Yacine/oracle_19_install
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Yacine31
2022-12-14 00:27:31 +01:00
commit 49265ea380
44 changed files with 2745 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/oracle-db-preinstall/files/00-vidage.conf Normal file
View File

@@ -0,0 +1,2 @@
# Sécurisation du vidage mémoire
* hard core 0

97
roles/oracle-db-preinstall/files/hugepages_settings.sh Normal file
View File

@@ -0,0 +1,97 @@
#!/bin/bash
#
# hugepages_settings.sh
#
# Linux bash script to compute values for the
# recommended HugePages/HugeTLB configuration
# on Oracle Linux
#
# Note: This script does calculation for all shared memory
# segments available when the script is run, no matter it
# is an Oracle RDBMS shared memory segment or not.
#
# This script is provided by Doc ID 401749.1 from My Oracle Support
# http://support.oracle.com
# Welcome text
echo "
This script is provided by Doc ID 401749.1 from My Oracle Support
(http://support.oracle.com) where it is intended to compute values for
the recommended HugePages/HugeTLB configuration for the current shared
memory segments on Oracle Linux. Before proceeding with the execution please note following:
* For ASM instance, it needs to configure ASMM instead of AMM.
* The 'pga_aggregate_target' is outside the SGA and
you should accommodate this while calculating the overall size.
* In case you changes the DB SGA size,
as the new SGA will not fit in the previous HugePages configuration,
it had better disable the whole HugePages,
start the DB with new SGA size and run the script again.
And make sure that:
* Oracle Database instance(s) are up and running
* Oracle Database 11g Automatic Memory Management (AMM) is not setup
(See Doc ID 749851.1)
* The shared memory segments can be listed by command:
# ipcs -m
Press Enter to proceed..."
read
# Check for the kernel version
KERN=`uname -r | awk -F. '{ printf("%d.%d\n",$1,$2); }'`
# Find out the HugePage size
HPG_SZ=`grep Hugepagesize /proc/meminfo | awk '{print $2}'`
if [ -z "$HPG_SZ" ];then
echo "The hugepages may not be supported in the system where the script is being executed."
exit 1
fi
# Initialize the counter
NUM_PG=0
# Cumulative number of pages required to handle the running shared memory segments
for SEG_BYTES in `ipcs -m | cut -c44-300 | awk '{print $1}' | grep "[0-9][0-9]*"`
do
MIN_PG=`echo "$SEG_BYTES/($HPG_SZ*1024)" | bc -q`
if [ $MIN_PG -gt 0 ]; then
NUM_PG=`echo "$NUM_PG+$MIN_PG+1" | bc -q`
fi
done
RES_BYTES=`echo "$NUM_PG * $HPG_SZ * 1024" | bc -q`
# An SGA less than 100MB does not make sense
# Bail out if that is the case
if [ $RES_BYTES -lt 100000000 ]; then
echo "***********"
echo "** ERROR **"
echo "***********"
echo "Sorry! There are not enough total of shared memory segments allocated for
HugePages configuration. HugePages can only be used for shared memory segments
that you can list by command:
# ipcs -m
of a size that can match an Oracle Database SGA. Please make sure that:
* Oracle Database instance is up and running
* Oracle Database 11g Automatic Memory Management (AMM) is not configured"
exit 1
fi
# Finish with results
case $KERN in
'2.4') HUGETLB_POOL=`echo "$NUM_PG*$HPG_SZ/1024" | bc -q`;
echo "Recommended setting: vm.hugetlb_pool = $HUGETLB_POOL" ;;
'2.6') echo "Recommended setting: vm.nr_hugepages = $NUM_PG" ;;
'3.8') echo "Recommended setting: vm.nr_hugepages = $NUM_PG" ;;
'3.10') echo "Recommended setting: vm.nr_hugepages = $NUM_PG" ;;
'4.1') echo "Recommended setting: vm.nr_hugepages = $NUM_PG" ;;
'4.14') echo "Recommended setting: vm.nr_hugepages = $NUM_PG" ;;
'4.18') echo "Recommended setting: vm.nr_hugepages = $NUM_PG" ;;
'5.4') echo "Recommended setting: vm.nr_hugepages = $NUM_PG" ;;
*) echo "Kernel version $KERN is not supported by this script (yet). Exiting." ;;
esac
# End

14
roles/oracle-db-preinstall/files/z_bash_aliases.sh Normal file
View File

@@ -0,0 +1,14 @@
# aliases bash
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
alias grep='grep --color=auto'
alias l.='ls -d .* --color=auto'
alias la='ls -latra'
alias ll='ls -ltrh'
alias ls='ls --color=auto'
alias tailf='tail -100f'
alias vi=vim
alias oh='cd $ORACLE_HOME'
alias tns='cd $ORACLE_HOME/network/admin'
alias list_instances='ps -ef | grep pmon | grep -v grep | cut -d_ -f3 | sort'

