diff --git a/CHANGELOG.md b/CHANGELOG.md index ec9782f..9c667bf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Changelog - sqlserveralwayson # -## Version 2.0.0 +## Unreleased ## +- **BREAKING CHANGE** : Changed all module parameters to lowercase to comply with puppet guidelines. +- Compliance with puppet language style guide and puppet forge standards. +- Added _Issues_ URL in puppet forge metadata. + +## Version 2.0.0 ## - **BREAKING CHANGE** : Require puppetlabs/dsc compiled with SQLServerDSC >= 10.0.0.0 - **BREAKING CHANGE** : Changed $sqlservicecredential_username and $sqlagentservicecredential_username format. User accounts now required **WITHOUT** Netbios Domain Name prefix. - **BREAKING CHANGE** : Removed $domainName class parameter. Used facts instead. @@ -8,8 +13,8 @@ - Changed database availability mode to SynchronousCommit -## Version 1.1.0 +## Version 1.1.0 ## - Module compatible with xSQLServer <= 9.0.0.0 -## Version 1.0.0 +## Version 1.0.0 ## - Initial release diff --git a/README.markdown b/README.markdown index 26097d4..42eacc7 100644 --- a/README.markdown +++ b/README.markdown @@ -7,39 +7,39 @@ This modules installs a fully working Microsoft SQL Server AlwaysOn cluster. It - AlwaysOn configuration (availability group, server endpoints, availability group listener) on both primary and replica nodes. -## Integration informations +## Integration informations ## The default MSSQLSERVER SQL Server instance is created during installation. This module does not provide the capability to create other SQL instances. The database failover mecanism integrated in this module is SQL Server AlwaysOn. The module can be installed on a Standard, Datacenter, Core version of Windows 2012R2 or Windows 2016. -**BREAKING CHANGE :** This module requires puppetlabs/dsc compiled with SQLServerDSC >= 10.0.0.0 +This module requires puppetlabs/dsc compiled with SQLServerDSC >= 10.0.0.0 -## Usage -- **setup_svc_username** : (string) Privileged account used by Puppet for installing the software and creating the failover cluster (spn creation, computer registration, local administrator privilèges needed) -- **setup_svc_password** : (string) Password of the privileged account. Should be encrypted with hiera-eyaml. -- **setupdir** : (string) Path of a folder containing the SQL Server installer (unarchive the ISO image in this folder). -- **sa_password** : (string) SQL Server SA password for mixed mode SQL authentication configuration. -- **productkey** : (string)(optionnal) Product key for licensed installations. -- **sqlservicecredential_username** : (String) Domain service account for the SQL service **WITHOUT** Netbios Domain Name prefix. The account will be automatically created in Active Directory by the module. MSSQLSvc/fqdn_of_sql_server_node SPN will be associated with the service account. -- **sqlservicecredential_password** : (String) : Password of the service account for the SQL service. Should be encrypted with hiera-eyaml. -- **sqlagentservicecredential_username** : (String) Domain service account for the SQL Agent service **WITHOUT** Netbios Domain Name prefix. The account will be automatically created in Active Directory by the module. -- **sqlagentservicecredential_password** : (String) Password of the service account for the SQL Agent service. Should be encrypted with hiera-eyaml. -- **sqladministratoraccounts** : (String[] Array) : Array of accounts to be made SQL administrators. -- **sqluserdbdir** : (String)(optionnal) Path for SQL database files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data' -- **sqluserdblogdir** : (String)(optionnal) Path for SQL log files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data' -- **sqlbackupdir** : (String)(optionnal) Path for SQL backup files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Backup' -- **sqltempdbdir** : (String)(optionnal) Path for SQL TempDB files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data' -- **sqltempdblogdir** : (String)(optionnal) Path for SQL TempDB log files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data' -- **clusterName** : (String) Failover cluster name. -- **clusterIP** : (String) Failover cluster IP address. -- **fileShareWitness** : (String) Fileshare witness UNC path in the format'\\witness.company.local\witness$'. Needs to be writable by SQL nodes. -- **listenerIP** : (String) The IP address used for the availability group listener, in the format 192.168.10.45/255.255.252.0. -- **role** : (String) Needs