diff --git a/README.md b/README.md index 6cc9c47..70ffb8f 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,12 @@ # INSTALLATION ANSIBLE DIRECT SUR LA MACHINE -Pour Oralce Linux 9 l'installation ansible est légèrement différente de Linux 7 ou 8 : +## Prérequis + +- Systèmes d'exploitation supportés : Oracle Linux 7, 8 ou 9 +- Droits root requis pour l'exécution des playbooks +- Collections Ansible : `ansible.posix` (installée automatiquement par le script) + +Pour Oracle Linux 9 l'installation Ansible est légèrement différente de Linux 7 ou 8 : Exécuter ce code en tant que root pour installer les préreuis et récupérer les books ansible : @@ -35,7 +41,7 @@ changement de répertoire cd oracle_19_install ``` -3 books à jour : +3 playbooks à jour : - oracle-db-preinstall.yml => configuration de Linux pour une installation Oracle - oracle-db-install.yml => installation d'Oracle 19 EE ou SE et ajout des scripts d'exploitation - oracle-db-postinstall.yml => configuration postinstall : ajout de différents scripts d'exploitation @@ -63,7 +69,7 @@ oracle_inventory: "/u01/app/oraInventory" oracle_sources: "/u01/sources" oracle_oradata: "/u02/oradata/" oracle_fra: "/u03/fast_recovery_area/" -oracle_install_edition: "EE" # SE2 ou EE +oracle_install_edition: "EE" # SE (Standard Edition 2) ou EE ``` Pour l'exécuter avec des variables différentes : diff --git a/oracle-db-preinstall.yml b/oracle-db-preinstall.yml index 5977cbe..08efb4a 100644 --- a/oracle-db-preinstall.yml +++ b/oracle-db-preinstall.yml @@ -1,8 +1,8 @@ --- - - name: Host configuration - hosts: all - user: root - become: yes +- name: Host configuration + hosts: all + become_user: root + become_method: sudo - roles: - - oracle-db-preinstall + roles: + - oracle-db-preinstall diff --git a/roles/oracle-db-install/tasks/download_software.yml b/roles/oracle-db-install/tasks/download_software.yml index c435d18..96a2272 100644 --- a/roles/oracle-db-install/tasks/download_software.yml +++ b/roles/oracle-db-install/tasks/download_software.yml @@ -1,8 +1,8 @@ --- - name: Téléchargement OPatch - shell: wget --no-check-certificate https://kutt.axiome.io/opatch -O /u01/sources/{{opatch_file}} + ansible.builtin.shell: wget --no-check-certificate https://kutt.axiome.io/opatch -O /u01/sources/{{opatch_file}} tags: download_opatch - name: Téléchargement du PSU - shell: wget --no-check-certificate https://kutt.axiome.io/db_ru -O /u01/sources/{{psu_file}} + ansible.builtin.shell: wget --no-check-certificate https://kutt.axiome.io/db_ru -O /u01/sources/{{psu_file}} tags: download_ru \ No newline at end of file diff --git a/roles/oracle-db-install/tasks/install_database.yml b/roles/oracle-db-install/tasks/install_database.yml index a84bc0f..fcbe3ba 100644 --- a/roles/oracle-db-install/tasks/install_database.yml +++ b/roles/oracle-db-install/tasks/install_database.yml @@ -4,12 +4,12 @@ # - name: Création du répertoire oracle - shell: | + ansible.builtin.shell: | mkdir -p {{ item }} chown -R oracle:oinstall /$(echo {{ item }} | cut -d"/" -f2) chmod -R 775 /$(echo {{ item }} | cut -d"/" -f2) - # file: dest={{ item }} mode=775 owner=oracle group=oinstall state=directory recurse=yes - with_items: + # ansible.builtin.file: dest={{ item }} mode=775 owner=oracle group=oinstall state=directory recurse=yes + loop: - "{{ oracle_base }}" - "{{ oracle_inventory }}" - "{{ oracle_home }}" @@ -19,37 +19,37 @@ tags: createdir - name: vérification de l espace disque disponible sur oracle_base - action: shell df -P {{ oracle_base }} | awk 'END { print $4 }' + ansible.builtin.shell: df -P {{ oracle_base }} | awk 'END { print $4 }' register: u01size failed_when: u01size.stdout|int < u01_free_space_gb*1024*1024 tags: diskfreespace - name: vérification de l espace disque disponible sur /tmp - action: shell df -P /tmp | awk 'END { print $4 }' + ansible.builtin.shell: df -P /tmp | awk 'END { print $4 }' register: tmpsize failed_when: tmpsize.stdout|int < tmp_free_space_gb*1024*1024 tags: diskfreespace - name: Vérifier si une installation existe ... - shell: grep "{{ oracle_home }}" "{{ oracle_inventory }}/ContentsXML/inventory.xml" | wc -l + ansible.builtin.shell: grep "{{ oracle_home }}" "{{ oracle_inventory }}/ContentsXML/inventory.xml" | wc -l register: checkdbswinstall failed_when: checkdbswinstall.stdout != "0" tags: checkifexists # telechargement des bianaires Oracle si le fichier n'est pas déjà dans /u01/sources - name: Vérifier si le fichier "{{oracle_zip_filename}}" existe - stat: + ansible.builtin.stat: path: "{{ oracle_sources }}/{{oracle_zip_filename}}" register: file_check tags: download_sw - name: Téléchargement des binaires Oracle - shell: wget --no-check-certificate https://kutt.axiome.io/db19300 -O {{ oracle_sources }}/{{oracle_zip_filename}} + ansible.builtin.shell: wget --no-check-certificate https://kutt.axiome.io/db19300 -O {{ oracle_sources }}/{{oracle_zip_filename}} tags: download_sw when: not file_check.stat.exists - name: Extraction des binaires Oracle - unarchive: src={{ oracle_sources }}/{{ oracle_zip_filename }} dest={{ oracle_home }} + ansible.builtin.unarchive: src={{ oracle_sources }}/{{ oracle_zip_filename }} dest={{ oracle_home }} become: true become_method: su become_user: oracle @@ -57,13 +57,13 @@ # copie des librairies stubs.tar pour Linux 9 - name: Copier le fichier stub.tar - copy: src=stubs.tar dest={{ oracle_home }}/lib/stubs/stubs.tar owner=oracle + ansible.builtin.copy: src=stubs.tar