64
roles/oracle-db-preinstall/files/z_oracle.sh Normal file
View File

@@ -0,0 +1,64 @@
#!/bin/bash
## On entre seulement pour certains utilisateurs.
if [ $USER = "grid" ] || [ $USER = "oracle" ] || [ $USER = "root" ] ; then
# Certaines operations ne sont pas a realiser pour root
# les limites sont laissees par defaut
# ainsi que le masque de creation de fichier ou le stty break.
if [ $USER != "root" ] ; then
# ajustement des limites
if [ $SHELL = "/bin/ksh" ] ; then
ulimit -p 16384
ulimit -n 65536
ulimit -s 32768
else
ulimit -u 16384 -n 65536
fi
ulimit -Hs 32768
ulimit -Ss 10240
# Masque de création des fichiers
umask 022
# export ORACLE_HOME et ORACLE_SID
ORACLE_SID=$(ps -ef | grep pmon | egrep -v 'grep|ASM|APX' | cut -d_ -f3 | head -1)
if [ -n "$ORACLE_SID" ]; then export ORACLE_SID; fi
if [ -e "/etc/oraInst.loc" ]; then
INV_LOC=$(cat /etc/oraInst.loc | grep inventory_loc | cut -d= -f2)
if [ -e "${INV_LOC}/ContentsXML/inventory.xml" ]; then
export ORACLE_HOME=$(cat ${INV_LOC}/ContentsXML/inventory.xml | grep "<HOME_LIST" -A1 | tail -1 | sed 's/.*LOC="//g' | cut -d'"' -f1)
export PATH=$ORACLE_HOME/bin:$PATH
fi
fi
# Alias RLWrap si disponible
if [ `type rlwrap 2>/dev/null | wc -l` -eq 1 ] ; then
alias sqlplus="rlwrap sqlplus"
alias rman="rlwrap rman"
alias asmcmd="rlwrap asmcmd"
alias adrci="rlwrap adrci"
alias dgmgrl="rlwrap dgmgrl"
fi
fi
# Mise en place d'un prompt coloré
fd=0
# Shell interactif ou non ?
# Aucun intérêt hors d'un terminal interactif
if [[ $- = *i* ]]
then
rouge=$(tput setaf 1)
vert=$(tput setaf 2)
jaune=$(tput setaf 3)
bleu=$(tput setaf 4)
gras=$(tput bold)
reset=$(tput sgr0)
export PS1='[\[$jaune\]\u\[$reset\]@\[$vert\]\h\[$reset\] \[$rouge\]${TWO_TASK:-$ORACLE_SID}\[$reset\] \W]\$ '
export NLS_DATE_FORMAT='YYYY-MM-DD HH24:MI:SS'
fi
fi

28
roles/oracle-db-preinstall/tasks/dir_creation.yml Normal file
View File

@@ -0,0 +1,28 @@
---
# création des répertoires Oracle
#
# mkdir -p /u01/app/oracle
# mkdir -p /u01/app/oraInventory
# chown -R oracle:oinstall /u01/app/oracle
# chown -R oracle:oinstall /u01/app/oraInventory
# chmod -R 775 /u01/app
# su - oracle
# mkdir -p /u01/app/oracle/product/19.0.0/dbhome_1
# cd /u01/app/oracle/product/19.0.0/dbhome_1
# unzip -q /tmp/db_home.zip
# cd /u01/app/oracle/product/19.0.0/dbhome_1
# ./runInstaller
- name: Création du répertoire oracle
file: dest={{ item }} mode=775 owner=oracle group=oinstall state=directory recurse=yes
with_items:
- "{{ oracle_base }}"
- "{{ oracle_inventory }}"
- "{{ oracle_home }}"
- "{{ oracle_sources }}"
- "{{ oracle_oradata }}"
- "{{ oracle_fra }}"
when: full_configuration
tags: directoriesdb

