Yacine/configure_oracle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version initial du 2020/09/10

Browse Source
This commit is contained in:
Yacine
2020-09-10 02:13:23 +02:00
parent a586a12cce
commit 372944395a
62 changed files with 4549 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
configure-host-oel7/README.md
Executable
+38
View File
@@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
configure-host-oel7/defaults/main.yml
Executable
+2
View File
@@ -0,0 +1,2 @@
---
# defaults file for configure-host-oel7
configure-host-oel7/files/00-vidage.conf
Executable
+2
View File
@@ -0,0 +1,2 @@
# Sécurisation du vidage mémoire
* hard core 0
configure-host-oel7/files/desactivation_ipv6.conf
Executable
+2
View File
@@ -0,0 +1,2 @@
options ipv6 disable=1
configure-host-oel7/files/epel.repo
Executable
+26
View File
@@ -0,0 +1,26 @@
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 6 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch/debug
mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-debug-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux 6 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/6/SRPMS
mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-source-6&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
gpgcheck=1
configure-host-oel7/files/libselinux-2.0.94-5.8.el6.x86_64.rpm
Executable
View File
configure-host-oel7/files/libselinux-python-2.0.94-5.8.el6.x86_64.rpm
Executable
BIN
View File
Binary file not shown.
configure-host-oel7/files/public-yum-ol6.repo
Executable
+69
View File
@@ -0,0 +1,69 @@
[public_ol6_latest]
name=Oracle Linux $releasever Latest ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/latest/$basearch/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=1
[public_ol6_ga_base]
name=Oracle Linux $releasever GA installation media copy ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/0/base/$basearch/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=0
[public_ol6_u1_base]
name=Oracle Linux $releasever Update 1 installation media copy ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/1/base/$basearch/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=0
[public_ol6_u2_base]
name=Oracle Linux $releasever Update 2 installation media copy ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/2/base/$basearch/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=0
[public_ol6_u3_base]
name=Oracle Linux $releasever Update 3 installation media copy ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/3/base/$basearch/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=0
[public_ol6_u4_base]
name=Oracle Linux $releasever Update 4 installation media copy ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/4/base/$basearch/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=0
[public_ol6_u5_base]
name=Oracle Linux $releasever Update 5 installation media copy ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/5/base/$basearch/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=0
[public_ol6_UEK_latest]
name=Latest Unbreakable Enterprise Kernel for Oracle Linux $releasever ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/UEK/latest/$basearch/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=$uek
[public_ol6_UEKR3_latest]
name=Unbreakable Enterprise Kernel Release 3 for Oracle Linux $releasever ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/UEKR3/latest/$basearch/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=$uekr3
[public_ol6_UEK_base]
name=Unbreakable Enterprise Kernel for Oracle Linux $releasever ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL6/UEK/base/$basearch/
gpgkey=http://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6
gpgcheck=1
enabled=0
configure-host-oel7/files/public-yum-ol7.repo
Executable
+72
View File
@@ -0,0 +1,72 @@
[ol7_latest]
name=Oracle Linux $releasever Latest ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL7/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
[ol7_u0_base]
name=Oracle Linux $releasever GA installation media copy ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL7/0/base/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=0
[ol7_u1_base]
name=Oracle Linux $releasever Update 1 installation media copy ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL7/1/base/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=0
[ol7_UEKR3]
name=Latest Unbreakable Enterprise Kernel Release 3 for Oracle Linux $releasever ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL7/UEKR3/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
[ol7_optional_latest]
name=Oracle Linux $releasever Optional Latest ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL7/optional/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=0
[ol7_addons]
name=Oracle Linux $releasever Add ons ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL7/addons/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=0
[ol7_UEKR3_OFED20]
name=OFED supporting tool packages for Unbreakable Enterprise Kernel on Oracle Linux 7 ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL7/UEKR3_OFED20/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=0
priority=20
[ol7_MySQL56]
name=MySQL 5.6 for Oracle Linux 7 ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL7/MySQL56/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=0
[ol7_MySQL55]
name=MySQL 5.5 for Oracle Linux 7 ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL7/MySQL55/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=0
[ol7_spacewalk22_client]
name=Spacewalk Client 2.2 for Oracle Linux 7 ($basearch)
baseurl=http://public-yum.oracle.com/repo/OracleLinux/OL7/spacewalk22/client/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=0
configure-host-oel7/files/z_oracle.sh
Executable
+291
View File
@@ -0,0 +1,291 @@
## Fichier de configuration d'environnement Oracle
## Pour infrastructure cluster ou standalone.
## Versions testees: 12.1, 11.2 GI et SA, flex/normal
##
## 20140813 YOM Correction de l'emplacement des journaux cluster vers ADR en 12c
## 20140813 YOM Correction concernant la détection Restart en 12c (olsnodes réponds...)
## 20140820 YOM Correction des alias crsstat et crsstati pour implémenter les variables ORA_CRS car elles ne doivent pas être laissées dans l'environnement
## 20141202 YOM Correction du prompt par défaut
## 20141203 YOM Suppression des alias crsstat et crsstati pour les transformer en scripts
## 20141204 YOM Ajout de l'alias OH pour un « cd $ORACLE_HOME »
## 20150121 YOM Test si le terminal est interractif pour éviter les erreurs TPUT en v7
## Activation des echo pour DEBUG si mis à 1
DEBUG=0
## Contexte
APP_CTX=z_oracle.sh
HOSTNAME_SIMPLE=`hostname -s`
## Shell interactif ou non ?
fd=0
if [[ $- = *i* ]]
then
INTERACTIF=OUI
else
INTERACTIF=NON
fi
## Ajustement des limites (préconisations Oracle)
function ajustement_limites () {
decho fonction ajustement limites
if [ $SHELL = "/bin/ksh" ] ; then
ulimit -p 16384
ulimit -n 65536
ulimit -s 32768
else
ulimit -u 16384 -n 65536 -s 32768
fi
}
## Affichage des messages de sortie de debug
function decho () {
if [ $DEBUG -eq 1 ] ; then
echo $APP_CTX: $*
fi
}
decho "Terminal en mode interactif: $INTERACTIF"
