From 24c4eba9028c0f2f9fe750024a7a438f519ac7e2 Mon Sep 17 00:00:00 2001 From: Yacine31 Date: Sun, 20 Jun 2021 16:11:43 +0200 Subject: [PATCH] simplification vars --- configure-host-oel7/tasks/main.yml | 8 +- .../tasks/os_configuration.yml | 18 +- .../tasks/users_configuration.yml | 4 +- configure-host-oel7/vars/linux_settings.yml | 110 ------- configure-host-oel7/vars/main.yml | 168 +++++++++-- configure-host-oel7/vars/main.yml.court | 7 - configure-host-oel7/vars/oracle_settings.yml | 112 ------- configure-host-oel7/vars/oracle_users.yml | 37 --- configure-host-oel7/vars/original.main | 278 ------------------ 9 files changed, 152 insertions(+), 590 deletions(-) delete mode 100755 configure-host-oel7/vars/linux_settings.yml delete mode 100755 configure-host-oel7/vars/main.yml.court delete mode 100755 configure-host-oel7/vars/oracle_settings.yml delete mode 100755 configure-host-oel7/vars/oracle_users.yml delete mode 100755 configure-host-oel7/vars/original.main diff --git a/configure-host-oel7/tasks/main.yml b/configure-host-oel7/tasks/main.yml index e696030..7b0c317 100755 --- a/configure-host-oel7/tasks/main.yml +++ b/configure-host-oel7/tasks/main.yml @@ -1,9 +1,9 @@ --- -# - name: Vérification de la distribution, la version et le kernel -# assert: -# that: ansible_distribution_major_version == '7' and ansible_os_family == 'RedHat' and ansible_kernel >= '3.8.13' -# tags: oscheck + - name: Vérification de la distribution, la version et le kernel + assert: + that: ansible_distribution_major_version >= '7' and ansible_os_family == 'RedHat' and ansible_kernel >= '3.8.13' + tags: oscheck # --------------------------------------------------- # configuration des packages necessaires pour Linux diff --git a/configure-host-oel7/tasks/os_configuration.yml b/configure-host-oel7/tasks/os_configuration.yml index 6014c96..adad044 100755 --- a/configure-host-oel7/tasks/os_configuration.yml +++ b/configure-host-oel7/tasks/os_configuration.yml @@ -5,18 +5,10 @@ - name: Installation du packet libselinux-python yum: name="libselinux-python" state=installed -# - name: Installation du RPM EPEL Repo pour Linux 7 -# yum: name="{{ epel_rpm }}" state=installed -# tags: epelrepo - -# - name: Copie du fichier repository public-yum si absent -# copy: src=public-yum-ol7.repo dest=/etc/yum.repos.d/public-yum-ol7.repo -# tags: publicyumrepo - - name: Installation des packages communs pour Linux - yum: name={{ item }} state=installed - tags: commonpackages - with_items: + yum: name={{ linux_packages }} state=installed + tags: linux_packages + loop: - bind-utils - xdpyinfo - xauth @@ -29,8 +21,6 @@ - unzip - wget - vim -# - htop -# - rlwrap - lvm2 - nc - ncurses @@ -78,7 +68,7 @@ service: name={{ item }} state=stopped enabled=no tags: linuxservices ignore_errors: true - with_items: + loop: - bluetooth - cups - gpm diff --git a/configure-host-oel7/tasks/users_configuration.yml b/configure-host-oel7/tasks/users_configuration.yml index 826cae8..c64d719 100755 --- a/configure-host-oel7/tasks/users_configuration.yml +++ b/configure-host-oel7/tasks/users_configuration.yml @@ -19,12 +19,14 @@ - name: Creation du compte Oracle user: name={{ item.username }} group={{ item.primgroup }} groups={{ item.othergroups }} uid={{ item.uid }} generate_ssh_key=yes append=yes state=present password={{ item.passwd }} + ignore_errors: true