Azure · devanshjainms · Aug 12, 2025 · Jun 27, 2025 · Jun 30, 2025 · Jul 8, 2025
@@ -46,14 +46,14 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/init@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20
         with:
           languages: ${{ matrix.language }}
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/autobuild@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/analyze@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20
         with:
           category: "/language:${{matrix.language}}"
@@ -50,6 +50,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/upload-sarif@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20
         with:
           sarif_file: results.sarif
@@ -36,7 +36,7 @@ jobs:
         output: report-fs.sarif
 
     - name: Upload Trivy report (fs) GitHub Security
-      uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+      uses: github/codeql-action/upload-sarif@07bb2b932c90fc1ec97637495e4072a0966fa74c # v3.28.20
       with:
         sarif_file: report-fs.sarif
         category: 'fs'
@@ -408,3 +408,4 @@ WORKSPACES/*
 VMWPASSWORD
 .coverage.*
 *.ini
+.ansible/
@@ -21,8 +21,10 @@ Currently SAP Testing Automation Framework is supported for below Linux distros
 |-----------|------|--------------|---------|
 | SAP Central Services | ENSA1 or ENSA2 | Azure Fencing Agent | Azure Files or ANF |
 | SAP Central Services | ENSA1 or ENSA2 | ISCSI (SBD device) | Azure Files or ANF |
+| SAP Central Services | ENSA1 or ENSA2 | Azure Shared Disks (SBD device) | Azure Files or ANF |
 | SAP HANA | Scale-up | Azure Fencing Agent | Azure Managed Disk or ANF |
 | SAP HANA | Scale-up | ISCSI (SBD device) | Azure Managed Disk or ANF |
+| SAP HANA | Scale-up | Azure Shared Disks (SBD device) | Azure Managed Disk or ANF |
 
 For SAP Central Services on SLES, both the simple mount approach and the classic method are supported.
 
@@ -50,11 +52,8 @@ pcs cluster enable --all  # for RedHat virtual machine
 
 The SAP Testing Automation Framework requires a jumpbox or management server with the following setup:
 
-- **Operating System**: Ubuntu 22.04 LTS.
+- **Operating System**: Supported (Ubuntu 22.04 LTS, SLES 15 SP4, 15 SP6).
 - **Location**: Must be deployed on Azure.
-
-> [!NOTE]
-> Currently, only Ubuntu 22.04 LTS is supported for running the SAP Testing Automation Framework.
 
 ### Azure RBAC
 
@@ -89,13 +88,29 @@ The management server must have network connectivity to the SAP system to perfor
 
 ### 1. Environment Setup
 
-To set up your enviroment in management server, follow these steps:
+To set up your environment in management server, follow these steps:
 
-1.1. **Login to the Ubuntu management server**:
+1.1. **Login to the management server**:
 
-Ensure you are logged into the Ubuntu management server that is connected to the SAP system's virtual network.
+Ensure you are logged into the management server that is connected to the SAP system's virtual network.
 
-1.2. **Fork and clone the repository**:
+1.2. **Install git on management server**:
+
+```bash
+# Debian/Ubuntu
+sudo su -
+apt-get install git
+
+# RHEL/CentOS
+sudo su -
+yum install git
+
+# SUSE
+sudo su -
+zypper install git
+```
+
+1.3. **Fork and clone the repository**:
 
 ```bash
 # sudo to root
@@ -109,7 +124,7 @@ git clone https://github.com/GITHUB-USERNAME/sap-automation-qa.git
 cd sap-automation-qa
 ```
 
-1.3. **Run the initial setup script**:
+1.4. **Run the initial setup script**:
 
 ```bash
 ./scripts/setup.sh
@@ -234,13 +249,14 @@ db_sid: "your-db-sid"
 
 # Boolean indicating if the SCS and database is configured as highly available.
 scs_high_availability: true
-db_high_availability: true
+database_high_availability: true
 
 # The high availability configuration of the SCS and DB instance. Supported values are:
 # - AFA (for Azure Fencing Agent)
-# - ISCSI (for SBD devices)
-scs_cluster_type: "AFA"  # or "ISCSI"
-database_cluster_type: "AFA"  # or "ISCSI"
+# - ISCSI (for SBD devices with ISCSI target servers)
+# - ASD (for SBD devices with Azure Shared Disks)
+scs_cluster_type: "AFA"  # or "ISCSI" or "ASD"
+database_cluster_type: "AFA"  # or "ISCSI" or "ASD"
 
 # The instance number of the SCS, ERS and DB instance.
 scs_instance_number: "00"
@@ -273,23 +289,51 @@ key_vault_id:                  /subscriptions/<subscription-id>/resourceGroups/<
 secret_id:                     https://<key-vault-name>.vault.azure.net/secrets/<secret-name>/<id>
 ```
 
-2.2.3. Credential Files
+2.2.3. **Credential Files** (Available locally)
 
 The required credential files depend on the authentication method used to connect to the SAP system:
 
-1. SSH Key Authentication: If connecting via SSH key, place the private key inside `WORKSPACE/SYSTEM/<DIRECTORY>` and name the file "ssh_key.ppk".
-1. Username and Password Authentication: If connecting using a username and password, create a password file by running the following command. It takes the username from hosts.yaml file. 
+1. **SSH Key Authentication**: If connecting via SSH key, place the private key inside `WORKSPACE/SYSTEM/<DIRECTORY>` and name the file "ssh_key.ppk".
+1. **Password Authentication**: If connecting using a username and password, create a password file by running the following command. It takes the username from hosts.yaml file. 
 
