Yacine/configure_oracle
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Version initial du 2020/09/10

Browse Source
This commit is contained in:
Yacine
2020-09-10 02:13:23 +02:00
parent a586a12cce
commit 372944395a
62 changed files with 4549 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
configure-host-oel7/tasks/creation_repertoire.yml Executable file
View File

@@ -0,0 +1,24 @@
---
# création des répertoires Oracle
#
# exemple :
# oracle_racine /u01/app
# oracle_base /u01/app/oracle
# oracle_home /u01/app/oracle/12.1.0.2.dbhome_1
# grid_home /u01/app/12.1.0.2/grid
# stage /u01/stage
#
- name: Création du répertoire stage
file: dest={{ oracle_stage }} mode=775 owner={{ oracle_user }} group={{ oracle_group }} state=directory
tags: directoriesdb
- name: Création du répertoire ORACLE_BASE
file: dest={{ oracle_base }} mode=775 owner={{ oracle_user }} group={{ oracle_group }} state=directory
tags: directoriesdb
- name: Création du répertoire ORACLE_HOME
file: dest={{ oracle_home }} mode=775 owner={{ oracle_user }} group={{ oracle_group }} state=directory
with_items: oracle_databases
tags: directoriesdb

39
configure-host-oel7/tasks/grub_configuration.yml Executable file
View File

@@ -0,0 +1,39 @@
---
# ---------------------------------------------------
# configuration Linux : grub
# ---------------------------------------------------
- name: Désactivation de Transparent Hugepages 1/2 (dans grub.conf)
shell: grubby --grub2 --remove-args=transparent_hugepage --update-kernel=ALL
tags: tphp
- name: Désactivation de Transparent Hugepages 2/2 (dans grub.conf)
shell: grubby --grub2 --args=transparent_hugepage=never --update-kernel=ALL
tags: tphp
- name: Désactivation de Numa 1/2 (dans grub.conf)
shell: grubby --grub2 --remove-args=numa --update-kernel=ALL
tags: numa
- name: Désactivation de Numa 2/2 (dans grub.conf)
shell: grubby --grub2 --args=numa=off --update-kernel=ALL
tags: numa
- name: Activation DeadLine 1/2 (dans grub.conf)
shell: grubby --grub2 --remove-args=elevator --update-kernel=ALL
tags: deadline
- name: Activation DeadLine 2/2 (dans grub.conf)
shell: grubby --grub2 --args=elevator=deadline --update-kernel=ALL
tags: deadline
- name: Suppression de rhgb de /etc/grub.conf
shell: grubby --grub2 --remove-args=rhgb --update-kernel=ALL
tags: rhgb
- name: Suppression de quiet de /etc/grub.conf
shell: grubby --grub2 --remove-args=quiet --update-kernel=ALL
tags: quiet
- name: Configuration du mode 3 comme mode de démarrage par défaut
replace: dest=/etc/inittab regexp='id:5:initdefault:' replace='id:3:initdefault:'

42
configure-host-oel7/tasks/kernel_configuration.yml Executable file
View File

@@ -0,0 +1,42 @@
---
#------------------------------------------------------------------------------------
# configuration Linux : Paramètres du kernel
# pour Linux 7, on utilise un fichier de conf séparé /etc/sysctl.d/98-oracle.conf
# au lieu du fichier par défaut /etc/sysctl.conf
#------------------------------------------------------------------------------------
- name: Ajustement des paramètres du Kernel
# sysctl: name={{ item.name }} value="{{ item.value }}" state=present reload=yes ignoreerrors=yes sysctl_file=/etc/sysctl.d/98-oracle.conf
sysctl: name={{ item.name }} value="{{ item.value }}" state=present reload=yes ignoreerrors=yes sysctl_file=/etc/sysctl.conf
with_items:
- { name: kernel.shmall, value: "{{ ((0.4 * ansible_memtotal_mb)*1024*1024)|round|int }}" }
- { name: kernel.shmmax, value: "{{ ((0.55 * ansible_memtotal_mb)*1024*1024)|round|int }}" }
- { name: kernel.shmmni, value: 4096 }
- { name: kernel.sem, value: "250 32000 100 128" }
- { name: fs.file-max, value: 6815744 }
- { name: fs.aio-max-nr, value: 1048576 }
- { name: net.ipv4.ip_local_port_range, value: "9000 65500" }
- { name: net.core.rmem_default, value: 262144 }
- { name: net.core.rmem_max, value: 4194304 }
- { name: net.core.wmem_default, value: 262144 }
- { name: net.core.wmem_max, value: 1048576 }
tags: sysconfig
- name: Configuration PAM
lineinfile: dest=/etc/pam.d/login state=present line="session required pam_limits.so"
tags: pamconfig
- name: Ajustement des limits pour Oracle
lineinfile: dest=/etc/security/limits.conf state=present line="{{ item }}"
with_items:
- "* soft nproc 2047"
- "* hard nproc 16384"
- "* soft nofile 1024"
- "* hard nofile 65536"
- "* soft memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}"
- "* hard memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}"
- "* soft stack 10240"
- "* hard stack 32768"
- "* soft core unlimited"
- "* hard core unlimited"
tags: seclimit

