Yacine/oracle_19_install
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modernize Ansible playbooks: replace deprecated syntax (include: -> include_tasks:, with_items -> loop), use ansible.builtin modules, organize variables (defaults/main.yml), standardize tags, add prerequisites assertions and meta/main.yml

Browse Source
This commit is contained in:
Yacine31
2025-12-02 11:05:50 +01:00
parent fed4a87173
commit 75485f2f7c
19 changed files with 221 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
roles/oracle-db-preinstall/defaults/main.yml Normal file
View File

@@ -0,0 +1,14 @@
---
# Variables par défaut surchargeables par l'utilisateur
# Ces vars peuvent être redéfinies via --extra-vars ou inventory
full_configuration: true
secure_configuration: false
oracle_version: "19.0.0"
oracle_base: "/u01/app/oracle"
oracle_home: "{{ oracle_base }}/product/{{oracle_version}}/dbhome_1"
oracle_inventory: "/u01/app/oraInventory"
oracle_sources: "/u01/sources"
oracle_oradata: "/u02/oradata/"
oracle_fra: "/u03/fast_recovery_area/"

22
roles/oracle-db-preinstall/meta/main.yml Normal file
View File

@@ -0,0 +1,22 @@
galaxy_info:
role_name: oracle_db_preinstall
author: your_name
description: Préparation du serveur Linux pour l'installation d'Oracle Database
company: your_company
license: MIT
min_ansible_version: "2.10"
platforms:
- name: EL
versions:
- "7"
- "8"
- "9"
galaxy_tags:
- oracle
- database
- linux
- preinstall

4
roles/oracle-db-preinstall/tasks/dir_creation.yml
View File

@@ -15,12 +15,12 @@
# ./runInstaller
- name: Création du répertoire oracle
shell: |
ansible.builtin.shell: |
mkdir -p {{ item }}
chown -R oracle:oinstall /$(echo {{ item }} | cut -d"/" -f2)
chmod -R 775 /$(echo {{ item }} | cut -d"/" -f2)
# file: path={{ item }} mode=775 owner=oracle group=oinstall state=directory recurse=yes
with_items:
loop:
- "{{ oracle_base }}"
- "{{ oracle_inventory }}"
- "{{ oracle_home }}"

14
roles/oracle-db-preinstall/tasks/grub_configuration.yml
View File

@@ -12,7 +12,7 @@
tags: grub
- name: Configuration grub - Suppression de rhgb
shell: grubby --update-kernel=ALL --remove-args=rhgb
ansible.builtin.shell: grubby --update-kernel=ALL --remove-args=rhgb
when: grep_count.stdout != '0' and ansible_distribution_major_version >= '7'
tags: grub
@@ -25,7 +25,7 @@
tags: grub
- name: Configuration grub - Suppression de quiet
shell: grubby --update-kernel=ALL --remove-args=quiet
ansible.builtin.shell: grubby --update-kernel=ALL --remove-args=quiet
when: grep_count.stdout != '0' and ansible_distribution_major_version >= '7'
tags: grub
@@ -38,7 +38,7 @@
tags: grub
- name: Configuration grub - Désactivation de Transparent Hugepages
shell: grubby --update-kernel=ALL --args=transparent_hugepage=never
ansible.builtin.shell: grubby --update-kernel=ALL --args=transparent_hugepage=never
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub
@@ -51,7 +51,7 @@
tags: grub
- name: Configuration grub - Désactivation de numa=off
shell: grubby --update-kernel=ALL --args=numa=off
ansible.builtin.shell: grubby --update-kernel=ALL --args=numa=off
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub
@@ -64,7 +64,7 @@
tags: grub
- name: Configuration grub - elevator=deadline
shell: grubby --update-kernel=ALL --args=elevator=deadline
ansible.builtin.shell: grubby --update-kernel=ALL --args=elevator=deadline
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub
@@ -77,7 +77,7 @@
tags: grub
- name: Configuration grub - vga=791
shell: grubby --update-kernel=ALL --args=vga=791
ansible.builtin.shell: grubby --update-kernel=ALL --args=vga=791
when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
tags: grub
@@ -91,7 +91,7 @@
# tags: grub
#
# - name: Configuration grub - GRUB_ENABLE_BLSCFG=true
# shell: grubby --update-kernel=ALL --args=GRUB_ENABLE_BLSCFG=true
# ansible.builtin.shell: grubby --update-kernel=ALL --args=GRUB_ENABLE_BLSCFG=true
# when: grep_count.stdout == '0' and ansible_distribution_major_version >= '7'
# tags: grub

