diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..01d0a08 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +pkg/ diff --git a/.pmtignore b/.pmtignore new file mode 100644 index 0000000..3b056e1 --- /dev/null +++ b/.pmtignore @@ -0,0 +1,5 @@ +pkg/ +tests/ +assets/ +_config.yml +.fixtures.yml diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..ec9782f --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog - sqlserveralwayson # + +## Version 2.0.0 +- **BREAKING CHANGE** : Require puppetlabs/dsc compiled with SQLServerDSC >= 10.0.0.0 +- **BREAKING CHANGE** : Changed $sqlservicecredential_username and $sqlagentservicecredential_username format. User accounts now required **WITHOUT** Netbios Domain Name prefix. +- **BREAKING CHANGE** : Removed $domainName class parameter. Used facts instead. +- **BREAKING CHANGE** : Removed $domainNetbiosName class parameter. Used custom fact instead. +- Changed database availability mode to SynchronousCommit + + +## Version 1.1.0 +- Module compatible with xSQLServer <= 9.0.0.0 + +## Version 1.0.0 +- Initial release diff --git a/README.markdown b/README.markdown index ad03006..26097d4 100644 --- a/README.markdown +++ b/README.markdown @@ -1,6 +1,6 @@ # sqlserveralwayson # -This modules install a fully working SQL Server AlwaysOn cluster. It has been designed to install both primary replica nodes with the following features : +This modules installs a fully working Microsoft SQL Server AlwaysOn cluster. It has been designed to install both primary replica nodes with the following features : - SPN creation on sql service account (service account not yet created by this module, schedulded in next release) - SQL server installation and initial configuration (MaxDop Firewall, Memory, Admin rights, ...) - Failover cluster creation (primary node) or join (replica node) with File Share witness @@ -12,7 +12,9 @@ The default MSSQLSERVER SQL Server instance is created during installation. This The database failover mecanism integrated in this module is SQL Server AlwaysOn. -The module can be installed on a Standard, Datacenter, or Core version of Windows 2012R2 or Windows 2016. +The module can be installed on a Standard, Datacenter, Core version of Windows 2012R2 or Windows 2016. + +**BREAKING CHANGE :** This module requires puppetlabs/dsc compiled with SQLServerDSC >= 10.0.0.0 ## Usage - **setup_svc_username** : (string) Privileged account used by Puppet for installing the software and creating the failover cluster (spn creation, computer registration, local administrator privilèges needed) @@ -20,9 +22,9 @@ The module can be installed on a Standard, Datacenter, or Core version of Window - **setupdir** : (string) Path of a folder containing the SQL Server installer (unarchive the ISO image in this folder). - **sa_password** : (string) SQL Server SA password for mixed mode SQL authentication configuration. - **productkey** : (string)(optionnal) Product key for licensed installations. -- **sqlservicecredential_username** : (String) Service account for the SQL service +- **sqlservicecredential_username** : (String) Domain service account for the SQL service **WITHOUT** Netbios Domain Name prefix. The account will be automatically created in Active Directory by the module. MSSQLSvc/fqdn_of_sql_server_node SPN will be associated with the service account. - **sqlservicecredential_password** : (String) : Password of the service account for the SQL service. Should be encrypted with