to be 'primary' for primary SQL nodes or 'secondary' for SQL replica nodes +## Usage ## +- **`[String]` setup_svc_username** _(Required)_: Privileged account used by Puppet for installing the software and creating the failover cluster (spn creation, computer registration, local administrator privilèges needed) +- **`[String]` setup_svc_password** _(Required)_: Password of the privileged account. Should be encrypted with hiera-eyaml. +- **`[String]` setupdir** _(Required)_: Path of a folder containing the SQL Server installer (unarchive the ISO image in this folder). +- **`[String]` sa_password** _(Required)_: SQL Server SA password for mixed mode SQL authentication configuration. +- **`[String]` productkey** _(Optional)_: Product key for licensed installations. +- **`[String]` sqlservicecredential_username** _(Required)_: Domain service account for the SQL service **WITHOUT** Netbios Domain Name prefix. The account will be automatically created in Active Directory by the module. MSSQLSvc/fqdn_of_sql_server_node SPN will be associated with the service account. +- **`[String]` sqlservicecredential_password** _(Required)_: Password of the service account for the SQL service. Should be encrypted with hiera-eyaml. +- **`[String]` sqlagentservicecredential_username** _(Required)_: Domain service account for the SQL Agent service **WITHOUT** Netbios Domain Name prefix. The account will be automatically created in Active Directory by the module. +- **`[String]` sqlagentservicecredential_password** _(Required)_: Password of the service account for the SQL Agent service. Should be encrypted with hiera-eyaml. +- **`[String Array]` sqladministratoraccounts** _(Required)_: Array of accounts to be made SQL administrators. +- **`[String]` sqluserdbdir** _(Optional)_: Path for SQL database files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data' +- **`[String]` sqluserdblogdir** _(Optional)_: Path for SQL log files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data' +- **`[String]` sqlbackupdir** _(Optional)_: Path for SQL backup files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Backup' +- **`[String]` sqltempdbdir** _(Optional)_: Path for SQL TempDB files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data' +- **`[String]` sqltempdblogdir** _(Optional)_: Path for SQL TempDB log files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data' +- **`[String]` clustername** _(Required)_: Failover cluster name. +- **`[String]` clusterip** _(Required)_: Failover cluster IP address. +- **`[String]` fileSharewitness** _(Required)_: Fileshare witness UNC path in the format `\\witness.company.local\witness$`. Needs to be writable by SQL nodes. +- **`[String]` listenerip** _(Required)_: The IP address used for the availability group listener, in the format `192.168.10.45/255.255.252.0`. +- **`[String (primary|secondary)]` role** _(Required)_: Needs to be 'primary' for primary SQL nodes or 'secondary' for SQL replica nodes -## Installing a Microsoft SQL Server AlwaysOn cluster +## Installing a Microsoft SQL Server AlwaysOn cluster ## The following example creates a 2 nodes SQL Server Always On Availability group : - SQL Server is installed on both nodes using the privileged **DOMAIN-TEST\svc-puppet** account. - SQL Server service and agent are configured to run using the **DOMAIN-TEST\svc-sql-puppet** service account. @@ -49,51 +49,51 @@ The following example creates a 2 nodes SQL Server Always On Availability group The replica node is installed with the same parameters and joined to the **CLDB01** windows failover cluster and to the Avalability Group. **Notice the role => 'secondary'** which defines the role of the node. -### Sample architecture : +### Sample architecture : ### ![Sample SQL Server Always On architecture](https://virtualdesktopdevops.github.io/images/sql-server-always-on-architecture.jpg) -### Sample Puppet code : +### Sample Puppet code : ### ~~~puppet #Primary node node 'SQL01' { - class{'sqlserveralwayson': - setup_svc_username=>'DOMAIN-TEST\svc-puppet', - setup_svc_password=>'P@ssw0rd', - setupdir=>'\\fileserver.local\SQLServer2012.en', - sa_password=>'P@ssw0rd', - productkey => 'key-key-key', - sqlservicecredential_username => 'svc-sql-puppet', - sqlservicecredential_password=>'P@ssw0rd', - sqlagentservicecredential_username => 'svc-sql-puppet', - sqlagentservicecredential_password => 'P@ssw0rd', - sqladministratoraccounts => [ 'DOMAIN-TEST\svc-puppet', 'DOMAIN-TEST\Administrator' ], - clusterName => 'CLDB01', - clusterIP => '192.168.1.60', - fileShareWitness=> '\\192.168.1.10\quorum', - listenerIP => '192.168.1.61/255.255.255.0', - role => 'primary' - } + class{'sqlserveralwayson': + setup_svc_username =>'DOMAIN-TEST\svc-puppet', + setup_svc_password =>'P@ssw0rd', + setupdir =>'\\fileserver.local\SQLServer2012.en', + sa_password =>'P@ssw0rd', + productkey => 'key-key-key', + sqlservicecredential_username => 'svc-sql-puppet', + sqlservicecredential_password =>'P@ssw0rd', + sqlagentservicecredential_username => 'svc-sql-puppet', + sqlagentservicecredential_password => 'P@ssw0rd', + sqladministratoraccounts => [ 'DOMAIN-TEST\svc-puppet', 'DOMAIN-TEST\Administrator' ], + clustername => 'CLDB01', + clusterip => '192.168.1.60', + filesharewitness => '\\192.168.1.10\quorum', + listenerip => '192.168.1.61/255.255.255.0', + role => 'primary' + } } #Replica node node 'SQL02' { - class{'sqlserveralwayson': - setup_svc_username=>'DOMAIN-TEST\svc-puppet', - setup_svc_password=>'P@ssw0rd', - setupdir=>'\\fileserver.local\SQLServer2012.en', - sa_password=>'P@ssw0rd', - productkey => 'key-key-key', - sqlservicecredential_username => 'svc-sql-puppet', - sqlservicecredential_password=>'P@ssw0rd', - sqlagentservicecredential_username => 'svc-sql-puppet', - sqlagentservicecredential_password => 'P@ssw0rd', - sqladministratoraccounts => [ 'DOMAIN-TEST\svc-puppet', 'DOMAIN-TEST\Administrator' ], - clusterName => 'CLDB01', - clusterIP => '192.168.1.60', - fileShareWitness=> '\\192.168.1.10\quorum', - listenerIP => '192.168.1.61/255.255.255.0', - role => 'secondary' - } + class{'sqlserveralwayson': + setup_svc_username =>'DOMAIN-TEST\svc-puppet', + setup_svc_password =>'P@ssw0rd', + setupdir =>'\\fileserver.local\SQLServer2012.en', + sa_password =>'P@ssw0rd', + productkey => 'key-key-key', + sqlservicecredential_username => 'svc-sql-puppet', + sqlservicecredential_password =>'P@ssw0rd', + sqlagentservicecredential_username => 'svc-sql-puppet', + sqlagentservicecredential_password => 'P@ssw0rd', + sqladministratoraccounts => [ 'DOMAIN-TEST\svc-puppet', 'DOMAIN-TEST\Administrator' ], + clustername => 'CLDB01', + clusterip => '192.168.1.60', + filesharewitness => '\\192.168.1.10\quorum', + listenerip => '192.168.1.61/255.255.255.0', + role => 'secondary' + } } ~~~ diff --git a/manifests/alwaysonconfig.pp b/manifests/alwaysonconfig.pp index 597235d..8c1046f 100644 --- a/manifests/alwaysonconfig.pp +++ b/manifests/alwaysonconfig.pp @@ -1,91 +1,94 @@ +#Class configuring Microsoft SQL Server AlwaysOn feature class sqlserveralwayson::alwaysonconfig inherits sqlserveralwayson { #Enable AlwaysOn on MSSQL service dsc_sqlalwaysonservice{'EnableAlwaysOn': - dsc_ensure => 'Present', - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - dsc_restarttimeout => 15, - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - }-> + dsc_ensure => 'Present', + dsc_servername => $facts['hostname'], + dsc_instancename => 'MSSQLSERVER', + dsc_restarttimeout => 15, + dsc_psdscrunascredential => {'user' => $sqlserveralwayson::setup_svc_username, 'password' => $sqlserveralwayson::setup_svc_password} + } # Adding the required service account to allow the cluster to log into SQL - dsc_sqlserverlogin{'AddNTServiceClusSvc': - dsc_ensure => 'Present', - dsc_name => 'NT SERVICE\ClusSvc', - dsc_logintype => 'WindowsUser', - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - }-> +->dsc_sqlserverlogin{'AddNTServiceClusSvc': + dsc_ensure => 'Present', + dsc_name => 'NT SERVICE\ClusSvc', + dsc_logintype => 'WindowsUser', + dsc_servername => $facts['hostname'], + dsc_instancename => 'MSSQLSERVER', + dsc_psdscrunascredential => {'user' => $sqlserveralwayson::setup_svc_username, 'password' => $sqlserveralwayson::setup_svc_password} + } # Add the required permissions to the cluster service login - dsc_sqlserverpermission{'AddNTServiceClusSvcPermissions': - dsc_ensure => 'Present', - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - dsc_principal => 'NT SERVICE\ClusSvc', - dsc_permission => ['AlterAnyAvailabilityGroup', 'ViewServerState'], - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - }-> +->dsc_sqlserverpermission{'AddNTServiceClusSvcPermissions': + dsc_ensure => 'Present', + dsc_servername => $facts['hostname'], + dsc_instancename => 'MSSQLSERVER', + dsc_principal => 'NT SERVICE\ClusSvc', + dsc_permission => ['AlterAnyAvailabilityGroup', 'ViewServerState'], + dsc_psdscrunascredential => {'user' => $sqlserveralwayson::setup_svc_username, 