## On entre seulement pour certains utilisateurs.
## root een fait partie pour la composante cluster, crsctl, ...
if [ $USER = "oracle" ] || [ $USER = "grid" ] || [ $USER = "root" ] ; then
decho $USER login profile
# Certaines operations ne sont pas a realiser pour root
# les limites sont laissees par defaut
# ainsi que le masque de creation de fichier ou le stty break.
if [ $USER != "root" ] ; then
ajustement_limites
decho umask et stty break
# Masque de création des fichiers
umask 022
# Pour prévention SSH
if [ -t 0 ]; then
stty intr ^C
fi
fi
# préparation pour l'inventaire
# Si l'installation a ete realisee, on a un inventaire accessible que l'on peut traiter
OLR_LOC=/etc/oracle/olr.loc
ORA_INVENTORY_CFFILE=/etc/oraInst.loc
decho OLR: $OLR_LOC
decho Inventaire: $ORA_INVENTORY_CFFILE
# Si l'installation n'est pas faite... on ignore cette partie
if [ -f $ORA_INVENTORY_CFFILE ] ; then
decho Installation trouvee
# On recupere les informations de l'inventaire, pour traitement eventuel
ORA_INVENTORY=`grep inventory_loc $ORA_INVENTORY_CFFILE | cut -d= -f2`
ORA_INVENTORY_XMLFILE=$ORA_INVENTORY/ContentsXML/inventory.xml
# Recuperation de l'emplacement du répertoire prive de l'utilisateur premier oracle
ORA_USER_HOME=`egrep '^SED_PREMIER_COMPTE_ORACLE__:.*' /etc/passwd | cut -d: -f 6`
ORA_EXPL_DIR=$ORA_USER_HOME/expl
ORA_EXPL_BIN=$ORA_EXPL_DIR/bin
ORA_EXPL_SQL=$ORA_EXPL_DIR/sql
ORA_EXPL_TMP=$ORA_EXPL_DIR/tmp
# Test pour savoir si GI installée
if [ -f $OLR_LOC ] ; then
decho GI installee
# Mise en place du pointeur de racine CRS
export ORA_CRS_HOME=`grep crs_home /etc/oracle/olr.loc|cut -d= -f2`
decho ORA_CRS_HOME = $ORA_CRS_HOME
# On utilise olsnodes qui "sors" rapidement pour aussi valider que la couche est UP
# sinon on perds un temps phénoménal pour rien avec les timeout crsctl
NODE_INFO=`$ORA_CRS_HOME/bin/olsnodes -l -n -a`
if [ $? -ne 0 ] ; then
# En cluster 11, on n'a pas de -a (mode cluster flex/normal)
NODE_INFO=`$ORA_CRS_HOME/bin/olsnodes -l -n`
fi
if [ $? -eq 0 ] ; then
# C'est UP, on peut traiter.
export ORA_CRS_NODE_NUM=`echo $NODE_INFO | awk '{print $2}'`
export ORA_CRS_NODE_TYPE=`echo $NODE_INFO | awk '{print $3}'`
decho ORA_CRS_NODE_NUM = $ORA_CRS_NODE_NUM
decho ORA_CRS_NODE_TYPE = $ORA_CRS_NODE_TYPE
export ORA_CRS_CLUSTER_NAME=`$ORA_CRS_HOME/bin/olsnodes -c`
decho ORA_CRS_CLUSTER_NAME=$ORA_CRS_CLUSTER_NAME
# Si le cluster n'a pas de nom, c'est que nous sommes en Oracle Restart. Donc pas de query activeversion!
if [ "$ORA_CRS_CLUSTER_NAME" != "" ] ; then
export ORA_CRS_ACTIVEVERSION=`$ORA_CRS_HOME/bin/crsctl query crs activeversion | cut -d[ -f2 | cut -d. -f1`
if [ "$ORA_CRS_ACTIVEVERSION" -eq "12" ] ; then
# On peut attendre un cluster flex ou non
export ORA_CRS_CLUSTERMODE=`$ORA_CRS_HOME/bin/crsctl get cluster mode config |cut -d\" -f2`
# On raccourcis "standard" en "std" si besoin
if [ "$ORA_CRS_CLUSTERMODE" = "standard" ] ; then
export ORA_CRS_CLUSTERMODE=std
fi
else
export ORA_CRS_CLUSTERMODE=std
fi
else
ORA_CRS_CLUSTERMODE=rst
fi
decho Mode: $ORA_CRS_CLUSTERMODE
else
decho Clusterware OFFLINE.
# Est-on en RESTART ???!!!
if [ `cat /etc/oracle/ocr.loc | grep "local_only=TRUE" |wc -l` -eq 1 ] ; then
decho certainement GI standalone pour RESTART
ORA_CRS_CLUSTERMODE=rst
fi
fi
# Alias manipulation
if [ $USER = "SED_ORACLE_TARGET__" ] ; then
# pointeur facile pour crsctl...
decho Alias crsctl cree
alias crsctl='$ORA_CRS_HOME/bin/crsctl'
elif [ $USER = "root" ] ; then
decho Ajustement path user root
# On ajoute le chemin du cluster dans le PATH
export PATH=$ORA_CRS_HOME/bin:$ORA_USER_HOME/expl/bin:$PATH
elif [ $USER = "SED_GRID_TARGET__" ] ; then
decho environnement GI
export ORACLE_HOME=$ORA_CRS_HOME
export ORACLE_BASE=`$ORACLE_HOME/bin/orabase`
export SQLPATH=$ORA_EXPL_SQL
export PATH=$ORA_CRS_HOME/bin:$ORA_USER_HOME/expl/bin:$PATH
if [ `ps -ef | grep -E 'pmon.*\+A' | grep -v grep | cut -d_ -f3- | wc -l` -gt 0 ] ; then
export ORACLE_SID=`ps -ef | grep -E 'pmon.*\+A' | grep -v grep | cut -d_ -f3- | sort | tail -1`
fi
fi
## Accès direct aux logs
if [ "$INTERACTIF" = "OUI" ] ; then
DRT_LI=`tput lines`
else
DRT_LI=100
fi
## On teste la présence de fichiers "11" hors ADR.
if [ -r $ORA_CRS_HOME/log/$HOSTNAME_SIMPLE/ohasd/ohasd.log ] ; then
## Configuration ancienne
OHASD_LOG=$ORA_CRS_HOME/log/$HOSTNAME_SIMPLE/ohasd/ohasd.log
CSSD_LOG=$ORA_CRS_HOME/log/$HOSTNAME_SIMPLE/cssd/ocssd.log
CRSD_LOG=$ORA_CRS_HOME/log/$HOSTNAME_SIMPLE/crsd/crsd.log
ALERT_LOG=$ORA_CRS_HOME/log/$HOSTNAME_SIMPLE/alert$HOSTNAME_SIMPLE.log
else
## Configuration nouvelle ADR pour les journaux cluster
OB=`ORACLE_HOME=$ORA_CRS_HOME ${ORA_CRS_HOME}/bin/orabase`
OHASD_LOG=$OB/diag/crs/$HOSTNAME_SIMPLE/crs/trace/ohasd.trc
CSSD_LOG=$OB/diag/crs/$HOSTNAME_SIMPLE/crs/trace/ocssd.trc
CRSD_LOG=$OB/diag/crs/$HOSTNAME_SIMPLE/crs/trace/crsd.trc
ALERT_LOG=$OB/diag/crs/$HOSTNAME_SIMPLE/crs/trace/alert.log
fi
## Cluster Alert log
alias alertgen="tail -${DRT_LI}f $ALERT_LOG"
## LOG - OHASD
alias ohasd="tail -${DRT_LI}f $OHASD_LOG"
## LOG - CSSD
alias cssd="tail -${DRT_LI}f $CSSD_LOG"
## LOG - CRSD
alias crsd="tail -${DRT_LI}f $CRSD_LOG"
## Alert global watch
## Aucun intérêt dans un terminal non interactif
if [ "$INTERACTIF" = "OUI" ] ; then
DRT_LI=`expr $DRT_LI / 10 - 1`
DRT_LI2=`expr $DRT_LI \* 3`
DRT_LI6=`expr $DRT_LI \* 6`
NORMAL=$(tput sgr0)
ROUGE=$(tput setaf 1)
alias alert="while :; do clear ; echo -e \"${ROUGE}ALERT********${NORMAL}\" ; tail -$DRT_LI $ALERT_LOG ; echo -e \"${ROUGE}CRSD*********${NORMAL}\" ; tail -$DRT_LI2 $CRSD_LOG ; echo -e \"${ROUGE}OCSSD********${NORMAL}\" ; tail -$DRT_LI6 $CSSD_LOG ; echo -e \"${ROUGE}OHASD********${NORMAL}\" ; tail -$DRT_LI $OHASD_LOG ; sleep 1; done"
fi
else
decho GI non installee
ORA_CRS_CLUSTERMODE=sa
fi
# Env oracle avec ou hors GI
if [ $USER = "oracle" ] ; then
export SQLPATH=$ORA_EXPL_SQL
# Si 1 seul OH dans l'inventaire, on set. Non déterminable si GI non cluster (manque le CRS=true pour identifier)
if [ `grep '<HOME NAME' $ORA_INVENTORY_XMLFILE | grep -v 'CRS' | grep -v "${ORA_CRS_HOME:-xxxxxxxxxx}" | wc -l` -eq 1 ] ; then
export ORACLE_HOME=`grep '<HOME NAME' $ORA_INVENTORY_XMLFILE | grep -v 'CRS' | grep -v "${ORA_CRS_HOME:-xxxxxxxxxx}" | sed -e 's/.*LOC=//g' | cut -d'"' -f2`