101
configure-host-oel7/tasks/main.yml Executable file
View File

@@ -0,0 +1,101 @@
---
# - name: Vérification de la distribution, la version et le kernel
# assert:
# that: ansible_distribution_major_version == '7' and ansible_os_family == 'RedHat' and ansible_kernel >= '3.8.13'
# tags: oscheck
# ---------------------------------------------------
# configuration des packages necessaires pour Linux
# ---------------------------------------------------
- include: os_configuration.yml
# ---------------------------------------------------
# configuration réseau
# ---------------------------------------------------
- include: network_configuration.yml
# ---------------------------------------------------
# configuration Linux : Utilisateurs et groupes
# ---------------------------------------------------
- include: users_configuration.yml
# ---------------------------------------------------
# configuration Linux : Paramètres du kernel
# ---------------------------------------------------
- include: kernel_configuration.yml
# ---------------------------------------------------
# configuration Linux : grub
# ---------------------------------------------------
- include: grub_configuration.yml
# ---------------------------------------------------
# configuration Linux : Personnalisation
# ---------------------------------------------------
- name: Ajout du fichier z_oracle dans /etc/profile.d
copy: src=z_oracle.sh dest=/etc/profile.d/z_oracle.sh owner=root mode=644
tags: z_oracle
# ---------------------------------------------------
# configuration Linux : Sécurisation
# ---------------------------------------------------
# - include: secure_configuration.yml
# ---------------------------------------------------
# configuration des packages necessaires pour Oracle
# ---------------------------------------------------
- name: Installation des packages pour Oracle
yum: name={{ packages }} state=installed skip_broken=true
# with_items:
vars:
packages:
- binutils
- compat-libcap1
- compat-libstdc++*i686
- compat-libstdc++-33
- elfutils-libelf-devel
- gcc
- gcc-c++
- glibc
- glibc*i686
- glibc-devel
- glibc-devel*i686
- kernel-headers
- ksh
- libaio
- libaio*i686
- libaio-devel
- libaio-devel*i686
- libgcc*i686
- libgcc*x86_64
- libstdc++
- libstdc++*i686
- libstdc++-devel
- libstdc++-devel*i686
- libXi
- libXi*i686
- libXtst
- libXtst*i686
- make
- mksh
- smartmontools
- sysstat
- unixODBC
tags: os_packages
# when: install_os_packages and internet_connection
# ---------------------------------------------------
# configuration Linux : Création des répertoires Oracle
# ---------------------------------------------------
# - include: creation_repertoire.yml
# ---------------------------------------------------
# Securisation de cron
# ---------------------------------------------------
- name: Desactivation de la commande crontab -r
lineinfile: dest=/etc/profile.d/you.sh
line='crontab () { [[ $@ =~ -[iel]*r ]] && echo "option -r (remove) not allowed" || command crontab "$@" ;}'
state=present
create=yes

33
configure-host-oel7/tasks/network_configuration.yml Executable file
View File

@@ -0,0 +1,33 @@
---
# ---------------------------------------------------
# configuration réseau
# ---------------------------------------------------
- name: Vérification de l enregistrement DNS
command: nslookup {{ ansible_hostname }}
register: ns
ignore_errors: True
tags: etchosts
- name: Ajout du host dans /etc/hosts si absent
lineinfile: dest=/etc/hosts regexp='.*{{ ansible_fqdn }}$'
line="{{ ansible_default_ipv4.address }} {{ ansible_hostname }} {{ ansible_fqdn }}"
state=present
# when: "'find {{ ansible_hostname }}: NXDOMAIN' in ns.stdout"
tags: etchosts
- name: Modification resolv.conf pour ajouter attempts et timeout
lineinfile: dest=/etc/resolv.conf line="{{ item.line }}"
with_items:
- { line: "options attempts:2" }
- { line: "options timeout:1" }
- name: Desactivation de IP v6 et ZeroConf (Doc ID 1161144.1)
lineinfile: dest=/etc/sysconfig/network line="{{ item.line }}"
with_items:
- { line: "NETWORKING_IPV6=no" }
- { line: "IPV6INIT=no" }
- { line: "NOZEROCONF=yes" }
- name: desactivation permanente de ipv6
copy: src=desactivation_ipv6.conf dest=/etc/modprobe.d/desactivation_ipv6.conf