97
roles/oracle-db-preinstall/tasks/grub_configuration.yml Normal file
View File

@@ -0,0 +1,97 @@
---
# ---------------------------------------------------
# configuration de grub
# ---------------------------------------------------
# ---------------------------------------------------
# suppression de rhgb
# ---------------------------------------------------
- name: check if rhgb is set
ansible.builtin.shell: grubby --info DEFAULT | grep rhgb | wc -l
register: grep_count
tags: grub
- name: Configuration grub - Suppression de rhgb
shell: grubby --update-kernel=ALL --remove-args=rhgb
when: grep_count.stdout != '0' and ansible_distribution_major_version >= '7'
tags: grub
# ---------------------------------------------------
# suppression de quiet
# ---------------------------------------------------
- name: check if quiet is set
ansible.builtin.shell: grubby --info DEFAULT | grep quiet | wc -l
register: grep_count
tags: grub
- name: Configuration grub - Suppression de quiet
shell: grubby --update-kernel=ALL --remove-args=quiet
when: grep_count.stdout != '0' and ansible_distribution_major_version >= '7'
tags: grub
# ---------------------------------------------------
# ajout de transparent_hugepage=never
# ---------------------------------------------------
- name: check if transparent_hugepage=never is set
ansible.builtin.shell: grubby --info DEFAULT | grep -i transparent_hugepage=never | wc -l
register: grep_count
tags: grub
- name: Configuration grub - Désactivation de Transparent Hugepages
shell: grubby --update-kernel=ALL --args=transparent_hugepage=never
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub
# ---------------------------------------------------
# ajout de numa=off
# ---------------------------------------------------
- name: check if numa=off is set
ansible.builtin.shell: grubby --info DEFAULT | grep -i numa=off | wc -l
register: grep_count
tags: grub
- name: Configuration grub - Désactivation de numa=off
shell: grubby --update-kernel=ALL --args=numa=off
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub
# ---------------------------------------------------
# ajout de elevator=deadline
# ---------------------------------------------------
- name: check if elevator=deadline is set
ansible.builtin.shell: grubby --info DEFAULT | grep -i elevator=deadline | wc -l
register: grep_count
tags: grub
- name: Configuration grub - elevator=deadline
shell: grubby --update-kernel=ALL --args=elevator=deadline
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub
# ---------------------------------------------------
# ajout de vga=791
# ---------------------------------------------------
- name: check if vga=791 is set
ansible.builtin.shell: grubby --info DEFAULT | grep -i vga=791 | wc -l
register: grep_count
tags: grub
- name: Configuration grub - vga=791
shell: grubby --update-kernel=ALL --args=vga=791
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub
# ---------------------------------------------------
# ajout de GRUB_ENABLE_BLSCFG=true
# Workaround of Orabug 20734786
# ---------------------------------------------------
- name: check if GRUB_ENABLE_BLSCFG=true is set
ansible.builtin.shell: grubby --info DEFAULT | grep -i GRUB_ENABLE_BLSCFG=true | wc -l
register: grep_count
tags: grub
- name: Configuration grub - GRUB_ENABLE_BLSCFG=true
shell: grubby --update-kernel=ALL --args=GRUB_ENABLE_BLSCFG=true
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub

49
roles/oracle-db-preinstall/tasks/main.yml Normal file
View File

@@ -0,0 +1,49 @@
---
- name: Vérification de la distribution, la version et le kernel
assert:
that: ansible_architecture == 'x86_64' and ansible_os_family == 'RedHat' and ansible_system == 'Linux'
tags: oscheck
# ---------------------------------------------------
# Ajout du fichier de paramètres : Redhat_8.yml ou Redhat_7.yml ...
# ---------------------------------------------------
- name: ajout des paramètres spécifique à l'OS
include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
# ---------------------------------------------------
# configuration des packages necessaires pour Linux
# ---------------------------------------------------
- include: os_configuration.yml
# ---------------------------------------------------
# configuration réseau
# ---------------------------------------------------
- include: network_configuration.yml
# ---------------------------------------------------
# configuration Linux : grub
# ---------------------------------------------------
- include: grub_configuration.yml
# ---------------------------------------------------
# configuration Linux : Sécurisation
# ---------------------------------------------------
- include: secure_configuration.yml
# ---------------------------------------------------
# configuration Linux : Utilisateurs et groupes Oracle
# ---------------------------------------------------
- include: users_configuration.yml
# ---------------------------------------------------
# configuration Linux : personnalisation rlwrap
# ---------------------------------------------------
- include: rlwrap.yml
# ---------------------------------------------------
# configuration Linux : Création des répertoires Oracle
# ---------------------------------------------------
- include: dir_creation.yml

28
roles/oracle-db-preinstall/tasks/network_configuration.yml Normal file
View File

@@ -0,0 +1,28 @@
---
# ---------------------------------------------------
# configuration réseau
# ---------------------------------------------------
- name: Modification resolv.conf pour ajouter attempts et timeout
lineinfile: dest=/etc/resolv.conf line="{{ item.line }}"
with_items:
- { line: "options attempts:2" }
- { line: "options timeout:1" }
- name: Desactivation de IP v6 et ZeroConf (Doc ID 1161144.1)
lineinfile: dest=/etc/sysconfig/network line="{{ item.line }}"
with_items:
- { line: "NETWORKING_IPV6=no" }
- { line: "IPV6INIT=no" }
- { line: "NOZEROCONF=yes" }
tags: ipv6
- name: desactivation permanente de IP v6
lineinfile:
dest=/etc/sysctl.d/98-disable_ipv6.conf
line="{{ item.line }}"
state=present
create=yes
with_items:
- { line: "net.ipv6.conf.all.disable_ipv6 = 1" }
- { line: "net.ipv6.conf.default.disable_ipv6 = 1" }
tags: ipv6

