Skip to content

sap_hana_install: simplified and more flexible SELinux and fapolicyd handling #1136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Dec 3, 2025
Merged

sap_hana_install: simplified and more flexible SELinux and fapolicyd handling #1136

merged 14 commits into from
Dec 3, 2025

Conversation

@berndfinger
Copy link
Member

@berndfinger berndfinger commented Nov 27, 2025

Changes in this PR:

  • Unify the definition of SELinux and fapolicyd directories
  • Add an option to enable and start fapolicyd after the installation of SAP HANA (default is now not to enable and not to start it)

Solves issue #1134.

@berndfinger
sap_hana_install: SELinux and fapolicyd handling
f86320b 
- unify the definition of SELinux and fapolicyd directories
- add an option to enable and start fapolicyd after the installation of
  SAP HANA (default is now not to enable and not to start it)

Solves issue sap-linuxlab#1134.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
sap_hana_install: Fix ansible-lint
1f636fc 
Relates to sap-linuxlab#1134.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
sap_hana_install: Fix codespell
5ff835a 
Relates to sap-linuxlab#1134.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
sap_hana_install: Add assertion for sap_hana_install_directories
ba6457c 
Also rename a loop variable.

Relates to #sap-linuxlab#1134.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
sap_hana_install: use only a list of dicts for selinux_fcontexts
bf75243 
Relates to sap-linuxlab#1134.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
sap_hana_install: Rename sap_hana_install_use_fapolicyd
ed3b4ee 
... to sap_hana_install_configure_fapolicy.

Relates to sap-linuxlab#1134.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
sap_hana_install: Rename sap_hana_install_modify_selinux_labels
1cebedd 
... to sap_hana_install_configure_selinux

Relates to sap-linuxlab#1134.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
sap_hana_install: Further improvements
261da32 
- Ensure backward compatibility with selinux and fapolicyd variables
- Fix typo in fapolicyd var names
- Improve explanation section for selinux var in defaults/main.yml

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
sap_hana_install: Remove superfluous when condition
c4ea37d 
Relates to sap-linuxlab#1134.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
sap_hana_install: Further improvements
1e6a660 
- Move variable preparation, including assertions, to separate task file
- Set the default for starting fapolicyd to 'true'

Relates to sap-linuxlab#1134.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
sap_hana_preconfigure: No longer mention ssh in debug message
4798277 
It should be sufficient to display the local command to be executed on
the managed node.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
sap_hana_preconfigure: Prioritize old selinux and faplicyd vars
0235088 
If sap_hana_install_modify_selinux_labels is defined in a playbook or inventory,
use that one instead of sap_hana_install_configure_selinux (which is also defined
in defaults/main.ylm).

If sap_hana_install_use_fapolicyd is defined in a playbook or inventory,
use that one instead of sap_hana_install_configure_fapolicyd (which is also defined
in defaults/main.ylm).

As a consequence, when using the new variables, the old ones should be
removed from the playbook or inventory - otherwise, the new variables
will be ignored.

Relates to sap-linuxlab#1134.

Signed-off-by: Bernd Finger <[email protected]>
@berndfinger
sap_hana_install: Fix linting error
b71a371 
Signed-off-by: Bernd Finger <[email protected]>
marcelmamula
marcelmamula approved these changes Dec 1, 2025
View reviewed changes
Copy link
Contributor

@marcelmamula marcelmamula left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM from code perspective, @ja9fuchs will do testing and review.

ja9fuchs
ja9fuchs reviewed Dec 2, 2025
View reviewed changes
ja9fuchs
ja9fuchs reviewed Dec 2, 2025
View reviewed changes
ja9fuchs
ja9fuchs approved these changes Dec 3, 2025
View reviewed changes
Copy link
Contributor

@ja9fuchs ja9fuchs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM and run a basic test on an existing instance.

@berndfinger berndfinger merged commit b2c2683 into sap-linuxlab:dev Dec 3, 2025
18 checks passed
@berndfinger berndfinger deleted the combine-selinux-and-fapolicyd-dir-definitions-02 branch December 3, 2025 13:27
@berndfinger berndfinger mentioned this pull request Dec 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ja9fuchs ja9fuchs ja9fuchs approved these changes

@marcelmamula marcelmamula marcelmamula approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@berndfinger @ja9fuchs @marcelmamula