'password' => $sqlserveralwayson::setup_svc_password} + } - dsc_sqlserverendpoint{'SQLServerEndpoint': - dsc_endpointname => 'HADR', - dsc_ensure => 'Present', - dsc_port => '5022', - dsc_servername => $fqdn, - dsc_instancename => 'MSSQLSERVER', - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - }-> +->dsc_sqlserverendpoint{'SQLServerEndpoint': + dsc_endpointname => 'HADR', + dsc_ensure => 'Present', + dsc_port => '5022', + dsc_servername => $facts['fqdn'], + dsc_instancename => 'MSSQLSERVER', + dsc_psdscrunascredential => {'user' => $sqlserveralwayson::setup_svc_username, 'password' => $sqlserveralwayson::setup_svc_password} + } - dsc_sqlserverendpointpermission{'SQLConfigureEndpointPermission': - dsc_ensure => 'Present', - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - dsc_name => 'HADR', - dsc_principal => "${domainnetbiosname}\\$sqlservicecredential_username", - dsc_permission => 'CONNECT', - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} +->dsc_sqlserverendpointpermission{'SQLConfigureEndpointPermission': + dsc_ensure => 'Present', + dsc_servername => $facts['hostname'], + dsc_instancename => 'MSSQLSERVER', + dsc_name => 'HADR', + dsc_principal => "${facts['domainnetbiosname']}\\${sqlserveralwayson::sqlservicecredential_username}", + dsc_permission => 'CONNECT', + dsc_psdscrunascredential => {'user' => $sqlserveralwayson::setup_svc_username, 'password' => $sqlserveralwayson::setup_svc_password} } - if ( $role == 'primary' ) { - # Create the availability group on the instance tagged as the primary replica + if ( $sqlserveralwayson::role == 'primary' ) { + # Create the availability group on the instance tagged as the primary replica dsc_sqlag{'CreateSQLAvailabilityGroup': - dsc_ensure => 'Present', - dsc_name => $clusterName, - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - dsc_availabilitymode => 'SynchronousCommit', - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => [ Dsc_sqlalwaysonservice['EnableAlwaysOn'] , Dsc_sqlserverendpoint['SQLServerEndpoint'] ] + dsc_ensure => 'Present', + dsc_name => $sqlserveralwayson::clustername, + dsc_servername => $facts['hostname'], + dsc_instancename => 'MSSQLSERVER', + dsc_availabilitymode => 'SynchronousCommit', + dsc_psdscrunascredential => {'user' => $sqlserveralwayson::setup_svc_username, 'password' => $sqlserveralwayson::setup_svc_password}, + require => [ Dsc_sqlalwaysonservice['EnableAlwaysOn'] , Dsc_sqlserverendpoint['SQLServerEndpoint'] ] } dsc_sqlaglistener{'AvailabilityGroupListener': - dsc_ensure => 'Present', - dsc_servername => $fqdn, - dsc_instancename => 'MSSQLSERVER', - dsc_availabilitygroup => $clusterName, - dsc_name => "${clusterName}LI", - dsc_ipaddress => $listenerIP, - dsc_port => 1433, - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => [ Dsc_sqlag['CreateSQLAvailabilityGroup'] ] + dsc_ensure => 'Present', + dsc_servername => $facts['fqdn'], + dsc_instancename => 'MSSQLSERVER', + dsc_availabilitygroup => $sqlserveralwayson::clustername, + dsc_name => "${sqlserveralwayson::clustername}LI", + dsc_ipaddress => $sqlserveralwayson::listenerip, + dsc_port => 1433, + dsc_psdscrunascredential => {'user' => $sqlserveralwayson::setup_svc_username, 'password' => $sqlserveralwayson::setup_svc_password}, + require => [ Dsc_sqlag['CreateSQLAvailabilityGroup'] ] } } else { - dsc_sqlagreplica{'SQLAvailabilityGroupAddReplica': - dsc_ensure => 'Present', - dsc_name => $hostname, - dsc_availabilitygroupname => $clusterName, - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - dsc_primaryreplicaservername => $clusterName, - dsc_primaryreplicainstancename => 'MSSQLSERVER', - dsc_endpointhostname => $hostname, - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => [ Dsc_sqlalwaysonservice['EnableAlwaysOn'] , Dsc_sqlserverendpoint['SQLServerEndpoint'] ] + dsc_ensure => 'Present', + dsc_name => $facts['hostname'], + dsc_availabilitygroupname => $sqlserveralwayson::clustername, + dsc_servername => $facts['hostname'], + dsc_instancename => 'MSSQLSERVER', + dsc_primaryreplicaservername => $sqlserveralwayson::clustername, + dsc_primaryreplicainstancename => 'MSSQLSERVER', + dsc_endpointhostname => $facts['hostname'], + dsc_psdscrunascredential => { + 'user' => $sqlserveralwayson::setup_svc_username, + 'password' => $sqlserveralwayson::setup_svc_password + }, + require => [ Dsc_sqlalwaysonservice['EnableAlwaysOn'] , Dsc_sqlserverendpoint['SQLServerEndpoint'] ] } } } diff --git a/manifests/clusterconfig.pp b/manifests/clusterconfig.pp index 032b29b..b535660 100644 --- a/manifests/clusterconfig.pp +++ b/manifests/clusterconfig.pp @@ -1,35 +1,42 @@ +#Class configuring Windows failover cluster which is a foundation for SQL Server AlwaysOn feature class sqlserveralwayson::clusterconfig inherits sqlserveralwayson { - if ( $role == 'primary' ) { + if ( $sqlserveralwayson::role == 'primary' ) { #Failover cluster creation dsc_xcluster{'CreateFailoverCluster': - dsc_name => $clusterName, - dsc_staticipaddress => $clusterIP, - dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + dsc_name => $sqlserveralwayson::clustername, + dsc_staticipaddress => $sqlserveralwayson::clusterip, + dsc_domainadministratorcredential => { + 'user' => $sqlserveralwayson::setup_svc_username, + 'password' => $sqlserveralwayson::setup_svc_password + } } #File share whitness configuration #Warning, bug https://github.com/PowerShell/xFailOverCluster/issues/35 on Windows 2016 dsc_xclusterquorum{'SetQuorumToNodeAndDiskMajority': dsc_issingleinstance => 'Yes', - dsc_type => 'NodeAndFileShareMajority', - dsc_resource => $fileShareWitness, - require => Dsc_xcluster['CreateFailoverCluster'] + dsc_type => 'NodeAndFileShareMajority', + dsc_resource => $sqlserveralwayson::filesharewitness, + require => Dsc_xcluster['CreateFailoverCluster'] } } else { dsc_xwaitforcluster{'SecondaryReplicaWaitForCluster': - dsc_name => $clusterName, + dsc_name => $sqlserveralwayson::clustername, dsc_retryintervalsec => 10, - dsc_retrycount => 6 + dsc_retrycount => 6 } dsc_xcluster{'JoinCluster': - dsc_name => $clusterName, - dsc_staticipaddress => $clusterIP, - dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => Dsc_xwaitforcluster['SecondaryReplicaWaitForCluster'] + dsc_name => $sqlserveralwayson::clustername, + dsc_staticipaddress => $sqlserveralwayson::clusterip, + dsc_domainadministratorcredential => { + 'user' => $sqlserveralwayson::setup_svc_username, + 'password' => $sqlserveralwayson::setup_svc_password + }, + require => Dsc_xwaitforcluster['SecondaryReplicaWaitForCluster'] } } } diff --git a/manifests/config.pp b/manifests/config.pp index d650f0f..bf118e4 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,47 +1,48 @@ +#Class configuring SQL Server and system settings after installation class sqlserveralwayson::config inherits sqlserveralwayson { - #Network configuration - dsc_sqlservernetwork{ 'ConfigureSQLNetwork': - dsc_instancename => 'MSSQLSERVER', - dsc_protocolname => "tcp", - dsc_isenabled => true, - dsc_tcpport => '1433', - dsc_restartservice => true - } + #Network configuration + dsc_sqlservernetwork{ 'ConfigureSQLNetwork': + dsc_instancename => 'MSSQLSERVER', + dsc_protocolname => 'tcp', + dsc_isenabled => true, + dsc_tcpport => '1433', + dsc_restartservice => true + } - #Windows Firewall configuration - dsc_sqlwindowsfirewall{'CreateFirewallRules': - dsc_ensure => 'Present', - dsc_features => 'SQLENGINE,AS', - dsc_instancename => 'MSSQLSERVER', - dsc_sourcepath => $setupdir, - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - } + #Windows Firewall configuration + dsc_sqlwindowsfirewall{'CreateFirewallRules': + dsc_ensure => 'Present', + dsc_features => 'SQLENGINE,AS', + dsc_instancename => 'MSSQLSERVER', + dsc_sourcepath => $sqlserveralwayson::setupdir, + dsc_psdscrunascredential => {'user' => $sqlserveralwayson::setup_svc_username, 'password' => $sqlserveralwayson::setup_svc_password} + } - #Disable UAC - #dsc_xuac{'UACNeverNotifyAndDisableAll': - # dsc_setting => 'NeverNotifyAndDisableAll' - #} + #Disable UAC + #dsc_xuac{'UACNeverNotifyAndDisableAll': + # dsc_setting => 'NeverNotifyAndDisableAll' + #} - #Admin access configuration - dsc_sqlserverlogin{'DomainAdminsLogin': - dsc_ensure => 'Present', - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - dsc_name => "${domainnetbiosname}\\Domain Admins", - dsc_logintype => 'WindowsGroup', - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - } + #Admin access configuration + dsc_sqlserverlogin{'DomainAdminsLogin': + dsc_ensure => 'Present', + dsc_servername => $facts['hostname'], + dsc_instancename => 'MSSQLSERVER', + dsc_name => "${facts['domainnetbiosname']}\\Domain Admins", + dsc_logintype => 'WindowsGroup', + dsc_psdscrunascredential => {'user' => $sqlserveralwayson::setup_svc_username, 'password' => $sqlserveralwayson::setup_svc_password} + } - dsc_sqlserverrole{'AddDomainAdminsSQLSysadmin': - dsc_ensure => 'Present', - dsc_serverrolename => 'sysadmin', - dsc_memberstoinclude => "${domainnetbiosname}\\Domain Admins", - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - require => Dsc_sqlserverlogin['DomainAdminsLogin'], - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - } + dsc_sqlserverrole{'AddDomainAdminsSQLSysadmin': + dsc_ensure => 'Present', + dsc_serverrolename => 'sysadmin', + dsc_memberstoinclude => "${facts['domainnetbiosname']}\\Domain Admins", + dsc_servername => $facts['hostname'], + dsc_instancename => 'MSSQLSERVER', + require => Dsc_sqlserverlogin['DomainAdminsLogin'], + dsc_psdscrunascredential => {'user' => $sqlserveralwayson::setup_svc_username, 'password' => $sqlserveralwayson::setup_svc_password} + } #Service account access configuration. Mandatory for AlwaysOn replica login capability on HADR server endpoint dsc_sqlserverlogin{'ServiceAccountLogin': diff --git a/manifests/init.pp b/manifests/init.pp index dc86356..ee178e2 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -12,39 +12,36 @@ # class sqlserveralwayson( $setup_svc_username, - $setup_svc_password, - $setupdir, - $sa_password, #SA password for mixed mode SQL authentication - $productkey = '', - $sqlservicecredential_username, - $sqlservicecredential_password, - $sqlagentservicecredential_username, - $sqlagentservicecredential_password, + $setup_svc_password, + $setupdir, + $sa_password, #SA password for mixed mode SQL authentication + $sqlservicecredential_username, + $sqlservicecredential_password, + $sqlagentservicecredential_username, + $sqlagentservicecredential_password, $sqladministratoraccounts, + $clustername, + $clusterip, + $filesharewitness, #Format '\\witness.company.local\witness$' + $listenerip, #The IP address used for the availability group listener, in the format 192.168.10.45/255.255.252.0. + $role, ##primary or secondary + $productkey = '', $sqluserdbdir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data', $sqluserdblogdir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data', $sqlbackupdir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Backup', $sqltempdbdir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data', - $sqltempdblogdir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data', - $clusterName, - $clusterIP, - $fileShareWitness, #Format '\\witness.company.local\witness$' - $listenerIP, #The IP address used for the availability group listener, in the format 192.168.10.45/255.255.252.0. - $role, ##primary or secondary + $sqltempdblogdir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data' ) { - #Using $domain fact du get the active directory domain name - $domainName = $domain - contain sqlserveralwayson::serviceaccounts - contain sqlserveralwayson::install - contain sqlserveralwayson::config - contain sqlserveralwayson::clusterconfig - contain sqlserveralwayson::alwaysonconfig + contain sqlserveralwayson::install + contain sqlserveralwayson::config + contain sqlserveralwayson::clusterconfig + contain sqlserveralwayson::alwaysonconfig - Class['::sqlserveralwayson::serviceaccounts'] -> - Class['::sqlserveralwayson::install'] -> - Class['::sqlserveralwayson::config'] -> - Class['::sqlserveralwayson::clusterconfig']-> - Class['::sqlserveralwayson::alwaysonconfig'] + Class['::sqlserveralwayson::serviceaccounts'] + ->Class['::sqlserveralwayson::install'] + ->Class['::sqlserveralwayson::config'] + ->Class['::sqlserveralwayson::clusterconfig'] + ->Class['::sqlserveralwayson::alwaysonconfig'] } diff --git a/manifests/install.pp b/manifests/install.pp index 7282b9c..2cab43d 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -1,27 +1,28 @@ +#Class installing Microsotf SQL Server and required windows roles & features class sqlserveralwayson::install inherits sqlserveralwayson { - #reboot { 'before': - # when => pending, - #} + #reboot { 'before': + # when => pending, + #} - dsc_windowsfeature{'NET-Framework-Core': - dsc_ensure => 'Present', - dsc_name => 'NET-Framework-Core', - dsc_includeallsubfeature => true - } + dsc_windowsfeature{'NET-Framework-Core': + dsc_ensure => 'Present', + dsc_name => 'NET-Framework-Core', + dsc_includeallsubfeature => true + } - dsc_windowsfeature{'NET-Framework-45-Core': - dsc_ensure => 'Present', - dsc_name => 'NET-Framework-45-Core', - dsc_includeallsubfeature => true - } + dsc_windowsfeature{'NET-Framework-45-Core': + dsc_ensure => 'Present', + dsc_name => 'NET-Framework-45-Core', + dsc_includeallsubfeature => true + } - dsc_windowsfeature{'RSAT-AD-PowerShell': + dsc_windowsfeature{'RSAT-AD-PowerShell': dsc_ensure => 'Present', dsc_name => 