128
roles/oracle-db-preinstall/tasks/os_configuration.yml Normal file
View File

@@ -0,0 +1,128 @@
---
# ---------------------------------------------------
# configuration des packages necessaires pour Linux
# ---------------------------------------------------
- name: YUM - installation des packages nécessaires
yum: name={{ linux_packages }} state=latest disable_gpg_check=yes
tags: rpm_packages
# ---------------------------------------------------
# configuration du serveur Chronyd - Linux >= 7
# ---------------------------------------------------
- name: start chronyd
service: name=chronyd state=started enabled=yes
ignore_errors: true
# ---------------------------------------------------
# configuration Linux : Selinux
# ---------------------------------------------------
- name: Desactiver Selinux (de façon permanente)
selinux: state=disabled
register: selinux
tags: selinux
- name: Disactiver Selinux (runtime)
shell: setenforce 0
ignore_errors: true
tags: selinux
# ---------------------------------------------------
# configuration Linux : les services
# ---------------------------------------------------
- name: arrêter et désactiver les services inutils
with_items: "{{ linux_services }}"
service: name={{ item }} state=stopped enabled=no
tags: linuxservices
ignore_errors: true
#------------------------------------------------------------------------------------
# configuration Linux : Paramètres du kernel
#------------------------------------------------------------------------------------
# - name: Linux - Ajustement des paramètres du Kernel dans /etc/sysctl.d/oracle_sysctl.conf
# state=present reload=yes ignoreerrors=yes sysctl_set=yes sysctl_file=/etc/sysctl.d/99-oracle-sysctl.conf
- name: Linux - Ajustement des paramètres du Kernel dans /etc/sysctl.d/99-oracle-database-preinstall-19c-sysctl.conf
sysctl:
name={{ item.name }} value={{ item.value }}
state=present reload=yes ignoreerrors=yes sysctl_set=yes sysctl_file=/etc/sysctl.d/99-oracle-database-preinstall-19c-sysctl.conf
with_items: "{{ oracle_sysconfig }}"
tags: sysctl.conf
- name: Configuration PAM
lineinfile: dest=/etc/pam.d/login state=present line="session required pam_limits.so"
tags: pamconfig
# lineinfile: dest=/etc/security/limits.d/oracle_seclimits.conf create=yes state=present line={{ item }}
- name: Linux - Ajustement des limits pour Oracle dans /etc/security/limits.d/oracle-database-preinstall-19c.conf
lineinfile: dest=/etc/security/limits.d/oracle-database-preinstall-19c.conf create=yes state=present line={{ item }}
with_items: "{{ oracle_seclimits }}"
tags: seclimit
# ---------------------------------------------------
# Shell : aliases bash & oracle
# ---------------------------------------------------
- name: Ajout du fichier z_oracle dans /etc/profile.d
copy: src=z_oracle.sh dest=/etc/profile.d/z_oracle.sh owner=root mode=644
tags: z_oracle
- name: BASH - Ajout du fichier z_bash_aliases dans /etc/profile.d
copy: src=z_bash_aliases.sh dest=/etc/profile.d/z_bash_aliases.sh owner=root mode=644
tags: bash_alias
- name: BASH - ajout de ignore-case pour autocompletion avec TAB
lineinfile: dest=/etc/inputrc line="set completion-ignore-case On" create=yes state=present
tags: bash_tab
- name: Desactivation de la commande crontab -r
lineinfile: dest=/etc/profile.d/z_crontab_r.sh
line='crontab () { [[ $@ =~ -[iel]*r ]] && echo "option -r (remove) not allowed" || command crontab "$@" ;}'
state=present
create=yes
tags: bash_cron_r
# ---------------------------------------------------
# configuration Linux : Mode panic
# ---------------------------------------------------
- name: Configuratio du mode panic sur perte du /
shell: free_form="tune2fs -e panic `df -P / |tail -1 | awk '{print $1}'`"
tags: mode_panic
- name: Configuration du mode panic sur bug du kernel
sysctl: name=kernel.panic_on_oops value=1 state=present reload=yes ignoreerrors=yes
tags: mode_panic
# ---------------------------------------------------
# configuration du démarrage en mode 3 par défaut
# ---------------------------------------------------
- name: Configuration du mode 3 comme mode de démarrage par défaut
shell: systemctl set-default multi-user.target
tags: init3
# ---------------------------------------------------
# configuration Linux : config oracle pour logrotate
# Gestion des fichiers logs seulement (archivage et réinitialisation)
# ---------------------------------------------------
- name: Gestion des logs Oracle - copie du fichier de configuration pour logrotate
template: src=logrotate_oracle.j2 dest=/etc/logrotate.d/oracle mode=644 owner=root group=root
tags: logrotate
# ---------------------------------------------------
# configuration Linux : oracle cleaner dans cron.daily
# Gestion des fichiers trace et xml : purge des anciens fichiers
# ---------------------------------------------------
- name: Netoyage ADR Oracle - copie du fichier de configuration pour cron
template: src=cron_oracle_cleaner.j2 dest=/etc/cron.daily/oracle_cleaner mode=755 owner=root group=root
tags: cron_daily
# ---------------------------------------------------
# copy du fichier dbora.service dans /lib/systemd/system pour redémmarage auto
# ---------------------------------------------------
- name: Copie du script de démarrage auto des bases Oracle
template: src=dbora.service.j2 dest=/lib/systemd/system/dbora.service owner=root mode=644
tags: dbora_init
- name: Activation par systemctl du script de démarrage auto des bases Oracle
systemd: name=dbora daemon_reload=yes enabled=yes
tags: dbora_init