dest={{ oracle_home }}/lib/stubs/stubs.tar owner=oracle tags: extract_stubs when: ansible_distribution_major_version == "9" # décompression du fichier tar : - name: Extraction des librairies stubs.tar dans OH/lib/stubs/ - unarchive: src={{ oracle_home }}/lib/stubs/stubs.tar dest={{ oracle_home }}/lib/stubs/ + ansible.builtin.unarchive: src={{ oracle_home }}/lib/stubs/stubs.tar dest={{ oracle_home }}/lib/stubs/ become: true become_method: su become_user: oracle @@ -72,30 +72,30 @@ # téléchargeent de OPatch et Patch Release Update - name: Vérifier si le fichier "/u01/sources/{{opatch_file}}" existe - stat: + ansible.builtin.stat: path: "/u01/sources/{{opatch_file}}" register: opatch_file_check tags: download_opatch - name: Téléchargement OPatch - shell: wget --no-check-certificate https://kutt.axiome.io/opatch -O /u01/sources/{{opatch_file}} + ansible.builtin.shell: wget --no-check-certificate https://kutt.axiome.io/opatch -O /u01/sources/{{opatch_file}} tags: download_opatch when: not opatch_file_check.stat.exists - name: Vérifier si le fichier "/u01/sources/{{psu_file}}" existe - stat: + ansible.builtin.stat: path: "/u01/sources/{{psu_file}}" register: ru_file_check tags: download_opatch - name: Téléchargement du PSU - shell: wget --no-check-certificate https://kutt.axiome.io/db_ru -O /u01/sources/{{psu_file}} + ansible.builtin.shell: wget --no-check-certificate https://kutt.axiome.io/db_ru -O /u01/sources/{{psu_file}} tags: download_ru when: not ru_file_check.stat.exists # decompression de OPatch dans $ORACLE_HOME - name: Installation OPatch dns ORACLE_HOME - unarchive: src={{ patch_dir }}/{{ opatch_file }} dest={{ oracle_home }} + ansible.builtin.unarchive: src={{ patch_dir }}/{{ opatch_file }} dest={{ oracle_home }} become: true become_method: su become_user: oracle @@ -103,27 +103,27 @@ # extract du patch dans /u01/sources - name: unzip du patch - unarchive: src={{ patch_dir }}/{{ psu_file }} dest={{ patch_dir }} + ansible.builtin.unarchive: src={{ patch_dir }}/{{ psu_file }} dest={{ patch_dir }} become: true become_method: su become_user: oracle tags: patch_db - name: Copie du fichier de réponse pour installation silencieuse - template: src=db_install_{{ oracle_version }}.j2 dest={{ oracle_sources }}/{{ db_response_file }} + ansible.builtin.template: src=db_install_{{ oracle_version }}.j2 dest={{ oracle_sources }}/{{ db_response_file }} tags: responsefile - name: Création du script d installation silencieuse - template: src=run_db_install.sh.j2 dest={{ oracle_sources }}/run_db_install.sh mode=755 + ansible.builtin.template: src=run_db_install.sh.j2 dest={{ oracle_sources }}/run_db_install.sh mode=755 tags: responsefile ## La commande export est dans le fichier sh de l'étape précédente qui lance l'installation silencieuse. # - name: modification du numero de distib sur Linux 8 -# lineinfile: dest={{ oracle_home }}/cv/admin/cvu_config state=present line="CV_ASSUME_DISTID=OEL7.6" +# ansible.builtin.lineinfile: dest={{ oracle_home }}/cv/admin/cvu_config state=present line="CV_ASSUME_DISTID=OEL7.6" # tags: distid_ol7 - name: Installation des binaires Oracle - shell: "{{ oracle_sources }}/run_db_install.sh" + ansible.builtin.shell: "{{ oracle_sources }}/run_db_install.sh" register: oradbinstall become: true become_method: su @@ -131,36 +131,36 @@ ignore_errors: true tags: orainstall - - debug: var=oradbinstall.stdout_lines + - ansible.builtin.debug: var=oradbinstall.stdout_lines tags: orainstall - name: Vérification de l existance du fichier orainstRoot.sh - stat: path="{{ oracle_inventory }}/orainstRoot.sh" + ansible.builtin.stat: path="{{ oracle_inventory }}/orainstRoot.sh" register: orainstRoot - name: Exécution du script orainstRoot.sh - shell: "{{ oracle_inventory }}/orainstRoot.sh" + ansible.builtin.shell: "{{ oracle_inventory }}/orainstRoot.sh" when: orainstRoot.stat.exists tags: runroot - name: Exécution du script root.sh - shell: "{{ oracle_home }}/root.sh" + ansible.builtin.shell: "{{ oracle_home }}/root.sh" tags: runroot - name: Résultat de l installation via OPatch - shell: "{{ oracle_home }}/OPatch/opatch lspatches" + ansible.builtin.shell: "{{ oracle_home }}/OPatch/opatch lspatches" become: true become_method: su become_user: oracle register: opatchls tags: opatch - - debug: var=opatchls.stdout_lines + - ansible.builtin.debug: var=opatchls.stdout_lines tags: opatch # application du patch RU - name: patch conflict detection - action: shell export ORACLE_HOME={{ oracle_home }}; cd {{ patch_dir }}/{{ patch_number }}; $ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -ph ./ + ansible.builtin.shell: export ORACLE_HOME={{ oracle_home }}; cd {{ patch_dir }}/{{ patch_number }}; $ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -ph ./ register: conflict_detection failed_when: "'Prereq \"checkConflictAgainstOHWithDetail\" passed.' not in conflict_detection.stdout" become: true @@ -169,7 +169,7 @@ tags: patch_db - name: Application du patch - action: shell export ORACLE_HOME={{ oracle_home}}; cd {{ patch_dir }}/{{ patch_number }}; $ORACLE_HOME/OPatch/opatch apply -silent + ansible.builtin.shell: export ORACLE_HOME={{ oracle_home}}; cd {{ patch_dir }}/{{ patch_number }}; $ORACLE_HOME/OPatch/opatch apply -silent register: apply_psu failed_when: "'OPatch succeeded.' not in apply_psu.stdout" become: true @@ -178,35 +178,35 @@ tags: patch_db - name: Résultat de l'installation via OPatch - shell: "{{ oracle_home }}/OPatch/opatch