From fee8d798b8cd7c5998966f52cd446436772209c5 Mon Sep 17 00:00:00 2001 From: matt6697 <32440697+matt6697@users.noreply.github.com> Date: Mon, 8 Jan 2018 08:02:18 +0100 Subject: [PATCH 01/13] Removed deprecated files used to register SPN (now done with xActiveDirectory) --- files/checkspn.ps1 | 9 --------- files/setspn.ps1 | 6 ------ manifests/spn.pp | 29 ----------------------------- 3 files changed, 44 deletions(-) delete mode 100644 files/checkspn.ps1 delete mode 100644 files/setspn.ps1 delete mode 100644 manifests/spn.pp diff --git a/files/checkspn.ps1 b/files/checkspn.ps1 deleted file mode 100644 index 2841529..0000000 --- a/files/checkspn.ps1 +++ /dev/null @@ -1,9 +0,0 @@ -Param( - [string]$spn, - [string]$serviceaccount -) - -if( (setspn -l $serviceaccount | Select-String $spn).count -gt 0) { - echo 'SPN already registered for the target service account' - exit 1 -} \ No newline at end of file diff --git a/files/setspn.ps1 b/files/setspn.ps1 deleted file mode 100644 index eb982de..0000000 --- a/files/setspn.ps1 +++ /dev/null @@ -1,6 +0,0 @@ -Param( - [string]$spn, - [string]$serviceaccount -) - -setspn -S $spn $serviceaccount diff --git a/manifests/spn.pp b/manifests/spn.pp deleted file mode 100644 index 6e4b5c9..0000000 --- a/manifests/spn.pp +++ /dev/null @@ -1,29 +0,0 @@ -class sqlserveralwayson::spn inherits sqlserveralwayson { - #Create local certificates directory to store powershell scripts - - dsc_file{ 'ScriptsDirectory': - dsc_destinationpath => 'C:\Scripts', - dsc_type => 'Directory', - dsc_ensure => 'Present' - } - - #Download SPN creation script - file{ "C:\\Scripts\\setspn.ps1": - source => 'puppet:///modules/sqlserveralwayson/setspn.ps1', - source_permissions => ignore, - require => Dsc_file['ScriptsDirectory'] - }-> - - #Download SPN verification script - file{ "C:\\Scripts\\checkspn.ps1": - source => 'puppet:///modules/sqlserveralwayson/checkspn.ps1', - source_permissions => ignore, - require => Dsc_file['ScriptsDirectory'] - }-> - - exec { 'CreateSPN': - command => "& C:\\Scripts\\setspn.ps1 -spn 'MSSQLSvc/${fqdn}' -serviceaccount ${sqlservicecredential_username}", - onlyif => " & C:\\Scripts\\checkspn.ps1 -spn 'MSSQLSvc/${fqdn}' -serviceaccount ${sqlservicecredential_username}", - provider => powershell - } -} \ No newline at end of file From e799327a5bf7f70fe7e96e2e595778e54fd508aa Mon Sep 17 00:00:00 2001 From: matt6697 <32440697+matt6697@users.noreply.github.com> Date: Mon, 8 Jan 2018 08:29:59 +0100 Subject: [PATCH 02/13] Module updated to SQLServerDSC = 10.0.0.0 --- README.markdown | 2 ++ manifests/alwaysonconfig.pp | 68 ++++++++++++++++++------------------- manifests/config.pp | 52 ++++++++++++++-------------- manifests/install.pp | 26 +++++++------- 4 files changed, 74 insertions(+), 74 deletions(-) diff --git a/README.markdown b/README.markdown index ad03006..f1094a6 100644 --- a/README.markdown +++ b/README.markdown @@ -14,6 +14,8 @@ The database failover mecanism integrated in this module is SQL Server AlwaysOn. The module can be installed on a Standard, Datacenter, or Core version of Windows 2012R2 or Windows 2016. +**BREAKING CHANGE :** This module requires puppetlabs/dsc compiled with SQLServerDSC = 10.0.0.0 + ## Usage - **setup_svc_username** : (string) Privileged account used by Puppet for installing the software and creating the failover cluster (spn creation, computer registration, local administrator privilèges needed) - **setup_svc_password** : (string) Password of the privileged account. Should be encrypted with hiera-eyaml. diff --git a/manifests/alwaysonconfig.pp b/manifests/alwaysonconfig.pp index 53afc7f..4db1bca 100644 --- a/manifests/alwaysonconfig.pp +++ b/manifests/alwaysonconfig.pp @@ -1,90 +1,90 @@ class sqlserveralwayson::alwaysonconfig inherits sqlserveralwayson { - + #Enable AlwaysOn on MSSQL service - dsc_xsqlserveralwaysonservice{'EnableAlwaysOn': + dsc_sqlalwaysonservice{'EnableAlwaysOn': dsc_ensure => 'Present', - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', dsc_restarttimeout => 15, dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} }-> - + # Adding the required service account to allow the cluster to log into SQL - dsc_xsqlserverlogin{'AddNTServiceClusSvc': + dsc_sqlserverlogin{'AddNTServiceClusSvc': dsc_ensure => 'Present', dsc_name => 'NT SERVICE\ClusSvc', dsc_logintype => 'WindowsUser', - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} }-> # Add the required permissions to the cluster service login - dsc_xsqlserverpermission{'AddNTServiceClusSvcPermissions': + dsc_sqlserverpermission{'AddNTServiceClusSvcPermissions': dsc_ensure => 'Present', - dsc_nodename => $hostname, + dsc_servername => $hostname, dsc_instancename => 'MSSQLSERVER', dsc_principal => 'NT SERVICE\ClusSvc', dsc_permission => ['AlterAnyAvailabilityGroup', 'ViewServerState'], dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} }-> - dsc_xsqlserverendpoint{'SQLServerEndpoint': + dsc_sqlserverendpoint{'SQLServerEndpoint': dsc_endpointname => 'HADR', dsc_ensure => 'Present', dsc_port => '5022', - dsc_sqlserver => $fqdn, - dsc_sqlinstancename => 'MSSQLSERVER', + dsc_servername => $fqdn, + dsc_instancename => 'MSSQLSERVER', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - } - - dsc_xsqlserverendpointpermission{'SQLConfigureEndpointPermission': + }-> + + dsc_sqlserverendpointpermission{'SQLConfigureEndpointPermission': dsc_ensure => 'Present', - dsc_nodename => $hostname, + dsc_servername => $hostname, dsc_instancename => 'MSSQLSERVER', dsc_name => 'HADR', dsc_principal => $sqlservicecredential_username, dsc_permission => 'CONNECT', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } - + if ( $role == 'primary' ) { # Create the availability group on the instance tagged as the primary replica - dsc_xsqlserveralwaysonavailabilitygroup{'CreateSQLAvailabilityGroup': + dsc_sqlag{'CreateSQLAvailabilityGroup': dsc_ensure => 'Present', dsc_name => $clusterName, - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => [ Dsc_xsqlserveralwaysonservice['EnableAlwaysOn'] , Dsc_xsqlserverendpoint['SQLServerEndpoint'] ] + require => [ Dsc_sqlalwaysonservice['EnableAlwaysOn'] , Dsc_sqlserverendpoint['SQLServerEndpoint'] ] } - - dsc_xsqlserveravailabilitygrouplistener{'AvailabilityGroupListener': + + dsc_sqlaglistener{'AvailabilityGroupListener': dsc_ensure => 'Present', - dsc_nodename => $fqdn, + dsc_servername => $fqdn, dsc_instancename => 'MSSQLSERVER', dsc_availabilitygroup => $clusterName, dsc_name => "${clusterName}LI", dsc_ipaddress => $listenerIP, dsc_port => 1433, dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => [ Dsc_xsqlserveralwaysonavailabilitygroup['CreateSQLAvailabilityGroup'] ] + require => [ Dsc_sqlag['CreateSQLAvailabilityGroup'] ] } - + } else { - - dsc_xsqlserveralwaysonavailabilitygroupreplica{'SQLAvailabilityGroupAddReplica': + + dsc_sqlagreplica{'SQLAvailabilityGroupAddReplica': dsc_ensure => 'Present', dsc_name => $hostname, dsc_availabilitygroupname => $clusterName, - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', - dsc_primaryreplicasqlserver => $clusterName, - dsc_primaryreplicasqlinstancename => 'MSSQLSERVER', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', + dsc_primaryreplicaservername => $clusterName, + dsc_primaryreplicainstancename => 'MSSQLSERVER', dsc_endpointhostname => $hostname, dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => [ Dsc_xsqlserveralwaysonservice['EnableAlwaysOn'] , Dsc_xsqlserverendpoint['SQLServerEndpoint'] ] + require => [ Dsc_sqlalwaysonservice['EnableAlwaysOn'] , Dsc_sqlserverendpoint['SQLServerEndpoint'] ] } } } diff --git a/manifests/config.pp b/manifests/config.pp index 5a4b07a..81aec2f 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,58 +1,58 @@ class sqlserveralwayson::config inherits sqlserveralwayson { - + #Network configuration - dsc_xsqlservernetwork{ 'ConfigureSQLNetwork': + dsc_sqlservernetwork{ 'ConfigureSQLNetwork': dsc_instancename => 'MSSQLSERVER', dsc_protocolname => "tcp", dsc_isenabled => true, dsc_tcpport => '1433', dsc_restartservice => true } - + #Windows Firewall configuration - dsc_xsqlserverfirewall{'CreateFirewallRules': + dsc_sqlwindowsfirewall{'CreateFirewallRules': dsc_ensure => 'Present', dsc_features => 'SQLENGINE,AS', dsc_instancename => 'MSSQLSERVER', dsc_sourcepath => $setupdir, dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } - + #Disable UAC - #dsc_xuac{'UACNeverNotifyAndDisableAll': + #dsc_xuac{'UACNeverNotifyAndDisableAll': # dsc_setting => 'NeverNotifyAndDisableAll' #} - + #Admin access configuration - dsc_xsqlserverlogin{'DomainAdminsLogin': + dsc_sqlserverlogin{'DomainAdminsLogin': dsc_ensure => 'Present', - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', dsc_name => "${domainNetbiosName}\\Domain Admins", dsc_logintype => 'WindowsGroup', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } - - dsc_xsqlserverrole{'AddDomainAdminsSQLSysadmin': + + dsc_sqlserverrole{'AddDomainAdminsSQLSysadmin': dsc_ensure => 'Present', dsc_serverrolename => 'sysadmin', dsc_memberstoinclude => "${domainNetbiosName}\\Domain Admins", - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', require => Dsc_xsqlserverlogin['DomainAdminsLogin'], dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } - + #Service account access configuration. Mandatory for AlwaysOn replica login capability on HADR server endpoint - dsc_xsqlserverlogin{'ServiceAccountLogin': + dsc_sqlserverlogin{'ServiceAccountLogin': dsc_ensure => 'Present', - dsc_sqlserver => $hostname, - dsc_sqlinstancename => 'MSSQLSERVER', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', dsc_name => $sqlservicecredential_username, dsc_logintype => 'WindowsUser', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } - + #User rights configuration dsc_userrightsassignment{ 'PerformVolumeMaintenanceTasks': dsc_policy => 'Perform_volume_maintenance_tasks', @@ -63,14 +63,14 @@ dsc_policy => 'Lock_pages_in_memory', dsc_identity => 'Builtin\Administrators' } - - #Performances configuration - dsc_xsqlservermaxdop{ 'SetMAXDOP': - dsc_sqlserver => 'localhost', - dsc_sqlinstancename => 'MSSQLSERVER', + + #Performances configuration + dsc_sqlservermaxdop{ 'SetMAXDOP': + dsc_servername => 'localhost', + dsc_instancename => 'MSSQLSERVER', dsc_maxdop => 0 } - + #xSQLServerMemory SetMAXDOP #{ #SQLInstanceName = $Configuration.InstallSQL.InstanceName @@ -78,4 +78,4 @@ #MaxMemory = $MAXMemory #DynamicAlloc = $False #} -} \ No newline at end of file +} diff --git a/manifests/install.pp b/manifests/install.pp index 3166bdd..0189911 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -3,19 +3,19 @@ #reboot { 'before': # when => pending, #} - + dsc_windowsfeature{'NET-Framework-Core': dsc_ensure => 'Present', dsc_name => 'NET-Framework-Core', dsc_includeallsubfeature => true } - + dsc_windowsfeature{'NET-Framework-45-Core': dsc_ensure => 'Present', dsc_name => 'NET-Framework-45-Core', dsc_includeallsubfeature => true } - + dsc_windowsfeature{'RSAT-AD-PowerShell': dsc_ensure => 'Present', dsc_name => 'RSAT-AD-PowerShell' @@ -25,31 +25,29 @@ dsc_ensure => 'Present', dsc_name => 'Failover-Clustering' } - + dsc_windowsfeature{'RSATClusteringPowerShell': dsc_ensure => 'Present', dsc_name => 'RSAT-Clustering-PowerShell', require => [ Dsc_windowsfeature['Failover-Clustering'] ] } - + #Not working on Windows Server Core edition #dsc_windowsfeature{'RSATClusteringMgmt': # dsc_ensure => 'Present', # dsc_name => 'RSAT-Clustering-Mgmt', # require => [ Dsc_windowsfeature['Failover-Clustering'] ] #} - + dsc_windowsfeature{'RSATClusteringCmdInterface': dsc_ensure => 'Present', dsc_name => 'RSAT-Clustering-CmdInterface', require => [ Dsc_windowsfeature['RSATClusteringPowerShell'] ] } - - dsc_xsqlserversetup{ 'InstallSQLDefaultInstance': + + dsc_sqlsetup{ 'InstallSQLDefaultInstance': dsc_action => 'Install', dsc_instancename => 'MSSQLSERVER', - #dsc_failoverclusternetworkname => $clusterFQDN, - #dsc_failoverclusteripaddress => $clusterIP, dsc_features => 'SQLENGINE,AS', dsc_sqlcollation => 'SQL_Latin1_General_CP1_CI_AS', dsc_securitymode => 'SQL', @@ -81,11 +79,11 @@ require => [ Dsc_windowsfeature['NET-Framework-Core'], Dsc_windowsfeature['NET-Framework-45-Core'], Dsc_windowsfeature['Failover-Clustering'] ], notify => Reboot['after_run'] } - + reboot { 'after_run': apply => finished, } - - -} \ No newline at end of file + + +} From d47d728b4161fdea289ae496db4989b5056d3161 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 9 Jan 2018 22:18:16 +0100 Subject: [PATCH 03/13] Corrected syntax error in dependency --- manifests/config.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/config.pp b/manifests/config.pp index 81aec2f..2603cc4 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -39,7 +39,7 @@ dsc_memberstoinclude => "${domainNetbiosName}\\Domain Admins", dsc_servername => $hostname, dsc_instancename => 'MSSQLSERVER', - require => Dsc_xsqlserverlogin['DomainAdminsLogin'], + require => Dsc_sqlserverlogin['DomainAdminsLogin'], dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } From c9082e5f2719e1b36a7439f9d50fd9d630fb5f16 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 9 Jan 2018 22:43:29 +0100 Subject: [PATCH 04/13] Unprefixed $sqlservicecredential_username on user variables. Prefixed $sqlservicecredential_username with $domainNetbiosName in configurations to make variable compatible with xaduser and be ale to use it as a domain account in configurations --- manifests/alwaysonconfig.pp | 2 +- manifests/config.pp | 2 +- manifests/install.pp | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/alwaysonconfig.pp b/manifests/alwaysonconfig.pp index 4db1bca..3252001 100644 --- a/manifests/alwaysonconfig.pp +++ b/manifests/alwaysonconfig.pp @@ -43,7 +43,7 @@ dsc_servername => $hostname, dsc_instancename => 'MSSQLSERVER', dsc_name => 'HADR', - dsc_principal => $sqlservicecredential_username, + dsc_principal => "${domainNetbiosName}\\$sqlservicecredential_username", dsc_permission => 'CONNECT', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } diff --git a/manifests/config.pp b/manifests/config.pp index 2603cc4..d02af9e 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -48,7 +48,7 @@ dsc_ensure => 'Present', dsc_servername => $hostname, dsc_instancename => 'MSSQLSERVER', - dsc_name => $sqlservicecredential_username, + dsc_name => "${domainNetbiosName}\\$sqlservicecredential_username", dsc_logintype => 'WindowsUser', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } diff --git a/manifests/install.pp b/manifests/install.pp index 0189911..b2e9308 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -53,9 +53,9 @@ dsc_securitymode => 'SQL', dsc_sapwd => {'user' => 'sa', 'password' => $sa_password}, dsc_productkey => $productkey, - dsc_sqlsvcaccount => {'user' => $sqlservicecredential_username, 'password' => $sqlservicecredential_password}, - dsc_agtsvcaccount => {'user' => $sqlagentservicecredential_username, 'password' => $sqlagentservicecredential_password}, - dsc_assvcaccount => {'user' => $sqlservicecredential_username, 'password' => $sqlservicecredential_password}, + dsc_sqlsvcaccount => {'user' => "${domainNetbiosName}\\$sqlservicecredential_username", 'password' => $sqlservicecredential_password}, + dsc_agtsvcaccount => {'user' => "${domainNetbiosName}\\$sqlagentservicecredential_username", 'password' => $sqlagentservicecredential_password}, + dsc_assvcaccount => {'user' => "${domainNetbiosName}\\$sqlservicecredential_username", 'password' => $sqlservicecredential_password}, dsc_sqlsysadminaccounts => $sqladministratoraccounts, dsc_assysadminaccounts => $sqladministratoraccounts, dsc_installshareddir => 'C:\Program Files\Microsoft SQL Server', From 424faf4f442b83a4ce2b3ee099f028d11386ef92 Mon Sep 17 00:00:00 2001 From: matt6697 <32440697+matt6697@users.noreply.github.com> Date: Wed, 10 Jan 2018 08:16:28 +0100 Subject: [PATCH 05/13] Paging (indent) fixes --- manifests/clusterconfig.pp | 56 ++++++++++----------- manifests/config.pp | 97 ++++++++++++++++++------------------ manifests/domainconfig.pp | 2 +- manifests/serviceaccounts.pp | 44 ++++++++-------- 4 files changed, 99 insertions(+), 100 deletions(-) diff --git a/manifests/clusterconfig.pp b/manifests/clusterconfig.pp index dbd460f..032b29b 100644 --- a/manifests/clusterconfig.pp +++ b/manifests/clusterconfig.pp @@ -1,35 +1,35 @@ class sqlserveralwayson::clusterconfig inherits sqlserveralwayson { - + if ( $role == 'primary' ) { - #Failover cluster creation - dsc_xcluster{'CreateFailoverCluster': - dsc_name => $clusterName, - dsc_staticipaddress => $clusterIP, - dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - } - - #File share whitness configuration - #Warning, bug https://github.com/PowerShell/xFailOverCluster/issues/35 on Windows 2016 - dsc_xclusterquorum{'SetQuorumToNodeAndDiskMajority': - dsc_issingleinstance => 'Yes', - dsc_type => 'NodeAndFileShareMajority', - dsc_resource => $fileShareWitness, - require => Dsc_xcluster['CreateFailoverCluster'] - } - - } - else { - dsc_xwaitforcluster{'SecondaryReplicaWaitForCluster': - dsc_name => $clusterName, - dsc_retryintervalsec => 10, + #Failover cluster creation + dsc_xcluster{'CreateFailoverCluster': + dsc_name => $clusterName, + dsc_staticipaddress => $clusterIP, + dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + } + + #File share whitness configuration + #Warning, bug https://github.com/PowerShell/xFailOverCluster/issues/35 on Windows 2016 + dsc_xclusterquorum{'SetQuorumToNodeAndDiskMajority': + dsc_issingleinstance => 'Yes', + dsc_type => 'NodeAndFileShareMajority', + dsc_resource => $fileShareWitness, + require => Dsc_xcluster['CreateFailoverCluster'] + } + + } + else { + dsc_xwaitforcluster{'SecondaryReplicaWaitForCluster': + dsc_name => $clusterName, + dsc_retryintervalsec => 10, dsc_retrycount => 6 - } - - dsc_xcluster{'JoinCluster': - dsc_name => $clusterName, + } + + dsc_xcluster{'JoinCluster': + dsc_name => $clusterName, dsc_staticipaddress => $clusterIP, dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, require => Dsc_xwaitforcluster['SecondaryReplicaWaitForCluster'] } - } -} \ No newline at end of file + } +} diff --git a/manifests/config.pp b/manifests/config.pp index d02af9e..e43f5bc 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,81 +1,80 @@ class sqlserveralwayson::config inherits sqlserveralwayson { - #Network configuration + #Network configuration dsc_sqlservernetwork{ 'ConfigureSQLNetwork': - dsc_instancename => 'MSSQLSERVER', - dsc_protocolname => "tcp", - dsc_isenabled => true, - dsc_tcpport => '1433', - dsc_restartservice => true + dsc_instancename => 'MSSQLSERVER', + dsc_protocolname => "tcp", + dsc_isenabled => true, + dsc_tcpport => '1433', + dsc_restartservice => true } #Windows Firewall configuration dsc_sqlwindowsfirewall{'CreateFirewallRules': - dsc_ensure => 'Present', - dsc_features => 'SQLENGINE,AS', - dsc_instancename => 'MSSQLSERVER', - dsc_sourcepath => $setupdir, - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + dsc_ensure => 'Present', + dsc_features => 'SQLENGINE,AS', + dsc_instancename => 'MSSQLSERVER', + dsc_sourcepath => $setupdir, + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } #Disable UAC #dsc_xuac{'UACNeverNotifyAndDisableAll': - # dsc_setting => 'NeverNotifyAndDisableAll' - #} + # dsc_setting => 'NeverNotifyAndDisableAll' + #} #Admin access configuration dsc_sqlserverlogin{'DomainAdminsLogin': - dsc_ensure => 'Present', - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - dsc_name => "${domainNetbiosName}\\Domain Admins", - dsc_logintype => 'WindowsGroup', - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + dsc_ensure => 'Present', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', + dsc_name => "${domainNetbiosName}\\Domain Admins", + dsc_logintype => 'WindowsGroup', + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } dsc_sqlserverrole{'AddDomainAdminsSQLSysadmin': - dsc_ensure => 'Present', - dsc_serverrolename => 'sysadmin', - dsc_memberstoinclude => "${domainNetbiosName}\\Domain Admins", - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - require => Dsc_sqlserverlogin['DomainAdminsLogin'], - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + dsc_ensure => 'Present', + dsc_serverrolename => 'sysadmin', + dsc_memberstoinclude => "${domainNetbiosName}\\Domain Admins", + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', + require => Dsc_sqlserverlogin['DomainAdminsLogin'], + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } #Service account access configuration. Mandatory for AlwaysOn replica login capability on HADR server endpoint - dsc_sqlserverlogin{'ServiceAccountLogin': - dsc_ensure => 'Present', - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - dsc_name => "${domainNetbiosName}\\$sqlservicecredential_username", - dsc_logintype => 'WindowsUser', - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - } + dsc_sqlserverlogin{'ServiceAccountLogin': + dsc_ensure => 'Present', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', + dsc_name => "${domainNetbiosName}\\$sqlservicecredential_username", + dsc_logintype => 'WindowsUser', + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + } #User rights configuration dsc_userrightsassignment{ 'PerformVolumeMaintenanceTasks': - dsc_policy => 'Perform_volume_maintenance_tasks', - dsc_identity => 'Builtin\Administrators' + dsc_policy => 'Perform_volume_maintenance_tasks', + dsc_identity => 'Builtin\Administrators' } - dsc_userrightsassignment{ 'LockPagesInMemory': - dsc_policy => 'Lock_pages_in_memory', - dsc_identity => 'Builtin\Administrators' + dsc_userrightsassignment{ 'LockPagesInMemory': + dsc_policy => 'Lock_pages_in_memory', + dsc_identity => 'Builtin\Administrators' } - #Performances configuration + #Performances configuration dsc_sqlservermaxdop{ 'SetMAXDOP': - dsc_servername => 'localhost', - dsc_instancename => 'MSSQLSERVER', - dsc_maxdop => 0 + dsc_servername => 'localhost', + dsc_instancename => 'MSSQLSERVER', + dsc_maxdop => 0 } - #xSQLServerMemory SetMAXDOP - #{ - #SQLInstanceName = $Configuration.InstallSQL.InstanceName - #DependsOn = "[xSqlServerSetup]InstallSQL" - #MaxMemory = $MAXMemory - #DynamicAlloc = $False + #xSQLServerMemory SetMAXDOP{ + #SQLInstanceName = $Configuration.InstallSQL.InstanceName + #DependsOn = "[xSqlServerSetup]InstallSQL" + #MaxMemory = $MAXMemory + #DynamicAlloc = $False #} } diff --git a/manifests/domainconfig.pp b/manifests/domainconfig.pp index b7f58db..8b65e32 100644 --- a/manifests/domainconfig.pp +++ b/manifests/domainconfig.pp @@ -10,4 +10,4 @@ dsc_ensure => 'present' #Credential: User account credentials used to perform the operation (optional). Note: if not running on a domain controller, this is required. } -} \ No newline at end of file +} diff --git a/manifests/serviceaccounts.pp b/manifests/serviceaccounts.pp index 28246c8..47691f2 100644 --- a/manifests/serviceaccounts.pp +++ b/manifests/serviceaccounts.pp @@ -1,10 +1,10 @@ class sqlserveralwayson::serviceaccounts inherits sqlserveralwayson { #Needed for ActiveDirectory remote management using Powershell dsc_windowsfeature{ 'RSAT-AD-Powershell': - dsc_ensure => 'Present', - dsc_name => 'RSAT-AD-Powershell' + dsc_ensure => 'Present', + dsc_name => 'RSAT-AD-Powershell' } - + #SQL service account creation (Active Directory) dsc_xaduser{'SvcSQLAccount': dsc_domainname => $domainName, @@ -14,24 +14,24 @@ dsc_ensure => 'Present', require => Dsc_windowsfeature['RSAT-AD-Powershell'] } - + #Configure MSSQLSvc SPN on SQL service account - dsc_xadserviceprincipalname{'SvcSQLSPN': - dsc_account => $sqlservicecredential_username, - dsc_serviceprincipalname => "MSSQLSvc/${fqdn}", - dsc_ensure => present, - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => Dsc_xaduser['SvcSQLAccount'] - } - + dsc_xadserviceprincipalname{'SvcSQLSPN': + dsc_account => $sqlservicecredential_username, + dsc_serviceprincipalname => "MSSQLSvc/${fqdn}", + dsc_ensure => present, + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, + require => Dsc_xaduser['SvcSQLAccount'] + } + #SQL Agent service account creation (Active Directory) - dsc_xaduser{'SvcSQLAgentAccount': - dsc_domainname => $domainName, - dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - dsc_username => $sqlagentservicecredential_username, - dsc_password => {'user' => $sqlagentservicecredential_username, 'password' => $sqlagentservicecredential_password}, - dsc_ensure => 'Present', - require => Dsc_windowsfeature['RSAT-AD-Powershell'] - } - -} \ No newline at end of file + dsc_xaduser{'SvcSQLAgentAccount': + dsc_domainname => $domainName, + dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, + dsc_username => $sqlagentservicecredential_username, + dsc_password => {'user' => $sqlagentservicecredential_username, 'password' => $sqlagentservicecredential_password}, + dsc_ensure => 'Present', + require => Dsc_windowsfeature['RSAT-AD-Powershell'] + } + +} From abd8090b42caea5565987ca6a46030d07c9973b8 Mon Sep 17 00:00:00 2001 From: matt6697 <32440697+matt6697@users.noreply.github.com> Date: Wed, 10 Jan 2018 08:16:28 +0100 Subject: [PATCH 06/13] Paging (indent) fixes --- manifests/clusterconfig.pp | 56 ++++++++++----------- manifests/config.pp | 97 ++++++++++++++++++------------------ manifests/domainconfig.pp | 2 +- manifests/serviceaccounts.pp | 46 ++++++++--------- 4 files changed, 100 insertions(+), 101 deletions(-) diff --git a/manifests/clusterconfig.pp b/manifests/clusterconfig.pp index dbd460f..032b29b 100644 --- a/manifests/clusterconfig.pp +++ b/manifests/clusterconfig.pp @@ -1,35 +1,35 @@ class sqlserveralwayson::clusterconfig inherits sqlserveralwayson { - + if ( $role == 'primary' ) { - #Failover cluster creation - dsc_xcluster{'CreateFailoverCluster': - dsc_name => $clusterName, - dsc_staticipaddress => $clusterIP, - dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - } - - #File share whitness configuration - #Warning, bug https://github.com/PowerShell/xFailOverCluster/issues/35 on Windows 2016 - dsc_xclusterquorum{'SetQuorumToNodeAndDiskMajority': - dsc_issingleinstance => 'Yes', - dsc_type => 'NodeAndFileShareMajority', - dsc_resource => $fileShareWitness, - require => Dsc_xcluster['CreateFailoverCluster'] - } - - } - else { - dsc_xwaitforcluster{'SecondaryReplicaWaitForCluster': - dsc_name => $clusterName, - dsc_retryintervalsec => 10, + #Failover cluster creation + dsc_xcluster{'CreateFailoverCluster': + dsc_name => $clusterName, + dsc_staticipaddress => $clusterIP, + dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + } + + #File share whitness configuration + #Warning, bug https://github.com/PowerShell/xFailOverCluster/issues/35 on Windows 2016 + dsc_xclusterquorum{'SetQuorumToNodeAndDiskMajority': + dsc_issingleinstance => 'Yes', + dsc_type => 'NodeAndFileShareMajority', + dsc_resource => $fileShareWitness, + require => Dsc_xcluster['CreateFailoverCluster'] + } + + } + else { + dsc_xwaitforcluster{'SecondaryReplicaWaitForCluster': + dsc_name => $clusterName, + dsc_retryintervalsec => 10, dsc_retrycount => 6 - } - - dsc_xcluster{'JoinCluster': - dsc_name => $clusterName, + } + + dsc_xcluster{'JoinCluster': + dsc_name => $clusterName, dsc_staticipaddress => $clusterIP, dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, require => Dsc_xwaitforcluster['SecondaryReplicaWaitForCluster'] } - } -} \ No newline at end of file + } +} diff --git a/manifests/config.pp b/manifests/config.pp index d02af9e..e43f5bc 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,81 +1,80 @@ class sqlserveralwayson::config inherits sqlserveralwayson { - #Network configuration + #Network configuration dsc_sqlservernetwork{ 'ConfigureSQLNetwork': - dsc_instancename => 'MSSQLSERVER', - dsc_protocolname => "tcp", - dsc_isenabled => true, - dsc_tcpport => '1433', - dsc_restartservice => true + dsc_instancename => 'MSSQLSERVER', + dsc_protocolname => "tcp", + dsc_isenabled => true, + dsc_tcpport => '1433', + dsc_restartservice => true } #Windows Firewall configuration dsc_sqlwindowsfirewall{'CreateFirewallRules': - dsc_ensure => 'Present', - dsc_features => 'SQLENGINE,AS', - dsc_instancename => 'MSSQLSERVER', - dsc_sourcepath => $setupdir, - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + dsc_ensure => 'Present', + dsc_features => 'SQLENGINE,AS', + dsc_instancename => 'MSSQLSERVER', + dsc_sourcepath => $setupdir, + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } #Disable UAC #dsc_xuac{'UACNeverNotifyAndDisableAll': - # dsc_setting => 'NeverNotifyAndDisableAll' - #} + # dsc_setting => 'NeverNotifyAndDisableAll' + #} #Admin access configuration dsc_sqlserverlogin{'DomainAdminsLogin': - dsc_ensure => 'Present', - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - dsc_name => "${domainNetbiosName}\\Domain Admins", - dsc_logintype => 'WindowsGroup', - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + dsc_ensure => 'Present', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', + dsc_name => "${domainNetbiosName}\\Domain Admins", + dsc_logintype => 'WindowsGroup', + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } dsc_sqlserverrole{'AddDomainAdminsSQLSysadmin': - dsc_ensure => 'Present', - dsc_serverrolename => 'sysadmin', - dsc_memberstoinclude => "${domainNetbiosName}\\Domain Admins", - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - require => Dsc_sqlserverlogin['DomainAdminsLogin'], - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + dsc_ensure => 'Present', + dsc_serverrolename => 'sysadmin', + dsc_memberstoinclude => "${domainNetbiosName}\\Domain Admins", + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', + require => Dsc_sqlserverlogin['DomainAdminsLogin'], + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } #Service account access configuration. Mandatory for AlwaysOn replica login capability