22
roles/oracle-db-preinstall/tasks/rlwrap.yml Normal file
View File

@@ -0,0 +1,22 @@
---
# ---------------------------------------------------
# installation de l'utilitaire rlwrap pour oracle
# ---------------------------------------------------
- name: YUM - installation de rlwrap
yum: name=rlwrap state=latest disable_gpg_check=yes
tags: rlwrap
# - name: Copy du rpm rlwrap OL8 vers le serveur
# copy: src=rlwrap-0.45.2-1.el8.x86_64.rpm dest=/tmp/rlwrap.x86_64.rpm owner=root mode=644
# tags: rlwrap
#
# - name: Install rlwrap rpm from a local file
# yum:
# name: /tmp/rlwrap.x86_64.rpm
# state: present
# disable_gpg_check: yes
# tags: rlwrap
#
# - name: suppression du rpm rlwrap du serveur
# file: path=/tmp/rlwrap.x86_64.rpm state=absent
# tags: rlwrap

17
roles/oracle-db-preinstall/tasks/secure_configuration.yml Normal file
View File

@@ -0,0 +1,17 @@
---
# ---------------------------------------------------
# configuration Linux : Sécurisation
# ---------------------------------------------------
- name: Ajout du soft reboot
lineinfile: dest=/etc/rc.local state=present line='/sbin/ctrlaltdel soft'
tags: softreboot
- name: Sécurisation du vidage mémoire
copy: src="00-vidage.conf" dest="/etc/security/limits.d/00-vidage.conf"
- name: Application des paramètres de configuration sécurisée
sysctl: name={{ item.name }} value={{ item.value }} state=present reload=yes ignoreerrors=yes
when: secure_configuration
with_items: "{{ linux_secure_config }}"
tags: secure_config

47
roles/oracle-db-preinstall/tasks/users_configuration.yml Normal file
View File

@@ -0,0 +1,47 @@
---
# ---------------------------------------------------
# CRéation des groupes
# ---------------------------------------------------
- name: Création des groupes
group: name={{ item.group }} gid={{ item.gid }} state=present
with_items:
- { group: oinstall, gid: 1001}
- { group: dba, gid: 1002 }
- { group: oper, gid: 1003 }
- { group: backupdba, gid: 1004 }
- { group: dgdba, gid: 1005 }
- { group: kmdba, gid: 1006 }
- { group: racdba, gid: 1007 }
- { group: asmadmin, gid: 1008 }
- { group: asmdba, gid: 1009 }
- { group: asmoper, gid: 1010 }
ignore_errors: true
when: full_configuration |bool
tags: group
# ---------------------------------------------------
# Création des utilisateurs : password Oracle123 => full configuration
# ---------------------------------------------------
- name: Création du compte Oracle et grid
user:
name={{ item.username }} group={{ item.primgroup }}
groups={{ item.othergroups }} uid={{ item.uid }}
generate_ssh_key=yes append=yes state=present update_password=on_create password={{ item.passwd }}
with_items:
- { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,oper,backupdba,dgdba,kmdba,racdba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"}
- { username: grid, uid: 1002, primgroup: oinstall, othergroups: "dba,asmdba,asmoper,asmadmin,racdba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"}
ignore_errors: true
when: full_configuration |bool
tags: user
# ---------------------------------------------------
# Ajout du compte oracle et grid au sudoers
# ---------------------------------------------------
- name: Ajout du compte oracle et grid au sudoers
ignore_errors: true
template: src=sudoers.j2 dest=/etc/sudoers.d/{{ item }} owner=root mode=0600
with_items:
- oracle
- grid
tags: sudoadd

17
roles/oracle-db-preinstall/templates/cron_oracle_cleaner.j2 Normal file
View File

@@ -0,0 +1,17 @@
#!/bin/sh
# ---
# Suppression des fichiers trc, trm et xml des sous repertoire dans diag
modif_time=7
/usr/bin/logger -t ora_db_clean_xml "Clean xml file older than ${modif_time} days from {{ oracle_base }}/diag/rdbms/"
find {{ oracle_base }}/diag/rdbms/ -iname "*xml" -mtime +${modif_time} -print -delete | logger -t oracle_clean_xml
/usr/bin/logger -t ora_lsnr_clean_xml "Clean xml file older than ${modif_time} days from {{ oracle_base }}/diag/tnslsnr/"
find {{ oracle_base }}/diag/tnslsnr/ -iname "*xml" -mtime +${modif_time} -print -delete | logger -t oracle_clean_xml
/usr/bin/logger -t ora_db_clean_trc "Clean trc file older than ${modif_time} days from {{ oracle_base }}/diag/rdbms/"
find {{ oracle_base }}/diag/rdbms/ -iname "*trc" -mtime +${modif_time} -print -delete | logger -t oracle_clean_trc
/usr/bin/logger -t ora_db_clean_trm "Clean trm file older than ${modif_time} days from {{ oracle_base }}/diag/rdbms/"
find {{ oracle_base }}/diag/rdbms/ -iname "*trm" -mtime +${modif_time} -print -delete | logger -t oracle_clean_trm

15
roles/oracle-db-preinstall/templates/dbora.service.j2 Normal file
View File

@@ -0,0 +1,15 @@
[Unit]
Description=Start Oracle Database
After=multi-user.target
After=network.target
[Service]
Type=simple
Environment=PIDFILE=/run/dbora.pid
ExecStart=/usr/bin/su - oracle -c "{{oracle_home}}/bin/dbstart {{oracle_home}}"
ExecStop=/usr/bin/su - oracle -c "{{oracle_home}}/bin/dbshut {{oracle_home}}"
TimeoutSec=900
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

