Yacine/oracle_19_install
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Yacine31
2022-12-14 00:27:31 +01:00
commit 49265ea380
44 changed files with 2745 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
roles/oracle-db-preinstall/tasks/dir_creation.yml Normal file
View File

@@ -0,0 +1,28 @@
---
# création des répertoires Oracle
#
# mkdir -p /u01/app/oracle
# mkdir -p /u01/app/oraInventory
# chown -R oracle:oinstall /u01/app/oracle
# chown -R oracle:oinstall /u01/app/oraInventory
# chmod -R 775 /u01/app
# su - oracle
# mkdir -p /u01/app/oracle/product/19.0.0/dbhome_1
# cd /u01/app/oracle/product/19.0.0/dbhome_1
# unzip -q /tmp/db_home.zip
# cd /u01/app/oracle/product/19.0.0/dbhome_1
# ./runInstaller
- name: Création du répertoire oracle
file: dest={{ item }} mode=775 owner=oracle group=oinstall state=directory recurse=yes
with_items:
- "{{ oracle_base }}"
- "{{ oracle_inventory }}"
- "{{ oracle_home }}"
- "{{ oracle_sources }}"
- "{{ oracle_oradata }}"
- "{{ oracle_fra }}"
when: full_configuration
tags: directoriesdb

97
roles/oracle-db-preinstall/tasks/grub_configuration.yml Normal file
View File

@@ -0,0 +1,97 @@
---
# ---------------------------------------------------
# configuration de grub
# ---------------------------------------------------
# ---------------------------------------------------
# suppression de rhgb
# ---------------------------------------------------
- name: check if rhgb is set
ansible.builtin.shell: grubby --info DEFAULT | grep rhgb | wc -l
register: grep_count
tags: grub
- name: Configuration grub - Suppression de rhgb
shell: grubby --update-kernel=ALL --remove-args=rhgb
when: grep_count.stdout != '0' and ansible_distribution_major_version >= '7'
tags: grub
# ---------------------------------------------------
# suppression de quiet
# ---------------------------------------------------
- name: check if quiet is set
ansible.builtin.shell: grubby --info DEFAULT | grep quiet | wc -l
register: grep_count
tags: grub
- name: Configuration grub - Suppression de quiet
shell: grubby --update-kernel=ALL --remove-args=quiet
when: grep_count.stdout != '0' and ansible_distribution_major_version >= '7'
tags: grub
# ---------------------------------------------------
# ajout de transparent_hugepage=never
# ---------------------------------------------------
- name: check if transparent_hugepage=never is set
ansible.builtin.shell: grubby --info DEFAULT | grep -i transparent_hugepage=never | wc -l
register: grep_count
tags: grub
- name: Configuration grub - Désactivation de Transparent Hugepages
shell: grubby --update-kernel=ALL --args=transparent_hugepage=never
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub
# ---------------------------------------------------
# ajout de numa=off
# ---------------------------------------------------
- name: check if numa=off is set
ansible.builtin.shell: grubby --info DEFAULT | grep -i numa=off | wc -l
register: grep_count
tags: grub
- name: Configuration grub - Désactivation de numa=off
shell: grubby --update-kernel=ALL --args=numa=off
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub
# ---------------------------------------------------
# ajout de elevator=deadline
# ---------------------------------------------------
- name: check if elevator=deadline is set
ansible.builtin.shell: grubby --info DEFAULT | grep -i elevator=deadline | wc -l
register: grep_count
tags: grub
- name: Configuration grub - elevator=deadline
shell: grubby --update-kernel=ALL --args=elevator=deadline
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub
# ---------------------------------------------------
# ajout de vga=791
# ---------------------------------------------------
- name: check if vga=791 is set
ansible.builtin.shell: grubby --info DEFAULT | grep -i vga=791 | wc -l
register: grep_count
tags: grub
- name: Configuration grub - vga=791
shell: grubby --update-kernel=ALL --args=vga=791
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub
# ---------------------------------------------------
# ajout de GRUB_ENABLE_BLSCFG=true
# Workaround of Orabug 20734786
# ---------------------------------------------------
- name: check if GRUB_ENABLE_BLSCFG=true is set
ansible.builtin.shell: grubby --info DEFAULT | grep -i GRUB_ENABLE_BLSCFG=true | wc -l
register: grep_count
tags: grub
- name: Configuration grub - GRUB_ENABLE_BLSCFG=true
shell: grubby --update-kernel=ALL --args=GRUB_ENABLE_BLSCFG=true
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub

49
roles/oracle-db-preinstall/tasks/main.yml Normal file
View File

@@ -0,0 +1,49 @@
---
- name: Vérification de la distribution, la version et le kernel
assert:
that: ansible_architecture == 'x86_64' and ansible_os_family == 'RedHat' and ansible_system == 'Linux'
tags: oscheck
# ---------------------------------------------------
# Ajout du fichier de paramètres : Redhat_8.yml ou Redhat_7.yml ...
# ---------------------------------------------------
- name: ajout des paramètres spécifique à l'OS
include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
# ---------------------------------------------------
# configuration des packages necessaires pour Linux
# ---------------------------------------------------
- include: os_configuration.yml
# ---------------------------------------------------
# configuration réseau
# ---------------------------------------------------
- include: network_configuration.yml
# ---------------------------------------------------
# configuration Linux : grub
# ---------------------------------------------------
- include: grub_configuration.yml
# ---------------------------------------------------
# configuration Linux : Sécurisation
# ---------------------------------------------------
- include: secure_configuration.yml
# ---------------------------------------------------
# configuration Linux : Utilisateurs et groupes Oracle
# ---------------------------------------------------
- include: users_configuration.yml
# ---------------------------------------------------
# configuration Linux : personnalisation rlwrap
# ---------------------------------------------------
- include: rlwrap.yml
# ---------------------------------------------------
# configuration Linux : Création des répertoires Oracle
# ---------------------------------------------------
- include: dir_creation.yml

28
roles/oracle-db-preinstall/tasks/network_configuration.yml Normal file
View File

@@ -0,0 +1,28 @@
---
# ---------------------------------------------------
# configuration réseau
# ---------------------------------------------------
- name: Modification resolv.conf pour ajouter attempts et timeout
lineinfile: dest=/etc/resolv.conf line="{{ item.line }}"
with_items:
- { line: "options attempts:2" }
- { line: "options timeout:1" }
- name: Desactivation de IP v6 et ZeroConf (Doc ID 1161144.1)
lineinfile: dest=/etc/sysconfig/network line="{{ item.line }}"
with_items:
- { line: "NETWORKING_IPV6=no" }
- { line: "IPV6INIT=no" }
- { line: "NOZEROCONF=yes" }
tags: ipv6
- name: desactivation permanente de IP v6
lineinfile:
dest=/etc/sysctl.d/98-disable_ipv6.conf
line="{{ item.line }}"
state=present
create=yes
with_items:
- { line: "net.ipv6.conf.all.disable_ipv6 = 1" }
- { line: "net.ipv6.conf.default.disable_ipv6 = 1" }
tags: ipv6