'RSAT-AD-PowerShell' } - dsc_windowsfeature{'Failover-Clustering': + dsc_windowsfeature{'Failover-Clustering': dsc_ensure => 'Present', dsc_name => 'Failover-Clustering' } @@ -29,61 +30,64 @@ dsc_windowsfeature{'RSATClusteringPowerShell': dsc_ensure => 'Present', dsc_name => 'RSAT-Clustering-PowerShell', - require => [ Dsc_windowsfeature['Failover-Clustering'] ] + require => [ Dsc_windowsfeature['Failover-Clustering'] ] } - #Not working on Windows Server Core edition - #dsc_windowsfeature{'RSATClusteringMgmt': - # dsc_ensure => 'Present', - # dsc_name => 'RSAT-Clustering-Mgmt', - # require => [ Dsc_windowsfeature['Failover-Clustering'] ] - #} - dsc_windowsfeature{'RSATClusteringCmdInterface': dsc_ensure => 'Present', dsc_name => 'RSAT-Clustering-CmdInterface', - require => [ Dsc_windowsfeature['RSATClusteringPowerShell'] ] + require => [ Dsc_windowsfeature['RSATClusteringPowerShell'] ] } - dsc_sqlsetup{ 'InstallSQLDefaultInstance': - dsc_action => 'Install', - dsc_instancename => 'MSSQLSERVER', - dsc_features => 'SQLENGINE,AS', - dsc_sqlcollation => 'SQL_Latin1_General_CP1_CI_AS', - dsc_securitymode => 'SQL', - dsc_sapwd => {'user' => 'sa', 'password' => $sa_password}, - dsc_productkey => $productkey, - dsc_sqlsvcaccount => {'user' => "${domainnetbiosname}\\$sqlservicecredential_username", 'password' => $sqlservicecredential_password}, - dsc_agtsvcaccount => {'user' => "${domainnetbiosname}\\$sqlagentservicecredential_username", 'password' => $sqlagentservicecredential_password}, - dsc_assvcaccount => {'user' => "${domainnetbiosname}\\$sqlservicecredential_username", 'password' => $sqlservicecredential_password}, - dsc_sqlsysadminaccounts => $sqladministratoraccounts, - dsc_assysadminaccounts => $sqladministratoraccounts, - dsc_installshareddir => 'C:\Program Files\Microsoft SQL Server', - dsc_installsharedwowdir => 'C:\Program Files (x86)\Microsoft SQL Server', - dsc_instancedir => 'C:\Program Files\Microsoft SQL Server', - dsc_installsqldatadir => 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data', - dsc_sqluserdbdir => $sqluserdbdir, - dsc_sqluserdblogdir => $sqluserdblogdir, - dsc_sqltempdbdir => $sqltempdbdir, - dsc_sqltempdblogdir => $sqltempdblogdir, - dsc_sqlbackupdir => $sqlbackupdir, - dsc_asconfigdir => 'c:\MSOLAP\Config', - dsc_asdatadir => 'c:\MSOLAP\Data', - dsc_aslogdir => 'c:\MSOLAP\Log', - dsc_asbackupdir => 'c:\MSOLAP\Backup', - dsc_astempdir => 'c:\MSOLAP\Temp', - dsc_sourcepath => $setupdir, - dsc_updateenabled => 'False', - dsc_forcereboot => true, - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => [ Dsc_windowsfeature['NET-Framework-Core'], Dsc_windowsfeature['NET-Framework-45-Core'], Dsc_windowsfeature['Failover-Clustering'] ], - notify => Reboot['after_run'] + dsc_sqlsetup{ 'InstallSQLDefaultInstance': + dsc_action => 'Install', + dsc_instancename => 'MSSQLSERVER', + dsc_features => 'SQLENGINE,AS', + dsc_sqlcollation => 'SQL_Latin1_General_CP1_CI_AS', + dsc_securitymode => 'SQL', + dsc_sapwd => {'user' => 'sa', 'password' => $sqlserveralwayson::sa_password}, + dsc_productkey => $sqlserveralwayson::productkey, + dsc_sqlsvcaccount => { + 'user' => "${facts['domainnetbiosname']}\\${sqlserveralwayson::sqlservicecredential_username}", + 'password' => $sqlserveralwayson::sqlservicecredential_password + }, + dsc_agtsvcaccount => { + 'user' => "${facts['domainnetbiosname']}\\${sqlserveralwayson::sqlagentservicecredential_username}", + 'password' => $sqlserveralwayson::sqlagentservicecredential_password + }, + dsc_assvcaccount => { + 'user' => "${facts['domainnetbiosname']}\\${sqlserveralwayson::sqlservicecredential_username}", + 'password' => $sqlserveralwayson::sqlservicecredential_password + }, + dsc_sqlsysadminaccounts => $sqlserveralwayson::sqladministratoraccounts, + dsc_assysadminaccounts => $sqlserveralwayson::sqladministratoraccounts, + dsc_installshareddir => 'C:\Program Files\Microsoft SQL Server', + dsc_installsharedwowdir => 'C:\Program Files (x86)\Microsoft SQL Server', + dsc_instancedir => 'C:\Program Files\Microsoft SQL Server', + dsc_installsqldatadir => 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data', + dsc_sqluserdbdir => $sqlserveralwayson::sqluserdbdir, + dsc_sqluserdblogdir => $sqlserveralwayson::sqluserdblogdir, + dsc_sqltempdbdir => $sqlserveralwayson::sqltempdbdir, + dsc_sqltempdblogdir => $sqlserveralwayson::sqltempdblogdir, + dsc_sqlbackupdir => $sqlserveralwayson::sqlbackupdir, + dsc_asconfigdir => 'c:\MSOLAP\Config', + dsc_asdatadir => 'c:\MSOLAP\Data', + dsc_aslogdir => 'c:\MSOLAP\Log', + dsc_asbackupdir => 'c:\MSOLAP\Backup', + dsc_astempdir => 'c:\MSOLAP\Temp', + dsc_sourcepath => $sqlserveralwayson::setupdir, + dsc_updateenabled => 'False', + dsc_forcereboot => true, + dsc_psdscrunascredential => {'user' => $sqlserveralwayson::setup_svc_username, 'password' => $sqlserveralwayson::setup_svc_password}, + require => [ + Dsc_windowsfeature['NET-Framework-Core'], + Dsc_windowsfeature['NET-Framework-45-Core'], + Dsc_windowsfeature['Failover-Clustering'] + ], + notify => Reboot['after_run'] } - reboot { 'after_run': - apply => finished, - } - - - + reboot { 'after_run': + apply => finished, + } } diff --git a/manifests/serviceaccounts.pp b/manifests/serviceaccounts.pp index d3f6cff..88ec53c 100644 --- a/manifests/serviceaccounts.pp +++ b/manifests/serviceaccounts.pp @@ -1,38 +1,50 @@ +#Class creating SQL Server and SQL agent service accounts in Active Directory + associated Service Principal Names (SPN) class sqlserveralwayson::serviceaccounts inherits sqlserveralwayson { - #Needed for ActiveDirectory remote management using Powershell - dsc_windowsfeature{ 'RSAT-AD-Powershell': - dsc_ensure => 'Present', - dsc_name => 'RSAT-AD-Powershell' - } + #Needed for ActiveDirectory remote management using Powershell + dsc_windowsfeature{ 'RSAT-AD-Powershell': + dsc_ensure => 'Present', + dsc_name => 'RSAT-AD-Powershell' + } - #SQL service account creation (Active Directory) - dsc_xaduser{'SvcSQLAccount': - dsc_domainname => $domain, - dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - dsc_username => $sqlservicecredential_username, - dsc_password => {'user' => $sqlservicecredential_username, 'password' => $sqlservicecredential_password}, - dsc_ensure => 'Present', - require => Dsc_windowsfeature['RSAT-AD-Powershell'] - } + #SQL service account creation (Active Directory) + dsc_xaduser{'SvcSQLAccount': + dsc_domainname => $facts['domain'], + dsc_domainadministratorcredential => { + 'user' => $sqlserveralwayson::setup_svc_username, + 'password' => $sqlserveralwayson::setup_svc_password + }, + dsc_username => $sqlserveralwayson::sqlservicecredential_username, + dsc_password => { + 'user' => $sqlserveralwayson::sqlservicecredential_username, + 'password' => $sqlserveralwayson::sqlservicecredential_password + }, + dsc_ensure => 'Present', + require => Dsc_windowsfeature['RSAT-AD-Powershell'] + } - #Configure MSSQLSvc SPN on SQL service account - dsc_xadserviceprincipalname{'SvcSQLSPN': - dsc_account => $sqlservicecredential_username, - dsc_serviceprincipalname => "MSSQLSvc/${fqdn}", - dsc_ensure => present, - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => Dsc_xaduser['SvcSQLAccount'] - } - - #SQL Agent service account creation (Active Directory) - dsc_xaduser{'SvcSQLAgentAccount': - dsc_domainname => $domain, - dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - dsc_username => $sqlagentservicecredential_username, - dsc_password => {'user' => $sqlagentservicecredential_username, 'password' => $sqlagentservicecredential_password}, - dsc_ensure => 'Present', - require => Dsc_windowsfeature['RSAT-AD-Powershell'] - } + #Configure MSSQLSvc SPN on SQL service account + dsc_xadserviceprincipalname{'SvcSQLSPN': + dsc_account => $sqlserveralwayson::sqlservicecredential_username, + dsc_serviceprincipalname => "MSSQLSvc/${facts['fqdn']}", + dsc_ensure => present, + dsc_psdscrunascredential => {'user' => $sqlserveralwayson::setup_svc_username, 'password' => $sqlserveralwayson::setup_svc_password}, + require => Dsc_xaduser['SvcSQLAccount'] + } + #SQL Agent service account creation (Active Directory) + dsc_xaduser{'SvcSQLAgentAccount': + dsc_domainname => $facts['domain'], + dsc_domainadministratorcredential => { + 'user' => $sqlserveralwayson::setup_svc_username, + 'password' => $sqlserveralwayson::setup_svc_password + }, + dsc_username => $sqlserveralwayson::sqlagentservicecredential_username, + dsc_password => { + 'user' => $sqlserveralwayson::sqlagentservicecredential_username, + 'password' => $sqlserveralwayson::sqlagentservicecredential_password + }, + dsc_ensure => 'Present', + require => Dsc_windowsfeature['RSAT-AD-Powershell'] + } } diff --git a/metadata.json b/metadata.json index 9668ed8..40a1776 100644 --- a/metadata.json +++ b/metadata.json @@ -29,6 +29,7 @@ } ], "source": "https://virtualdesktopdevops.github.io/sqlserveralwayson/", + "issues_url": "https://github.com/virtualdesktopdevops/sqlserveralwayson/issues", "summary": "Microsoft SQL Server puppet module with AlwaysOn clustering features", "tags": [ "powershell",