general_cluster_properties - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-cluster-bootstrap-and-more - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-cluster-bootstrap-and-more - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-cluster-bootstrap-and-more - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - ascs_ers - -facts: - - name: crm_config_properties - gatherer: cibadmin@v1 - argument: cib.configuration.crm_config.cluster_property_set - - name: resources_primitives - gatherer: cibadmin@v1 - argument: cib.configuration.resources.primitive - -values: - - name: expected_fencing_timeout - default: 150 - conditions: - - value: 600 - when: env.provider == "aws" - - value: 300 - when: env.provider == "gcp" - - value: 144 - when: env.provider == "azure" - - - name: expected_azure_fencing_timeout - default: 900 - -expectations: - - name: expectations_fencing_timeout - expect: | - let fencing_timeout = - facts.crm_config_properties - .find(|item| item.id == "cib-bootstrap-options").nvpair - .find(|prop| prop.name == "stonith-timeout"); - - let fence_azure_arm_detected = - facts.resources_primitives - .filter(|item| item.type == "fence_azure_arm").len() != 0; - - if fence_azure_arm_detected { - fencing_timeout != () && fencing_timeout.value == values.expected_azure_fencing_timeout; - } else { - fencing_timeout != () && fencing_timeout.value >= values.expected_fencing_timeout; - } - failure_message: Cluster fencing timeout 'stonith-timeout' is not configured correctly diff --git a/priv/catalog/49591F.yaml b/priv/catalog/49591F.yaml deleted file mode 100644 index 87f5bd37..00000000 --- a/priv/catalog/49591F.yaml +++ /dev/null @@ -1,73 +0,0 @@ -id: "49591F" -name: sbd SBD_STARTMODE -group: SBD -description: | - SBD_STARTMODE is set to the expected value -remediation: | - ## Abstract - If not set to always, SBD will not automatically start if the node was previously fenced as it will expect the cluster in a clean state. - **IMPORTANT**: Always verify these steps in a testing environment before doing so in production ones! - - The SBD is not used in GCP or AWS environments. - ## Remediation - Run the following commands in order: - - 1. Put cluster into maintenance mode: - ```crm configure property maintenance-mode=true``` - 2. Stop the cluster: - ```crm cluster stop``` - 2. Set the SBD_STARTMODE parameter to `always` on `/etc/sysconfig/sbd`: - ``` - [...] - SBD_STARTMODE="always" - [...] - ``` - 3. Restart the cluster: - ```crm cluster start``` - 4. Put cluster out of maintenance mode: - ```crm configure property maintenance-mode=false``` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#set-up-the-iscsi-target-server-sbd-device - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-adapting-the-sbd-configuration - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#pro-ha-storage-protect-sbd-config - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-adapting-the-sbd-configuration - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#pro-ha-storage-protect-sbd-config - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-adapting-the-sbd-configuration - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#cha-ha-storage-protect - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - provider: [azure, nutanix, kvm, vmware] - -facts: - - name: sbd_startmode - gatherer: sbd_config@v1 - argument: SBD_STARTMODE - -values: - - name: expected_sbd_startmode - default: clean - conditions: - - value: always - when: env.provider == "azure" - -expectations: - - name: expectations_sbd_startmode - expect: facts.sbd_startmode == values.expected_sbd_startmode - failure_message: value of 'SBD_STARTMODE' was expected to be '${values.expected_sbd_startmode}' but configured value is '${facts.sbd_startmode}' diff --git a/priv/catalog/53D035.yaml b/priv/catalog/53D035.yaml deleted file mode 100644 index 76eccc92..00000000 --- a/priv/catalog/53D035.yaml +++ /dev/null @@ -1,75 +0,0 @@ -id: "53D035" -name: Check Corosync token timeout during runtime -group: Corosync -description: | - Corosync is running with token timeout set to the recommended value -remediation: | - ## Abstract - The runtime value of the Corosync `token` timeout is not set as recommended. - - ## Remediation - - Adjust the corosync `token` timeout as recommended on the best practices, and reload the corosync configuration - - - 1. Set the correct `token` timeout in the `totem` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - totem { - token: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: token_timeout - gatherer: corosync-cmapctl@v1 - argument: runtime.config.totem.token - -values: - - name: expected_token_timeout - default: 5000 - conditions: - - value: 30000 - when: env.provider == "azure" || env.provider == "aws" - - value: 20000 - when: env.provider == "gcp" - -expectations: - - name: expectations_token_timeout - expect: facts.token_timeout == values.expected_token_timeout - failure_message: Corosync 'token' timeout value was expected to be '${values.expected_token_timeout}' but value of running config is '${facts.token_timeout}' diff --git a/priv/catalog/61451E.yaml b/priv/catalog/61451E.yaml deleted file mode 100644 index bf33dc8a..00000000 --- a/priv/catalog/61451E.yaml +++ /dev/null @@ -1,62 +0,0 @@ -id: "61451E" -name: multiple SBD devices -group: SBD -description: | - Multiple SBD devices are configured -remediation: | - ## Abstract - It is recommended to configure **3 SBD** devices for production environments. - - Attention: Please do not use consecutive semicolons in the **SBD_DEVICE** variable in the SBD configuration file. This can cause problems in the cluster functionality as ``sbd`` ignores consecutive semicolons, but the ``fencing agent`` does not. Therefore they should be avoided. - - The SBD is not used in GCP or AWS environments. - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#set-up-the-iscsi-target-server-sbd-device - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#cha.hana-sr.scenario - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#cha.hana-sr.scenario - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#cha.hana-sr.scenario - -severity: warning - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - provider: [azure, nutanix, kvm, vmware] - -facts: - - name: sbd_multiple_sbd_device - gatherer: sbd_config@v1 - argument: SBD_DEVICE - -values: - - name: expected_multiple_sbd_device - default: 3 - -expectations: - - name: expectations_multiple_sbd_device - expect_enum: | - if ! facts.sbd_multiple_sbd_device.split(";").all(|entry| entry != "") { - "critical" - } else if facts.sbd_multiple_sbd_device.split(";").len() != values.expected_multiple_sbd_device { - "warning" - } else { - "passing" - } - - warning_message: SBD devices count was expected to be '${values.expected_multiple_sbd_device}' but configured value is '${facts.sbd_multiple_sbd_device.split(";").len()}' - failure_message: Critical - check syntax of SBD_DEVICE entries in the configuration diff --git a/priv/catalog/68626E.yaml b/priv/catalog/68626E.yaml deleted file mode 100644 index c9bd2032..00000000 --- a/priv/catalog/68626E.yaml +++ /dev/null @@ -1,43 +0,0 @@ -id: "68626E" -name: SBD msgwait timeout -group: SBD -description: | - SBD msgwait timeout value is at least two times the watchdog timeout -remediation: | - ## Remediation - Make sure you configure your the SBD msgwait to 2 * (SBD Watchdog Timeout) as recommended on the best practices. - - The SBD is not used in GCP or AWS environments. - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#set-up-the-iscsi-target-server-sbd-device - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-verifying-the-sbd-device - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-verifying-the-sbd-device - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-verifying-the-sbd-device - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - provider: [azure, nutanix, kvm, vmware] - -facts: - - name: dump_sbd_devices - gatherer: sbd_dump@v1 - -expectations: - - name: expectations_sbd_msgwait_timeout - expect: facts.dump_sbd_devices.values().all(|sbddev| sbddev.timeout_msgwait >= 2 * sbddev.timeout_watchdog) - failure_message: The SBD 'msgwait' timeout value is less than two times the 'watchdog' timeout for some SBD device(s) diff --git a/priv/catalog/6E9B82.yaml b/priv/catalog/6E9B82.yaml deleted file mode 100644 index 6c6cb6fb..00000000 --- a/priv/catalog/6E9B82.yaml +++ /dev/null @@ -1,89 +0,0 @@ -id: "6E9B82" -name: Check Corosync two_node value -group: Corosync -description: | - Corosync `two_node` is set to expected value -remediation: | - ## Abstract - The value of the corosync `two_node` parameter is not set as recommended. - - ## Remediation - Adjust the corosync two_node parameter to `1` to make sure Pacemaker calculates the actions properly for a two-node cluster. - - 1. Set the correct `two_node` value in the `quorum` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - quorum { - two_node: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - ascs_ers - -facts: - - name: corosync_twonode - gatherer: corosync.conf@v1 - argument: quorum.two_node - - - name: corosync_num_nodes - gatherer: corosync.conf@v1 - argument: nodelist.node - - - name: cib_num_nodes - gatherer: cibadmin@v1 - argument: cib.configuration.nodes.node - -values: - - name: expected_twonode - default: 1 - - - name: expected_threeormore - default: 0 - -expectations: - - name: num_nodes_equal_in_corosync_and_cib - expect: facts.corosync_num_nodes.len == facts.cib_num_nodes.len - failure_message: Number of nodes mentioned in corosync.conf is not equal to number of nodes in cib.xml - - - name: twonode_parameter - expect: | - if facts.corosync_num_nodes.len == 2 { - facts.corosync_twonode == values.expected_twonode - } else if facts.corosync_num_nodes.len >= 3 { - facts.corosync_twonode == values.expected_threeormore - } else { - false - } - failure_message: Corosync 'two_node' value was expected to be 1 when there are 2 nodes and 0 when there 3 or more nodes but configured value is '${facts.corosync_twonode}' when there are '${facts.corosync_num_nodes.len}' number of nodes diff --git a/priv/catalog/790926.yaml b/priv/catalog/790926.yaml deleted file mode 100644 index 86ee8a6c..00000000 --- a/priv/catalog/790926.yaml +++ /dev/null @@ -1,56 +0,0 @@ -id: "790926" -name: hacluster password -group: Miscellaneous -description: | - The hacluster user password has been changed from the default value -remediation: | - ## Abstract - The password of the `hacluster` user should be changed after setting up the cluster - - ## Remediation - ```sudo passwd hacluster``` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-update-the-hacluster-password - - GCP: - - - https://cloud.google.com/solutions/sap/docs/netweaver-ha-config-sles - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-setting-up-the-initial-cluster-using-ha-cluster-init - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-setting-up-the-initial-cluster-using-ha-cluster-init - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-setting-up-the-initial-cluster-using-ha-cluster-init - -severity: warning - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: hacluster_has_default_password - gatherer: verify_password@v1 - argument: hacluster - -expectations: - - name: expectations_hacluster_passwd_changed - expect: | - !facts.hacluster_has_default_password; - failure_message: The 'hacluster' user password was expected to be changed but has still the default value from the cluster setup diff --git a/priv/catalog/7E0221.yaml b/priv/catalog/7E0221.yaml deleted file mode 100644 index 5a0c7e75..00000000 --- a/priv/catalog/7E0221.yaml +++ /dev/null @@ -1,89 +0,0 @@ -id: "7E0221" -name: Check Corosync transport settings during runtime -group: Corosync -description: | - Corosync is running with `transport` set to the recommended value -remediation: | - ## Remediation - To change the corosync MCAST transport to UCAST edit the /etc/corosync/corosync.conf - as in the example - ``` - max_messages: 20 - interface { - ringnumber: 0 - - bindnetaddr: 10.162.32.167 - - mcastaddr: 239.11.100.41 - mcastport: 5405 - ttl: 1 - } - + transport: udpu - ... - +nodelist { - + node { - + ring0_addr: 10.162.32.167 - + nodeid: 1 - + } - + - + node { - + ring0_addr: 10.162.32.89 - + nodeid: 2 - + } - + - +} - ``` - 1. Stop the already running cluster by using **crm cluster stop** - 2. In the totem section, in the interface subsection remove the - keys-value pairs **bindnetaddr** and **mcastaddr** - 3. In the totem section add key-value pair **transport: udpu** - 4. Add section nodelist and subsections node for each nodes of the - cluster, where the **ring0_addr** is the IP address of the node - 5. Start the cluster by using **crm cluster start** - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-checking-and-adapting-the-corosync-and-sbd-configuration - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-checking-and-adapting-the-corosync-and-sbd-configuration - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-checking-and-adapting-the-corosync-and-sbd-configuration - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: runtime_transport - gatherer: corosync-cmapctl@v1 - argument: totem.transport - -values: - - name: expected_runtime_transport - default: udpu - -expectations: - - name: expectations_runtime_transport - expect: facts.runtime_transport == values.expected_runtime_transport - failure_message: Corosync 'transport' protocol value was expected to be '${values.expected_runtime_transport}' but value of running config is '${facts.runtime_transport}' diff --git a/priv/catalog/816815.yaml b/priv/catalog/816815.yaml