on HADR server endpoint - dsc_sqlserverlogin{'ServiceAccountLogin': - dsc_ensure => 'Present', - dsc_servername => $hostname, - dsc_instancename => 'MSSQLSERVER', - dsc_name => "${domainNetbiosName}\\$sqlservicecredential_username", - dsc_logintype => 'WindowsUser', - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} - } + dsc_sqlserverlogin{'ServiceAccountLogin': + dsc_ensure => 'Present', + dsc_servername => $hostname, + dsc_instancename => 'MSSQLSERVER', + dsc_name => "${domainNetbiosName}\\$sqlservicecredential_username", + dsc_logintype => 'WindowsUser', + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} + } #User rights configuration dsc_userrightsassignment{ 'PerformVolumeMaintenanceTasks': - dsc_policy => 'Perform_volume_maintenance_tasks', - dsc_identity => 'Builtin\Administrators' + dsc_policy => 'Perform_volume_maintenance_tasks', + dsc_identity => 'Builtin\Administrators' } - dsc_userrightsassignment{ 'LockPagesInMemory': - dsc_policy => 'Lock_pages_in_memory', - dsc_identity => 'Builtin\Administrators' + dsc_userrightsassignment{ 'LockPagesInMemory': + dsc_policy => 'Lock_pages_in_memory', + dsc_identity => 'Builtin\Administrators' } - #Performances configuration + #Performances configuration dsc_sqlservermaxdop{ 'SetMAXDOP': - dsc_servername => 'localhost', - dsc_instancename => 'MSSQLSERVER', - dsc_maxdop => 0 + dsc_servername => 'localhost', + dsc_instancename => 'MSSQLSERVER', + dsc_maxdop => 0 } - #xSQLServerMemory SetMAXDOP - #{ - #SQLInstanceName = $Configuration.InstallSQL.InstanceName - #DependsOn = "[xSqlServerSetup]InstallSQL" - #MaxMemory = $MAXMemory - #DynamicAlloc = $False + #xSQLServerMemory SetMAXDOP{ + #SQLInstanceName = $Configuration.InstallSQL.InstanceName + #DependsOn = "[xSqlServerSetup]InstallSQL" + #MaxMemory = $MAXMemory + #DynamicAlloc = $False #} } diff --git a/manifests/domainconfig.pp b/manifests/domainconfig.pp index b7f58db..8b65e32 100644 --- a/manifests/domainconfig.pp +++ b/manifests/domainconfig.pp @@ -10,4 +10,4 @@ dsc_ensure => 'present' #Credential: User account credentials used to perform the operation (optional). Note: if not running on a domain controller, this is required. } -} \ No newline at end of file +} diff --git a/manifests/serviceaccounts.pp b/manifests/serviceaccounts.pp index 28246c8..c06c897 100644 --- a/manifests/serviceaccounts.pp +++ b/manifests/serviceaccounts.pp @@ -1,10 +1,10 @@ class sqlserveralwayson::serviceaccounts inherits sqlserveralwayson { - #Needed for ActiveDirectory remote management using Powershell + #Needed for ActiveDirectory remote management using Powershell dsc_windowsfeature{ 'RSAT-AD-Powershell': - dsc_ensure => 'Present', - dsc_name => 'RSAT-AD-Powershell' + dsc_ensure => 'Present', + dsc_name => 'RSAT-AD-Powershell' } - + #SQL service account creation (Active Directory) dsc_xaduser{'SvcSQLAccount': dsc_domainname => $domainName, @@ -14,24 +14,24 @@ dsc_ensure => 'Present', require => Dsc_windowsfeature['RSAT-AD-Powershell'] } - + #Configure MSSQLSvc SPN on SQL service account - dsc_xadserviceprincipalname{'SvcSQLSPN': - dsc_account => $sqlservicecredential_username, - dsc_serviceprincipalname => "MSSQLSvc/${fqdn}", - dsc_ensure => present, - dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - require => Dsc_xaduser['SvcSQLAccount'] - } - + dsc_xadserviceprincipalname{'SvcSQLSPN': + dsc_account => $sqlservicecredential_username, + dsc_serviceprincipalname => "MSSQLSvc/${fqdn}", + dsc_ensure => present, + dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, + require => Dsc_xaduser['SvcSQLAccount'] + } + #SQL Agent service account creation (Active Directory) - dsc_xaduser{'SvcSQLAgentAccount': - dsc_domainname => $domainName, - dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, - dsc_username => $sqlagentservicecredential_username, - dsc_password => {'user' => $sqlagentservicecredential_username, 'password' => $sqlagentservicecredential_password}, - dsc_ensure => 'Present', - require => Dsc_windowsfeature['RSAT-AD-Powershell'] - } - -} \ No newline at end of file + dsc_xaduser{'SvcSQLAgentAccount': + dsc_domainname => $domainName, + dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, + dsc_username => $sqlagentservicecredential_username, + dsc_password => {'user' => $sqlagentservicecredential_username, 'password' => $sqlagentservicecredential_password}, + dsc_ensure => 'Present', + require => Dsc_windowsfeature['RSAT-AD-Powershell'] + } + +} From 4c0a548544713f5633de87bcce024f62aa66108e Mon Sep 17 00:00:00 2001 From: matt6697 <32440697+matt6697@users.noreply.github.com> Date: Wed, 10 Jan 2018 08:30:22 +0100 Subject: [PATCH 07/13] Updated README with details about sqlservicecedential and sqlagentservicecredential variables format. Created changelog.md --- CHANGELOG.md | 9 +++++++++ README.markdown | 16 +++++++++------- 2 files changed, 18 insertions(+), 7 deletions(-) create mode 100644 CHANGELOG.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..3a7380c --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,9 @@ +# Changelog - sqlserveralwayson # + +## Unreleased +- **BREAKING CHANGE** : Require puppetlabs/dsc compiled with SQLServerDSC = 10.0.0.0 +- **BREAKING CHANGE** : Changed $sqlservicecredential_username and $sqlagentservicecredential_username format. User accounts now required **WITHOUT** Netbios Domain Name prefix. + +## Version 1.1.0 +- Initial release +- Module compatible with xSQLServer <= 9.0.0.0 diff --git a/README.markdown b/README.markdown index f1094a6..e4c6c29 100644 --- a/README.markdown +++ b/README.markdown @@ -1,6 +1,6 @@ # sqlserveralwayson # -This modules install a fully working SQL Server AlwaysOn cluster. It has been designed to install both primary replica nodes with the following features : +This modules installs a fully working SQL Server AlwaysOn cluster. It has been designed to install both primary replica nodes with the following features : - SPN creation on sql service account (service account not yet created by this module, schedulded in next release) - SQL server installation and initial configuration (MaxDop Firewall, Memory, Admin rights, ...) - Failover cluster creation (primary node) or join (replica node) with File Share witness @@ -22,9 +22,9 @@ The module can be installed on a Standard, Datacenter, or Core version of Window - **setupdir** : (string) Path of a folder containing the SQL Server installer (unarchive the ISO image in this folder). - **sa_password** : (string) SQL Server SA password for mixed mode SQL authentication configuration. - **productkey** : (string)(optionnal) Product key for licensed installations. -- **sqlservicecredential_username** : (String) Service account for the SQL service +- **sqlservicecredential_username** : (String) Service account for the SQL service **WITHOUT** Netbios Domain Name prefix - **sqlservicecredential_password** : (String) : Password of the service account for the SQL service. Should be encrypted with hiera-eyaml. -- **sqlagentservicecredential_username** : (String) Service account for the SQL Agent service +- **sqlagentservicecredential_username** : (String) Service account for the SQL Agent service **WITHOUT** Netbios Domain Name prefix - **sqlagentservicecredential_password** : (String) Password of the service account for the SQL Agent service. Should be encrypted with hiera-eyaml. - **sqladministratoraccounts** : (String[] Array) : Array of accounts to be made SQL