lspatches" + ansible.builtin.shell: "{{ oracle_home }}/OPatch/opatch lspatches" become: true become_method: su become_user: oracle register: opatchls tags: patch_db - - debug: var=opatchls.stdout_lines + - ansible.builtin.debug: var=opatchls.stdout_lines tags: patch_db # suppression des binaires, du fichier de réponse et du script d'install - name: suppression du fichier de réponse - file: path={{ oracle_sources }}/{{ db_response_file }} state=absent + ansible.builtin.file: path={{ oracle_sources }}/{{ db_response_file }} state=absent - name: suppression du script d'installation - file: path={{ oracle_sources }}/run_db_install.sh state=absent + ansible.builtin.file: path={{ oracle_sources }}/run_db_install.sh state=absent - name: suppression du binaires - file: path={{ oracle_sources }}/{{oracle_zip_filename}} state=absent + ansible.builtin.file: path={{ oracle_sources }}/{{oracle_zip_filename}} state=absent # suppression des binaires, du fichier de réponse et du script d'install - name: Nettoyage du répertoire du patch - file: path={{ oracle_sources }}/{{ patch_number }} state=absent + ansible.builtin.file: path={{ oracle_sources }}/{{ patch_number }} state=absent tags: patch_db - name: suppression du fichier OPatch - file: path={{ oracle_sources }}/{{ opatch_file }} state=absent + ansible.builtin.file: path={{ oracle_sources }}/{{ opatch_file }} state=absent tags: patch_db - name: suppression du Patch RU - file: path={{ oracle_sources }}/{{ psu_file }} state=absent + ansible.builtin.file: path={{ oracle_sources }}/{{ psu_file }} state=absent tags: patch_db \ No newline at end of file diff --git a/roles/oracle-db-install/tasks/main.yml b/roles/oracle-db-install/tasks/main.yml index 6a49612..e842c27 100644 --- a/roles/oracle-db-install/tasks/main.yml +++ b/roles/oracle-db-install/tasks/main.yml @@ -5,11 +5,11 @@ # installation des binaires Oracle DB - - include: install_database.yml + - include_tasks: install_database.yml # telechargement des fihiers : opatch + PSU-RU -# - include: download_software.yml +# - include_tasks: download_software.yml # Application du patch -# - include: opatch_apply.yml +# - include_tasks: opatch_apply.yml diff --git a/roles/oracle-db-install/tasks/opatch_apply.yml b/roles/oracle-db-install/tasks/opatch_apply.yml index 08802a6..ac5f183 100644 --- a/roles/oracle-db-install/tasks/opatch_apply.yml +++ b/roles/oracle-db-install/tasks/opatch_apply.yml @@ -1,34 +1,34 @@ --- - name: Vérification de l'espace disque u01 - action: shell df -P /u01 | awk 'END { print $4 }' + ansible.builtin.shell: df -P /u01 | awk 'END { print $4 }' register: u01size failed_when: u01size.stdout|int < {{ u01_size_gb }} * 1024 * 1024 tags: patch_db - name: Vérification de l'espace disque tmp - action: shell df -P /tmp | awk 'END { print $4 }' + ansible.builtin.shell: df -P /tmp | awk 'END { print $4 }' register: tmpsize failed_when: tmpsize.stdout|int < {{ tmp_size_gb }} * 1024 * 1024 tags: patch_db - name: Installation OPatch dns ORACLE_HOME - unarchive: src={{ patch_dir }}/{{ opatch_file }} dest={{ oracle_home }} - # action: shell unzip -oq {{ patch_dir }}/{{ opatch_file }} -d {{ oracle_home }} + ansible.builtin.unarchive: src={{ patch_dir }}/{{ opatch_file }} dest={{ oracle_home }} + # ansible.builtin.shell: unzip -oq {{ patch_dir }}/{{ opatch_file }} -d {{ oracle_home }} become: true become_method: su become_user: oracle tags: patch_db - name: unzip du patch - unarchive: src={{ patch_dir }}/{{ psu_file }} dest={{ patch_dir }} - # action: shell unzip -oq {{ patch_dir }}/{{ psu_file }} -d {{ patch_dir }} + ansible.builtin.unarchive: src={{ patch_dir }}/{{ psu_file }} dest={{ patch_dir }} + # ansible.builtin.shell: unzip -oq {{ patch_dir }}/{{ psu_file }} -d {{ patch_dir }} become: true become_method: su become_user: oracle tags: patch_db - name: patch conflict detection - action: shell export ORACLE_HOME={{ oracle_home }}; cd {{ patch_dir }}/{{ patch_number }}; $ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -ph ./ + ansible.builtin.shell: export ORACLE_HOME={{ oracle_home }}; cd {{ patch_dir }}/{{ patch_number }}; $ORACLE_HOME/OPatch/opatch prereq CheckConflictAgainstOHWithDetail -ph ./ register: conflict_detection failed_when: "'Prereq \"checkConflictAgainstOHWithDetail\" passed.' not in conflict_detection.stdout" become: true @@ -37,7 +37,7 @@ tags: patch_db - name: Application du patch - action: shell export ORACLE_HOME={{ oracle_home}}; cd {{ patch_dir }}/{{ patch_number }}; $ORACLE_HOME/OPatch/opatch apply -silent + ansible.builtin.shell: export ORACLE_HOME={{ oracle_home}}; cd {{ patch_dir }}/{{ patch_number }}; $ORACLE_HOME/OPatch/opatch apply -silent register: apply_psu failed_when: "'OPatch succeeded.' not in apply_psu.stdout" become: true @@ -46,26 +46,26 @@ tags: patch_db - name: Résultat de l'installation via OPatch - shell: "{{ oracle_home }}/OPatch/opatch lspatches" + ansible.builtin.shell: "{{ oracle_home }}/OPatch/opatch lspatches" become: true become_method: su become_user: oracle register: opatchls tags: patch_db - - debug: var=opatchls.stdout_lines + - ansible.builtin.debug: var=opatchls.stdout_lines # with_items: opatchls.results tags: patch_db # suppression des binaires, du fichier de réponse et du script d'install - name: Nettoyage du répertoire du patch - file: path={{ oracle_sources }}/{{ patch_number }} state=absent + ansible.builtin.file: path={{ oracle_sources }}/{{ patch_number }} state=absent tags: patch_db - name: suppression du fichier OPatch - file: path={{ oracle_sources }}/{{ opatch_file }} state=absent + ansible.builtin.file: path={{ oracle_sources }}/{{ opatch_file }} state=absent tags: patch_db - name: suppression du Patch RU - file: path={{ oracle_sources }}/{{ psu_file }} state=absent + ansible.builtin.file: path={{ oracle_sources }}/{{ psu_file }} state=absent tags: patch_db \ No newline at end of file diff --git a/roles/oracle-db-postinstall/tasks/main.yml b/roles/oracle-db-postinstall/tasks/main.yml index e38af23..d990e12 100644 --- a/roles/oracle-db-postinstall/tasks/main.yml +++ b/roles/oracle-db-postinstall/tasks/main.yml @@ -6,12 +6,12 @@ # récupération des scripts sql # --------------------------------------------------- - name: Vérifier si le répertoire scripts existe - stat: + ansible.builtin.stat: path: "{{ scripts_dir }}" register: scripts_directory - name: Git Pull car le répertoire existe - git: + ansible.builtin.git: repo: https://github.com/Yacine31/sql.git dest: "{{ scripts_dir }}" update: yes @@ -22,7 +22,7 @@ become_user: oracle - name: Clonage du repository github SQL car le répertoire n'existe pas - git: + ansible.builtin.git: repo: https://github.com/Yacine31/sql.git dest: "{{ scripts_dir }}" clone: yes @@ -38,7 +38,7 @@ # changement du propriétaire de root en oracle # --------------------------------------------------- - name: Changement du propriétaire - file: + ansible.builtin.file: dest: "{{ scripts_dir }}" owner: oracle group: oinstall @@ -48,7 +48,7 @@ # Ajout de la variabe ORACLE_PATH ans .bash_profile # --------------------------------------------------- - name: Ajout de la variabe ORACLE_PATH ans .bash_profile - lineinfile: path=/home/oracle/.bash_profile line="export ORACLE_PATH={{ scripts_dir }}" create=yes + ansible.builtin.lineinfile: path=/home/oracle/.bash_profile line="export ORACLE_PATH={{ scripts_dir }}" create=yes tags: oraclepath # --------------------------------------------------- @@ -56,30 +56,30 @@ # --------------------------------------------------- - name: Création de répertoire de sauvegarde RMAN et Datapump /u04 - file: dest=/u04 mode=775 owner=oracle group=oinstall state=directory recurse=yes + ansible.builtin.file: dest=/u04 mode=775 owner=oracle group=oinstall state=directory recurse=yes tags: backup - name: installation du package mutt et curl pour envoyer des mails depuis le shell - yum: name={{ item }} state=latest disable_gpg_check=yes + ansible.builtin.yum: name={{ item }} state=latest disable_gpg_check=yes loop: - mutt - curl tags: backup - name: Ajout de la tâche cron RMAN - cron: name="Backup RMAN des bases ouvertes et en AL" user=oracle minute="44" hour="23" job="sh {{ scripts_dir }}/backup_rman_alldb.sh 2>&1 1>/dev/null" + ansible.builtin.cron: name="Backup RMAN des bases ouvertes et en AL" user=oracle minute="44" hour="23" job="sh {{ scripts_dir }}/backup_rman_alldb.sh 2>&1 1>/dev/null" tags: backup - name: Ajout de la tâche cron Datapump - cron: name="Export Datapump des bases ouvertes" user=oracle minute="44" hour="21" job="sh {{ scripts_dir }}/export_datapump_alldb.sh 2>&1 1>/dev/null" + ansible.builtin.cron: name="Export Datapump des bases ouvertes" user=oracle minute="44" hour="21" job="sh {{ scripts_dir }}/export_datapump_alldb.sh 2>&1 1>/dev/null" tags: backup - name: Ajout de la tâche cron backup des binaires - cron: name="Backup des binaires" user=oracle minute="44" hour="20" day="1" job="sh {{ scripts_dir }}/backup_bin.sh 2>&1 1>/dev/null" + ansible.builtin.cron: name="Backup des binaires" user=oracle minute="44" hour="20" day="1" job="sh {{ scripts_dir }}/backup_bin.sh 2>&1 1>/dev/null" tags: backup - name: Ajout de la tâche cron backup des AL si FRA >= seuil définit - cron: name="Backup des AL si FRA >= seuil définit" user=oracle minute="*/10" job="sh {{ scripts_dir }}/backup_rman_AL_fct_FRA_Usage.sh 2>&1 1>/dev/null" + ansible.builtin.cron: name="Backup des AL si FRA >= seuil définit" user=oracle minute="*/10" job="sh {{ scripts_dir }}/backup_rman_AL_fct_FRA_Usage.sh 2>&1 1>/dev/null" tags: backup # --------------------------------------------------- @@ -87,7 +87,7 @@ # Gestion des fichiers logs seulement (archivage et réinitialisation) # --------------------------------------------------- - name: Gestion des logs Oracle - copie du fichier de configuration pour logrotate - template: src=logrotate_oracle.j2 dest=/etc/logrotate.d/oracle mode=644 owner=root group=root + ansible.builtin.template: src=logrotate_oracle.j2 dest=/etc/logrotate.d/oracle mode=644 owner=root group=root tags: logrotate # --------------------------------------------------- @@ -95,12 +95,12 @@ # Gestion des fichiers trace et xml : purge des anciens fichiers # --------------------------------------------------- - name: Netoyage ADR Oracle - copie du fichier de configuration pour cron - template: src=cron_oracle_cleaner.j2 dest={{ scripts_dir }}/oracle_cleaner.sh mode=755 owner=oracle group=oinstall + ansible.builtin.template: src=cron_oracle_cleaner.j2 dest={{ scripts_dir }}/oracle_cleaner.sh mode=755 owner=oracle group=oinstall tags: oracle_cleaner # ajout du script dans le crontab de l'utilisateur oracle - name: Ajout de la tâche cron purge des fichiers trace et audit - cron: name="Purge des fichiers trace et audit" user=oracle minute="23" hour="23" day="1" job="sh {{ scripts_dir }}/oracle_cleaner.sh 2>&1 1>/dev/null" + ansible.builtin.cron: name="Purge des fichiers trace et