export ORACLE_BASE=`$ORACLE_HOME/bin/orabase`
if [ "$ORACLE_HOME" = "$ORA_CRS_HOME" ] ; then
# Installation en suspens
unset ORACLE_HOME ORACLE_BASE
else
export PATH=$ORACLE_HOME/bin:$ORA_USER_HOME/expl/bin:$PATH
decho ORACLE_HOME=$ORACLE_HOME
# On va essayer de se positionner dans l'environnement de la première base dispo.
DB_TARGET=`cat /etc/oratab | grep -Ev '^$|^#' | grep $ORACLE_HOME | cut -d: -f1 | head -1`
decho DB_TARGET=$DB_TARGET
if [ ! -z $DB_TARGET ] ; then
# DB trouvée, on cherche l'instance
if [ "$ORA_CRS_CLUSTERMODE" = "sa" ] ; then
# Si c'est une install SA, on teste sans ID d'instance
decho SA
DEC_INST=`ps -ef | grep -E "pmon_${DB_TARGET}$" | grep -v grep | cut -d_ -f3-`
else
# Sinon, sans complément, on vois
decho CL
DEC_INST=`ps -ef | grep -E "pmon_${DB_TARGET}(\_*[0-9]|[0-9]|$)" | grep -v grep | cut -d_ -f3-`
fi
decho $DEC_INST
if [ ! -z $DEC_INST ] ; then
export ORACLE_SID=$DEC_INST
fi
fi
fi
fi
fi
# Alias RL Wrap si disponible
if [ `/bin/rpm -qa |grep -i rlwrap | wc -l` -eq 1 ] ; then
alias sqlplus='rlwrap sqlplus'
alias rman='rlwrap rman'
alias asmcmd='rlwrap asmcmd'
alias adrci='rlwrap adrci'
alias dgmgrl='rlwrap dgmgrl'
fi
# Ajout d'un alias pour aller dans l'OH
alias oh='cd $ORACLE_HOME'
else
decho NON INSTALLE
fi
# Mise en place d'un prompt sympa
# Aucun intérêt hors d'un terminal interactif
if [ "$INTERACTIF" = "OUI" ] ; then
vert=$(tput setaf 2)
bleu=$(tput setaf 4)
gras=$(tput bold)
rouge=$(tput setaf 1)
reset=$(tput sgr0)
fi
decho prompt set
if [ "$ORA_CRS_CLUSTERMODE" = "flex" ] ; then
export PS1='[\[$bleu\]\u\[$reset\]@\[$vert\]\h\[$reset\] ($ORA_CRS_CLUSTERMODE $ORA_CRS_CLUSTER_NAME $ORA_CRS_NODE_TYPE:$ORA_CRS_NODE_NUM) \[$rouge\]${TWO_TASK:-$ORACLE_SID}\[$reset\] \W]\$ '
elif [ "$ORA_CRS_CLUSTERMODE" = "std" ] ; then
export PS1='[\[$bleu\]\u\[$reset\]@\[$vert\]\h\[$reset\] ($ORA_CRS_CLUSTERMODE $ORA_CRS_CLUSTER_NAME:$ORA_CRS_NODE_NUM) \[$rouge\]${TWO_TASK:-$ORACLE_SID}\[$reset\] \W]\$ '
elif [ "$ORA_CRS_CLUSTERMODE" = "sa" -o "$ORA_CRS_CLUSTERMODE" = "rst" ] ; then
export PS1='[\[$bleu\]\u\[$reset\]@\[$vert\]\h\[$reset\] ($ORA_CRS_CLUSTERMODE) \[$rouge\]${TWO_TASK:-$ORACLE_SID}\[$reset\] \W]\$ '
else
export PS1='[\[$bleu\]\u\[$reset\]@\[$vert\]\h\[$reset\] \[$rouge\]${TWO_TASK:-$ORACLE_SID}\[$reset\] \W]\$ '
fi
# Mode eMacs d'édition de ligne par défaut. Possible de passer en mode vi si nécessaire.
set -o emacs
fi
unset ajustement_limites decho APP_CTX HOSTNAME_SIMPLE DEBUG OLR_LOC ORA_INVENTORY ORA_INVENTORY_XMLFILE ORA_INVENTORY_CFFILE ORA_USER_HOME ORA_EXPL_DIR ORA_EXPL_BIN ORA_EXPL_SQL ORA_EXPL_TMP DRT_LI DRT_LI2 DRT_LI6 NODE_INFO DB_TARGET DEC_INST ORA_CRS_HOME INTERACTIF
# alias pour le shell Bash
alias grep='grep --color=auto'
alias vi=vim
configure-host-oel7/handlers/main.yml
Executable
+2
View File
@@ -0,0 +1,2 @@
---
configure-host-oel7/meta/main.yml
Executable
+139
View File
@@ -0,0 +1,139 @@
---
galaxy_info:
author: your name
description:
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Some suggested licenses:
# - BSD (default)
# - MIT
# - GPLv2
# - GPLv3
# - Apache
# - CC-BY
license: license (GPLv2, CC-BY, etc)
min_ansible_version: 1.2
#
# Below are all platforms currently available. Just uncomment
# the ones that apply to your role. If you don't see your
# platform on this list, let us know and we'll get it added!
#
#platforms:
