configure_oracle/configure-host-oel6/vars/original.main

# Fichier de paramètres 
---

  master_node: true
  os_family_supported: "RedHat"
  os_min_supported_version: "6.4"
  os_supported_version: "6"
  disable_numa_boot: true
  disable_selinux: true

  internet_connection: false
  epel_rpm: "http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm"
  configure_epel_repo: true
  secure_configuration: true      # faire une configuration securisee du system d exploitation


# Groupes et utilisateurs

  oracle_groups:
    - { group: asmdba, gid: 1004 }
    - { group: asmoper, gid: 1005 }
    - { group: asmadmin, gid: 1003 }
    - { group: oinstall, gid: 1000}
    - { group: dba, gid: 1001 }
    - { group: backupdba, gid: 1006 }
    - { group: oper, gid: 1002 }
    - { group: dgdba, gid: 1007 }
    - { group: kmdba, gid: 1008 }


  oracle_users:         # Passwd :Oracle123
   - { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,oper", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" }

  grid_users:
   - { username: grid, uid: 1000, primgroup: oinstall, othergroups: "asmadmin,asmdba,asmoper,dba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0" }

  role_separation: true
  oracle_user: oracle
  grid_user: grid
  configure_oracle_sudo: false

  oracle_user_home: "/home/{{ oracle_user }}"
  grid_user_home: "/home/{{ grid_user }}"
  oracle_group: oinstall
  oper_group: oper
  dba_group: dba
  asmoper_group: asmoper
  asmdba_group: asmdba
  asmadmin_group: asmadmin

# les répertoires pour l'installation Oracle
  oracle_stage: /u01/stage
  oracle_rsp_stage: "{{ oracle_stage }}/rsp"
  oracle_version_db: 12.1.0.2
  oracle_base: /u01/app/oracle
  home: dbhome_1
  oracle_home: "{{ oracle_base }}/product/{{ oracle_version_db }}/{{ home }}"

  ssh_keys:
   - /tmp/id_rsa
   - /tmp/id_rsa.pub
   - /tmp/authorized_keys
  
  keyfile: /tmp/known_hosts

  asmlib_rpm: "http://download.oracle.com/otn_software/asmlib/oracleasmlib-2.0.4-1.el6.x86_64.rpm"
  ol6_repo_file: public-yum-ol6.repo
  repo_dir: /etc/yum.repos.d/

  disable_numa_boot: true
  percent_hugepages: 50
  configure_interconnect: false
  oracle_ic_net: 3.3.3.{{ ansible_all_ipv4_addresses[0].split(".")[-1] }}
  configure_ssh: false
  configure_host_disks: false
  configure_etc_hosts: false
  configure_cluster: false
  device_persistence: asmlib
  install_os_packages: false
  disable_selinux: true

# paramètres du noyau
  oracle_sysconfig:
      - { name: kernel.shmall, value: "{{ ((0.4 * ansible_memtotal_mb)*1024)|round|int  }}" }
      - { name: kernel.shmmax, value: "{{ ((0.5 * ansible_memtotal_mb)*1024)|round|int  }}" }
      - { name: kernel.shmmni, value: 4096 }
      - { name: kernel.sem, value: "250 32000 100 128" }
      - { name: fs.file-max, value: 6815744 }
      - { name: fs.aio-max-nr, value: 1048576 }
      - { name: net.ipv4.ip_local_port_range, value: "9000 65500" }
      - { name: net.core.rmem_default, value: 262144 }
      - { name: net.core.rmem_max, value: 4194304 }
      - { name: net.core.wmem_default, value: 262144 }
      - { name: net.core.wmem_max, value: 1048576 }
      - { name: vm.nr_hugepages, value: "{{ (((percent_hugepages/100) * ansible_memtotal_mb)/2)|round|int  }}" }

# Security limits
  oracle_seclimits:
      - "* soft nproc 2047"
      - "* hard nproc 16384"
      - "* soft nofile 1024"
      - "* hard nofile 65536"
      - "* soft memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}"
      - "* hard memlock {{ ((0.9 * ansible_memtotal_mb)*1024)|round|int }}"
      - "* soft stack 10240"
      - "* hard stack 32768"
      - "* soft core  unlimited"
      - "* hard core  unlimited"