128
roles/oracle-db-preinstall/tasks/os_configuration.yml Normal file
View File

@@ -0,0 +1,128 @@
---
# ---------------------------------------------------
# configuration des packages necessaires pour Linux
# ---------------------------------------------------
- name: YUM - installation des packages nécessaires
yum: name={{ linux_packages }} state=latest disable_gpg_check=yes
tags: rpm_packages
# ---------------------------------------------------
# configuration du serveur Chronyd - Linux >= 7
# ---------------------------------------------------
- name: start chronyd
service: name=chronyd state=started enabled=yes
ignore_errors: true
# ---------------------------------------------------
# configuration Linux : Selinux
# ---------------------------------------------------
- name: Desactiver Selinux (de façon permanente)
selinux: state=disabled
register: selinux
tags: selinux
- name: Disactiver Selinux (runtime)
shell: setenforce 0
ignore_errors: true
tags: selinux
# ---------------------------------------------------
# configuration Linux : les services
# ---------------------------------------------------
- name: arrêter et désactiver les services inutils
with_items: "{{ linux_services }}"
service: name={{ item }} state=stopped enabled=no
tags: linuxservices
ignore_errors: true
#------------------------------------------------------------------------------------
# configuration Linux : Paramètres du kernel
#------------------------------------------------------------------------------------
# - name: Linux - Ajustement des paramètres du Kernel dans /etc/sysctl.d/oracle_sysctl.conf
# state=present reload=yes ignoreerrors=yes sysctl_set=yes sysctl_file=/etc/sysctl.d/99-oracle-sysctl.conf
- name: Linux - Ajustement des paramètres du Kernel dans /etc/sysctl.d/99-oracle-database-preinstall-19c-sysctl.conf
sysctl:
name={{ item.name }} value={{ item.value }}
state=present reload=yes ignoreerrors=yes sysctl_set=yes sysctl_file=/etc/sysctl.d/99-oracle-database-preinstall-19c-sysctl.conf
with_items: "{{ oracle_sysconfig }}"
tags: sysctl.conf
- name: Configuration PAM
lineinfile: dest=/etc/pam.d/login state=present line="session required pam_limits.so"
tags: pamconfig
# lineinfile: dest=/etc/security/limits.d/oracle_seclimits.conf create=yes state=present line={{ item }}
- name: Linux - Ajustement des limits pour Oracle dans /etc/security/limits.d/oracle-database-preinstall-19c.conf
lineinfile: dest=/etc/security/limits.d/oracle-database-preinstall-19c.conf create=yes state=present line={{ item }}
with_items: "{{ oracle_seclimits }}"
tags: seclimit
# ---------------------------------------------------
# Shell : aliases bash & oracle
# ---------------------------------------------------
- name: Ajout du fichier z_oracle dans /etc/profile.d
copy: src=z_oracle.sh dest=/etc/profile.d/z_oracle.sh owner=root mode=644
tags: z_oracle
- name: BASH - Ajout du fichier z_bash_aliases dans /etc/profile.d
copy: src=z_bash_aliases.sh dest=/etc/profile.d/z_bash_aliases.sh owner=root mode=644
tags: bash_alias
- name: BASH - ajout de ignore-case pour autocompletion avec TAB
lineinfile: dest=/etc/inputrc line="set completion-ignore-case On" create=yes state=present
tags: bash_tab
- name: Desactivation de la commande crontab -r
lineinfile: dest=/etc/profile.d/z_crontab_r.sh
line='crontab () { [[ $@ =~ -[iel]*r ]] && echo "option -r (remove) not allowed" || command crontab "$@" ;}'
state=present
create=yes
tags: bash_cron_r
# ---------------------------------------------------
# configuration Linux : Mode panic
# ---------------------------------------------------
- name: Configuratio du mode panic sur perte du /
shell: free_form="tune2fs -e panic `df -P / |tail -1 | awk '{print $1}'`"
tags: mode_panic
- name: Configuration du mode panic sur bug du kernel
sysctl: name=kernel.panic_on_oops value=1 state=present reload=yes ignoreerrors=yes
tags: mode_panic
# ---------------------------------------------------
# configuration du démarrage en mode 3 par défaut
# ---------------------------------------------------
- name: Configuration du mode 3 comme mode de démarrage par défaut
shell: systemctl set-default multi-user.target
tags: init3
# ---------------------------------------------------
# configuration Linux : config oracle pour logrotate
# Gestion des fichiers logs seulement (archivage et réinitialisation)
# ---------------------------------------------------
- name: Gestion des logs Oracle - copie du fichier de configuration pour logrotate
template: src=logrotate_oracle.j2 dest=/etc/logrotate.d/oracle mode=644 owner=root group=root
tags: logrotate
# ---------------------------------------------------
# configuration Linux : oracle cleaner dans cron.daily
# Gestion des fichiers trace et xml : purge des anciens fichiers
# ---------------------------------------------------
- name: Netoyage ADR Oracle - copie du fichier de configuration pour cron
template: src=cron_oracle_cleaner.j2 dest=/etc/cron.daily/oracle_cleaner mode=755 owner=root group=root
tags: cron_daily
# ---------------------------------------------------
# copy du fichier dbora.service dans /lib/systemd/system pour redémmarage auto
# ---------------------------------------------------
- name: Copie du script de démarrage auto des bases Oracle
template: src=dbora.service.j2 dest=/lib/systemd/system/dbora.service owner=root mode=644
tags: dbora_init
- name: Activation par systemctl du script de démarrage auto des bases Oracle
systemd: name=dbora daemon_reload=yes enabled=yes
tags: dbora_init