deleted file mode 100644 index c06b16f4..00000000 --- a/priv/catalog/816815.yaml +++ /dev/null @@ -1,61 +0,0 @@ -id: "816815" -name: SBD service state -group: SBD -description: | - SBD service is enabled and running (only if SBD is used) -remediation: | - ## Abstract - If not enabled, SBD service will not start automatically after reboots, affecting the correct cluster startup. - - The SBD is not used in GCP or AWS environments. - ## Remediation - To enable the service, run: - ``` - systemctl enable sbd - ``` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#set-up-the-iscsi-target-server-sbd-device - - Nutanix: - - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#pro-ha-storage-protect-sbd-services - - SUSE / KVM: - - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#pro-ha-storage-protect-sbd-services - - VMware: - - - https://documentation.suse.com/sle-ha/15-SP5/single-html/SLE-HA-administration/#pro-ha-storage-protect-sbd-services - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - provider: [azure, nutanix, kvm, vmware] - -facts: - - name: sbd_service_state - gatherer: systemd@v2 - argument: sbd.service - -values: - - name: expected_sbd_state_active - default: active - - - name: expected_sbd_state_enabled - default: enabled - -expectations: - - name: expectations_sbd_state_active - expect: facts.sbd_service_state.active_state == values.expected_sbd_state_active - failure_message: SBD service was expected to be '${values.expected_sbd_state_active}' (running) but is '${facts.sbd_service_state.active_state}' - - - name: expectations_sbd_state_enabled - expect: facts.sbd_service_state.unit_file_state == values.expected_sbd_state_enabled - failure_message: SBD service was expected to be '${values.expected_sbd_state_enabled}' but is '${facts.sbd_service_state.unit_file_state}' diff --git a/priv/catalog/822E47.yaml b/priv/catalog/822E47.yaml deleted file mode 100644 index 94d3ef50..00000000 --- a/priv/catalog/822E47.yaml +++ /dev/null @@ -1,68 +0,0 @@ -id: "822E47" -name: Check Corosync join timeout during runtime -group: Corosync -description: | - Corosync is running with `join` timeout set to the recommended value -remediation: | - ## Abstract - The runtime value of the Corosync `join` tiemout parameter is not set as recommended. - - ## Remediation - Adjust the corosync `join` timeout as recommended on the best practices, and reload the corosync service. - - 1. Set the correct `join` timeout in the `totem` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - totem { - join: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - AZURE: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - AWS: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: runtime_join - gatherer: corosync-cmapctl@v1 - argument: runtime.config.totem.join - -values: - - name: expected_runtime_join - default: 60 - -expectations: - - name: expectations_runtime_join - expect: facts.runtime_join == values.expected_runtime_join - failure_message: Corosync 'join' timeout value was expected to be '${values.expected_runtime_join}' but value of running config is '${facts.runtime_join}' diff --git a/priv/catalog/845CC9.yaml b/priv/catalog/845CC9.yaml deleted file mode 100644 index b9a26e86..00000000 --- a/priv/catalog/845CC9.yaml +++ /dev/null @@ -1,69 +0,0 @@ -id: "845CC9" -name: Check Corosync max_messages value -group: Corosync -description: | - Corosync `max_messages` is set to expected value -remediation: | - ## Abstract - The Corosync `max_messages` value is not set as recommended. - - ## Remediation - - Adjust the corosync `max_messages` count as recommended on the best practices, and reload the corosync configuration - - 1. Set the correct `max_messages` count in the `totem` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - totem { - max_messages: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - AWS: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: corosync_max_messages - gatherer: corosync.conf@v1 - argument: totem.max_messages - -values: - - name: expected_max_messages - default: 20 - -expectations: - - name: max_messages - expect: facts.corosync_max_messages == values.expected_max_messages - failure_message: Corosync 'max_messages' value was expected to be '${values.expected_max_messages}' but configured value is '${facts.corosync_max_messages}' diff --git a/priv/catalog/9FAAD0.yaml b/priv/catalog/9FAAD0.yaml deleted file mode 100644 index 42ad2515..00000000 --- a/priv/catalog/9FAAD0.