Skip to content

v3.14.0.0

Latest
Latest
Compare
Choose a tag to compare
@hdamecharla hdamecharla released this 31 Dec 16:16
v3.14.0.0
633d5c4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Problem

This pull request enhances infrastructure configuration and security workflows.

High Availability Enhancements

  • Added HANA active/read-enabled system replication in Pacemaker clusters:

    • Added second front-end to HDB load balancer with separate health probe/rule
    • Configured HANA replication with logreplay_readaccess mode
    • Added Pacemaker resource g_secip_

  • Implemented SAPHanaSR-angi resource agent integration:

    • Introduced use_sles_saphanasr_angi (terraform) and use_hanasr_angi (ansible) variables for SAPHanaSR-angi resource agent configuration

  • Added DB2 cluster properties for RHEL8:

    • Implemented resource priority
    • Set fence delay of 15s

  • Changed enqueue replication configuration:

    • Updated keepalive parameter to uppercase
    • Set priority for primary IPaddr2 and azure-lb resources with priority-fencing-delay
    • Reset failcounts using crm resource clear post-configuration

  • bugfix: Fixed sapadm user creation

Infrastructure Management

  • Enhanced network configuration:

    • Added *_flow_timeout_in_minutes for management/workload zone VNETs (default: null)
    • Added network_enable_route_propagation for subnet route tables (default: true)
    • Renamed agent_network_id to additional_network_id
    • Added IPTags support for public IP addresses

  • Improved storage account management:

    • Added data_plane_available for access control
    • Updated scripts to remove/reimport state file resources for schema updates

  • Added resource naming flexibility:

    • Introduced custom_random_id for resource name suffixes
    • Removed DEPLOYER_RANDOM_ID and LIBRARY_RANDOM_ID dependencies

DevOps and Security

  • Streamlined deployment pipelines:

    • Replaced inline bash scripts with external files
    • Added helper functions and FORCE_RESET parameter
    • Enhanced debug/warning logging
    • Updated environment variable names

  • Updated Ansible configuration:

    • Standardized ANSIBLE_COLLECTIONS_PATH
    • Improved retry logic and delays
    • Enhanced iSCSI configuration tasks
    • Updated Key Vault to use lowercase vault names
    • Removed VC++ 2013 component

  • Added security workflows:

    • dependabot.yml for Actions, NuGet, npm updates
    • codeql.yml for C#, JavaScript, Python vulnerability detection
    • dependency-review.yml for PR scanning
    • ossf-scorecard.yml with harden-runner
    • trivy.yml for vulnerability scanning
    • Pre-commit hooks: gitleaks, shellcheck, eslint, pylint
Assets 2
Loading