sap.sap_operations.hdbuserstore module – Manage the HANA user store (HANA command hdbuserstore)
Note
This module is part of the sap.sap_operations collection.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install sap.sap_operations.
You need further requirements to be able to use this module,
see Requirements for details.
To use it in a playbook, specify: sap.sap_operations.hdbuserstore.
New in sap.sap_operations 1.0.0
Synopsis
Manage the HANA user store (HANA command hdbuserstore) Get and set HANA user store records.
Requirements
The below requirements are needed on the host that executes this module.
python >= 3.6
Parameters
Parameter |
Comments |
|---|---|
Custom path of the hdbuserstore binary. Variable binary_path is required if hdbuserstore command cannot be found in PATH environment variable (with user running the module). See examples section to find several ways not to provide value for this variable. Default: |
|
Database location (host:port).
Required only if |
|
If true the key will be updated even if already exists. Used to update password. If set to false (default value) module will return OK, but will not update the key, key will be created only if it does not exists Choices:
|
|
Manage the key. |
|
Password for the hdb store username. Required only if you set new key, state=present |
|
If present the key will be created, removed otherwise. Choices:
|
|
Username for the hdb store
Required only if you set new key, |
Attributes
Attribute |
Support |
Description |
|---|---|---|
Support: full |
Can run in check_mode and return changed status prediction without modifying target, if not supported the action will be skipped. |
|
Support: none |
Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode |
|
Platform: posix |
Target OS/families that can be operated against |
Notes
Note
Variable binary_path is required, because hdbuserstore command cannot be found in $PATH environment variable. If running ansible module using become directive with <hanasid>adm user and flag ‘-i’ (interactive - meaning load all environment for the user) ansible modules fail. This is due to the fact that <hanasid>adm user sets environment variables PYTHONHOME and PYTHONPATH (to use HANA python, not platform python) that confuses ansible. And also HANA python might not have all the necessary packages installed to run ansible module. In that case hdbuserstore command will not be in PATH environment variable for <hanasid>adm user and binary_path has to be provided.
There are several workaround around this unpleasant situation. First one is recommended.
Workaround 1 (recommended)
Run hdbsuserstore module with <hanasid>adm user with ‘-i’ (interactive) flag like so
name: Set the key mykey
sap.sap_operations.hdbuserstore:
key: mykey
env: localhost:30113
username: myuser
password: mypassword
become: true
become_user: <hanasid>adm
become_flags: -i
vars:
ansible_python_interpreter: ‘/usr/libexec/platform-python -E’
Option ‘-E’ for python interpreter will ignore all PYTHON environment variables, so ansible will run platform python without any problems. Variable ansible_python_interpreter have to be set to value “/usr/libexec/platform-python -E” on all RHEL versions for any ansible module execution when using become directive for <hanasid>adm user with become flag ‘-i’.
ansible_python_interpreter: “/usr/libexec/platform-python -E” can be set at task level (as above), at play level, or be set as host variable either in inventory file or as task in playbook:
To use other SAP HANA related ansible modules (for instances hana_system_replication_info), this is the only option, because other modules might not have parameters to accommodate for binary tool path.
Workaround 2 (only for hdbuserstore module)
Do not use interactive flag when becoming <hanasid>adm user.
name: Set the key mykey
sap.sap_operations.hdbuserstore:
key: mykey
env: localhost:30113
username: myuser
password: mypassword
binary_path: /usr/sap/HAN/SYS/exe/hdb
become: true
become_user: <hanasid>adm
In that case hdbuserstore command will not be in PATH environment variable for <hanasid>adm user and binary_path has to be provided.
Workaround 3 (only for hdbuserstore module)
Do not use interactive flag when becoming <hanasid>adm user. But do not want to provide value for variable binary_path.
In that case value for binary_path can be extracted from HANA parameter DIR_EXECUTABLE that one can get with parameter_info module
name: Get DIR_EXECUTABLE
sap.sap_operations.parameter_info:
instance_number: 00
name: DIR_EXECUTABLE
become: true
become_user: <hanasid>adm
register: __DIR_EXECUTABLE
name: Set the key mykey
sap.sap_operations.hdbuserstore:
key: mykey
env: localhost:30113
username: myuser
password: mypassword
binary_path: ‘{{ __DIR_EXECUTABLE.parameter_value[0] }}’
become: true
become_user: <hanasid>adm
Examples
---
- name: Set the key mykey (recommended way, see notes)
sap.sap_operations.hdbuserstore:
key: mykey
env: "localhost:30113"
username: myuser
password: mypassword
become: true
become_user: <hanasid>adm
become_flags: -i
vars:
ansible_python_interpreter: "/usr/libexec/platform-python -E"
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
HDB env name Returned: When state is Sample: |
|
HDB key name Returned: always Sample: |
|
HDB username for key Returned: When state is Sample: |