   ```bash
   echo "password" > WORKSPACES/SYSTEM/<DIRECTORY>/password
   ```
 
+2.2.4. **Credential Files** (From Azure Key Vault)
+
+When using Azure Key Vault to store credentials, the framework retrieves authentication details directly from the key vault using the configured managed identity.
+
+  **Authentication Methods:**
+
+  1. **SSH Key Authentication**: Store the private SSH key content in Azure Key Vault as a secret.
+  2. **Password Authentication**: Store the password in Azure Key Vault as a secret. The username is taken from the `hosts.yaml` file.
+
+  **Setup:**
+
+  1. Ensure the managed identity has "Key Vault Secrets User" role on the key vault.
+
+  2. Configure `key_vault_id` and `secret_id` parameters in `sap-parameters.yaml` as shown in section 2.2.2.
+
+  **Important**: When using Key Vault authentication, do NOT create local credential files (`ssh_key.ppk` or `password` files).
+
+
 ### 3. Test Execution
 
 To execute the script, run following command:
 
 ```bash
+# Run all the tests with default parameters
 ./scripts/sap_automation_qa.sh
+
+# Run specific test cases from HA_DB_HANA group
+./scripts/sap_automation_qa.sh --test_groups=HA_DB_HANA --test_cases=[ha-config,primary-node-crash]
+
+# Run specific test cases from HA_SCS group
+./scripts/sap_automation_qa.sh --test_groups=HA_SCS --test_cases=[ha-config]
+
+# Run with verbose output
+./scripts/sap_automation_qa.sh --test_groups=HA_DB_HANA --test_cases=[primary-node-crash] -vvv
 ```
 
 ### 4. Viewing Test Results

@@ -0,0 +1,88 @@
+# SAP Automation QA - Offline Validation
+
+## Overview
+
+The offline validation feature enables robust validation of SAP HANA and SAP Central Services High Availability cluster configurations without requiring live cluster access or without connecting to the SAP virtual machines. This capability allows you to analyze cluster configurations from previously collected CIB (Cluster Information Base) XML files, making it ideal for post-incident analysis, compliance auditing, and troubleshooting scenarios.
+Offline validation provides a powerful capability for maintaining and auditing SAP HANA cluster configurations without impacting production systems.
+
+## How Offline Validation Works
+
+### Architecture Overview
+
+```
+┌─────────────────┐    ┌──────────────────┐    ┌─────────────────┐
+│   CIB XML       │    │   Validation     │    │   HTML Report   │
+│   Output        │───▶│   Engine        │───▶│   Generation    │
+│   (In files)    │    │                  │    │   (with Tables) │
+│                 │    │                  │    │                 │
+└─────────────────┘    └──────────────────┘    └─────────────────┘
+```
+
+
+### Prerequisites
+
+- SAP Testing Automation Framework (STAF) setup on a management server. Detailed setup instructions can be found in the [STAF Setup Guide](./HIGH_AVAILABILITY.md).
+- Previously collected CIB XML files stored in the `WORKSPACES/SYSTEM/<SYSTEM_CONFIG_NAME>/offline_validation/` directory.
+
+### Required Files Structure
+```file
+WORKSPACES/SYSTEM/<SYSTEM_CONFIG_NAME>/
+├── hosts.yaml                   # Ansible inventory
+├── sap-parameters.yaml          # SAP system parameters
+└── offline_validation/          # Output of commands for offline validation
+    ├── <hostname1>/
+    │   └── cib                  # CIB XML file for node 1
+    └── <hostname2>/
+        └── cib                  # CIB XML file for node 2
+```
+
+## How to Perform Offline Validation
+
+### Step 1: Initial Setup
+
+This setup is defined in the Getting Started section of the [High Availability Guide](./HIGH_AVAILABILITY.md). Ensure you have the following:
+
+- Ansible inventory file (`hosts.yaml`) with the SAP system configuration.
+- SAP system parameters file (`sap-parameters.yaml`).
+- Updated vars.yaml file with the necessary parameters.
+
+### Step 2: Collect CIB XML Files and copy to management server
+
+#### 2.1 Collect CIB XML Files
+
+  Before performing offline validation, you need to collect High Availability cluster configuration files (CIB XML files) from the SAP system nodes. This can be done by executing the following command on each node:
+
+  ```bash
+  cibadmin --query | tee cib
+  ```
+
+  This command will create a file named `cib` in the current directory, which contains the cluster configuration in XML format.
+
+#### 2.2 Create the Required Directory Structure
+
+  Copy these files to the management server under the `WORKSPACES/SYSTEM/<SYSTEM_CONFIG_NAME>/offline_validation/` directory, maintaining the structure as shown above. Ensure the directory structure is created as follows:
+
+  ```bash
+  mkdir -p WORKSPACES/SYSTEM/<SYSTEM_CONFIG_NAME>/offline_validation/<hostname>/
+  ```
+
+  Place the `cib` file in the respective `<hostname>/` directory.
+
+### Step 3: Run Offline Validation
+
+  Execute the sap_automation_qa script for offline validation with the `--offline` flag. The target OS family is a requirement parameter (`target_os_family`) and must be specified using the `--extra-vars` option.
+
+  ```bash
+  ./scripts/sap_automation_qa.sh --offline --extra-vars='target_os_family=SUSE'
+  # or
+  ./scripts/sap_automation_qa.sh --offline --extra-vars='target_os_family=RHEL'
+  ```
+
+  Enable verbose logging for troubleshooting:
+  ```bash
+  ./scripts/sap_automation_qa.sh --extra-vars='target_os_family=<os_family>' --offline -vvv
+  ```
+
+### Step 4: View Results
+
+  The validation results will be available in `WORKSPACES/SYSTEM/<SYSTEM_CONFIG_NAME>/quality_assurance/` directory. Open the HTML file in a web browser to view the detailed parameter validation table with PASSED/INFO/FAILED statuses.