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: "9FAAD0" -name: unsupported pacemaker version -group: OS and package versions -description: | - Pacemaker version is not the recommended value -remediation: | - ## Abstract - Installed Pacemaker version must not be equal to version 2.0.3+20200511.2b248d828 - - ## Remediation - Install or upgrade to a supported Pacemaker version - - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: exclude_package_pacemaker - gatherer: package_version@v1 - argument: pacemaker,2.0.3+20200511.2b248d828 - -expectations: - - name: expectations_pacemaker_version_to_exclude - expect: facts.exclude_package_pacemaker != 0 - failure_message: The installed Pacemaker version (2.0.3+20200511.2b248d828) is an unsupported version diff --git a/priv/catalog/9FEFB0.yaml b/priv/catalog/9FEFB0.yaml deleted file mode 100644 index dfac73c7..00000000 --- a/priv/catalog/9FEFB0.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: "9FEFB0" -name: supported pacemaker version -group: OS and package versions -description: | - Pacemaker version is supported -remediation: | - ## Abstract - Installed Pacemaker version must be equal or higher than the recommended version (2.0.1) - - ## Remediation - Install or upgrade to a supported Pacemaker version - - ## Reference - - https://www.suse.com/support/kb/doc/?id=000019604 - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: compare_pacemaker_version - gatherer: package_version@v1 - argument: pacemaker,2.0.1 - -expectations: - - name: expectations_pacemaker_version - expect: facts.compare_pacemaker_version < 1 - failure_message: The installed Pacemaker version is older than the recommended version (2.0.1) diff --git a/priv/catalog/A1244C.yaml b/priv/catalog/A1244C.yaml deleted file mode 100644 index d9425e5c..00000000 --- a/priv/catalog/A1244C.yaml +++ /dev/null @@ -1,74 +0,0 @@ -id: "A1244C" -name: Check Corosync consensus timeout -group: Corosync -description: | - Corosync `consensus` timeout is set to expected value -remediation: | - ## Abstract - The value of the Corosync `consensus` timeout is not set as recommended. - - ## Remediation - Adjust the corosync `consensus` timeout as recommended on the best practices, and reload the corosync configuration - - 1. Set the correct `consensus` timeout in the `totem` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - totem { - consensus: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: corosync_consensus_timeout - gatherer: corosync.conf@v1 - argument: totem.consensus - -values: - - name: expected_consensus_timeout - default: 6000 - conditions: - - value: 36000 - when: env.provider == "azure" || env.provider == "aws" - - value: 24000 - when: env.provider == "gcp" - -expectations: - - name: consensus_timeout - expect: facts.corosync_consensus_timeout == values.expected_consensus_timeout - failure_message: Corosync 'consensus' timeout value was expected to be '${values.expected_consensus_timeout}' but configured value is '${facts.corosync_consensus_timeout}' diff --git a/priv/catalog/B089BE.yaml b/priv/catalog/B089BE.yaml deleted file mode 100644 index 17b18391..00000000 --- a/priv/catalog/B089BE.yaml +++ /dev/null @@ -1,51 +0,0 @@ -id: "B089BE" -name: SBD watchdog timeout -group: SBD -description: | - SBD watchdog timeout is set to the recommended value -remediation: | - ## Remediation - Make sure you configure your SBD Watchdog Timeout to `the recommended value` seconds as recommended on the best practices. - - The SBD is not used in GCP or AWS environments. - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#set-up-the-iscsi-target-server-sbd-device - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-cluster-bootstrap-and-more - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-cluster-bootstrap-and-more - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-cluster-bootstrap-and-more - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - provider: [azure, nutanix, kvm, vmware] - -facts: - - name: dump_sbd_devices - gatherer: sbd_dump@v1 - -values: - - name: expected_watchdog_timeout - default: 15 - conditions: - - value: 60 - when: env.provider == "azure" - -expectations: - - name: expectations_watchdog_timeout - expect: facts.dump_sbd_devices.values().all(|sbddev| sbddev.timeout_watchdog == values.expected_watchdog_timeout) - failure_message: SBD 'watchdog' timeout value was expected to be '${values.expected_watchdog_timeout}' but configured value does not match for some SBD device(s) diff --git a/priv/catalog/C3166E.yaml b/priv/catalog/C3166E.yaml deleted file mode 100644 index e1078ce0..00000000 --- a/priv/catalog/C3166E.yaml +++ /dev/null @@ -1,29 +0,0 @@ -id: "C3166E" -name: unsupported sbd version -group: OS and package versions -description: | - SBD version is not the recommended value -remediation: | - ## Abstract - Installed SBD version must not be equal to version 1.4.0+20190326.c38c5e6 - - ## Remediation - Install or upgrade to a supported SBD version - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - provider: [azure, nutanix, kvm, vmware] - -facts: - - name: exclude_package_sbd - gatherer: package_version@v1 - argument: sbd,1.4.0+20190326.c38c5e6 - -expectations: - - name: expectations_sbd_version_to_exclude - expect: facts.exclude_package_sbd != 0 - failure_message: The installed SBD version (1.4.0+20190326.c38c5e6) is an unsupported version diff --git a/priv/catalog/C620DC.yaml b/priv/catalog/C620DC.yaml deleted file mode 100644 index 60fd52e4..00000000 --- a/priv/catalog/C620DC.yaml +++ /dev/null @@ -1,74 +0,0 @@ -id: "C620DC" -name: Check Corosync expected_votes value -group: Corosync -description: | - Corosync `expected_votes` is set to expected value -remediation: | - ## Abstract - The value of the corosync `expected_votes` parameter is not set as recommended. - ## Remediation - Adjust the corosync `expected_votes` parameter to 2 to make sure pacemaker calculates the actions properly for a two-node cluster. - - 1. Set the correct `expected_votes` value in the `quorum` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - quorum { - expected_votes: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - ascs_ers - -facts: - - name: corosync_expected_votes - gatherer: corosync.conf@v1 - argument: quorum.expected_votes - - - name: corosync_num_nodes - gatherer: corosync.conf@v1 - argument: nodelist.node - - - name: cib_num_nodes - gatherer: cibadmin@v1 - argument: cib.configuration.nodes.node - -expectations: - - name: num_nodes_equal_in_corosync_and_cib - expect: facts.corosync_num_nodes.len == facts.cib_num_nodes.len - failure_message: Number of nodes mentioned in corosync.conf is not equal to number of nodes in cib.xml - - - name: expected_votes - expect: facts.corosync_expected_votes == facts.corosync_num_nodes.len - failure_message: Corosync 'expected_votes' value was expected to be number of nodes in the cluster but configured value is '${facts.corosync_expected_votes}' diff --git a/priv/catalog/CAEFF1.yaml b/priv/catalog/CAEFF1.yaml deleted file mode 100644 index 8a8a8ba6..00000000 --- a/priv/catalog/CAEFF1.yaml +++ /dev/null @@ -1,54 +0,0 @@ -id: "CAEFF1" -name: OS flavor SLES_SAP -group: OS and package versions -description: | - Operating system vendor is supported -remediation: | - ## Abstract - SAPHanaSR is only supported on SUSE Linux Enterprise Server for SAP Applications. - - ## Remediation - Please use SUSE Linux Enterprise Server for SAP Applications. - - ## Reference - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/supported-product-on-azure#general-restrictions-for-sap-workload - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-ha-cluster-configuration-on-sles.html - - https://docs.aws.amazon.com/sap/latest/general/overview-sap-planning.html#overview-os-support - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-os-support#quick_reference_table - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#cha.s4s.hana-planning - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#cha.s4s.hana-planning - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#cha.s4s.hana-planning - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: os_flavor - gatherer: package_version@v1 - argument: SLES_SAP-release - -expectations: - - name: expectations_sles_sap - expect: facts.os_flavor != () - failure_message: System is NOT running SUSE Linux Enterprise Server for SAP Applications diff --git a/priv/catalog/D028B9.yaml b/priv/catalog/D028B9.yaml deleted file mode 100644 index 90b2a974..00000000 --- a/priv/catalog/D028B9.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: "D028B9" -name: OS version SLES_SAP -group: OS and package versions -description: | - Operating system version is supported -remediation: | - ## Abstract - You need at least SUSE Linux Enterprise Server for SAP Applications 15 SP1 or newer - - ## Remediation - Please install or upgrade to a supported OS version - - ## Reference - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#cha.hana-sr.scope - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: compare_sles_sap_version - gatherer: package_version@v1 - argument: SLES_SAP-release,15.1 - -expectations: - - name: expectations_sles_sap_version - expect: facts.compare_sles_sap_version < 1 - failure_message: System is running a SUSE Linux Enterprise Server for SAP Applications version older than 15 SP1 diff --git a/priv/catalog/D78671.yaml b/priv/catalog/D78671.yaml deleted file mode 100644 index 7a5d7fd3..00000000 --- a/priv/catalog/D78671.yaml +++ /dev/null @@ -1,90 +0,0 @@ -id: "D78671" -name: Check Corosync two_node value during runtime -group: Corosync -description: | - Corosync is running with two_node set to the recommended value -remediation: | - ## Abstract - The runtime value of the corosync `two_node` parameter is not set as recommended. - - ## Remediation - Adjust the corosync `two_node` parameter to `1` to make sure Pacemaker calculates the actions properly for a two-node cluster, - and reload the Corosync service. - - 1. Set the correct `two_node` value in the `quorum` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - quorum { - two_node: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - ascs_ers - -facts: - - name: runtime_two_node - gatherer: corosync-cmapctl@v1 - argument: runtime.votequorum.two_node - - - name: corosync_num_nodes - gatherer: corosync.conf@v1 - argument: nodelist.node - - - name: cib_num_nodes - gatherer: cibadmin@v1 - argument: cib.configuration.nodes.node - -values: - - name: expected_runtime_two_node - default: 1 - - - name: expected_runtime_threeormore - default: 0 - -expectations: - - name: num_nodes_equal_in_corosync_and_cib - expect: facts.corosync_num_nodes.len == facts.cib_num_nodes.len - failure_message: Number of nodes mentioned in corosync.conf and cib.xml are not equal - - - name: expectations_two_node - expect: | - if facts.corosync_num_nodes.len == 2 { - facts.runtime_two_node == values.expected_runtime_two_node - } else if facts.corosync_num_nodes.len >= 3 { - facts.runtime_two_node == values.expected_runtime_threeormore - } else { - false - } - failure_message: Corosync 'two_node' value was expected to be 1 when there are 2 nodes and 0 when there 3 or more nodes but configured value is '${facts.runtime_two_node}' when there are '${facts.corosync_num_nodes.len}' number of nodes diff --git a/priv/catalog/DA114A.yaml b/priv/catalog/DA114A.yaml deleted file mode 100644 index fad4b39e..00000000 --- a/priv/catalog/DA114A.yaml +++ /dev/null @@ -1,67 +0,0 @@ -id: "DA114A" -name: Corosync rings -group: Corosync -description: | - Corosync has at least 2 rings configured -remediation: | - ## Abstract - It is strongly recommended to add a second ring to the corosync communication. - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - GCP: - - - https://cloud.google.com/solutions/sap/docs/sap-hana-ha-config-sles#create_the_corosync_configuration_files - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-checking-and-adapting-the-corosync-and-sbd-configuration - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-checking-and-adapting-the-corosync-and-sbd-configuration - -severity: warning - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: corosync_nodes - gatherer: corosync.conf@v1 - argument: nodelist.node - -values: - - name: expected_corosync_rings_per_node - default: 2 - conditions: - - value: 1 - when: env.provider == "azure" || env.provider == "gcp" - -expectations: - - name: has_some_nodes_configured - expect: facts.corosync_nodes.len() > 0 - failure_message: No corosync nodes configured - - - name: expected_number_of_rings_per_node - expect: | - facts.corosync_nodes - .all(|node| - node - .keys() - .filter(|prop| prop.starts_with("ring")) - .len() >= values.expected_corosync_rings_per_node) - failure_message: Corosync ring count per node was expected to be at least '${values.expected_corosync_rings_per_node}' but configured value is less than this expectation diff --git a/priv/catalog/DC5429.yaml b/priv/catalog/DC5429.yaml deleted file mode 100644 index adcb0ec2..00000000 --- a/priv/catalog/DC5429.yaml +++ /dev/null @@ -1,34 +0,0 @@ -id: "DC5429" -name: supported corosync version -group: OS and package versions -description: | - Corosync version is supported -remediation: | - ## Abstract - Installed Corosync version must be equal or higher than the recommended version (2.4.5) - - ## Remediation - Install or upgrade to a supported Corosync version - - ## Reference - The recommended minimal version of the corosync package is 2.4.5 as we had seen some 'split brain' situations and other communication problems with corosync versions older than 2.4.5. - It is the *first* version supported with SUSE Linux Enterprise Server for SAP Applications 15 SP2 and it is also available as a maintenance update