v3.14.0.0

Problem

This pull request enhances infrastructure configuration and security workflows.

High Availability Enhancements

• Added HANA active/read-enabled system replication in Pacemaker clusters:

  • Added second front-end to HDB load balancer with separate health probe/rule
  • Configured HANA replication with logreplay_readaccess mode
  • Added Pacemaker resource g_secip_

• Implemented SAPHanaSR-angi resource agent integration:

  • Introduced use_sles_saphanasr_angi (terraform) and use_hanasr_angi (ansible) variables for SAPHanaSR-angi resource agent configuration

• Added DB2 cluster properties for RHEL8:

  • Implemented resource priority
  • Set fence delay of 15s

• Changed enqueue replication configuration:

  • Updated keepalive parameter to uppercase
  • Set priority for primary IPaddr2 and azure-lb resources with priority-fencing-delay
  • Reset failcounts using crm resource clear post-configuration

• bugfix: Fixed sapadm user creation

Infrastructure Management

• Enhanced network configuration:

  • Added *_flow_timeout_in_minutes for management/workload zone VNETs (default: null)
  • Added network_enable_route_propagation for subnet route tables (default: true)
  • Renamed agent_network_id to additional_network_id
  • Added IPTags support for public IP addresses

• Improved storage account management:

  • Added data_plane_available for access control
  • Updated scripts to remove/reimport state file resources for schema updates

• Added resource naming flexibility:

  • Introduced custom_random_id for resource name suffixes
  • Removed DEPLOYER_RANDOM_ID and LIBRARY_RANDOM_ID dependencies

DevOps and Security

• Streamlined deployment pipelines:

  • Replaced inline bash scripts with external files
  • Added helper functions and FORCE_RESET parameter
  • Enhanced debug/warning logging
  • Updated environment variable names

• Updated Ansible configuration:

  • Standardized ANSIBLE_COLLECTIONS_PATH
  • Improved retry logic and delays
  • Enhanced iSCSI configuration tasks
  • Updated Key Vault to use lowercase vault names
  • Removed VC++ 2013 component

• Added security workflows:

  • dependabot.yml for Actions, NuGet, npm updates
  • codeql.yml for C#, JavaScript, Python vulnerability detection
  • dependency-review.yml for PR scanning
  • ossf-scorecard.yml with harden-runner
  • trivy.yml for vulnerability scanning
  • Pre-commit hooks: gitleaks, shellcheck, eslint, pylint

v3.13.0.1

v3.13.0.1

New Features:

• Added prevent_deletion_if_contains_resources property to LandscapeModel and SystemModel to prevent deletion of resource groups containing resources
• Updated JSON and template files to include the new prevent_deletion_if_contains_resources property

Dependency Updates:

• Updated several package references in Webapp/SDAF/SDAFWebApp.csproj to their latest versions for improved performance and security.

Ansible Roles Modifications:

• Modified Ansible roles to adopt Oracle Linux and standardized version patterns (deploy/ansible/roles-os/1.1-swap/defaults/main.yaml).
• Adjusted ZYPP_LOCK_TIMEOUT from 20 to 60 seconds in multiple Ansible tasks to prevent timeout issues
• Added tasks to ensure the Azure scheduled events resource is started and display its status (deploy/ansible/roles-os/1.17-generic-pacemaker/tasks/1.17.2.0-cluster-Suse.yml).
• Enhanced SCS/ERS validation tasks to set Python version and move cluster groups if necessary (deploy/ansible/roles-sap/5.6-scsers-pacemaker/tasks/5.6.6-validate.yml).

v3.13.0.0

v3.13.0.0

This release includes several updates to the codebase, primarily focusing on enhancing validation logic, adding new configuration parameters, and updating dependencies. The most important changes include improvements to validation attributes, the addition of new parameters for storage account configuration, and updates to dependency versions.