hiera-eyaml. -- **sqlagentservicecredential_username** : (String) Service account for the SQL Agent service +- **sqlagentservicecredential_username** : (String) Domain service account for the SQL Agent service **WITHOUT** Netbios Domain Name prefix. The account will be automatically created in Active Directory by the module. - **sqlagentservicecredential_password** : (String) Password of the service account for the SQL Agent service. Should be encrypted with hiera-eyaml. - **sqladministratoraccounts** : (String[] Array) : Array of accounts to be made SQL administrators. - **sqluserdbdir** : (String)(optionnal) Path for SQL database files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data' @@ -35,7 +37,6 @@ The module can be installed on a Standard, Datacenter, or Core version of Window - **fileShareWitness** : (String) Fileshare witness UNC path in the format'\\witness.company.local\witness$'. Needs to be writable by SQL nodes. - **listenerIP** : (String) The IP address used for the availability group listener, in the format 192.168.10.45/255.255.252.0. - **role** : (String) Needs to be 'primary' for primary SQL nodes or 'secondary' for SQL replica nodes -- **domainNetbiosName** : (String) Active Directory domain NETBIOS name ## Installing a Microsoft SQL Server AlwaysOn cluster @@ -61,17 +62,16 @@ node 'SQL01' { setupdir=>'\\fileserver.local\SQLServer2012.en', sa_password=>'P@ssw0rd', productkey => 'key-key-key', - sqlservicecredential_username => 'DOMAIN-TEST\svc-sql-puppet', + sqlservicecredential_username => 'svc-sql-puppet', sqlservicecredential_password=>'P@ssw0rd', - sqlagentservicecredential_username => 'DOMAIN-TEST\svc-sql-puppet', + sqlagentservicecredential_username => 'svc-sql-puppet', sqlagentservicecredential_password => 'P@ssw0rd', sqladministratoraccounts => [ 'DOMAIN-TEST\svc-puppet', 'DOMAIN-TEST\Administrator' ], clusterName => 'CLDB01', clusterIP => '192.168.1.60', fileShareWitness=> '\\192.168.1.10\quorum', listenerIP => '192.168.1.61/255.255.255.0', - role => 'primary', - domainNetbiosName => 'DOMAIN-TEST' + role => 'primary' } } @@ -83,17 +83,16 @@ node 'SQL02' { setupdir=>'\\fileserver.local\SQLServer2012.en', sa_password=>'P@ssw0rd', productkey => 'key-key-key', - sqlservicecredential_username => 'DOMAIN-TEST\svc-sql-puppet', + sqlservicecredential_username => 'svc-sql-puppet', sqlservicecredential_password=>'P@ssw0rd', - sqlagentservicecredential_username => 'DOMAIN-TEST\svc-sql-puppet', + sqlagentservicecredential_username => 'svc-sql-puppet', sqlagentservicecredential_password => 'P@ssw0rd', sqladministratoraccounts => [ 'DOMAIN-TEST\svc-puppet', 'DOMAIN-TEST\Administrator' ], clusterName => 'CLDB01', clusterIP => '192.168.1.60', fileShareWitness=> '\\192.168.1.10\quorum', listenerIP => '192.168.1.61/255.255.255.0', - role => 'secondary', - domainNetbiosName => 'DOMAIN-TEST' + role => 'secondary' } } diff --git a/files/checkspn.ps1 b/files/checkspn.ps1 deleted file mode 100644 index 2841529..0000000 --- a/files/checkspn.ps1 +++ /dev/null @@ -1,9 +0,0 @@ -Param( - [string]$spn, - [string]$serviceaccount -) - -if( (setspn -l $serviceaccount | Select-String $spn).count -gt 0) { - echo 'SPN already registered for the target service account' - exit 1 -} \ No newline at end of file diff --git a/files/setspn.ps1 b/files/setspn.ps1 deleted file mode 100644 index eb982de..0000000 --- a/files/setspn.ps1 +++ /dev/null @@ -1,6 +0,0 @@ -Param( - [string]$spn, - [string]$serviceaccount -) - -setspn -S $spn $serviceaccount diff --git a/lib/facter/domainnetbiosname.rb b/lib/facter/domainnetbiosname.rb new file mode 100644 index 0000000..13625c3 --- /dev/null +++ b/lib/facter/domainnetbiosname.rb @@ -0,0 +1,15 @@ +#https://puppet.com/blog/starting-out-writing-custom-facts-windows +Facter.add('domainnetbiosname') do + confine :osfamily => :windows + setcode do + begin + require 'win32ole' + dnsforestname = Facter.value(:domain) + wmi = WIN32OLE.connect("winmgmts:\\\\.