I want to try out Ansible automation for SAP where we automate SAP start/stop, Oracle DB start/stop processes. I’m able to achieve this by creating playbooks, using become method to change user and establishing open SSH connection from root of Ansible control node to root of SAP managed host. Now I have a new requirement to use a non-root user in control node and managed host. However, I noticed that when I use the non-root user, I’m not able to get the correct environment variables required to start/stop SAP as adm user. I want to know what is the best way to achieve this and also about the best practices when it comes to automating SAP tasks using Ansible. Looking forward to your replies.
Thank you. Is there a way we can use non-root user and carry out administrative tasks in Ansible system? Also, what are the best practices for using Ansible in SAP?
Thank you. Is there a way we can use non-root user and carry out administrative tasks in Ansible system?
Not sure what you mean.
Very generally speaking one should not be able to do administrative
tasks as a non-root user.
What do you mean by "Ansible system"? The controller node? Or the
managed node(s)?
You should not run ansible (playbooks) as root on the controller node,
as this is both not needed and insecure.
As for the managed nodes, it depends on the "administrative tasks" you
want to carry out.
Do they need privilege escalation (i.e. sudo etc)?
Also, what are the best practices for using Ansible in SAP?
Ansible is "just" an automation tool, so this question basically
translates to "what are the best practices for administrating SAP?".
I don't know the answer to that, but given that SAP is commercial
software, that usually comes with documentation and support.
That would be the place where I would look.
Thank you for your response. What are the different use cases of Ansible in automating SAP related tasks? For example, I have automated the task of upgrading the SAP kernel using Ansible. The upgrade of SAP kernel involves starting, stopping SAP application from the command line and extracting a few packages, changing ownerships etc. These tasks are easily managed with the help of Ansible now.