New Features

Support for HANA Scale-out architectures with HANA shared on Azure NetApp files or Azure Files

• High availability of SAP HANA scale-out system on Red Hat Enterprise Linux
• High availability of SAP HANA scale-out system on SUSE Linux Enterprise Server

Support for new Mv3 SKUs for SAP HANA on Azure Virtual Machines

Features updates

• Ability to control the SMB file share creation PR 648
• Ability to configure the control plane storage accounts without SharedAccess Keys PR 639
• Add Zypper timeouts PR 647
• Mount permissions updates PR 638
• Add the ability to define Private Link DNS zones in a separate resource group PR 645

Terraform Enhancements

• Locking the azurerm and azuread provider versions to ensure that provider updates will not impact the release

  1. azurerm provider version: 4.4.0
  2. azuread provider version: 3.0.2

Validation Enhancements

• Webapp/SDAF/Models/CustomValidators.cs: Enhanced the PrivateEndpointIdValidator and StorageAccountIdValidator to handle arrays and added null checks.

New Configuration Parameters

• Webapp/SDAF/Models/LandscapeModel.cs and Webapp/SDAF/Models/SystemModel.cs: Added new boolean parameters related to shared access keys and file share creation.
• Webapp/SDAF/ParameterDetails/LandscapeDetails.json, Webapp/SDAF/ParameterDetails/SystemDetails.json, Webapp/SDAF/ParameterDetails/LandscapeTemplate.txt, and Webapp/SDAF/ParameterDetails/SystemTemplate.txt: Updated to include the new parameters for shared access keys and file shares.

Dependency Updates

• Webapp/SDAF/SDAFWebApp.csproj: Updated multiple Azure and Microsoft package versions to the latest releases.

Workflow and Configuration Updates

• .github/workflows/github-actions-ansible-lint.yml: Updated actions to specific commit SHAs for better stability.
• .github/workflows/ossf-scorecard.yml: Added a new workflow for Scorecard supply-chain security analysis.
• deploy/ansible/ansible.cfg: Changed the log path and allowed world-readable temporary files.

v3.12.0.0

What's Changed

• V3.12.0.0 by @devanshjainms in #624
• Hotfixes before release by @KimForss in #626
• Bring in the missing SAP media change by @KimForss in #627
• Hotfix2 - ACSS changes by @KimForss in #628

Full Changelog: v3.11.0.3...v3.12.0.0

v3.11.0.3

What's Changed

• Pacemaker Configuration Updates: Incorporate updates from the latest documentation, including parameters like priority_fencing_delay and pcmk_delay_max etc
• Saptune Configuration: Add new Ansible tasks to utilize saptune for configuring SUSE machines
• NAT Gateway Provisioning: Update the workload zone Terraform files to enable the provisioning of a NAT gateway
• SAP on Azure Quality Check integration with SDAF by @SteffenBoThomsen
• Improvement- Custom LVM striping support by @SteffenBoThomsen
• Bugfix - Terraform module fixes and regex fixes by @daradicscsaba
• Improvement- Set HDB schema name for ABAP and JAVA systems by @jesperseverinsen
• Fixed AMS provider creation issues
• Refactor YAML files for Az DevOps pipeline execution to improve code organization and readability
• Az DevOps project setup script fixes to support both MSI and SPN based deployments
• Fixes to handle certain scenarios where public cloud SDKs would not be installed

Full Changelog: v3.11.0.2...v3.11.0.3

v3.11.0.2

What's Changed

• Bugfix - constraint Azure scheduled events agent installation by @hjstam in #576

• Bump Azure.Identity from 1.10.4 to 1.11.0 in /Webapp/SDAF by @dependabot in #580

• 3.11.0.2 Release by @KimForss in #582

  • Improvements to HANA Scaleout with Standby on ANF
  • Passwordless deployments using Managed Identities
  • DevOps project SetUp improvements

Full Changelog: v3.11.0.1...v3.11.0.2

v3.11.0.1

This hotfix resolves the following.