\\root\\cimv2") + win32ntdomain = wmi.ExecQuery("SELECT * FROM Win32_NTDomain WHERE DnsForestName='#{dnsforestname}'").each.first + win32ntdomain.DomainName + rescue + nil + end + end +end diff --git a/manifests/alwaysonconfig.pp b/manifests/alwaysonconfig.pp index 53afc7f..597235d 100644 --- a/manifests/alwaysonconfig.pp +++ b/manifests/alwaysonconfig.pp @@ -1,90 +1,91 @@ class sqlserveralwayson::alwaysonconfig inherits sqlserveralwayson { - + #Enable AlwaysOn on MSSQL service - dsc_xsqlserveralwaysonservice{'EnableAlwaysOn': + dsc_sqlalwaysonservice{'EnableAlwaysOn': dsc_ensure => 'Present', - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', dsc_restarttimeout => 15, dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} }-> - + # Adding the required service account to allow the cluster to log into SQL - dsc_xsqlserverlogin{'AddNTServiceClusSvc': + dsc_sqlserverlogin{'AddNTServiceClusSvc': dsc_ensure => 'Present', dsc_name => 'NT SERVICE\ClusSvc', dsc_logintype => 'WindowsUser', - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} }-> # Add the required permissions to the cluster service login - dsc_xsqlserverpermission{'AddNTServiceClusSvcPermissions': + dsc_sqlserverpermission{'AddNTServiceClusSvcPermissions': dsc_ensure => 'Present', - dsc_nodename => $hostname, + dsc_servername => $hostname, dsc_instancename => 'MSSQLSERVER', dsc_principal => 'NT SERVICE\ClusSvc', dsc_permission => ['AlterAnyAvailabilityGroup', 'ViewServerState'], dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} }-> - dsc_xsqlserverendpoint{'SQLServerEndpoint': + dsc_sqlserverendpoint{'SQLServerEndpoint': dsc_endpointname => 'HADR', dsc_ensure => 'Present', dsc_port => '5022', - dsc_sqlserver => $fqdn, - dsc_sqlinstancename => 'MSSQLSERVER', + dsc_servername => $fqdn, + dsc_instancename => 'MSSQLSERVER', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - } - - dsc_xsqlserverendpointpermission{'SQLConfigureEndpointPermission': + }-> + + dsc_sqlserverendpointpermission{'SQLConfigureEndpointPermission': dsc_ensure => 'Present', - dsc_nodename => $hostname, + dsc_servername => $hostname, dsc_instancename => 'MSSQLSERVER', dsc_name => 'HADR', - dsc_principal => $sqlservicecredential_username, + dsc_principal => "${domainnetbiosname}\\$sqlservicecredential_username", dsc_permission => 'CONNECT', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } - + if ( $role == 'primary' ) { # Create the availability group on the instance tagged as the primary replica - dsc_xsqlserveralwaysonavailabilitygroup{'CreateSQLAvailabilityGroup': + dsc_sqlag{'CreateSQLAvailabilityGroup': dsc_ensure => 'Present', dsc_name => $clusterName, - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', + dsc_availabilitymode => 'SynchronousCommit', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => [ Dsc_xsqlserveralwaysonservice['EnableAlwaysOn'] , Dsc_xsqlserverendpoint['SQLServerEndpoint'] ] + require => [ Dsc_sqlalwaysonservice['EnableAlwaysOn'] , Dsc_sqlserverendpoint['SQLServerEndpoint'] ] } - - dsc_xsqlserveravailabilitygrouplistener{'AvailabilityGroupListener': + + dsc_sqlaglistener{'AvailabilityGroupListener': dsc_ensure => 'Present', - dsc_nodename => $fqdn, + dsc_servername => $fqdn, dsc_instancename => 'MSSQLSERVER', dsc_availabilitygroup => $clusterName, dsc_name => "${clusterName}LI", dsc_ipaddress => $listenerIP, dsc_port => 1433, dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => [ Dsc_xsqlserveralwaysonavailabilitygroup['CreateSQLAvailabilityGroup'] ] + require => [ Dsc_sqlag['CreateSQLAvailabilityGroup'] ] } - + } else { - - dsc_xsqlserveralwaysonavailabilitygroupreplica{'SQLAvailabilityGroupAddReplica': + + dsc_sqlagreplica{'SQLAvailabilityGroupAddReplica': dsc_ensure => 'Present', dsc_name => $hostname, dsc_availabilitygroupname => $clusterName, - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', - dsc_primaryreplicasqlserver => $clusterName, - dsc_primaryreplicasqlinstancename => 'MSSQLSERVER', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', + dsc_primaryreplicaservername => $clusterName, + dsc_primaryreplicainstancename => 'MSSQLSERVER', dsc_endpointhostname => $hostname, dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => [ Dsc_xsqlserveralwaysonservice['EnableAlwaysOn'] , Dsc_xsqlserverendpoint['SQLServerEndpoint'] ] + require => [ Dsc_sqlalwaysonservice['EnableAlwaysOn'] , Dsc_sqlserverendpoint['SQLServerEndpoint'] ] } } } diff --git a/manifests/clusterconfig.pp b/manifests/clusterconfig.pp index dbd460f..032b29b 100644 --- a/manifests/clusterconfig.pp +++ b/manifests/clusterconfig.pp @@ -1,35 +1,35 @@ class sqlserveralwayson::clusterconfig inherits sqlserveralwayson { - + if ( $role == 'primary' ) { - #Failover cluster creation - dsc_xcluster{'CreateFailoverCluster': - dsc_name => $clusterName, - dsc_staticipaddress => $clusterIP, - dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - } - - #File share whitness configuration - #Warning, bug https://github.com/PowerShell/xFailOverCluster/issues/35 on Windows 2016 - dsc_xclusterquorum{'SetQuorumToNodeAndDiskMajority': - dsc_issingleinstance => 'Yes', - dsc_type => 'NodeAndFileShareMajority', - dsc_resource => $fileShareWitness, - require => Dsc_xcluster['CreateFailoverCluster'] - } - - } - else { - dsc_xwaitforcluster{'SecondaryReplicaWaitForCluster': - dsc_name => $clusterName, - dsc_retryintervalsec => 10, + #Failover cluster creation + dsc_xcluster{'CreateFailoverCluster': + dsc_name => $clusterName, + dsc_staticipaddress => $clusterIP, + dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + } + + #File share whitness configuration + #Warning, bug https://github.com/PowerShell/xFailOverCluster/issues/35 on Windows 2016 + dsc_xclusterquorum{'SetQuorumToNodeAndDiskMajority': + dsc_issingleinstance => 'Yes', + dsc_type => 'NodeAndFileShareMajority', + dsc_resource => $fileShareWitness, + require => Dsc_xcluster['CreateFailoverCluster'] + } + + } + else { + dsc_xwaitforcluster{'SecondaryReplicaWaitForCluster': + dsc_name => $clusterName, + dsc_retryintervalsec => 10, dsc_retrycount => 6 - } - - dsc_xcluster{'JoinCluster': - dsc_name => $clusterName, + } + + dsc_xcluster{'JoinCluster': + dsc_name => $clusterName, dsc_staticipaddress => $clusterIP, dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, require => Dsc_xwaitforcluster['SecondaryReplicaWaitForCluster'] } - } -} \ No newline at end of file + } +} diff --git a/manifests/config.pp b/manifests/config.pp index 5a4b07a..d650f0f 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,81 +1,80 @@ class sqlserveralwayson::config