Initial commit

roles/oracle-db-preinstall/vars/RedHat_7.yml

@@ -0,0 +1,200 @@
+# Fichier de paramètres pour Oracle Linux 7
+---
+
+  #----------------------------------------------------------------------
+  # packages linux nécessaires pour travailler
+  #----------------------------------------------------------------------
+  linux_packages:
+    - bc
+    - bind-libs
+    - bind-libs-lite
+    - bind-license
+    - bind-utils
+    - binutils
+    - btrfs-progs
+    - chrony
+    - compat-libcap1
+    - compat-libstdc++-33
+    - cpp
+    - deltarpm
+    - device-mapper-multipath
+    - elfutils-libelf
+    - elfutils-libelf-devel
+    - ethtool
+    - fontconfig-devel
+    - fstrm
+    - gcc
+    - gcc-c++
+    - glibc
+    - glibc-devel
+    - glibc-devel.i686
+    - glibc-headers
+    - gssproxy
+    - htop
+    - kernel-headers
+    - keyutils
+    - ksh
+    - libaio
+    - libaio-devel
+    - libdmx
+    - libgcc
+    - libibverbs
+    - libICE
+    - libmaxminddb
+    - librdmacm
+    - libselinux-python
+    - libSM
+    - libstdc++
+    - libstdc++-devel
+    - libtool-ltdl
+    - libverto-libevent
+    - libX11
+    - libX11-common
+    - libXau
+    - libxcb
+    - libXext
+    - libXi
+    - libXinerama
+    - libXmu
+    - libXp
+    - libXrandr
+    - libXrender
+    - libXrender-devel
+    - libXt
+    - libXtst
+    - libXv
+    - libXxf86dga
+    - libXxf86misc
+    - libXxf86vm
+    - lm_sensors-libs
+    - lsof
+    - lvm2
+    - make
+    - mlocate
+    - module-init-tools
+    - mpfr
+    - ncurses
+    - ncurses-devel
+    - ncurses-libs
+    - net-snmp
+    - net-tools
+    - nfs-utils
+    - nmap
+    - nscd
+    - ntp
+    - openssh-clients
+    - parted
+    - perl
+    - policycoreutils
+    - policycoreutils-python
+    - procps
+    - protobuf-c
+    - psmisc
+    - quota
+    - quota-nls
+    - readline
+    - readline-devel
+    - rlwrap
+    - rpcbind
+    - sg3_utils
+    - smartmontools
+    - sysstat
+    - system-storage-manager
+    - tar
+    - tree
+    - unixODBC
+    - unixODBC-devel
+    - unzip
+    - util-linux-ng
+    - vim
+    - vim-enhanced
+    - wget
+    - xdpyinfo
+    - xfsprogs
+    - xorg-x11-server-utils
+    - xorg-x11-utils
+    - xorg-x11-xauth
+    - xorg-x11-xinit
+    - xterm
+    - yum-utils
+
+
+  #----------------------------------------------------------------------
+  # paramètres du noyeau pour une installation Oracle
+  #----------------------------------------------------------------------
+  oracle_sysconfig:
+      # shmall = 50% de la RAM pour les SGA Oracle, divisé par PAGE_SIZE (getconf PAGE_SIZE = 4096)
+      # on suppose que 60% de la RAM sera affectée aux SGA
+      - { name: fs.file-max, value: 6815744 }
+      - { name: fs.aio-max-nr, value: 1048576 }
+      - { name: kernel.sem, value: "250 32000 100 128" }
+      - { name: kernel.shmmni, value: 4096 }
+      # setting for kernel.shmall is 1073741824 on x86_64
+      - { name: kernel.shmall, value: 1073741824 }
+      # - { name: kernel.shmall, value: "{{ ((0.6 * ansible_memtotal_mb)*1024*1024/4096)|round|int  }}" }
+      # setting for kernel.shmmax is 4398046511104 on x86_64
+      - { name: kernel.shmmax, value: 4398046511104 }
+      # - { name: kernel.shmmax, value: "{{ ((0.8 * ansible_memtotal_mb)*1024*1024)|round|int  }}" }
+      - { name: net.core.rmem_default, value: 262144 }
+      - { name: net.core.rmem_max, value: 4194304 }
+      - { name: net.core.wmem_default, value: 262144 }
+      - { name: net.core.wmem_max, value: 1048576 }
+      - { name: net.ipv4.conf.all.rp_filter, value: 2 }