#- name: EL
# versions:
# - all
# - 5
# - 6
# - 7
#- name: GenericUNIX
# versions:
# - all
# - any
#- name: Fedora
# versions:
# - all
# - 16
# - 17
# - 18
# - 19
# - 20
# - 21
# - 22
#- name: Windows
# versions:
# - all
# - 2012R2
#- name: SmartOS
# versions:
# - all
# - any
#- name: opensuse
# versions:
# - all
# - 12.1
# - 12.2
# - 12.3
# - 13.1
# - 13.2
#- name: Amazon
# versions:
# - all
# - 2013.03
# - 2013.09
#- name: GenericBSD
# versions:
# - all
# - any
#- name: FreeBSD
# versions:
# - all
# - 8.0
# - 8.1
# - 8.2
# - 8.3
# - 8.4
# - 9.0
# - 9.1
# - 9.1
# - 9.2
#- name: Ubuntu
# versions:
# - all
# - lucid
# - maverick
# - natty
# - oneiric
# - precise
# - quantal
# - raring
# - saucy
# - trusty
# - utopic
# - vivid
#- name: SLES
# versions:
# - all
# - 10SP3
# - 10SP4
# - 11
# - 11SP1
# - 11SP2
# - 11SP3
#- name: GenericLinux
# versions:
# - all
# - any
#- name: Debian
# versions:
# - all
# - etch
# - jessie
# - lenny
# - squeeze
# - wheezy
#
# Below are all categories currently available. Just as with
# the platforms above, uncomment those that apply to your role.
#
#categories:
#- cloud
#- cloud:ec2
#- cloud:gce
#- cloud:rax
#- clustering
#- database
#- database:nosql
#- database:sql
#- development
#- monitoring
#- networking
#- packaging
#- system
#- web
dependencies: []
# List your role dependencies here, one per line.
# Be sure to remove the '[]' above if you add dependencies
# to this list.
configure-host-oel7/tasks/creation_repertoire.yml
Executable
+24
View File
@@ -0,0 +1,24 @@
---
# création des répertoires Oracle
#
# exemple :
# oracle_racine /u01/app
# oracle_base /u01/app/oracle
# oracle_home /u01/app/oracle/12.1.0.2.dbhome_1
# grid_home /u01/app/12.1.0.2/grid
# stage /u01/stage
#
- name: Création du répertoire stage
file: dest={{ oracle_stage }} mode=775 owner={{ oracle_user }} group={{ oracle_group }} state=directory
tags: directoriesdb
- name: Création du répertoire ORACLE_BASE
file: dest={{ oracle_base }} mode=775 owner={{ oracle_user }} group={{ oracle_group }} state=directory
tags: directoriesdb
- name: Création du répertoire ORACLE_HOME
file: dest={{ oracle_home }} mode=775 owner={{ oracle_user }} group={{ oracle_group }} state=directory
with_items: oracle_databases
tags: directoriesdb
configure-host-oel7/tasks/grub_configuration.yml
Executable
+39
View File
@@ -0,0 +1,39 @@
---
# ---------------------------------------------------
# configuration Linux : grub
# ---------------------------------------------------
- name: Désactivation de Transparent Hugepages 1/2 (dans grub.conf)
shell: grubby --grub2 --remove-args=transparent_hugepage --update-kernel=ALL
tags: tphp
- name: Désactivation de Transparent Hugepages 2/2 (dans grub.conf)
shell: grubby --grub2 --args=transparent_hugepage=never --update-kernel=ALL
tags: tphp
- name: Désactivation de Numa 1/2 (dans grub.conf)
shell: grubby --grub2 --remove-args=numa --update-kernel=ALL
tags: numa
- name: Désactivation de Numa 2/2 (dans grub.conf)
shell: grubby --grub2 --args=numa=off --update-kernel=ALL
tags: numa
- name: Activation DeadLine 1/2 (dans grub.conf)
shell: grubby --grub2 --remove-args=elevator --update-kernel=ALL
tags: deadline
- name: Activation DeadLine 2/2 (dans grub.conf)
shell: grubby --grub2 --args=elevator=deadline --update-kernel=ALL
tags: deadline
- name: Suppression de rhgb de /etc/grub.conf
shell: grubby --grub2 --remove-args=rhgb --update-kernel=ALL
tags: rhgb
- name: Suppression de quiet de /etc/grub.conf
shell: grubby --grub2 --remove-args=quiet --update-kernel=ALL
tags: quiet
- name: Configuration du mode 3 comme mode de démarrage par défaut
replace: dest=/etc/inittab regexp='id:5:initdefault:' replace='id:3:initdefault:'
configure-host-oel7/tasks/kernel_configuration.yml
Executable
+42
View File
@@ -0,0 +1,42 @@
---
#------------------------------------------------------------------------------------
# configuration Linux : Paramètres du kernel
# pour Linux 7, on utilise un fichier de conf séparé /etc/sysctl.d/98-oracle.conf
# au lieu du fichier par défaut /etc/sysctl.conf
#------------------------------------------------------------------------------------
- name: Ajustement des paramètres du Kernel
# sysctl: name={{ item.name }} value="{{ item.value }}" state=present reload=yes ignoreerrors=yes sysctl_file=/etc/sysctl.d/98-oracle.conf
sysctl: name={{ item.name }} value="{{ item.value }}" state=present reload=yes ignoreerrors=yes sysctl_file=/etc/sysctl.conf
with_items:
- { name: kernel.shmall, value: "{{ ((0.4 * ansible_memtotal_mb)*1024*1024)|round|int }}" }
- { name: kernel.shmmax, value: "{{ ((0.55 * ansible_memtotal_mb)*1024*1024)|round|int }}" }
- { name: kernel.shmmni, value: 4096 }
- { name: kernel.sem, value: "250 32000 100 128" }
- { name: fs.file-max, value: 6815744 }
- { name: fs.aio-max-nr, value: 1048576 }
- { name: net.ipv4.ip_local_port_range, value: "9000 65500" }
- { name: net.core.rmem_default, value: 262144 }
- { name: net.core.rmem_max, value: 4194304 }
- { name: net.core.wmem_default, value: 262144 }
- { name: net.core.wmem_max, value: 1048576 }
tags: sysconfig
- name: Configuration PAM
lineinfile: dest=/etc/pam.d/login state=present line="session required pam_limits.so"
tags: pamconfig
- name: Ajustement des limits pour Oracle
lineinfile: dest=/etc/security/limits.conf state=present line="{{ item }}"
with_items:
- "* soft nproc 2047"
- "* hard nproc 16384"
- "* soft nofile 1024"
- "* hard nofile 65536"
- "* soft memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}"
- "* hard memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}"
- "* soft stack 10240"
- "* hard stack 32768"
- "* soft core unlimited"
- "* hard core unlimited"
tags: seclimit
configure-host-oel7/tasks/main.yml
Executable
+101
View File
@@ -0,0 +1,101 @@
---
# - name: Vérification de la distribution, la version et le kernel
# assert:
# that: ansible_distribution_major_version == '7' and ansible_os_family == 'RedHat' and ansible_kernel >= '3.8.13'
# tags: oscheck
# ---------------------------------------------------
# configuration des packages necessaires pour Linux
# ---------------------------------------------------
- include: os_configuration.yml
# ---------------------------------------------------
# configuration réseau
# ---------------------------------------------------
- include: network_configuration.yml
# ---------------------------------------------------
# configuration Linux : Utilisateurs et groupes
# ---------------------------------------------------
- include: users_configuration.yml