inherits sqlserveralwayson { - - #Network configuration - dsc_xsqlservernetwork{ 'ConfigureSQLNetwork': - dsc_instancename => 'MSSQLSERVER', - dsc_protocolname => "tcp", - dsc_isenabled => true, - dsc_tcpport => '1433', - dsc_restartservice => true + + #Network configuration + dsc_sqlservernetwork{ 'ConfigureSQLNetwork': + dsc_instancename => 'MSSQLSERVER', + dsc_protocolname => "tcp", + dsc_isenabled => true, + dsc_tcpport => '1433', + dsc_restartservice => true } - + #Windows Firewall configuration - dsc_xsqlserverfirewall{'CreateFirewallRules': - dsc_ensure => 'Present', - dsc_features => 'SQLENGINE,AS', - dsc_instancename => 'MSSQLSERVER', - dsc_sourcepath => $setupdir, - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + dsc_sqlwindowsfirewall{'CreateFirewallRules': + dsc_ensure => 'Present', + dsc_features => 'SQLENGINE,AS', + dsc_instancename => 'MSSQLSERVER', + dsc_sourcepath => $setupdir, + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } - + #Disable UAC - #dsc_xuac{'UACNeverNotifyAndDisableAll': - # dsc_setting => 'NeverNotifyAndDisableAll' - #} - + #dsc_xuac{'UACNeverNotifyAndDisableAll': + # dsc_setting => 'NeverNotifyAndDisableAll' + #} + #Admin access configuration - dsc_xsqlserverlogin{'DomainAdminsLogin': - dsc_ensure => 'Present', - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', - dsc_name => "${domainNetbiosName}\\Domain Admins", - dsc_logintype => 'WindowsGroup', - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + dsc_sqlserverlogin{'DomainAdminsLogin': + dsc_ensure => 'Present', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', + dsc_name => "${domainnetbiosname}\\Domain Admins", + dsc_logintype => 'WindowsGroup', + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } - - dsc_xsqlserverrole{'AddDomainAdminsSQLSysadmin': - dsc_ensure => 'Present', - dsc_serverrolename => 'sysadmin', - dsc_memberstoinclude => "${domainNetbiosName}\\Domain Admins", - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', - require => Dsc_xsqlserverlogin['DomainAdminsLogin'], - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + + dsc_sqlserverrole{'AddDomainAdminsSQLSysadmin': + dsc_ensure => 'Present', + dsc_serverrolename => 'sysadmin', + dsc_memberstoinclude => "${domainnetbiosname}\\Domain Admins", + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', + require => Dsc_sqlserverlogin['DomainAdminsLogin'], + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } - + #Service account access configuration. Mandatory for AlwaysOn replica login capability on HADR server endpoint - dsc_xsqlserverlogin{'ServiceAccountLogin': - dsc_ensure => 'Present', - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', - dsc_name => $sqlservicecredential_username, - dsc_logintype => 'WindowsUser', - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - } - + dsc_sqlserverlogin{'ServiceAccountLogin': + dsc_ensure => 'Present', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', + dsc_name => "${domainnetbiosname}\\$sqlservicecredential_username", + dsc_logintype => 'WindowsUser', + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + } + #User rights configuration dsc_userrightsassignment{ 'PerformVolumeMaintenanceTasks': - dsc_policy => 'Perform_volume_maintenance_tasks', - dsc_identity => 'Builtin\Administrators' + dsc_policy => 'Perform_volume_maintenance_tasks', + dsc_identity => 'Builtin\Administrators' } - dsc_userrightsassignment{ 'LockPagesInMemory': - dsc_policy => 'Lock_pages_in_memory', - dsc_identity => 'Builtin\Administrators' + dsc_userrightsassignment{ 'LockPagesInMemory': + dsc_policy => 'Lock_pages_in_memory', + dsc_identity => 'Builtin\Administrators' } - - #Performances configuration - dsc_xsqlservermaxdop{ 'SetMAXDOP': - dsc_sqlserver => 'localhost', - dsc_sqlinstancename => 'MSSQLSERVER', - dsc_maxdop => 0 + + #Performances configuration + dsc_sqlservermaxdop{ 'SetMAXDOP': + dsc_servername => 'localhost', + dsc_instancename => 'MSSQLSERVER', + dsc_maxdop => 0 } - - #xSQLServerMemory SetMAXDOP - #{ - #SQLInstanceName = $Configuration.InstallSQL.InstanceName - #DependsOn = "[xSqlServerSetup]InstallSQL" - #MaxMemory = $MAXMemory - #DynamicAlloc = $False + + #xSQLServerMemory SetMAXDOP{ + #SQLInstanceName = $Configuration.InstallSQL.InstanceName + #DependsOn = "[xSqlServerSetup]InstallSQL" + #MaxMemory = $MAXMemory + #DynamicAlloc = $False #} -} \ No newline at end of file +} diff --git a/manifests/domainconfig.pp b/manifests/domainconfig.pp deleted file mode 100644 index b7f58db..0000000 --- a/manifests/domainconfig.pp +++ /dev/null @@ -1,13 +0,0 @@ -class sqlserveralwayson::domainconfig inherits sqlserveralwayson { - - #Create SQL Server Organizaational Unit - dsc_xADOrganizationalUnit{ 'OrgUnitCITRIX': - dsc_name => 'SQL Server', - #Specified the X500 (DN) path of the organizational unit's parent object. - dsc_path => $domainbasedn, - dsc_description => "SQL Server", - dsc_protectedfromaccidentaldeletion => true, - dsc_ensure => 'present' - #Credential: User account credentials used to perform the operation (optional). Note: if not running on a domain controller, this is required. - } -} \ No newline at end of file diff --git a/manifests/init.pp b/manifests/init.pp index 9022726..dc86356 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -28,19 +28,20 @@ $sqltempdblogdir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data', $clusterName, $clusterIP, - $fileShareWitness, #Format '\\witness.company.local\witness$' + $fileShareWitness, #Format '\\witness.company.local\witness$' $listenerIP, #The IP address used for the availability group listener, in the format 192.168.10.45/255.255.252.0. $role, ##primary or secondary - $domainName, - $domainNetbiosName - ) + ) { + #Using $domain fact du get the active directory domain name + $domainName = $domain + contain sqlserveralwayson::serviceaccounts contain sqlserveralwayson::install contain sqlserveralwayson::config contain sqlserveralwayson::clusterconfig contain sqlserveralwayson::alwaysonconfig - + Class['::sqlserveralwayson::serviceaccounts'] -> Class['::sqlserveralwayson::install'] -> Class['::sqlserveralwayson::config'] -> diff --git a/manifests/install.pp b/manifests/install.pp index 3166bdd..7282b9c 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -3,19 +3,19 @@ #reboot { 'before': # when => pending, #} - + dsc_windowsfeature{'NET-Framework-Core': dsc_ensure => 'Present', dsc_name => 'NET-Framework-Core', dsc_includeallsubfeature => true } - + dsc_windowsfeature{'NET-Framework-45-Core': dsc_ensure => 'Present', dsc_name => 'NET-Framework-45-Core', dsc_includeallsubfeature => true } - + dsc_windowsfeature{'RSAT-AD-PowerShell': dsc_ensure => 'Present', dsc_name => 'RSAT-AD-PowerShell' @@ -25,39 +25,37 @@ dsc_ensure => 'Present', dsc_name => 'Failover-Clustering' } - + dsc_windowsfeature{'RSATClusteringPowerShell': dsc_ensure => 'Present', dsc_name => 'RSAT-Clustering-PowerShell', require => [ Dsc_windowsfeature['Failover-Clustering'] ] } - + #Not working