Problem

Fixing an issue which occurs when checking for the SAP Library storage account in a multi subscription scenario.
Version labels update
SBD configuration update

Solution

Ensure that the check is done against the correct subscription.

What's Changed

• Hotfix for 3.11 by @KimForss in #564

Full Changelog: v3.11.0.0...v3.11.0.1

v3.11.0.0

Release Notes for SAP Deployment Automation Framework v3.11.0.0

This release adds support for:

• HANA Scale out with worker/stand by node using shared ANF
• Azure Monitor for SAP support
• Using MSI for the deployer
• Pre-validation script to validate the environment before SDAF deployment
• URL validation script for checking that the relevant URL's are opened
• Add a post deployment playbook for providing hooks for customers
• SystemD based SAP Startup framework for SLES and RHEL based deployments
• Support for encrypted DB2 databases
• Fix for BOM download when checksum is not present in the file.
• Az DevOps setup script now supports cross-tenant deployments.
• Disable basic authentication on the webapp
• More granular control of DNS registrations
• Support for kdump optional fencing device on RHEL deployments
• Configure SBD devices for SLES cluster during cluster init
• Update load balancer properties to use probe_threshold = 2
• General stability and functionality improvements for pipelines and scripts.

What's Changed

• Release 3.11 PR by @KimForss in #561
• Add AMS monitoring by @devanshjainms in #548
• HANA Scale out with worker/stand by node using shared ANF storage by @shekharsorot in #536
• Support DB2 encrypted restore and other fixes by @hjstam and @daradicscsaba in #532 and multiple PRs
• Add Post Configuration Actions step to DB and SAP installation pipeline by @SteffenBoThomsen in #545
• Add Kdump support and SBD enhancements by @hdamecharla

Testing

All solutions and improvements have been tested using the SDAF deployment pipelines and the command line to ensure they work effectively.

Feedback

We appreciate your feedback and are committed to continuously enhancing your experience with our product. Please feel free to reach out if you have any questions or require further assistance via issues or discussions.

Additional Notes

For troubleshooting issues with the framework, please refer to the troubleshooting document.

Full Changelog: v3.10.1.0...v3.11.0.0

Release v3.10.1.0

Release v3.10.1.0

Notes

Problem

The introduction of new more descriptive variables for the Ansible configuration caused a few of the pipelines to fail.

No support for a Linux utility VM in the workload zone deployment.

No support for systemd based SAP deployments which are default for the newer OS and Kernel

No support for configuring Ansible 2.15 on the deployer.

General improvements for the deployment of infrastructure wrapper scripts and pipelines

Solution

Refactor the code to add backward compatibility functionality that will allow for the successful execution of the pipelines.

Add support for Linux utility VM in the workload zone deployment.

Add support for systemd based SAP deployments which are default for the newer OS and Kernel

Add support for configuring Ansible 2.15 on the deployer.

General improvements for the deployment of infrastructure wrapper scripts and pipelines

Testing

All solutions and improvements have been tested using the SDAF deployment pipelines and the command line to ensure they work effectively.

Feedback

We appreciate your feedback and are committed to continuously enhancing your experience with our product.
Please feel free to reach out if you have any questions or require further assistance via issues or discussions.

Additional Notes

For troubleshooting issues with the framework, please refer to the troubleshooting document.

Full Changelog: v3.10.0.0...v3.10.1.0

Release 3.10.0.0

Release v3.10.0.0

Notes

• Support for SBD and ISCSI based stonith devices
• ACSS registration playbook
• Ability to provision separate PPG for Application and DB servers
• Ability to restore encrypted Db2 database restores
• Azure scheduled events support for RHEL
• General performance and readability improvements

Testing

All solutions and improvements have been tested using the SDAF deployment pipelines and the command line to ensure they work effectively.

Feedback

We appreciate your feedback and are committed to continuously enhancing your experience with our product.
Please feel free to reach out if you have any questions or require further assistance via issues or discussions.

Additional Notes

For troubleshooting issues with the framework, please refer to the troubleshooting document.