38
roles/oracle-db-preinstall/tasks/main.yml
View File

@@ -1,44 +1,58 @@
---
- name: Vérification de la distribution, la version et le kernel
assert:
that: ansible_architecture == 'x86_64' and ansible_os_family == 'RedHat' and ansible_system == 'Linux'
ansible.builtin.assert:
that: ansible_architecture == 'x86_64' and ansible_os_family == 'RedHat' and ansible_system == 'Linux'
tags: oscheck
# ---------------------------------------------------
# Ajout du fichier de paramètres : Redhat_x.yml ...
# ---------------------------------------------------
- name: ajout des paramètres spécifique à l'OS
include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
ansible.builtin.include_vars: "{{ ansible_os_family }}_{{ ansible_distribution_major_version }}.yml"
- name: Vérifier les prérequis système
ansible.builtin.assert:
that:
- ansible_memtotal_mb >= 2048
- ansible_processor_vcpus >= 2
msg: "Prérequis non satisfaits : RAM >= 2GB, CPU >= 2"
tags: prerequisites
# ---------------------------------------------------
# configuration des packages necessaires pour Linux
# ---------------------------------------------------
- include: os_configuration.yml
- ansible.builtin.include_tasks: os_configuration.yml
tags: packages
# ---------------------------------------------------
# configuration réseau
# ---------------------------------------------------
- include: network_configuration.yml
- ansible.builtin.include_tasks: network_configuration.yml
tags: network
# ---------------------------------------------------
# ---------------------------------------------------
# configuration Linux : grub
# ---------------------------------------------------
- include: grub_configuration.yml
- ansible.builtin.include_tasks: grub_configuration.yml
tags: grub
# ---------------------------------------------------
# ---------------------------------------------------
# configuration Linux : Sécurisation
# ---------------------------------------------------
- include: secure_configuration.yml
- ansible.builtin.include_tasks: secure_configuration.yml
tags: security
# ---------------------------------------------------
# configuration Linux : Utilisateurs et groupes Oracle
# ---------------------------------------------------
- include: users_configuration.yml
- ansible.builtin.include_tasks: users_configuration.yml
tags: users
# ---------------------------------------------------
# configuration Linux : ajout de packages supplémentaires
# ---------------------------------------------------
- include: rpm_tools.yml
- ansible.builtin.include_tasks: rpm_tools.yml
tags: rpm
# ---------------------------------------------------
# configuration Linux : Création des répertoires Oracle

12
roles/oracle-db-preinstall/tasks/network_configuration.yml
View File

@@ -3,26 +3,26 @@
# configuration réseau
# ---------------------------------------------------
- name: Modification resolv.conf pour ajouter attempts et timeout
lineinfile: dest=/etc/resolv.conf line="{{ item.line }}"
with_items:
ansible.builtin.lineinfile: dest=/etc/resolv.conf line="{{ item.line }}"
loop:
- { line: "options attempts:2" }
- { line: "options timeout:1" }
- name: Desactivation de IP v6 et ZeroConf (Doc ID 1161144.1)
lineinfile: dest=/etc/sysconfig/network line="{{ item.line }}"
with_items:
ansible.builtin.lineinfile: dest=/etc/sysconfig/network line="{{ item.line }}"
loop:
- { line: "NETWORKING_IPV6=no" }
- { line: "IPV6INIT=no" }
- { line: "NOZEROCONF=yes" }
tags: ipv6
- name: desactivation permanente de IP v6
lineinfile:
ansible.builtin.lineinfile:
dest=/etc/sysctl.d/98-disable_ipv6.conf
line="{{ item.line }}"
state=present
create=yes
with_items:
loop:
- { line: "net.ipv6.conf.all.disable_ipv6 = 1" }
- { line: "net.ipv6.conf.default.disable_ipv6 = 1" }
tags: ipv6