+      - { name: net.ipv4.conf.default.rp_filter, value: 2 }
+      - { name: net.ipv4.ip_local_port_range, value: "9000 65500" }
+      - { name: vm.swappiness, value: 10 }
+      - { name: vm.min_free_kbytes, value: 524288 }
+      - { name: vm.hugetlb_shm_group, value: 1001 }
+      # - { name: vm.nr_hugepages, value: "{{ (((percent_hugepages/100) * ansible_memtotal_mb)/2)|round|int  }}" }
+      # Orabug 19212317
+      - { name: kernel.panic_on_oops, value: 1 }
+
+  #----------------------------------------------------------------------
+  # paramètres security limits pour une installation Oracle
+  #----------------------------------------------------------------------
+  oracle_seclimits:
+      # setting for nofile soft limit is 1024
+      - "* soft nofile 1024"
+      #  setting for nofile hard limit is 65536
+      - "* hard nofile 65536"
+      # setting for nproc soft limit is 16384
+      - "* soft nproc 16384"
+      # setting for nproc hard limit is 16384
+      - "* hard nproc 16384"
+      # setting for memlock soft limit is maximum of 128GB on x86_64 or 3GB on x86 OR 90% of RAM
+      # - "* soft memlock 134217728"
+      - "* soft memlock {{ [((0.9 * ansible_memtotal_mb)*1024)|round|int,134217728] | max }}"
+      # setting for memlock hard limit is maximum of 128GB on x86_64 or 3GB on x86 OR 90% of RAM
+      # - "* hard memlock 134217728"
+      - "* hard memlock {{ [((0.9 * ansible_memtotal_mb)*1024)|round|int,134217728] | max }}"
+      # setting for stack soft limit is 10240KB
+      - "* soft stack 10240"
+      # setting for stack hard limit is 32768KB
+      - "* hard stack 32768"
+      - "* soft data unlimited"
+      - "* hard data unlimited"
+      - "* soft core unlimited"
+      - "* hard core unlimited"
+
+  #---------------------------------------------------------------------
+  # pramètres de configuation sécurisée :
+  #---------------------------------------------------------------------
+  linux_secure_config:
+      - { name: net.ipv4.conf.all.accept_redirects, value: 0 }
+      - { name: net.ipv4.conf.all.accept_source_route, value: 0 }
+      - { name: net.ipv4.conf.all.log_martians, value: 1 }
+      - { name: net.ipv4.conf.all.secure_redirects, value: 0 }
+      - { name: net.ipv4.conf.default.accept_redirects, value: 0 }
+      - { name: net.ipv4.conf.default.accept_source_route, value: 0 }
+      - { name: net.ipv4.conf.default.log_martians, value: 1 }
+      - { name: net.ipv4.conf.default.secure_redirects, value: 0 }
+      - { name: net.ipv4.icmp_echo_ignore_broadcasts, value: 1 }
+      - { name: net.ipv4.icmp_ignore_bogus_error_responses, value: 1 }
+      - { name: net.ipv4.ip_forward, value: 0 }
+      - { name: net.ipv6.conf.all.accept_ra, value: 0 }
+      - { name: net.ipv6.conf.all.accept_redirects, value: 0 }
+      - { name: net.ipv6.conf.all.accept_source_route, value: 0 }
+      - { name: net.ipv6.conf.default.accept_ra, value: 0 }
+      - { name: net.ipv6.conf.default.accept_redirects, value: 0 }
+      - { name: net.ipv6.conf.default.accept_source_route, value: 0 }
+

roles/oracle-db-preinstall/vars/RedHat_8.yml

@@ -0,0 +1,175 @@
+# Fichier de paramètres pour Oracle Linux 8
+---
+
+  #----------------------------------------------------------------------
+  # packages linux nécessaires pour travailler
+  #----------------------------------------------------------------------
+  linux_packages:
+   - bc
+   - bind-libs
+   - bind-libs-lite
+   - bind-license
+   - bind-utils
+   - binutils
+   - chrony
+   - elfutils-libelf