14
roles/oracle-db-preinstall/templates/logrotate_oracle.j2 Normal file
View File

@@ -0,0 +1,14 @@
{{ oracle_base }}/diag/rdbms/*/*/trace/*.log
{{ oracle_base }}/diag/tnslsnr/*/*/trace/*.log
{
su oracle oinstall
daily
size 100M
rotate 6
missingok
compress
notifempty
dateext
create 0640 oracle oinstall
}

1
roles/oracle-db-preinstall/templates/sudoers.j2 Normal file
View File

@@ -0,0 +1 @@
{{ item }} ALL=(ALL) NOPASSWD: ALL

200
roles/oracle-db-preinstall/vars/RedHat_7.yml Normal file
View File

@@ -0,0 +1,200 @@
# Fichier de paramètres pour Oracle Linux 7
---
#----------------------------------------------------------------------
# packages linux nécessaires pour travailler
#----------------------------------------------------------------------
linux_packages:
- bc
- bind-libs
- bind-libs-lite
- bind-license
- bind-utils
- binutils
- btrfs-progs
- chrony
- compat-libcap1
- compat-libstdc++-33
- cpp
- deltarpm
- device-mapper-multipath
- elfutils-libelf
- elfutils-libelf-devel
- ethtool
- fontconfig-devel
- fstrm
- gcc
- gcc-c++
- glibc
- glibc-devel
- glibc-devel.i686
- glibc-headers
- gssproxy
- htop
- kernel-headers
- keyutils
- ksh
- libaio
- libaio-devel
- libdmx
- libgcc
- libibverbs
- libICE
- libmaxminddb
- librdmacm
- libselinux-python
- libSM
- libstdc++
- libstdc++-devel
- libtool-ltdl
- libverto-libevent
- libX11
- libX11-common
- libXau
- libxcb
- libXext
- libXi
- libXinerama
- libXmu
- libXp
- libXrandr
- libXrender
- libXrender-devel
- libXt
- libXtst
- libXv
- libXxf86dga
- libXxf86misc
- libXxf86vm
- lm_sensors-libs
- lsof
- lvm2
- make
- mlocate
- module-init-tools
- mpfr
- ncurses
- ncurses-devel
- ncurses-libs
- net-snmp
- net-tools
- nfs-utils
- nmap
- nscd
- ntp
- openssh-clients
- parted
- perl
- policycoreutils
- policycoreutils-python
- procps
- protobuf-c
- psmisc
- quota
- quota-nls
- readline
- readline-devel
- rlwrap
- rpcbind
- sg3_utils
- smartmontools
- sysstat
- system-storage-manager
- tar
- tree
- unixODBC
- unixODBC-devel
- unzip
- util-linux-ng
- vim
- vim-enhanced
- wget
- xdpyinfo
- xfsprogs
- xorg-x11-server-utils
- xorg-x11-utils
- xorg-x11-xauth
- xorg-x11-xinit
- xterm
- yum-utils
#----------------------------------------------------------------------
# paramètres du noyeau pour une installation Oracle
#----------------------------------------------------------------------
oracle_sysconfig:
# shmall = 50% de la RAM pour les SGA Oracle, divisé par PAGE_SIZE (getconf PAGE_SIZE = 4096)
# on suppose que 60% de la RAM sera affectée aux SGA
- { name: fs.file-max, value: 6815744 }
- { name: fs.aio-max-nr, value: 1048576 }
- { name: kernel.sem, value: "250 32000 100 128" }
- { name: kernel.shmmni, value: 4096 }
# setting for kernel.shmall is 1073741824 on x86_64
- { name: kernel.shmall, value: 1073741824 }
# - { name: kernel.shmall, value: "{{ ((0.6 * ansible_memtotal_mb)*1024*1024/4096)|round|int }}" }
# setting for kernel.shmmax is 4398046511104 on x86_64
- { name: kernel.shmmax, value: 4398046511104 }
# - { name: kernel.shmmax, value: "{{ ((0.8 * ansible_memtotal_mb)*1024*1024)|round|int }}" }
- { name: net.core.rmem_default, value: 262144 }
- { name: net.core.rmem_max, value: 4194304 }
- { name: net.core.wmem_default, value: 262144 }
- { name: net.core.wmem_max, value: 1048576 }
- { name: net.ipv4.conf.all.rp_filter, value: 2 }
- { name: net.ipv4.conf.default.rp_filter, value: 2 }
- { name: net.ipv4.ip_local_port_range, value: "9000 65500" }
- { name: vm.swappiness, value: 10 }
- { name: vm.min_free_kbytes, value: 524288 }
- { name: vm.hugetlb_shm_group, value: 1001 }
# - { name: vm.nr_hugepages, value: "{{ (((percent_hugepages/100) * ansible_memtotal_mb)/2)|round|int }}" }
# Orabug 19212317
- { name: kernel.panic_on_oops, value: 1 }
#----------------------------------------------------------------------
# paramètres security limits pour une installation Oracle
#----------------------------------------------------------------------
oracle_seclimits:
# setting for nofile soft limit is 1024
- "* soft nofile 1024"
# setting for nofile hard limit is 65536
- "* hard nofile 65536"
# setting for nproc soft limit is 16384
- "* soft nproc 16384"
# setting for nproc hard limit is 16384
- "* hard nproc 16384"
# setting for memlock soft limit is maximum of 128GB on x86_64 or 3GB on x86 OR 90% of RAM
# - "* soft memlock 134217728"
- "* soft memlock {{ [((0.9 * ansible_memtotal_mb)*1024)|round|int,134217728] | max }}"
# setting for memlock hard limit is maximum of 128GB on x86_64 or 3GB on x86 OR 90% of RAM
# - "* hard memlock 134217728"
- "* hard memlock {{ [((0.9 * ansible_memtotal_mb)*1024)|round|int,134217728] | max }}"
# setting for stack soft limit is 10240KB
- "* soft stack 10240"
# setting for stack hard limit is 32768KB
- "* hard stack 32768"
- "* soft data unlimited"
- "* hard data unlimited"
- "* soft core unlimited"
- "* hard core unlimited"
#---------------------------------------------------------------------
# pramètres de configuation sécurisée :
#---------------------------------------------------------------------
linux_secure_config:
- { name: net.ipv4.conf.all.accept_redirects, value: 0 }
- { name: net.ipv4.conf.all.accept_source_route, value: 0 }
- { name: net.ipv4.conf.all.log_martians, value: 1 }
- { name: net.ipv4.conf.all.secure_redirects, value: 0 }
- { name: net.ipv4.conf.default.accept_redirects, value: 0 }
- { name: net.ipv4.conf.default.accept_source_route, value: 0 }
- { name: net.ipv4.conf.default.log_martians, value: 1 }
- { name: net.ipv4.conf.default.secure_redirects, value: 0 }
- { name: net.ipv4.icmp_echo_ignore_broadcasts, value: 1 }
- { name: net.ipv4.icmp_ignore_bogus_error_responses, value: 1 }
- { name: net.ipv4.ip_forward, value: 0 }
- { name: net.ipv6.conf.all.accept_ra, value: 0 }
- { name: net.ipv6.conf.all.accept_redirects, value: 0 }
- { name: net.ipv6.conf.all.accept_source_route, value: 0 }
- { name: net.ipv6.conf.default.accept_ra, value: 0 }
- { name: net.ipv6.conf.default.accept_redirects, value: 0 }
- { name: net.ipv6.conf.default.accept_source_route, value: 0 }