# ---------------------------------------------------
# configuration Linux : Paramètres du kernel
# ---------------------------------------------------
- include: kernel_configuration.yml
# ---------------------------------------------------
# configuration Linux : grub
# ---------------------------------------------------
- include: grub_configuration.yml
# ---------------------------------------------------
# configuration Linux : Personnalisation
# ---------------------------------------------------
- name: Ajout du fichier z_oracle dans /etc/profile.d
copy: src=z_oracle.sh dest=/etc/profile.d/z_oracle.sh owner=root mode=644
tags: z_oracle
# ---------------------------------------------------
# configuration Linux : Sécurisation
# ---------------------------------------------------
# - include: secure_configuration.yml
# ---------------------------------------------------
# configuration des packages necessaires pour Oracle
# ---------------------------------------------------
- name: Installation des packages pour Oracle
yum: name={{ packages }} state=installed skip_broken=true
# with_items:
vars:
packages:
- binutils
- compat-libcap1
- compat-libstdc++*i686
- compat-libstdc++-33
- elfutils-libelf-devel
- gcc
- gcc-c++
- glibc
- glibc*i686
- glibc-devel
- glibc-devel*i686
- kernel-headers
- ksh
- libaio
- libaio*i686
- libaio-devel
- libaio-devel*i686
- libgcc*i686
- libgcc*x86_64
- libstdc++
- libstdc++*i686
- libstdc++-devel
- libstdc++-devel*i686
- libXi
- libXi*i686
- libXtst
- libXtst*i686
- make
- mksh
- smartmontools
- sysstat
- unixODBC
tags: os_packages
# when: install_os_packages and internet_connection
# ---------------------------------------------------
# configuration Linux : Création des répertoires Oracle
# ---------------------------------------------------
# - include: creation_repertoire.yml
# ---------------------------------------------------
# Securisation de cron
# ---------------------------------------------------
- name: Desactivation de la commande crontab -r
lineinfile: dest=/etc/profile.d/you.sh
line='crontab () { [[ $@ =~ -[iel]*r ]] && echo "option -r (remove) not allowed" || command crontab "$@" ;}'
state=present
create=yes
configure-host-oel7/tasks/network_configuration.yml
Executable
+33
View File
@@ -0,0 +1,33 @@
---
# ---------------------------------------------------
# configuration réseau
# ---------------------------------------------------
- name: Vérification de l enregistrement DNS
command: nslookup {{ ansible_hostname }}
register: ns
ignore_errors: True
tags: etchosts
- name: Ajout du host dans /etc/hosts si absent
lineinfile: dest=/etc/hosts regexp='.*{{ ansible_fqdn }}$'
line="{{ ansible_default_ipv4.address }} {{ ansible_hostname }} {{ ansible_fqdn }}"
state=present
# when: "'find {{ ansible_hostname }}: NXDOMAIN' in ns.stdout"
tags: etchosts
- name: Modification resolv.conf pour ajouter attempts et timeout
lineinfile: dest=/etc/resolv.conf line="{{ item.line }}"
with_items:
- { line: "options attempts:2" }
- { line: "options timeout:1" }
- name: Desactivation de IP v6 et ZeroConf (Doc ID 1161144.1)
lineinfile: dest=/etc/sysconfig/network line="{{ item.line }}"
with_items:
- { line: "NETWORKING_IPV6=no" }
- { line: "IPV6INIT=no" }
- { line: "NOZEROCONF=yes" }
- name: desactivation permanente de ipv6
copy: src=desactivation_ipv6.conf dest=/etc/modprobe.d/desactivation_ipv6.conf
configure-host-oel7/tasks/os_configuration.yml
Executable
+103
View File
@@ -0,0 +1,103 @@
---
# ---------------------------------------------------
# configuration des packages necessaires pour Linux
# ---------------------------------------------------
- name: Installation du packet libselinux-python
yum: name="libselinux-python" state=installed
# - name: Installation du RPM EPEL Repo pour Linux 7
# yum: name="{{ epel_rpm }}" state=installed
# tags: epelrepo
# - name: Copie du fichier repository public-yum si absent
# copy: src=public-yum-ol7.repo dest=/etc/yum.repos.d/public-yum-ol7.repo
# tags: publicyumrepo
- name: Installation des packages communs pour Linux
yum: name={{ item }} state=installed
tags: commonpackages
with_items:
- bind-utils
- xdpyinfo
- xauth
- net-tools
- ethtool
- nscd
- ntp
- sysstat
- tree
- unzip
- wget
- vim
# - htop
# - rlwrap
- lvm2
- ncurses
- nfs-utils
- readline
- xfsprogs
- system-storage-manager
- name: Configuratio du mode panic sur perte du /
shell: free_form="tune2fs -e panic `df -P / |tail -1 | awk '{print $1}'`"
- name: Configuratio du mode panic sur bug du kernel
sysctl: name=kernel.panic_on_oops value=1 state=present reload=yes ignoreerrors=yes
# ---------------------------------------------------
# configuration du serveur NTPD
# ---------------------------------------------------
- name: Modification de la configuration NTP configuration (ajout du flag -x)
lineinfile: dest=/etc/sysconfig/ntpd
regexp='^OPTIONS='
line='OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid -g"'
state=present
create=yes
- name: restart ntpd
service: name=ntpd state=started enabled=yes
# ---------------------------------------------------
# configuration Linux : Selinux
# ---------------------------------------------------
- name: Disactiver Selinux (de façon permanente)
selinux: state=disabled
tags: selinux
register: selinux
- name: Disactiver Selinux (runtime)
shell: setenforce 0
tags: selinux
ignore_errors: true
# ---------------------------------------------------
# configuration Linux : les services
# ---------------------------------------------------
- name: arrêter et désactiver les services inutils
service: name={{ item }} state=stopped enabled=no
tags: linuxservices
ignore_errors: true
with_items:
- bluetooth
- cups
- gpm
- hidd
- hplip
- isdn
- sendmail
- smartd
- avahi-daemon
- NetworkManager
- rhnsd
- firstboot
- chronyd
- ip6tables
- iptables
- firewalld
# ---------------------------------------------------
# configuration du démarrage en mode 3 par défaut
# ---------------------------------------------------
- name: configuration du démarrage en mode 3 par défaut
command: systemctl set-default multi-user.target
configure-host-oel7/tasks/secure_configuration.yml
Executable
+21
View File
@@ -0,0 +1,21 @@
---
# ---------------------------------------------------
# configuration Linux : Sécurisation
# ---------------------------------------------------
- name: Ajout du soft reboot
lineinfile: dest=/etc/rc.local state=present line='/sbin/ctrlaltdel soft'
tags: softreboot
- name: Sécurisation du vidage mémoire