22
roles/oracle-db-preinstall/tasks/rlwrap.yml Normal file
View File

@@ -0,0 +1,22 @@
---
# ---------------------------------------------------
# installation de l'utilitaire rlwrap pour oracle
# ---------------------------------------------------
- name: YUM - installation de rlwrap
yum: name=rlwrap state=latest disable_gpg_check=yes
tags: rlwrap
# - name: Copy du rpm rlwrap OL8 vers le serveur
# copy: src=rlwrap-0.45.2-1.el8.x86_64.rpm dest=/tmp/rlwrap.x86_64.rpm owner=root mode=644
# tags: rlwrap
#
# - name: Install rlwrap rpm from a local file
# yum:
# name: /tmp/rlwrap.x86_64.rpm
# state: present
# disable_gpg_check: yes
# tags: rlwrap
#
# - name: suppression du rpm rlwrap du serveur
# file: path=/tmp/rlwrap.x86_64.rpm state=absent
# tags: rlwrap

17
roles/oracle-db-preinstall/tasks/secure_configuration.yml Normal file
View File

@@ -0,0 +1,17 @@
---
# ---------------------------------------------------
# configuration Linux : Sécurisation
# ---------------------------------------------------
- name: Ajout du soft reboot
lineinfile: dest=/etc/rc.local state=present line='/sbin/ctrlaltdel soft'
tags: softreboot
- name: Sécurisation du vidage mémoire
copy: src="00-vidage.conf" dest="/etc/security/limits.d/00-vidage.conf"
- name: Application des paramètres de configuration sécurisée
sysctl: name={{ item.name }} value={{ item.value }} state=present reload=yes ignoreerrors=yes
when: secure_configuration
with_items: "{{ linux_secure_config }}"
tags: secure_config

47
roles/oracle-db-preinstall/tasks/users_configuration.yml Normal file
View File

@@ -0,0 +1,47 @@
---
# ---------------------------------------------------
# CRéation des groupes
# ---------------------------------------------------
- name: Création des groupes
group: name={{ item.group }} gid={{ item.gid }} state=present
with_items:
- { group: oinstall, gid: 1001}
- { group: dba, gid: 1002 }
- { group: oper, gid: 1003 }
- { group: backupdba, gid: 1004 }
- { group: dgdba, gid: 1005 }
- { group: kmdba, gid: 1006 }
- { group: racdba, gid: 1007 }
- { group: asmadmin, gid: 1008 }
- { group: asmdba, gid: 1009 }
- { group: asmoper, gid: 1010 }
ignore_errors: true
when: full_configuration |bool
tags: group
# ---------------------------------------------------
# Création des utilisateurs : password Oracle123 => full configuration
# ---------------------------------------------------
- name: Création du compte Oracle et grid
user:
name={{ item.username }} group={{ item.primgroup }}
groups={{ item.othergroups }} uid={{ item.uid }}
generate_ssh_key=yes append=yes state=present update_password=on_create password={{ item.passwd }}
with_items:
- { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,oper,backupdba,dgdba,kmdba,racdba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"}
- { username: grid, uid: 1002, primgroup: oinstall, othergroups: "dba,asmdba,asmoper,asmadmin,racdba", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"}
ignore_errors: true
when: full_configuration |bool
tags: user
# ---------------------------------------------------
# Ajout du compte oracle et grid au sudoers
# ---------------------------------------------------
- name: Ajout du compte oracle et grid au sudoers
ignore_errors: true
template: src=sudoers.j2 dest=/etc/sudoers.d/{{ item }} owner=root mode=0600
with_items:
- oracle
- grid
tags: sudoadd