175
roles/oracle-db-preinstall/vars/RedHat_8.yml Normal file
View File

@@ -0,0 +1,175 @@
# Fichier de paramètres pour Oracle Linux 8
---
#----------------------------------------------------------------------
# packages linux nécessaires pour travailler
#----------------------------------------------------------------------
linux_packages:
- bc
- bind-libs
- bind-libs-lite
- bind-license
- bind-utils
- binutils
- chrony
- elfutils-libelf
- elfutils-libelf-devel
- fontconfig-devel
- fstrm
- glibc
- glibc-devel
- glibc-headers
- gssproxy
- htop
- kernel-headers
- keyutils
- ksh
- libaio
- libaio-devel
- libdmx
- libgcc
- libibverbs
- libICE
- libmaxminddb
- libnsl
- libpkgconf
- librdmacm
- libSM
- libstdc++
- libstdc++-devel
- libverto-libevent
- libX11
- libX11-common
- libX11-xcb
- libXau
- libxcb
- libXcomposite
- libxcrypt-devel
- libXext
- libXi
- libXinerama
- libXmu
- libXrandr
- libXrender
- libXt
- libXtst
- libXv
- libXxf86dga
- libXxf86misc
- libXxf86vm
- lm_sensors-libs
- make
- mlocate
- net-snmp
- net-tools
- nfs-utils
- perl
- pkgconf
- pkgconf-m4
- pkgconf-pkg-config
- policycoreutils
- policycoreutils-python-utils
- protobuf-c
- psmisc
- python3-bind
- python3-pyyaml
- quota
- quota-nls
- rpcbind
- smartmontools
- smartmontools
- sysstat
- tar
- tree
- unixODBC
- unixODBC-devel
- unzip
- vim
- vim-enhanced
- wget
- xorg-x11-utils
- xorg-x11-xauth
- numactl
#----------------------------------------------------------------------
# paramètres du noyeau pour une installation Oracle
#----------------------------------------------------------------------
oracle_sysconfig:
# shmall = 50% de la RAM pour les SGA Oracle, divisé par PAGE_SIZE (getconf PAGE_SIZE = 4096)
# on suppose que 60% de la RAM sera affectée aux SGA
- { name: fs.file-max, value: 6815744 }
- { name: fs.aio-max-nr, value: 1048576 }
- { name: kernel.sem, value: "250 32000 100 128" }
- { name: kernel.shmmni, value: 4096 }
# setting for kernel.shmall is 1073741824 on x86_64
- { name: kernel.shmall, value: 1073741824 }
# - { name: kernel.shmall, value: "{{ ((0.6 * ansible_memtotal_mb)*1024*1024/4096)|round|int }}" }
# setting for kernel.shmmax is 4398046511104 on x86_64
- { name: kernel.shmmax, value: 4398046511104 }
# - { name: kernel.shmmax, value: "{{ ((0.8 * ansible_memtotal_mb)*1024*1024)|round|int }}" }
- { name: net.core.rmem_default, value: 262144 }
- { name: net.core.rmem_max, value: 4194304 }
- { name: net.core.wmem_default, value: 262144 }
- { name: net.core.wmem_max, value: 1048576 }
- { name: net.ipv4.conf.all.rp_filter, value: 2 }
- { name: net.ipv4.conf.default.rp_filter, value: 2 }
- { name: net.ipv4.ip_local_port_range, value: "9000 65500" }
- { name: vm.swappiness, value: 10 }
# vm.min_free_kbytes value (Kb) MAX(1GB * number_numa_nodes, 0.5% * total_memory)
- { name: vm.min_free_kbytes, value: "{{ ((1048576, ((0.5/100 * ansible_memtotal_mb)*1024)|round|int) | max) }}" }
# - { name: vm.min_free_kbytes, value: 1048576 }
- { name: vm.hugetlb_shm_group, value: 1001 }
# - { name: vm.nr_hugepages, value: "{{ (((percent_hugepages/100) * ansible_memtotal_mb)/2)|round|int }}" }
# Orabug 19212317
- { name: kernel.panic_on_oops, value: 1 }
#----------------------------------------------------------------------