administrators. - **sqluserdbdir** : (String)(optionnal) Path for SQL database files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data' @@ -63,9 +63,9 @@ node 'SQL01' { setupdir=>'\\fileserver.local\SQLServer2012.en', sa_password=>'P@ssw0rd', productkey => 'key-key-key', - sqlservicecredential_username => 'DOMAIN-TEST\svc-sql-puppet', + sqlservicecredential_username => 'svc-sql-puppet', sqlservicecredential_password=>'P@ssw0rd', - sqlagentservicecredential_username => 'DOMAIN-TEST\svc-sql-puppet', + sqlagentservicecredential_username => 'svc-sql-puppet', sqlagentservicecredential_password => 'P@ssw0rd', sqladministratoraccounts => [ 'DOMAIN-TEST\svc-puppet', 'DOMAIN-TEST\Administrator' ], clusterName => 'CLDB01', @@ -73,6 +73,7 @@ node 'SQL01' { fileShareWitness=> '\\192.168.1.10\quorum', listenerIP => '192.168.1.61/255.255.255.0', role => 'primary', + domainName => 'DOMAIN-TEST.COM', domainNetbiosName => 'DOMAIN-TEST' } } @@ -85,9 +86,9 @@ node 'SQL02' { setupdir=>'\\fileserver.local\SQLServer2012.en', sa_password=>'P@ssw0rd', productkey => 'key-key-key', - sqlservicecredential_username => 'DOMAIN-TEST\svc-sql-puppet', + sqlservicecredential_username => 'svc-sql-puppet', sqlservicecredential_password=>'P@ssw0rd', - sqlagentservicecredential_username => 'DOMAIN-TEST\svc-sql-puppet', + sqlagentservicecredential_username => 'svc-sql-puppet', sqlagentservicecredential_password => 'P@ssw0rd', sqladministratoraccounts => [ 'DOMAIN-TEST\svc-puppet', 'DOMAIN-TEST\Administrator' ], clusterName => 'CLDB01', @@ -95,6 +96,7 @@ node 'SQL02' { fileShareWitness=> '\\192.168.1.10\quorum', listenerIP => '192.168.1.61/255.255.255.0', role => 'secondary', + domainName => 'DOMAIN-TEST.COM', domainNetbiosName => 'DOMAIN-TEST' } } From 6751057b0c2f7c2c060d72351b6c996bd5553010 Mon Sep 17 00:00:00 2001 From: matt6697 <32440697+matt6697@users.noreply.github.com> Date: Wed, 10 Jan 2018 19:10:06 +0100 Subject: [PATCH 08/13] Removed $domainName class parameter. Used facts instead. --- CHANGELOG.md | 1 + README.markdown | 2 -- manifests/init.pp | 10 ++++++---- manifests/serviceaccounts.pp | 4 ++-- 4 files changed, 9 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3a7380c..c7cb28c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## Unreleased - **BREAKING CHANGE** : Require puppetlabs/dsc compiled with SQLServerDSC = 10.0.0.0 - **BREAKING CHANGE** : Changed $sqlservicecredential_username and $sqlagentservicecredential_username format. User accounts now required **WITHOUT** Netbios Domain Name prefix. +- **BREAKING CHANGE** : Removed $domainName class parameter. Used facts instead. ## Version 1.1.0 - Initial release diff --git a/README.markdown b/README.markdown index e4c6c29..c6ab8de 100644 --- a/README.markdown +++ b/README.markdown @@ -73,7 +73,6 @@ node 'SQL01' { fileShareWitness=> '\\192.168.1.10\quorum', listenerIP => '192.168.1.61/255.255.255.0', role => 'primary', - domainName => 'DOMAIN-TEST.COM', domainNetbiosName => 'DOMAIN-TEST' } } @@ -96,7 +95,6 @@ node 'SQL02' { fileShareWitness=> '\\192.168.1.10\quorum', listenerIP => '192.168.1.61/255.255.255.0', role => 'secondary', - domainName => 'DOMAIN-TEST.COM', domainNetbiosName => 'DOMAIN-TEST' } } diff --git a/manifests/init.pp b/manifests/init.pp index 9022726..0755d8d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -28,19 +28,21 @@ $sqltempdblogdir = 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data', $clusterName, $clusterIP, - $fileShareWitness, #Format '\\witness.company.local\witness$' + $fileShareWitness, #Format '\\witness.company.local\witness$' $listenerIP, #The IP address used for the availability group listener, in the format 192.168.10.45/255.255.252.0. $role, ##primary or secondary - $domainName, $domainNetbiosName - ) + ) { + #Using $domain fact du get the active directory domain name + $domainName = $domain + contain sqlserveralwayson::serviceaccounts contain sqlserveralwayson::install contain sqlserveralwayson::config contain sqlserveralwayson::clusterconfig contain sqlserveralwayson::alwaysonconfig - + Class['::sqlserveralwayson::serviceaccounts'] -> Class['::sqlserveralwayson::install'] -> Class['::sqlserveralwayson::config'] -> diff --git a/manifests/serviceaccounts.pp b/manifests/serviceaccounts.pp index c06c897..506e4c3 100644 --- a/manifests/serviceaccounts.pp +++ b/manifests/serviceaccounts.pp @@ -7,7 +7,7 @@ #SQL service account creation (Active Directory) dsc_xaduser{'SvcSQLAccount': - dsc_domainname => $domainName, + dsc_domainname => $domain, dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, dsc_username => $sqlservicecredential_username, dsc_password => {'user' => $sqlservicecredential_username, 'password' => $sqlservicecredential_password}, @@ -26,7 +26,7 @@ #SQL Agent service account creation (Active Directory) dsc_xaduser{'SvcSQLAgentAccount': - dsc_domainname => $domainName, + dsc_domainname => $domain, dsc_domainadministratorcredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, dsc_username => $sqlagentservicecredential_username, dsc_password => {'user' => $sqlagentservicecredential_username, 'password' => $sqlagentservicecredential_password}, From de6556791802da1e2a02cb70a279ed19206f9ec1 Mon Sep 17 00:00:00 2001 From: matt6697 <32440697+matt6697@users.noreply.github.com> Date: Thu, 11 Jan 2018 21:24:55 +0100 Subject: [PATCH 09/13] Added custom fact. Removed $domainNetbiosName class parameter. Used custom fact instead. --- CHANGELOG.md | 1 + README.markdown | 11 ++++------- lib/facter/domainnetbiosname.rb | 14 ++++++++++++++ manifests/alwaysonconfig.pp | 2 +- manifests/config.pp | 6 +++--- manifests/domainconfig.pp | 13 ------------- manifests/init.pp | 1 - manifests/install.pp | 6 +++--- manifests/serviceaccounts.pp | 1 + 9 files changed, 27 insertions(+), 28 deletions(-) create mode 100644 lib/facter/domainnetbiosname.rb delete mode 100644 manifests/domainconfig.pp diff --git a/CHANGELOG.md b/CHANGELOG.md index c7cb28c..72fd834 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ - **BREAKING CHANGE** : Require puppetlabs/dsc compiled with SQLServerDSC = 10.0.0.0 - **BREAKING CHANGE** : Changed $sqlservicecredential_username and $sqlagentservicecredential_username format. User accounts now required **WITHOUT** Netbios Domain Name prefix. - **BREAKING CHANGE** : Removed $domainName class parameter. Used facts instead. +- **BREAKING CHANGE** : Removed $domainNetbiosName class parameter. Used custom fact instead. ## Version 1.1.0 - Initial release diff --git a/README.markdown b/README.markdown index c6ab8de..8b67883 100644 --- a/README.markdown +++ b/README.markdown @@ -22,9 +22,9 @@ The module can be installed on a Standard, Datacenter, or Core version of Window - **setupdir** : (string) Path of a folder containing the SQL Server installer (unarchive the ISO image in this folder). - **sa_password** : (string) SQL Server SA password for mixed mode SQL authentication configuration. - **productkey** : (string)(optionnal) Product key for licensed installations. -- **sqlservicecredential_username** : (String) Service account for the SQL service **WITHOUT** Netbios Domain Name prefix +- **sqlservicecredential_username** : (String) Domain service account for the SQL service **WITHOUT** Netbios Domain Name prefix. The account will be automatically created in Active Directory by the module. MSSQLSvc/fqdn_of_sql_server_node SPN will be associated with the service account. - **sqlservicecredential_password** : (String) : Password