47
roles/oracle-db-preinstall/tasks/os_configuration.yml
View File

@@ -2,42 +2,45 @@
# ---------------------------------------------------
# configuration des packages necessaires pour Linux
# ---------------------------------------------------
- name: YUM - installation des packages nécessaires
yum: name={{ linux_packages }} state=latest disable_gpg_check=yes
tags: rpm_packages
- name: Installation des packages nécessaires
ansible.builtin.package:
name: "{{ linux_packages }}"
state: latest
tags: [packages, rpm_packages]
# ---------------------------------------------------
# configuration du serveur Chronyd - Linux >= 7
# ---------------------------------------------------
- name: start chronyd
service: name=chronyd state=started enabled=yes
ansible.builtin.service: name=chronyd state=started enabled=yes
ignore_errors: true
tags: services
# ---------------------------------------------------
# Activation du nscd : Name Service Cache Daemon pour palier aux
# problèmes de perte de DNS
# ---------------------------------------------------
- name: activate nscd
service: name=nscd state=started enabled=yes
ansible.builtin.service: name=nscd state=started enabled=yes
ignore_errors: true
# ---------------------------------------------------
# Activation de rsyslog : non configuré parfois sur Oracle Linux
# ---------------------------------------------------
- name: activate rsyslog
service: name=rsyslog state=started enabled=yes
ansible.builtin.service: name=rsyslog state=started enabled=yes
ignore_errors: true
# ---------------------------------------------------
# configuration Linux : Selinux
# ---------------------------------------------------
- name: Desactiver Selinux (de façon permanente)
selinux: state=disabled
ansible.builtin.selinux: state=disabled
register: selinux
tags: selinux
- name: Disactiver Selinux (runtime)
shell: setenforce 0
ansible.builtin.shell: setenforce 0
ignore_errors: true
tags: selinux
@@ -45,8 +48,8 @@
# configuration Linux : les services
# ---------------------------------------------------
- name: arrêter et désactiver les services inutils
with_items: "{{ linux_services }}"
service: name={{ item }} state=stopped enabled=no
loop: "{{ linux_services }}"
ansible.builtin.service: name={{ item }} state=stopped enabled=no
tags: linuxservices
ignore_errors: true
@@ -56,21 +59,21 @@
# - name: Linux - Ajustement des paramètres du Kernel dans /etc/sysctl.d/oracle_sysctl.conf
# state=present reload=yes ignoreerrors=yes sysctl_set=yes sysctl_file=/etc/sysctl.d/99-oracle-sysctl.conf
- name: Linux - Ajustement des paramètres du Kernel dans /etc/sysctl.d/99-oracle-database-preinstall-19c-sysctl.conf
sysctl:
ansible.builtin.sysctl:
name={{ item.name }} value={{ item.value }}
state=present reload=yes ignoreerrors=yes sysctl_set=yes
sysctl_file=/etc/sysctl.d/99-oracle-database-preinstall-19c-sysctl.conf