copy: src="00-vidage.conf" dest="/etc/security/limits.d/00-vidage.conf"
- name: Application des paramètres de configuration sécurisée
sysctl: name="{{ item.name }}"
value="{{ item.value }}"
state=present
reload=yes
ignoreerrors=yes
sysctl_file=/etc/sysctl.d/98-oracle.conf
when: secure_configuration
with_items: linux_secure_config
tags: secure_config
configure-host-oel7/tasks/users_configuration.yml
Executable
+34
View File
@@ -0,0 +1,34 @@
---
# ---------------------------------------------------
# configuration Linux : Utilisateurs et groupes
# ---------------------------------------------------
- name: Creation des groupes
group: name={{ item.group }} gid={{ item.gid }} state=present
with_items:
- { group: asmdba, gid: 1004 }
- { group: asmoper, gid: 1005 }
- { group: asmadmin, gid: 1003 }
- { group: oinstall, gid: 1000}
- { group: dba, gid: 1001 }
- { group: backupdba, gid: 1006 }
- { group: oper, gid: 1002 }
- { group: dgdba, gid: 1007 }
- { group: kmdba, gid: 1008 }
tags: group
- name: Creation du compte Oracle
user: name={{ item.username }} group={{ item.primgroup }} groups={{ item.othergroups }} uid={{ item.uid }} generate_ssh_key=yes append=yes state=present password={{ item.passwd }}
with_items:
- { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,oper", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" }
- { username: grid, uid: 1000, primgroup: oinstall, othergroups: "asmadmin,asmdba,asmoper,dba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" }
tags: user
- name: Ajout du compte oracle et grid au sudoers
template: src=sudoers.j2 dest=/etc/sudoers.d/{{ item }} owner=root mode=0600
with_items:
- oracle
- grid
when: configure_oracle_sudo
tags: sudoadd
configure-host-oel7/templates/motd.j2
Executable
+12
View File
@@ -0,0 +1,12 @@
---------------------------------------
Welcome to {{ ansible_fqdn }}
{{ ansible_distribution }} {{ ansible_distribution_version }} {{ ansible_userspace_architecture }}
FQDN: {{ ansible_fqdn }}
IP: {{ ansible_default_ipv4.address }}
#cpu's: {{ ansible_processor_vcpus }}
mem: {{ ansible_memtotal_mb }} MB
Kernel: {{ ansible_kernel }}
---------------------------------------
configure-host-oel7/templates/oracleasm-configure.expect.j2
Executable
+50
View File
@@ -0,0 +1,50 @@
#!/usr/bin/expect -f
spawn service oracleasm configure
{% if role_separation==True %}
expect {
"Default user to own the driver interface*:"
{
send "{{ grid_install_user }}\r"
exp_continue
}
"Default group to own the driver interface*:"
{
send "{{ asmdba_group }}\r"
exp_continue
}
"Start Oracle ASM library driver on boot*:"
{
send "y\r"
exp_continue
}
"Scan for Oracle ASM disks on boot*:"
{
send "y\r"
exp_continue
}
}
{% else %}
expect {
"Default user to own the driver interface*:"
{
send "{{ oracle_user }}\r"
exp_continue
}
"Default group to own the driver interface*:"
{
send "{{ dba_group }}\r"
exp_continue
}
"Start Oracle ASM library driver on boot*:"
{
send "y\r"
exp_continue
}
"Scan for Oracle ASM disks on boot*:"
{
send "y\r"
exp_continue
}
}
{% endif %}
configure-host-oel7/templates/sudoers.j2
Executable
+1
View File
@@ -0,0 +1 @@
{{ item }} ALL=(ALL) NOPASSWD: ALL
configure-host-oel7/vars/linux_settings.yml
Executable
+110
View File
@@ -0,0 +1,110 @@
# Fichier de paramètres
---
master_node: true
os_family_supported: "RedHat"
os_min_supported_version: "6.4"
os_supported_version: "6"
disable_numa_boot: true
disable_selinux: true
internet_connection: true
epel_rpm: "http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm"
configure_epel_repo: false
secure_configuration: false # faire une configuration securisee du system d exploitation
asmlib_rpm: "http://download.oracle.com/otn_software/asmlib/oracleasmlib-2.0.4-1.el6.x86_64.rpm"
ol6_repo_file: public-yum-ol6.repo
repo_dir: /etc/yum.repos.d/
disable_numa_boot: true
percent_hugepages: 50
configure_interconnect: false
configure_ssh: false
configure_host_disks: false
configure_etc_hosts: false
configure_cluster: false
device_persistence: asmlib
install_os_packages: false
disable_selinux: true
# pramètres de configuation sécurisée :
linux_secure_config:
- { name: net.ipv4.conf.all.accept_redirects, value: 0 }
- { name: net.ipv4.conf.default.accept_redirects, value: 0 }
- { name: net.ipv4.conf.all.secure_redirects, value: 0 }
- { name: net.ipv4.conf.default.secure_redirects, value: 0 }
- { name: net.ipv4.ip_forward, value: 0 }
- { name: net.ipv6.conf.all.accept_redirects, value: 0 }
- { name: net.ipv6.conf.default.accept_redirects, value: 0 }
- { name: net.ipv4.conf.default.accept_source_route, value: 0 }
- { name: net.ipv4.conf.all.accept_source_route, value: 0 }
- { name: net.ipv6.conf.default.accept_source_route, value: 0 }
- { name: net.ipv6.conf.all.accept_source_route, value: 0 }
- { name: net.ipv4.conf.all.log_martians, value: 1 }
- { name: net.ipv4.conf.default.log_martians, value: 1 }
- { name: net.ipv4.icmp_echo_ignore_broadcasts, value: 1 }
- { name: net.ipv4.icmp_ignore_bogus_error_responses, value: 1 }
- { name: net.ipv6.conf.all.accept_ra, value: 0 }
- { name: net.ipv6.conf.default.accept_ra, value: 0 }
# packages à installer pour Linux
common_packages:
- bc
- bind-utils
- btrfs-progs
- cloog-ppl
- compat-libcap1
- ethtool
- expect
- git
- htop
- lvm2
- make
- module-init-tools
- mpfr
- multitail
- ncurses-devel
- ncurses-libs
- nfs-utils
- nscd
- nss-softokn-freebl
- ntp
- openssh-clients
- ppl
- procps
- readline
- rlwrap
- screen
- sysstat
- system-config-lvm
- tigervnc-server
- tree
- twm
- unzip
- wget
- vim
- xfsprogs
# services Linux à désactiver :
linux_services:
- bluetooth
- cups
- gpm
- hidd
- hplip
- isdn
- sendmail
- smartd
- avahi-daemon
- NetworkManager
- rhnsd
- firstboot
- chronyd
- ip6tables
- iptables
- firewalld
configure-host-oel7/vars/main.yml
Executable
+102
View File
@@ -0,0 +1,102 @@
# Fichier de paramètres
---
#----------------------------------------------------------------------
# paramètres généraux
#----------------------------------------------------------------------
internet_connection: true
configure_epel_repo: true
epel_rpm: "http://mirrors.ircam.fr/pub/fedora/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm"
linux_version: "{{ ansible_distribution_major_version }}"
#----------------------------------------------------------------------
# Groupes et utilisateurs
#----------------------------------------------------------------------
oracle_groups:
- { group: asmdba, gid: 1004 }
- { group: asmoper, gid: 1005 }
- { group: asmadmin, gid: 1003 }
- { group: oinstall, gid: 1000}
- { group: dba, gid: 1001 }