# paramètres security limits pour une installation Oracle
#----------------------------------------------------------------------
oracle_seclimits:
# setting for nofile soft limit is 1024
- "* soft nofile 1024"
# setting for nofile hard limit is 65536
- "* hard nofile 65536"
# setting for nproc soft limit is 16384
- "* soft nproc 16384"
# setting for nproc hard limit is 16384
- "* hard nproc 16384"
# setting for memlock soft limit is maximum of 128GB on x86_64 or 3GB on x86 OR 90% of RAM
# - "* soft memlock 134217728"
- "* soft memlock {{ [((0.9 * ansible_memtotal_mb)*1024)|round|int,134217728] | max }}"
# setting for memlock hard limit is maximum of 128GB on x86_64 or 3GB on x86 OR 90% of RAM
# - "* hard memlock 134217728"
- "* hard memlock {{ [((0.9 * ansible_memtotal_mb)*1024)|round|int,134217728] | max }}"
# setting for stack soft limit is 10240KB
- "* soft stack 10240"
# setting for stack hard limit is 32768KB
- "* hard stack 32768"
- "* soft data unlimited"
- "* hard data unlimited"
- "* soft core unlimited"
- "* hard core unlimited"
#---------------------------------------------------------------------
# pramètres de configuation sécurisée :
#---------------------------------------------------------------------
linux_secure_config:
- { name: net.ipv4.conf.all.accept_redirects, value: 0 }
- { name: net.ipv4.conf.all.accept_source_route, value: 0 }
- { name: net.ipv4.conf.all.log_martians, value: 1 }
- { name: net.ipv4.conf.all.secure_redirects, value: 0 }
- { name: net.ipv4.conf.default.accept_redirects, value: 0 }
- { name: net.ipv4.conf.default.accept_source_route, value: 0 }
- { name: net.ipv4.conf.default.log_martians, value: 1 }
- { name: net.ipv4.conf.default.secure_redirects, value: 0 }
- { name: net.ipv4.icmp_echo_ignore_broadcasts, value: 1 }
- { name: net.ipv4.icmp_ignore_bogus_error_responses, value: 1 }
- { name: net.ipv4.ip_forward, value: 0 }
- { name: net.ipv6.conf.all.accept_ra, value: 0 }
- { name: net.ipv6.conf.all.accept_redirects, value: 0 }
- { name: net.ipv6.conf.all.accept_source_route, value: 0 }
- { name: net.ipv6.conf.default.accept_ra, value: 0 }
- { name: net.ipv6.conf.default.accept_redirects, value: 0 }
- { name: net.ipv6.conf.default.accept_source_route, value: 0 }

43
roles/oracle-db-preinstall/vars/main.yml Normal file
View File

@@ -0,0 +1,43 @@
---
# pour une installation oracle renseigner ces variables
# pour les scripts d'exploitation et la création des répertoires
oracle_version: "19.0.0"
oracle_base: "/u01/app/oracle"
oracle_home: "{{ oracle_base }}/product/{{oracle_version}}/dbhome_1"
oracle_inventory: "/u01/app/oraInventory"
oracle_sources: "/u01/sources"
oracle_oradata: "/u02/oradata/"
oracle_fra: "/u03/fast_recovery_area/"
# faire une configuration minimal ?
# la configuration complète : fait en plus la création des users, des groupes, des répertoires ...
full_configuration: true
# faire une configuration securisée du system d'exploitation
secure_configuration: false
#----------------------------------------------------------------------
# services Linux à désactiver :
#----------------------------------------------------------------------
linux_services:
- avahi-daemon
- bluetooth
- cups
- firewalld
- firstboot
- gpm
- hidd
- hplip
- ip6tables
- iptables
- isdn
- mcstrans
- mdmonitor
- ntpd
- restorecond
- rhnsd
- setroubleshoot
- smartd
- yum-updatesd