of the service account for the SQL service. Should be encrypted with hiera-eyaml. -- **sqlagentservicecredential_username** : (String) Service account for the SQL Agent service **WITHOUT** Netbios Domain Name prefix +- **sqlagentservicecredential_username** : (String) Domain service account for the SQL Agent service **WITHOUT** Netbios Domain Name prefix. The account will be automatically created in Active Directory by the module. - **sqlagentservicecredential_password** : (String) Password of the service account for the SQL Agent service. Should be encrypted with hiera-eyaml. - **sqladministratoraccounts** : (String[] Array) : Array of accounts to be made SQL administrators. - **sqluserdbdir** : (String)(optionnal) Path for SQL database files. Default to 'C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data' @@ -37,7 +37,6 @@ The module can be installed on a Standard, Datacenter, or Core version of Window - **fileShareWitness** : (String) Fileshare witness UNC path in the format'\\witness.company.local\witness$'. Needs to be writable by SQL nodes. - **listenerIP** : (String) The IP address used for the availability group listener, in the format 192.168.10.45/255.255.252.0. - **role** : (String) Needs to be 'primary' for primary SQL nodes or 'secondary' for SQL replica nodes -- **domainNetbiosName** : (String) Active Directory domain NETBIOS name ## Installing a Microsoft SQL Server AlwaysOn cluster @@ -72,8 +71,7 @@ node 'SQL01' { clusterIP => '192.168.1.60', fileShareWitness=> '\\192.168.1.10\quorum', listenerIP => '192.168.1.61/255.255.255.0', - role => 'primary', - domainNetbiosName => 'DOMAIN-TEST' + role => 'primary' } } @@ -94,8 +92,7 @@ node 'SQL02' { clusterIP => '192.168.1.60', fileShareWitness=> '\\192.168.1.10\quorum', listenerIP => '192.168.1.61/255.255.255.0', - role => 'secondary', - domainNetbiosName => 'DOMAIN-TEST' + role => 'secondary' } } diff --git a/lib/facter/domainnetbiosname.rb b/lib/facter/domainnetbiosname.rb new file mode 100644 index 0000000..49ced59 --- /dev/null +++ b/lib/facter/domainnetbiosname.rb @@ -0,0 +1,14 @@ +#https://puppet.com/blog/starting-out-writing-custom-facts-windows +Facter.add('domainnetbiosname') do + confine :osfamily => :windows + setcode do + begin + require 'win32ole' + wmi = WIN32OLE.connect("winmgmts:\\\\.\\root\\cimv2") + win32ntdomain = wmi.ExecQuery("SELECT * FROM Win32_NTDomain").each.first + win32ntdomain.DomainName + rescue + nil + end + end +end diff --git a/manifests/alwaysonconfig.pp b/manifests/alwaysonconfig.pp index 3252001..10eb7dc 100644 --- a/manifests/alwaysonconfig.pp +++ b/manifests/alwaysonconfig.pp @@ -43,7 +43,7 @@ dsc_servername => $hostname, dsc_instancename => 'MSSQLSERVER', dsc_name => 'HADR', - dsc_principal => "${domainNetbiosName}\\$sqlservicecredential_username", + dsc_principal => "${domainnetbiosname}\\$sqlservicecredential_username", dsc_permission => 'CONNECT', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } diff --git a/manifests/config.pp b/manifests/config.pp index e43f5bc..d650f0f 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -28,7 +28,7 @@ dsc_ensure => 'Present', dsc_servername => $hostname, dsc_instancename => 'MSSQLSERVER', - dsc_name => "${domainNetbiosName}\\Domain Admins", + dsc_name => "${domainnetbiosname}\\Domain Admins", dsc_logintype => 'WindowsGroup', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } @@ -36,7 +36,7 @@ dsc_sqlserverrole{'AddDomainAdminsSQLSysadmin': dsc_ensure => 'Present', dsc_serverrolename => 'sysadmin', - dsc_memberstoinclude => "${domainNetbiosName}\\Domain Admins", + dsc_memberstoinclude => "${domainnetbiosname}\\Domain Admins", dsc_servername => $hostname, dsc_instancename => 'MSSQLSERVER', require => Dsc_sqlserverlogin['DomainAdminsLogin'], @@ -48,7 +48,7 @@ dsc_ensure => 'Present', dsc_servername => $hostname, dsc_instancename => 'MSSQLSERVER', - dsc_name => "${domainNetbiosName}\\$sqlservicecredential_username", + dsc_name => "${domainnetbiosname}\\$sqlservicecredential_username", dsc_logintype => 'WindowsUser', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password} } diff --git a/manifests/domainconfig.pp b/manifests/domainconfig.pp deleted file mode 100644 index 8b65e32..0000000 --- a/manifests/domainconfig.pp +++ /dev/null @@ -1,13 +0,0 @@ -class sqlserveralwayson::domainconfig inherits sqlserveralwayson { - - #Create SQL Server Organizaational Unit - dsc_xADOrganizationalUnit{ 'OrgUnitCITRIX': - dsc_name => 'SQL Server', - #Specified the X500 (DN) path of the organizational unit's parent object. - dsc_path => $domainbasedn, - dsc_description => "SQL Server", - dsc_protectedfromaccidentaldeletion => true, - dsc_ensure => 'present' - #Credential: User account credentials used to perform the operation (optional). Note: if not running on a domain controller, this is required. - } -} diff --git a/manifests/init.pp b/manifests/init.pp index 0755d8d..dc86356 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -31,7 +31,6 @@ $fileShareWitness, #Format '\\witness.company.local\witness$' $listenerIP, #The IP address used for the availability group listener, in the format 192.168.10.45/255.255.252.0. $role, ##primary or secondary - $domainNetbiosName ) { #Using $domain fact du get the active directory domain name diff --git a/manifests/install.pp b/manifests/install.pp index b2e9308..7282b9c 100644 --- a/manifests/install.pp +++ b/manifests/install.pp @@ -53,9 +53,9 @@ dsc_securitymode => 'SQL', dsc_sapwd => {'user' => 'sa', 'password' => $sa_password}, dsc_productkey => $productkey, - dsc_sqlsvcaccount => {'user' => "${domainNetbiosName}\\$sqlservicecredential_username", 'password' => $sqlservicecredential_password}, - dsc_agtsvcaccount => {'user' => "${domainNetbiosName}\\$sqlagentservicecredential_username", 'password' => $sqlagentservicecredential_password}, - dsc_assvcaccount => {'user' => "${domainNetbiosName}\\$sqlservicecredential_username", 'password' => $sqlservicecredential_password}, + dsc_sqlsvcaccount => {'user' => "${domainnetbiosname}\\$sqlservicecredential_username", 'password' => $sqlservicecredential_password}, + dsc_agtsvcaccount => {'user' => "${domainnetbiosname}\\$sqlagentservicecredential_username", 'password' => $sqlagentservicecredential_password}, + dsc_assvcaccount => {'user' => "${domainnetbiosname}\\$sqlservicecredential_username", 'password' => $sqlservicecredential_password}, dsc_sqlsysadminaccounts => $sqladministratoraccounts, dsc_assysadminaccounts => $sqladministratoraccounts, dsc_installshareddir => 'C:\Program Files\Microsoft SQL Server', diff --git a/manifests/serviceaccounts.pp b/manifests/serviceaccounts.pp index 506e4c3..d3f6cff 100644 --- a/manifests/serviceaccounts.pp +++ b/manifests/serviceaccounts.pp @@ -1,4 +1,5 @@ class sqlserveralwayson::serviceaccounts inherits sqlserveralwayson { + #Needed for ActiveDirectory remote management using Powershell dsc_windowsfeature{ 'RSAT-AD-Powershell': dsc_ensure => 'Present', From 143f580a740fce20e13faadae210bd6890e0d79d Mon Sep 17 00:00:00 2001 From: matt6697 <32440697+matt6697@users.noreply.github.com> Date: Thu, 11 Jan 2018 21:36:52 +0100 Subject: [PATCH 10/13] Changed database availability mode to SynchronousCommit --- CHANGELOG.md | 2 ++ manifests/alwaysonconfig.pp | 1 + 2 files changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 72fd834..5a55440 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ - **BREAKING CHANGE** : Changed $sqlservicecredential_username and $sqlagentservicecredential_username format. User accounts now required **WITHOUT** Netbios Domain Name prefix. - **BREAKING CHANGE** : Removed $domainName class parameter. Used facts instead. - **BREAKING CHANGE** : Removed $domainNetbiosName class parameter. Used custom fact instead. +- Changed database availability mode to SynchronousCommit + ## Version 1.1.0 - Initial release diff --git a/manifests/alwaysonconfig.pp b/manifests/alwaysonconfig.pp index 10eb7dc..597235d 100644 --- a/manifests/alwaysonconfig.pp +++ b/manifests/alwaysonconfig.pp @@ -55,6 +55,7 @@ dsc_name => $clusterName, dsc_servername => $hostname, dsc_instancename => 'MSSQLSERVER', + dsc_availabilitymode => 'SynchronousCommit', dsc_psdscrunascredential => {'user' => $setup_svc_username, 'password' => $setup_svc_password}, require => [ Dsc_sqlalwaysonservice['EnableAlwaysOn'] , Dsc_sqlserverendpoint['SQLServerEndpoint'] ] } From b10f3573c34c7f4869d82b31ecae8caff6456850 Mon Sep 17 00:00:00 2001 From: matt6697 <32440697+matt6697@users.noreply.github.com> Date: Sun, 14 Jan 2018 20:06:57 +0100 Subject: [PATCH 11/13] Bugfix : WMI query returning multiple objects. Empty netbiosdomainname fact. --- lib/facter/domainnetbiosname.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/facter/domainnetbiosname.rb b/lib/facter/domainnetbiosname.rb index 49ced59..13625c3 100644 --- a/lib/facter/domainnetbiosname.rb +++ b/lib/facter/domainnetbiosname.rb @@ -4,8 +4,9 @@ setcode do begin require 'win32ole' + dnsforestname = Facter.value(:domain) wmi = WIN32OLE.connect("winmgmts:\\\\.\\root\\cimv2") - win32ntdomain = wmi.ExecQuery("SELECT * FROM Win32_NTDomain").each.first + win32ntdomain = wmi.ExecQuery("SELECT * FROM Win32_NTDomain WHERE DnsForestName='#{dnsforestname}'").each.first win32ntdomain.DomainName rescue nil From ccff04643dfbb9af40e7e29376efeecf333014cf Mon Sep 17 00:00:00 2001 From: matt6697 <32440697+matt6697@users.noreply.github.com> Date: Sun, 4 Mar 2018 19:22:02 +0100 Subject: [PATCH 12/13] Updated metadata, readme, and changelog for v1.2.0 release --- CHANGELOG.md | 8 +++++--- README.markdown | 6 +++--- metadata.json | 26 ++++++++++++++------------ 3 files changed, 22 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a55440..679d2fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,7 @@ # Changelog - sqlserveralwayson # -## Unreleased -- **BREAKING CHANGE** : Require puppetlabs/dsc compiled with SQLServerDSC = 10.0.0.0 +## Version 1.2.0 +- **BREAKING CHANGE** : Require puppetlabs/dsc compiled with SQLServerDSC >= 10.0.0.0 - **BREAKING CHANGE** : Changed $sqlservicecredential_username and $sqlagentservicecredential_username format. User accounts now required **WITHOUT** Netbios Domain Name prefix. - **BREAKING CHANGE** : Removed $domainName class parameter. Used facts instead. - **BREAKING CHANGE** : Removed $domainNetbiosName class parameter. Used custom fact instead. @@ -9,5 +9,7 @@ ## Version 1.1.0 -- Initial release - Module compatible with xSQLServer <= 9.0.0.0 + +## Version 1.0.0 +- Initial release diff --git a/README.markdown b/README.markdown index 8b67883..26097d4 100644 --- a/README.markdown +++ b/README.markdown @@ -1,6 +1,6 @@ # sqlserveralwayson # -This modules installs a fully working SQL Server AlwaysOn cluster. It has been designed to install both primary replica nodes with the following features : +This modules installs a fully working Microsoft SQL Server AlwaysOn cluster. It has been designed to install both primary replica nodes with the following features : - SPN creation on sql service account (service account not yet created by this module, schedulded in next release) - SQL server installation and initial configuration (MaxDop Firewall, Memory, Admin rights, ...) - Failover cluster creation (primary node) or join (replica node) with File Share witness @@ -12,9 +12,9 @@ The default MSSQLSERVER SQL Server instance is created during installation. This The database failover mecanism integrated in this module is SQL Server AlwaysOn. -The module can be installed on a Standard, Datacenter, or Core version of Windows 2012R2 or Windows 2016. +The module can be installed on a Standard, Datacenter, Core version of Windows 2012R2 or Windows 2016. -**BREAKING CHANGE :** This module requires puppetlabs/dsc compiled with SQLServerDSC = 10.0.0.0 +**BREAKING CHANGE :** This module requires puppetlabs/dsc compiled with SQLServerDSC >= 10.0.0.0 ## Usage - **setup_svc_username** : (string) Privileged account used by Puppet for installing the software and creating the failover cluster (spn creation, computer registration, local administrator privilèges needed) diff --git a/metadata.json b/metadata.json index 1fb72cb..a323056 100644 --- a/metadata.json +++ b/metadata.json @@ -1,17 +1,17 @@ { - "author": "citrixdeployment", + "author": "virtualdesktopdevops", "dependencies": [ - { - "name": "puppetlabs/powershell", + { + "name": "puppetlabs/powershell", "version_requirement": ">= 1.0.3" }, - { - "name": "puppetlabs/dsc", - "version_requirement": ">= 1.4.0" + { + "name": "puppetlabs/dsc", + "version_requirement": ">= 1.5.0" } ], "license": "Apache-2.0", - "name": "citrixdeployment-sqlserveralwayson", + "name": "virtualdesktopdevops-sqlserveralwayson", "operatingsystem_support": [ { "operatingsystem": "windows", @@ -21,21 +21,23 @@ ] } ], - "project_page": "https://www.citrixdeployment.com", + "project_page": "http://www.virtualdesktopdevops.com/", "requirements": [ { "name": "puppet", "version_requirement": ">= 3.8.0 < 6.0.0" } ], - "source": "https://www.citrixdeployment.com", - "summary": "SQL Server deployment with AlwaysOn clustering features", + "source": "https://virtualdesktopdevops.github.io/sqlserveralwayson/", + "summary": "Microsoft SQL Server puppet module with AlwaysOn clustering features", "tags": [ "powershell", "dsc", "sql-server", + "microsoft", + "cluster", "alwayson", "sql" ], - "version": "1.0.0" -} \ No newline at end of file + "version": "1.2.0" +} From 401a154e97abf5f2529b2ea3965e282db9019105 Mon Sep 17 00:00:00 2001 From: matt6697 <32440697+matt6697@users.noreply.github.com> Date: Mon, 5 Mar 2018 08:07:43 +0100 Subject: [PATCH 13/13] pmt ignore for clean puppet module build + updated to v2.0.0 o comply with semantic versionning --- .gitignore | 1 + .pmtignore | 5 +++++ CHANGELOG.md | 2 +- metadata.json | 2 +- 4 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 .pmtignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..01d0a08 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +pkg/ diff --git a/.pmtignore b/.pmtignore new file mode 100644 index 0000000..3b056e1 --- /dev/null +++ b/.pmtignore @@ -0,0 +1,5 @@ +pkg/ +tests/ +assets/ +_config.yml +.fixtures.yml diff --git a/CHANGELOG.md b/CHANGELOG.md index 679d2fe..ec9782f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog - sqlserveralwayson # -## Version 1.2.0 +## Version 2.0.0 - **BREAKING CHANGE** : Require puppetlabs/dsc compiled with SQLServerDSC >= 10.0.0.0 - **BREAKING CHANGE** : Changed $sqlservicecredential_username and $sqlagentservicecredential_username format. User accounts now required **WITHOUT** Netbios Domain Name prefix. - **BREAKING CHANGE** : Removed $domainName class parameter. Used facts instead. diff --git a/metadata.json b/metadata.json index a323056..9668ed8 100644 --- a/metadata.json +++ b/metadata.json @@ -39,5 +39,5 @@ "alwayson", "sql" ], - "version": "1.2.0" + "version": "2.0.0" }