with_items: "{{ oracle_sysconfig }}"
loop: "{{ oracle_sysconfig }}"
tags: sysctl.conf
- name: Configuration PAM
lineinfile: dest=/etc/pam.d/login state=present line="session required pam_limits.so"
ansible.builtin.lineinfile: dest=/etc/pam.d/login state=present line="session required pam_limits.so"
tags: pamconfig
# lineinfile: dest=/etc/security/limits.d/oracle_seclimits.conf create=yes state=present line={{ item }}
# ansible.builtin.lineinfile: dest=/etc/security/limits.d/oracle_seclimits.conf create=yes state=present line={{ item }}
- name: Linux - Ajustement des limits pour Oracle dans /etc/security/limits.d/oracle-database-preinstall-19c.conf
lineinfile: dest=/etc/security/limits.d/oracle-database-preinstall-19c.conf create=yes state=present line={{ item }}
with_items: "{{ oracle_seclimits }}"
ansible.builtin.lineinfile: dest=/etc/security/limits.d/oracle-database-preinstall-19c.conf create=yes state=present line={{ item }}
loop: "{{ oracle_seclimits }}"
tags: seclimit
@@ -86,29 +89,29 @@
tags: bash_alias
- name: BASH - ajout de ignore-case pour autocompletion avec TAB
lineinfile: dest=/etc/inputrc line="set completion-ignore-case On" create=yes state=present
ansible.builtin.lineinfile: dest=/etc/inputrc line="set completion-ignore-case On" create=yes state=present
tags: bash_tab
- name: Desactivation de la commande crontab -r
lineinfile: dest=/etc/profile.d/z_crontab_r.sh
ansible.builtin.lineinfile: dest=/etc/profile.d/z_crontab_r.sh
line='crontab () { [[ $@ =~ -[iel]*r ]] && echo "option -r (remove) not allowed" || command crontab "$@" ;}'
state=present
create=yes
tags: bash_cron_r
- name: Journalctl - Limiter la taille disque utilisée à 500M max
lineinfile: dest=/etc/systemd/journald.conf line="SystemMaxUse=500M"
ansible.builtin.lineinfile: dest=/etc/systemd/journald.conf line="SystemMaxUse=500M"
tags: Journalctl
# ---------------------------------------------------
# configuration Linux : Mode panic
# ---------------------------------------------------
- name: Configuratio du mode panic sur perte du /
shell: free_form="tune2fs -e panic `df -P / |tail -1 | awk '{print $1}'`"
ansible.builtin.shell: free_form="tune2fs -e panic `df -P / |tail -1 | awk '{print $1}'`"
tags: mode_panic
- name: Configuration du mode panic sur bug du kernel
sysctl:
ansible.builtin.sysctl:
name=kernel.panic_on_oops value=1 state=present reload=yes ignoreerrors=yes
sysctl_file=/etc/sysctl.d/99-oracle-database-preinstall-19c-sysctl.conf
tags: mode_panic
@@ -117,7 +120,7 @@
# configuration du démarrage en mode 3 par défaut
# ---------------------------------------------------
- name: Configuration du mode 3 comme mode de démarrage par défaut
shell: systemctl set-default multi-user.target
ansible.builtin.shell: systemctl set-default multi-user.target
tags: init3
# ---------------------------------------------------