- { group: backupdba, gid: 1006 }
- { group: oper, gid: 1002 }
- { group: dgdba, gid: 1007 }
- { group: kmdba, gid: 1008 }
oracle_users: # Passwd :Oracle123
- { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,oper", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" }
grid_users:
- { username: grid, uid: 1000, primgroup: oinstall, othergroups: "asmadmin,asmdba,asmoper,dba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" }
#----------------------------------------------------------------------
# ajouter les comptes oracle et grid au sudoers
#----------------------------------------------------------------------
configure_oracle_sudo: true
#----------------------------------------------------------------------
# paramètres du noyeau pour une installation Oracle
#----------------------------------------------------------------------
oracle_sysconfig:
- { name: kernel.shmall, value: "{{ ((0.4 * ansible_memtotal_mb)*1024*1024)|round|int }}" }
- { name: kernel.shmmax, value: "{{ ((0.5 * ansible_memtotal_mb)*1024*1024)|round|int }}" }
- { name: kernel.shmmni, value: 4096 }
- { name: kernel.sem, value: "250 32000 100 128" }
- { name: fs.file-max, value: 6815744 }
- { name: fs.aio-max-nr, value: 1048576 }
- { name: net.ipv4.ip_local_port_range, value: "9000 65500" }
- { name: net.core.rmem_default, value: 262144 }
- { name: net.core.rmem_max, value: 4194304 }
- { name: net.core.wmem_default, value: 262144 }
- { name: net.core.wmem_max, value: 1048576 }
#----------------------------------------------------------------------
# paramètres security limits pour une installation Oracle
#----------------------------------------------------------------------
oracle_seclimits:
- "* soft nproc 2047"
- "* hard nproc 16384"
- "* soft nofile 1024"
- "* hard nofile 65536"
- "* soft memlock {{ ((0.9 * ansible_memtotal_mb)*1024*1024)|round|int }}"
- "* hard memlock {{ ((0.9 * ansible_memtotal_mb)*1024*1024)|round|int }}"
- "* soft stack 10240"
- "* hard stack 32768"
- "* soft core unlimited"
- "* hard core unlimited"
#----------------------------------------------------------------------
# packages linux necessaires avant d'installer Oracle
#----------------------------------------------------------------------
oracle_packages:
- binutils
- compat-libcap1
- gcc
- gcc-c++
- glibc
- glibc-devel
- libaio
- libaio-devel
- libgcc
- libstdc++
- libstdc++-devel
- libXi
- libXtst
- make
- sysstat
- ksh
- libXi*i686
- libXtst*i686
- libstdc++-devel*i686
- libaio-devel*i686
- libstdc++*i686
- libgcc*i686
- libaio*i686
- glibc-devel*i686
- glibc*i686
- unixODBC
configure-host-oel7/vars/main.yml.court
Executable
+7
View File
@@ -0,0 +1,7 @@
# Fichier de paramètres
---
vars_files:
- linux_settings.yml # tous les parametres de configuration pour Linux
- oracle_users.yml # les comptes et groupes Oracle
- oracle_settings.yml # les parametres kernel et packages Oracle à installer
configure-host-oel7/vars/oracle_settings.yml
Executable
+112
View File
@@ -0,0 +1,112 @@
# Fichier de paramètres
---
# les répertoires pour l'installation Oracle
oracle_stage: /u01/stage
oracle_rsp_stage: "{{ oracle_stage }}/rsp"
oracle_version_db: 12.1.0.2
oracle_base: /u01/app/oracle
home: dbhome_1
oracle_home: "{{ oracle_base }}/product/{{ oracle_version_db }}/{{ home }}"
# paramètres du noyau
oracle_sysconfig:
- { name: kernel.shmall, value: "{{ ((0.4 * ansible_memtotal_mb)*1024)|round|int }}" }
- { name: kernel.shmmax, value: "{{ ((0.5 * ansible_memtotal_mb)*1024)|round|int }}" }
- { name: kernel.shmmni, value: 4096 }
- { name: kernel.sem, value: "250 32000 100 128" }
- { name: fs.file-max, value: 6815744 }
- { name: fs.aio-max-nr, value: 1048576 }
- { name: net.ipv4.ip_local_port_range, value: "9000 65500" }
- { name: net.core.rmem_default, value: 262144 }
- { name: net.core.rmem_max, value: 4194304 }
- { name: net.core.wmem_default, value: 262144 }
- { name: net.core.wmem_max, value: 1048576 }
- { name: vm.nr_hugepages, value: "{{ (((percent_hugepages/100) * ansible_memtotal_mb)/2)|round|int }}" }
# Security limits
oracle_seclimits:
- "* soft nproc 2047"
- "* hard nproc 16384"
- "* soft nofile 1024"
- "* hard nofile 65536"
- "* soft memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}"
- "* hard memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}"
- "* soft stack 10240"
- "* hard stack 32768"
- "* soft core unlimited"
- "* hard core unlimited"
# Fichier de paramètres : packages ORACLE
oracle_packages:
- bind-utils
- binutils
- btrfs-progs
- cloog-ppl
- compat-libcap1
- compat-libstdc++*i686
- compat-libstdc++-33
- cpp
- ethtool
- gcc
- gcc-c++
- glibc
- glibc*i686
- glibc-devel
- glibc-headers
- kernel-headers
- kmod-oracleasm
- ksh
- libX11
- libX11*i686
- libXau
- libXau*i686
- libXext
- libXi
- libXp
- libXt
- libXtst
- libaio
- libaio*i686
- libaio-devel
- libaio-devel*i686
- libgcc
- libselinux-python
- libstdc++
- libstdc++*i686
- libstdc++-devel
- libstdc++-devel*i686
- libtool-ltdl
- libxcb
- libxcb*i686
- make
- module-init-tools
- mpfr
- ncurses-devel
- ncurses-libs
- nfs-utils
- nscd
- ntp
- openssh-clients
- oracleasm-support
- parted
- ppl
- procps
- readline
- readline-devel
- sysstat
- twm
- unixODBC
- util-linux-ng
- vim-enhanced
- xdpyinfo
- xfsprogs
- xorg-x11-utils
- xorg-x11-xauth
- xorg-x11-xinit
- xsetroot
- xterm
configure-host-oel7/vars/oracle_users.yml
Executable
+37
View File
@@ -0,0 +1,37 @@
# Fichier de paramètres : les comptes Oracle
---
# Groupes et utilisateurs
oracle_groups:
- { group: asmdba, gid: 1004 }
- { group: asmoper, gid: 1005 }
- { group: asmadmin, gid: 1003 }
- { group: oinstall, gid: 1000}
- { group: dba, gid: 1001 }
- { group: backupdba, gid: 1006 }
- { group: oper, gid: 1002 }
- { group: dgdba, gid: 1007 }
- { group: kmdba, gid: 1008 }
oracle_users: # Passwd :Oracle123
- { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,oper", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" }
grid_users:
- { username: grid, uid: 1000, primgroup: oinstall, othergroups: "asmadmin,asmdba,asmoper,dba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" }
role_separation: true
oracle_user: oracle
grid_user: grid
configure_oracle_sudo: false
oracle_user_home: "/home/{{ oracle_user }}"
grid_user_home: "/home/{{ grid_user }}"
oracle_group: oinstall
oper_group: oper
dba_group: dba
asmoper_group: asmoper
asmdba_group: asmdba
asmadmin_group: asmadmin
configure-host-oel7/vars/original.main
Executable
+278
View File
@@ -0,0 +1,278 @@
# Fichier de paramètres
---
master_node: true
os_family_supported: "RedHat"