audit" user=oracle minute="23" hour="23" day="1" job="sh {{ scripts_dir }}/oracle_cleaner.sh 2>&1 1>/dev/null" tags: oracle_cleaner # suppression de l'ancien fichier qui se trouve dans /etc/cron.daily si il existe @@ -111,11 +111,11 @@ # copy du fichier dbora.service dans /lib/systemd/system pour redémmarage auto # --------------------------------------------------- - name: Copie du script de démarrage auto des bases Oracle - template: src=dbora.service.j2 dest=/lib/systemd/system/dbora.service owner=root mode=644 + ansible.builtin.template: src=dbora.service.j2 dest=/lib/systemd/system/dbora.service owner=root mode=644 tags: dbora_init - name: Activation par systemctl du script de démarrage auto des bases Oracle - systemd: name=dbora daemon_reload=yes enabled=yes + ansible.builtin.systemd: name=dbora daemon_reload=yes enabled=yes tags: dbora_init - debug: msg="Pensez à mettre Y au lieu de N dans /etc/oratab pour les bases à démarreage automatique" diff --git a/roles/oracle-db-preinstall/defaults/main.yml b/roles/oracle-db-preinstall/defaults/main.yml new file mode 100644 index 0000000..b068c93 --- /dev/null +++ b/roles/oracle-db-preinstall/defaults/main.yml @@ -0,0 +1,14 @@ +--- +# Variables par défaut surchargeables par l'utilisateur +# Ces vars peuvent être redéfinies via --extra-vars ou inventory + +full_configuration: true +secure_configuration: false + +oracle_version: "19.0.0" +oracle_base: "/u01/app/oracle" +oracle_home: "{{ oracle_base }}/product/{{oracle_version}}/dbhome_1" +oracle_inventory: "/u01/app/oraInventory" +oracle_sources: "/u01/sources" +oracle_oradata: "/u02/oradata/" +oracle_fra: "/u03/fast_recovery_area/" \ No newline at end of file diff --git a/roles/oracle-db-preinstall/meta/main.yml b/roles/oracle-db-preinstall/meta/main.yml new file mode 100644 index 0000000..2c2bdc4 --- /dev/null +++ b/roles/oracle-db-preinstall/meta/main.yml @@ -0,0 +1,22 @@ +galaxy_info: + role_name: oracle_db_preinstall + author: your_name + description: Préparation du serveur Linux pour l'installation d'Oracle Database + company: your_company + + license: MIT + + min_ansible_version: "2.10" + + platforms: + - name: EL + versions: + - "7" + - "8" + - "9" + + galaxy_tags: + - oracle + - database + - linux + - preinstall \ No newline at end of file diff --git a/roles/oracle-db-preinstall/tasks/dir_creation.yml b/roles/oracle-db-preinstall/tasks/dir_creation.yml index 547fb24..7778fa2 100644 --- a/roles/oracle-db-preinstall/tasks/dir_creation.yml +++ b/roles/oracle-db-preinstall/tasks/dir_creation.yml @@ -15,12 +15,12 @@ # ./runInstaller - name: Création du répertoire oracle - shell: | + ansible.builtin.shell: | mkdir -p {{ item }} chown -R oracle:oinstall /$(echo {{ item }} | cut -d"/" -f2) chmod -R 775 /$(echo {{ item }} | cut -d"/" -f2) # file: path={{ item }} mode=775 owner=oracle group=oinstall state=directory recurse=yes - with_items: + loop: - "{{ oracle_base }}" - "{{ oracle_inventory }}" - "{{ oracle_home }}" diff --git a/roles/oracle-db-preinstall/tasks/grub_configuration.yml b/roles/oracle-db-preinstall/tasks/grub_configuration.yml index ec0e25a..a0cb913 100644 --- a/roles/oracle-db-preinstall/tasks/grub_configuration.yml +++ b/roles/oracle-db-preinstall/tasks/grub_configuration.yml @@ -12,7 +12,7 @@ tags: grub - name: Configuration grub - Suppression de rhgb - shell: grubby --update-kernel=ALL --remove-args=rhgb + ansible.builtin.shell: grubby --update-kernel=ALL --remove-args=rhgb when: grep_count.stdout != '0' and ansible_distribution_major_version >= '7' tags: grub @@ -25,7 +25,7 @@ tags: grub - name: Configuration grub - Suppression de quiet - shell: grubby --update-kernel=ALL --remove-args=quiet + ansible.builtin.shell: grubby --update-kernel=ALL --remove-args=quiet when: grep_count.stdout != '0' and ansible_distribution_major_version >= '7' tags: grub @@ -38,7 +38,7 @@ tags: grub - name: Configuration grub - Désactivation de Transparent Hugepages - shell: grubby --update-kernel=ALL --args=transparent_hugepage=never + ansible.builtin.shell: grubby --update-kernel=ALL --args=transparent_hugepage=never when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7' tags: grub @@ -51,7 +51,7 @@ tags: grub - name: Configuration grub - Désactivation de numa=off - shell: grubby --update-kernel=ALL --args=numa=off + ansible.builtin.shell: grubby --update-kernel=ALL --args=numa=off when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7' tags: grub @@ -64,7 +64,7 @@ tags: grub - name: Configuration grub - elevator=deadline - shell: grubby --update-kernel=ALL --args=elevator=deadline + ansible.builtin.shell: grubby --update-kernel=ALL --args=elevator=deadline when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7' tags: grub @@ -77,7 +77,7 @@ tags: grub - name: Configuration grub - vga=791 - shell: grubby --update-kernel=ALL --args=vga=791 + ansible.builtin.shell: grubby --update-kernel=ALL --args=vga=791 when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7' tags: grub @@ -91,7 +91,7 @@ # tags: grub # # - name: Configuration grub - GRUB_ENABLE_BLSCFG=true - # shell: grubby --update-kernel=ALL --args=GRUB_ENABLE_BLSCFG=true + # ansible.builtin.shell: grubby --update-kernel=ALL --args=GRUB_ENABLE_BLSCFG=true # when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7' # tags: grub diff --git a/roles/oracle-db-preinstall/tasks/main.yml b/roles/oracle-db-preinstall/tasks/main.yml index 445a688..cd855c4 100644 --- a/roles/oracle-db-preinstall/tasks/main.yml +++ b/roles/oracle-db-preinstall/tasks/main.yml @@ -1,44 +1,58 @@ --- - name: Vérification de la distribution, la version et le kernel - assert: - that: ansible_architecture == 'x86_64' and ansible_os_family == 'RedHat' and ansible_system == 'Linux' + ansible.builtin.assert: + that: ansible_architecture == 'x86_64' and ansible_os_family == 'RedHat' and ansible_system == 'Linux' tags: oscheck # --------------------------------------------------- # Ajout du fichier de paramètres : Redhat_x.yml ... # --------------------------------------------------- - name: ajout des paramètres spécifique à l'OS - include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml" + ansible.builtin.include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml" + + - name: Vérifier les prérequis système + ansible.builtin.assert: + that: + - ansible_memtotal_mb >= 2048 + - ansible_processor_vcpus >= 2 + msg: "Prérequis non satisfaits : RAM >= 2GB, CPU >= 2" + tags: prerequisites # --------------------------------------------------- # configuration des packages necessaires pour Linux # --------------------------------------------------- - - include: os_configuration.yml + - ansible.builtin.include_tasks: os_configuration.yml + tags: packages # --------------------------------------------------- # configuration réseau # --------------------------------------------------- - - include: network_configuration.yml + - ansible.builtin.include_tasks: network_configuration.yml + tags: network - # --------------------------------------------------- + # --------------------------------------------------- # configuration Linux : grub # --------------------------------------------------- - - include: grub_configuration.yml + - ansible.builtin.include_tasks: grub_configuration.yml + tags: grub - # --------------------------------------------------- + # --------------------------------------------------- # configuration Linux : Sécurisation # --------------------------------------------------- - - include: secure_configuration.yml + - ansible.builtin.include_tasks: secure_configuration.yml + tags: security # --------------------------------------------------- # configuration Linux : Utilisateurs et groupes Oracle # --------------------------------------------------- - - include: users_configuration.yml - + - ansible.builtin.include_tasks: users_configuration.yml + tags: users + # --------------------------------------------------- # configuration Linux : ajout de packages supplémentaires # --------------------------------------------------- - - include: rpm_tools.yml + - ansible.builtin.include_tasks: rpm_tools.yml + tags: rpm # --------------------------------------------------- # configuration Linux : Création des répertoires Oracle diff --git a/roles/oracle-db-preinstall/tasks/network_configuration.yml b/roles/oracle-db-preinstall/tasks/network_configuration.yml index aabcdb2..c8ee203 100644 --- a/roles/oracle-db-preinstall/tasks/network_configuration.yml +++ b/roles/oracle-db-preinstall/tasks/network_configuration.yml @@ -3,26 +3,26 @@ # configuration réseau # --------------------------------------------------- - name: Modification resolv.conf pour ajouter attempts et timeout - lineinfile: dest=/etc/resolv.conf line="{{ item.line }}" - with_items: + ansible.builtin.lineinfile: dest=/etc/resolv.conf line="{{ item.line }}" + loop: - { line: "options attempts:2" } - { line: "options timeout:1" } - name: Desactivation de IP v6 et ZeroConf (Doc ID 1161144.1) - lineinfile: dest=/etc/sysconfig/network line="{{ item.line }}" - with_items: + ansible.builtin.lineinfile: dest=/etc/sysconfig/network line="{{ item.line }}" + loop: - { line: "NETWORKING_IPV6=no" } - { line: "IPV6INIT=no" } - { line: "NOZEROCONF=yes" } tags: ipv6 - name: desactivation permanente de IP v6 - lineinfile: + ansible.builtin.lineinfile: dest=/etc/sysctl.d/98-disable_ipv6.conf line="{{ item.line }}" state=present create=yes - with_items: + loop: - { line: "net.ipv6.conf.all.disable_ipv6 = 1" } - { line: "net.ipv6.conf.default.disable_ipv6 = 1" } tags: ipv6 diff --git a/roles/oracle-db-preinstall/tasks/os_configuration.yml b/roles/oracle-db-preinstall/tasks/os_configuration.yml index 51b0388..b84740b 100644 --- a/roles/oracle-db-preinstall/tasks/os_configuration.yml +++ b/roles/oracle-db-preinstall/tasks/os_configuration.yml @@ -2,42 +2,45 @@ # --------------------------------------------------- # configuration des packages necessaires pour Linux # --------------------------------------------------- - - name: YUM - installation des packages nécessaires - yum: name={{ linux_packages }} state=latest disable_gpg_check=yes - tags: rpm_packages + - name: Installation des packages nécessaires + ansible.builtin.package: + name: "{{ linux_packages }}" + state: latest + tags: [packages, rpm_packages] # --------------------------------------------------- # configuration du serveur Chronyd - Linux >= 7 # --------------------------------------------------- - name: start chronyd - service: name=chronyd state=started enabled=yes + ansible.builtin.service: name=chronyd state=started enabled=yes ignore_errors: true + tags: services # --------------------------------------------------- # Activation du nscd : Name Service Cache Daemon pour palier aux # problèmes de perte de DNS # --------------------------------------------------- - name: activate nscd - service: name=nscd state=started enabled=yes + ansible.builtin.service: name=nscd state=started enabled=yes ignore_errors: true # --------------------------------------------------- # Activation de rsyslog : non configuré parfois sur Oracle Linux # --------------------------------------------------- - name: activate rsyslog - service: name=rsyslog state=started enabled=yes + ansible.builtin.service: name=rsyslog state=started enabled=yes ignore_errors: true # --------------------------------------------------- # configuration Linux : Selinux # --------------------------------------------------- - name: Desactiver Selinux (de façon permanente) - selinux: state=disabled + ansible.builtin.selinux: state=disabled register: selinux tags: selinux - name: Disactiver Selinux (runtime) - shell: setenforce 0 + ansible.builtin.shell: setenforce 0 ignore_errors: true tags: selinux @@ -45,8 +48,8 @@ # configuration Linux : les services # --------------------------------------------------- - name: arrêter et désactiver les services inutils - with_items: "{{ linux_services }}" - service: name={{ item }} state=stopped enabled=no + loop: "{{ linux_services }}" + ansible.builtin.service: name={{ item }} state=stopped enabled=no tags: linuxservices ignore_errors: true @@ -56,21 +59,21 @@ # - name: Linux - Ajustement des paramètres du Kernel dans /etc/sysctl.d/oracle_sysctl.conf # state=present reload=yes ignoreerrors=yes sysctl_set=yes sysctl_file=/etc/sysctl.d/99-oracle-sysctl.conf - name: Linux - Ajustement des paramètres du Kernel dans /etc/sysctl.d/99-oracle-database-preinstall-19c-sysctl.conf - sysctl: + ansible.builtin.sysctl: name={{ item.name }} value={{ item.value }} state=present reload=yes ignoreerrors=yes sysctl_set=yes sysctl_file=/etc/sysctl.d/99-oracle-database-preinstall-19c-sysctl.conf - with_items: "{{ oracle_sysconfig }}" + loop: "{{ oracle_sysconfig }}" tags: sysctl.conf - name: Configuration PAM - lineinfile: dest=/etc/pam.d/login state=present line="session required pam_limits.so" + ansible.builtin.lineinfile: dest=/etc/pam.d/login state=present line="session required pam_limits.so" tags: pamconfig -# lineinfile: dest=/etc/security/limits.d/oracle_seclimits.conf create=yes state=present line={{ item }} +# ansible.builtin.lineinfile: dest=/etc/security/limits.d/oracle_seclimits.conf create=yes state=present line={{ item }} - name: Linux - Ajustement des limits pour Oracle dans /etc/security/limits.d/oracle-database-preinstall-19c.conf - lineinfile: dest=/etc/security/limits.d/oracle-database-preinstall-19c.conf create=yes state=present line={{ item }} - with_items: "{{ oracle_seclimits }}" + ansible.builtin.lineinfile: dest=/etc/security/limits.d/oracle-database-preinstall-19c.conf create=yes state=present line={{ item }} + loop: "{{ oracle_seclimits }}" tags: seclimit @@ -86,29 +89,29 @@ tags: bash_alias - name: BASH - ajout de ignore-case pour autocompletion avec TAB - lineinfile: dest=/etc/inputrc line="set completion-ignore-case On" create=yes state=present + ansible.builtin.lineinfile: dest=/etc/inputrc line="set completion-ignore-case On" create=yes state=present tags: bash_tab - name: Desactivation de la commande crontab -r - lineinfile: dest=/etc/profile.d/z_crontab_r.sh + ansible.builtin.lineinfile: dest=/etc/profile.d/z_crontab_r.sh line='crontab () { [[ $@ =~ -[iel]*r ]] && echo "option -r (remove) not allowed" || command crontab "$@" ;}' state=present create=yes tags: bash_cron_r - name: Journalctl - Limiter la taille disque utilisée à 500M max - lineinfile: dest=/etc/systemd/journald.conf line="SystemMaxUse=500M" + ansible.builtin.lineinfile: dest=/etc/systemd/journald.conf line="SystemMaxUse=500M" tags: Journalctl # --------------------------------------------------- # configuration Linux : Mode panic # --------------------------------------------------- - name: Configuratio du mode panic sur perte du / - shell: free_form="tune2fs -e panic `df -P / |tail -1 | awk '{print $1}'`" + ansible.builtin.shell: free_form="tune2fs -e panic `df -P / |tail -1 | awk '{print $1}'`" tags: mode_panic - name: Configuration du mode panic sur bug du kernel - sysctl: + ansible.builtin.sysctl: name=kernel.panic_on_oops value=1 state=present reload=yes ignoreerrors=yes sysctl_file=/etc/sysctl.d/99-oracle-database-preinstall-19c-sysctl.conf tags: mode_panic @@ -117,7 +120,7 @@ # configuration du démarrage en mode 3 par défaut # --------------------------------------------------- - name: Configuration du mode 3 comme mode de démarrage par défaut - shell: systemctl set-default multi-user.target + ansible.builtin.shell: systemctl set-default multi-user.target tags: init3 # --------------------------------------------------- diff --git a/roles/oracle-db-preinstall/tasks/rpm_tools.yml b/roles/oracle-db-preinstall/tasks/rpm_tools.yml index 098550e..09b7505 100644 --- a/roles/oracle-db-preinstall/tasks/rpm_tools.yml +++ b/roles/oracle-db-preinstall/tasks/rpm_tools.yml @@ -5,13 +5,13 @@ # ajout du repository epel si non présent - name: YUM - installation du paquet oracle-epel-release - yum: name="oracle-epel-release-el{{ ansible_distribution_major_version }}" state=latest disable_gpg_check=yes + ansible.builtin.package: name="oracle-epel-release-el{{ ansible_distribution_major_version }}" state=latest disable_gpg_check=yes tags: install_epel # when: ansible_distribution_major_version == '9' # installation rlwrap depuis le repo epel - name: YUM - installation de packages supplémentaires - yum: + ansible.builtin.package: name: - rlwrap - htop @@ -26,6 +26,6 @@ # suppression du repo epel car il n'est plus necessaire - name: YUM - désinstallation du paquet oracle-epel-release - yum: name="oracle-epel-release-el{{ ansible_distribution_major_version }}" state=absent disable_gpg_check=yes + ansible.builtin.package: name="oracle-epel-release-el{{ ansible_distribution_major_version }}" state=absent disable_gpg_check=yes tags: install_epel # when: ansible_distribution_major_version == '9' diff --git a/roles/oracle-db-preinstall/tasks/secure_configuration.yml b/roles/oracle-db-preinstall/tasks/secure_configuration.yml index 3ac42b9..16263b1 100644 --- a/roles/oracle-db-preinstall/tasks/secure_configuration.yml +++ b/roles/oracle-db-preinstall/tasks/secure_configuration.yml @@ -3,14 +3,14 @@ # configuration Linux : Sécurisation # --------------------------------------------------- - name: Ajout du soft reboot - lineinfile: dest=/etc/rc.local state=present line='/sbin/ctrlaltdel soft' + ansible.builtin.lineinfile: dest=/etc/rc.local state=present line='/sbin/ctrlaltdel soft' tags: softreboot - name: Sécurisation du vidage mémoire - copy: src="00-vidage.conf" dest="/etc/security/limits.d/00-vidage.conf" + ansible.builtin.copy: src="00-vidage.conf" dest="/etc/security/limits.d/00-vidage.conf" - name: Application des paramètres de configuration sécurisée - sysctl: + ansible.builtin.sysctl: name={{ item.name }} value={{ item.value }} state=present @@ -20,6 +20,6 @@ sysctl_set=yes sysctl_file=/etc/sysctl.d/97-secure-configuration.conf when: secure_configuration - with_items: "{{ linux_secure_config }}" + loop: "{{ linux_secure_config }}" tags: secure_config diff --git a/roles/oracle-db-preinstall/tasks/users_configuration.yml b/roles/oracle-db-preinstall/tasks/users_configuration.yml index 94eee52..e6502b9 100644 --- a/roles/oracle-db-preinstall/tasks/users_configuration.yml +++ b/roles/oracle-db-preinstall/tasks/users_configuration.yml @@ -3,8 +3,11 @@ # CRéation des groupes # --------------------------------------------------- - name: Création des groupes - group: name={{ item.group }} gid={{ item.gid }} state=present - with_items: + ansible.builtin.group: + name: "{{ item.group }}" + gid: "{{ item.gid }}" + state: present + loop: - { group: oinstall, gid: 1001} - { group: dba, gid: 1002 } - { group: oper, gid: 1003 } @@ -23,11 +26,17 @@ # Création des utilisateurs : password Oracle123 => full configuration # --------------------------------------------------- - name: Création du compte Oracle et grid - user: - name={{ item.username }} group={{ item.primgroup }} - groups={{ item.othergroups }} uid={{ item.uid }} - generate_ssh_key=yes append=yes state=present update_password=on_create password={{ item.passwd }} - with_items: + ansible.builtin.user: + name: "{{ item.username }}" + group: "{{ item.primgroup }}" + groups: "{{ item.othergroups }}" + uid: "{{ item.uid }}" + generate_ssh_key: yes + append: yes + state: present + update_password: on_create + password: "{{ item.passwd }}" + loop: - { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,oper", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"} - { username: grid, uid: 1002, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,asmoper,asmadmin", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"} ignore_errors: true @@ -40,8 +49,12 @@ # --------------------------------------------------- - name: Ajout du compte oracle et grid au sudoers ignore_errors: true - template: src=sudoers.j2 dest=/etc/sudoers.d/{{ item }} owner=root mode=0600 - with_items: + ansible.builtin.template: + src: sudoers.j2 + dest: "/etc/sudoers.d/{{ item }}" + owner: root + mode: "0600" + loop: - oracle - grid tags: sudoadd \ No newline at end of file diff --git a/roles/oracle-db-preinstall/vars/main.yml b/roles/oracle-db-preinstall/vars/main.yml index 9f720c0..75e033e 100644 --- a/roles/oracle-db-preinstall/vars/main.yml +++ b/roles/oracle-db-preinstall/vars/main.yml @@ -1,22 +1,6 @@ --- - # pour une installation oracle renseigner ces variables - # pour les scripts d'exploitation et la création des répertoires - - oracle_version: "19.0.0" - oracle_base: "/u01/app/oracle" - oracle_home: "{{ oracle_base }}/product/{{oracle_version}}/dbhome_1" - oracle_inventory: "/u01/app/oraInventory" - oracle_sources: "/u01/sources" - oracle_oradata: "/u02/oradata/" - oracle_fra: "/u03/fast_recovery_area/" - - # faire une configuration minimal ? - # la configuration complète : fait en plus la création des users, des groupes, des répertoires ... - full_configuration: true - - # faire une configuration securisée du system d'exploitation - secure_configuration: false - + # Variables communes et spécifiques au rôle + # Les vars par défaut sont dans defaults/main.yml #---------------------------------------------------------------------- # services Linux à désactiver : @@ -43,7 +27,7 @@ - yum-updatesd #--------------------------------------------------------------------- - # pramètres de configuation sécurisée : + # paramètres de configuration sécurisée : #--------------------------------------------------------------------- linux_secure_config: - { name: fs.suid_dumpable, value: "0"} diff --git a/~/.config/opencode/opencode.json b/~/.config/opencode/opencode.json new file mode 100644 index 0000000..3761aaa --- /dev/null +++ b/~/.config/opencode/opencode.json @@ -0,0 +1 @@ +{"ask_before_edit": true} \ No newline at end of file