with_items: - { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,oper", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" } - { username: grid, uid: 1000, primgroup: oinstall, othergroups: "asmadmin,asmdba,asmoper,dba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" } - tags: user + tags: create_users - name: Ajout du compte oracle et grid au sudoers + ignore_errors: true template: src=sudoers.j2 dest=/etc/sudoers.d/{{ item }} owner=root mode=0600 with_items: - oracle diff --git a/configure-host-oel7/vars/linux_settings.yml b/configure-host-oel7/vars/linux_settings.yml deleted file mode 100755 index 24f189a..0000000 --- a/configure-host-oel7/vars/linux_settings.yml +++ /dev/null @@ -1,110 +0,0 @@ -# Fichier de paramètres ---- - - master_node: true - os_family_supported: "RedHat" - os_min_supported_version: "6.4" - os_supported_version: "6" - disable_numa_boot: true - disable_selinux: true - - internet_connection: true - epel_rpm: "http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm" - configure_epel_repo: false - secure_configuration: false # faire une configuration securisee du system d exploitation - - - - asmlib_rpm: "http://download.oracle.com/otn_software/asmlib/oracleasmlib-2.0.4-1.el6.x86_64.rpm" - ol6_repo_file: public-yum-ol6.repo - repo_dir: /etc/yum.repos.d/ - - disable_numa_boot: true - percent_hugepages: 50 - configure_interconnect: false - configure_ssh: false - configure_host_disks: false - configure_etc_hosts: false - configure_cluster: false - device_persistence: asmlib - install_os_packages: false - disable_selinux: true - - -# pramètres de configuation sécurisée : - linux_secure_config: - - { name: net.ipv4.conf.all.accept_redirects, value: 0 } - - { name: net.ipv4.conf.default.accept_redirects, value: 0 } - - { name: net.ipv4.conf.all.secure_redirects, value: 0 } - - { name: net.ipv4.conf.default.secure_redirects, value: 0 } - - { name: net.ipv4.ip_forward, value: 0 } - - { name: net.ipv6.conf.all.accept_redirects, value: 0 } - - { name: net.ipv6.conf.default.accept_redirects, value: 0 } - - { name: net.ipv4.conf.default.accept_source_route, value: 0 } - - { name: net.ipv4.conf.all.accept_source_route, value: 0 } - - { name: net.ipv6.conf.default.accept_source_route, value: 0 } - - { name: net.ipv6.conf.all.accept_source_route, value: 0 } - - { name: net.ipv4.conf.all.log_martians, value: 1 } - - { name: net.ipv4.conf.default.log_martians, value: 1 } - - { name: net.ipv4.icmp_echo_ignore_broadcasts, value: 1 } - - { name: net.ipv4.icmp_ignore_bogus_error_responses, value: 1 } - - { name: net.ipv6.conf.all.accept_ra, value: 0 } - - { name: net.ipv6.conf.default.accept_ra, value: 0 } - - -# packages à installer pour Linux - common_packages: - - bc - - bind-utils - - btrfs-progs - - cloog-ppl - - compat-libcap1 - - ethtool - - expect - - git - - htop - - lvm2 - - make - - module-init-tools - - mpfr - - multitail - - ncurses-devel - - ncurses-libs - - nfs-utils - - nscd - - nss-softokn-freebl - - ntp - - openssh-clients - - ppl - - procps - - readline - - rlwrap - - screen - - sysstat - - system-config-lvm - - tigervnc-server - - tree - - twm - - unzip - - wget - - vim - - xfsprogs - -# services Linux à désactiver : - linux_services: - - bluetooth - - cups - - gpm - - hidd - - hplip - - isdn - - sendmail - - smartd - - avahi-daemon - - rhnsd - - firstboot - - chronyd - - ip6tables - - iptables - - firewalld -# - NetworkManager diff --git a/configure-host-oel7/vars/main.yml b/configure-host-oel7/vars/main.yml index 46561de..8c84e35 100755 --- a/configure-host-oel7/vars/main.yml +++ b/configure-host-oel7/vars/main.yml @@ -1,26 +1,35 @@ +--- # Fichier de paramètres --- #---------------------------------------------------------------------- # paramètres généraux #---------------------------------------------------------------------- - internet_connection: true - configure_epel_repo: true - epel_rpm: "http://mirrors.ircam.fr/pub/fedora/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm" linux_version: "{{ ansible_distribution_major_version }}" + disable_numa_boot: true + disable_selinux: true + + secure_configuration: false # faire une configuration securisee du system d exploitation + + disable_numa_boot: true + configure_cluster: false + install_os_packages: true + disable_selinux: true + + #---------------------------------------------------------------------- # Groupes et utilisateurs #---------------------------------------------------------------------- oracle_groups: - - { group: asmdba, gid: 1004 } - - { group: asmoper, gid: 1005 } - - { group: asmadmin, gid: 1003 } - { group: oinstall, gid: 1000} - { group: dba, gid: 1001 } - - { group: backupdba, gid: 1006 } - { group: oper, gid: 1002 } + - { group: asmadmin, gid: 1003 } + - { group: asmdba, gid: 1004 } + - { group: asmoper, gid: 1005 } + - { group: backupdba, gid: 1006 } - { group: dgdba, gid: 1007 } - { group: kmdba, gid: 1008 } @@ -69,35 +78,140 @@ - "* soft core unlimited" - "* hard core unlimited" +# services Linux à désactiver : + linux_services: + - bluetooth + - cups + - gpm + - hidd + - hplip + - isdn + - sendmail + - smartd + - avahi-daemon + - rhnsd + - firstboot + - chronyd + - ip6tables + - iptables + - firewalld + +# pramètres de configuation sécurisée : + linux_secure_config: + - { name: net.ipv4.conf.all.accept_redirects, value: 0 } + - { name: net.ipv4.conf.default.accept_redirects, value: 0 } + - { name: net.ipv4.conf.all.secure_redirects, value: 0 } + - { name: net.ipv4.conf.default.secure_redirects, value: 0 } + - { name: net.ipv4.ip_forward, value: 0 } + - { name: net.ipv6.conf.all.accept_redirects, value: 0 } + - { name: net.ipv6.conf.default.accept_redirects, value: 0 } + - { name: net.ipv4.conf.default.accept_source_route, value: 0 } + - { name: net.ipv4.conf.all.accept_source_route, value: 0 } + - { name: net.ipv6.conf.default.accept_source_route, value: 0 } + - { name: net.ipv6.conf.all.accept_source_route, value: 0 } + - { name: net.ipv4.conf.all.log_martians, value: 1 } + - { name: net.ipv4.conf.default.log_martians, value: 1 } + - { name: net.ipv4.icmp_echo_ignore_broadcasts, value: 1 } + - { name: net.ipv4.icmp_ignore_bogus_error_responses, value: 1 } + - { name: net.ipv6.conf.all.accept_ra, value: 0 } + - { name: net.ipv6.conf.default.accept_ra, value: 0 } + #---------------------------------------------------------------------- # packages linux necessaires avant d'installer Oracle #---------------------------------------------------------------------- oracle_packages: + - bind-utils - binutils + - btrfs-progs + - cloog-ppl - compat-libcap1 + - compat-libstdc++*i686 + - compat-libstdc++-33 + - cpp + - ethtool - gcc - gcc-c++ - glibc - - glibc-devel - - libaio - - libaio-devel - - libgcc - - libstdc++ - - libstdc++-devel - - libXi - - libXtst - - make - - sysstat - - ksh - - libXi*i686 - - libXtst*i686 - - libstdc++-devel*i686 - - libaio-devel*i686 - - libstdc++*i686 - - libgcc - - libgcc*i686 - - libaio*i686 - - glibc-devel*i686 - glibc*i686 + - glibc-devel + - glibc-headers + - kernel-headers + - kmod-oracleasm + - ksh + - libX11 + - libX11*i686 + - libXau + - libXau*i686 + - libXext + - libXi + - libXp + - libXt + - libXtst + - libaio + - libaio*i686 + - libaio-devel + - libaio-devel*i686 + - libgcc + - libselinux-python + - libstdc++ + - libstdc++*i686 + - libstdc++-devel + - libstdc++-devel*i686 + - libtool-ltdl + - libxcb + - libxcb*i686 + - make + - module-init-tools + - mpfr + - ncurses-devel + - ncurses-libs + - nfs-utils + - nscd + - ntp + - openssh-clients + - oracleasm-support + - parted + - ppl + - procps + - readline + - readline-devel + - sysstat + - twm - unixODBC + - util-linux-ng + - vim-enhanced + - xdpyinfo + - xfsprogs + - xorg-x11-utils + - xorg-x11-xauth + - xorg-x11-xinit + - xsetroot + - xterm +# - binutils +# - compat-libcap1 +# - gcc +# - gcc-c++ +# - glibc +# - glibc-devel +# - libaio +# - libaio-devel +# - libgcc +# - libstdc++ +# - libstdc++-devel +# - libXi +# - libXtst +# - make +# - sysstat +# - ksh +# - libXi*i686 +# - libXtst*i686 +# - libstdc++-devel*i686 +# - libaio-devel*i686 +# - libstdc++*i686 +# - libgcc +# - libgcc*i686 +# - libaio*i686 +# - glibc-devel*i686 +# - glibc*i686 +# - unixODBC diff --git a/configure-host-oel7/vars/main.yml.court b/configure-host-oel7/vars/main.yml.court deleted file mode 100755 index 5aae3ab..0000000 --- a/configure-host-oel7/vars/main.yml.court +++ /dev/null @@ -1,7 +0,0 @@ -# Fichier de paramètres ---- - - vars_files: - - linux_settings.yml # tous les parametres de configuration pour Linux - - oracle_users.yml # les comptes et groupes Oracle - - oracle_settings.yml # les parametres kernel et packages Oracle à installer diff --git a/configure-host-oel7/vars/oracle_settings.yml b/configure-host-oel7/vars/oracle_settings.yml deleted file mode 100755 index b281ad7..0000000 --- a/configure-host-oel7/vars/oracle_settings.yml +++ /dev/null @@ -1,112 +0,0 @@ -# Fichier de paramètres ---- - - -# les répertoires pour l'installation Oracle - oracle_stage: /u01/stage - oracle_rsp_stage: "{{ oracle_stage }}/rsp" - oracle_version_db: 12.1.0.2 - oracle_base: /u01/app/oracle - home: dbhome_1 - oracle_home: "{{ oracle_base }}/product/{{ oracle_version_db }}/{{ home }}" - - -# paramètres du noyau - oracle_sysconfig: - - { name: kernel.shmall, value: "{{ ((0.4 * ansible_memtotal_mb)*1024)|round|int }}" } - - { name: kernel.shmmax, value: "{{ ((0.5 * ansible_memtotal_mb)*1024)|round|int }}" } - - { name: kernel.shmmni, value: 4096 } - - { name: kernel.sem, value: "250 32000 100 128" } - - { name: fs.file-max, value: 6815744 } - - { name: fs.aio-max-nr, value: 1048576 } - - { name: net.ipv4.ip_local_port_range, value: "9000 65500" } - - { name: net.core.rmem_default, value: 262144 } - - { name: net.core.rmem_max, value: 4194304 } - - { name: net.core.wmem_default, value: 262144 } - - { name: net.core.wmem_max, value: 1048576 } - - { name: vm.nr_hugepages, value: "{{ (((percent_hugepages/100) * ansible_memtotal_mb)/2)|round|int }}" } - -# Security limits - oracle_seclimits: - - "* soft nproc 2047" - - "* hard nproc 16384" - - "* soft nofile 1024" - - "* hard nofile 65536" - - "* soft memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}" - - "* hard memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}" - - "* soft stack 10240" - - "* hard stack 32768" - - "* soft core unlimited" - - "* hard core unlimited" - - -# Fichier de paramètres : packages ORACLE - - oracle_packages: - - bind-utils - - binutils - - btrfs-progs - - cloog-ppl - - compat-libcap1 - - compat-libstdc++*i686 - - compat-libstdc++-33 - - cpp - - ethtool - - gcc - - gcc-c++ - - glibc - - glibc*i686 - - glibc-devel - - glibc-headers - - kernel-headers - - kmod-oracleasm - - ksh - - libX11 - - libX11*i686 - - libXau - - libXau*i686 - - libXext - - libXi - - libXp - - libXt - - libXtst - - libaio - - libaio*i686 - - libaio-devel - - libaio-devel*i686 - - libgcc - - libselinux-python - - libstdc++ - - libstdc++*i686 - - libstdc++-devel - - libstdc++-devel*i686 - - libtool-ltdl - - libxcb - - libxcb*i686 - - make - - module-init-tools - - mpfr - - ncurses-devel - - ncurses-libs - - nfs-utils - - nscd - - ntp - - openssh-clients - - oracleasm-support - - parted - - ppl - - procps - - readline - - readline-devel - - sysstat - - twm - - unixODBC - - util-linux-ng - - vim-enhanced - - xdpyinfo - - xfsprogs - - xorg-x11-utils - - xorg-x11-xauth - - xorg-x11-xinit - - xsetroot - - xterm diff --git a/configure-host-oel7/vars/oracle_users.yml b/configure-host-oel7/vars/oracle_users.yml deleted file mode 100755 index dff07ef..0000000 --- a/configure-host-oel7/vars/oracle_users.yml +++ /dev/null @@ -1,37 +0,0 @@ -# Fichier de paramètres : les comptes Oracle ---- - -# Groupes et utilisateurs - - oracle_groups: - - { group: asmdba, gid: 1004 } - - { group: asmoper, gid: 1005 } - - { group: asmadmin, gid: 1003 } - - { group: oinstall, gid: 1000} - - { group: dba, gid: 1001 } - - { group: backupdba, gid: 1006 } - - { group: oper, gid: 1002 } - - { group: dgdba, gid: 1007 } - - { group: kmdba, gid: 1008 } - - - oracle_users: # Passwd :Oracle123 - - { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,oper", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" } - - grid_users: - - { username: grid, uid: 1000, primgroup: oinstall, othergroups: "asmadmin,asmdba,asmoper,dba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" } - - role_separation: true - oracle_user: oracle - grid_user: grid - configure_oracle_sudo: false - - oracle_user_home: "/home/{{ oracle_user }}" - grid_user_home: "/home/{{ grid_user }}" - oracle_group: oinstall - oper_group: oper - dba_group: dba - asmoper_group: asmoper - asmdba_group: asmdba - asmadmin_group: asmadmin - diff --git a/configure-host-oel7/vars/original.main b/configure-host-oel7/vars/original.main deleted file mode 100755 index 6804f77..0000000 --- a/configure-host-oel7/vars/original.main +++ /dev/null @@ -1,278 +0,0 @@ -# Fichier de paramètres ---- - - master_node: true - os_family_supported: "RedHat" - os_min_supported_version: "6.4" - os_supported_version: "6" - disable_numa_boot: true - disable_selinux: true - - internet_connection: false - epel_rpm: "http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm" - configure_epel_repo: true - secure_configuration: true # faire une configuration securisee du system d exploitation - - -# Groupes et utilisateurs - - oracle_groups: - - { group: asmdba, gid: 1004 } - - { group: asmoper, gid: 1005 } - - { group: asmadmin, gid: 1003 } - - { group: oinstall, gid: 1000} - - { group: dba, gid: 1001 } - - { group: backupdba, gid: 1006 } - - { group: oper, gid: 1002 } - - { group: dgdba, gid: 1007 } - - { group: kmdba, gid: 1008 } - - - oracle_users: # Passwd :Oracle123 - - { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,oper", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" } - - grid_users: - - { username: grid, uid: 1000, primgroup: oinstall, othergroups: "asmadmin,asmdba,asmoper,dba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" } - - role_separation: true - oracle_user: oracle - grid_user: grid - configure_oracle_sudo: false - - oracle_user_home: "/home/{{ oracle_user }}" - grid_user_home: "/home/{{ grid_user }}" - oracle_group: oinstall - oper_group: oper - dba_group: dba - asmoper_group: asmoper - asmdba_group: asmdba - asmadmin_group: asmadmin - -# les répertoires pour l'installation Oracle - oracle_stage: /u01/stage - oracle_rsp_stage: "{{ oracle_stage }}/rsp" - oracle_version_db: 12.1.0.2 - oracle_base: /u01/app/oracle - home: dbhome_1 - oracle_home: "{{ oracle_base }}/product/{{ oracle_version_db }}/{{ home }}" - - ssh_keys: - - /tmp/id_rsa - - /tmp/id_rsa.pub - - /tmp/authorized_keys - - keyfile: /tmp/known_hosts - - asmlib_rpm: "http://download.oracle.com/otn_software/asmlib/oracleasmlib-2.0.4-1.el6.x86_64.rpm" - ol6_repo_file: public-yum-ol6.repo - repo_dir: /etc/yum.repos.d/ - - disable_numa_boot: true - percent_hugepages: 50 - configure_interconnect: false - oracle_ic_net: 3.3.3.{{ ansible_all_ipv4_addresses[0].split(".")[-1] }} - configure_ssh: false - configure_host_disks: false - configure_etc_hosts: false - configure_cluster: false - device_persistence: asmlib - install_os_packages: false - disable_selinux: true - -# paramètres du noyau - oracle_sysconfig: - - { name: kernel.shmall, value: "{{ ((0.4 * ansible_memtotal_mb)*1024)|round|int }}" } - - { name: kernel.shmmax, value: "{{ ((0.5 * ansible_memtotal_mb)*1024)|round|int }}" } - - { name: kernel.shmmni, value: 4096 } - - { name: kernel.sem, value: "250 32000 100 128" } - - { name: fs.file-max, value: 6815744 } - - { name: fs.aio-max-nr, value: 1048576 } - - { name: net.ipv4.ip_local_port_range, value: "9000 65500" } - - { name: net.core.rmem_default, value: 262144 } - - { name: net.core.rmem_max, value: 4194304 } - - { name: net.core.wmem_default, value: 262144 } - - { name: net.core.wmem_max, value: 1048576 } - - { name: vm.nr_hugepages, value: "{{ (((percent_hugepages/100) * ansible_memtotal_mb)/2)|round|int }}" } - -# Security limits - oracle_seclimits: - - "* soft nproc 2047" - - "* hard nproc 16384" - - "* soft nofile 1024" - - "* hard nofile 65536" - - "* soft memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}" - - "* hard memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}" - - "* soft stack 10240" - - "* hard stack 32768" - - "* soft core unlimited" - - "* hard core unlimited" - -# pramètres de configuation sécurisée : - linux_secure_config: - - { name: net.ipv4.conf.all.accept_redirects, value: 0 } - - { name: net.ipv4.conf.default.accept_redirects, value: 0 } - - { name: net.ipv4.conf.all.secure_redirects, value: 0 } - - { name: net.ipv4.conf.default.secure_redirects, value: 0 } - - { name: net.ipv4.ip_forward, value: 0 } - - { name: net.ipv6.conf.all.accept_redirects, value: 0 } - - { name: net.ipv6.conf.default.accept_redirects, value: 0 } - - { name: net.ipv4.conf.default.accept_source_route, value: 0 } - - { name: net.ipv4.conf.all.accept_source_route, value: 0 } - - { name: net.ipv6.conf.default.accept_source_route, value: 0 } - - { name: net.ipv6.conf.all.accept_source_route, value: 0 } - - { name: net.ipv4.conf.all.log_martians, value: 1 } - - { name: net.ipv4.conf.default.log_martians, value: 1 } - - { name: net.ipv4.icmp_echo_ignore_broadcasts, value: 1 } - - { name: net.ipv4.icmp_ignore_bogus_error_responses, value: 1 } - - { name: net.ipv6.conf.all.accept_ra, value: 0 } - - { name: net.ipv6.conf.default.accept_ra, value: 0 } - - -# Sets up filesystem on host. If storage_type=FS under oracle_databases, this is where the mapping between device/fs is described - host_fs_layout: - u01: - {mntp: /u01, device: /dev/sdb, vgname: vgora, pvname: /dev/sdb1, lvname: lvora, fstype: ext4} - -# ASM Diskgroups used for DB-storage. Should map to dict asm_storage_layout. - asm_diskgroups: # ASM Diskgroups used for DB-storage. Should map to dict asm_storage_layout. - - crs - - data - - fra - -# Mapping between device & ASMlib label. If storage_type=ASM under oracle_databases, -# this is where the mapping between device/asm-disk is described - asm_storage_layout: - crs: - - {device: /dev/sdc, asmlabel: CRS01} - data: - - {device: /dev/sdd, asmlabel: DATA01} - fra: - - {device: /dev/sde, asmlabel: FRA01 } - -# packages à installer pour Linux - common_packages: - - bc - - bind-utils - - btrfs-progs - - cloog-ppl - - compat-libcap1 - - ethtool - - expect - - git - - htop - - lvm2 - - make - - module-init-tools - - mpfr - - multitail - - ncurses-devel - - ncurses-libs - - nfs-utils - - nscd - - nss-softokn-freebl - - ntp - - openssh-clients - - ppl - - procps - - readline - - rlwrap - - screen - - sysstat - - system-config-lvm - - tigervnc-server - - tree - - twm - - unzip - - wget - - vim - - xfsprogs - -# services Linux à désactiver : - linux_services: - - bluetooth - - cups - - gpm - - hidd - - hplip - - isdn - - sendmail - - smartd - - avahi-daemon - - NetworkManager - - rhnsd - - firstboot - - chronyd - - ip6tables - - iptables - - firewalld - -# Fichier de paramètres : packages ORACLE - - oracle_packages: - - bind-utils - - binutils - - btrfs-progs - - cloog-ppl - - compat-libcap1 - - compat-libstdc++*i686 - - compat-libstdc++-33 - - cpp - - ethtool - - gcc - - gcc-c++ - - glibc - - glibc*i686 - - glibc-devel - - glibc-headers - - kernel-headers - - kmod-oracleasm - - ksh - - libX11 - - libX11*i686 - - libXau - - libXau*i686 - - libXext - - libXi - - libXp - - libXt - - libXtst - - libaio - - libaio*i686 - - libaio-devel - - libaio-devel*i686 - - libgcc - - libselinux-python - - libstdc++ - - libstdc++*i686 - - libstdc++-devel - - libstdc++-devel*i686 - - libtool-ltdl - - libxcb - - libxcb*i686 - - make - - module-init-tools - - mpfr - - ncurses-devel - - ncurses-libs - - nfs-utils - - nscd - - ntp - - openssh-clients - - oracleasm-support - - parted - - ppl - - procps - - readline - - readline-devel - - sysstat - - twm - - unixODBC - - util-linux-ng - - vim-enhanced - - xdpyinfo - - xfsprogs - - xorg-x11-utils - - xorg-x11-xauth - - xorg-x11-xinit - - xsetroot - - xterm