# pramètres de configuation sécurisée :
  linux_secure_config:
      - { name: net.ipv4.conf.all.accept_redirects, value: 0 }
      - { name: net.ipv4.conf.default.accept_redirects, value: 0 }
      - { name: net.ipv4.conf.all.secure_redirects, value: 0 }
      - { name: net.ipv4.conf.default.secure_redirects, value: 0 }
      - { name: net.ipv4.ip_forward, value: 0 }
      - { name: net.ipv6.conf.all.accept_redirects, value: 0 } 
      - { name: net.ipv6.conf.default.accept_redirects, value: 0 }
      - { name: net.ipv4.conf.default.accept_source_route, value: 0 } 
      - { name: net.ipv4.conf.all.accept_source_route, value: 0 }
      - { name: net.ipv6.conf.default.accept_source_route, value: 0 } 
      - { name: net.ipv6.conf.all.accept_source_route, value: 0 }
      - { name: net.ipv4.conf.all.log_martians, value: 1 } 
      - { name: net.ipv4.conf.default.log_martians, value: 1 }
      - { name: net.ipv4.icmp_echo_ignore_broadcasts, value: 1 }
      - { name: net.ipv4.icmp_ignore_bogus_error_responses, value: 1 }
      - { name: net.ipv6.conf.all.accept_ra, value: 0 } 
      - { name: net.ipv6.conf.default.accept_ra, value: 0 }


# Sets up filesystem on host. If storage_type=FS under oracle_databases, this is where the mapping between device/fs is described
  host_fs_layout:
      u01:
        {mntp: /u01, device: /dev/sdb, vgname: vgora, pvname: /dev/sdb1, lvname: lvora, fstype: ext4}

# ASM Diskgroups used for DB-storage. Should map to dict asm_storage_layout.
  asm_diskgroups:        # ASM Diskgroups used for DB-storage. Should map to dict asm_storage_layout.
     - crs
     - data
     - fra

# Mapping between device & ASMlib label. If storage_type=ASM under oracle_databases,
# this is where the mapping between device/asm-disk is described
  asm_storage_layout:
   crs:
     - {device: /dev/sdc, asmlabel: CRS01}
   data:
     - {device: /dev/sdd, asmlabel: DATA01}
   fra:
     - {device: /dev/sde, asmlabel: FRA01 }

# packages à installer pour Linux
  common_packages:
      - bc
      - bind-utils
      - btrfs-progs
      - cloog-ppl
      - compat-libcap1
      - ethtool
      - expect
      - git
      - htop
      - lvm2
      - make
      - module-init-tools
      - mpfr
      - multitail
      - ncurses-devel
      - ncurses-libs
      - nfs-utils
      - nscd
      - nss-softokn-freebl
      - ntp
      - openssh-clients
      - ppl
      - procps
      - readline
      - rlwrap
      - screen
      - sysstat
      - system-config-lvm
      - tigervnc-server
      - tree
      - twm
      - unzip
      - wget
      - vim
      - xfsprogs
      
# services Linux à désactiver :
  linux_services:
      - bluetooth
      - cups
      - gpm
      - hidd
      - hplip
      - isdn
      - sendmail
      - smartd
      - avahi-daemon
      - NetworkManager
      - rhnsd
      - firstboot
      - chronyd
      - ip6tables
      - iptables
      - firewalld

# Fichier de paramètres : packages ORACLE

  oracle_packages:
      - bind-utils
      - binutils
      - btrfs-progs
      - cloog-ppl
      - compat-libcap1
      - compat-libstdc++*i686
      - compat-libstdc++-33
      - cpp
      - ethtool
      - gcc
      - gcc-c++
      - glibc
      - glibc*i686
      - glibc-devel
      - glibc-headers
      - kernel-headers
      - kmod-oracleasm
      - ksh
      - libX11
      - libX11*i686
      - libXau
      - libXau*i686
      - libXext
      - libXi
      - libXp
      - libXt
      - libXtst
      - libaio
      - libaio*i686
      - libaio-devel
      - libaio-devel*i686
      - libgcc
      - libselinux-python
      - libstdc++
      - libstdc++*i686
      - libstdc++-devel
      - libstdc++-devel*i686
      - libtool-ltdl
      - libxcb
      - libxcb*i686
      - make
      - module-init-tools
      - mpfr
      - ncurses-devel
      - ncurses-libs
      - nfs-utils
      - nscd
      - ntp
      - openssh-clients
      - oracleasm-support
      - parted
      - ppl
      - procps
      - readline
      - readline-devel
      - sysstat
      - twm
      - unixODBC
      - util-linux-ng
      - vim-enhanced
      - xdpyinfo
      - xfsprogs
      - xorg-x11-utils
      - xorg-x11-xauth
      - xorg-x11-xinit
      - xsetroot
      - xterm