103
configure-host-oel7/tasks/os_configuration.yml Executable file
View File

@@ -0,0 +1,103 @@
---
# ---------------------------------------------------
# configuration des packages necessaires pour Linux
# ---------------------------------------------------
- name: Installation du packet libselinux-python
yum: name="libselinux-python" state=installed
# - name: Installation du RPM EPEL Repo pour Linux 7
# yum: name="{{ epel_rpm }}" state=installed
# tags: epelrepo
# - name: Copie du fichier repository public-yum si absent
# copy: src=public-yum-ol7.repo dest=/etc/yum.repos.d/public-yum-ol7.repo
# tags: publicyumrepo
- name: Installation des packages communs pour Linux
yum: name={{ item }} state=installed
tags: commonpackages
with_items:
- bind-utils
- xdpyinfo
- xauth
- net-tools
- ethtool
- nscd
- ntp
- sysstat
- tree
- unzip
- wget
- vim
# - htop
# - rlwrap
- lvm2
- ncurses
- nfs-utils
- readline
- xfsprogs
- system-storage-manager
- name: Configuratio du mode panic sur perte du /
shell: free_form="tune2fs -e panic `df -P / |tail -1 | awk '{print $1}'`"
- name: Configuratio du mode panic sur bug du kernel
sysctl: name=kernel.panic_on_oops value=1 state=present reload=yes ignoreerrors=yes
# ---------------------------------------------------
# configuration du serveur NTPD
# ---------------------------------------------------
- name: Modification de la configuration NTP configuration (ajout du flag -x)
lineinfile: dest=/etc/sysconfig/ntpd
regexp='^OPTIONS='
line='OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid -g"'
state=present
create=yes
- name: restart ntpd
service: name=ntpd state=started enabled=yes
# ---------------------------------------------------
# configuration Linux : Selinux
# ---------------------------------------------------
- name: Disactiver Selinux (de façon permanente)
selinux: state=disabled
tags: selinux
register: selinux
- name: Disactiver Selinux (runtime)
shell: setenforce 0
tags: selinux
ignore_errors: true
# ---------------------------------------------------
# configuration Linux : les services
# ---------------------------------------------------
- name: arrêter et désactiver les services inutils
service: name={{ item }} state=stopped enabled=no
tags: linuxservices
ignore_errors: true
with_items:
- bluetooth
- cups
- gpm
- hidd
- hplip
- isdn
- sendmail
- smartd
- avahi-daemon
- NetworkManager
- rhnsd
- firstboot
- chronyd
- ip6tables
- iptables
- firewalld
# ---------------------------------------------------
# configuration du démarrage en mode 3 par défaut
# ---------------------------------------------------
- name: configuration du démarrage en mode 3 par défaut
command: systemctl set-default multi-user.target

21
configure-host-oel7/tasks/secure_configuration.yml Executable file
View File

@@ -0,0 +1,21 @@
---
# ---------------------------------------------------
# configuration Linux : Sécurisation
# ---------------------------------------------------
- name: Ajout du soft reboot
lineinfile: dest=/etc/rc.local state=present line='/sbin/ctrlaltdel soft'
tags: softreboot
- name: Sécurisation du vidage mémoire
copy: src="00-vidage.conf" dest="/etc/security/limits.d/00-vidage.conf"
- name: Application des paramètres de configuration sécurisée
sysctl: name="{{ item.name }}"
value="{{ item.value }}"
state=present
reload=yes
ignoreerrors=yes
sysctl_file=/etc/sysctl.d/98-oracle.conf
when: secure_configuration
with_items: linux_secure_config
tags: secure_config

34
configure-host-oel7/tasks/users_configuration.yml Executable file
View File

@@ -0,0 +1,34 @@
---
# ---------------------------------------------------
# configuration Linux : Utilisateurs et groupes
# ---------------------------------------------------
- name: Creation des groupes
group: name={{ item.group }} gid={{ item.gid }} state=present
with_items:
- { group: asmdba, gid: 1004 }
- { group: asmoper, gid: 1005 }
- { group: asmadmin, gid: 1003 }
- { group: oinstall, gid: 1000}
- { group: dba, gid: 1001 }
- { group: backupdba, gid: 1006 }
- { group: oper, gid: 1002 }
- { group: dgdba, gid: 1007 }
- { group: kmdba, gid: 1008 }
tags: group
- name: Creation du compte Oracle
user: name={{ item.username }} group={{ item.primgroup }} groups={{ item.othergroups }} uid={{ item.uid }} generate_ssh_key=yes append=yes state=present password={{ item.passwd }}
with_items:
- { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,oper", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" }
- { username: grid, uid: 1000, primgroup: oinstall, othergroups: "asmadmin,asmdba,asmoper,dba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" }
tags: user
- name: Ajout du compte oracle et grid au sudoers
template: src=sudoers.j2 dest=/etc/sudoers.d/{{ item }} owner=root mode=0600
with_items:
- oracle
- grid
when: configure_oracle_sudo
tags: sudoadd