Implement a role for detecting the SAPCAR executable

[berndfinger]

Let's collect ideas for the functionality of a dedicated sapcar role in the collection community.sap_install, replacing the sapcar related logic in the roles:

• sap_hana_install
• sap_swpm
• sap_hostagent
• sap_install_media_detect
  See sap_hana_install: Add individual path for SAPCAR executable #91 (comment)

Questions:

• Do we want the role to be able to detect the correct SAPCAR*EXE file from a directory which has more than one SAPCAR*EXE file (e.g. one for each processor architecture), just as in the role sap_hana_install (roles/sap_hana_install/tasks/pre_install/prepare_sapcar.yml)?
• Do we want to support SAPCAR being a symbolic link (see sap_hana_install: SAPCAR is not detected when symbolic link #174)?

[kksat]

Few ideas I've already implemented in sap.sap_operations.sapcar role
Here is documentation https://docs.galaxy.saponrhel.org/collections/sap/sap_operations/sapcar_role.html#ansible-collections-sap-sap-operations-sapcar-role

Ideas:

1. sapcar is an application so it deserves separate role for its installation / uninstallation
2. Reasonable defaults are better than forcing users to set one more variable every time, that is why I assume sapcar binary is in /usr/sap/sapcar/sapcar

In regards to your questions:

Do we want the role to be able to detect the correct SAPCAREXE file from a directory which has more than one SAPCAREXE file (e.g. one for each processor architecture), just as in the role sap_hana_install (roles/sap_hana_install/tasks/pre_install/prepare_sapcar.yml)?

"Detecting" binary and running it from download directory does not look like a good security practice to me. If application is not installed on the host, should any one run it on the host - I would argue not. Customers should really have noexec set for all the download directories, not to care what someone downloaded and is it safe to run. See point 1 above about installing sapcar as an application.

Do we want to support SAPCAR being a symbolic link (see #174)?

Why does it matter if it is symlink, shell script, or something else? When you run any command do you care if it is symlink? You care if it is installed and can be executed. Same with sapcar - just run it, without any parameters it will just print out help. See for instance

https://github.com/redhat-sap/rh_operations/blob/9e2254f23c6fa9771c243ae960910bff3b7d98a9/roles/unpack/tasks/prerequisites.yml#L32

All above is just personal opinion.

[berndfinger]

@kksat

1. A statement like XXX is an application so it deserves separate role for its installation / uninstallation is too generic and not very useful without further explanation or justification. Also, we are not even installing sapcar. The SAPCAR.EXE file can be separately downloaded and it can be used without any further configuration changes to the host operating system. Also I see no value in downloading, or attempting to download, the SAPCAR.EXE file as part of a role which has the main purpose of providing the directory and file name of that file to other roles so that those roles can execute the file for listing archives and extracting files from these archives. Maybe a good amount of customers are downloading the SAPCAR.EXE files which they need from time to time to a download directory.

2. It depends. If there is a commonly used or known directory and file name for sapcar executables, then such a path and file name can be set as a default. I suggest to use this discussion to collect proposals. When autodetecting the sapcar file from a download directory, the file name does not need to be specified because the role will find the correct file name. I think the sapcar role should be able to do both, for highest flexibility while still being easy to configure and use.

3. Your sentence starting with "Detecting" contains a statement which could make readers believe that in the role sap_hana_install (roles/sap_hana_install/tasks/pre_install/prepare_sapcar.yml), we would allow the execution of binaries from a download directory. That is not the case. In the sapcar autodetection block, we are using the file command to find all sapcar files for the processor architecture of the managed node, and then we are copying the latest available version of these files to the directory sap_hana_install_software_extract_directory on the managed node.

4. For the discussion of the symlink topic: sap_hana_install: SAPCAR is not detected when symbolic link #174 states that the role sap_hana_install was not able at the time to correctly detect the sapcar file. Maybe this issue does no longer exist but we need to check it. That's why I mentioned it here.