+   - elfutils-libelf-devel
+   - fontconfig-devel
+   - fstrm
+   - glibc
+   - glibc-devel
+   - glibc-headers
+   - gssproxy
+   - htop
+   - kernel-headers
+   - keyutils
+   - ksh
+   - libaio
+   - libaio-devel
+   - libdmx
+   - libgcc
+   - libibverbs
+   - libICE
+   - libmaxminddb
+   - libnsl
+   - libpkgconf
+   - librdmacm
+   - libSM
+   - libstdc++
+   - libstdc++-devel
+   - libverto-libevent
+   - libX11
+   - libX11-common
+   - libX11-xcb
+   - libXau
+   - libxcb
+   - libXcomposite
+   - libxcrypt-devel
+   - libXext
+   - libXi
+   - libXinerama
+   - libXmu
+   - libXrandr
+   - libXrender
+   - libXt
+   - libXtst
+   - libXv
+   - libXxf86dga
+   - libXxf86misc
+   - libXxf86vm
+   - lm_sensors-libs
+   - make
+   - mlocate
+   - net-snmp
+   - net-tools
+   - nfs-utils
+   - perl
+   - pkgconf
+   - pkgconf-m4
+   - pkgconf-pkg-config
+   - policycoreutils
+   - policycoreutils-python-utils
+   - protobuf-c
+   - psmisc
+   - python3-bind
+   - python3-pyyaml
+   - quota
+   - quota-nls
+   - rpcbind
+   - smartmontools
+   - smartmontools
+   - sysstat
+   - tar
+   - tree
+   - unixODBC
+   - unixODBC-devel
+   - unzip
+   - vim
+   - vim-enhanced
+   - wget
+   - xorg-x11-utils
+   - xorg-x11-xauth
+   - numactl
+
+
+  #----------------------------------------------------------------------
+  # paramètres du noyeau pour une installation Oracle
+  #----------------------------------------------------------------------
+  oracle_sysconfig:
+      # shmall = 50% de la RAM pour les SGA Oracle, divisé par PAGE_SIZE (getconf PAGE_SIZE = 4096)
+      # on suppose que 60% de la RAM sera affectée aux SGA
+      - { name: fs.file-max, value: 6815744 }
+      - { name: fs.aio-max-nr, value: 1048576 }
+      - { name: kernel.sem, value: "250 32000 100 128" }
+      - { name: kernel.shmmni, value: 4096 }
+      # setting for kernel.shmall is 1073741824 on x86_64
+      - { name: kernel.shmall, value: 1073741824 }
+      # - { name: kernel.shmall, value: "{{ ((0.6 * ansible_memtotal_mb)*1024*1024/4096)|round|int  }}" }
+      # setting for kernel.shmmax is 4398046511104 on x86_64
+      - { name: kernel.shmmax, value: 4398046511104 }
+      # - { name: kernel.shmmax, value: "{{ ((0.8 * ansible_memtotal_mb)*1024*1024)|round|int  }}" }
+      - { name: net.core.rmem_default, value: 262144 }
+      - { name: net.core.rmem_max, value: 4194304 }
+      - { name: net.core.wmem_default, value: 262144 }
+      - { name: net.core.wmem_max, value: 1048576 }
+      - { name: net.ipv4.conf.all.rp_filter, value: 2 }
+      - { name: net.ipv4.conf.default.rp_filter, value: 2 }
+      - { name: net.ipv4.ip_local_port_range, value: "9000 65500" }
+      - { name: vm.swappiness, value: 10 }
+      # vm.min_free_kbytes value (Kb) MAX(1GB * number_numa_nodes, 0.5% * total_memory) 
+      - { name: vm.min_free_kbytes, value: "{{ ((1048576, ((0.5/100 * ansible_memtotal_mb)*1024)|round|int) | max) }}" }
+      # - { name: vm.min_free_kbytes, value: 1048576 }
+      - { name: vm.hugetlb_shm_group, value: 1001 }
+      # - { name: vm.nr_hugepages, value: "{{ (((percent_hugepages/100) * ansible_memtotal_mb)/2)|round|int  }}" }
+      # Orabug 19212317
+      - { name: kernel.panic_on_oops, value: 1 }
+
+  #----------------------------------------------------------------------
+  # paramètres security limits pour une installation Oracle
+  #----------------------------------------------------------------------
+  oracle_seclimits:
+      # setting for nofile soft limit is 1024
+      - "* soft nofile 1024"