os_min_supported_version: "6.4"
os_supported_version: "6"
disable_numa_boot: true
disable_selinux: true
internet_connection: false
epel_rpm: "http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm"
configure_epel_repo: true
secure_configuration: true # faire une configuration securisee du system d exploitation
# Groupes et utilisateurs
oracle_groups:
- { group: asmdba, gid: 1004 }
- { group: asmoper, gid: 1005 }
- { group: asmadmin, gid: 1003 }
- { group: oinstall, gid: 1000}
- { group: dba, gid: 1001 }
- { group: backupdba, gid: 1006 }
- { group: oper, gid: 1002 }
- { group: dgdba, gid: 1007 }
- { group: kmdba, gid: 1008 }
oracle_users: # Passwd :Oracle123
- { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,oper", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" }
grid_users:
- { username: grid, uid: 1000, primgroup: oinstall, othergroups: "asmadmin,asmdba,asmoper,dba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" }
role_separation: true
oracle_user: oracle
grid_user: grid
configure_oracle_sudo: false
oracle_user_home: "/home/{{ oracle_user }}"
grid_user_home: "/home/{{ grid_user }}"
oracle_group: oinstall
oper_group: oper
dba_group: dba
asmoper_group: asmoper
asmdba_group: asmdba
asmadmin_group: asmadmin
# les répertoires pour l'installation Oracle
oracle_stage: /u01/stage
oracle_rsp_stage: "{{ oracle_stage }}/rsp"
oracle_version_db: 12.1.0.2
oracle_base: /u01/app/oracle
home: dbhome_1
oracle_home: "{{ oracle_base }}/product/{{ oracle_version_db }}/{{ home }}"
ssh_keys:
- /tmp/id_rsa
- /tmp/id_rsa.pub
- /tmp/authorized_keys
keyfile: /tmp/known_hosts
asmlib_rpm: "http://download.oracle.com/otn_software/asmlib/oracleasmlib-2.0.4-1.el6.x86_64.rpm"
ol6_repo_file: public-yum-ol6.repo
repo_dir: /etc/yum.repos.d/
disable_numa_boot: true
percent_hugepages: 50
configure_interconnect: false
oracle_ic_net: 3.3.3.{{ ansible_all_ipv4_addresses[0].split(".")[-1] }}
configure_ssh: false
configure_host_disks: false
configure_etc_hosts: false
configure_cluster: false
device_persistence: asmlib
install_os_packages: false
disable_selinux: true
# paramètres du noyau
oracle_sysconfig:
- { name: kernel.shmall, value: "{{ ((0.4 * ansible_memtotal_mb)*1024)|round|int }}" }
- { name: kernel.shmmax, value: "{{ ((0.5 * ansible_memtotal_mb)*1024)|round|int }}" }
- { name: kernel.shmmni, value: 4096 }
- { name: kernel.sem, value: "250 32000 100 128" }
- { name: fs.file-max, value: 6815744 }
- { name: fs.aio-max-nr, value: 1048576 }
- { name: net.ipv4.ip_local_port_range, value: "9000 65500" }
- { name: net.core.rmem_default, value: 262144 }
- { name: net.core.rmem_max, value: 4194304 }
- { name: net.core.wmem_default, value: 262144 }
- { name: net.core.wmem_max, value: 1048576 }
- { name: vm.nr_hugepages, value: "{{ (((percent_hugepages/100) * ansible_memtotal_mb)/2)|round|int }}" }
# Security limits
oracle_seclimits:
- "* soft nproc 2047"
- "* hard nproc 16384"
- "* soft nofile 1024"
- "* hard nofile 65536"
- "* soft memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}"
- "* hard memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}"
- "* soft stack 10240"
- "* hard stack 32768"
- "* soft core unlimited"
- "* hard core unlimited"
# pramètres de configuation sécurisée :
linux_secure_config:
- { name: net.ipv4.conf.all.accept_redirects, value: 0 }
- { name: net.ipv4.conf.default.accept_redirects, value: 0 }
- { name: net.ipv4.conf.all.secure_redirects, value: 0 }
- { name: net.ipv4.conf.default.secure_redirects, value: 0 }
- { name: net.ipv4.ip_forward, value: 0 }
- { name: net.ipv6.conf.all.accept_redirects, value: 0 }
- { name: net.ipv6.conf.default.accept_redirects, value: 0 }
- { name: net.ipv4.conf.default.accept_source_route, value: 0 }
- { name: net.ipv4.conf.all.accept_source_route, value: 0 }
- { name: net.ipv6.conf.default.accept_source_route, value: 0 }
- { name: net.ipv6.conf.all.accept_source_route, value: 0 }
- { name: net.ipv4.conf.all.log_martians, value: 1 }
- { name: net.ipv4.conf.default.log_martians, value: 1 }
- { name: net.ipv4.icmp_echo_ignore_broadcasts, value: 1 }
- { name: net.ipv4.icmp_ignore_bogus_error_responses, value: 1 }
- { name: net.ipv6.conf.all.accept_ra, value: 0 }
- { name: net.ipv6.conf.default.accept_ra, value: 0 }
# Sets up filesystem on host. If storage_type=FS under oracle_databases, this is where the mapping between device/fs is described
host_fs_layout:
u01:
{mntp: /u01, device: /dev/sdb, vgname: vgora, pvname: /dev/sdb1, lvname: lvora, fstype: ext4}
# ASM Diskgroups used for DB-storage. Should map to dict asm_storage_layout.
asm_diskgroups: # ASM Diskgroups used for DB-storage. Should map to dict asm_storage_layout.
- crs
- data
- fra
# Mapping between device & ASMlib label. If storage_type=ASM under oracle_databases,
# this is where the mapping between device/asm-disk is described
asm_storage_layout:
crs:
- {device: /dev/sdc, asmlabel: CRS01}
data:
- {device: /dev/sdd, asmlabel: DATA01}
fra:
- {device: /dev/sde, asmlabel: FRA01 }
# packages à installer pour Linux
common_packages:
- bc
- bind-utils
- btrfs-progs
- cloog-ppl
- compat-libcap1
- ethtool
- expect
- git
- htop
- lvm2
- make
- module-init-tools
- mpfr
- multitail
- ncurses-devel
- ncurses-libs
- nfs-utils
- nscd
- nss-softokn-freebl
- ntp
- openssh-clients
- ppl
- procps
- readline
- rlwrap
- screen
- sysstat
- system-config-lvm
- tigervnc-server
- tree
- twm
- unzip
- wget
- vim
- xfsprogs
# services Linux à désactiver :
linux_services:
- bluetooth
- cups
- gpm
- hidd
- hplip
- isdn
- sendmail
- smartd
- avahi-daemon
- NetworkManager
- rhnsd
- firstboot
- chronyd
- ip6tables
- iptables
- firewalld
# Fichier de paramètres : packages ORACLE
oracle_packages:
- bind-utils
- binutils
- btrfs-progs
- cloog-ppl
- compat-libcap1
- compat-libstdc++*i686
- compat-libstdc++-33
- cpp
- ethtool
- gcc
- gcc-c++
- glibc
- glibc*i686
- glibc-devel
- glibc-headers
- kernel-headers
- kmod-oracleasm
- ksh
- libX11
- libX11*i686
- libXau
- libXau*i686
- libXext
- libXi
- libXp
- libXt
- libXtst
- libaio
- libaio*i686
- libaio-devel
- libaio-devel*i686
- libgcc
- libselinux-python
- libstdc++
- libstdc++*i686
- libstdc++-devel
- libstdc++-devel*i686
- libtool-ltdl
- libxcb
- libxcb*i686
- make
- module-init-tools
- mpfr
- ncurses-devel
- ncurses-libs
- nfs-utils
- nscd
- ntp
- openssh-clients
- oracleasm-support
- parted
- ppl
- procps
- readline
- readline-devel
- sysstat
- twm
- unixODBC
- util-linux-ng
- vim-enhanced
- xdpyinfo
- xfsprogs
- xorg-x11-utils
- xorg-x11-xauth
- xorg-x11-xinit
- xsetroot
- xterm