6
roles/oracle-db-preinstall/tasks/rpm_tools.yml
View File

@@ -5,13 +5,13 @@
# ajout du repository epel si non présent
- name: YUM - installation du paquet oracle-epel-release
yum: name="oracle-epel-release-el{{ ansible_distribution_major_version }}" state=latest disable_gpg_check=yes
ansible.builtin.package: name="oracle-epel-release-el{{ ansible_distribution_major_version }}" state=latest disable_gpg_check=yes
tags: install_epel
# when: ansible_distribution_major_version == '9'
# installation rlwrap depuis le repo epel
- name: YUM - installation de packages supplémentaires
yum:
ansible.builtin.package:
name:
- rlwrap
- htop
@@ -26,6 +26,6 @@
# suppression du repo epel car il n'est plus necessaire
- name: YUM - désinstallation du paquet oracle-epel-release
yum: name="oracle-epel-release-el{{ ansible_distribution_major_version }}" state=absent disable_gpg_check=yes
ansible.builtin.package: name="oracle-epel-release-el{{ ansible_distribution_major_version }}" state=absent disable_gpg_check=yes
tags: install_epel
# when: ansible_distribution_major_version == '9'

8
roles/oracle-db-preinstall/tasks/secure_configuration.yml
View File

@@ -3,14 +3,14 @@
# configuration Linux : Sécurisation
# ---------------------------------------------------
- name: Ajout du soft reboot
lineinfile: dest=/etc/rc.local state=present line='/sbin/ctrlaltdel soft'
ansible.builtin.lineinfile: dest=/etc/rc.local state=present line='/sbin/ctrlaltdel soft'
tags: softreboot
- name: Sécurisation du vidage mémoire
copy: src="00-vidage.conf" dest="/etc/security/limits.d/00-vidage.conf"
ansible.builtin.copy: src="00-vidage.conf" dest="/etc/security/limits.d/00-vidage.conf"
- name: Application des paramètres de configuration sécurisée
sysctl:
ansible.builtin.sysctl:
name={{ item.name }}
value={{ item.value }}
state=present
@@ -20,6 +20,6 @@
sysctl_set=yes
sysctl_file=/etc/sysctl.d/97-secure-configuration.conf
when: secure_configuration
with_items: "{{ linux_secure_config }}"
loop: "{{ linux_secure_config }}"
tags: secure_config

31
roles/oracle-db-preinstall/tasks/users_configuration.yml
View File

@@ -3,8 +3,11 @@
# CRéation des groupes
# ---------------------------------------------------
- name: Création des groupes
group: name={{ item.group }} gid={{ item.gid }} state=present
with_items:
ansible.builtin.group:
name: "{{ item.group }}"
gid: "{{ item.gid }}"
state: present
loop:
- { group: oinstall, gid: 1001}
- { group: dba, gid: 1002 }
- { group: oper, gid: 1003 }
@@ -23,11 +26,17 @@
# Création des utilisateurs : password Oracle123 => full configuration
# ---------------------------------------------------
- name: Création du compte Oracle et grid
user:
name={{ item.username }} group={{ item.primgroup }}
groups={{ item.othergroups }} uid={{ item.uid }}
generate_ssh_key=yes append=yes state=present update_password=on_create password={{ item.passwd }}
with_items:
ansible.builtin.user:
name: "{{ item.username }}"
group: "{{ item.primgroup }}"
groups: "{{ item.othergroups }}"
uid: "{{ item.uid }}"
generate_ssh_key: yes
append: yes
state: present
update_password: on_create
password: "{{ item.passwd }}"
loop:
- { username: oracle, uid: 1001, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,oper", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"}
- { username: grid, uid: 1002, primgroup: oinstall, othergroups: "dba,asmdba,backupdba,dgdba,kmdba,racdba,asmoper,asmadmin", passwd: "$6$0xHoAXXF$K75HKb64Hcb/CEcr3YEj2LGERi/U2moJgsCK.ztGxLsKoaXc4UBiNZPL0hlxB5ng6GL.gyipfQOOXplzcdgvD0"}
ignore_errors: true
@@ -40,8 +49,12 @@
# ---------------------------------------------------
- name: Ajout du compte oracle et grid au sudoers
ignore_errors: true
template: src=sudoers.j2 dest=/etc/sudoers.d/{{ item }} owner=root mode=0600
with_items:
ansible.builtin.template:
src: sudoers.j2
dest: "/etc/sudoers.d/{{ item }}"
owner: root
mode: "0600"
loop:
- oracle
- grid
tags: sudoadd

22
roles/oracle-db-preinstall/vars/main.yml
View File

@@ -1,22 +1,6 @@
---
# pour une installation oracle renseigner ces variables
# pour les scripts d'exploitation et la création des répertoires
oracle_version: "19.0.0"
oracle_base: "/u01/app/oracle"
oracle_home: "{{ oracle_base }}/product/{{oracle_version}}/dbhome_1"
oracle_inventory: "/u01/app/oraInventory"
oracle_sources: "/u01/sources"
oracle_oradata: "/u02/oradata/"
oracle_fra: "/u03/fast_recovery_area/"
# faire une configuration minimal ?
# la configuration complète : fait en plus la création des users, des groupes, des répertoires ...
full_configuration: true
# faire une configuration securisée du system d'exploitation
secure_configuration: false
# Variables communes et spécifiques au rôle
# Les vars par défaut sont dans defaults/main.yml
#----------------------------------------------------------------------
# services Linux à désactiver :
@@ -43,7 +27,7 @@
- yum-updatesd
#---------------------------------------------------------------------
# pramètres de configuation sécurisée :
# paramètres de configuration sécurisée :
#---------------------------------------------------------------------
linux_secure_config:
- { name: fs.suid_dumpable, value: "0"}