+      #  setting for nofile hard limit is 65536
+      - "* hard nofile 65536"
+      # setting for nproc soft limit is 16384
+      - "* soft nproc 16384"
+      # setting for nproc hard limit is 16384
+      - "* hard nproc 16384"
+      # setting for memlock soft limit is maximum of 128GB on x86_64 or 3GB on x86 OR 90% of RAM
+      # - "* soft memlock 134217728"
+      - "* soft memlock {{ [((0.9 * ansible_memtotal_mb)*1024)|round|int,134217728] | max }}"
+      # setting for memlock hard limit is maximum of 128GB on x86_64 or 3GB on x86 OR 90% of RAM
+      # - "* hard memlock 134217728"
+      - "* hard memlock {{ [((0.9 * ansible_memtotal_mb)*1024)|round|int,134217728] | max }}"
+      # setting for stack soft limit is 10240KB
+      - "* soft stack 10240"
+      # setting for stack hard limit is 32768KB
+      - "* hard stack 32768"
+      - "* soft data unlimited"
+      - "* hard data unlimited"
+      - "* soft core unlimited"
+      - "* hard core unlimited"
+
+  #---------------------------------------------------------------------
+  # pramètres de configuation sécurisée :
+  #---------------------------------------------------------------------
+  linux_secure_config:
+      - { name: net.ipv4.conf.all.accept_redirects, value: 0 }
+      - { name: net.ipv4.conf.all.accept_source_route, value: 0 }
+      - { name: net.ipv4.conf.all.log_martians, value: 1 }
+      - { name: net.ipv4.conf.all.secure_redirects, value: 0 }
+      - { name: net.ipv4.conf.default.accept_redirects, value: 0 }
+      - { name: net.ipv4.conf.default.accept_source_route, value: 0 }
+      - { name: net.ipv4.conf.default.log_martians, value: 1 }
+      - { name: net.ipv4.conf.default.secure_redirects, value: 0 }
+      - { name: net.ipv4.icmp_echo_ignore_broadcasts, value: 1 }
+      - { name: net.ipv4.icmp_ignore_bogus_error_responses, value: 1 }
+      - { name: net.ipv4.ip_forward, value: 0 }
+      - { name: net.ipv6.conf.all.accept_ra, value: 0 }
+      - { name: net.ipv6.conf.all.accept_redirects, value: 0 }
+      - { name: net.ipv6.conf.all.accept_source_route, value: 0 }
+      - { name: net.ipv6.conf.default.accept_ra, value: 0 }
+      - { name: net.ipv6.conf.default.accept_redirects, value: 0 }
+      - { name: net.ipv6.conf.default.accept_source_route, value: 0 }
+

roles/oracle-db-preinstall/vars/main.yml

@@ -0,0 +1,43 @@
+---
+  # pour une installation oracle  renseigner ces variables 
+  # pour les scripts d'exploitation et la création des répertoires
+
+  oracle_version: "19.0.0"
+  oracle_base: "/u01/app/oracle"
+  oracle_home: "{{ oracle_base }}/product/{{oracle_version}}/dbhome_1"
+  oracle_inventory: "/u01/app/oraInventory"
+  oracle_sources: "/u01/sources"
+  oracle_oradata: "/u02/oradata/"
+  oracle_fra: "/u03/fast_recovery_area/"
+
+  # faire une configuration minimal ?
+  # la configuration complète : fait en plus la création des users, des groupes, des répertoires ...
+  full_configuration: true
+  
+  # faire une configuration securisée du system d'exploitation
+  secure_configuration: false
+
+
+  #----------------------------------------------------------------------
+  # services Linux à désactiver :
+  #----------------------------------------------------------------------
+  linux_services:
+      - avahi-daemon
+      - bluetooth
+      - cups
+      - firewalld
+      - firstboot
+      - gpm
+      - hidd
+      - hplip
+      - ip6tables
+      - iptables
+      - isdn
+      - mcstrans
+      - mdmonitor
+      - ntpd
+      - restorecond
+      - rhnsd
+      - setroubleshoot
+      - smartd
+      - yum-updatesd