on Windows Server Core edition #dsc_windowsfeature{'RSATClusteringMgmt': # dsc_ensure => 'Present', # dsc_name => 'RSAT-Clustering-Mgmt', # require => [ Dsc_windowsfeature['Failover-Clustering'] ] #} - + dsc_windowsfeature{'RSATClusteringCmdInterface': dsc_ensure => 'Present', dsc_name => 'RSAT-Clustering-CmdInterface', require => [ Dsc_windowsfeature['RSATClusteringPowerShell'] ] } - - dsc_xsqlserversetup{ 'InstallSQLDefaultInstance': + + dsc_sqlsetup{ 'InstallSQLDefaultInstance': dsc_action => 'Install', dsc_instancename => 'MSSQLSERVER', - #dsc_failoverclusternetworkname => $clusterFQDN, - #dsc_failoverclusteripaddress => $clusterIP, dsc_features => 'SQLENGINE,AS', dsc_sqlcollation => 'SQL_Latin1_General_CP1_CI_AS', dsc_securitymode => 'SQL', dsc_sapwd => {'user' => 'sa', 'password' => $sa_password}, dsc_productkey => $productkey, - dsc_sqlsvcaccount => {'user' => $sqlservicecredential_username, 'password' => $sqlservicecredential_password}, - dsc_agtsvcaccount => {'user' => $sqlagentservicecredential_username, 'password' => $sqlagentservicecredential_password}, - dsc_assvcaccount => {'user' => $sqlservicecredential_username, 'password' => $sqlservicecredential_password}, + dsc_sqlsvcaccount => {'user' => "${domainnetbiosname}\\$sqlservicecredential_username", 'password' => $sqlservicecredential_password}, + dsc_agtsvcaccount => {'user' => "${domainnetbiosname}\\$sqlagentservicecredential_username", 'password' => $sqlagentservicecredential_password}, + dsc_assvcaccount => {'user' => "${domainnetbiosname}\\$sqlservicecredential_username", 'password' => $sqlservicecredential_password}, dsc_sqlsysadminaccounts => $sqladministratoraccounts, dsc_assysadminaccounts => $sqladministratoraccounts, dsc_installshareddir => 'C:\Program Files\Microsoft SQL Server', @@ -81,11 +79,11 @@ require => [ Dsc_windowsfeature['NET-Framework-Core'], Dsc_windowsfeature['NET-Framework-45-Core'], Dsc_windowsfeature['Failover-Clustering'] ], notify => Reboot['after_run'] } - + reboot { 'after_run': apply => finished, } - - -} \ No newline at end of file + + +} diff --git a/manifests/serviceaccounts.pp b/manifests/serviceaccounts.pp index 28246c8..d3f6cff 100644 --- a/manifests/serviceaccounts.pp +++ b/manifests/serviceaccounts.pp @@ -1,37 +1,38 @@ class sqlserveralwayson::serviceaccounts inherits sqlserveralwayson { - #Needed for ActiveDirectory remote management using Powershell + + #Needed for ActiveDirectory remote management using Powershell dsc_windowsfeature{ 'RSAT-AD-Powershell': - dsc_ensure => 'Present', - dsc_name => 'RSAT-AD-Powershell' + dsc_ensure => 'Present', + dsc_name => 'RSAT-AD-Powershell' } - + #SQL service account creation (Active Directory) dsc_xaduser{'SvcSQLAccount': - dsc_domainname => $domainName, + dsc_domainname => $domain, dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, dsc_username => $sqlservicecredential_username, dsc_password => {'user' => $sqlservicecredential_username, 'password' => $sqlservicecredential_password}, dsc_ensure => 'Present', require => Dsc_windowsfeature['RSAT-AD-Powershell'] } - + #Configure MSSQLSvc SPN on SQL service account - dsc_xadserviceprincipalname{'SvcSQLSPN': - dsc_account => $sqlservicecredential_username, - dsc_serviceprincipalname => "MSSQLSvc/${fqdn}", - dsc_ensure => present, - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => Dsc_xaduser['SvcSQLAccount'] - } - + dsc_xadserviceprincipalname{'SvcSQLSPN': + dsc_account => $sqlservicecredential_username, + dsc_serviceprincipalname => "MSSQLSvc/${fqdn}", + dsc_ensure => present, + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, + require => Dsc_xaduser['SvcSQLAccount'] + } + #SQL Agent service account creation (Active Directory) - dsc_xaduser{'SvcSQLAgentAccount': - dsc_domainname => $domainName, - dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - dsc_username => $sqlagentservicecredential_username, - dsc_password => {'user' => $sqlagentservicecredential_username, 'password' => $sqlagentservicecredential_password}, - dsc_ensure => 'Present', - require => Dsc_windowsfeature['RSAT-AD-Powershell'] - } - -} \ No newline at end of file + dsc_xaduser{'SvcSQLAgentAccount': + dsc_domainname => $domain, + dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, + dsc_username => $sqlagentservicecredential_username, + dsc_password => {'user' => $sqlagentservicecredential_username, 'password' => $sqlagentservicecredential_password}, + dsc_ensure => 'Present', + require => Dsc_windowsfeature['RSAT-AD-Powershell'] + } + +} diff --git a/manifests/spn.pp b/manifests/spn.pp deleted file mode 100644 index 6e4b5c9..0000000 --- a/manifests/spn.pp +++ /dev/null @@ -1,29 +0,0 @@ -class sqlserveralwayson::spn inherits sqlserveralwayson { - #Create local certificates directory to store powershell scripts - - dsc_file{ 'ScriptsDirectory': - dsc_destinationpath => 'C:\Scripts', - dsc_type => 'Directory', - dsc_ensure => 'Present' - } - - #Download SPN creation script - file{ "C:\\Scripts\\setspn.ps1": - source => 'puppet:///modules/sqlserveralwayson/setspn.ps1', - source_permissions => ignore, - require => Dsc_file['ScriptsDirectory'] - }-> - - #Download SPN verification script - file{ "C:\\Scripts\\checkspn.ps1": - source => 'puppet:///modules/sqlserveralwayson/checkspn.ps1', - source_permissions => ignore, - require => Dsc_file['ScriptsDirectory'] - }-> - - exec { 'CreateSPN': - command => "& C:\\Scripts\\setspn.ps1 -spn 'MSSQLSvc/${fqdn}' -serviceaccount ${sqlservicecredential_username}", - onlyif => " & C:\\Scripts\\checkspn.ps1 -spn 'MSSQLSvc/${fqdn}' -serviceaccount ${sqlservicecredential_username}", - provider => powershell - } -} \ No newline at end of file diff --git a/metadata.json b/metadata.json index 1fb72cb..9668ed8 100644 --- a/metadata.json +++ b/metadata.json @@ -1,17 +1,17 @@ { - "author": "citrixdeployment", + "author": "virtualdesktopdevops", "dependencies": [ - { - "name": "puppetlabs/powershell", + { + "name": "puppetlabs/powershell", "version_requirement": ">= 1.0.3" }, - { - "name": "puppetlabs/dsc", - "version_requirement": ">= 1.4.0" + { + "name": "puppetlabs/dsc", + "version_requirement": ">= 1.5.0" } ], "license": "Apache-2.0", - "name": "citrixdeployment-sqlserveralwayson", + "name": "virtualdesktopdevops-sqlserveralwayson", "operatingsystem_support": [ { "operatingsystem": "windows", @@ -21,21 +21,23 @@ ] } ], - "project_page": "https://www.citrixdeployment.com", + "project_page": "http://www.virtualdesktopdevops.com/", "requirements": [ { "name": "puppet", "version_requirement": ">= 3.8.0 < 6.0.0" } ], - "source": "https://www.citrixdeployment.com", - "summary": "SQL Server deployment with AlwaysOn clustering features", + "source": "https://virtualdesktopdevops.github.io/sqlserveralwayson/", + "summary": "Microsoft SQL Server puppet module with AlwaysOn clustering features", "tags": [ "powershell", "dsc", "sql-server", + "microsoft", + "cluster", "alwayson", "sql" ], - "version": "1.0.0" -} \ No newline at end of file + "version": "2.0.0" +}