in SUSE Linux Enterprise Server for SAP Applications 15 SP1. - - https://www.suse.com/support/kb/doc/?id=000020407 - - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: compare_corosync_version - gatherer: package_version@v1 - argument: corosync,2.4.5 - -expectations: - - name: expectations_corosync_version - expect: facts.compare_corosync_version < 1 - failure_message: The installed Corosync version is older than the recommended version (2.4.5) diff --git a/priv/catalog/F50AF5.yaml b/priv/catalog/F50AF5.yaml deleted file mode 100644 index b87a11de..00000000 --- a/priv/catalog/F50AF5.yaml +++ /dev/null @@ -1,31 +0,0 @@ -id: "F50AF5" -name: supported python3 version -group: OS and package versions -description: | - Python3 version is supported -remediation: | - ## Abstract - Installed Python3 version must be equal or higher than the recommended version (3.6.5) - - ## Remediation - Install or upgrade to a supported Python3 version - - ## Reference - The recommended minimal version 3.6.5 of the python3 package is the system python version for SLE15 (long term version). 3.6.5-3.11.1 is the *first* version supported with SUSE Linux Enterprise Server for SAP Applications 15 SP1. - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: compare_python3_version - gatherer: package_version@v1 - argument: python3,3.6.5 - -expectations: - - name: expectations_python3_version - expect: facts.compare_python3_version < 1 - failure_message: The installed Python3 version is older than the recommended version (3.6.5) diff --git a/priv/catalog/FB0E0D.yaml b/priv/catalog/FB0E0D.yaml deleted file mode 100644 index 8cdc861e..00000000 --- a/priv/catalog/FB0E0D.yaml +++ /dev/null @@ -1,73 +0,0 @@ -id: "FB0E0D" -name: Check Corosync consensus timeout during runtime -group: Corosync -description: | - Corosync is running with consensus timeout set to the recommended value -remediation: | - ## Abstract - The runtime value of the Corosync `consensus` timeout is not set as recommended. - - ## Remediation - Adjust the corosync `consensus` timeout as recommended on the best practices, and reload the corosync service. - - 1. Set the correct `consensus` timeout in the `totem` section in the corosync configuration file `/etc/corosync/corosync.conf`. This action must be repeated in all nodes of the cluster. - ``` - [...] - totem { - consensus: - } - [...] - ``` - 2. Reload the corosync configuration: - `crm corosync reload` - - ## References - Azure: - - - https://learn.microsoft.com/en-us/azure/sap/workloads/high-availability-guide-suse-pacemaker#install-the-cluster - - AWS: - - - https://docs.aws.amazon.com/sap/latest/sap-hana/sap-hana-on-aws-cluster-configuration.html#sap-hana-on-aws-create-the-corosync-configuration-file - - GCP: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - SUSE / KVM: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - Nutanix: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - - VMware: - - - https://documentation.suse.com/sbp/all/single-html/SLES4SAP-hana-sr-guide-PerfOpt-15/#id-example-for-etccorosynccorosync-conf - -metadata: - target_type: cluster - cluster_type: - - hana_scale_up - - hana_scale_out - - ascs_ers - -facts: - - name: consensus_timeout - gatherer: corosync-cmapctl@v1 - argument: runtime.config.totem.consensus - -values: - - name: expected_consensus_timeout - default: 6000 - conditions: - - value: 36000 - when: env.provider == "azure" || env.provider == "aws" - - value: 24000 - when: env.provider == "gcp" - -expectations: - - name: expectations_consensus_timeout - expect: facts.consensus_timeout == values.expected_consensus_timeout - failure_message: Corosync 'consensus' timeout value was expected to be '${values.expected_consensus_timeout}' but value of running config is '${facts.consensus_timeout}' From 91b4104d4269faf4832265325b56cdcb19fa2046 Mon Sep 17 00:00:00 2001 From: Alessio Biancalana Date: Thu, 26 Sep 2024 17:32:16 +0200 Subject: [PATCH 2/2] Remove the tlint CI action --- .github/workflows/ci.yaml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1704b371..94c712cb 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -53,21 +53,6 @@ jobs: mix deps.compile --warnings-as-errors mix dialyzer --plt - tlint: - name: Lint checks - runs-on: ubuntu-20.04 - container: - image: ghcr.io/trento-project/tlint:latest - volumes: - - ${{ github.workspace }}:/data - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Run TLint - run: "/home/tlint/tlint lint -f /data/priv/catalog" - static-code-analysis: name: Static Code Analysis needs: [elixir-deps, api-bc-check]